From e838dff32ef1dd94dc90f155f0af0d459f97879b Mon Sep 17 00:00:00 2001
From: Endre Szabo <github@urbnet.hu>
Date: Thu, 30 Apr 2015 16:30:07 +0200
Subject: [PATCH] Add del_extension needed by Zorp

Balabit Zorp application level firewall relies on the del_extension function to remove attributes like CRL pathes from the mimicked  certificates when doing man-in-the-middle traffic filtering.

Also needs the ffi lib (python-cryptograpy at hazmat/bindings/openssl/x509.py) to have the definition of:

X509_EXTENSION *X509_delete_ext(X509 *, int);
---
 OpenSSL/crypto.py | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/OpenSSL/crypto.py b/OpenSSL/crypto.py
index c7bdabc0c..c4ba4ee38 100644
--- a/OpenSSL/crypto.py
+++ b/OpenSSL/crypto.py
@@ -1340,6 +1340,19 @@ def get_extension(self, index):
         extension = _lib.X509_EXTENSION_dup(ext._extension)
         ext._extension = _ffi.gc(extension, _lib.X509_EXTENSION_free)
         return ext
+        
+    def del_extension(self, index):
+        """
+        Delete a specific extension of the certificate by index.
+
+        :param index: The index of the extension to delete.
+        :return: The X509Extension object deleted at the specified index.
+        """
+        ext = X509Extension.__new__(X509Extension)
+        ext._extension = _lib.X509_delete_ext(self._x509, index)
+        if ext._extension == _ffi.NULL:
+            raise IndexError("extension index out of bounds")
+        return ext
 
 X509Type = X509