Re: Strange problem: openssl verify not working on Proxmox VM, works on a bare metal system

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 9/2/22 21:42, Shawn Heisey via openssl-users wrote:
Other bare metal systems and their results with the same PEM file:

Verifies on Proxmox (the one running the VM) with openssl 1.1.1n
Verifies on Ubuntu 22.04 with openssl 3.0.2
Fails on CentOS 7.5.1804 with openssl 1.0.2k-fips

Additional tests done with an identical PEM file and the results:

Passed on Ubuntu Server 22.04 VM, openssl 3.0.2, installed on the same proxmox host as the Alma VM that fails.
Passed on Ubuntu 22.04 desktop bare metal, openssl 3.0.2
Failed on Centos 7 VM running in qemu on that Ubuntu desktop, openssl 1.0.2k-fips
Failed on Fedora35 VM running in qemu on that Ubuntu desktop, openssl 1.1.1q
Passed on Ubuntu Server 22.04 bare metal, using quictls openssl version 3.0.5+quic

Looks like there is something about RPM-based distros that breaks part of openssl.

One other bit of info.  I ran another test on the Alma VM where I compiled the master branch of https://github.com/openssl/openssl to /usr/local/ossl3 and used that to try the verify. This is the failure output:

[root@certs ~]# /usr/local/bin/ossl verify -CAfile /etc/ssl/certs/local/DOMAIN.wildcards.pem /etc/ssl/certs/local/DOMAIN.wildcards.pem
C=US, O=Let's Encrypt, CN=R3
error 2 at 1 depth lookup: unable to get issuer certificate
error /etc/ssl/certs/local/DOMAIN.wildcards.pem: verification failed
[root@certs ~]# /usr/local/bin/ossl version
OpenSSL 3.1.0-dev  (Library: OpenSSL 3.1.0-dev )


Thoughts?

Thanks,
Shawn





[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux