diff --git a/NEWS b/NEWS
index a084d35a81d..596d4d2bde1 100644
--- a/NEWS
+++ b/NEWS
@@ -36,6 +36,9 @@ PHP                                                                        NEWS
   . Fixed bug GH-20818 (Segfault in Tracing JIT with object reference).
     (khasinski)
 
+- OpenSSL:
+  . Fix memory leaks when sk_X509_new_null() fails. (ndossche)
+
 - Phar:
   . Fixed bug GH-20882 (buildFromIterator breaks with missing base directory).
     (ndossche)
diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c
index cb134e9154b..2526e5b4429 100644
--- a/ext/openssl/openssl.c
+++ b/ext/openssl/openssl.c
@@ -2616,6 +2616,9 @@ PHP_FUNCTION(openssl_pkcs7_encrypt)
 	}
 
 	recipcerts = sk_X509_new_null();
+	if (recipcerts == NULL) {
+		goto clean_exit;
+	}
 
 	/* get certs */
 	if (Z_TYPE_P(zrecipcerts) == IS_ARRAY) {
@@ -3230,6 +3233,9 @@ PHP_FUNCTION(openssl_cms_encrypt)
 	}
 
 	recipcerts = sk_X509_new_null();
+	if (recipcerts == NULL) {
+		goto clean_exit;
+	}
 
 	/* get certs */
 	if (Z_TYPE_P(zrecipcerts) == IS_ARRAY) {
diff --git a/ext/openssl/openssl_backend_common.c b/ext/openssl/openssl_backend_common.c
index c21e64a1306..33ffa55e489 100644
--- a/ext/openssl/openssl_backend_common.c
+++ b/ext/openssl/openssl_backend_common.c
@@ -864,6 +864,9 @@ STACK_OF(X509) *php_openssl_array_to_X509_sk(zval * zcerts, uint32_t arg_num, co
 	bool free_cert;
 
 	sk = sk_X509_new_null();
+	if (sk == NULL) {
+		goto clean_exit;
+	}
 
 	/* get certs */
 	if (Z_TYPE_P(zcerts) == IS_ARRAY) {