2 files changed, 16 insertions, 1 deletions

diff --git a/base/util/src/netscape/security/pkcs/PKCS10.java b/base/util/src/netscape/security/pkcs/PKCS10.java
index 2d1c8eadb..4dd9f0f52 100644
--- a/base/util/src/netscape/security/pkcs/PKCS10.java
+++ b/base/util/src/netscape/security/pkcs/PKCS10.java
@@ -156,6 +156,10 @@ public class PKCS10 {
         byte val1[] = seq[0].data.getDerValue().toByteArray();
         subjectPublicKeyInfo = X509Key.parse(new DerValue(val1));
         PublicKey publicKey = X509Key.parsePublicKey(new DerValue(val1));
+        if (publicKey == null) {
+            System.out.println("PKCS10: publicKey null");
+            throw new SignatureException ("publicKey null");
+        }
 
         // Cope with a somewhat common illegal PKCS #10 format
         if (seq[0].data.available() != 0)
@@ -191,10 +195,13 @@ public class PKCS10 {
 
                 sig.initVerify(publicKey);
                 sig.update(data);
-                if (!sig.verify(sigData))
+                if (!sig.verify(sigData)) {
+                System.out.println("PKCS10: sig.verify() failed");
                     throw new SignatureException("Invalid PKCS #10 signature");
+                }
             }
         } catch (InvalidKeyException e) {
+            System.out.println("PKCS10: "+ e.toString());
             throw new SignatureException("invalid key");
         }
     }
diff --git a/base/util/src/netscape/security/x509/X509CRLImpl.java b/base/util/src/netscape/security/x509/X509CRLImpl.java
index 46c3edfcf..843cba8e2 100755
--- a/base/util/src/netscape/security/x509/X509CRLImpl.java
+++ b/base/util/src/netscape/security/x509/X509CRLImpl.java
@@ -413,6 +413,14 @@ public class X509CRLImpl extends X509CRL {
                 sigAlg = "SHA1/RSA";
             } else if (sigAlg.equals("SHA1withDSA")) {
                 sigAlg = "SHA1/DSA";
+            } else if (sigAlg.equals("SHA1withEC")) {
+                sigAlg = "SHA1/EC";
+            } else if (sigAlg.equals("SHA256withEC")) {
+                sigAlg = "SHA256/EC";
+            } else if (sigAlg.equals("SHA384withEC")) {
+                sigAlg = "SHA384/EC";
+            } else if (sigAlg.equals("SHA512withEC")) {
+                sigAlg = "SHA512/EC";
             }
         }
         sigVerf = Signature.getInstance(sigAlg, sigProvider);