Refuse to use OpenSSL 3.0.4 due to potential RCE.

OpenSSL has a potential RCE in its RSA implementation (CVE-2022-2274) so refuse to use that specific version.
2022-07-12 12:54:49 +10:00 · 2022-07-12 12:54:49 +10:00 · d9eaea4bea
parent fb2f3a61bf
commit d9eaea4bea
1 changed files with 1 additions and 0 deletions
--- a/configure.ac
+++ b/configure.ac
@ -2796,6 +2796,7 @@ if test "x$openssl" = "xyes" ; then
 				;;
 			101*)   ;; # 1.1.x
 			200*)   ;; # LibreSSL
+			3000004*) AC_MSG_ERROR([OpenSSL 3.0.4 has a potential RCE in its RSA implementation (CVE-2022-2274)]) ;;
 			300*)
 				# OpenSSL 3; we use the 1.1x API
 				CPPFLAGS="$CPPFLAGS -DOPENSSL_API_COMPAT=0x10100000L"