diff options
author | Darren Tucker <dtucker@dtucker.net> | 2022-07-13 13:17:47 +1000 |
---|---|---|
committer | Darren Tucker <dtucker@dtucker.net> | 2022-07-13 13:17:47 +1000 |
commit | 76f4e48631d7b09fb243b47d7b393d100d3741b7 (patch) | |
tree | 55d488c1e7fc3ea317257c04a5944330cfe5e24b /configure.ac | |
parent | e75bbc1d88491fa85e61b2cc8783d4bbd00cd131 (diff) | |
download | openssh-git-76f4e48631d7b09fb243b47d7b393d100d3741b7.tar.gz |
Only refuse to use OpenSSL 3.0.4 on x86_64.
The potential RCE only impacts x86_64, so only refuse to use it if we're
targetting a potentially impacted architecture. ok djm@
Diffstat (limited to 'configure.ac')
-rw-r--r-- | configure.ac | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/configure.ac b/configure.ac index 6ebdd06a..0c6a57eb 100644 --- a/configure.ac +++ b/configure.ac @@ -2796,7 +2796,6 @@ if test "x$openssl" = "xyes" ; then ;; 101*) ;; # 1.1.x 200*) ;; # LibreSSL - 3000004*) AC_MSG_ERROR([OpenSSL 3.0.4 has a potential RCE in its RSA implementation (CVE-2022-2274)]) ;; 300*) # OpenSSL 3; we use the 1.1x API CPPFLAGS="$CPPFLAGS -DOPENSSL_API_COMPAT=0x10100000L" @@ -2820,6 +2819,15 @@ if test "x$openssl" = "xyes" ; then ] ) + case "$host" in + x86_64-*) + case "$ssl_library_ver" in + 3000004*) + AC_MSG_ERROR([OpenSSL 3.0.4 has a potential RCE in its RSA implementation (CVE-2022-2274)]) + ;; + esac + esac + # Sanity check OpenSSL headers AC_MSG_CHECKING([whether OpenSSL's headers match the library]) AC_RUN_IFELSE( |