Refuse to use OpenSSL 3.0.4 due to potential RCE.

OpenSSL has a potential RCE in its RSA implementation (CVE-2022-2274)
so refuse to use that specific version.

diff --git a/configure.ac b/configure.ac
index a0ff6f0b3cbebb060e55251654fea97e20b106e5..6ebdd06a2e19e7f897efdb7f673aec74589195b5 100644 (file)
--- a/configure.ac
+++ b/configure.ac
@@ -2796,6 +2796,7 @@ if test "x$openssl" = "xyes" ; then
                                ;;
                        101*)   ;; # 1.1.x
                        200*)   ;; # LibreSSL
+                       3000004*) AC_MSG_ERROR([OpenSSL 3.0.4 has a potential RCE in its RSA implementation (CVE-2022-2274)]) ;;
                        300*)
                                # OpenSSL 3; we use the 1.1x API
                                CPPFLAGS="$CPPFLAGS -DOPENSSL_API_COMPAT=0x10100000L"