So one aspect of T6701 does not work for me the way I intended it, encrypting non vs-nfd compliant to untrusted root cas. The problem is that S/MIME certs where the Root CA is not trusted are reported on a GPGME level as invalid even though the userids have correctly "Unknown Trust"
I think this is the wrong behavior. But I would not flag this for 3.2. maybe discuss this.
./run-keylist --validate --offline --cms andre.heinecke@ keyid : B2B822E38FC56EE5 can_cap : es has_cap : es flags : secret invalid de-vs upd : 0 (0) fpr 0: 13EE42BED4051016FB44A5CBB2B822E38FC56EE5 v5fpr 0: 992DF2C09D681E7652813073ACAD8C84F381A9F5B8BC89735D18D91FB86DAEFC grip 0: 54A386908D4F4550307C587A227D63AF1B932AD1 caps 0: es flags 0: secret invalid de-vs userid 0: CN=Andre Heinecke,OU=demo,O=g10 Code GmbH,C=DE mbox: [none] email: name: cmmnt: upd: 0 (0) valid: unknown userid 1: <andre.heinecke@demo.gnupg.com> mbox: andre.heinecke@demo.gnupg.com email: <andre.heinecke@demo.gnupg.com> name: cmmnt: upd: 0 (0) valid: unknown