After some additional tests, there is some more information. Test I have run:
1. Installed fresh Debian Bullseye. It has Evolution 3.38.3-1 and libnss3 3.61-1+deb11u2. 2. Created a new user. 3. Added a GMail account. The inbox contains a signed email. The certificate was issued by a known CA. Note that no CA was manually added to the system store (/usr/share/ca-certificates) or Evolution. -> Preferences/Certificates/Authorities are populated with a long list of CAs. -> The signed mail is trusted. 4. Installed Evolution 3.44.0-1 from bookworm. -> Preferences/Certificates/Authorities are still populated. -> The signed mail is still trusted. 5. Installed libnss 3.77-1 from bookworm. -> Preferences/Certificates/Authorities no longer populated. It only displays a handful authorities that it extracted from e-mails, but not the full system store. -> The signed mail is no longer trusted. Ubuntu 22.04 (beta) has no problems. It uses libnss3 version 3.68.2- 0ubuntu1. Regards
