Article http://bit.ly/TLbFhN highlighting software, code & middleware that primarily because of poor API design, and usage/configuration by developers, result in incomplete validation of SSL certificates, thus leaving systems vulnerable to man-in-the-middle attacks.
The author's frightenting conclusion, based only upong logic errors in client-side SSL certificate validation!: "Our main conclusion is that SSL certificate validation is completely broken in many critical software applications and libraries. When presented with self-signed and third-party certificates—including a certificate issued by a legitimate authority to a domain called AllYourSSLAreBelongTo.us —they establish SSL connections and send their secrets to a man-in-the-middle attacker."
There is a huge list of software, libraries, e-commerce SDKs, mobile SDKs, etc across many operating systems that are susceptible. This article is a must read for all developers that work with SSL/ security, and the issues should be addressed if you're dependent on any of services mentioned.
Review your usage of SSL in your environment, its one of cornerstones of security on the web and it doesn't take much effort to properly validate a certiifcate chain, and check for revocation.
The Most Dangerous Code in the World: Validating SSL Certificates in Non-Browser Software