diff --git a/apps/req.c b/apps/req.c
index 066e7c668f940898c8fd85b4c2151939f8dbb90e..48f3a3ab9826296d8dbeb7ff2c05a4eac565cd74 100644
--- a/apps/req.c
+++ b/apps/req.c
@@ -947,6 +947,7 @@ int req_main(int argc, char **argv)
         ERR_print_errors(bio_err);
     }
     NCONF_free(req_conf);
+    NCONF_free(addext_conf);
     BIO_free(addext_bio);
     BIO_free(in);
     BIO_free_all(out);
diff --git a/test/recipes/25-test_req.t b/test/recipes/25-test_req.t
index fa79219e1d10112e7fb26708418e3c71dd93e432..b6d233548f23f671a7fe2079a721455306ae4197 100644
--- a/test/recipes/25-test_req.t
+++ b/test/recipes/25-test_req.t
@@ -15,7 +15,7 @@ use OpenSSL::Test qw/:DEFAULT srctop_file/;
 
 setup("test_req");
 
-plan tests => 8;
+plan tests => 9;
 
 require_ok(srctop_file('test','recipes','tconversion.pl'));
 
@@ -23,26 +23,30 @@ open RND, ">>", ".rnd";
 print RND "string to make the random number generator think it has randomness";
 close RND;
 
-# Check for duplicate -addext parameters
+# What type of key to generate?
+my @req_new;
+if (disabled("rsa")) {
+    @req_new = ("-newkey", "dsa:".srctop_file("apps", "dsa512.pem"));
+} else {
+    @req_new = ("-new");
+    note("There should be a 2 sequences of .'s and some +'s.");
+    note("There should not be more that at most 80 per line");
+}
+
+# Check for duplicate -addext parameters, and one "working" case.
+my @addext_args = ( "openssl", "req", "-new", "-out", "testreq.pem",
+    "-config", srctop_file("test", "test.cnf"), @req_new );
 my $val = "subjectAltName=DNS:example.com";
 my $val2 = " " . $val;
 my $val3 = $val;
 $val3 =~ s/=/    =/;
-ok(!run(app(["openssl", "req", "-new", "-addext", $val, "-addext", $val])));
-ok(!run(app(["openssl", "req", "-new", "-addext", $val, "-addext", $val2])));
-ok(!run(app(["openssl", "req", "-new", "-addext", $val, "-addext", $val3])));
-ok(!run(app(["openssl", "req", "-new", "-addext", $val2, "-addext", $val3])));
+ok( run(app([@addext_args, "-addext", $val])));
+ok(!run(app([@addext_args, "-addext", $val, "-addext", $val])));
+ok(!run(app([@addext_args, "-addext", $val, "-addext", $val2])));
+ok(!run(app([@addext_args, "-addext", $val, "-addext", $val3])));
+ok(!run(app([@addext_args, "-addext", $val2, "-addext", $val3])));
 
 subtest "generating certificate requests" => sub {
-    my @req_new;
-    if (disabled("rsa")) {
-	@req_new = ("-newkey", "dsa:".srctop_file("apps", "dsa512.pem"));
-    } else {
-	@req_new = ("-new");
-	note("There should be a 2 sequences of .'s and some +'s.");
-	note("There should not be more that at most 80 per line");
-    }
-
     plan tests => 2;
 
     ok(run(app(["openssl", "req", "-config", srctop_file("test", "test.cnf"),