From fd6127070d3f4a277c86fa0edbe59310fe278f1e Mon Sep 17 00:00:00 2001 From: ndossche Date: Thu, 5 Mar 2026 13:27:03 +0100 Subject: [PATCH 1/2] Fix missing error propagation in openssl_x509_export_to_file() The file writes can have failed, but this error isn't visible for the application, fix it by propagating the error properly. --- ext/openssl/openssl.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c index 2f2aae1e7335b..d43e965c4893d 100644 --- a/ext/openssl/openssl.c +++ b/ext/openssl/openssl.c @@ -1569,9 +1569,11 @@ PHP_FUNCTION(openssl_x509_export_to_file) if (bio_out) { if (!notext && !X509_print(bio_out, cert)) { php_openssl_store_errors(); + goto exit_cleanup_bio; } if (!PEM_write_bio_X509(bio_out, cert)) { php_openssl_store_errors(); + goto exit_cleanup_bio; } RETVAL_TRUE; @@ -1580,6 +1582,7 @@ PHP_FUNCTION(openssl_x509_export_to_file) php_error_docref(NULL, E_WARNING, "Error opening file %s", file_path); } +exit_cleanup_bio: if (!BIO_free(bio_out)) { php_openssl_store_errors(); } From dfbc6b0b6af74bb6ce09fbcc82bc94cd0ac8a7cd Mon Sep 17 00:00:00 2001 From: ndossche <7771979+ndossche@users.noreply.github.com> Date: Thu, 5 Mar 2026 23:10:09 +0100 Subject: [PATCH 2/2] get rid of goto --- ext/openssl/openssl.c | 12 +++--------- 1 file changed, 3 insertions(+), 9 deletions(-) diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c index d43e965c4893d..908c1c291e962 100644 --- a/ext/openssl/openssl.c +++ b/ext/openssl/openssl.c @@ -1567,22 +1567,16 @@ PHP_FUNCTION(openssl_x509_export_to_file) bio_out = BIO_new_file(file_path, PHP_OPENSSL_BIO_MODE_W(PKCS7_BINARY)); if (bio_out) { - if (!notext && !X509_print(bio_out, cert)) { - php_openssl_store_errors(); - goto exit_cleanup_bio; - } - if (!PEM_write_bio_X509(bio_out, cert)) { + if ((notext || X509_print(bio_out, cert)) && PEM_write_bio_X509(bio_out, cert)) { + RETVAL_TRUE; + } else { php_openssl_store_errors(); - goto exit_cleanup_bio; } - - RETVAL_TRUE; } else { php_openssl_store_errors(); php_error_docref(NULL, E_WARNING, "Error opening file %s", file_path); } -exit_cleanup_bio: if (!BIO_free(bio_out)) { php_openssl_store_errors(); }