* CVE-2011-1947
- use timeouts for IMAP STARTTLS/POP3 STLS negotiation which could cause
fetchmail freezes if a server was hanging.
* security improvements to defang X.509 certificate abuse
- require wildcard CN/subject alternative names to start with "*." not just "*"
- don't allow wildcards to match domain literals (such as 10.9.8.7) or
wildcards in domain literals ("*.168.23.23").
- don't allow wildcarding top-level domains.
02c6211f1a