diff --git a/SOURCES/coolkey-1.1.0-alt-tokens-2.patch b/SOURCES/coolkey-1.1.0-alt-tokens-2.patch
new file mode 100644
index 0000000..de7c8c1
--- /dev/null
+++ b/SOURCES/coolkey-1.1.0-alt-tokens-2.patch
@@ -0,0 +1,141 @@
+diff -up ./src/coolkey/slot.cpp.alt-tokens-2 ./src/coolkey/slot.cpp
+--- ./src/coolkey/slot.cpp.alt-tokens-2	2018-06-25 17:58:23.472185284 -0700
++++ ./src/coolkey/slot.cpp	2018-06-25 18:02:29.714918126 -0700
+@@ -415,8 +415,9 @@ Slot::Slot(const char *readerName_, Log
+ 	tokenManufacturer(NULL),
+ 	slotInfoFound(false), context(context_), conn(NULL), state(UNKNOWN), 
+ 	isVersion1Key(false), needLogin(false), fullTokenName(false), 
+-	mCoolkey(false), mOldCAC(false), mCACLocalLogin(false),
+-	pivContainer(-1), pivKey(-1), maxCacCerts(MAX_CERT_SLOTS), 
++	mCoolkey(false), mOldCAC(false), mCACLocalLogin(false), mCAC_ACA(false),
++	pivContainer(-1), pivKey(-1),
++	minCacCerts(0), maxCacCerts(MAX_CERT_SLOTS),
+ 	algs(ALG_NONE), p15aid(0), p15odfAddr(0), p15tokenInfoAddr(0),
+ 	p15Instance(0),
+ #ifdef USE_SHMEM
+@@ -782,9 +783,11 @@ Slot::connectToToken()
+ 	 state |= PIV_CARD | APPLET_SELECTABLE | APPLET_PERSONALIZED;
+ 	 isVersion1Key = 0;
+ 	 needLogin = true;
++	 minCacCerts = 0;
+ 	 maxCacCerts = MAX_CERT_SLOTS;
+          mCoolkey = 0;
+ 	 mOldCAC = 0;
++	 mCAC_ACA = 0;
+ 	 mCACLocalLogin = getPIVLoginType();
+ 	return;
+     } 
+@@ -924,23 +927,29 @@ Slot::getCACAid()
+ 	CKYBuffer_Resize(&cardAID[i],0);
+     }
+ 
++    mCAC_ACA=false;
+     status = CACApplet_SelectCCC(conn,NULL);
+     if (status != CKYSUCCESS) {
+ 	/* are we an old CAC */
+-	status = CACApplet_SelectPKI(conn, &cardAID[0], 0, NULL);
+-	if (status != CKYSUCCESS) {
+-	   /* no, just fail */
+-	   return status;
+-	}
+-	/* yes, fill in the old applets */
+-	mOldCAC = true;
+-	maxCacCerts = 1;
+-	for (i=1; i< MAX_CERT_SLOTS; i++) {
++	maxCacCerts = 0;
++	minCacCerts = -1;
++        status = CACApplet_SelectACA(conn,NULL);
++        if (status == CKYSUCCESS) {
++	    mCAC_ACA = true;
++        }
++	for (i=0; i< MAX_CERT_SLOTS; i++) {
+ 	    status = CACApplet_SelectPKI(conn, &cardAID[i], i, NULL);
+ 	    if (status == CKYSUCCESS) {
++		if (minCacCerts == -1) {
++		    minCacCerts = i;
++                }
+ 		maxCacCerts = i+1;
+ 	    }
+ 	}
++	if (minCacCerts == -1) {
++	    return status;
++        }
++	mOldCAC = true;
+ 	return CKYSUCCESS;
+     }
+     /* definately not an old CAC */
+@@ -997,6 +1006,7 @@ Slot::getCACAid()
+     if (certSlot == 0) {
+ 	status = CKYAPDUFAIL; /* probably neeed a beter error code */
+     }
++    minCacCerts = 0;
+     maxCacCerts = certSlot;
+ 
+ done:
+@@ -3840,7 +3850,16 @@ Slot::login(SessionHandleSuffix handleSu
+     if(status != CKYSUCCESS ) handleConnectionError();
+ 
+     if (state & GOV_CARD) {
+-	selectCACApplet(0, true);
++	if (mCAC_ACA) {
++            status = CACApplet_SelectACA(conn,NULL);
++	    if ( status == CKYSCARDERR ) handleConnectionError();
++	    if ( status != CKYSUCCESS) {
++		disconnect();
++        	throw PKCS11Exception(CKR_DEVICE_REMOVED);
++	    }
++	} else {
++	    selectCACApplet(minCacCerts, true);
++	}
+     } else if ((state & P15_CARD)== 0) {
+ 	/* p15 does the select in attemptLogin */
+ 	selectApplet();
+diff -up ./src/coolkey/slot.h.alt-tokens-2 ./src/coolkey/slot.h
+--- ./src/coolkey/slot.h.alt-tokens-2	2018-06-25 17:58:23.473185283 -0700
++++ ./src/coolkey/slot.h	2018-06-25 17:58:23.475185280 -0700
+@@ -356,8 +356,10 @@ class Slot {
+     bool mCoolkey;
+     bool mOldCAC;
+     bool mCACLocalLogin;
++    bool mCAC_ACA;
+     int pivContainer;
+     int pivKey;
++    int minCacCerts;
+     int maxCacCerts;
+     SlotAlgs algs;
+     unsigned short p15aid;
+diff -up ./src/libckyapplet/cky_applet.c.alt-tokens-2 ./src/libckyapplet/cky_applet.c
+--- ./src/libckyapplet/cky_applet.c.alt-tokens-2	2018-06-25 17:58:23.473185283 -0700
++++ ./src/libckyapplet/cky_applet.c	2018-06-25 17:58:23.475185280 -0700
+@@ -626,6 +626,19 @@ CACApplet_SelectCCC(CKYCardConnection *c
+     return ret;
+ }
+ 
++static CKYByte cacACAid[] = {0xa0, 0x00, 0x00, 0x00, 0x79, 0x10, 0x00 };
++CKYStatus
++CACApplet_SelectACA(CKYCardConnection *conn, CKYISOStatus *apduRC)
++{
++    CKYStatus ret;
++    CKYBuffer CAC_CM_AID;
++    CKYBuffer_InitFromData(&CAC_CM_AID, cacACAid, sizeof(cacACAid));
++    ret = CKYApplet_HandleAPDU(conn, CKYAppletFactory_SelectFile, &CAC_CM_AID,
++		 NULL, CKY_SIZE_UNKNOWN, CKYAppletFill_Null, NULL, apduRC);
++    CKYBuffer_FreeData(&CAC_CM_AID);
++    return ret;
++}
++
+ CKYStatus
+ CACApplet_SelectFile(CKYCardConnection *conn, unsigned short ef,
+ 						 CKYISOStatus *apduRC)
+diff -up ./src/libckyapplet/cky_applet.h.alt-tokens-2 ./src/libckyapplet/cky_applet.h
+--- ./src/libckyapplet/cky_applet.h.alt-tokens-2	2018-06-25 17:58:23.457185300 -0700
++++ ./src/libckyapplet/cky_applet.h	2018-06-25 17:58:23.475185280 -0700
+@@ -539,6 +539,8 @@ CKYStatus CACApplet_SelectCardManager(CK
+ 							CKYISOStatus *apduRC);
+ /* Select the CAC CC container. Can happen with either applet selected */
+ CKYStatus CACApplet_SelectCCC(CKYCardConnection *conn, CKYISOStatus *apduRC);
++/* Select the CAC ACA container. Can happen with either applet selected */
++CKYStatus CACApplet_SelectACA(CKYCardConnection *conn, CKYISOStatus *apduRC);
+ /* Select an old CAC applet and fill in the cardAID */
+ CKYStatus CACApplet_SelectPKI(CKYCardConnection *conn, CKYBuffer *cardAid,
+ 			      CKYByte instance, CKYISOStatus *apduRC);
diff --git a/SPECS/coolkey.spec b/SPECS/coolkey.spec
index 0a948f7..f0a48b5 100644
--- a/SPECS/coolkey.spec
+++ b/SPECS/coolkey.spec
@@ -22,7 +22,7 @@
 
 Name: coolkey
 Version: 1.1.0
-Release: 37%{?dist}
+Release: 37.51%{?dist}
 Summary: CoolKey PKCS #11 module
 License: LGPLv2
 URL: http://directory.fedora.redhat.com/wiki/CoolKey
@@ -47,6 +47,7 @@ Patch25: coolkey-1.1.0-fail-on-bad-mechanisms.patch
 Patch26: coolkey-1.1.0-max-cpu-bug.patch
 Patch27: coolkey-1.1.0-rhel7-alt-cac.patch
 Patch28: coolkey-1.1.0-cardos-5-3.patch
+Patch29: coolkey-1.1.0-alt-tokens-2.patch
 
 
 Group: System Environment/Libraries
@@ -97,6 +98,7 @@ Linux Driver support to access the CoolKey applet.
 %patch26 -b .max-cpu-bug
 %patch27 -b .alt-cac
 %patch28 -b .cardos-5-3
+%patch29 -b .alt-tokens-2
 
 %build
 autoconf
@@ -155,6 +157,14 @@ fi
 
 
 %changelog
+* Mon Jun 25 2018 Robert Relyea <rrelyea@redhat.com> - 1.1.0-37.51
+- Fix regression in alt token patch that prevented blank cards from working
+  in ESC.
+
+* Mon Apr 23 2018 Robert Relyea <rrelyea@redhat.com> - 1.1.0-37.50
+- support cac alt tokens which don't have a cert is slot 0, don't have
+  a CCC, and uses a ACA.
+
 * Tue Mar 14 2017 Robert Relyea <rrelyea@redhat.com> - 1.1.0-37
 - get Cardos 5.3 cards working properly