From d9eaea4bea6271bcee6a2b9428f1271faf2d033b Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Tue, 12 Jul 2022 12:54:49 +1000 Subject: [PATCH] Refuse to use OpenSSL 3.0.4 due to potential RCE. OpenSSL has a potential RCE in its RSA implementation (CVE-2022-2274) so refuse to use that specific version. --- configure.ac | 1 + 1 file changed, 1 insertion(+) diff --git a/configure.ac b/configure.ac index a0ff6f0b3..6ebdd06a2 100644 --- a/configure.ac +++ b/configure.ac @@ -2796,6 +2796,7 @@ if test "x$openssl" = "xyes" ; then ;; 101*) ;; # 1.1.x 200*) ;; # LibreSSL + 3000004*) AC_MSG_ERROR([OpenSSL 3.0.4 has a potential RCE in its RSA implementation (CVE-2022-2274)]) ;; 300*) # OpenSSL 3; we use the 1.1x API CPPFLAGS="$CPPFLAGS -DOPENSSL_API_COMPAT=0x10100000L"