Php 8.0.13 openssl_verify() fails on Rocky 9

So, Rocky 8 has been solid, but I just received a bug report at that the function is failing on Rocky 9. So, I was able to reproduce, and so switched from the built in PHP to the REMI based PHP 8.1.11, and the openssl_verify() fails there too. I took the same PHP 8.1.11 to CentOS7 and Rocky8, and they both worked flawlessly.

I’m not sure why the openssl_verify() is failing. The default algorithm for signing/verifying in PHP is OPENSSL_ALGO_SHA1. I wonder if this has something to do with it. Please advise.


I think this has something to do with it. Can you guy’s confirm?

Like RHEL 9, all derivatives will have sha1 deprecated. As you may have noticed, setting DEFAULT:SHA1 or LEGACY with update-crypto-policies will get around it, but in my opinion, this should be a last resort.

Yes, but how? Was this some php code e.g. connecting to something and why was it using SHA1?

All of our packages were signed using the default. Moving forward we will sign SHA256.