/etc/ssl/openssl.cnf doesn't contain alg_section, but it includes /etc/crypto-policies/back-ends/opensslcnf.config

...
[ ssl_module ]

system_default = crypto_policy

[ crypto_policy ]

.include = /etc/crypto-policies/back-ends/opensslcnf.config
...

bash-5.2# cat /etc/crypto-policies/back-ends/opensslcnf.config                   
CipherString = @SECLEVEL=2:kEECDH:kRSA:kEDH:kPSK:kDHEPSK:kECDHEPSK:kRSAPSK:-aDSS:-3DES:!DES:!RC4:!RC2:!IDEA:-SEED:!eNULL:!aNULL:!MD5:-SHA384:-CAMELLIA:-ARIA:-AESCCM8
Ciphersuites = TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:TLS_AES_128_CCM_SHA256
TLS.MinProtocol = TLSv1.2
TLS.MaxProtocol = TLSv1.3
DTLS.MinProtocol = DTLSv1.2
DTLS.MaxProtocol = DTLSv1.2
SignatureAlgorithms = ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:rsa_pss_rsae_sha256:rsa_pss_rsae_sha384:rsa_pss_rsae_sha512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224

[openssl_init]
alg_section = evp_properties

[evp_properties]
rh-allow-sha1-signatures = yes

rh-allow-sha1-signatures = yes

This is the problem. Whatever that line is, OpenSSL doesn't recognise it and hence the failure. My guess is this is supposed to be for some patched version of OpenSSL which you are not running?

It seems that line is due to a RedHat specific patch:

https://gitlab.com/redhat/centos-stream/rpms/openssl/-/blob/c9s/0049-Selectively-disallow-SHA1-signatures.patch

But in your setup you seem to be using a non-RedHat version of OpenSSL but you're still picking up the config file for the RedHat OpenSSL. Since it doesn't recognise the option, it is failing.

Is patching my OpenSSL to allow unknown options a bad idea? I want to be able to produce .so/.dll/.dylib with static OpenSSL inside that can be dynamically loaded into application that already might be using different OpenSSL version.

I would strongly recommend against that. One option is to explicitly cause the config file to be loaded up front via OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, NULL);. Then just clear any errors and ignore them (ERR_clear_error();). Once loaded it won't run again.

If I understood correctly, with OPENSSL_init_crypto it would stop on first error? So things that might load will depend on the order?
https://github.com/openssl/openssl/blob/1c078212f1548d7f647a1f0f12ed6df257c85cc3/crypto/evp/evp_cnf.c#L63C13-L63C22

Yes that is true. Unfortunately I can't really think of a way to avoid that. Really the problem is picking up a version of the config file not intended for your version of OpenSSL. The system config file is designed to work with the system OpenSSL - which you are not using. So, either you have to use a different config file, or ignore the errors I think. Suppressing the config file loading altogether is also an option.

I'm getting OpenSSL through conan. It doesn't seem to be applying any patches for 3.0.12.
https://github.com/conan-io/conan-center-index/blob/master/recipes/openssl/3.x.x/conandata.yml

Which will ignore the specific redhat configuration - AND also any other config errors

Right - this is the main drawback with that approach. You will remain completely unaware of any other problems that might occur in the config file. But as a workaround to just get it working it seems ok.

Worked for me
thanks