Strange problem: openssl verify not working on Proxmox VM, works on a bare metal system

Shawn Heisey openssl at
Sat Sep 3 18:26:12 UTC 2022

On 9/2/22 21:42, Shawn Heisey via openssl-users wrote:
> Other bare metal systems and their results with the same PEM file:
> Verifies on Proxmox (the one running the VM) with openssl 1.1.1n
> Verifies on Ubuntu 22.04 with openssl 3.0.2
> Fails on CentOS 7.5.1804 with openssl 1.0.2k-fips

Additional tests done with an identical PEM file and the results:

Passed on Ubuntu Server 22.04 VM, openssl 3.0.2, installed on the same 
proxmox host as the Alma VM that fails.
Passed on Ubuntu 22.04 desktop bare metal, openssl 3.0.2
Failed on Centos 7 VM running in qemu on that Ubuntu desktop, openssl 
Failed on Fedora35 VM running in qemu on that Ubuntu desktop, openssl 1.1.1q
Passed on Ubuntu Server 22.04 bare metal, using quictls openssl version 

Looks like there is something about RPM-based distros that breaks part 
of openssl.

One other bit of info.  I ran another test on the Alma VM where I 
compiled the master branch of to 
/usr/local/ossl3 and used that to try the verify. This is the failure 

[root at certs ~]# /usr/local/bin/ossl verify -CAfile 
C=US, O=Let's Encrypt, CN=R3
error 2 at 1 depth lookup: unable to get issuer certificate
error /etc/ssl/certs/local/DOMAIN.wildcards.pem: verification failed
[root at certs ~]# /usr/local/bin/ossl version
OpenSSL 3.1.0-dev  (Library: OpenSSL 3.1.0-dev )



More information about the openssl-users mailing list