Conspiracy theories aside, every programmer has probably made that mistake. The better ones learn to just avoid if statements without blocks ;)
But one thing that pisses me off is that they go and implement SSL and don't have any automated tests for it!!
For a company of Apple's size, that can only be called grossly negligent. There is no excuse. And they probably don't have any automated testing for most of their other code either.
What I would expect is that SSL code is tested with all the different of ways of spoofing a certificate. And that in an automated manner, on every build.
My sentiments exactly. For them to have a piece of code that returns OK/notOK, in SSL of all things, and not have tests for both branches is inexcusable.
Not only is this code untested, obviously, but the calling code (which should have two branches based on the result of this call) must be untested too. Bleagh!
It's not a mistake, though. The second goto line was added separately.
I could see if they were copying & pasting goto statements all over the place, and happened to paste it twice by accident. But that's how it occurred. The second one was added in a separate commit.
Of all the comments, I think yours is most to the point:
we cannot rely on developers not making mistakes, but some kind of processes (tools, QA testing) should have caught an error like this one.
But one thing that pisses me off is that they go and implement SSL and don't have any automated tests for it!!
For a company of Apple's size, that can only be called grossly negligent. There is no excuse. And they probably don't have any automated testing for most of their other code either.
What I would expect is that SSL code is tested with all the different of ways of spoofing a certificate. And that in an automated manner, on every build.