From 369b7b2b740c1bbeb9c0a92d1f8fa53b9790e354 Mon Sep 17 00:00:00 2001
From: ndossche <7771979+ndossche@users.noreply.github.com>
Date: Sat, 7 Mar 2026 11:38:53 +0100
Subject: [PATCH] openssl: Propagate PHP_OPENSSL_ASN1_INTEGER_set() failure

If this is not propagated, then the function will succeed even though
the serial number is not set.
---
 ext/openssl/openssl.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c
index 2f2aae1e7335b..4fdd32280e3b0 100644
--- a/ext/openssl/openssl.c
+++ b/ext/openssl/openssl.c
@@ -3378,7 +3378,11 @@ PHP_FUNCTION(openssl_csr_sign)
 			goto cleanup;
 		}
 	} else {
-		PHP_OPENSSL_ASN1_INTEGER_set(X509_get_serialNumber(new_cert), serial);
+		if (!PHP_OPENSSL_ASN1_INTEGER_set(X509_get_serialNumber(new_cert), serial)) {
+			php_openssl_store_errors();
+			php_error_docref(NULL, E_WARNING, "Error setting serial number");
+			goto cleanup;
+		}
 	}
 
 	X509_set_subject_name(new_cert, X509_REQ_get_subject_name(csr));