So, Rocky 8 has been solid, but I just received a bug report at cacti.net that the function is failing on Rocky 9. So, I was able to reproduce, and so switched from the built in PHP to the REMI based PHP 8.1.11, and the openssl_verify() fails there too. I took the same PHP 8.1.11 to CentOS7 and Rocky8, and they both worked flawlessly.
I’m not sure why the openssl_verify() is failing. The default algorithm for signing/verifying in PHP is OPENSSL_ALGO_SHA1. I wonder if this has something to do with it. Please advise.
Like RHEL 9, all derivatives will have sha1 deprecated. As you may have noticed, setting DEFAULT:SHA1 or LEGACY with update-crypto-policies will get around it, but in my opinion, this should be a last resort.