From ef54becb3e11a6fb05cdcd79c2a712f87f90d4dc Mon Sep 17 00:00:00 2001
From: ndossche <niels.dossche@ugent.be>
Date: Tue, 20 Jan 2026 15:14:25 +0100
Subject: [PATCH] Fix missing error propagation when php_array_to_X509_sk()
 fails

Execution shouldn't continue if this fails because it can give the wrong
results.
---
 ext/openssl/openssl.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c
index 39bfe912fc4..65e4b7b56d3 100644
--- a/ext/openssl/openssl.c
+++ b/ext/openssl/openssl.c
@@ -2684,6 +2684,9 @@ PHP_FUNCTION(openssl_pkcs12_export_to_file)
 
 	if (args && (item = zend_hash_str_find(Z_ARRVAL_P(args), "extracerts", sizeof("extracerts")-1)) != NULL) {
 		ca = php_array_to_X509_sk(item, 5, "extracerts");
+		if (!ca) {
+			goto cleanup;
+		}
 	}
 	/* end parse extra config */
 
@@ -2777,6 +2780,9 @@ PHP_FUNCTION(openssl_pkcs12_export)
 
 	if (args && (item = zend_hash_str_find(Z_ARRVAL_P(args), "extracerts", sizeof("extracerts")-1)) != NULL) {
 		ca = php_array_to_X509_sk(item, 5, "extracerts");
+		if (!ca) {
+			goto cleanup;
+		}
 	}
 	/* end parse extra config */