Hi Jakub, While working on the OpenSSL 1.1 integration, I've stumbled over this issue with the sni server test ext/openssl/tests/sni_server.phpt which fails with
error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed I debugged through it and in the end it turns out, that likely the test CA might be not compatible with the latest OpenSSL, at least with the vanilla build with the default options. I use the default OpenSSL build with static engines, as usual. It excludes quite some weak functionality, so I guess we've no actual bug. Please also see the checks I made with the console tool C:\php-sdk\php71\vc14\x64\php-src $ openssl version OpenSSL 1.0.2k 26 Jan 2017 C:\php-sdk\php71\vc14\x64\php-src $ openssl.exe verify -CAfile ext\openssl\tests\sni_server_ca.pem ext\openssl\tests\sni_server_domain1.pem ext\openssl\tests\sni_server_domain1.pem: OK On master with OpenSSL 1.1 however, seems the CA is invalid C:\php-sdk\phpmaster\vc15\x64\php-src $ openssl version OpenSSL 1.1.0e 16 Feb 2017 C:\php-sdk\phpmaster\vc15\x64\php-src $ openssl verify -CAfile ext\openssl\tests\sni_server_ca.pem ext\openssl\tests\sni_server_domain1.pem C = US, ST = SC, L = Myrtle Beach, O = php.tests subordinate, CN = php.tests.subordinate error 24 at 1 depth lookup: invalid CA certificate error ext\openssl\tests\sni_server_domain1.pem: verification failed As mentioned, there's likely no bug, but I think it were not bad to double check this test. A fix to it could be to just produce another keys and CA with stronger dependency. I currently added a skip to the aforementioned test in master, mainly as I'm about to switch AppVeyor to newer deps and vc15 and the test were producing the fails all the time. Also not sure, which OpenSSL version Travis runs currently, but I had this test failing on Linux with the vanilla OpenSSL 1.1 build as well. Thanks Anatol
