Fix patch, use pure socket client directly

src/SPC/store/SourcePatcher.php

@@ -87,10 +87,11 @@ class SourcePatcher
         }
 
         // patch configure.ac
+        $musl = SPCTarget::getLibc() === 'musl';
         FileSystem::replaceFileStr(
             SOURCE_PATH . '/php-src/configure.ac',
             'if command -v ldd >/dev/null && ldd --version 2>&1 | grep ^musl >/dev/null 2>&1',
-            'if [ "$SPC_LIBC" = "musl" ];'
+            'if ' . ($musl ? 'true' : 'false')
         );
         if (getenv('SPC_LIBC') === false && ($libc = SPCTarget::getLibc()) !== null) {
             putenv("SPC_LIBC={$libc}");

src/globals/ext-tests/openssl.php

@@ -6,14 +6,25 @@ assert(function_exists('openssl_digest'));
 assert(openssl_digest('123456', 'md5') === 'e10adc3949ba59abbe56e057f20f883e');
 if (file_exists('/etc/ssl/openssl.cnf')) {
     $domain_list = [
-        'https://captive.apple.com/',
+        'captive.apple.com',
-        'https://detectportal.firefox.com/',
+        'detectportal.firefox.com',
-        'https://static-php.dev/',
+        'static-php.dev',
-        'https://www.example.com/',
+        'www.example.com',
     ];
     $valid = false;
     foreach ($domain_list as $domain) {
-        if (file_get_contents($domain) !== false) {
+        $ssloptions = [
+            'capture_peer_cert' => true,
+            'capture_peer_cert_chain' => true,
+            'allow_self_signed' => false,
+            'CN_match' => $domain,
+            'verify_peer' => true,
+            'SNI_enabled' => true,
+            'SNI_server_name' => $domain,
+        ];
+        $context = stream_context_create(['ssl' => $ssloptions]);
+        $result = stream_socket_client("ssl://{$domain}:443", $errno, $errstr, 30, STREAM_CLIENT_CONNECT, $context);
+        if ($result !== false) {
             $valid = true;
             break;
         }