aegilopsThe long awaited OpenSSL vulns are out, and for both...
"this occurs after certificate chain signature verification and requires either a CA to have signed the malicious certificate or for the application to continue certificate verification despite failure to construct a path to a trusted issuer."
Either way you would already have problems, because you trust an untrustworthy CA, or you don't validate certs.