From 4bc5de33fe874217940c7efd39a6180e55e3e567 Mon Sep 17 00:00:00 2001
From: Niels Dossche <7771979+ndossche@users.noreply.github.com>
Date: Sat, 24 Jan 2026 19:15:10 +0100
Subject: [PATCH] Fix error check on X509_set_subject_name()

This call can fail but this is not checked. The other setter call is
checked however.
---
 ext/openssl/openssl.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c
index 12383ac8c2c8..d2ab98fc48e8 100644
--- a/ext/openssl/openssl.c
+++ b/ext/openssl/openssl.c
@@ -3367,7 +3367,10 @@ PHP_FUNCTION(openssl_csr_sign)
 		PHP_OPENSSL_ASN1_INTEGER_set(X509_get_serialNumber(new_cert), serial);
 	}
 
-	X509_set_subject_name(new_cert, X509_REQ_get_subject_name(csr));
+	if (!X509_set_subject_name(new_cert, X509_REQ_get_subject_name(csr))) {
+		php_openssl_store_errors();
+		goto cleanup;
+	}
 
 	if (cert == NULL) {
 		cert = new_cert;