* SCT.
*/
if (idx >= 0) {
- X509_EXTENSION *ext;
-
/* Take a copy of certificate so we don't modify passed version */
pretmp = X509_dup(cert);
if (pretmp == NULL)
goto err;
- ext = X509_delete_ext(pretmp, idx);
- X509_EXTENSION_free(ext);
+ X509_EXTENSION_free(X509_delete_ext(pretmp, idx));
if (!ct_x509_cert_fixup(pretmp, presigner))
goto err;
ASN1_OBJECT *obj;
obj = X509_EXTENSION_get_object(dext);
- while ((idx = X509v3_get_ext_by_OBJ(sk, obj, -1)) >= 0) {
- X509_EXTENSION *tmpext = X509v3_get_ext(sk, idx);
-
- X509v3_delete_ext(sk, idx);
- X509_EXTENSION_free(tmpext);
- }
+ while ((idx = X509v3_get_ext_by_OBJ(sk, obj, -1)) >= 0)
+ X509_EXTENSION_free(X509v3_delete_ext(sk, idx));
}
/*
looks for a non-critical extension a nonzero value looks for a critical
extension.
-X509v3_delete_ext() deletes the extension with index B<loc> from B<x>. The
-deleted extension is returned and must be freed by the caller. If B<loc>
-is in invalid index value B<NULL> is returned.
+X509v3_delete_ext() deletes the extension with index B<loc> from B<x>.
+The deleted extension is returned and must be freed by the caller.
+If B<loc> is in invalid index value B<NULL> is returned.
X509v3_add_ext() adds extension B<ex> to stack B<*x> at position B<loc>. If
B<loc> is B<-1> the new extension is added to the end. If B<*x> is B<NULL>
parameter so it should initially be set to B<-1>, if it is set to zero the
initial extension will not be checked.
+=head1 BUGS
+
+X509v3_delete_ext() and its variants are a bit counter-intuitive
+because these functions do not free the extension they delete.
+
=head1 RETURN VALUES
X509v3_get_ext_count() returns the extension count.