@@ -91,11 +91,10 @@
 #define CERT_STR_SIZE 16384
 
 Tcl_Obj*
 Tls_NewX509Obj(Tcl_Interp *interp, X509 *cert) {
     Tcl_Obj *certPtr = Tcl_NewListObj(0, NULL);
-    Tcl_Obj *extsPtr = Tcl_NewListObj(0, NULL);
     BIO *bio;
     int n;
     unsigned long flags;
     char subject[BUFSIZ];
     char issuer[BUFSIZ];
@@ -109,11 +108,10 @@
     char sha256_hash_ascii[SHA256_DIGEST_LENGTH * 2 + 1];
     unsigned char sha256_hash_binary[SHA256_DIGEST_LENGTH];
     const char *shachars="0123456789ABCDEF";
     int nid, pknid, bits, num_of_exts;
     uint32_t xflags;
-    const STACK_OF(X509_EXTENSION) *exts;
 
     sha1_hash_ascii[SHA_DIGEST_LENGTH * 2] = '\0';
     sha256_hash_ascii[SHA256_DIGEST_LENGTH * 2] = '\0';
 
     certStr[0] = 0;
@@ -141,10 +139,11 @@
 	n = BIO_read(bio, serial, min(BIO_pending(bio), BUFSIZ - 1));
 	n = max(n, 0);
 	serial[n] = 0;
 	(void)BIO_flush(bio);
 
+        /* Get certificate */
         if (PEM_write_bio_X509(bio, cert)) {
             certStr_p = certStr;
             certStr_len = 0;
             while (1) {
                 toRead = min(BIO_pending(bio), CERT_STR_SIZE - certStr_len - 1);
@@ -237,17 +236,22 @@
     num_of_exts = X509_get_ext_count(cert);
     Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewStringObj("num_extensions", -1));
     Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewIntObj(num_of_exts));
 
     /* Get extensions */
-    Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewStringObj("extensions", -1));
-    exts = X509_get0_extensions(cert);
-    for (int i=0; i < num_of_exts; i++) {
-	X509_EXTENSION *ex = sk_X509_EXTENSION_value(exts, i);
-	ASN1_OBJECT *obj = X509_EXTENSION_get_object(ex);
-	unsigned nid2 = OBJ_obj2nid(obj);
-	Tcl_ListObjAppendElement(interp, extsPtr, Tcl_NewStringObj(OBJ_nid2ln(nid2), -1));
-    }
-    Tcl_ListObjAppendElement(interp, certPtr, extsPtr);
+    if (num_of_exts > 0) {
+	Tcl_Obj *extsPtr = Tcl_NewListObj(0, NULL);
+	const STACK_OF(X509_EXTENSION) *exts;
+	exts = X509_get0_extensions(cert);
+
+	for (int i=0; i < num_of_exts; i++) {
+	    X509_EXTENSION *ex = sk_X509_EXTENSION_value(exts, i);
+	    ASN1_OBJECT *obj = X509_EXTENSION_get_object(ex);
+	    unsigned nid2 = OBJ_obj2nid(obj);
+	    Tcl_ListObjAppendElement(interp, extsPtr, Tcl_NewStringObj(OBJ_nid2ln(nid2), -1));
+	}
+	Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewStringObj("extensions", -1));
+	Tcl_ListObjAppendElement(interp, certPtr, extsPtr);
+    }
 
     return certPtr;
 }