Rewrite the post-processing of external X.509 certificate imports
The main reason for the rewrite was that the call
clears the key cache and only adds the passed keys (i.e. the imported
X.509 certificates) to the key cache. In particular, this removed all
OpenPGP keys and all previously existing X.509 certificates from the
key cache. That was certainly not intended.
The new approach is a bit slower because it does an update for each
imported X.509 certificate instead of for all certificates with a single
This change also fixes a regression introduced with commit
which performed the validation for external and local CMS imports.
- GnuPG-bug-id: T5638