Commit 4a16d22970b for php.net

commit 4a16d22970b0b717879e37ced9ed43ed54a09d6e
Author: Nora Dossche <7771979+ndossche@users.noreply.github.com>
Date:   Fri Apr 3 22:43:39 2026 +0200

    openssl: Fix error propagation in csr exports (#21403)

    If the print fails, then the write is still executed, resulting in a
    partial export without any way of the user knowing this happened.
    Fix this by only returning true if all writes succeed.

diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c
index f5869a8999d..22f25a48eed 100644
--- a/ext/openssl/openssl.c
+++ b/ext/openssl/openssl.c
@@ -3176,9 +3176,9 @@ PHP_FUNCTION(openssl_csr_export_to_file)
 	bio_out = BIO_new_file(file_path, PHP_OPENSSL_BIO_MODE_W(PKCS7_BINARY));
 	if (bio_out != NULL) {
 		if (!notext && !X509_REQ_print(bio_out, csr)) {
+			/* TODO: warn? */
 			php_openssl_store_errors();
-		}
-		if (!PEM_write_bio_X509_REQ(bio_out, csr)) {
+		} else if (!PEM_write_bio_X509_REQ(bio_out, csr)) {
 			php_error_docref(NULL, E_WARNING, "Error writing PEM to file %s", file_path);
 			php_openssl_store_errors();
 		} else {
@@ -3227,9 +3227,7 @@ PHP_FUNCTION(openssl_csr_export)
 	bio_out = BIO_new(BIO_s_mem());
 	if (!notext && !X509_REQ_print(bio_out, csr)) {
 		php_openssl_store_errors();
-	}
-
-	if (PEM_write_bio_X509_REQ(bio_out, csr)) {
+	} else if (PEM_write_bio_X509_REQ(bio_out, csr)) {
 		BUF_MEM *bio_buf;

 		BIO_get_mem_ptr(bio_out, &bio_buf);