diff --git a/0001-certificate-ignore-certificates-without-CKA_ID.patch b/0001-certificate-ignore-certificates-without-CKA_ID.patch
new file mode 100644
index 0000000..d42120b
--- /dev/null
+++ b/0001-certificate-ignore-certificates-without-CKA_ID.patch
@@ -0,0 +1,46 @@
+From 8d81cf6b460c0443c64605fe9ab0137c12c1ccba Mon Sep 17 00:00:00 2001
+From: Alon Bar-Lev <alon.barlev@gmail.com>
+Date: Mon, 30 Dec 2013 20:17:13 +0200
+Subject: [PATCH] certificate: ignore certificates without CKA_ID
+
+we won't be able to retrieve them anyway.
+
+Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
+---
+ ChangeLog                 |  1 +
+ lib/pkcs11h-certificate.c | 19 ++++++++++++++++++-
+ 2 files changed, 19 insertions(+), 1 deletion(-)
+
+diff --git a/lib/pkcs11h-certificate.c b/lib/pkcs11h-certificate.c
+index 086e22d..6eb95e2 100644
+--- a/lib/pkcs11h-certificate.c
++++ b/lib/pkcs11h-certificate.c
+@@ -2383,7 +2383,24 @@ _pkcs11h_certificate_enumSessionCertificates (
+ 					objects[i],
+ 					attrs,
+ 					sizeof (attrs) / sizeof (CK_ATTRIBUTE)
+-				)) != CKR_OK ||
++				)) != CKR_OK
++			) {
++				goto retry1;
++			}
++
++			/*
++			 * skip objects without CKA_ID as we
++			 * won't be able to retrieve them.
++			 */
++			if (
++				attrs[0].pValue == NULL ||
++				attrs[0].ulValueLen == 0
++			) {
++				rv = CKR_OK;
++				goto retry1;
++			}
++
++			if (
+ 				(rv = _pkcs11h_certificate_newCertificateId (&certificate_id)) != CKR_OK ||
+ 				(rv = pkcs11h_token_duplicateTokenId (
+ 					&certificate_id->token_id,
+-- 
+2.1.0
+
diff --git a/pkcs11-helper.spec b/pkcs11-helper.spec
index 84dcfe0..a1910dc 100644
--- a/pkcs11-helper.spec
+++ b/pkcs11-helper.spec
@@ -1,12 +1,13 @@
 Name:           pkcs11-helper
 Version:        1.11
-Release:        3%{?dist}
+Release:        4%{?dist}
 Summary:        A library for using PKCS#11 providers
 
 Group:          System Environment/Libraries
 License:        GPLv2 or BSD
 URL:            http://www.opensc-project.org/opensc/wiki/pkcs11-helper
 Source0:        http://downloads.sourceforge.net/opensc/pkcs11-helper-%{version}.tar.bz2
+Patch1:         0001-certificate-ignore-certificates-without-CKA_ID.patch
 
 BuildRequires:  doxygen graphviz
 BuildRequires:  openssl-devel
@@ -35,7 +36,7 @@ programs using the pkcs11-helper library.
 
 %prep
 %setup -q
-
+%patch1 -p1
 
 %build
 %configure --disable-static --enable-doc
@@ -74,6 +75,9 @@ rm -f $RPM_BUILD_ROOT%{_libdir}/*.la
 
 
 %changelog
+* Tue Dec 09 2014 David Woodhouse <David.Woodhouse@intel.com> - 1.11-4
+- Apply upstream fix for bug #1172237 (ignore objects without CKA_ID)
+
 * Sun Aug 17 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.11-3
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild