Security details in Swift Crypto

OpenSSL published a security update today addressing CVE-2020-1971, a null pointer dereference in the X.509 library. As BoringSSL has not changed the X.509 implementation since the fork from OpenSSL, this issue does affect BoringSSL.

Happily, the issue does not affect Swift Crypto in any release. This issue occurs only when using CRLs to validate X.509 certificates. Swift Crypto does not provide any functionality regarding X.509, so it is not subject to this issue. As a result there is no security impact to Swift Crypto.

3 Likes
Terms of Service

Privacy Policy

Cookie Policy