diff --git a/pkgs/development/libraries/openssl/default.nix b/pkgs/development/libraries/openssl/default.nix
index 8b3454bf3f6bb..b36004df97a9d 100644
--- a/pkgs/development/libraries/openssl/default.nix
+++ b/pkgs/development/libraries/openssl/default.nix
@@ -245,6 +245,11 @@ let
 
       enableParallelBuilding = true;
 
+      doCheck = true;
+      preCheck = ''
+        patchShebangs util
+      '';
+
       postInstall =
         (
           if static then
@@ -367,12 +372,15 @@ in
     hash = "sha256-39135OobV/86bb3msL3D8x21rJnn/dTq+eH7tuwtuM4=";
 
     patches = [
+      # Support for NIX_SSL_CERT_FILE, motivation unclear:
+      # https://github.com/NixOS/nixpkgs/issues/385955
       ./3.0/nix-ssl-cert-file.patch
 
       # openssl will only compile in KTLS if the current kernel supports it.
       # This patch disables build-time detection.
       ./3.0/openssl-disable-kernel-detection.patch
 
+      # Look up SSL certificates in /etc rather than the immutable installation directory
       (
         if stdenv.hostPlatform.isDarwin then ./use-etc-ssl-certs-darwin.patch else ./use-etc-ssl-certs.patch
       )
@@ -390,12 +398,15 @@ in
     hash = "sha256-UpBDsVz/pfNgd6TQr4Pz3jmYBxgdYHRB1zQZbYibZB8=";
 
     patches = [
+      # Support for NIX_SSL_CERT_FILE, motivation unclear:
+      # https://github.com/NixOS/nixpkgs/issues/385955
       ./3.0/nix-ssl-cert-file.patch
 
       # openssl will only compile in KTLS if the current kernel supports it.
       # This patch disables build-time detection.
       ./3.0/openssl-disable-kernel-detection.patch
 
+      # Look up SSL certificates in /etc rather than the immutable installation directory
       (
         if stdenv.hostPlatform.isDarwin then
           ./3.5/use-etc-ssl-certs-darwin.patch