diff --git a/nss-3.79-fix-client-cert-crash.patch b/nss-3.79-fix-client-cert-crash.patch
index 5f80fdc..2d752e4 100644
--- a/nss-3.79-fix-client-cert-crash.patch
+++ b/nss-3.79-fix-client-cert-crash.patch
@@ -1,23 +1,23 @@
 diff --git a/lib/ssl/authcert.c b/lib/ssl/authcert.c
 --- a/lib/ssl/authcert.c
 +++ b/lib/ssl/authcert.c
-@@ -212,17 +212,17 @@ NSS_GetClientAuthData(void *arg,
+@@ -201,16 +201,19 @@ NSS_GetClientAuthData(void *arg,
+ 
+     /* otherwise look through the cache based on usage
+      * if chosenNickname is set, we ignore the expiration date */
+     if (certList == NULL) {
+         certList = CERT_FindUserCertsByUsage(CERT_GetDefaultCertDB(),
+                                              certUsageSSLClient,
+                                              PR_FALSE, chosenNickName == NULL,
+                                              pw_arg);
++        if (certList == NULL) {
++            return SECFailure;
++        }
+         /* filter only the certs that meet the nickname requirements */
+         if (chosenNickName) {
+             rv = CERT_FilterCertListByNickname(certList, chosenNickName,
                                                 pw_arg);
          } else {
              int nnames = 0;
              char **names = ssl_DistNamesToStrings(caNames, &nnames);
              rv = CERT_FilterCertListByCANames(certList, nnames, names,
-                                               certUsageSSLClient);
-             ssl_FreeDistNamesStrings(names, nnames);
-         }
--        if ((rv != SECSuccess) || CERT_LIST_EMPTY(certList)) {
-+        if ((rv != SECSuccess) || (certList && CERT_LIST_EMPTY(certList))) {
-             CERT_DestroyCertList(certList);
-             certList = NULL;
-         }
-     }
-     if (certList == NULL) {
-         /* no user certs meeting the nickname/usage requirements found */
-         return SECFailure;
-     }
-
diff --git a/nss.spec b/nss.spec
index c36e8c2..96926df 100644
--- a/nss.spec
+++ b/nss.spec
@@ -1,6 +1,6 @@
 %global nss_version 3.79.0
 %global nspr_version 4.34.0
-%global baserelease 6
+%global baserelease 7
 %global nss_release %baserelease
 # NOTE: To avoid NVR clashes of nspr* packages:
 # use "%%global nspr_release %%[%%baserelease+n]" to handle offsets when
@@ -1149,6 +1149,9 @@ update-crypto-policies &> /dev/null || :
 
 
 %changelog
+* Thu Jul 7 2022 Bob Relyea <rrelyea@redhat.com> - 3.79.0-7
+- more complete fix for cert auth regression crash
+
 * Wed Jun 22 2022 Bob Relyea <rrelyea@redhat.com> - 3.79.0-6
 - Remove debugging printf from a patch
 - increase the pbe cache size to handle reusing the same token key.