In GPGME we have the audit log option in threadedjobmixin to gather what otherwise would be lost on stderr. This is shown by kleopatra as diagnostic output when doing crypto operations.
It would be good to have this as detailed info when importing both X509 and OpenPGP certficates as we sometimes get reports that users cannot import keys and so on and we have to tell them to try it on the command line to get more detailed information.
I am having trouble finding a good test case, I think importing S/MIME certificates with ECC keys on GnuPG 2.2.x could be a good test. Or just flipping a byte in an X509 Cert / PGP Cert to break it.