In this case, the very test you're describing would not have worked. For a better writeup, see agl's post[1] on the matter. The basic gist of it: On affected systems, the server may use any combination of private key and certificate. Most SSL libraries used on the server side will make sure the moduli of cert and private key match (and abort if this isn't the case). Unit testing would thus require a server with some modifications to its SSL library (OpenSSL, in most cases).
What would have caught the bug: automatic code indentation or any sort of compile-time warnings about dead code.
I see what you mean, the amount of work and foresight needed to predict the bug and write a test for it does seem unrealistic in that light. Hingdsight is 20/20, etc.
What would have caught the bug: automatic code indentation or any sort of compile-time warnings about dead code.
[1] https://www.imperialviolet.org/2014/02/22/applebug.html