Antoine Beaupre writes: > Obviously, one should never use openssl s_client for stuff like this... > I should also note that even though Emacs 24 supports TLS natively now, > its handling of X509 certificate is really problematic, as documented in > #816063. I've just uploaded emacs24 24.5+1-9 and requested an unblock to hopefully address #816063 by configuring --without-gnutls, depending on gnutls-cli, and backporting three upstream patches that remove the --insecure argument from the gnutls-cli invocation and have it use system certificates. With respect to *this* bug, I'm slightly wary of the part of the patch suggested earlier that removes imap-ssl-open entirely, since it seems possible that external (user or other) code might be using it, perhaps with full knowledge of its limitations. So assuming (as suggested in the original patch) that it's appropriate/acceptable to just substitute imap-tls-open for imap-ssl-open, then I wondered if this or something like it might address the immediate concerns: