From: Stef Walter <stefw@redhat.com>
Date: Fri, 8 Aug 2014 06:47:54 +0000 (+0200)
Subject: trust: Don't use invalid public keys for looking up stapled extensions
X-Git-Tag: 0.21.2~9
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=c62ce78b8ae6961c9d1dda092781b6988488a135;p=p11-kit

trust: Don't use invalid public keys for looking up stapled extensions

https://bugs.freedesktop.org/show_bug.cgi?id=82328
---

diff --git a/trust/builder.c b/trust/builder.c
index f7ea86a..fd7a662 100644
--- a/trust/builder.c
+++ b/trust/builder.c
@@ -125,7 +125,7 @@ lookup_extension (p11_builder *builder,
 		{ CKA_INVALID },
 	};
 
-	if (public_key == NULL)
+	if (public_key == NULL || public_key->type == CKA_INVALID)
 		public_key = p11_attrs_find_valid (cert, CKA_X_PUBLIC_KEY_INFO);
 
 	/* Look for a stapled certificate extension */