Thank you for your answers, tumic.
Still one little question remains, the situation with self signed certs:
Mail.app immediately failed to connect to a private mail server using a self signed cert, already on the Keychain, once I changed it back to use SSL (this was working on the previous version of Avast!).
This is a bug, thanks for reporting. Connections with self signed certificates were dropped, instead of resigning with the "avast! untrusted CA" certificate. The issue was fixed in build 37968 which is available now under the download link. Please try the new beta and see if it works.
Ok, testing it now.
Mail.app now asked if I wanted to trust this certificate, "avast! untrusted CA", for connecting to this server, I checked "always trust..." and now it works.
One concern thou, this means that ANY self-signed certificate will be accepted for connecting to this particular server? Since I trusted the ""avast! untrusted CA" any untrusted certificate can now be used and not only the certificate I had downloaded to my keychain?
Can't avast sign with the trusted CA if the self-signed certificate is present on the keychain?
I'm wondering about the possibility of a middle man attack going unnoticed if any self-signed certificate is used by the attacker and not the specific one I downloaded from my private mail server.