Description
Some PHP unit tests for the OpenSSL extension fail:
- bug74796
- sni_server
- sni_server_key_cert
This is likely due to the fact, that some test certificates they use are expired since Apr 2 2026:
- ext/openssl/tests/sni_server_cs_cert.pem (and concatenated ext/openssl/tests/sni_server_cs.pem)
- ext/openssl/tests/sni_server_uk_cert.pem (and concatenated ext/openssl/tests/sni_server_uk.pem)
- ext/openssl/tests/sni_server_us_cert.pem (and concatenated ext/openssl/tests/sni_server_us.pem)
They have been added 8 years ago in fe2ac52.
You might want to also renew certificates, that expire later this year or next year:
The following certificates expired long ago, so it is probably not important or even unwanted to renew them:
ext/openssl/tests/74651.pem
ext/openssl/tests/cve2013_4073.pem
Build and test were done using OpenSSL 3.5.5, but the result should not be depending oon the OpenSSL version.
Detailed test log:
---- EXPECTED OUTPUT
string(19) "Hello from server 0"
NULL
string(19) "Hello from server 1"
NULL
string(19) "Hello from server 2"
NULL
cs.php.net
uk.php.net
us.php.net
---- ACTUAL OUTPUT
Warning: file_get_contents(): SSL operation failed with code 1. OpenSSL Error messages:
error:0A000086:SSL routines::certificate verify failed in /.../ext/openssl/tests/ServerClientTestCase.inc(191) : eval()'d code on line 15
---- FAILED
sni_server.log and sni_server_key_cert.log (same content except for port number):
---- EXPECTED OUTPUT
string(%d) "cs.php.net"
string(%d) "uk.php.net"
string(%d) "us.php.net"
---- ACTUAL OUTPUT
Warning: stream_socket_client(): SSL operation failed with code 1. OpenSSL Error messages:
error:0A000086:SSL routines::certificate verify failed in /.../ext/openssl/tests/ServerClientTestCase.inc(191) : eval()'d code on line 9
Warning: stream_socket_client(): Failed to enable crypto in /.../ext/openssl/tests/ServerClientTestCase.inc(191) : eval()'d code on line 9
Warning: stream_socket_client(): Unable to connect to tls://127.0.0.1:34289 (Unknown error) in /.../ext/openssl/tests/ServerClientTestCase.inc(191) : eval()'d code on line 9
Warning: Undefined array key "peer_certificate" in /.../ext/openssl/tests/ServerClientTestCase.inc(191) : eval()'d code on line 10
Deprecated: openssl_x509_parse(): Passing null to parameter #1 ($certificate) of type OpenSSLCertificate|string is deprecated in /.../ext/openssl/tests/ServerClientTestCase.inc(191) : eval()'d code on line 11
Warning: Trying to access array offset on false in /.../ext/openssl/tests/ServerClientTestCase.inc(191) : eval()'d code on line 11
Warning: Trying to access array offset on null in /.../ext/openssl/tests/ServerClientTestCase.inc(191) : eval()'d code on line 11
NULL
Warning: Undefined array key "peer_certificate" in /.../ext/openssl/tests/ServerClientTestCase.inc(191) : eval()'d code on line 16
Deprecated: openssl_x509_parse(): Passing null to parameter #1 ($certificate) of type OpenSSLCertificate|string is deprecated in /.../ext/openssl/tests/ServerClientTestCase.inc(191) : eval()'d code on line 17
Warning: Trying to access array offset on false in /.../ext/openssl/tests/ServerClientTestCase.inc(191) : eval()'d code on line 17
Warning: Trying to access array offset on null in /.../ext/openssl/tests/ServerClientTestCase.inc(191) : eval()'d code on line 17
NULL
Warning: Undefined array key "peer_certificate" in /.../ext/openssl/tests/ServerClientTestCase.inc(191) : eval()'d code on line 22
Deprecated: openssl_x509_parse(): Passing null to parameter #1 ($certificate) of type OpenSSLCertificate|string is deprecated in /.../ext/openssl/tests/ServerClientTestCase.inc(191) : eval()'d code on line 23
Warning: Trying to access array offset on false in /.../ext/openssl/tests/ServerClientTestCase.inc(191) : eval()'d code on line 23
Warning: Trying to access array offset on null in /.../ext/openssl/tests/ServerClientTestCase.inc(191) : eval()'d code on line 23
NULL
---- FAILED
PHP Version
PHP 8.5.5 (cli) (built: Apr 8 2026 05:19:04) (NTS)
Copyright (c) The PHP Group
Zend Engine v4.5.5, Copyright (c) Zend Technologies
with Zend OPcache v8.5.5, Copyright (c), by Zend Technologies
Operating System
Linux RHEL 9+10
Description
Some PHP unit tests for the OpenSSL extension fail:
This is likely due to the fact, that some test certificates they use are expired since Apr 2 2026:
They have been added 8 years ago in fe2ac52.
You might want to also renew certificates, that expire later this year or next year:
expiration on Jul 23 2026
ext/ftp/tests/cert.pem
expiration on Nov 20 2027
ext/openssl/tests/sni_server_ca.pem
The following certificates expired long ago, so it is probably not important or even unwanted to renew them:
ext/openssl/tests/74651.pem
ext/openssl/tests/cve2013_4073.pem
Build and test were done using OpenSSL 3.5.5, but the result should not be depending oon the OpenSSL version.
Detailed test log:
sni_server.log and sni_server_key_cert.log (same content except for port number):
PHP Version
Operating System
Linux RHEL 9+10