trust: Don't use invalid public keys for looking up stapled extensions

https://bugs.freedesktop.org/show_bug.cgi?id=82328

diff --git a/trust/builder.c b/trust/builder.c
index f7ea86acc2386778439bed0b1db08f0f7a68604a..fd7a66228a96df2f2af15dd14804efb5580120e8 100644 (file)
--- a/trust/builder.c
+++ b/trust/builder.c
@@ -125,7 +125,7 @@ lookup_extension (p11_builder *builder,
                { CKA_INVALID },
        };
 
-       if (public_key == NULL)
+       if (public_key == NULL || public_key->type == CKA_INVALID)
                public_key = p11_attrs_find_valid (cert, CKA_X_PUBLIC_KEY_INFO);
 
        /* Look for a stapled certificate extension */