From d9eaea4bea6271bcee6a2b9428f1271faf2d033b Mon Sep 17 00:00:00 2001
From: Darren Tucker <dtucker@dtucker.net>
Date: Tue, 12 Jul 2022 12:54:49 +1000
Subject: Refuse to use OpenSSL 3.0.4 due to potential RCE.

OpenSSL has a potential RCE in its RSA implementation (CVE-2022-2274)
so refuse to use that specific version.
---
 configure.ac | 1 +
 1 file changed, 1 insertion(+)

(limited to 'configure.ac')

diff --git a/configure.ac b/configure.ac
index a0ff6f0b..6ebdd06a 100644
--- a/configure.ac
+++ b/configure.ac
@@ -2796,6 +2796,7 @@ if test "x$openssl" = "xyes" ; then
 				;;
 			101*)   ;; # 1.1.x
 			200*)   ;; # LibreSSL
+			3000004*) AC_MSG_ERROR([OpenSSL 3.0.4 has a potential RCE in its RSA implementation (CVE-2022-2274)]) ;;
 			300*)
 				# OpenSSL 3; we use the 1.1x API
 				CPPFLAGS="$CPPFLAGS -DOPENSSL_API_COMPAT=0x10100000L"
-- 
cgit v1.2.1