I wrote:
Mozilla (and no doubt some others that didn't get any publicity) did the same
thing, and I'm sure they didn't get asked to do that by customers.
Actually that's not right, I thought Mozilla (or at least some apps that used
the Mozilla/Gecko/NSS/whatever code base) were vulnerable because Konqueror
was vulnerable, but it turns out that this was Konqueror with khtml rather
than with kmozilla, with OpenSSL supplying the crypto. Apologies for the
mixup.
Before this gets read as "OpenSSL is vulnerable", that isn't the case either.
OpenSSL provides application-defined callbacks that can be used to override
some checks (used to handle, as one source aptly described it, "the mass of
broken certs out there"). Some apps provide callbacks that ignore all errors,
which apparently is what happened here. Standard OpenSSL doesn't have this
problem.
Peter.