option to replace extensions with new ones: mainly for creating cross-certificates

crypto/x509v3/v3_conf.c

@@ -322,10 +322,10 @@ static void delete_ext(STACK_OF(X509_EXTENSION) *sk, X509_EXTENSION *dext)
 	int idx;
 	ASN1_OBJECT *obj;
 	obj = X509_EXTENSION_get_object(dext);
-	while ((idx = X509_EXTENSION_get_by_OBJ(sk, obj, -1)) >= 0)
+	while ((idx = X509v3_get_ext_by_OBJ(sk, obj, -1)) >= 0)
 		{
-		X509_EXTENSION *tmpext= X509_get_ext(sk, idx);
-		X509_del_ext(sk, idx);
+		X509_EXTENSION *tmpext = X509v3_get_ext(sk, idx);
+		X509v3_delete_ext(sk, idx);
 		X509_EXTENSION_free(tmpext);
 		}
 	}
@@ -348,7 +348,7 @@ int X509V3_EXT_add_nconf_sk(CONF *conf, X509V3_CTX *ctx, char *section,
 		val = sk_CONF_VALUE_value(nval, i);
 		if (!(ext = X509V3_EXT_nconf(conf, ctx, val->name, val->value)))
 								return 0;
-		if (ctx->flags == X509V3_CTX_FLAG_REPLACE)	
+		if (ctx->flags == X509V3_CTX_REPLACE)	
 			delete_ext(*sk, ext);
 		if (sk) X509v3_add_ext(sk, ext, -1);
 		X509_EXTENSION_free(ext);

crypto/x509v3/x509v3.h

@@ -128,6 +128,7 @@ void (*free_section)(void *db, STACK_OF(CONF_VALUE) *section);
 /* Context specific info */
 struct v3_ext_ctx {
 #define CTX_TEST 0x1
+#define X509V3_CTX_REPLACE 0x2
 int flags;
 X509 *issuer_cert;
 X509 *subject_cert;