option to replace extensions with new ones: mainly for creating cross-certificates

diff --git a/crypto/x509v3/v3_conf.c b/crypto/x509v3/v3_conf.c
index 24b21d4ea2d592c1bcbe979884273b1b67221327..b570b6e592057eef4fd5c549fb271c33102f942f 100644 (file)
--- a/crypto/x509v3/v3_conf.c
+++ b/crypto/x509v3/v3_conf.c
@@ -322,10 +322,10 @@ static void delete_ext(STACK_OF(X509_EXTENSION) *sk, X509_EXTENSION *dext)
        int idx;
        ASN1_OBJECT *obj;
        obj = X509_EXTENSION_get_object(dext);
-       while ((idx = X509_EXTENSION_get_by_OBJ(sk, obj, -1)) >= 0)
+       while ((idx = X509v3_get_ext_by_OBJ(sk, obj, -1)) >= 0)
                {
-               X509_EXTENSION *tmpext= X509_get_ext(sk, idx);
-               X509_del_ext(sk, idx);
+               X509_EXTENSION *tmpext = X509v3_get_ext(sk, idx);
+               X509v3_delete_ext(sk, idx);
                X509_EXTENSION_free(tmpext);
                }
        }
@@ -348,7 +348,7 @@ int X509V3_EXT_add_nconf_sk(CONF *conf, X509V3_CTX *ctx, char *section,
                val = sk_CONF_VALUE_value(nval, i);
                if (!(ext = X509V3_EXT_nconf(conf, ctx, val->name, val->value)))
                                                                return 0;
-               if (ctx->flags == X509V3_CTX_FLAG_REPLACE)      
+               if (ctx->flags == X509V3_CTX_REPLACE)   
                        delete_ext(*sk, ext);
                if (sk) X509v3_add_ext(sk, ext, -1);
                X509_EXTENSION_free(ext);

diff --git a/crypto/x509v3/x509v3.h b/crypto/x509v3/x509v3.h
index 84cf46f538634d2016a13dcf3609f1cb6c9582c5..bf409997e759e5b7fefc99615e74b88c8e2595e7 100644 (file)
--- a/crypto/x509v3/x509v3.h
+++ b/crypto/x509v3/x509v3.h
@@ -128,6 +128,7 @@ void (*free_section)(void *db, STACK_OF(CONF_VALUE) *section);
 /* Context specific info */
 struct v3_ext_ctx {
 #define CTX_TEST 0x1
+#define X509V3_CTX_REPLACE 0x2
 int flags;
 X509 *issuer_cert;
 X509 *subject_cert;