diff --git a/src/pkcs11/openssl.c b/src/pkcs11/openssl.c
index 7dc9e4ab..1fc0fb7f 100644
--- a/src/pkcs11/openssl.c
+++ b/src/pkcs11/openssl.c
@@ -306,6 +306,15 @@ CK_RV sc_pkcs11_verify_data(unsigned char *pubkey, int pubkey_len,
 
 		if (rsa_outlen == data_len && memcmp(rsa_out, data, data_len) == 0)
 			rv = CKR_OK;
+		/* Because the pkcs11 sign functions take input lengths 16 and 20
+		 * in combination with RSA_PKCS1_PADDING as a MD5 resp. SHA-1 hash
+		 * function to which a digestInfo must be added (should be necessary
+		 * for Netscape/Mozilla?), we add this test here as well.
+		 */
+		else if (data_len == 16 && rsa_outlen == 34 && memcmp(rsa_out + 18, data, 16) == 0)
+			rv = CKR_OK;
+		else if (data_len = 20 && rsa_outlen == 35 && memcmp(rsa_out + 15, data, 20) == 0)
+			rv = CKR_OK;
 		else
 			rv = CKR_SIGNATURE_INVALID;