Things which will go into the 2.4 branch.
Details
Today
Tue, Apr 23
Another important use-case is to provide a way to migrate to a newer smartcard.
Mon, Apr 22
Please continue on T7041. This ticket is going to be closed (as the problem described was fixed already).
Tue, Apr 16
Yes I have pcsc-shared in my scdaemon.conf.
I've just tried removing both pcsc-shared and disable-application piv and PIN caching worked as expected.
Are you using PC/SC shared mode? If so, it may be the case of T7041.
Mon, Apr 15
Tue, Apr 9
Thu, Apr 4
Pretty obvious. RENC is an allowed usage for an RSA key and thus set in the mask. I restricted this but allowed to set it anyway when using the "=sr" shortcut (here to set as signing and R-enc). Thanks for reporting.
Wed, Mar 27
Mar 19 2024
The reset was due to running gpg-connect-agent reset /bye. I am currently testing something elese will get back as soon as I can turn back to 2.4
There are two locks here; (1) rw_lock for card_top (list of cards) access and (2) individual card lock.
It looks for me that:
- don't know how/what the thread 7208.2 does
- the thread 7208.3: KEYINFO, then PKSIGN (gets read lock for card_top, then, individual card lock)
- the thread 7208.4: SERIALNO --all (and wait for write lock for card_top)
Mar 18 2024
Mar 7 2024
Mar 6 2024
Mar 4 2024
In case if someone finds it through a search:
How to test:
Feb 28 2024
So after taking this down to where it was only patching status.h and mainproc.c to add a write_status_output() I realized the whole issue is down to status-codes.h not being updated automatically if you apply a patch to status.h in a released version.
Having looked at the build log again after applying the patch, I see the first test failing is
Feb 27 2024
Feb 21 2024
Okay, backported to 2.2.
Feb 19 2024
I need to come up with a better strategy here. --refresh-keys is a very useful command and it should do what the user expects. Maybe we can adjust the behaviour iff we detect that there is an LDAP keyserver.
Interesting. So the problem is not actually the Key-Type, but that the default key-type requires a Key-Curve parameter which has no value by default
Feb 16 2024
I was wrong for the semantics of proxy->outtoken. It is zero when run_proxy_connect is called and enabled during the negotiation.
@hlein Thanks a lot for quick testing.
Thank you @gniibe! Applied the rG848546b05ab0: dirmngr: Fix the regression of use of proxy for TLS connection. changes here, and 2.4.4 works here now.
IIUC, the code for keep_alive is for negotiation of proxy. If so, something like this is the fix:
Right. I was wrong assuming the code in 2.2 branch is stable (that is: well tested).
Feb 15 2024
Per https://dev.gnupg.org/rG04cbc3074aa98660b513a80f623a7e9f0702c7c9#83517, it looks like the fix might be incomplete?