Index: ext/openssl/ossl_ocsp.c
===================================================================
--- ext/openssl/ossl_ocsp.c	(revision 51923)
+++ ext/openssl/ossl_ocsp.c	(working copy)
@@ -314,9 +314,10 @@
 
 /*
  * call-seq:
- *   request.sign(signer_cert, signer_key)                      -> self
- *   request.sign(signer_cert, signer_key, certificates)        -> self
- *   request.sign(signer_cert, signer_key, certificates, flags) -> self
+ *   request.sign(signer_cert, signer_key)                               -> self
+ *   request.sign(signer_cert, signer_key, certificates)                 -> self
+ *   request.sign(signer_cert, signer_key, certificates, flags)          -> self
+ *   request.sign(signer_cert, signer_key, certificates, flags, md_type) -> self
  *
  * Signs this OCSP request using +signer_cert+ and +signer_key+.
  * +certificates+ is an optional Array of certificates that may be included in
@@ -326,15 +327,16 @@
 static VALUE
 ossl_ocspreq_sign(int argc, VALUE *argv, VALUE self)
 {
-    VALUE signer_cert, signer_key, certs, flags;
+    VALUE signer_cert, signer_key, certs, flags, md_type;
     OCSP_REQUEST *req;
     X509 *signer;
     EVP_PKEY *key;
     STACK_OF(X509) *x509s;
     unsigned long flg;
+    const EVP_MD *md;
     int ret;
 
-    rb_scan_args(argc, argv, "22", &signer_cert, &signer_key, &certs, &flags);
+    rb_scan_args(argc, argv, "23", &signer_cert, &signer_key, &certs, &flags, &md_type);
     signer = GetX509CertPtr(signer_cert);
     key = GetPrivPKeyPtr(signer_key);
     flg = NIL_P(flags) ? 0 : NUM2INT(flags);
@@ -343,8 +345,11 @@
 	flags |= OCSP_NOCERTS;
     }
     else x509s = ossl_x509_ary2sk(certs);
+    if(NIL_P(md_type)) md = EVP_sha1();
+    else md = GetDigestPtr(md_type);
+    
     GetOCSPReq(self, req);
-    ret = OCSP_request_sign(req, signer, key, EVP_sha1(), x509s, flg);
+    ret = OCSP_request_sign(req, signer, key, md, x509s, flg);
     sk_X509_pop_free(x509s, X509_free);
     if(!ret) ossl_raise(eOCSPError, NULL);
 
@@ -791,6 +796,7 @@
  *   basic_response.sign(signer_cert, signer_key) -> self
  *   basic_response.sign(signer_cert, signer_key, certificates) -> self
  *   basic_response.sign(signer_cert, signer_key, certificates, flags) -> self
+ *   basic_response.sign(signer_cert, signer_key, certificates, flags, md_type) -> self
  *
  * Signs this response using the +signer_cert+ and +signer_key+.  Additional
  * +certificates+ may be added to the signature along with a set of +flags+.
@@ -799,15 +805,16 @@
 static VALUE
 ossl_ocspbres_sign(int argc, VALUE *argv, VALUE self)
 {
-    VALUE signer_cert, signer_key, certs, flags;
+    VALUE signer_cert, signer_key, certs, flags, md_type;
     OCSP_BASICRESP *bs;
     X509 *signer;
     EVP_PKEY *key;
     STACK_OF(X509) *x509s;
     unsigned long flg;
+    const EVP_MD *md;
     int ret;
 
-    rb_scan_args(argc, argv, "22", &signer_cert, &signer_key, &certs, &flags);
+    rb_scan_args(argc, argv, "23", &signer_cert, &signer_key, &certs, &flags, &md_type);
     signer = GetX509CertPtr(signer_cert);
     key = GetPrivPKeyPtr(signer_key);
     flg = NIL_P(flags) ? 0 : NUM2INT(flags);
@@ -818,8 +825,10 @@
     else{
 	x509s = ossl_x509_ary2sk(certs);
     }
+    if(NIL_P(md_type)) md = EVP_sha1();
+    else md = GetDigestPtr(md_type);
     GetOCSPBasicRes(self, bs);
-    ret = OCSP_basic_sign(bs, signer, key, EVP_sha1(), x509s, flg);
+    ret = OCSP_basic_sign(bs, signer, key, md, x509s, flg);
     sk_X509_pop_free(x509s, X509_free);
     if(!ret) ossl_raise(eOCSPError, NULL);
 
Index: test/openssl/test_ocsp.rb
===================================================================
--- test/openssl/test_ocsp.rb	(revision 51923)
+++ test/openssl/test_ocsp.rb	(working copy)
@@ -5,7 +5,7 @@
 class OpenSSL::TestOCSP < Test::Unit::TestCase
   def setup
     ca_subj = OpenSSL::X509::Name.parse("/DC=org/DC=ruby-lang/CN=TestCA")
-    ca_key = OpenSSL::TestUtils::TEST_KEY_RSA1024
+    @ca_key = OpenSSL::TestUtils::TEST_KEY_RSA1024
     ca_serial = 0xabcabcabcabc
 
     subj = OpenSSL::X509::Name.parse("/DC=org/DC=ruby-lang/CN=TestCert")
@@ -16,7 +16,7 @@
     dgst = OpenSSL::Digest::SHA1.new
 
     @ca_cert = OpenSSL::TestUtils.issue_cert(
-       ca_subj, ca_key, ca_serial, now, now+3600, [], nil, nil, dgst)
+       ca_subj, @ca_key, ca_serial, now, now+3600, [], nil, nil, dgst)
     @cert = OpenSSL::TestUtils.issue_cert(
        subj, @key, serial, now, now+3600, [], @ca_cert, nil, dgst)
   end
@@ -42,6 +42,28 @@
     # in current implementation not same instance of certificate id, but should contain same data
     assert_equal cid.serial, request.certid.first.serial
   end
+
+  def test_new_ocsp_request_with_digest
+    request = OpenSSL::OCSP::Request.new
+    cid = OpenSSL::OCSP::CertificateId.new(@cert, @ca_cert, OpenSSL::Digest::SHA1.new)
+    request.add_certid(cid)
+    request.sign(@cert, @key, [@cert], nil, OpenSSL::Digest::SHA256.new)
+    assert_kind_of OpenSSL::OCSP::Request, request
+    # in current implementation not same instance of certificate id, but should contain same data
+    assert_equal cid.serial, request.certid.first.serial
+  end
+
+  def test_basic_response_sign
+    basic_response = OpenSSL::OCSP::BasicResponse.new
+    basic_response.sign(@ca_cert, @ca_key)
+    assert_kind_of OpenSSL::OCSP::BasicResponse, basic_response
+  end
+
+  def test_basic_response_sign_with_digest
+    basic_response = OpenSSL::OCSP::BasicResponse.new
+    basic_response.sign(@ca_cert, @ca_key, nil, nil, OpenSSL::Digest::SHA256.new)
+    assert_kind_of OpenSSL::OCSP::BasicResponse, basic_response
+  end
 end
 
 end