Fixed in master.

Thanks for your report. It seems the linker for Android is more strict.

Fixed in GnuPG 2.4.4.

AFAIK, we don't have any option to control the lower-level detail of GnuTLS for dirmngr of GnuPG.

I can do correct handshake with GnuTLS, if specified.

Please configure your server so that an application with GnuTLS can interoperate. It is not GnuPG specific.

It looks like a failure of GnuTLS negotiation.

$ wget --server-response --spider https://openpgpkey.sapience.com/.well-known/openpgpkey/sapience.com/hu/me5xnfhbf3w9djpmxa3keq5q8s3rcgf1?l=arch 
Spider mode enabled. Check if remote file exists.
--2024-01-29 11:35:15--  https://openpgpkey.sapience.com/.well-known/openpgpkey/sapience.com/hu/me5xnfhbf3w9djpmxa3keq5q8s3rcgf1?l=arch
Resolving openpgpkey.sapience.com (openpgpkey.sapience.com)... 72.84.236.69
Connecting to openpgpkey.sapience.com (openpgpkey.sapience.com)|72.84.236.69|:443... connected.
GnuTLS: A TLS fatal alert has been received.
GnuTLS: received alert [47]: Illegal parameter
Unable to establish SSL connection.

Fixed in rC128121e74b66: build: Use @FGREP@ by configure for libgcrypt-config..

Thank you. I recently fixed for use of egrep rC656ca459e3d8: m4: Update acinclude.m4 to use $GREP., but overlooked this one.

Fixed in GnuPG 2.4.4.

For the particular issue reopened for GnuPG 2.2.41 is fixed in GnuPG 2.2.42.
Please note that we can't fix the cause itself, the hardware problem.

Fixed in 0.3.2.

Fixed in NtbTLS 0.3.2.

Fixed in 2.4.4.

Arch Linux: https://gitlab.archlinux.org/archlinux/packaging/packages/gnupg
FreeBSD: https://cgit.freebsd.org/ports/tree/security/gnupg

i still observe the same behavior:

Thank you for the report.

Currently, there is no support for gpg-agent to keep private key not on disk, but only on memory of gpg-agent. Given the situation,
I think that it is good to:

Push the change as rE4a9def77488f: estream: Fix call to string filter for estream-printf..

I see your point: allocating STRINGBUF to make sure nul-terminated string.
The code itself doesn't work well in a test case of tests/t-prinntf.c, because it assumes string filter should be called with NULL for string.

Bug is in 2.2, too.

Fixed in rG591a53d716aa: gpg: Don't call keybox_compress when KEYDB_RESOURCE_FLAG_READONLY..

I found that the warning is emitted when it tries to call keybox_compress.
It should not be called when it's READONLY (which gpgv specifies).

It would be good to apply this to 2.2, so adding "backport" tag.

GnuPG 2.2 and 2.4 now have --pcsc-shared option for a user who can control his action in detail.
So, closing this bug report.

Fixed in rG2be53b214d1c: tools: Fix argparse table of gpgconf..
It would be good to apply this to 2.2, so, adding "backport" tag.

Thank you for the bug report. Although it's a corner case, it is a discrepancy in the implementation which results unrecoverable situation of the device.

I see the reason.