diff -ru openssl-0.9.8e/apps/ca.c openssl-0.9.8e-req/apps/ca.c
--- openssl-0.9.8e/apps/ca.c	2008-05-23 11:34:57.000000000 +0200
+++ openssl-0.9.8e-req/apps/ca.c	2008-05-23 12:22:30.000000000 +0200
@@ -187,6 +187,7 @@
 #endif
 " -status serial  - Shows certificate status given the serial number\n",
 " -updatedb       - Updates db for expired certificates\n",
+" -nocheck        - Do not check the signature of the CSR\n",
 NULL
 };
 
@@ -202,7 +203,7 @@
 		   BIGNUM *serial, char *subj,unsigned long chtype, int multirdn, int email_dn, char *startdate,
 		   char *enddate, long days, int batch, char *ext_sect, CONF *conf,
 		   int verbose, unsigned long certopt, unsigned long nameopt,
-		   int default_op, int ext_copy, int selfsign);
+		   int default_op, int ext_copy, int selfsign, int nochecksig);
 static int certify_cert(X509 **xret, char *infile,EVP_PKEY *pkey,X509 *x509,
 			const EVP_MD *dgst,STACK_OF(CONF_VALUE) *policy,
 			CA_DB *db, BIGNUM *serial, char *subj,unsigned long chtype, int multirdn, int email_dn,
@@ -292,6 +293,7 @@
 	long days=0;
 	int batch=0;
 	int notext=0;
+	int nochecksig=0;
 	unsigned long nameopt = 0, certopt = 0;
 	int default_op = 1;
 	int ext_copy = EXT_COPY_NONE;
@@ -530,6 +532,11 @@
 			rev_arg = *(++argv);
 			rev_type = REV_CA_COMPROMISE;
 			}
+		else if (strcmp(*argv,"-nocheck") == 0)
+			{
+			  nochecksig=1;
+			}
+
 #ifndef OPENSSL_NO_ENGINE
 		else if (strcmp(*argv,"-engine") == 0)
 			{
@@ -1204,7 +1211,7 @@
 			j=certify(&x,infile,pkey,x509p,dgst,attribs,db,
 				serial,subj,chtype,multirdn,email_dn,startdate,enddate,days,batch,
 				extensions,conf,verbose, certopt, nameopt,
-				default_op, ext_copy, selfsign);
+				  default_op, ext_copy, selfsign, nochecksig);
 			if (j < 0) goto err;
 			if (j > 0)
 				{
@@ -1224,7 +1231,7 @@
 			j=certify(&x,argv[i],pkey,x509p,dgst,attribs,db,
 				serial,subj,chtype,multirdn,email_dn,startdate,enddate,days,batch,
 				extensions,conf,verbose, certopt, nameopt,
-				default_op, ext_copy, selfsign);
+				  default_op, ext_copy, selfsign, nochecksig);
 			if (j < 0) goto err;
 			if (j > 0)
 				{
@@ -1537,7 +1544,7 @@
 	     BIGNUM *serial, char *subj,unsigned long chtype, int multirdn, int email_dn, char *startdate, char *enddate,
 	     long days, int batch, char *ext_sect, CONF *lconf, int verbose,
 	     unsigned long certopt, unsigned long nameopt, int default_op,
-	     int ext_copy, int selfsign)
+		   int ext_copy, int selfsign, int nochecksig)
 	{
 	X509_REQ *req=NULL;
 	BIO *in=NULL;
@@ -1573,22 +1580,26 @@
 		BIO_printf(bio_err,"error unpacking public key\n");
 		goto err;
 		}
-	i=X509_REQ_verify(req,pktmp);
-	EVP_PKEY_free(pktmp);
-	if (i < 0)
-		{
-		ok=0;
-		BIO_printf(bio_err,"Signature verification problems....\n");
-		goto err;
-		}
-	if (i == 0)
-		{
-		ok=0;
-		BIO_printf(bio_err,"Signature did not match the certificate request\n");
-		goto err;
-		}
-	else
-		BIO_printf(bio_err,"Signature ok\n");
+	if(nochecksig==1)
+	  BIO_printf(bio_err,"Do not check the signature\n");
+	else{
+	  i=X509_REQ_verify(req,pktmp);
+	  EVP_PKEY_free(pktmp);
+	  if (i < 0)
+	    {
+	      ok=0;
+	      BIO_printf(bio_err,"Signature verification problems....\n");
+	      goto err;
+	    }
+	  if (i == 0)
+	    {
+	      ok=0;
+	      BIO_printf(bio_err,"Signature did not match the certificate request\n");
+	      goto err;
+	    }
+	  else
+	    BIO_printf(bio_err,"Signature ok\n");
+	}
 
 	ok=do_body(xret,pkey,x509,dgst,policy,db,serial,subj,chtype,multirdn, email_dn,
 		startdate,enddate,days,batch,verbose,req,ext_sect,lconf,