The critical flaw that existed in iOS and OSX for a year and a half is remarkable for its subtlety, short-circuiting a critical facet of certificate validation because of one repeated line.
The indentation was a lie. The indentation pretends that the scope of the two statements are bound to the “enclosing” condition, but of course only the first is.
My daily driver languages are C++, C, C#, and Go, and I love using them, but this mismatch between code indentation and code meaning is a gripe (though note that Go demands braces. Line fall-thru is removed as a source of errors). I am a heavy user of auto-formatters (in addition to static code checks) for exactly this reason.
Had this code been forced through a formatter the indented second goto would have been made obvious. Just as it should have been obvious by static code checks (particularly in security code).
It is simply incredible that this went seemingly unnoticed (albeit probably not by those with malicious intent) for so long.