1) A possible IMAP man-in-the-middle attack. No credentials
are exposed, but could result in unintended emails being "saved" to an
attacker's server. The $ssl_starttls quadoption is now used to check
for an unencrypted PREAUTH response from the server.
2) A problem with GnuTLS certificate prompting. "Rejecting" an expired intermediate cert did not terminate the