Thanks for the information.

Right, there is a little bug. However, it needs some analysis before we can fix
it. The chain validation code is not easy to change.

Since the error message is gone and searching in external keys works, this is no
longer urgent.

The error message is gone. However, the search result sometimes includes
additional certificates, not just the ones the user searched for. These are
then also imported, at least when using kleopatra.

I received your mail today but I probably can't reply to
it before

Ludwigs test with 2.0.9 + patch shows that the error message does
not come anymore.
Werner, can you state when you did the change the dirmngr?
(E.g. what is the last released version that worked correclty here?)

D56: 167_gpgsm-ext-keylist.diff

Not quite correct. The error was probably handled. The actual cause is that we
introduced a new error message in dirmngr. Find attached a patch against the
current gnupg to fix it. Should apply to 2.0.9 as well.

The "not found" from dirmngr stems from the try to get the issuer of the
certificate. You can get the same effect in command line mode when using the
option --with-colons:

Hi Werner,
This issue is important for a critical Kolab issue. So I've raised the priority
a little. I'd like to get at least some feedback, especially what the effort
would be to fix it.

Tested with gnupg2 2.0.9-1 from Debian sid and python-pyme 0.7.0-4.

Sorry, I don't understand this. In case you mean that the current locale is
used for the HTML output: Marc already reported that and it is fixed in SVN; I
also sent a patch.

D50: 154_gpgme-getkey-ambigious.diff

Fixed. See the attached patch or use the current SVN.

Related to the certificate duplication is the new
issue876(CMS certificate duplication blocks use of gpgme_get_key() )
so all symptoms are not remedied in gpgme 1.1.6 and gnupg 2.0.8 yet.

Issue857 might be related.

Using the patch svn diff -r 4567:4568
my gpgsm can do encryption again.
Still the duplication stays in the keybox.

Sorry, gpg-agent needs to be restartet. Now it works.
Resolving.

I added this line to my trustlist.txt and
applied "Validate" in Kleopatra again, but
same result as before.

Well, GTE seems to be one of this money printing companies without any security
clues. The certificate uses MD5, is valid for 20 years (still 11 to go)(!) and
is missing the required basicConstraints.

We need to fix the symptom as there is always the possibilitiy of
duplicates and that should not inhibit the use of gpgsm.

Similar to T780 I guess.

Seems to be working for me.

Here is the fix:

That is an intersting encoding. dumpasn1 shows:

I've sent it.
I forgot to add that I'm using amd64 and gcc-4.1.1 if it makes any difference.

This has been fixed with gnupg 1.9.21.