do_ext_i2d(): avoid leaks and add some missing error checking

do_ext_i2d(): avoid leaks and add some missing error checking

If ASN1_OCTET_STRING_new() failed, ext_der would be leaked, fix this.
If i2d(foo, NULL) succeeded, the same is not guaranteed for the second
with appropriately sized buffer since i2d() may make further allocations
internally. So use the proper error check. Also transfer the ownership of
ext_der to the octet string to avoid a now possible double free.

ok jsing