Rebar3 TLS client error - {unexpected_error,{error,{"pkey.c",771}, "Can't EVP_PKEY_CTX_set_signature_md"}}

Hi, I’m trying to fetch dependencies from our gitlab instance with custom erlang package registry. That all worked until a week ago when i started to get following error on my rebar3 builds

TLS client: In state wait_cert_cr at ssl_handshake.erl:414 generated CLIENT ALERT: Fatal - Internal Error
 - {unexpected_error,{error,{"pkey.c",771},
                            "Can't EVP_PKEY_CTX_set_signature_md"}}

i’m building with:
fedora 42
rebar3 3.25
Erts 16.0.1

things that I have tried and didn’t help:

  • downgrading versions of rebar3 and/or erlang
  • changing gitlab token
  • clearing all caches and full reinstall of rebar3 and OTP

I’m also sure that my certs are fine. So i’m facing bit of a dead end and any help would be appreciated.

Thanks

1 Like

Check openssl version.
Since 3.0.1, by memory, sha1 signature is not anymore accepted even in non FIPS mode.

[EDIT]
Found this : Adding a config option in openssl.cnf to enable SHA-1 signature creation and verification · Issue #17662 · openssl/openssl · GitHub

1 Like