diff --git a/SOURCES/p11-kit-0.25.5-trust-file-length.patch b/SOURCES/p11-kit-0.25.5-trust-file-length.patch
new file mode 100644
index 0000000..d84f858
--- /dev/null
+++ b/SOURCES/p11-kit-0.25.5-trust-file-length.patch
@@ -0,0 +1,73 @@
+From a8b94642dbe6d52aa7a7805fbb60b64c4cfd7245 Mon Sep 17 00:00:00 2001
+From: Zoltan Fridrich <zfridric@redhat.com>
+Date: Thu, 3 Oct 2024 11:34:14 +0200
+Subject: [PATCH] trust: don't create file names longer then 255
+
+Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
+---
+ trust/save.c | 19 ++++++++++++++++---
+ 1 file changed, 16 insertions(+), 3 deletions(-)
+
+diff --git a/trust/save.c b/trust/save.c
+index 057a9c5e3..acabcbf6d 100644
+--- a/trust/save.c
++++ b/trust/save.c
+@@ -61,6 +61,8 @@
+ #define O_DIRECTORY 0
+ #endif
+ 
++#define MAX_FILE_NAME 255
++
+ struct _p11_save_file {
+ 	char *bare;
+ 	char *extension;
+@@ -414,12 +416,23 @@ make_unique_name (const char *bare,
+ 	p11_buffer buf;
+ 	int ret;
+ 	int i;
++	int bare_len, ext_len, diff;
+ 
+ 	assert (bare != NULL);
+ 	assert (check != NULL);
+ 
+ 	p11_buffer_init_null (&buf, 0);
+ 
++	/*
++	 * Make sure the name will not be longer then MAX_FILE_NAME
++	 */
++	bare_len = strlen (bare);
++	ext_len = extension ? strlen (extension) : 0;
++	diff = bare_len + ext_len + sizeof (unique) - MAX_FILE_NAME;
++	if (diff > 0)
++		bare_len -= diff;
++	return_val_if_fail (bare_len > 0, NULL);
++
+ 	for (i = 0; true; i++) {
+ 
+ 		p11_buffer_reset (&buf, 64);
+@@ -431,7 +444,7 @@ make_unique_name (const char *bare,
+ 		 * provided by the caller.
+ 		 */
+ 		case 0:
+-			p11_buffer_add (&buf, bare, -1);
++			p11_buffer_add (&buf, bare, bare_len);
+ 			break;
+ 
+ 		/*
+@@ -448,14 +461,14 @@ make_unique_name (const char *bare,
+ 			/* fall through */
+ 
+ 		default:
+-			p11_buffer_add (&buf, bare, -1);
++			p11_buffer_add (&buf, bare, bare_len);
+ 			snprintf (unique, sizeof (unique), ".%d", i);
+ 			p11_buffer_add (&buf, unique, -1);
+ 			break;
+ 		}
+ 
+ 		if (extension)
+-			p11_buffer_add (&buf, extension, -1);
++			p11_buffer_add (&buf, extension, ext_len);
+ 
+ 		return_val_if_fail (p11_buffer_ok (&buf), NULL);
+ 
diff --git a/SPECS/p11-kit.spec b/SPECS/p11-kit.spec
index a7c275d..7705aa8 100644
--- a/SPECS/p11-kit.spec
+++ b/SPECS/p11-kit.spec
@@ -1,6 +1,6 @@
 # This spec file has been automatically updated
 Version:        0.25.3
-Release:        2%{?dist}
+Release:        3%{?dist}
 Name:           p11-kit
 Summary:        Library for loading and sharing PKCS#11 modules
 
@@ -12,7 +12,8 @@ Source2:        https://p11-glue.github.io/p11-glue/p11-kit/p11-kit-release-keyr
 Source3:        trust-extract-compat
 Source4:        p11-kit-client.service
 
-Patch0:         001-static-analysis.patch
+Patch:          001-static-analysis.patch
+Patch:          p11-kit-0.25.5-trust-file-length.patch
 
 BuildRequires:  gcc
 BuildRequires:  libtasn1-devel >= 2.3
@@ -154,6 +155,10 @@ fi
 
 
 %changelog
+* Fri Oct 25 2024 Zoltan Fridrich <zfridric@redhat.com> - 0.25.3-3
+- Fix regression in trust where file creation fails for long cert labels
+  Resolves: RHEL-64917
+
 * Thu Nov 23 2023 Zoltan Fridrich <zfridric@redhat.com> - 0.25.3-2
 - Fix issues found by static analysis
   Related: RHEL-14834