Mailing List Archives

Authenticated access

 		[Computer Systems Lab]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [HTCondor-users] Problems with OpenSSL 3.5.1

Hi Jaime,

Thanks for the information. On the CE/AP we run condor25 on the EP we run 24.0.6. Therefore your fix is not included. We will do an update the next days. If the problem still exists with the new version I write again. However, I think that should be solved with that.

Best regards,

Matthias

On 11/12/25 11:42 PM, Jaime Frey via HTCondor-users wrote:
What version of HTCondor are you running (both on the AP and EP)? We fixed a similar-sounding problem earlier this year:Âhttps://opensciencegrid.atlassian.net/browse/HTCONDOR-2904

The fix went into these versions:
23.0.23
23.10.23
24.0.7
24.7.0

Â- Jaime

On Nov 12, 2025, at 8:43âAM, Matthias Schnepf <matthias.schnepf@xxxxxxx> wrote:

Hi all,

We updated openssl via autoupdates this morning to version 3.5.1 on RHEL9. Since then, no new jobs have started. In the ShadowLog on the CE we found a problem with openssl 3.5.1.

From our ShadowLog

11/12/25 10:57:11 (pid:522121) (D_ALWAYS) (1121027.0) (522111): Delegation error: C067501B957F0000:error:05800091:x509 certificate routines:X509_REQ_verify_ex:unsupported version:crypto/x509/x_all.c:47:

11/12/25 10:57:11 (pid:522121) (D_ALWAYS) (1121027.0) (522111): Delegation error:
11/12/25 10:57:11 (pid:522121) (D_ALWAYS) (1121027.0) (522111): ReliSock::put_x509_delegation(): delegation failed: X509Credential::Delegate() failed
11/12/25 10:57:11 (pid:522121) (D_ALWAYS) (1121027.0) (522111): Transfer exit info: Success = False | Error[13.0] = '|Error: sending file /var/lib/condor-ce/spool/4393/29/cluster554393.proc29.subproc0/tmp7ght7u55' | Ack = DOWNLOAD | Line = 5580 | Files
= 0 | Retry = True
11/12/25 10:57:11 (pid:522121) (D_ALWAYS) (1121027.0) (522111): DoUpload: SHADOW at 2a00:139c:a:a:86d2:5ee9:4b76:3e82 failed to send file(s) to <[2a00:139c:9:8::b0]:43045>: |Error: sending file /var/lib/condor-ce/spool/4393/29/cluster554393.proc29.subpr
oc0/tmp7ght7u55; STARTER at 2a00:139c:9:8::b0 - |Error: receiving file /tmp/condor_execute/dir_881536/tmp7ght7u55
11/12/25 10:57:11 (pid:522111) (D_ALWAYS) (1121027.0) (522111): File transfer failed (status=0).

Therefore, the proxy delegation does not work, and the proxy file cannot be copied to the WN. I found an issue with openssl that produces the same error message [1]. I'm not sure if this is a new behavior or a bug in the new openssl version. A downgrade to openssl 3.2.2 fixed the problem for us. Our CEs on RHEL8 are not affected since the new openssl version is not available there by default.

Regards,

Matthias

[1] https://github.com/openssl/openssl/issues/28761

_______________________________________________
HTCondor-users mailing list
To unsubscribe, send a message to htcondor-users-request@xxxxxxxxxxx with a
subject: Unsubscribe

The archives can be found at: https://www-auth.cs.wisc.edu/lists/htcondor-users/ 


_______________________________________________
HTCondor-users mailing list
To unsubscribe, send a message to htcondor-users-request@xxxxxxxxxxx with a
subject: Unsubscribe

The archives can be found at: https://www-auth.cs.wisc.edu/lists/htcondor-users/