FreeBSD Security Advisory - The EVP_VerifyFinal() function from OpenSSL is used to determine if a digital signature is valid. The SSL layer in OpenSSL uses EVP_VerifyFinal(), which in several places checks the return value incorrectly and treats verification errors as a good signature. This is only a problem for DSA and ECDSA keys.
0fb1c7f9876c52b5a471b7b0b3b96ecb570c084c5146b7a0b0b7cd4c332e5a41