Fixed d2i_X509 in-place not re-hashing the ex_flags

    switch (operation) {

    case ASN1_OP_D2I_PRE:

        CRYPTO_free_ex_data(CRYPTO_EX_INDEX_X509, ret, &ret->ex_data);

        X509_CERT_AUX_free(ret->aux);

        ASN1_OCTET_STRING_free(ret->skid);

        AUTHORITY_KEYID_free(ret->akid);

        CRL_DIST_POINTS_free(ret->crldp);

        policy_cache_free(ret->policy_cache);

        GENERAL_NAMES_free(ret->altname);

        NAME_CONSTRAINTS_free(ret->nc);

#ifndef OPENSSL_NO_RFC3779

        sk_IPAddressFamily_pop_free(ret->rfc3779_addr, IPAddressFamily_free);

        ASIdentifiers_free(ret->rfc3779_asid);

#endif

        /* fall thru */

    case ASN1_OP_NEW_POST:

        ret->ex_cached = 0;

        ret->ex_kusage = 0;

        ret->ex_xkusage = 0;

        ret->ex_nscert = 0;

        ret->ex_flags = 0;

        ret->ex_pathlen = -1;

        ret->ex_pcpathlen = -1;

        ret->skid = NULL;

        ret->akid = NULL;

        ret->policy_cache = NULL;

        ret->altname = NULL;

        ret->nc = NULL;

#ifndef OPENSSL_NO_RFC3779

        ret->rfc3779_addr = NULL;

        ret->rfc3779_asid = NULL;

    typedef int (*i2d_X509_t)(X509 *, unsigned char **);

    int err = 0;

    BIO *fp = BIO_new_file(test_get_argument(num), "r");

    X509 *reuse = NULL;

    if (!TEST_ptr(fp))

        return 0;

            err = 1;

            goto next;

        }

        p = buf;

        reuse = d2i(&reuse, &p, enclen);

        if (reuse == NULL || X509_cmp (reuse, cert)) {

            TEST_error("X509_cmp does not work with %s", name);

            err = 1;

            goto next;

        }

        OPENSSL_free(buf);

        buf = NULL;

        OPENSSL_free(data);

    }

    BIO_free(fp);

    X509_free(reuse);

    if (ERR_GET_REASON(ERR_peek_last_error()) == PEM_R_NO_START_LINE) {

        /* Reached end of PEM file */