diff --git a/crypto/x509/x509cset.c b/crypto/x509/x509cset.c
index 676cebafa56c5922cd20f2192ac80d77ff697aaf..a779fd4f4878396d53ddb51668d4d34d64cb75cf 100644
--- a/crypto/x509/x509cset.c
+++ b/crypto/x509/x509cset.c
@@ -158,6 +158,11 @@ X509_NAME *X509_CRL_get_issuer(X509_CRL *crl)
     return crl->crl.issuer;
 }
 
+STACK_OF(X509_EXTENSION) *X509_CRL_get0_extensions(X509_CRL *crl)
+{
+    return crl->crl.extensions;
+}
+
 STACK_OF(X509_REVOKED) *X509_CRL_get_REVOKED(X509_CRL *crl)
 {
     return crl->crl.revoked;
@@ -221,6 +226,11 @@ int X509_REVOKED_set_serialNumber(X509_REVOKED *x, ASN1_INTEGER *serial)
     return (in != NULL);
 }
 
+STACK_OF(X509_EXTENSION) *X509_REVOKED_get0_extensions(X509_REVOKED *r)
+{
+    return r->extensions;
+}
+
 int i2d_re_X509_CRL_tbs(X509_CRL *crl, unsigned char **pp)
 {
     crl->crl.enc.modified = 1;
diff --git a/include/openssl/x509.h b/include/openssl/x509.h
index 1374b0f80eaa2cf86a1f5fb558f78cd407885fdd..9a58dfcba48dd709826a54dd9e2ea3f50d67de84 100644
--- a/include/openssl/x509.h
+++ b/include/openssl/x509.h
@@ -794,6 +794,7 @@ long X509_CRL_get_version(X509_CRL *crl);
 ASN1_TIME *X509_CRL_get_lastUpdate(X509_CRL *crl);
 ASN1_TIME *X509_CRL_get_nextUpdate(X509_CRL *crl);
 X509_NAME *X509_CRL_get_issuer(X509_CRL *crl);
+STACK_OF(X509_EXTENSION) *X509_CRL_get0_extensions(X509_CRL *crl);
 STACK_OF(X509_REVOKED) *X509_CRL_get_REVOKED(X509_CRL *crl);
 void X509_CRL_get0_signature(ASN1_BIT_STRING **psig, X509_ALGOR **palg,
                              X509_CRL *crl);
@@ -804,6 +805,7 @@ ASN1_INTEGER *X509_REVOKED_get0_serialNumber(X509_REVOKED *x);
 int X509_REVOKED_set_serialNumber(X509_REVOKED *x, ASN1_INTEGER *serial);
 ASN1_TIME *X509_REVOKED_get0_revocationDate(X509_REVOKED *x);
 int X509_REVOKED_set_revocationDate(X509_REVOKED *r, ASN1_TIME *tm);
+STACK_OF(X509_EXTENSION) *X509_REVOKED_get0_extensions(X509_REVOKED *r);
 
 X509_CRL *X509_CRL_diff(X509_CRL *base, X509_CRL *newer,
                         EVP_PKEY *skey, const EVP_MD *md, unsigned int flags);