2 files changed, 6 insertions, 2 deletions

diff --git a/lib/private/App/InfoParser.php b/lib/private/App/InfoParser.php
index 734f5c2c6af..e975ad6f096 100644
--- a/lib/private/App/InfoParser.php
+++ b/lib/private/App/InfoParser.php
@@ -156,7 +156,7 @@ class InfoParser {
 			$totalElement = count($xml->{$element});
 
 			if (!isset($array[$element])) {
-				$array[$element] = "";
+				$array[$element] = $totalElement > 1 ? [] : "";
 			}
 			/** @var \SimpleXMLElement $node */
 			// Has attributes
diff --git a/lib/private/IntegrityCheck/Checker.php b/lib/private/IntegrityCheck/Checker.php
index e6eeaec7349..1db20772b4e 100644
--- a/lib/private/IntegrityCheck/Checker.php
+++ b/lib/private/IntegrityCheck/Checker.php
@@ -249,6 +249,8 @@ class Checker {
 
 		$privateKey->setSignatureMode(RSA::SIGNATURE_PSS);
 		$privateKey->setMGFHash('sha512');
+		// See https://tools.ietf.org/html/rfc3447#page-38
+		$privateKey->setSaltLength(0);
 		$signature = $privateKey->sign(json_encode($hashes));
 
 		return [
@@ -343,7 +345,7 @@ class Checker {
 		// Verify if certificate has proper CN. "core" CN is always trusted.
 		if($x509->getDN(X509::DN_OPENSSL)['CN'] !== $certificateCN && $x509->getDN(X509::DN_OPENSSL)['CN'] !== 'core') {
 			throw new InvalidSignatureException(
-					sprintf('Certificate is not valid for required scope. (Requested: %s, current: %s)', $certificateCN, $x509->getDN(true))
+					sprintf('Certificate is not valid for required scope. (Requested: %s, current: CN=%s)', $certificateCN, $x509->getDN(true)['CN'])
 			);
 		}
 
@@ -352,6 +354,8 @@ class Checker {
 		$rsa->loadKey($x509->currentCert['tbsCertificate']['subjectPublicKeyInfo']['subjectPublicKey']);
 		$rsa->setSignatureMode(RSA::SIGNATURE_PSS);
 		$rsa->setMGFHash('sha512');
+		// See https://tools.ietf.org/html/rfc3447#page-38
+		$rsa->setSaltLength(0);
 		if(!$rsa->verify(json_encode($expectedHashes), $signature)) {
 			throw new InvalidSignatureException('Signature could not get verified.');
 		}