diff --git a/src/libcharon/encoding/message.c b/src/libcharon/encoding/message.c
index d3b72ea..5a59b6c 100644
--- a/src/libcharon/encoding/message.c
+++ b/src/libcharon/encoding/message.c
@@ -57,7 +57,7 @@
 /**
  * Max number of certificate request payloads per IKEv1 message
  */
-#define MAX_CERTREQ_PAYLOADS 5
+#define MAX_CERTREQ_PAYLOADS 20
 
 /**
  * Max number of NAT-D payloads per IKEv1 message
diff --git a/src/libcharon/plugins/stroke/stroke_cred.c b/src/libcharon/plugins/stroke/stroke_cred.c
index c872ea9..823bdc0 100644
--- a/src/libcharon/plugins/stroke/stroke_cred.c
+++ b/src/libcharon/plugins/stroke/stroke_cred.c
@@ -105,7 +105,7 @@ static smartcard_format_t parse_smartcard(char *smartcard, u_int *slot,
 	 */
 	char buf[BUF_LEN], *pos;
 
-	if (sscanf(smartcard, "%%smartcard%u@%127s", slot, buf) == 2)
+	if (sscanf(smartcard, "%%smartcard%u@%256s", slot, buf) == 2)
 	{
 		pos = strchr(buf, ':');
 		if (!pos)
@@ -117,11 +117,11 @@ static smartcard_format_t parse_smartcard(char *smartcard, u_int *slot,
 		snprintf(keyid, BUF_LEN, "%s", pos);
 		return SC_FORMAT_SLOT_MODULE_KEYID;
 	}
-	if (sscanf(smartcard, "%%smartcard%u:%63s", slot, keyid) == 2)
+	if (sscanf(smartcard, "%%smartcard%u:%127s", slot, keyid) == 2)
 	{
 		return SC_FORMAT_SLOT_KEYID;
 	}
-	if (sscanf(smartcard, "%%smartcard:%63s", keyid) == 1)
+	if (sscanf(smartcard, "%%smartcard:%127s", keyid) == 1)
 	{
 		return SC_FORMAT_KEYID;
 	}
diff --git a/src/libstrongswan/plugins/pkcs11/pkcs11_private_key.c b/src/libstrongswan/plugins/pkcs11/pkcs11_private_key.c
index f48ea79..b102e01 100644
--- a/src/libstrongswan/plugins/pkcs11/pkcs11_private_key.c
+++ b/src/libstrongswan/plugins/pkcs11/pkcs11_private_key.c
@@ -428,44 +428,50 @@ static pkcs11_library_t* find_lib_by_keyid(chunk_t keyid, int *slot)
 		return NULL;
 	}
 	enumerator = manager->create_token_enumerator(manager);
-	while (enumerator->enumerate(enumerator, &p11, &current))
+	while (!found && enumerator->enumerate(enumerator, &p11, &current))
 	{
 		if (*slot == -1 || *slot == current)
 		{
 			/* we look for a public key, it is usually readable without login */
 			CK_OBJECT_CLASS class = CKO_PUBLIC_KEY;
-			CK_ATTRIBUTE tmpl[] = {
-				{CKA_CLASS, &class, sizeof(class)},
-				{CKA_ID, keyid.ptr, keyid.len},
-			};
-			CK_OBJECT_HANDLE object;
-			CK_SESSION_HANDLE session;
-			CK_RV rv;
-			enumerator_t *keys;
-
-			rv = p11->f->C_OpenSession(current, CKF_SERIAL_SESSION, NULL, NULL,
-									   &session);
-			if (rv != CKR_OK)
-			{
-				DBG1(DBG_CFG, "opening PKCS#11 session failed: %N",
-					 ck_rv_names, rv);
-				continue;
-			}
-			keys = p11->create_object_enumerator(p11, session,
-												 tmpl, countof(tmpl), NULL, 0);
-			if (keys->enumerate(keys, &object))
-			{
-				DBG1(DBG_CFG, "found key on PKCS#11 token '%s':%d",
-					 p11->get_name(p11), current);
-				found = p11;
-				*slot = current;
-			}
-			keys->destroy(keys);
-			p11->f->C_CloseSession(session);
-			if (found)
-			{
-				break;
-			}
+            while (1)
+            {
+                CK_ATTRIBUTE tmpl[] = {
+                    {CKA_CLASS, &class, sizeof(class)},
+                    {CKA_ID, keyid.ptr, keyid.len},
+                };
+                CK_OBJECT_HANDLE object;
+                CK_SESSION_HANDLE session;
+                CK_RV rv;
+                enumerator_t *keys;
+
+                rv = p11->f->C_OpenSession(current, CKF_SERIAL_SESSION, NULL, NULL,
+                                           &session);
+                if (rv != CKR_OK)
+                {
+                    DBG1(DBG_CFG, "opening PKCS#11 session failed: %N",
+                         ck_rv_names, rv);
+                    continue;
+                }
+                keys = p11->create_object_enumerator(p11, session,
+                                                     tmpl, countof(tmpl), NULL, 0);
+                if (keys->enumerate(keys, &object))
+                {
+                    DBG1(DBG_CFG, "found key on PKCS#11 token '%s':%d",
+                         p11->get_name(p11), current);
+                    found = p11;
+                    *slot = current;
+                }
+                keys->destroy(keys);
+                p11->f->C_CloseSession(session);
+                if (found)
+                {
+                    break;
+                }
+            if (class == CKO_CERTIFICATE)
+                break ;
+            class = CKO_CERTIFICATE;
+            }    
 		}
 	}
 	enumerator->destroy(enumerator);
@@ -581,7 +587,7 @@ static public_key_t* find_pubkey_in_certs(private_pkcs11_private_key_t *this,
 	CK_CERTIFICATE_TYPE type = CKC_X_509;
 	CK_ATTRIBUTE tmpl[] = {
 		{CKA_CLASS, &class, sizeof(class)},
-		{CKA_CERTIFICATE_TYPE, &type, sizeof(type)},
+		// {CKA_CERTIFICATE_TYPE, &type, sizeof(type)},
 		{CKA_ID, keyid.ptr, keyid.len},
 	};
 	CK_OBJECT_HANDLE object;