diff --git a/3rdp/build/GNUmakefile b/3rdp/build/GNUmakefile
index 7d3bdad9ab5f5433499640a9d289a60691034ce6..98f7ca9864c189aa23e2ede752d564671d416789 100644
--- a/3rdp/build/GNUmakefile
+++ b/3rdp/build/GNUmakefile
@@ -67,7 +67,7 @@ $(CRYPT_SRC): | $(3RDPSRCDIR)
 $(CRYPT_IDIR): | $(3RDPODIR)
 	$(QUIET)$(IFNOTEXIST) mkdir $(CRYPT_IDIR)
 
-$(CRYPTLIB_BUILD): $(3RDP_ROOT)$(DIRSEP)dist/cryptlib.zip $(3RDP_ROOT)$(DIRSEP)build/SSL-fix.patch $(3RDP_ROOT)$(DIRSEP)build/Dynamic-linked-static-lib.patch $(3RDP_ROOT)$(DIRSEP)build/terminal-params.patch $(3RDP_ROOT)$(DIRSEP)build/cl-mingw32-static.patch $(3RDP_ROOT)$(DIRSEP)build/cl-ranlib.patch $(3RDP_ROOT)$(DIRSEP)build/cl-PAM-noprompts.patch $(3RDP_ROOT)$(DIRSEP)build/cl-getseed64.patch $(3RDP_ROOT)$(DIRSEP)build/cl-endian.patch $(3RDP_ROOT)$(DIRSEP)build/cl-win32-compile.patch $(3RDP_ROOT)$(DIRSEP)build/cl-win32-compile2.patch $(3RDP_ROOT)$(DIRSEP)build/cl-win32-noasm.patch $(3RDP_ROOT)$(DIRSEP)build/cl-zz-country.patch $(3RDP_ROOT)$(DIRSEP)build/cl-algorithms.patch | $(CRYPT_SRC) $(CRYPT_IDIR)
+$(CRYPTLIB_BUILD): $(3RDP_ROOT)$(DIRSEP)dist/cryptlib.zip $(3RDP_ROOT)$(DIRSEP)build/SSL-fix.patch $(3RDP_ROOT)$(DIRSEP)build/Dynamic-linked-static-lib.patch $(3RDP_ROOT)$(DIRSEP)build/terminal-params.patch $(3RDP_ROOT)$(DIRSEP)build/cl-mingw32-static.patch $(3RDP_ROOT)$(DIRSEP)build/cl-ranlib.patch $(3RDP_ROOT)$(DIRSEP)build/cl-PAM-noprompts.patch $(3RDP_ROOT)$(DIRSEP)build/cl-getseed64.patch $(3RDP_ROOT)$(DIRSEP)build/cl-endian.patch $(3RDP_ROOT)$(DIRSEP)build/cl-win32-compile.patch $(3RDP_ROOT)$(DIRSEP)build/cl-win32-compile2.patch $(3RDP_ROOT)$(DIRSEP)build/cl-win32-noasm.patch $(3RDP_ROOT)$(DIRSEP)build/cl-zz-country.patch $(3RDP_ROOT)$(DIRSEP)build/cl-algorithms.patch $(3RDP_ROOT)$(DIRSEP)build/cl-allow-duplicate-ext.patch | $(CRYPT_SRC) $(CRYPT_IDIR)
 	@echo Creating $@ ...
 	$(QUIET)-rm -rf $(CRYPT_SRC)/*
 	$(QUIET)unzip -oa $(3RDPDISTDIR)$(DIRSEP)cryptlib.zip -d $(CRYPT_SRC)
@@ -86,6 +86,7 @@ $(CRYPTLIB_BUILD): $(3RDP_ROOT)$(DIRSEP)dist/cryptlib.zip $(3RDP_ROOT)$(DIRSEP)b
 	$(QUIET)patch -p0 -d $(CRYPT_SRC) < cl-win32-noasm.patch
 	$(QUIET)patch -p0 -d $(CRYPT_SRC) < cl-zz-country.patch
 	$(QUIET)patch -p0 -d $(CRYPT_SRC) < cl-algorithms.patch
+	$(QUIET)patch -p0 -d $(CRYPT_SRC) < cl-allow-duplicate-ext.patch
 ifeq ($(CC),mingw32-gcc)
 	$(QUIET)cd $(CRYPT_SRC) && env - PATH="$(PATH)" CC="$(CC)" AR="$(AR)" RANLIB="$(RANLIB)" make directories
 	$(QUIET)cd $(CRYPT_SRC) && env - PATH="$(PATH)" CC="$(CC)" AR="$(AR)" RANLIB="$(RANLIB)" make toolscripts
diff --git a/3rdp/build/cl-allow-duplicate-ext.patch b/3rdp/build/cl-allow-duplicate-ext.patch
new file mode 100644
index 0000000000000000000000000000000000000000..7a64a0cdb31d442b0537633edc13178c59f3e52c
--- /dev/null
+++ b/3rdp/build/cl-allow-duplicate-ext.patch
@@ -0,0 +1,14 @@
+--- cert/ext_add.c.orig	2018-02-24 01:38:55.995138000 -0500
++++ cert/ext_add.c	2018-02-24 01:39:08.783152000 -0500
+@@ -451,9 +451,11 @@
+ 	   a non-blob.  In addition it forces the caller to use the (recommended)
+ 	   normal attribute handling mechanism, which allows for proper type
+ 	   checking */
++#if 0
+ 	if( !( flags & ATTR_FLAG_BLOB ) && \
+ 		oidToAttribute( attributeType, oid, oidLength ) != NULL )
+ 		return( CRYPT_ERROR_PERMISSION );
++#endif
+ 
+ 	/* Find the correct place in the list to insert the new element */
+ 	if( DATAPTR_ISSET( listHead ) )