While I agree that C is the wrong language for security-critical applications (and I write this as a mostly C developer myself), I strongly disagree that C++ is a better language. Sure, it has constructors and destructors and pass-by-reference, but that's not enough, and cons/destr's don't fit the common memory usage-model of performance-critical applications (where an SSL library is often used), which use preallocated memory pools.
I think - please correct me if I'm wrong - that Ada has pretty much the same problems as C if you use manual dynamic memory management. Ada supports Garbage Collection in theory, but it is optional, and I don't think many implementations actually supply a GC. Especially since Ada apparently is often used in realtime systems where dynamic memory management is usually avoided altogether (there is a subset of Ada specifically designed for building realtime software that explicitly prohibits any dynamic memory management).
Ada is - as far as I remember - much safer with regards to buffer overflows and bounds checking. But the bigger problem is probably that far more developers know C than Ada, and that something like an SSL library intended for widespread use needs to work with many different compilers and linkers. If you use GCC, I think it is possible to compile Ada code using the GNU Ada compiler and link it to C code compiled using the GNU C compiler, but I am not sure how things look if you use some other C compiler.
So? I didn't say no C++ code has bugs. I said C++ is a better language for eliminating memory errors. Obviously this only happens if you take advantage of the features that allow that (RAII, smart pointers, etc).
C is clearly the wrong language for something this security critical if that's where your bugs are. C++ solved this many years ago.