diff --git a/src/ssl.c b/src/ssl.c
index 0fda7460b..5f68655a1 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -7877,7 +7877,7 @@ WOLFSSL_EVP_PKEY* wolfSSL_d2i_PUBKEY(WOLFSSL_EVP_PKEY** out,
     #endif /* !HAVE_FIPS || HAVE_FIPS_VERSION > 2 */
     #endif /* !NO_DH && (WOLFSSL_QT || OPENSSL_ALL) */
 
-    #if !defined(NO_DH) && defined(OPENSSL_EXTRA)
+    #if !defined(NO_DH) && defined(OPENSSL_EXTRA) && defined(WOLFSSL_DH_EXTRA)
     #if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && \
             (HAVE_FIPS_VERSION > 2))
     {
@@ -7935,7 +7935,7 @@ WOLFSSL_EVP_PKEY* wolfSSL_d2i_PUBKEY(WOLFSSL_EVP_PKEY** out,
         }
     }
     #endif /* !HAVE_FIPS || HAVE_FIPS_VERSION > 2 */
-    #endif /* !NO_DH &&  OPENSSL_EXTRA */
+    #endif /* !NO_DH &&  OPENSSL_EXTRA && WOLFSSL_DH_EXTRA */
 
     if (pkey == NULL) {
         WOLFSSL_MSG("wolfSSL_d2i_PUBKEY couldn't determine key type");
diff --git a/tests/api.c b/tests/api.c
index f0a29a4ee..5e4a12f91 100644
--- a/tests/api.c
+++ b/tests/api.c
@@ -2439,8 +2439,8 @@ static void test_wolfSSL_EVP_PKEY_print_public(void)
 
     BIO_gets(wbio, line, sizeof(line));
     res = XSTRNCMP( line,
-           "       bc:73:0e:a8:49:f3:74:a2:a9:ef:18:a5:da:55:99:\n",
-    sizeof("       bc:73:0e:a8:49:f3:74:a2:a9:ef:18:a5:da:55:99:\n"));
+           "       00:bc:73:0e:a8:49:f3:74:a2:a9:ef:18:a5:da:55:\n",
+    sizeof("       00:bc:73:0e:a8:49:f3:74:a2:a9:ef:18:a5:da:55:\n"));
     AssertIntEQ(res,0);
 
     /* skip to the end of modulus element*/
@@ -32207,7 +32207,7 @@ static void test_wolfSSL_d2i_PUBKEY(void)
 #endif
 
 #if defined(USE_CERT_BUFFERS_2048) && !defined(NO_DH) && \
-defined(OPENSSL_EXTRA) && !defined(WOLFSSL_DH_EXTRA)
+defined(OPENSSL_EXTRA) && defined(WOLFSSL_DH_EXTRA)
 #if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && \
             (HAVE_FIPS_VERSION > 2))
     /* DH PUBKEY test */
@@ -40836,6 +40836,7 @@ void ApiTest(void)
     test_wolfSSL_EVP_MD_hmac_signing();
     test_wolfSSL_EVP_MD_rsa_signing();
     test_wolfSSL_EVP_MD_ecc_signing();
+    test_wolfSSL_EVP_PKEY_print_public();
     test_wolfSSL_CTX_add_extra_chain_cert();
 #if !defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER)
     test_wolfSSL_ERR_peek_last_error_line();
@@ -41066,7 +41067,6 @@ void ApiTest(void)
     test_EVP_PKEY_rsa();
     test_wolfSSL_EVP_PKEY_encrypt();
     test_wolfSSL_EVP_PKEY_sign();
-    test_wolfSSL_EVP_PKEY_print_public();
     test_EVP_PKEY_ec();
     test_EVP_PKEY_cmp();
     /* OpenSSL error API tests */
diff --git a/wolfcrypt/src/evp.c b/wolfcrypt/src/evp.c
index b8a0b6344..baa92d1ad 100644
--- a/wolfcrypt/src/evp.c
+++ b/wolfcrypt/src/evp.c
@@ -6935,21 +6935,84 @@ static int DumpElement(WOLFSSL_BIO* out, const byte* input,
 static int PrintPubKeyRSA(WOLFSSL_BIO* out, const byte* pkey, int pkeySz,
     int indent, int bitlen, ASN1_PCTX* pctx)
 {
-    int res;
     byte buff[128] = { 0 };
 
     word32 inOutIdx = 0;
+    int length = 0;
     word32 nSz = 0;         /* size of modulus */
     word32 eSz = 0;         /* size of public exponent */
     byte*  n   = NULL;
     byte*  e   = NULL;       /* pointer to modulus/exponent */
-
+    word32 localIdx;
+    word32 oid;
+    byte   tag;
     (void)pctx;
 
-    if ((res = wc_RsaPublicKeyDecode_ex(pkey, &inOutIdx, pkeySz,
-            (const byte**)&n, &nSz, (const byte**)&e, &eSz)) != 0) {
+    if (GetSequence(pkey, &inOutIdx, &length, pkeySz) < 0)
         return WOLFSSL_FAILURE;
+
+    localIdx = inOutIdx;
+    if (GetASNTag(pkey, &localIdx, &tag, pkeySz) < 0)
+        return WOLFSSL_FAILURE;
+
+    if (tag != ASN_INTEGER) {
+        /* not from decoded cert, will have algo id, skip past */
+        if (GetSequence(pkey, &inOutIdx, &length, pkeySz) < 0)
+            return WOLFSSL_FAILURE;
+
+        if (GetObjectId(pkey, &inOutIdx, &oid, oidIgnoreType, pkeySz) != 0)
+            return WOLFSSL_FAILURE;
+
+        /* Option NULL ASN.1 tag */
+        if (inOutIdx  >= (word32)pkeySz)
+            return WOLFSSL_FAILURE;
+
+        localIdx = inOutIdx;
+        if (GetASNTag(pkey, &inOutIdx, &tag, pkeySz) < 0)
+            return WOLFSSL_FAILURE;
+
+        if (tag != ASN_TAG_NULL)
+            return WOLFSSL_FAILURE;
+
+        inOutIdx ++;
+
+        /* should have bit tag length and seq next */
+        if( CheckBitString(pkey, &inOutIdx, NULL, pkeySz, 1, NULL) != 0)
+            return WOLFSSL_FAILURE;
+
+        if (GetSequence(pkey, &inOutIdx, &length, pkeySz) < 0)
+            return WOLFSSL_FAILURE;
     }
+    /* Get modulus */
+    if (GetASNTag(pkey, &inOutIdx, &tag, pkeySz ) < 0)
+        return WOLFSSL_FAILURE;
+
+    if (tag != ASN_INTEGER)
+        return WOLFSSL_FAILURE;
+
+    if (GetLength(pkey, &inOutIdx, &length, pkeySz) < 0)
+        return WOLFSSL_FAILURE;
+
+    nSz = length;
+    n   = (byte*)(&pkey[inOutIdx]);
+    inOutIdx += length;
+
+    /* Get exponent */
+
+    if (GetASNTag(pkey, &inOutIdx, &tag, pkeySz) < 0)
+        return WOLFSSL_FAILURE;
+
+    if (tag != ASN_INTEGER)
+        return WOLFSSL_FAILURE;
+
+    if (GetLength(pkey, &inOutIdx, &length, pkeySz) < 0)
+        return WOLFSSL_FAILURE;
+
+    eSz = length;
+    e   = (byte*)(&pkey[inOutIdx]);
+
+    /* print out public key elements */
+
     int idx = 0;
     int wsz = 0;