p11-kit/trust-Dont-use-invalid-public-keys-for-looking-up-.patch

From 244e885d3e9aae7f7b286f1115a220eb16fa0530 Mon Sep 17 00:00:00 2001
From: Stef Walter <stefw@redhat.com>
Date: Fri, 8 Aug 2014 08:47:54 +0200
Subject: [PATCH] trust: Don't use invalid public keys for looking up stapled
 extensions

https://bugs.freedesktop.org/show_bug.cgi?id=82328
---
 trust/builder.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/trust/builder.c b/trust/builder.c
index f7ea86a..fd7a662 100644
--- a/trust/builder.c
+++ b/trust/builder.c
@@ -125,7 +125,7 @@ lookup_extension (p11_builder *builder,
 		{ CKA_INVALID },
 	};
 
-	if (public_key == NULL)
+	if (public_key == NULL || public_key->type == CKA_INVALID)
 		public_key = p11_attrs_find_valid (cert, CKA_X_PUBLIC_KEY_INFO);
 
 	/* Look for a stapled certificate extension */
-- 
1.9.3