Apple FINALLY fixes OS X ‘goto fail’ SSL bug that threw fans to the wolves

The following code has two goto fail; statements, meaning if the first isn’t executed, the second one surely will. A crucial cryptographic signature check is skipped over, allowing the server to offer a public certificate of, say, google.com, and claim to be that site, while not possessing the corresponding private key to prove it.

if ((err = SSLHashSHA1.update(&hashCtx, &signedParams)) != 0)
goto fail;
goto fail;

i told you to put the curly braces in even if there is only one statement in the block now didn’t i? if you had you woulda spotted that…