diff --git a/src/x509.c b/src/x509.c
index c8fcebfb2..d09f45690 100644
--- a/src/x509.c
+++ b/src/x509.c
@@ -13616,13 +13616,21 @@ static int regenX509REQDerBuffer(WOLFSSL_X509* x509)
 int wolfSSL_X509_REQ_add_extensions(WOLFSSL_X509* req,
         WOLF_STACK_OF(WOLFSSL_X509_EXTENSION)* ext_sk)
 {
+    WOLFSSL_X509_EXTENSION* ext = NULL;
+
     if (!req || !ext_sk) {
         WOLFSSL_MSG("Bad parameter");
         return WOLFSSL_FAILURE;
     }
 
+    /* It is not an error if the stack is empty. */
+    ext = ext_sk->data.ext;
+    if (ext == NULL) {
+        return WOLFSSL_SUCCESS;
+    }
+
     while (ext_sk) {
-        WOLFSSL_X509_EXTENSION* ext = ext_sk->data.ext;
+        ext = ext_sk->data.ext;
 
         if (wolfSSL_X509_add_ext(req, ext, -1) != WOLFSSL_SUCCESS) {
             WOLFSSL_MSG("wolfSSL_X509_add_ext error");
diff --git a/tests/api.c b/tests/api.c
index 6aafc64d7..a9527d48a 100644
--- a/tests/api.c
+++ b/tests/api.c
@@ -43377,6 +43377,8 @@ static int test_othername_and_SID_ext(void) {
     AssertNotNull(sid_ext = X509_EXTENSION_create_by_OBJ(NULL, sid_oid, 0,
                                                          sid_data));
     AssertNotNull(exts = sk_X509_EXTENSION_new_null());
+    /* Ensure an empty stack doesn't raise an error. */
+    AssertIntEQ(X509_REQ_add_extensions(x509, exts), 1);
     AssertIntEQ(sk_X509_EXTENSION_push(exts, san_ext), 1);
     AssertIntEQ(sk_X509_EXTENSION_push(exts, sid_ext), 2);
     AssertIntEQ(X509_REQ_add_extensions(x509, exts), 1);