Re: [HTCondor-users] Problems with OpenSSL 3.5.1

Mailing List Archives Authenticated access	UW Madison Computer Sciences Department Computer Systems Lab

[EXTERNAL] â This message is from an external sender

Slight changes to the first versions with this fix.

23.0.24, 23.10.24, 24.0.7, 24.7.3

...Tim

On 11/12/25 16:42, Jaime Frey via HTCondor-users wrote:

What version of HTCondor are you running (both on the AP and EP)? We fixed a similar-sounding problem earlier this year: https://opensciencegrid.atlassian.net/browse/HTCONDOR-2904

The fix went into these versions:

23.0.23

23.10.23

24.0.7

24.7.0

- Jaime

On Nov 12, 2025, at 8:43âAM, Matthias Schnepf <matthias.schnepf@xxxxxxx> wrote:

Hi all,

We updated openssl via autoupdates this morning to version 3.5.1 on RHEL9. Since then, no new jobs have started. In the ShadowLog on the CE we found a problem with openssl 3.5.1.

From our ShadowLog

11/12/25 10:57:11 (pid:522121) (D_ALWAYS) (1121027.0) (522111): Delegation error: C067501B957F0000:error:05800091:x509 certificate routines:X509_REQ_verify_ex:unsupported version:crypto/x509/x_all.c:47:

11/12/25 10:57:11 (pid:522121) (D_ALWAYS) (1121027.0) (522111): Delegation error:
11/12/25 10:57:11 (pid:522121) (D_ALWAYS) (1121027.0) (522111): ReliSock::put_x509_delegation(): delegation failed: X509Credential::Delegate() failed
11/12/25 10:57:11 (pid:522121) (D_ALWAYS) (1121027.0) (522111): Transfer exit info: Success = False | Error[13.0] = '|Error: sending file /var/lib/condor-ce/spool/4393/29/cluster554393.proc29.subproc0/tmp7ght7u55' | Ack = DOWNLOAD | Line = 5580 | Files
= 0 | Retry = True
11/12/25 10:57:11 (pid:522121) (D_ALWAYS) (1121027.0) (522111): DoUpload: SHADOW at 2a00:139c:a:a:86d2:5ee9:4b76:3e82 failed to send file(s) to <[2a00:139c:9:8::b0]:43045>: |Error: sending file /var/lib/condor-ce/spool/4393/29/cluster554393.proc29.subpr
oc0/tmp7ght7u55; STARTER at 2a00:139c:9:8::b0 - |Error: receiving file /tmp/condor_execute/dir_881536/tmp7ght7u55
11/12/25 10:57:11 (pid:522111) (D_ALWAYS) (1121027.0) (522111): File transfer failed (status=0).

Therefore, the proxy delegation does not work, and the proxy file cannot be copied to the WN. I found an issue with openssl that produces the same error message [1]. I'm not sure if this is a new behavior or a bug in the new openssl version. A downgrade to openssl 3.2.2 fixed the problem for us. Our CEs on RHEL8 are not affected since the new openssl version is not available there by default.

Regards,

Matthias

[1] https://github.com/openssl/openssl/issues/28761

_______________________________________________
HTCondor-users mailing list
To unsubscribe, send a message to htcondor-users-request@xxxxxxxxxxx with a
subject: Unsubscribe

The archives can be found at: https://www-auth.cs.wisc.edu/lists/htcondor-users/
_______________________________________________
HTCondor-users mailing list
To unsubscribe, send a message to htcondor-users-request@xxxxxxxxxxx with a
subject: Unsubscribe

The archives can be found at: https://www-auth.cs.wisc.edu/lists/htcondor-users/ 

-- 
Tim Theisen (he, him, his)
Release Manager
Center for High Throughput Computing
University of Wisconsin - Madison
3695 Morgridge Hall
1205 University Ave
Madison, WI 53706

Mailing List Archives

Authenticated access

Re: [HTCondor-users] Problems with OpenSSL 3.5.1