From 76f4e48631d7b09fb243b47d7b393d100d3741b7 Mon Sep 17 00:00:00 2001
From: Darren Tucker <dtucker@dtucker.net>
Date: Wed, 13 Jul 2022 13:17:47 +1000
Subject: Only refuse to use OpenSSL 3.0.4 on x86_64.

The potential RCE only impacts x86_64, so only refuse to use it if we're
targetting a potentially impacted architecture.  ok djm@
---
 configure.ac | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

(limited to 'configure.ac')

diff --git a/configure.ac b/configure.ac
index 6ebdd06a..0c6a57eb 100644
--- a/configure.ac
+++ b/configure.ac
@@ -2796,7 +2796,6 @@ if test "x$openssl" = "xyes" ; then
 				;;
 			101*)   ;; # 1.1.x
 			200*)   ;; # LibreSSL
-			3000004*) AC_MSG_ERROR([OpenSSL 3.0.4 has a potential RCE in its RSA implementation (CVE-2022-2274)]) ;;
 			300*)
 				# OpenSSL 3; we use the 1.1x API
 				CPPFLAGS="$CPPFLAGS -DOPENSSL_API_COMPAT=0x10100000L"
@@ -2820,6 +2819,15 @@ if test "x$openssl" = "xyes" ; then
 		]
 	)
 
+	case "$host" in
+	x86_64-*)
+		case "$ssl_library_ver" in
+		3000004*)
+			AC_MSG_ERROR([OpenSSL 3.0.4 has a potential RCE in its RSA implementation (CVE-2022-2274)])
+			;;
+		esac
+	esac
+
 	# Sanity check OpenSSL headers
 	AC_MSG_CHECKING([whether OpenSSL's headers match the library])
 	AC_RUN_IFELSE(
-- 
cgit v1.2.1