...
CVE-2014-1266 results from a violation of this rule. There is a spurious "goto fail" statement on line 631 of sslKeyExchange.c. This "goto" statement gets executed unconditionally, even though it is indented as if it were part of the preceding "if" statement. As a result, the call to sslRawVerify to sslRawVerify() (which performs would perform the actual signature verification) is rendered becomes dead code. [ImperialViolet 2014]
...