The OpenSSL project has recently announced a vulnerability in their certificate parsing code for OpenSSL 3.x which can cause denial of service or code execution on affected processes: /news/vulnerabilities.html
We have had a couple of enquiries regarding how Certify The Web might be affected. Certify The Web does not currently use the OpenSSL libraries for any functionality and is not affected by this vulnerability.
Like many .net based applications, Certify The Web makes use of the built in certificate parsing tools available in the .net framework which in parts rely on operating system components and on Windows these are not based on OpenSSL. We also use the .net version of the BouncyCastle library, which in turns also does not use OpenSSL.