The return value of openssl_verify is not properly validated, which allows to bypass the cryptographic check.
openssl_verify