Comment 11 for bug 1626883

Thanks @ollisa.

I had the same thoughts about 1.0.1f-1ubuntu2 so I found a downloadable build at https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu2.19. Installing just the ubuntu2.19 version of libssl1.0.0 solved the issue;

wget https://launchpad.net/~ubuntu-security/+archive/ubuntu/ppa/+build/9679884/+files/libssl1.0.0_1.0.1f-1ubuntu2.19_amd64.deb
dpkg -i libssl1.0.0_1.0.1f-1ubuntu2.19_amd64.deb

Now the certs can be parsed without segfault;
# php -r "echo gettype(openssl_x509_parse(file_get_contents('/etc/ssl/certs/ca-certificates.crt')));"
array

A good idea would be to put the package on hold to prevent further automatic upgrades. Though you'd then need to manually verify and unhold when a fix is out

# apt-mark hold libssl1.0.0
libssl1.0.0 set on hold.