diff --git a/CHANGES b/CHANGES
index b29cb8e09cf6648c12aebcb95c938d927ddc522e..799ff10b388f80d517ee28cd603bd7770387beed 100644
--- a/CHANGES
+++ b/CHANGES
@@ -5,6 +5,12 @@
 
  Changes between 0.9.3a and 0.9.4
 
+  *) Fix demos/sign/sign.c: well there wasn't anything strictly speaking
+     wrong with it but it was very old and did things like calling
+     PEM_ASN1_read() directly and used MD5 for the hash not to mention some
+     unusual formatting.
+     [Steve Henson]
+
   *) Fix demos/selfsign.c: it used obsolete and deleted functions, changed
      to use the new extension code.
      [Steve Henson]
diff --git a/demos/sign/sign.c b/demos/sign/sign.c
index 64e72e7194878ba7c260af69e7f18f4a008a3818..0fdf0de387d47a129a9f6753e4e32422ce2109f1 100644
--- a/demos/sign/sign.c
+++ b/demos/sign/sign.c
@@ -61,6 +61,10 @@
 
 /* converted to C - eay :-) */
 
+/* reformated a bit and converted to use the more common functions: this was
+ * initially written at the dawn of time :-) - Steve.
+ */
+
 #include <stdio.h>
 #include <openssl/rsa.h>
 #include <openssl/evp.h>
@@ -90,49 +94,60 @@ int main ()
   
   /* Read private key */
   
-  fp = fopen (keyfile, "r");   if (fp == NULL) exit (1);
-  pkey = (EVP_PKEY*)PEM_ASN1_read ((char *(*)())d2i_PrivateKey,
-				   PEM_STRING_EVP_PKEY,
-				   fp,
-				   NULL, NULL);
-  if (pkey == NULL) {  ERR_print_errors_fp (stderr);    exit (1);  }
+  fp = fopen (keyfile, "r");
+  if (fp == NULL) exit (1);
+  pkey = PEM_read_PrivateKey(fp, NULL, NULL);
   fclose (fp);
+
+  if (pkey == NULL) { 
+	ERR_print_errors_fp (stderr);
+	exit (1);
+  }
   
   /* Do the signature */
   
-  EVP_SignInit   (&md_ctx, EVP_md5());
+  EVP_SignInit   (&md_ctx, EVP_sha1());
   EVP_SignUpdate (&md_ctx, data, strlen(data));
   sig_len = sizeof(sig_buf);
-  err = EVP_SignFinal (&md_ctx,
-		       sig_buf, 
-		       &sig_len,
-		       pkey);
-  if (err != 1) {  ERR_print_errors_fp (stderr);    exit (1);  }
+  err = EVP_SignFinal (&md_ctx, sig_buf, &sig_len, pkey);
+
+  if (err != 1) {
+	ERR_print_errors_fp(stderr);
+	exit (1);
+  }
+
   EVP_PKEY_free (pkey);
   
   /* Read public key */
   
-  fp = fopen (certfile, "r");   if (fp == NULL) exit (1);
-  x509 = (X509 *)PEM_ASN1_read ((char *(*)())d2i_X509,
-				   PEM_STRING_X509,
-				   fp, NULL, NULL);
-  if (x509 == NULL) {  ERR_print_errors_fp (stderr);    exit (1);  }
+  fp = fopen (certfile, "r");
+  if (fp == NULL) exit (1);
+  x509 = PEM_read_X509(fp, NULL, NULL);
   fclose (fp);
+
+  if (x509 == NULL) {
+	ERR_print_errors_fp (stderr);
+	exit (1);
+  }
   
   /* Get public key - eay */
-  pkey=X509_extract_key(x509);
-  if (pkey == NULL) {  ERR_print_errors_fp (stderr);    exit (1);  }
+  pkey=X509_get_pubkey(x509);
+  if (pkey == NULL) {
+	ERR_print_errors_fp (stderr);
+	exit (1);
+  }
 
   /* Verify the signature */
   
-  EVP_VerifyInit   (&md_ctx, EVP_md5());
+  EVP_VerifyInit   (&md_ctx, EVP_sha1());
   EVP_VerifyUpdate (&md_ctx, data, strlen((char*)data));
-  err = EVP_VerifyFinal (&md_ctx,
-			 sig_buf,
-			 sig_len,
-			 pkey);
-  if (err != 1) {  ERR_print_errors_fp (stderr);    exit (1);  }
+  err = EVP_VerifyFinal (&md_ctx, sig_buf, sig_len, pkey);
   EVP_PKEY_free (pkey);
+
+  if (err != 1) {
+	ERR_print_errors_fp (stderr);
+	exit (1);
+  }
   printf ("Signature Verified Ok.\n");
   return(0);
 }