0s autopkgtest [15:11:51]: starting date and time: 2024-06-14 15:11:51+0000 0s autopkgtest [15:11:51]: git checkout: 433ed4cb Merge branch 'skia/nova_flock' into 'ubuntu/5.34+prod' 0s autopkgtest [15:11:51]: host juju-7f2275-prod-proposed-migration-environment-3; command line: /home/ubuntu/autopkgtest/runner/autopkgtest --output-dir /tmp/autopkgtest-work.qkd4wp95/out --timeout-copy=6000 --setup-commands /home/ubuntu/autopkgtest-cloud/worker-config-production/setup-canonical.sh --apt-pocket=proposed=src:shadow --apt-upgrade sssd --timeout-short=300 --timeout-copy=20000 --timeout-build=20000 --env=ADT_TEST_TRIGGERS=shadow/1:4.13+dfsg1-4ubuntu3.2 -- ssh -s /home/ubuntu/autopkgtest/ssh-setup/nova -- --flavor autopkgtest --security-groups autopkgtest-juju-7f2275-prod-proposed-migration-environment-3@lcy02-54.secgroup --name adt-noble-amd64-sssd-20240614-151151-juju-7f2275-prod-proposed-migration-environment-3-756bd939-2796-4ffe-8250-143c8c98ab62 --image adt/ubuntu-noble-amd64-server --keyname testbed-juju-7f2275-prod-proposed-migration-environment-3 --net-id=net_prod-proposed-migration -e TERM=linux -e ''"'"'http_proxy=http://squid.internal:3128'"'"'' -e ''"'"'https_proxy=http://squid.internal:3128'"'"'' -e ''"'"'no_proxy=127.0.0.1,127.0.1.1,login.ubuntu.com,localhost,localdomain,novalocal,internal,archive.ubuntu.com,ports.ubuntu.com,security.ubuntu.com,ddebs.ubuntu.com,changelogs.ubuntu.com,keyserver.ubuntu.com,launchpadlibrarian.net,launchpadcontent.net,launchpad.net,10.24.0.0/24,keystone.ps5.canonical.com,objectstorage.prodstack5.canonical.com'"'"'' --mirror=http://ftpmaster.internal/ubuntu/ 76s autopkgtest [15:13:07]: testbed dpkg architecture: amd64 76s autopkgtest [15:13:07]: testbed apt version: 2.7.14build2 76s autopkgtest [15:13:07]: @@@@@@@@@@@@@@@@@@@@ test bed setup 76s Get:1 http://ftpmaster.internal/ubuntu noble-proposed InRelease [265 kB] 76s Get:2 http://ftpmaster.internal/ubuntu noble-proposed/restricted Sources [10.5 kB] 76s Get:3 http://ftpmaster.internal/ubuntu noble-proposed/universe Sources [12.9 kB] 76s Get:4 http://ftpmaster.internal/ubuntu noble-proposed/main Sources [22.6 kB] 76s Get:5 http://ftpmaster.internal/ubuntu noble-proposed/multiverse Sources [5468 B] 76s Get:6 http://ftpmaster.internal/ubuntu noble-proposed/main i386 Packages [22.0 kB] 76s Get:7 http://ftpmaster.internal/ubuntu noble-proposed/main amd64 Packages [51.2 kB] 76s Get:8 http://ftpmaster.internal/ubuntu noble-proposed/main amd64 c-n-f Metadata [3508 B] 76s Get:9 http://ftpmaster.internal/ubuntu noble-proposed/restricted i386 Packages [13.8 kB] 76s Get:10 http://ftpmaster.internal/ubuntu noble-proposed/restricted amd64 Packages [64.0 kB] 76s Get:11 http://ftpmaster.internal/ubuntu noble-proposed/restricted amd64 c-n-f Metadata [116 B] 76s Get:12 http://ftpmaster.internal/ubuntu noble-proposed/universe amd64 Packages [36.4 kB] 76s Get:13 http://ftpmaster.internal/ubuntu noble-proposed/universe i386 Packages [24.9 kB] 76s Get:14 http://ftpmaster.internal/ubuntu noble-proposed/universe amd64 c-n-f Metadata [9396 B] 76s Get:15 http://ftpmaster.internal/ubuntu noble-proposed/multiverse i386 Packages [2392 B] 76s Get:16 http://ftpmaster.internal/ubuntu noble-proposed/multiverse amd64 Packages [10.6 kB] 76s Get:17 http://ftpmaster.internal/ubuntu noble-proposed/multiverse amd64 c-n-f Metadata [196 B] 77s Fetched 555 kB in 0s (2064 kB/s) 77s Reading package lists... 79s Reading package lists... 79s Building dependency tree... 79s Reading state information... 80s Calculating upgrade... 80s The following packages will be upgraded: 80s cloud-init login passwd 80s 3 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 80s Need to get 1645 kB of archives. 80s After this operation, 1024 B of additional disk space will be used. 80s Get:1 http://ftpmaster.internal/ubuntu noble-proposed/main amd64 login amd64 1:4.13+dfsg1-4ubuntu3.2 [202 kB] 80s Get:2 http://ftpmaster.internal/ubuntu noble-proposed/main amd64 passwd amd64 1:4.13+dfsg1-4ubuntu3.2 [845 kB] 80s Get:3 http://ftpmaster.internal/ubuntu noble-updates/main amd64 cloud-init all 24.1.3-0ubuntu3.3 [598 kB] 80s Preconfiguring packages ... 80s Fetched 1645 kB in 0s (35.9 MB/s) 81s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 73961 files and directories currently installed.) 81s Preparing to unpack .../login_1%3a4.13+dfsg1-4ubuntu3.2_amd64.deb ... 81s Unpacking login (1:4.13+dfsg1-4ubuntu3.2) over (1:4.13+dfsg1-4ubuntu3) ... 81s Setting up login (1:4.13+dfsg1-4ubuntu3.2) ... 81s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 73961 files and directories currently installed.) 81s Preparing to unpack .../passwd_1%3a4.13+dfsg1-4ubuntu3.2_amd64.deb ... 81s Unpacking passwd (1:4.13+dfsg1-4ubuntu3.2) over (1:4.13+dfsg1-4ubuntu3) ... 81s Setting up passwd (1:4.13+dfsg1-4ubuntu3.2) ... 81s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 73961 files and directories currently installed.) 81s Preparing to unpack .../cloud-init_24.1.3-0ubuntu3.3_all.deb ... 81s Unpacking cloud-init (24.1.3-0ubuntu3.3) over (24.1.3-0ubuntu3.2) ... 82s Setting up cloud-init (24.1.3-0ubuntu3.3) ... 83s Processing triggers for man-db (2.12.0-4build2) ... 85s Processing triggers for rsyslog (8.2312.0-3ubuntu9) ... 85s Reading package lists... 85s Building dependency tree... 85s Reading state information... 86s 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 86s Hit:1 http://ftpmaster.internal/ubuntu noble-proposed InRelease 86s Hit:2 http://ftpmaster.internal/ubuntu noble InRelease 86s Hit:3 http://ftpmaster.internal/ubuntu noble-updates InRelease 86s Hit:4 http://ftpmaster.internal/ubuntu noble-security InRelease 87s Reading package lists... 87s Reading package lists... 88s Building dependency tree... 88s Reading state information... 88s Calculating upgrade... 88s 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 89s Reading package lists... 89s Building dependency tree... 89s Reading state information... 89s 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 89s autopkgtest [15:13:20]: rebooting testbed after setup commands that affected boot 93s autopkgtest-virt-ssh: WARNING: ssh connection failed. Retrying in 3 seconds... 105s autopkgtest [15:13:36]: testbed running kernel: Linux 6.8.0-35-generic #35-Ubuntu SMP PREEMPT_DYNAMIC Mon May 20 15:51:52 UTC 2024 106s autopkgtest [15:13:37]: @@@@@@@@@@@@@@@@@@@@ apt-source sssd 115s Get:1 http://ftpmaster.internal/ubuntu noble/main sssd 2.9.4-1.1ubuntu6 (dsc) [5056 B] 115s Get:2 http://ftpmaster.internal/ubuntu noble/main sssd 2.9.4-1.1ubuntu6 (tar) [7983 kB] 115s Get:3 http://ftpmaster.internal/ubuntu noble/main sssd 2.9.4-1.1ubuntu6 (diff) [49.2 kB] 115s gpgv: Signature made Tue Apr 16 09:55:57 2024 UTC 115s gpgv: using RSA key 568BF22A66337CBFC9A6B9B72C83DBC8E9BD0E37 115s gpgv: Can't check signature: No public key 115s dpkg-source: warning: cannot verify inline signature for ./sssd_2.9.4-1.1ubuntu6.dsc: no acceptable signature found 115s autopkgtest [15:13:46]: testing package sssd version 2.9.4-1.1ubuntu6 116s autopkgtest [15:13:47]: build not needed 117s autopkgtest [15:13:48]: test ldap-user-group-ldap-auth: preparing testbed 117s Reading package lists... 117s Building dependency tree... 117s Reading state information... 118s Starting pkgProblemResolver with broken count: 0 118s Starting 2 pkgProblemResolver with broken count: 0 118s Done 119s The following additional packages will be installed: 119s expect ldap-utils libavahi-client3 libavahi-common-data libavahi-common3 119s libbasicobjects0t64 libcares2 libcollection4t64 libcrack2 libdhash1t64 119s libevent-2.1-7t64 libini-config5t64 libipa-hbac-dev libipa-hbac0t64 libjose0 119s libkrad0 libldb2 libltdl7 libnfsidmap1 libnss-sss libnss-sudo libodbc2 119s libpam-pwquality libpam-sss libpath-utils1t64 libpwquality-common 119s libpwquality1 libref-array1t64 libsmbclient0 libsss-certmap-dev 119s libsss-certmap0 libsss-idmap-dev libsss-idmap0 libsss-nss-idmap-dev 119s libsss-nss-idmap0 libsss-sudo libtalloc2 libtcl8.6 libtdb1 libtevent0t64 119s libverto-libevent1t64 libverto1t64 libwbclient0 python3-libipa-hbac 119s python3-libsss-nss-idmap python3-sss samba-libs slapd sssd sssd-ad 119s sssd-ad-common sssd-common sssd-dbus sssd-idp sssd-ipa sssd-kcm sssd-krb5 119s sssd-krb5-common sssd-ldap sssd-passkey sssd-proxy sssd-tools tcl-expect 119s tcl8.6 119s Suggested packages: 119s tk8.6 libsasl2-modules-gssapi-mit | libsasl2-modules-gssapi-heimdal 119s odbc-postgresql tdsodbc adcli libsasl2-modules-ldap tcl-tclreadline 119s Recommended packages: 119s cracklib-runtime libsasl2-modules-gssapi-mit 119s | libsasl2-modules-gssapi-heimdal 119s The following NEW packages will be installed: 119s autopkgtest-satdep expect ldap-utils libavahi-client3 libavahi-common-data 119s libavahi-common3 libbasicobjects0t64 libcares2 libcollection4t64 libcrack2 119s libdhash1t64 libevent-2.1-7t64 libini-config5t64 libipa-hbac-dev 119s libipa-hbac0t64 libjose0 libkrad0 libldb2 libltdl7 libnfsidmap1 libnss-sss 119s libnss-sudo libodbc2 libpam-pwquality libpam-sss libpath-utils1t64 119s libpwquality-common libpwquality1 libref-array1t64 libsmbclient0 119s libsss-certmap-dev libsss-certmap0 libsss-idmap-dev libsss-idmap0 119s libsss-nss-idmap-dev libsss-nss-idmap0 libsss-sudo libtalloc2 libtcl8.6 119s libtdb1 libtevent0t64 libverto-libevent1t64 libverto1t64 libwbclient0 119s python3-libipa-hbac python3-libsss-nss-idmap python3-sss samba-libs slapd 119s sssd sssd-ad sssd-ad-common sssd-common sssd-dbus sssd-idp sssd-ipa sssd-kcm 119s sssd-krb5 sssd-krb5-common sssd-ldap sssd-passkey sssd-proxy sssd-tools 119s tcl-expect tcl8.6 119s 0 upgraded, 65 newly installed, 0 to remove and 0 not upgraded. 119s Need to get 12.7 MB/12.7 MB of archives. 119s After this operation, 48.8 MB of additional disk space will be used. 119s Get:1 /tmp/autopkgtest.m2Kdas/1-autopkgtest-satdep.deb autopkgtest-satdep amd64 0 [868 B] 119s Get:2 http://ftpmaster.internal/ubuntu noble/main amd64 libltdl7 amd64 2.4.7-7build1 [40.3 kB] 119s Get:3 http://ftpmaster.internal/ubuntu noble-updates/main amd64 libodbc2 amd64 2.3.12-1ubuntu0.24.04.1 [158 kB] 119s Get:4 http://ftpmaster.internal/ubuntu noble/main amd64 slapd amd64 2.6.7+dfsg-1~exp1ubuntu8 [1553 kB] 119s Get:5 http://ftpmaster.internal/ubuntu noble/main amd64 libtcl8.6 amd64 8.6.14+dfsg-1build1 [988 kB] 119s Get:6 http://ftpmaster.internal/ubuntu noble/main amd64 tcl8.6 amd64 8.6.14+dfsg-1build1 [14.7 kB] 119s Get:7 http://ftpmaster.internal/ubuntu noble/universe amd64 tcl-expect amd64 5.45.4-3 [110 kB] 119s Get:8 http://ftpmaster.internal/ubuntu noble/universe amd64 expect amd64 5.45.4-3 [137 kB] 119s Get:9 http://ftpmaster.internal/ubuntu noble/main amd64 ldap-utils amd64 2.6.7+dfsg-1~exp1ubuntu8 [153 kB] 119s Get:10 http://ftpmaster.internal/ubuntu noble/main amd64 libavahi-common-data amd64 0.8-13ubuntu6 [29.7 kB] 119s Get:11 http://ftpmaster.internal/ubuntu noble/main amd64 libavahi-common3 amd64 0.8-13ubuntu6 [23.3 kB] 119s Get:12 http://ftpmaster.internal/ubuntu noble/main amd64 libavahi-client3 amd64 0.8-13ubuntu6 [26.8 kB] 119s Get:13 http://ftpmaster.internal/ubuntu noble/main amd64 libbasicobjects0t64 amd64 0.6.2-2.1build1 [5854 B] 119s Get:14 http://ftpmaster.internal/ubuntu noble/main amd64 libcares2 amd64 1.27.0-1.0ubuntu1 [73.7 kB] 119s Get:15 http://ftpmaster.internal/ubuntu noble/main amd64 libcollection4t64 amd64 0.6.2-2.1build1 [22.8 kB] 119s Get:16 http://ftpmaster.internal/ubuntu noble/main amd64 libcrack2 amd64 2.9.6-5.1build2 [29.0 kB] 119s Get:17 http://ftpmaster.internal/ubuntu noble/main amd64 libdhash1t64 amd64 0.6.2-2.1build1 [8614 B] 119s Get:18 http://ftpmaster.internal/ubuntu noble/main amd64 libevent-2.1-7t64 amd64 2.1.12-stable-9ubuntu2 [145 kB] 119s Get:19 http://ftpmaster.internal/ubuntu noble/main amd64 libpath-utils1t64 amd64 0.6.2-2.1build1 [8744 B] 119s Get:20 http://ftpmaster.internal/ubuntu noble/main amd64 libref-array1t64 amd64 0.6.2-2.1build1 [7420 B] 119s Get:21 http://ftpmaster.internal/ubuntu noble/main amd64 libini-config5t64 amd64 0.6.2-2.1build1 [43.5 kB] 119s Get:22 http://ftpmaster.internal/ubuntu noble/main amd64 libipa-hbac0t64 amd64 2.9.4-1.1ubuntu6 [17.4 kB] 119s Get:23 http://ftpmaster.internal/ubuntu noble/universe amd64 libjose0 amd64 13-1 [44.5 kB] 119s Get:24 http://ftpmaster.internal/ubuntu noble/main amd64 libverto-libevent1t64 amd64 0.3.1-1.2ubuntu3 [6424 B] 119s Get:25 http://ftpmaster.internal/ubuntu noble/main amd64 libverto1t64 amd64 0.3.1-1.2ubuntu3 [10.5 kB] 119s Get:26 http://ftpmaster.internal/ubuntu noble/main amd64 libkrad0 amd64 1.20.1-6ubuntu2 [22.2 kB] 119s Get:27 http://ftpmaster.internal/ubuntu noble/main amd64 libtalloc2 amd64 2.4.2-1build2 [27.3 kB] 119s Get:28 http://ftpmaster.internal/ubuntu noble/main amd64 libtdb1 amd64 1.4.10-1build1 [46.8 kB] 119s Get:29 http://ftpmaster.internal/ubuntu noble/main amd64 libtevent0t64 amd64 0.16.1-2build1 [42.6 kB] 119s Get:30 http://ftpmaster.internal/ubuntu noble/main amd64 libldb2 amd64 2:2.8.0+samba4.19.5+dfsg-4ubuntu9 [187 kB] 119s Get:31 http://ftpmaster.internal/ubuntu noble/main amd64 libnfsidmap1 amd64 1:2.6.4-3ubuntu5 [48.2 kB] 119s Get:32 http://ftpmaster.internal/ubuntu noble/universe amd64 libnss-sudo all 1.9.15p5-3ubuntu5 [15.2 kB] 119s Get:33 http://ftpmaster.internal/ubuntu noble/main amd64 libpwquality-common all 1.4.5-3build1 [7748 B] 119s Get:34 http://ftpmaster.internal/ubuntu noble/main amd64 libpwquality1 amd64 1.4.5-3build1 [13.5 kB] 119s Get:35 http://ftpmaster.internal/ubuntu noble/main amd64 libpam-pwquality amd64 1.4.5-3build1 [11.7 kB] 119s Get:36 http://ftpmaster.internal/ubuntu noble/main amd64 libwbclient0 amd64 2:4.19.5+dfsg-4ubuntu9 [70.6 kB] 119s Get:37 http://ftpmaster.internal/ubuntu noble/main amd64 samba-libs amd64 2:4.19.5+dfsg-4ubuntu9 [6017 kB] 119s Get:38 http://ftpmaster.internal/ubuntu noble/main amd64 libsmbclient0 amd64 2:4.19.5+dfsg-4ubuntu9 [62.4 kB] 119s Get:39 http://ftpmaster.internal/ubuntu noble/main amd64 libnss-sss amd64 2.9.4-1.1ubuntu6 [31.6 kB] 119s Get:40 http://ftpmaster.internal/ubuntu noble/main amd64 libpam-sss amd64 2.9.4-1.1ubuntu6 [50.4 kB] 119s Get:41 http://ftpmaster.internal/ubuntu noble/main amd64 python3-sss amd64 2.9.4-1.1ubuntu6 [47.1 kB] 119s Get:42 http://ftpmaster.internal/ubuntu noble/main amd64 libsss-certmap0 amd64 2.9.4-1.1ubuntu6 [47.1 kB] 119s Get:43 http://ftpmaster.internal/ubuntu noble/main amd64 libsss-idmap0 amd64 2.9.4-1.1ubuntu6 [21.7 kB] 119s Get:44 http://ftpmaster.internal/ubuntu noble/main amd64 libsss-nss-idmap0 amd64 2.9.4-1.1ubuntu6 [30.3 kB] 119s Get:45 http://ftpmaster.internal/ubuntu noble/main amd64 sssd-common amd64 2.9.4-1.1ubuntu6 [1139 kB] 119s Get:46 http://ftpmaster.internal/ubuntu noble/universe amd64 sssd-idp amd64 2.9.4-1.1ubuntu6 [27.4 kB] 119s Get:47 http://ftpmaster.internal/ubuntu noble/universe amd64 sssd-passkey amd64 2.9.4-1.1ubuntu6 [32.4 kB] 119s Get:48 http://ftpmaster.internal/ubuntu noble/main amd64 sssd-ad-common amd64 2.9.4-1.1ubuntu6 [77.1 kB] 119s Get:49 http://ftpmaster.internal/ubuntu noble/main amd64 sssd-krb5-common amd64 2.9.4-1.1ubuntu6 [88.8 kB] 119s Get:50 http://ftpmaster.internal/ubuntu noble/main amd64 sssd-ad amd64 2.9.4-1.1ubuntu6 [135 kB] 119s Get:51 http://ftpmaster.internal/ubuntu noble/main amd64 sssd-ipa amd64 2.9.4-1.1ubuntu6 [221 kB] 119s Get:52 http://ftpmaster.internal/ubuntu noble/main amd64 sssd-krb5 amd64 2.9.4-1.1ubuntu6 [14.5 kB] 119s Get:53 http://ftpmaster.internal/ubuntu noble/main amd64 sssd-ldap amd64 2.9.4-1.1ubuntu6 [31.3 kB] 119s Get:54 http://ftpmaster.internal/ubuntu noble/main amd64 sssd-proxy amd64 2.9.4-1.1ubuntu6 [44.6 kB] 119s Get:55 http://ftpmaster.internal/ubuntu noble/main amd64 sssd amd64 2.9.4-1.1ubuntu6 [4118 B] 119s Get:56 http://ftpmaster.internal/ubuntu noble/main amd64 sssd-dbus amd64 2.9.4-1.1ubuntu6 [104 kB] 119s Get:57 http://ftpmaster.internal/ubuntu noble/universe amd64 sssd-kcm amd64 2.9.4-1.1ubuntu6 [140 kB] 119s Get:58 http://ftpmaster.internal/ubuntu noble/main amd64 sssd-tools amd64 2.9.4-1.1ubuntu6 [97.8 kB] 119s Get:59 http://ftpmaster.internal/ubuntu noble/main amd64 libipa-hbac-dev amd64 2.9.4-1.1ubuntu6 [6670 B] 119s Get:60 http://ftpmaster.internal/ubuntu noble/main amd64 libsss-certmap-dev amd64 2.9.4-1.1ubuntu6 [5730 B] 119s Get:61 http://ftpmaster.internal/ubuntu noble/main amd64 libsss-idmap-dev amd64 2.9.4-1.1ubuntu6 [8382 B] 119s Get:62 http://ftpmaster.internal/ubuntu noble/main amd64 libsss-nss-idmap-dev amd64 2.9.4-1.1ubuntu6 [6716 B] 119s Get:63 http://ftpmaster.internal/ubuntu noble/universe amd64 libsss-sudo amd64 2.9.4-1.1ubuntu6 [21.2 kB] 119s Get:64 http://ftpmaster.internal/ubuntu noble/universe amd64 python3-libipa-hbac amd64 2.9.4-1.1ubuntu6 [16.8 kB] 119s Get:65 http://ftpmaster.internal/ubuntu noble/universe amd64 python3-libsss-nss-idmap amd64 2.9.4-1.1ubuntu6 [9178 B] 119s Preconfiguring packages ... 120s Fetched 12.7 MB in 0s (62.0 MB/s) 120s Selecting previously unselected package libltdl7:amd64. 120s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 73961 files and directories currently installed.) 120s Preparing to unpack .../00-libltdl7_2.4.7-7build1_amd64.deb ... 120s Unpacking libltdl7:amd64 (2.4.7-7build1) ... 120s Selecting previously unselected package libodbc2:amd64. 120s Preparing to unpack .../01-libodbc2_2.3.12-1ubuntu0.24.04.1_amd64.deb ... 120s Unpacking libodbc2:amd64 (2.3.12-1ubuntu0.24.04.1) ... 120s Selecting previously unselected package slapd. 120s Preparing to unpack .../02-slapd_2.6.7+dfsg-1~exp1ubuntu8_amd64.deb ... 120s Unpacking slapd (2.6.7+dfsg-1~exp1ubuntu8) ... 120s Selecting previously unselected package libtcl8.6:amd64. 120s Preparing to unpack .../03-libtcl8.6_8.6.14+dfsg-1build1_amd64.deb ... 120s Unpacking libtcl8.6:amd64 (8.6.14+dfsg-1build1) ... 120s Selecting previously unselected package tcl8.6. 120s Preparing to unpack .../04-tcl8.6_8.6.14+dfsg-1build1_amd64.deb ... 120s Unpacking tcl8.6 (8.6.14+dfsg-1build1) ... 120s Selecting previously unselected package tcl-expect:amd64. 120s Preparing to unpack .../05-tcl-expect_5.45.4-3_amd64.deb ... 120s Unpacking tcl-expect:amd64 (5.45.4-3) ... 120s Selecting previously unselected package expect. 120s Preparing to unpack .../06-expect_5.45.4-3_amd64.deb ... 120s Unpacking expect (5.45.4-3) ... 120s Selecting previously unselected package ldap-utils. 120s Preparing to unpack .../07-ldap-utils_2.6.7+dfsg-1~exp1ubuntu8_amd64.deb ... 120s Unpacking ldap-utils (2.6.7+dfsg-1~exp1ubuntu8) ... 120s Selecting previously unselected package libavahi-common-data:amd64. 120s Preparing to unpack .../08-libavahi-common-data_0.8-13ubuntu6_amd64.deb ... 120s Unpacking libavahi-common-data:amd64 (0.8-13ubuntu6) ... 120s Selecting previously unselected package libavahi-common3:amd64. 120s Preparing to unpack .../09-libavahi-common3_0.8-13ubuntu6_amd64.deb ... 120s Unpacking libavahi-common3:amd64 (0.8-13ubuntu6) ... 120s Selecting previously unselected package libavahi-client3:amd64. 120s Preparing to unpack .../10-libavahi-client3_0.8-13ubuntu6_amd64.deb ... 120s Unpacking libavahi-client3:amd64 (0.8-13ubuntu6) ... 120s Selecting previously unselected package libbasicobjects0t64:amd64. 120s Preparing to unpack .../11-libbasicobjects0t64_0.6.2-2.1build1_amd64.deb ... 120s Unpacking libbasicobjects0t64:amd64 (0.6.2-2.1build1) ... 120s Selecting previously unselected package libcares2:amd64. 120s Preparing to unpack .../12-libcares2_1.27.0-1.0ubuntu1_amd64.deb ... 120s Unpacking libcares2:amd64 (1.27.0-1.0ubuntu1) ... 120s Selecting previously unselected package libcollection4t64:amd64. 121s Preparing to unpack .../13-libcollection4t64_0.6.2-2.1build1_amd64.deb ... 121s Unpacking libcollection4t64:amd64 (0.6.2-2.1build1) ... 121s Selecting previously unselected package libcrack2:amd64. 121s Preparing to unpack .../14-libcrack2_2.9.6-5.1build2_amd64.deb ... 121s Unpacking libcrack2:amd64 (2.9.6-5.1build2) ... 121s Selecting previously unselected package libdhash1t64:amd64. 121s Preparing to unpack .../15-libdhash1t64_0.6.2-2.1build1_amd64.deb ... 121s Unpacking libdhash1t64:amd64 (0.6.2-2.1build1) ... 121s Selecting previously unselected package libevent-2.1-7t64:amd64. 121s Preparing to unpack .../16-libevent-2.1-7t64_2.1.12-stable-9ubuntu2_amd64.deb ... 121s Unpacking libevent-2.1-7t64:amd64 (2.1.12-stable-9ubuntu2) ... 121s Selecting previously unselected package libpath-utils1t64:amd64. 121s Preparing to unpack .../17-libpath-utils1t64_0.6.2-2.1build1_amd64.deb ... 121s Unpacking libpath-utils1t64:amd64 (0.6.2-2.1build1) ... 121s Selecting previously unselected package libref-array1t64:amd64. 121s Preparing to unpack .../18-libref-array1t64_0.6.2-2.1build1_amd64.deb ... 121s Unpacking libref-array1t64:amd64 (0.6.2-2.1build1) ... 121s Selecting previously unselected package libini-config5t64:amd64. 121s Preparing to unpack .../19-libini-config5t64_0.6.2-2.1build1_amd64.deb ... 121s Unpacking libini-config5t64:amd64 (0.6.2-2.1build1) ... 121s Selecting previously unselected package libipa-hbac0t64. 121s Preparing to unpack .../20-libipa-hbac0t64_2.9.4-1.1ubuntu6_amd64.deb ... 121s Unpacking libipa-hbac0t64 (2.9.4-1.1ubuntu6) ... 121s Selecting previously unselected package libjose0:amd64. 121s Preparing to unpack .../21-libjose0_13-1_amd64.deb ... 121s Unpacking libjose0:amd64 (13-1) ... 121s Selecting previously unselected package libverto-libevent1t64:amd64. 121s Preparing to unpack .../22-libverto-libevent1t64_0.3.1-1.2ubuntu3_amd64.deb ... 121s Unpacking libverto-libevent1t64:amd64 (0.3.1-1.2ubuntu3) ... 121s Selecting previously unselected package libverto1t64:amd64. 121s Preparing to unpack .../23-libverto1t64_0.3.1-1.2ubuntu3_amd64.deb ... 121s Unpacking libverto1t64:amd64 (0.3.1-1.2ubuntu3) ... 121s Selecting previously unselected package libkrad0:amd64. 121s Preparing to unpack .../24-libkrad0_1.20.1-6ubuntu2_amd64.deb ... 121s Unpacking libkrad0:amd64 (1.20.1-6ubuntu2) ... 121s Selecting previously unselected package libtalloc2:amd64. 121s Preparing to unpack .../25-libtalloc2_2.4.2-1build2_amd64.deb ... 121s Unpacking libtalloc2:amd64 (2.4.2-1build2) ... 121s Selecting previously unselected package libtdb1:amd64. 121s Preparing to unpack .../26-libtdb1_1.4.10-1build1_amd64.deb ... 121s Unpacking libtdb1:amd64 (1.4.10-1build1) ... 121s Selecting previously unselected package libtevent0t64:amd64. 121s Preparing to unpack .../27-libtevent0t64_0.16.1-2build1_amd64.deb ... 121s Unpacking libtevent0t64:amd64 (0.16.1-2build1) ... 121s Selecting previously unselected package libldb2:amd64. 121s Preparing to unpack .../28-libldb2_2%3a2.8.0+samba4.19.5+dfsg-4ubuntu9_amd64.deb ... 121s Unpacking libldb2:amd64 (2:2.8.0+samba4.19.5+dfsg-4ubuntu9) ... 121s Selecting previously unselected package libnfsidmap1:amd64. 121s Preparing to unpack .../29-libnfsidmap1_1%3a2.6.4-3ubuntu5_amd64.deb ... 121s Unpacking libnfsidmap1:amd64 (1:2.6.4-3ubuntu5) ... 121s Selecting previously unselected package libnss-sudo. 121s Preparing to unpack .../30-libnss-sudo_1.9.15p5-3ubuntu5_all.deb ... 121s Unpacking libnss-sudo (1.9.15p5-3ubuntu5) ... 121s Selecting previously unselected package libpwquality-common. 121s Preparing to unpack .../31-libpwquality-common_1.4.5-3build1_all.deb ... 121s Unpacking libpwquality-common (1.4.5-3build1) ... 121s Selecting previously unselected package libpwquality1:amd64. 121s Preparing to unpack .../32-libpwquality1_1.4.5-3build1_amd64.deb ... 121s Unpacking libpwquality1:amd64 (1.4.5-3build1) ... 121s Selecting previously unselected package libpam-pwquality:amd64. 121s Preparing to unpack .../33-libpam-pwquality_1.4.5-3build1_amd64.deb ... 121s Unpacking libpam-pwquality:amd64 (1.4.5-3build1) ... 121s Selecting previously unselected package libwbclient0:amd64. 121s Preparing to unpack .../34-libwbclient0_2%3a4.19.5+dfsg-4ubuntu9_amd64.deb ... 121s Unpacking libwbclient0:amd64 (2:4.19.5+dfsg-4ubuntu9) ... 121s Selecting previously unselected package samba-libs:amd64. 121s Preparing to unpack .../35-samba-libs_2%3a4.19.5+dfsg-4ubuntu9_amd64.deb ... 121s Unpacking samba-libs:amd64 (2:4.19.5+dfsg-4ubuntu9) ... 121s Selecting previously unselected package libsmbclient0:amd64. 121s Preparing to unpack .../36-libsmbclient0_2%3a4.19.5+dfsg-4ubuntu9_amd64.deb ... 121s Unpacking libsmbclient0:amd64 (2:4.19.5+dfsg-4ubuntu9) ... 121s Selecting previously unselected package libnss-sss:amd64. 121s Preparing to unpack .../37-libnss-sss_2.9.4-1.1ubuntu6_amd64.deb ... 121s Unpacking libnss-sss:amd64 (2.9.4-1.1ubuntu6) ... 121s Selecting previously unselected package libpam-sss:amd64. 121s Preparing to unpack .../38-libpam-sss_2.9.4-1.1ubuntu6_amd64.deb ... 121s Unpacking libpam-sss:amd64 (2.9.4-1.1ubuntu6) ... 121s Selecting previously unselected package python3-sss. 121s Preparing to unpack .../39-python3-sss_2.9.4-1.1ubuntu6_amd64.deb ... 121s Unpacking python3-sss (2.9.4-1.1ubuntu6) ... 121s Selecting previously unselected package libsss-certmap0. 121s Preparing to unpack .../40-libsss-certmap0_2.9.4-1.1ubuntu6_amd64.deb ... 121s Unpacking libsss-certmap0 (2.9.4-1.1ubuntu6) ... 121s Selecting previously unselected package libsss-idmap0. 121s Preparing to unpack .../41-libsss-idmap0_2.9.4-1.1ubuntu6_amd64.deb ... 121s Unpacking libsss-idmap0 (2.9.4-1.1ubuntu6) ... 121s Selecting previously unselected package libsss-nss-idmap0. 122s Preparing to unpack .../42-libsss-nss-idmap0_2.9.4-1.1ubuntu6_amd64.deb ... 122s Unpacking libsss-nss-idmap0 (2.9.4-1.1ubuntu6) ... 122s Selecting previously unselected package sssd-common. 122s Preparing to unpack .../43-sssd-common_2.9.4-1.1ubuntu6_amd64.deb ... 122s Unpacking sssd-common (2.9.4-1.1ubuntu6) ... 122s Selecting previously unselected package sssd-idp. 122s Preparing to unpack .../44-sssd-idp_2.9.4-1.1ubuntu6_amd64.deb ... 122s Unpacking sssd-idp (2.9.4-1.1ubuntu6) ... 122s Selecting previously unselected package sssd-passkey. 122s Preparing to unpack .../45-sssd-passkey_2.9.4-1.1ubuntu6_amd64.deb ... 122s Unpacking sssd-passkey (2.9.4-1.1ubuntu6) ... 122s Selecting previously unselected package sssd-ad-common. 122s Preparing to unpack .../46-sssd-ad-common_2.9.4-1.1ubuntu6_amd64.deb ... 122s Unpacking sssd-ad-common (2.9.4-1.1ubuntu6) ... 122s Selecting previously unselected package sssd-krb5-common. 122s Preparing to unpack .../47-sssd-krb5-common_2.9.4-1.1ubuntu6_amd64.deb ... 122s Unpacking sssd-krb5-common (2.9.4-1.1ubuntu6) ... 122s Selecting previously unselected package sssd-ad. 122s Preparing to unpack .../48-sssd-ad_2.9.4-1.1ubuntu6_amd64.deb ... 122s Unpacking sssd-ad (2.9.4-1.1ubuntu6) ... 122s Selecting previously unselected package sssd-ipa. 122s Preparing to unpack .../49-sssd-ipa_2.9.4-1.1ubuntu6_amd64.deb ... 122s Unpacking sssd-ipa (2.9.4-1.1ubuntu6) ... 122s Selecting previously unselected package sssd-krb5. 122s Preparing to unpack .../50-sssd-krb5_2.9.4-1.1ubuntu6_amd64.deb ... 122s Unpacking sssd-krb5 (2.9.4-1.1ubuntu6) ... 122s Selecting previously unselected package sssd-ldap. 122s Preparing to unpack .../51-sssd-ldap_2.9.4-1.1ubuntu6_amd64.deb ... 122s Unpacking sssd-ldap (2.9.4-1.1ubuntu6) ... 122s Selecting previously unselected package sssd-proxy. 122s Preparing to unpack .../52-sssd-proxy_2.9.4-1.1ubuntu6_amd64.deb ... 122s Unpacking sssd-proxy (2.9.4-1.1ubuntu6) ... 122s Selecting previously unselected package sssd. 122s Preparing to unpack .../53-sssd_2.9.4-1.1ubuntu6_amd64.deb ... 122s Unpacking sssd (2.9.4-1.1ubuntu6) ... 122s Selecting previously unselected package sssd-dbus. 122s Preparing to unpack .../54-sssd-dbus_2.9.4-1.1ubuntu6_amd64.deb ... 122s Unpacking sssd-dbus (2.9.4-1.1ubuntu6) ... 122s Selecting previously unselected package sssd-kcm. 122s Preparing to unpack .../55-sssd-kcm_2.9.4-1.1ubuntu6_amd64.deb ... 122s Unpacking sssd-kcm (2.9.4-1.1ubuntu6) ... 122s Selecting previously unselected package sssd-tools. 122s Preparing to unpack .../56-sssd-tools_2.9.4-1.1ubuntu6_amd64.deb ... 122s Unpacking sssd-tools (2.9.4-1.1ubuntu6) ... 122s Selecting previously unselected package libipa-hbac-dev. 122s Preparing to unpack .../57-libipa-hbac-dev_2.9.4-1.1ubuntu6_amd64.deb ... 122s Unpacking libipa-hbac-dev (2.9.4-1.1ubuntu6) ... 122s Selecting previously unselected package libsss-certmap-dev. 122s Preparing to unpack .../58-libsss-certmap-dev_2.9.4-1.1ubuntu6_amd64.deb ... 122s Unpacking libsss-certmap-dev (2.9.4-1.1ubuntu6) ... 122s Selecting previously unselected package libsss-idmap-dev. 122s Preparing to unpack .../59-libsss-idmap-dev_2.9.4-1.1ubuntu6_amd64.deb ... 122s Unpacking libsss-idmap-dev (2.9.4-1.1ubuntu6) ... 122s Selecting previously unselected package libsss-nss-idmap-dev. 122s Preparing to unpack .../60-libsss-nss-idmap-dev_2.9.4-1.1ubuntu6_amd64.deb ... 122s Unpacking libsss-nss-idmap-dev (2.9.4-1.1ubuntu6) ... 122s Selecting previously unselected package libsss-sudo. 122s Preparing to unpack .../61-libsss-sudo_2.9.4-1.1ubuntu6_amd64.deb ... 122s Unpacking libsss-sudo (2.9.4-1.1ubuntu6) ... 122s Selecting previously unselected package python3-libipa-hbac. 122s Preparing to unpack .../62-python3-libipa-hbac_2.9.4-1.1ubuntu6_amd64.deb ... 122s Unpacking python3-libipa-hbac (2.9.4-1.1ubuntu6) ... 122s Selecting previously unselected package python3-libsss-nss-idmap. 122s Preparing to unpack .../63-python3-libsss-nss-idmap_2.9.4-1.1ubuntu6_amd64.deb ... 122s Unpacking python3-libsss-nss-idmap (2.9.4-1.1ubuntu6) ... 122s Selecting previously unselected package autopkgtest-satdep. 122s Preparing to unpack .../64-1-autopkgtest-satdep.deb ... 122s Unpacking autopkgtest-satdep (0) ... 122s Setting up libpwquality-common (1.4.5-3build1) ... 122s Setting up libnfsidmap1:amd64 (1:2.6.4-3ubuntu5) ... 122s Setting up libsss-idmap0 (2.9.4-1.1ubuntu6) ... 122s Setting up libbasicobjects0t64:amd64 (0.6.2-2.1build1) ... 122s Setting up libipa-hbac0t64 (2.9.4-1.1ubuntu6) ... 122s Setting up libsss-idmap-dev (2.9.4-1.1ubuntu6) ... 122s Setting up libref-array1t64:amd64 (0.6.2-2.1build1) ... 122s Setting up libipa-hbac-dev (2.9.4-1.1ubuntu6) ... 122s Setting up libtdb1:amd64 (1.4.10-1build1) ... 122s Setting up libcollection4t64:amd64 (0.6.2-2.1build1) ... 122s Setting up libevent-2.1-7t64:amd64 (2.1.12-stable-9ubuntu2) ... 122s Setting up ldap-utils (2.6.7+dfsg-1~exp1ubuntu8) ... 122s Setting up libjose0:amd64 (13-1) ... 122s Setting up libwbclient0:amd64 (2:4.19.5+dfsg-4ubuntu9) ... 122s Setting up libtalloc2:amd64 (2.4.2-1build2) ... 122s Setting up libpath-utils1t64:amd64 (0.6.2-2.1build1) ... 122s Setting up libavahi-common-data:amd64 (0.8-13ubuntu6) ... 122s Setting up libcares2:amd64 (1.27.0-1.0ubuntu1) ... 122s Setting up libdhash1t64:amd64 (0.6.2-2.1build1) ... 122s Setting up libtcl8.6:amd64 (8.6.14+dfsg-1build1) ... 122s Setting up libltdl7:amd64 (2.4.7-7build1) ... 122s Setting up libcrack2:amd64 (2.9.6-5.1build2) ... 122s Setting up libodbc2:amd64 (2.3.12-1ubuntu0.24.04.1) ... 122s Setting up python3-libipa-hbac (2.9.4-1.1ubuntu6) ... 122s Setting up libnss-sudo (1.9.15p5-3ubuntu5) ... 122s Setting up libsss-nss-idmap0 (2.9.4-1.1ubuntu6) ... 122s Setting up libini-config5t64:amd64 (0.6.2-2.1build1) ... 122s Setting up libtevent0t64:amd64 (0.16.1-2build1) ... 122s Setting up libnss-sss:amd64 (2.9.4-1.1ubuntu6) ... 122s Setting up slapd (2.6.7+dfsg-1~exp1ubuntu8) ... 123s Creating new user openldap... done. 123s Creating initial configuration... done. 123s Creating LDAP directory... done. 123s Setting up tcl8.6 (8.6.14+dfsg-1build1) ... 123s Setting up libsss-sudo (2.9.4-1.1ubuntu6) ... 123s Setting up libsss-nss-idmap-dev (2.9.4-1.1ubuntu6) ... 123s Setting up libavahi-common3:amd64 (0.8-13ubuntu6) ... 123s Setting up tcl-expect:amd64 (5.45.4-3) ... 123s Setting up libsss-certmap0 (2.9.4-1.1ubuntu6) ... 123s Setting up libpwquality1:amd64 (1.4.5-3build1) ... 123s Setting up python3-libsss-nss-idmap (2.9.4-1.1ubuntu6) ... 123s Setting up libldb2:amd64 (2:2.8.0+samba4.19.5+dfsg-4ubuntu9) ... 123s Setting up libavahi-client3:amd64 (0.8-13ubuntu6) ... 123s Setting up expect (5.45.4-3) ... 123s Setting up libpam-pwquality:amd64 (1.4.5-3build1) ... 123s Setting up samba-libs:amd64 (2:4.19.5+dfsg-4ubuntu9) ... 123s Setting up libsss-certmap-dev (2.9.4-1.1ubuntu6) ... 124s Setting up python3-sss (2.9.4-1.1ubuntu6) ... 124s Setting up libsmbclient0:amd64 (2:4.19.5+dfsg-4ubuntu9) ... 124s Setting up libpam-sss:amd64 (2.9.4-1.1ubuntu6) ... 124s Setting up sssd-common (2.9.4-1.1ubuntu6) ... 124s Creating SSSD system user & group... 124s warn: The home directory `/var/lib/sss' already exists. Not touching this directory. 124s warn: Warning: The home directory `/var/lib/sss' does not belong to the user you are currently creating. 124s Warning: found usr.sbin.sssd in /etc/apparmor.d/force-complain, forcing complain mode 124s Warning from /etc/apparmor.d/usr.sbin.sssd (/etc/apparmor.d/usr.sbin.sssd line 63): Caching disabled for: 'usr.sbin.sssd' due to force complain 125s Created symlink /etc/systemd/system/sssd.service.wants/sssd-autofs.socket → /usr/lib/systemd/system/sssd-autofs.socket. 125s Created symlink /etc/systemd/system/sssd.service.wants/sssd-nss.socket → /usr/lib/systemd/system/sssd-nss.socket. 125s Created symlink /etc/systemd/system/sssd.service.wants/sssd-pam-priv.socket → /usr/lib/systemd/system/sssd-pam-priv.socket. 125s Created symlink /etc/systemd/system/sssd.service.wants/sssd-pam.socket → /usr/lib/systemd/system/sssd-pam.socket. 125s Created symlink /etc/systemd/system/sssd.service.wants/sssd-ssh.socket → /usr/lib/systemd/system/sssd-ssh.socket. 126s Created symlink /etc/systemd/system/sssd.service.wants/sssd-sudo.socket → /usr/lib/systemd/system/sssd-sudo.socket. 126s Created symlink /etc/systemd/system/multi-user.target.wants/sssd.service → /usr/lib/systemd/system/sssd.service. 126s sssd-autofs.service is a disabled or a static unit, not starting it. 126s sssd-nss.service is a disabled or a static unit, not starting it. 126s sssd-pam.service is a disabled or a static unit, not starting it. 126s sssd-ssh.service is a disabled or a static unit, not starting it. 126s sssd-sudo.service is a disabled or a static unit, not starting it. 126s Could not execute systemctl: at /usr/bin/deb-systemd-invoke line 148. 126s Setting up sssd-proxy (2.9.4-1.1ubuntu6) ... 126s Setting up sssd-kcm (2.9.4-1.1ubuntu6) ... 127s Created symlink /etc/systemd/system/sockets.target.wants/sssd-kcm.socket → /usr/lib/systemd/system/sssd-kcm.socket. 127s sssd-kcm.service is a disabled or a static unit, not starting it. 127s Setting up sssd-dbus (2.9.4-1.1ubuntu6) ... 127s sssd-ifp.service is a disabled or a static unit, not starting it. 127s Setting up sssd-ad-common (2.9.4-1.1ubuntu6) ... 128s Created symlink /etc/systemd/system/sssd.service.wants/sssd-pac.socket → /usr/lib/systemd/system/sssd-pac.socket. 128s sssd-pac.service is a disabled or a static unit, not starting it. 128s Could not execute systemctl: at /usr/bin/deb-systemd-invoke line 148. 128s Setting up sssd-krb5-common (2.9.4-1.1ubuntu6) ... 128s Setting up sssd-krb5 (2.9.4-1.1ubuntu6) ... 128s Setting up sssd-ldap (2.9.4-1.1ubuntu6) ... 128s Setting up sssd-ad (2.9.4-1.1ubuntu6) ... 128s Setting up sssd-tools (2.9.4-1.1ubuntu6) ... 128s Setting up sssd-ipa (2.9.4-1.1ubuntu6) ... 128s Setting up sssd (2.9.4-1.1ubuntu6) ... 128s Setting up libverto-libevent1t64:amd64 (0.3.1-1.2ubuntu3) ... 128s Setting up libverto1t64:amd64 (0.3.1-1.2ubuntu3) ... 128s Setting up libkrad0:amd64 (1.20.1-6ubuntu2) ... 128s Setting up sssd-passkey (2.9.4-1.1ubuntu6) ... 128s Setting up sssd-idp (2.9.4-1.1ubuntu6) ... 128s Setting up autopkgtest-satdep (0) ... 128s Processing triggers for libc-bin (2.39-0ubuntu8.2) ... 128s Processing triggers for ufw (0.36.2-6) ... 128s Processing triggers for man-db (2.12.0-4build2) ... 130s Processing triggers for dbus (1.14.10-4ubuntu4) ... 136s (Reading database ... 75252 files and directories currently installed.) 136s Removing autopkgtest-satdep (0) ... 137s autopkgtest [15:14:08]: test ldap-user-group-ldap-auth: [----------------------- 137s + . debian/tests/util 137s + . debian/tests/common-tests 137s + mydomain=example.com 137s + myhostname=ldap.example.com 137s + mysuffix=dc=example,dc=com 137s + admin_dn=cn=admin,dc=example,dc=com 137s + admin_pw=secret 137s + ldap_user=testuser1 137s + ldap_user_pw=testuser1secret 137s + ldap_group=ldapusers 137s + adjust_hostname ldap.example.com 137s + local myhostname=ldap.example.com 137s + echo ldap.example.com 137s + hostname ldap.example.com 137s + grep -qE ldap.example.com /etc/hosts 137s + echo 127.0.1.10 ldap.example.com 137s + reconfigure_slapd 137s + debconf-set-selections 137s + rm -rf /var/backups/*slapd* /var/backups/unknown*ldapdb 137s + dpkg-reconfigure -fnoninteractive -pcritical slapd 137s Backing up /etc/ldap/slapd.d in /var/backups/slapd-2.6.7+dfsg-1~exp1ubuntu8... done. 137s Moving old database directory to /var/backups: 137s - directory unknown... done. 137s Creating initial configuration... done. 137s Creating LDAP directory... done. 138s + generate_certs ldap.example.com 138s + local cn=ldap.example.com 138s + local cert=/etc/ldap/server.pem 138s + local key=/etc/ldap/server.key 138s + local cnf=/etc/ldap/openssl.cnf 138s + cat 138s + openssl req -new -x509 -nodes -out /etc/ldap/server.pem -keyout /etc/ldap/server.key -config /etc/ldap/openssl.cnf 138s .....................................++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 138s ............................................................................++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 138s ----- 138s + chmod 0640 /etc/ldap/server.key 138s + chgrp openldap /etc/ldap/server.key 138s + [ ! -f /etc/ldap/server.pem ] 138s + [ ! -f /etc/ldap/server.key ] 138s + enable_ldap_ssl 138s + cat 138s + cat 138s + ldapmodify -H ldapi:/// -Y EXTERNAL -Q 138s modifying entry "cn=config" 138s 138s + populate_ldap_rfc2307 138s + cat 138s + ldapadd -x -D cn=admin,dc=example,dc=com -w secret 138s adding new entry "ou=People,dc=example,dc=com" 138s 138s adding new entry "ou=Group,dc=example,dc=com" 138s 138s adding new entry "uid=testuser1,ou=People,dc=example,dc=com" 138s 138s adding new entry "cn=testuser1,ou=Group,dc=example,dc=com" 138s 138s adding new entry "cn=ldapusers,ou=Group,dc=example,dc=com" 138s 138s + configure_sssd_ldap_rfc2307 138s + cat 138s + chmod 0600 /etc/sssd/sssd.conf 138s + systemctl restart sssd 138s + enable_pam_mkhomedir 138s + grep -qE ^session.*pam_mkhomedir\.so /etc/pam.d/common-session 138s Assert local user databases do not have our LDAP test data 138s + echo session optional pam_mkhomedir.so 138s + run_common_tests 138s + echo Assert local user databases do not have our LDAP test data 138s + check_local_user testuser1 138s + local local_user=testuser1 138s + grep -q ^testuser1 /etc/passwd 138s + check_local_group testuser1 138s + local local_group=testuser1 138s + grep -q ^testuser1 /etc/group 138s + check_local_group ldapusers 138s + local local_group=ldapusers 138s + grep -q ^ldapusers /etc/group 138s + echo The LDAP user is known to the system via getent 138s + check_getent_user testuser1 138s + local getent_user=testuser1 138s + local output 138s The LDAP user is known to the system via getent 138s + getent passwd testuser1 138s + The LDAP user's private group is known to the system via getent 138s output=testuser1:*:10001:10001:testuser1:/home/testuser1:/bin/bash 138s + [ -z testuser1:*:10001:10001:testuser1:/home/testuser1:/bin/bash ] 138s + echo The LDAP user's private group is known to the system via getent 138s + check_getent_group testuser1 138s + local getent_group=testuser1 138s + local output 138s + getent group testuser1 138s + output=testuser1:*:10001:testuser1 138s + [ -z testuser1:*:10001:testuser1 ] 138s + echo The LDAP group ldapusers is known to the system via getent 138s + check_getent_group ldapusers 138s + local getent_group=ldapusers 138s + local output 138s + getent group ldapusers 138s The LDAP group ldapusers is known to the system via getent 138s The id(1) command can resolve the group membership of the LDAP user 138s + output=ldapusers:*:10100:testuser1 138s + [ -z ldapusers:*:10100:testuser1 ] 138s + echo The id(1) command can resolve the group membership of the LDAP user 138s + id -Gn testuser1 138s The LDAP user can login on a terminal 138s + output=testuser1 ldapusers 138s + [ testuser1 ldapusers != testuser1 ldapusers ] 138s + echo The LDAP user can login on a terminal 138s + /usr/bin/expect -f debian/tests/login.exp testuser1 testuser1secret 138s spawn login 138s ldap.example.com login: testuser1 138s Password: 138s Welcome to Ubuntu 24.04 LTS (GNU/Linux 6.8.0-35-generic x86_64) 138s 138s * Documentation: https://help.ubuntu.com 138s * Management: https://landscape.canonical.com 138s * Support: https://ubuntu.com/pro 138s 138s 138s The programs included with the Ubuntu system are free software; 138s the exact distribution terms for each program are described in the 138s individual files in /usr/share/doc/*/copyright. 138s 138s Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by 138s applicable law. 138s 138s 138s The programs included with the Ubuntu system are free software; 138s the exact distribution terms for each program are described in the 138s individual files in /usr/share/doc/*/copyright. 138s 138s Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by 138s applicable law. 138s 138s Creating directory '/home/testuser1'. 139s [?2004htestuser1@ldap:~$ id -un 139s [?2004l testuser1 139s [?2004htestuser1@ldap:~$ autopkgtest [15:14:10]: test ldap-user-group-ldap-auth: -----------------------] 139s autopkgtest [15:14:10]: test ldap-user-group-ldap-auth: - - - - - - - - - - results - - - - - - - - - - 139s ldap-user-group-ldap-auth PASS 139s autopkgtest [15:14:10]: test ldap-user-group-krb5-auth: preparing testbed 140s Reading package lists... 141s Building dependency tree... 141s Reading state information... 141s Starting pkgProblemResolver with broken count: 0 141s Starting 2 pkgProblemResolver with broken count: 0 141s Done 142s The following additional packages will be installed: 142s krb5-admin-server krb5-config krb5-kdc krb5-user libgssrpc4t64 142s libkadm5clnt-mit12 libkadm5srv-mit12 libkdb5-10t64 142s Suggested packages: 142s krb5-kdc-ldap krb5-kpropd krb5-k5tls krb5-doc 142s The following NEW packages will be installed: 142s autopkgtest-satdep krb5-admin-server krb5-config krb5-kdc krb5-user 142s libgssrpc4t64 libkadm5clnt-mit12 libkadm5srv-mit12 libkdb5-10t64 142s 0 upgraded, 9 newly installed, 0 to remove and 0 not upgraded. 142s Need to get 599 kB/600 kB of archives. 142s After this operation, 2119 kB of additional disk space will be used. 142s Get:1 /tmp/autopkgtest.m2Kdas/2-autopkgtest-satdep.deb autopkgtest-satdep amd64 0 [892 B] 142s Get:2 http://ftpmaster.internal/ubuntu noble/main amd64 krb5-config all 2.7 [22.0 kB] 142s Get:3 http://ftpmaster.internal/ubuntu noble/main amd64 libgssrpc4t64 amd64 1.20.1-6ubuntu2 [57.6 kB] 142s Get:4 http://ftpmaster.internal/ubuntu noble/main amd64 libkadm5clnt-mit12 amd64 1.20.1-6ubuntu2 [40.1 kB] 142s Get:5 http://ftpmaster.internal/ubuntu noble/main amd64 libkdb5-10t64 amd64 1.20.1-6ubuntu2 [40.3 kB] 142s Get:6 http://ftpmaster.internal/ubuntu noble/main amd64 libkadm5srv-mit12 amd64 1.20.1-6ubuntu2 [53.0 kB] 142s Get:7 http://ftpmaster.internal/ubuntu noble/universe amd64 krb5-user amd64 1.20.1-6ubuntu2 [109 kB] 142s Get:8 http://ftpmaster.internal/ubuntu noble/universe amd64 krb5-kdc amd64 1.20.1-6ubuntu2 [182 kB] 142s Get:9 http://ftpmaster.internal/ubuntu noble/universe amd64 krb5-admin-server amd64 1.20.1-6ubuntu2 [95.9 kB] 142s Preconfiguring packages ... 143s Fetched 599 kB in 0s (12.9 MB/s) 143s Selecting previously unselected package krb5-config. 143s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 75252 files and directories currently installed.) 143s Preparing to unpack .../0-krb5-config_2.7_all.deb ... 143s Unpacking krb5-config (2.7) ... 143s Selecting previously unselected package libgssrpc4t64:amd64. 143s Preparing to unpack .../1-libgssrpc4t64_1.20.1-6ubuntu2_amd64.deb ... 143s Unpacking libgssrpc4t64:amd64 (1.20.1-6ubuntu2) ... 143s Selecting previously unselected package libkadm5clnt-mit12:amd64. 143s Preparing to unpack .../2-libkadm5clnt-mit12_1.20.1-6ubuntu2_amd64.deb ... 143s Unpacking libkadm5clnt-mit12:amd64 (1.20.1-6ubuntu2) ... 143s Selecting previously unselected package libkdb5-10t64:amd64. 143s Preparing to unpack .../3-libkdb5-10t64_1.20.1-6ubuntu2_amd64.deb ... 143s Unpacking libkdb5-10t64:amd64 (1.20.1-6ubuntu2) ... 143s Selecting previously unselected package libkadm5srv-mit12:amd64. 143s Preparing to unpack .../4-libkadm5srv-mit12_1.20.1-6ubuntu2_amd64.deb ... 143s Unpacking libkadm5srv-mit12:amd64 (1.20.1-6ubuntu2) ... 143s Selecting previously unselected package krb5-user. 143s Preparing to unpack .../5-krb5-user_1.20.1-6ubuntu2_amd64.deb ... 143s Unpacking krb5-user (1.20.1-6ubuntu2) ... 143s Selecting previously unselected package krb5-kdc. 143s Preparing to unpack .../6-krb5-kdc_1.20.1-6ubuntu2_amd64.deb ... 143s Unpacking krb5-kdc (1.20.1-6ubuntu2) ... 143s Selecting previously unselected package krb5-admin-server. 143s Preparing to unpack .../7-krb5-admin-server_1.20.1-6ubuntu2_amd64.deb ... 143s Unpacking krb5-admin-server (1.20.1-6ubuntu2) ... 143s Selecting previously unselected package autopkgtest-satdep. 143s Preparing to unpack .../8-2-autopkgtest-satdep.deb ... 143s Unpacking autopkgtest-satdep (0) ... 143s Setting up libgssrpc4t64:amd64 (1.20.1-6ubuntu2) ... 143s Setting up krb5-config (2.7) ... 143s Setting up libkadm5clnt-mit12:amd64 (1.20.1-6ubuntu2) ... 143s Setting up libkdb5-10t64:amd64 (1.20.1-6ubuntu2) ... 143s Setting up libkadm5srv-mit12:amd64 (1.20.1-6ubuntu2) ... 143s Setting up krb5-user (1.20.1-6ubuntu2) ... 143s update-alternatives: using /usr/bin/kinit.mit to provide /usr/bin/kinit (kinit) in auto mode 143s update-alternatives: using /usr/bin/klist.mit to provide /usr/bin/klist (klist) in auto mode 143s update-alternatives: using /usr/bin/kswitch.mit to provide /usr/bin/kswitch (kswitch) in auto mode 143s update-alternatives: using /usr/bin/ksu.mit to provide /usr/bin/ksu (ksu) in auto mode 143s update-alternatives: using /usr/bin/kpasswd.mit to provide /usr/bin/kpasswd (kpasswd) in auto mode 143s update-alternatives: using /usr/bin/kdestroy.mit to provide /usr/bin/kdestroy (kdestroy) in auto mode 143s update-alternatives: using /usr/bin/kadmin.mit to provide /usr/bin/kadmin (kadmin) in auto mode 143s update-alternatives: using /usr/bin/ktutil.mit to provide /usr/bin/ktutil (ktutil) in auto mode 143s Setting up krb5-kdc (1.20.1-6ubuntu2) ... 144s Created symlink /etc/systemd/system/multi-user.target.wants/krb5-kdc.service → /usr/lib/systemd/system/krb5-kdc.service. 144s Could not execute systemctl: at /usr/bin/deb-systemd-invoke line 148. 144s Setting up krb5-admin-server (1.20.1-6ubuntu2) ... 145s Created symlink /etc/systemd/system/multi-user.target.wants/krb5-admin-server.service → /usr/lib/systemd/system/krb5-admin-server.service. 146s Setting up autopkgtest-satdep (0) ... 146s Processing triggers for man-db (2.12.0-4build2) ... 146s Processing triggers for libc-bin (2.39-0ubuntu8.2) ... 150s (Reading database ... 75347 files and directories currently installed.) 150s Removing autopkgtest-satdep (0) ... 151s autopkgtest [15:14:22]: test ldap-user-group-krb5-auth: [----------------------- 151s + . debian/tests/util 151s + . debian/tests/common-tests 151s + mydomain=example.com 151s + myhostname=ldap.example.com 151s + mysuffix=dc=example,dc=com 151s + myrealm=EXAMPLE.COM 151s + admin_dn=cn=admin,dc=example,dc=com 151s + admin_pw=secret 151s + ldap_user=testuser1 151s + ldap_user_pw=testuser1secret 151s + kerberos_principal_pw=testuser1kerberos 151s + ldap_group=ldapusers 151s + adjust_hostname ldap.example.com 151s + local myhostname=ldap.example.com 151s + echo ldap.example.com 151s + hostname ldap.example.com 151s + grep -qE ldap.example.com /etc/hosts 151s + reconfigure_slapd 151s + debconf-set-selections 151s + rm -rf /var/backups/slapd-2.6.7+dfsg-1~exp1ubuntu8 /var/backups/unknown-2.6.7+dfsg-1~exp1ubuntu8-20240614-151408.ldapdb 151s + dpkg-reconfigure -fnoninteractive -pcritical slapd 151s Backing up /etc/ldap/slapd.d in /var/backups/slapd-2.6.7+dfsg-1~exp1ubuntu8... done. 151s Moving old database directory to /var/backups: 151s - directory unknown... done. 151s Creating initial configuration... done. 151s Creating LDAP directory... done. 152s + generate_certs ldap.example.com 152s + local cn=ldap.example.com 152s + local cert=/etc/ldap/server.pem 152s + local key=/etc/ldap/server.key 152s + local cnf=/etc/ldap/openssl.cnf 152s + cat 152s + openssl req -new -x509 -nodes -out /etc/ldap/server.pem -keyout /etc/ldap/server.key -config /etc/ldap/openssl.cnf 152s .................++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 152s .........++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 152s ----- 152s + chmod 0640 /etc/ldap/server.key 152s + chgrp openldap /etc/ldap/server.key 152s + [ ! -f /etc/ldap/server.pem ] 152s + [ ! -f /etc/ldap/server.key ] 152s + enable_ldap_ssl 152s + cat 152s + cat 152s + ldapmodify -H ldapi:/// -Y EXTERNAL -Q 152s modifying entry "cn=config" 152s 152s + populate_ldap_rfc2307 152s + cat 152s + ldapadd -x -D cn=admin,dc=example,dc=com -w secret 152s + create_realm EXAMPLE.COM ldap.example.com 152s + local realm_name=EXAMPLE.COM 152s + local kerberos_server=ldap.example.com 152s + rm -rf /var/lib/krb5kdc/* 152s adding new entry "ou=People,dc=example,dc=com" 152s 152s adding new entry "ou=Group,dc=example,dc=com" 152s 152s adding new entry "uid=testuser1,ou=People,dc=example,dc=com" 152s 152s adding new entry "cn=testuser1,ou=Group,dc=example,dc=com" 152s 152s adding new entry "cn=ldapusers,ou=Group,dc=example,dc=com" 152s 152s + rm -rf /etc/krb5kdc/kdc.conf 152s + rm -f /etc/krb5.keytab 152s + cat 152s + cat 152s + echo # */admin * 152s + kdb5_util create -s -P secretpassword 152s Initializing database '/var/lib/krb5kdc/principal' for realm 'EXAMPLE.COM', 152s master key name 'K/M@EXAMPLE.COM' 152s + systemctl restart krb5-kdc.service krb5-admin-server.service 152s + create_krb_principal testuser1 testuser1kerberos 152s + local principal=testuser1 152s + local password=testuser1kerberos 152s + kadmin.local -q addprinc -pw testuser1kerberos testuser1 152s No policy specified for testuser1@EXAMPLE.COM; defaulting to no policy 152s Authenticating as principal root/admin@EXAMPLE.COM with password. 152s Principal "testuser1@EXAMPLE.COM" created. 152s + configure_sssd_ldap_rfc2307_krb5_auth 152s + cat 152s + chmod 0600 /etc/sssd/sssd.conf 152s + systemctl restart sssd 152s + enable_pam_mkhomedir 152s + grep -qE ^session.*pam_mkhomedir\.so /etc/pam.d/common-session 152s + run_common_tests 152s + echo Assert local user databases do not have our LDAP test data 152s + check_local_user testuser1 152s + local local_user=testuser1 152s + grep -q ^testuser1 /etc/passwd 152s Assert local user databases do not have our LDAP test data 152s + check_local_group testuser1 152s + local local_group=testuser1 152s + grep -q ^testuser1 /etc/group 152s + check_local_group ldapusers 152s + local local_group=ldapusers 152s + grep -q ^ldapusers /etc/group 152s The LDAP user is known to the system via getent 152s + echo The LDAP user is known to the system via getent 152s + check_getent_user testuser1 152s + local getent_user=testuser1 152s + local output 152s + getent passwd testuser1 152s + output=testuser1:*:10001:10001:testuser1:/home/testuser1:/bin/bash 152s + [ -z testuser1:*:10001:10001:testuser1:/home/testuser1:/bin/bash ] 152s + echo The LDAP user's private group is known to the system via getent 152s + check_getent_group testuser1 152s + local getent_group=testuser1 152s + local output 152s + getent group testuser1 152s The LDAP user's private group is known to the system via getent 152s + output=testuser1:*:10001:testuser1 152s + [ -zThe LDAP group ldapusers is known to the system via getent 152s testuser1:*:10001:testuser1 ] 152s + echo The LDAP group ldapusers is known to the system via getent 152s + check_getent_group ldapusers 152s + local getent_group=ldapusers 152s + local output 152s + getent group ldapusers 152s + output=ldapusers:*:10100:testuser1 152s + [ -z ldapusers:*:10100:testuser1 ] 152s + echo The id(1) command can resolve the group membership of the LDAP user 152s + The id(1) command can resolve the group membership of the LDAP user 152s id -Gn testuser1 152s + output=testuser1 ldapusers 152s + [ testuser1 ldapusers != testuser1 ldapusers ] 152s + echo The Kerberos principal can login on a terminal 152s + kdestroy 152s + /usr/bin/expect -f debian/tests/login.exp testuser1 testuser1kerberos testuser1@EXAMPLE.COM 152s The Kerberos principal can login on a terminal 152s spawn login 152s ldap.example.com login: testuser1 152s Password: 153s Welcome to Ubuntu 24.04 LTS (GNU/Linux 6.8.0-35-generic x86_64) 153s 153s * Documentation: https://help.ubuntu.com 153s * Management: https://landscape.canonical.com 153s * Support: https://ubuntu.com/pro 153s 153s 153s The programs included with the Ubuntu system are free software; 153s the exact distribution terms for each program are described in the 153s individual files in /usr/share/doc/*/copyright. 153s 153s Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by 153s applicable law. 153s 153s [?2004htestuser1@ldap:~$ id -un 153s [?2004l testuser1 153s [?2004htestuser1@ldap:~$ klist 153s [?2004l Ticket cache: FILE:/tmp/krb5cc_10001_5jwdeb 153s Default principal: testuser1@EXAMPLE.COM 153s 153s autopkgtest [15:14:24]: test ldap-user-group-krb5-auth: -----------------------] 153s autopkgtest [15:14:24]: test ldap-user-group-krb5-auth: - - - - - - - - - - results - - - - - - - - - - 153s ldap-user-group-krb5-auth PASS 153s autopkgtest [15:14:24]: test sssd-softhism2-certificates-tests.sh: preparing testbed 213s autopkgtest [15:15:24]: testbed dpkg architecture: amd64 213s autopkgtest [15:15:24]: testbed apt version: 2.7.14build2 213s autopkgtest [15:15:24]: @@@@@@@@@@@@@@@@@@@@ test bed setup 213s Get:1 http://ftpmaster.internal/ubuntu noble-proposed InRelease [265 kB] 213s Get:2 http://ftpmaster.internal/ubuntu noble-proposed/universe Sources [12.9 kB] 213s Get:3 http://ftpmaster.internal/ubuntu noble-proposed/multiverse Sources [5468 B] 213s Get:4 http://ftpmaster.internal/ubuntu noble-proposed/restricted Sources [10.5 kB] 213s Get:5 http://ftpmaster.internal/ubuntu noble-proposed/main Sources [22.6 kB] 213s Get:6 http://ftpmaster.internal/ubuntu noble-proposed/main i386 Packages [22.0 kB] 214s Get:7 http://ftpmaster.internal/ubuntu noble-proposed/main amd64 Packages [51.2 kB] 214s Get:8 http://ftpmaster.internal/ubuntu noble-proposed/main amd64 c-n-f Metadata [3508 B] 214s Get:9 http://ftpmaster.internal/ubuntu noble-proposed/restricted amd64 Packages [64.0 kB] 214s Get:10 http://ftpmaster.internal/ubuntu noble-proposed/restricted i386 Packages [13.8 kB] 214s Get:11 http://ftpmaster.internal/ubuntu noble-proposed/restricted amd64 c-n-f Metadata [116 B] 214s Get:12 http://ftpmaster.internal/ubuntu noble-proposed/universe amd64 Packages [36.4 kB] 214s Get:13 http://ftpmaster.internal/ubuntu noble-proposed/universe i386 Packages [24.9 kB] 214s Get:14 http://ftpmaster.internal/ubuntu noble-proposed/universe amd64 c-n-f Metadata [9396 B] 214s Get:15 http://ftpmaster.internal/ubuntu noble-proposed/multiverse i386 Packages [2392 B] 214s Get:16 http://ftpmaster.internal/ubuntu noble-proposed/multiverse amd64 Packages [10.6 kB] 214s Get:17 http://ftpmaster.internal/ubuntu noble-proposed/multiverse amd64 c-n-f Metadata [196 B] 215s Fetched 555 kB in 0s (1887 kB/s) 215s Reading package lists... 216s Reading package lists... 216s Building dependency tree... 216s Reading state information... 217s Calculating upgrade... 217s The following packages will be upgraded: 217s cloud-init login passwd 217s 3 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 217s Need to get 1645 kB of archives. 217s After this operation, 1024 B of additional disk space will be used. 217s Get:1 http://ftpmaster.internal/ubuntu noble-proposed/main amd64 login amd64 1:4.13+dfsg1-4ubuntu3.2 [202 kB] 217s Get:2 http://ftpmaster.internal/ubuntu noble-proposed/main amd64 passwd amd64 1:4.13+dfsg1-4ubuntu3.2 [845 kB] 217s Get:3 http://ftpmaster.internal/ubuntu noble-updates/main amd64 cloud-init all 24.1.3-0ubuntu3.3 [598 kB] 218s Preconfiguring packages ... 218s Fetched 1645 kB in 0s (17.7 MB/s) 218s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 73961 files and directories currently installed.) 218s Preparing to unpack .../login_1%3a4.13+dfsg1-4ubuntu3.2_amd64.deb ... 218s Unpacking login (1:4.13+dfsg1-4ubuntu3.2) over (1:4.13+dfsg1-4ubuntu3) ... 218s Setting up login (1:4.13+dfsg1-4ubuntu3.2) ... 218s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 73961 files and directories currently installed.) 218s Preparing to unpack .../passwd_1%3a4.13+dfsg1-4ubuntu3.2_amd64.deb ... 218s Unpacking passwd (1:4.13+dfsg1-4ubuntu3.2) over (1:4.13+dfsg1-4ubuntu3) ... 218s Setting up passwd (1:4.13+dfsg1-4ubuntu3.2) ... 218s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 73961 files and directories currently installed.) 218s Preparing to unpack .../cloud-init_24.1.3-0ubuntu3.3_all.deb ... 219s Unpacking cloud-init (24.1.3-0ubuntu3.3) over (24.1.3-0ubuntu3.2) ... 219s Setting up cloud-init (24.1.3-0ubuntu3.3) ... 220s Processing triggers for man-db (2.12.0-4build2) ... 222s Processing triggers for rsyslog (8.2312.0-3ubuntu9) ... 222s Reading package lists... 222s Building dependency tree... 222s Reading state information... 223s 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 223s Hit:1 http://ftpmaster.internal/ubuntu noble-proposed InRelease 223s Hit:2 http://ftpmaster.internal/ubuntu noble InRelease 223s Hit:3 http://ftpmaster.internal/ubuntu noble-updates InRelease 223s Hit:4 http://ftpmaster.internal/ubuntu noble-security InRelease 224s Reading package lists... 224s Reading package lists... 224s Building dependency tree... 224s Reading state information... 225s Calculating upgrade... 225s 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 225s Reading package lists... 225s Building dependency tree... 225s Reading state information... 226s 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 226s autopkgtest [15:15:37]: rebooting testbed after setup commands that affected boot 229s autopkgtest-virt-ssh: WARNING: ssh connection failed. Retrying in 3 seconds... 344s Reading package lists... 345s Building dependency tree... 345s Reading state information... 345s Starting pkgProblemResolver with broken count: 0 345s Starting 2 pkgProblemResolver with broken count: 0 345s Done 345s The following additional packages will be installed: 345s gnutls-bin libavahi-client3 libavahi-common-data libavahi-common3 345s libbasicobjects0t64 libcares2 libcollection4t64 libcrack2 libdhash1t64 345s libevent-2.1-7t64 libgnutls-dane0t64 libini-config5t64 libipa-hbac0t64 345s libldb2 libnfsidmap1 libnss-sss libpam-pwquality libpam-sss 345s libpath-utils1t64 libpwquality-common libpwquality1 libref-array1t64 345s libsmbclient0 libsofthsm2 libsss-certmap0 libsss-idmap0 libsss-nss-idmap0 345s libtalloc2 libtdb1 libtevent0t64 libunbound8 libwbclient0 python3-sss 345s samba-libs softhsm2 softhsm2-common sssd sssd-ad sssd-ad-common sssd-common 345s sssd-ipa sssd-krb5 sssd-krb5-common sssd-ldap sssd-proxy 345s Suggested packages: 345s dns-root-data adcli libsss-sudo sssd-tools libsasl2-modules-ldap 345s Recommended packages: 345s cracklib-runtime libsasl2-modules-gssapi-mit 345s | libsasl2-modules-gssapi-heimdal ldap-utils 345s The following NEW packages will be installed: 345s autopkgtest-satdep gnutls-bin libavahi-client3 libavahi-common-data 345s libavahi-common3 libbasicobjects0t64 libcares2 libcollection4t64 libcrack2 345s libdhash1t64 libevent-2.1-7t64 libgnutls-dane0t64 libini-config5t64 345s libipa-hbac0t64 libldb2 libnfsidmap1 libnss-sss libpam-pwquality libpam-sss 345s libpath-utils1t64 libpwquality-common libpwquality1 libref-array1t64 345s libsmbclient0 libsofthsm2 libsss-certmap0 libsss-idmap0 libsss-nss-idmap0 345s libtalloc2 libtdb1 libtevent0t64 libunbound8 libwbclient0 python3-sss 345s samba-libs softhsm2 softhsm2-common sssd sssd-ad sssd-ad-common sssd-common 345s sssd-ipa sssd-krb5 sssd-krb5-common sssd-ldap sssd-proxy 345s 0 upgraded, 46 newly installed, 0 to remove and 0 not upgraded. 345s Need to get 10.1 MB/10.1 MB of archives. 345s After this operation, 39.2 MB of additional disk space will be used. 345s Get:1 /tmp/autopkgtest.m2Kdas/3-autopkgtest-satdep.deb autopkgtest-satdep amd64 0 [744 B] 345s Get:2 http://ftpmaster.internal/ubuntu noble/main amd64 libevent-2.1-7t64 amd64 2.1.12-stable-9ubuntu2 [145 kB] 345s Get:3 http://ftpmaster.internal/ubuntu noble-updates/main amd64 libunbound8 amd64 1.19.2-1ubuntu3.1 [441 kB] 345s Get:4 http://ftpmaster.internal/ubuntu noble-updates/main amd64 libgnutls-dane0t64 amd64 3.8.3-1.1ubuntu3.1 [23.5 kB] 345s Get:5 http://ftpmaster.internal/ubuntu noble-updates/universe amd64 gnutls-bin amd64 3.8.3-1.1ubuntu3.1 [270 kB] 345s Get:6 http://ftpmaster.internal/ubuntu noble/main amd64 libavahi-common-data amd64 0.8-13ubuntu6 [29.7 kB] 345s Get:7 http://ftpmaster.internal/ubuntu noble/main amd64 libavahi-common3 amd64 0.8-13ubuntu6 [23.3 kB] 345s Get:8 http://ftpmaster.internal/ubuntu noble/main amd64 libavahi-client3 amd64 0.8-13ubuntu6 [26.8 kB] 345s Get:9 http://ftpmaster.internal/ubuntu noble/main amd64 libbasicobjects0t64 amd64 0.6.2-2.1build1 [5854 B] 345s Get:10 http://ftpmaster.internal/ubuntu noble/main amd64 libcares2 amd64 1.27.0-1.0ubuntu1 [73.7 kB] 345s Get:11 http://ftpmaster.internal/ubuntu noble/main amd64 libcollection4t64 amd64 0.6.2-2.1build1 [22.8 kB] 345s Get:12 http://ftpmaster.internal/ubuntu noble/main amd64 libcrack2 amd64 2.9.6-5.1build2 [29.0 kB] 345s Get:13 http://ftpmaster.internal/ubuntu noble/main amd64 libdhash1t64 amd64 0.6.2-2.1build1 [8614 B] 345s Get:14 http://ftpmaster.internal/ubuntu noble/main amd64 libpath-utils1t64 amd64 0.6.2-2.1build1 [8744 B] 345s Get:15 http://ftpmaster.internal/ubuntu noble/main amd64 libref-array1t64 amd64 0.6.2-2.1build1 [7420 B] 345s Get:16 http://ftpmaster.internal/ubuntu noble/main amd64 libini-config5t64 amd64 0.6.2-2.1build1 [43.5 kB] 345s Get:17 http://ftpmaster.internal/ubuntu noble/main amd64 libipa-hbac0t64 amd64 2.9.4-1.1ubuntu6 [17.4 kB] 345s Get:18 http://ftpmaster.internal/ubuntu noble/main amd64 libtalloc2 amd64 2.4.2-1build2 [27.3 kB] 345s Get:19 http://ftpmaster.internal/ubuntu noble/main amd64 libtdb1 amd64 1.4.10-1build1 [46.8 kB] 345s Get:20 http://ftpmaster.internal/ubuntu noble/main amd64 libtevent0t64 amd64 0.16.1-2build1 [42.6 kB] 345s Get:21 http://ftpmaster.internal/ubuntu noble/main amd64 libldb2 amd64 2:2.8.0+samba4.19.5+dfsg-4ubuntu9 [187 kB] 345s Get:22 http://ftpmaster.internal/ubuntu noble/main amd64 libnfsidmap1 amd64 1:2.6.4-3ubuntu5 [48.2 kB] 345s Get:23 http://ftpmaster.internal/ubuntu noble/main amd64 libpwquality-common all 1.4.5-3build1 [7748 B] 345s Get:24 http://ftpmaster.internal/ubuntu noble/main amd64 libpwquality1 amd64 1.4.5-3build1 [13.5 kB] 345s Get:25 http://ftpmaster.internal/ubuntu noble/main amd64 libpam-pwquality amd64 1.4.5-3build1 [11.7 kB] 345s Get:26 http://ftpmaster.internal/ubuntu noble/main amd64 libwbclient0 amd64 2:4.19.5+dfsg-4ubuntu9 [70.6 kB] 345s Get:27 http://ftpmaster.internal/ubuntu noble/main amd64 samba-libs amd64 2:4.19.5+dfsg-4ubuntu9 [6017 kB] 346s Get:28 http://ftpmaster.internal/ubuntu noble/main amd64 libsmbclient0 amd64 2:4.19.5+dfsg-4ubuntu9 [62.4 kB] 346s Get:29 http://ftpmaster.internal/ubuntu noble/universe amd64 softhsm2-common amd64 2.6.1-2.2ubuntu3 [6198 B] 346s Get:30 http://ftpmaster.internal/ubuntu noble/universe amd64 libsofthsm2 amd64 2.6.1-2.2ubuntu3 [266 kB] 346s Get:31 http://ftpmaster.internal/ubuntu noble/universe amd64 softhsm2 amd64 2.6.1-2.2ubuntu3 [175 kB] 346s Get:32 http://ftpmaster.internal/ubuntu noble/main amd64 python3-sss amd64 2.9.4-1.1ubuntu6 [47.1 kB] 346s Get:33 http://ftpmaster.internal/ubuntu noble/main amd64 libsss-idmap0 amd64 2.9.4-1.1ubuntu6 [21.7 kB] 346s Get:34 http://ftpmaster.internal/ubuntu noble/main amd64 libnss-sss amd64 2.9.4-1.1ubuntu6 [31.6 kB] 346s Get:35 http://ftpmaster.internal/ubuntu noble/main amd64 libpam-sss amd64 2.9.4-1.1ubuntu6 [50.4 kB] 346s Get:36 http://ftpmaster.internal/ubuntu noble/main amd64 libsss-certmap0 amd64 2.9.4-1.1ubuntu6 [47.1 kB] 346s Get:37 http://ftpmaster.internal/ubuntu noble/main amd64 libsss-nss-idmap0 amd64 2.9.4-1.1ubuntu6 [30.3 kB] 346s Get:38 http://ftpmaster.internal/ubuntu noble/main amd64 sssd-common amd64 2.9.4-1.1ubuntu6 [1139 kB] 346s Get:39 http://ftpmaster.internal/ubuntu noble/main amd64 sssd-ad-common amd64 2.9.4-1.1ubuntu6 [77.1 kB] 346s Get:40 http://ftpmaster.internal/ubuntu noble/main amd64 sssd-krb5-common amd64 2.9.4-1.1ubuntu6 [88.8 kB] 346s Get:41 http://ftpmaster.internal/ubuntu noble/main amd64 sssd-ad amd64 2.9.4-1.1ubuntu6 [135 kB] 346s Get:42 http://ftpmaster.internal/ubuntu noble/main amd64 sssd-ipa amd64 2.9.4-1.1ubuntu6 [221 kB] 346s Get:43 http://ftpmaster.internal/ubuntu noble/main amd64 sssd-krb5 amd64 2.9.4-1.1ubuntu6 [14.5 kB] 346s Get:44 http://ftpmaster.internal/ubuntu noble/main amd64 sssd-ldap amd64 2.9.4-1.1ubuntu6 [31.3 kB] 346s Get:45 http://ftpmaster.internal/ubuntu noble/main amd64 sssd-proxy amd64 2.9.4-1.1ubuntu6 [44.6 kB] 346s Get:46 http://ftpmaster.internal/ubuntu noble/main amd64 sssd amd64 2.9.4-1.1ubuntu6 [4118 B] 346s Fetched 10.1 MB in 0s (65.0 MB/s) 346s Selecting previously unselected package libevent-2.1-7t64:amd64. 346s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 73961 files and directories currently installed.) 346s Preparing to unpack .../00-libevent-2.1-7t64_2.1.12-stable-9ubuntu2_amd64.deb ... 346s Unpacking libevent-2.1-7t64:amd64 (2.1.12-stable-9ubuntu2) ... 346s Selecting previously unselected package libunbound8:amd64. 346s Preparing to unpack .../01-libunbound8_1.19.2-1ubuntu3.1_amd64.deb ... 346s Unpacking libunbound8:amd64 (1.19.2-1ubuntu3.1) ... 346s Selecting previously unselected package libgnutls-dane0t64:amd64. 346s Preparing to unpack .../02-libgnutls-dane0t64_3.8.3-1.1ubuntu3.1_amd64.deb ... 346s Unpacking libgnutls-dane0t64:amd64 (3.8.3-1.1ubuntu3.1) ... 346s Selecting previously unselected package gnutls-bin. 346s Preparing to unpack .../03-gnutls-bin_3.8.3-1.1ubuntu3.1_amd64.deb ... 346s Unpacking gnutls-bin (3.8.3-1.1ubuntu3.1) ... 346s Selecting previously unselected package libavahi-common-data:amd64. 346s Preparing to unpack .../04-libavahi-common-data_0.8-13ubuntu6_amd64.deb ... 346s Unpacking libavahi-common-data:amd64 (0.8-13ubuntu6) ... 346s Selecting previously unselected package libavahi-common3:amd64. 346s Preparing to unpack .../05-libavahi-common3_0.8-13ubuntu6_amd64.deb ... 346s Unpacking libavahi-common3:amd64 (0.8-13ubuntu6) ... 346s Selecting previously unselected package libavahi-client3:amd64. 347s Preparing to unpack .../06-libavahi-client3_0.8-13ubuntu6_amd64.deb ... 347s Unpacking libavahi-client3:amd64 (0.8-13ubuntu6) ... 347s Selecting previously unselected package libbasicobjects0t64:amd64. 347s Preparing to unpack .../07-libbasicobjects0t64_0.6.2-2.1build1_amd64.deb ... 347s Unpacking libbasicobjects0t64:amd64 (0.6.2-2.1build1) ... 347s Selecting previously unselected package libcares2:amd64. 347s Preparing to unpack .../08-libcares2_1.27.0-1.0ubuntu1_amd64.deb ... 347s Unpacking libcares2:amd64 (1.27.0-1.0ubuntu1) ... 347s Selecting previously unselected package libcollection4t64:amd64. 347s Preparing to unpack .../09-libcollection4t64_0.6.2-2.1build1_amd64.deb ... 347s Unpacking libcollection4t64:amd64 (0.6.2-2.1build1) ... 347s Selecting previously unselected package libcrack2:amd64. 347s Preparing to unpack .../10-libcrack2_2.9.6-5.1build2_amd64.deb ... 347s Unpacking libcrack2:amd64 (2.9.6-5.1build2) ... 347s Selecting previously unselected package libdhash1t64:amd64. 347s Preparing to unpack .../11-libdhash1t64_0.6.2-2.1build1_amd64.deb ... 347s Unpacking libdhash1t64:amd64 (0.6.2-2.1build1) ... 347s Selecting previously unselected package libpath-utils1t64:amd64. 347s Preparing to unpack .../12-libpath-utils1t64_0.6.2-2.1build1_amd64.deb ... 347s Unpacking libpath-utils1t64:amd64 (0.6.2-2.1build1) ... 347s Selecting previously unselected package libref-array1t64:amd64. 347s Preparing to unpack .../13-libref-array1t64_0.6.2-2.1build1_amd64.deb ... 347s Unpacking libref-array1t64:amd64 (0.6.2-2.1build1) ... 347s Selecting previously unselected package libini-config5t64:amd64. 347s Preparing to unpack .../14-libini-config5t64_0.6.2-2.1build1_amd64.deb ... 347s Unpacking libini-config5t64:amd64 (0.6.2-2.1build1) ... 347s Selecting previously unselected package libipa-hbac0t64. 347s Preparing to unpack .../15-libipa-hbac0t64_2.9.4-1.1ubuntu6_amd64.deb ... 347s Unpacking libipa-hbac0t64 (2.9.4-1.1ubuntu6) ... 347s Selecting previously unselected package libtalloc2:amd64. 347s Preparing to unpack .../16-libtalloc2_2.4.2-1build2_amd64.deb ... 347s Unpacking libtalloc2:amd64 (2.4.2-1build2) ... 347s Selecting previously unselected package libtdb1:amd64. 347s Preparing to unpack .../17-libtdb1_1.4.10-1build1_amd64.deb ... 347s Unpacking libtdb1:amd64 (1.4.10-1build1) ... 347s Selecting previously unselected package libtevent0t64:amd64. 347s Preparing to unpack .../18-libtevent0t64_0.16.1-2build1_amd64.deb ... 347s Unpacking libtevent0t64:amd64 (0.16.1-2build1) ... 347s Selecting previously unselected package libldb2:amd64. 347s Preparing to unpack .../19-libldb2_2%3a2.8.0+samba4.19.5+dfsg-4ubuntu9_amd64.deb ... 347s Unpacking libldb2:amd64 (2:2.8.0+samba4.19.5+dfsg-4ubuntu9) ... 347s Selecting previously unselected package libnfsidmap1:amd64. 347s Preparing to unpack .../20-libnfsidmap1_1%3a2.6.4-3ubuntu5_amd64.deb ... 347s Unpacking libnfsidmap1:amd64 (1:2.6.4-3ubuntu5) ... 347s Selecting previously unselected package libpwquality-common. 347s Preparing to unpack .../21-libpwquality-common_1.4.5-3build1_all.deb ... 347s Unpacking libpwquality-common (1.4.5-3build1) ... 347s Selecting previously unselected package libpwquality1:amd64. 347s Preparing to unpack .../22-libpwquality1_1.4.5-3build1_amd64.deb ... 347s Unpacking libpwquality1:amd64 (1.4.5-3build1) ... 347s Selecting previously unselected package libpam-pwquality:amd64. 347s Preparing to unpack .../23-libpam-pwquality_1.4.5-3build1_amd64.deb ... 347s Unpacking libpam-pwquality:amd64 (1.4.5-3build1) ... 347s Selecting previously unselected package libwbclient0:amd64. 347s Preparing to unpack .../24-libwbclient0_2%3a4.19.5+dfsg-4ubuntu9_amd64.deb ... 347s Unpacking libwbclient0:amd64 (2:4.19.5+dfsg-4ubuntu9) ... 347s Selecting previously unselected package samba-libs:amd64. 347s Preparing to unpack .../25-samba-libs_2%3a4.19.5+dfsg-4ubuntu9_amd64.deb ... 347s Unpacking samba-libs:amd64 (2:4.19.5+dfsg-4ubuntu9) ... 347s Selecting previously unselected package libsmbclient0:amd64. 347s Preparing to unpack .../26-libsmbclient0_2%3a4.19.5+dfsg-4ubuntu9_amd64.deb ... 347s Unpacking libsmbclient0:amd64 (2:4.19.5+dfsg-4ubuntu9) ... 347s Selecting previously unselected package softhsm2-common. 347s Preparing to unpack .../27-softhsm2-common_2.6.1-2.2ubuntu3_amd64.deb ... 347s Unpacking softhsm2-common (2.6.1-2.2ubuntu3) ... 347s Selecting previously unselected package libsofthsm2. 347s Preparing to unpack .../28-libsofthsm2_2.6.1-2.2ubuntu3_amd64.deb ... 347s Unpacking libsofthsm2 (2.6.1-2.2ubuntu3) ... 347s Selecting previously unselected package softhsm2. 347s Preparing to unpack .../29-softhsm2_2.6.1-2.2ubuntu3_amd64.deb ... 347s Unpacking softhsm2 (2.6.1-2.2ubuntu3) ... 347s Selecting previously unselected package python3-sss. 347s Preparing to unpack .../30-python3-sss_2.9.4-1.1ubuntu6_amd64.deb ... 347s Unpacking python3-sss (2.9.4-1.1ubuntu6) ... 347s Selecting previously unselected package libsss-idmap0. 347s Preparing to unpack .../31-libsss-idmap0_2.9.4-1.1ubuntu6_amd64.deb ... 347s Unpacking libsss-idmap0 (2.9.4-1.1ubuntu6) ... 347s Selecting previously unselected package libnss-sss:amd64. 347s Preparing to unpack .../32-libnss-sss_2.9.4-1.1ubuntu6_amd64.deb ... 347s Unpacking libnss-sss:amd64 (2.9.4-1.1ubuntu6) ... 347s Selecting previously unselected package libpam-sss:amd64. 347s Preparing to unpack .../33-libpam-sss_2.9.4-1.1ubuntu6_amd64.deb ... 347s Unpacking libpam-sss:amd64 (2.9.4-1.1ubuntu6) ... 347s Selecting previously unselected package libsss-certmap0. 347s Preparing to unpack .../34-libsss-certmap0_2.9.4-1.1ubuntu6_amd64.deb ... 347s Unpacking libsss-certmap0 (2.9.4-1.1ubuntu6) ... 347s Selecting previously unselected package libsss-nss-idmap0. 347s Preparing to unpack .../35-libsss-nss-idmap0_2.9.4-1.1ubuntu6_amd64.deb ... 347s Unpacking libsss-nss-idmap0 (2.9.4-1.1ubuntu6) ... 347s Selecting previously unselected package sssd-common. 347s Preparing to unpack .../36-sssd-common_2.9.4-1.1ubuntu6_amd64.deb ... 347s Unpacking sssd-common (2.9.4-1.1ubuntu6) ... 348s Selecting previously unselected package sssd-ad-common. 348s Preparing to unpack .../37-sssd-ad-common_2.9.4-1.1ubuntu6_amd64.deb ... 348s Unpacking sssd-ad-common (2.9.4-1.1ubuntu6) ... 348s Selecting previously unselected package sssd-krb5-common. 348s Preparing to unpack .../38-sssd-krb5-common_2.9.4-1.1ubuntu6_amd64.deb ... 348s Unpacking sssd-krb5-common (2.9.4-1.1ubuntu6) ... 348s Selecting previously unselected package sssd-ad. 348s Preparing to unpack .../39-sssd-ad_2.9.4-1.1ubuntu6_amd64.deb ... 348s Unpacking sssd-ad (2.9.4-1.1ubuntu6) ... 348s Selecting previously unselected package sssd-ipa. 348s Preparing to unpack .../40-sssd-ipa_2.9.4-1.1ubuntu6_amd64.deb ... 348s Unpacking sssd-ipa (2.9.4-1.1ubuntu6) ... 348s Selecting previously unselected package sssd-krb5. 348s Preparing to unpack .../41-sssd-krb5_2.9.4-1.1ubuntu6_amd64.deb ... 348s Unpacking sssd-krb5 (2.9.4-1.1ubuntu6) ... 348s Selecting previously unselected package sssd-ldap. 348s Preparing to unpack .../42-sssd-ldap_2.9.4-1.1ubuntu6_amd64.deb ... 348s Unpacking sssd-ldap (2.9.4-1.1ubuntu6) ... 348s Selecting previously unselected package sssd-proxy. 348s Preparing to unpack .../43-sssd-proxy_2.9.4-1.1ubuntu6_amd64.deb ... 348s Unpacking sssd-proxy (2.9.4-1.1ubuntu6) ... 348s Selecting previously unselected package sssd. 348s Preparing to unpack .../44-sssd_2.9.4-1.1ubuntu6_amd64.deb ... 348s Unpacking sssd (2.9.4-1.1ubuntu6) ... 348s Selecting previously unselected package autopkgtest-satdep. 348s Preparing to unpack .../45-3-autopkgtest-satdep.deb ... 348s Unpacking autopkgtest-satdep (0) ... 348s Setting up libpwquality-common (1.4.5-3build1) ... 348s Setting up softhsm2-common (2.6.1-2.2ubuntu3) ... 348s 348s Creating config file /etc/softhsm/softhsm2.conf with new version 348s Setting up libnfsidmap1:amd64 (1:2.6.4-3ubuntu5) ... 348s Setting up libsss-idmap0 (2.9.4-1.1ubuntu6) ... 348s Setting up libbasicobjects0t64:amd64 (0.6.2-2.1build1) ... 348s Setting up libipa-hbac0t64 (2.9.4-1.1ubuntu6) ... 348s Setting up libref-array1t64:amd64 (0.6.2-2.1build1) ... 348s Setting up libtdb1:amd64 (1.4.10-1build1) ... 348s Setting up libcollection4t64:amd64 (0.6.2-2.1build1) ... 348s Setting up libevent-2.1-7t64:amd64 (2.1.12-stable-9ubuntu2) ... 348s Setting up libwbclient0:amd64 (2:4.19.5+dfsg-4ubuntu9) ... 348s Setting up libtalloc2:amd64 (2.4.2-1build2) ... 348s Setting up libpath-utils1t64:amd64 (0.6.2-2.1build1) ... 348s Setting up libunbound8:amd64 (1.19.2-1ubuntu3.1) ... 348s Setting up libgnutls-dane0t64:amd64 (3.8.3-1.1ubuntu3.1) ... 348s Setting up libavahi-common-data:amd64 (0.8-13ubuntu6) ... 348s Setting up libcares2:amd64 (1.27.0-1.0ubuntu1) ... 348s Setting up libdhash1t64:amd64 (0.6.2-2.1build1) ... 348s Setting up libcrack2:amd64 (2.9.6-5.1build2) ... 348s Setting up libsss-nss-idmap0 (2.9.4-1.1ubuntu6) ... 348s Setting up libini-config5t64:amd64 (0.6.2-2.1build1) ... 348s Setting up libtevent0t64:amd64 (0.16.1-2build1) ... 348s Setting up libnss-sss:amd64 (2.9.4-1.1ubuntu6) ... 348s Setting up gnutls-bin (3.8.3-1.1ubuntu3.1) ... 348s Setting up libsofthsm2 (2.6.1-2.2ubuntu3) ... 348s Setting up softhsm2 (2.6.1-2.2ubuntu3) ... 348s Setting up libavahi-common3:amd64 (0.8-13ubuntu6) ... 348s Setting up libsss-certmap0 (2.9.4-1.1ubuntu6) ... 348s Setting up libpwquality1:amd64 (1.4.5-3build1) ... 348s Setting up libldb2:amd64 (2:2.8.0+samba4.19.5+dfsg-4ubuntu9) ... 348s Setting up libavahi-client3:amd64 (0.8-13ubuntu6) ... 348s Setting up libpam-pwquality:amd64 (1.4.5-3build1) ... 348s Setting up samba-libs:amd64 (2:4.19.5+dfsg-4ubuntu9) ... 348s Setting up python3-sss (2.9.4-1.1ubuntu6) ... 348s Setting up libsmbclient0:amd64 (2:4.19.5+dfsg-4ubuntu9) ... 348s Setting up libpam-sss:amd64 (2.9.4-1.1ubuntu6) ... 349s Setting up sssd-common (2.9.4-1.1ubuntu6) ... 349s Creating SSSD system user & group... 349s warn: The home directory `/var/lib/sss' already exists. Not touching this directory. 349s warn: Warning: The home directory `/var/lib/sss' does not belong to the user you are currently creating. 349s Warning: found usr.sbin.sssd in /etc/apparmor.d/force-complain, forcing complain mode 349s Warning from /etc/apparmor.d/usr.sbin.sssd (/etc/apparmor.d/usr.sbin.sssd line 63): Caching disabled for: 'usr.sbin.sssd' due to force complain 349s Created symlink /etc/systemd/system/sssd.service.wants/sssd-autofs.socket → /usr/lib/systemd/system/sssd-autofs.socket. 349s Created symlink /etc/systemd/system/sssd.service.wants/sssd-nss.socket → /usr/lib/systemd/system/sssd-nss.socket. 350s Created symlink /etc/systemd/system/sssd.service.wants/sssd-pam-priv.socket → /usr/lib/systemd/system/sssd-pam-priv.socket. 350s Created symlink /etc/systemd/system/sssd.service.wants/sssd-pam.socket → /usr/lib/systemd/system/sssd-pam.socket. 350s Created symlink /etc/systemd/system/sssd.service.wants/sssd-ssh.socket → /usr/lib/systemd/system/sssd-ssh.socket. 350s Created symlink /etc/systemd/system/sssd.service.wants/sssd-sudo.socket → /usr/lib/systemd/system/sssd-sudo.socket. 351s Created symlink /etc/systemd/system/multi-user.target.wants/sssd.service → /usr/lib/systemd/system/sssd.service. 351s sssd-autofs.service is a disabled or a static unit, not starting it. 351s sssd-nss.service is a disabled or a static unit, not starting it. 351s sssd-pam.service is a disabled or a static unit, not starting it. 351s sssd-ssh.service is a disabled or a static unit, not starting it. 351s sssd-sudo.service is a disabled or a static unit, not starting it. 351s Could not execute systemctl: at /usr/bin/deb-systemd-invoke line 148. 351s Setting up sssd-proxy (2.9.4-1.1ubuntu6) ... 351s Setting up sssd-ad-common (2.9.4-1.1ubuntu6) ... 351s Created symlink /etc/systemd/system/sssd.service.wants/sssd-pac.socket → /usr/lib/systemd/system/sssd-pac.socket. 352s sssd-pac.service is a disabled or a static unit, not starting it. 352s Could not execute systemctl: at /usr/bin/deb-systemd-invoke line 148. 352s Setting up sssd-krb5-common (2.9.4-1.1ubuntu6) ... 352s Setting up sssd-krb5 (2.9.4-1.1ubuntu6) ... 352s Setting up sssd-ldap (2.9.4-1.1ubuntu6) ... 352s Setting up sssd-ad (2.9.4-1.1ubuntu6) ... 352s Setting up sssd-ipa (2.9.4-1.1ubuntu6) ... 352s Setting up sssd (2.9.4-1.1ubuntu6) ... 352s Setting up autopkgtest-satdep (0) ... 352s Processing triggers for man-db (2.12.0-4build2) ... 353s Processing triggers for libc-bin (2.39-0ubuntu8.2) ... 356s (Reading database ... 74557 files and directories currently installed.) 356s Removing autopkgtest-satdep (0) ... 410s autopkgtest [15:18:41]: test sssd-softhism2-certificates-tests.sh: [----------------------- 410s + '[' -z ubuntu ']' 410s + required_tools=(p11tool openssl softhsm2-util) 410s + for cmd in "${required_tools[@]}" 410s + command -v p11tool 410s + for cmd in "${required_tools[@]}" 410s + command -v openssl 410s + for cmd in "${required_tools[@]}" 410s + command -v softhsm2-util 410s + PIN=053350 410s +++ find /usr/lib/softhsm/libsofthsm2.so 410s +++ head -n 1 410s ++ realpath /usr/lib/softhsm/libsofthsm2.so 410s + SOFTHSM2_MODULE=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so 410s + SSSD_P11_CHILD=/usr/libexec/sssd/p11_child 410s + TOKEN_ID=00112233445566778899FFAABBCCDDEEFF012345 410s + '[' '!' -v NO_SSSD_TESTS ']' 410s + '[' '!' -x /usr/libexec/sssd/p11_child ']' 410s + ca_db_arg=ca_db 410s ++ /usr/libexec/sssd/p11_child --help 410s + p11_child_help='Usage: p11_child [OPTION...] 410s -d, --debug-level=INT Debug level 410s --debug-timestamps=INT Add debug timestamps 410s --debug-microseconds=INT Show timestamps with microseconds 410s --dumpable=INT Allow core dumps 410s --debug-fd=INT An open file descriptor for the debug 410s logs 410s --logger=stderr|files|journald Set logger 410s --auth Run in auth mode 410s --pre Run in pre-auth mode 410s --wait_for_card Wait until card is available 410s --verification Run in verification mode 410s --pin Expect PIN on stdin 410s --keypad Expect PIN on keypad 410s --verify=STRING Tune validation 410s --ca_db=STRING CA DB to use 410s --module_name=STRING Module name for authentication 410s --token_name=STRING Token name for authentication 410s --key_id=STRING Key ID for authentication 410s --label=STRING Label for authentication 410s --certificate=STRING certificate to verify, base64 encoded 410s --uri=STRING PKCS#11 URI to restrict selection 410s --chain-id=LONG Tevent chain ID used for logging 410s purposes 410s 410s Help options: 410s -?, --help Show this help message 410s --usage Display brief usage message' 410s + echo 'Usage: p11_child [OPTION...] 410s -d, --debug-level=INT Debug level 410s --debug-timestamps=INT Add debug timestamps 410s --debug-microseconds=INT Show timestamps with microseconds 410s --dumpable=INT Allow core dumps 410s --debug-fd=INT An open file descriptor for the debug 410s logs 410s --logger=stderr|files|journald Set logger 410s --auth Run in auth mode 410s --pre Run in pre-auth mode 410s --wait_for_card Wait until card is available 410s --verification Run in verification mode 410s --pin Expect PIN on stdin 410s --keypad Expect PIN on keypad 410s --verify=STRING Tune validation 410s --ca_db=STRING CA DB to use 410s --module_name=STRING Module name for authentication 410s --token_name=STRING Token name for authentication 410s --key_id=STRING Key ID for authentication 410s --label=STRING Label for authentication 410s --certificate=STRING certificate to verify, base64 encoded 410s --uri=STRING PKCS#11 URI to restrict selection 410s --chain-id=LONG Tevent chain ID used for logging 410s purposes 410s 410s Help options: 410s -?, --help Show this help message 410s --usage Display brief usage message' 410s + grep nssdb -qs 410s + echo 'Usage: p11_child [OPTION...] 410s -d, --debug-level=INT Debug level 410s --debug-timestamps=INT Add debug timestamps 410s --debug-microseconds=INT Show timestamps with microseconds 410s --dumpable=INT Allow core dumps 410s --debug-fd=INT An open file descriptor for the debug 410s logs 410s --logger=stderr|files|journald Set logger 410s --auth Run in auth mode 410s --pre Run in pre-auth mode 410s --wait_for_card Wait until card is available 410s --verification Run in verification mode 410s --pin Expect PIN on stdin 410s --keypad Expect PIN on keypad 410s --verify=STRING Tune validation 410s --ca_db=STRING CA DB to use 410s --module_name=STRING Module name for authentication 410s --token_name=STRING Token name for authentication 410s --key_id=STRING Key ID for authentication 410s --label=STRING Label for authentication 410s --certificate=STRING certificate to verify, base64 encoded 410s --uri=STRING PKCS#11 URI to restrict selection 410s --chain-id=LONG Tevent chain ID used for logging 410s purposes 410s 410s Help options: 410s -?, --help Show this help message 410s --usage Display brief usage message' 410s + grep -qs -- --ca_db 410s + '[' '!' -e /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so ']' 410s ++ mktemp -d -t sssd-softhsm2-XXXXXX 410s + tmpdir=/tmp/sssd-softhsm2-r0YAhf 410s + keys_size=1024 410s + [[ ! -v KEEP_TEMPORARY_FILES ]] 410s + trap 'rm -rf "$tmpdir"' EXIT 410s + trap 'set +x; echo -e "\nUnexpected failure!!!"' ERR 410s + echo -n 01 410s + touch /tmp/sssd-softhsm2-r0YAhf/index.txt 410s + mkdir -p /tmp/sssd-softhsm2-r0YAhf/new_certs 410s + cat 410s + root_ca_key_pass=pass:random-root-CA-password-23252 410s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-r0YAhf/test-root-CA-key.pem -passout pass:random-root-CA-password-23252 1024 410s + openssl req -passin pass:random-root-CA-password-23252 -batch -config /tmp/sssd-softhsm2-r0YAhf/test-root-CA.config -x509 -new -nodes -key /tmp/sssd-softhsm2-r0YAhf/test-root-CA-key.pem -sha256 -days 1024 -set_serial 0 -extensions v3_ca -out /tmp/sssd-softhsm2-r0YAhf/test-root-CA.pem 410s + openssl x509 -noout -in /tmp/sssd-softhsm2-r0YAhf/test-root-CA.pem 410s + cat 410s + intermediate_ca_key_pass=pass:random-intermediate-CA-password-17900 410s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-r0YAhf/test-intermediate-CA-key.pem -passout pass:random-intermediate-CA-password-17900 1024 410s + openssl req -batch -new -nodes -passin pass:random-intermediate-CA-password-17900 -config /tmp/sssd-softhsm2-r0YAhf/test-intermediate-CA.config -key /tmp/sssd-softhsm2-r0YAhf/test-intermediate-CA-key.pem -passout pass:random-root-CA-password-23252 -sha256 -extensions v3_ca -out /tmp/sssd-softhsm2-r0YAhf/test-intermediate-CA-certificate-request.pem 410s + openssl req -text -noout -in /tmp/sssd-softhsm2-r0YAhf/test-intermediate-CA-certificate-request.pem 410s Certificate Request: 410s Data: 410s Version: 1 (0x0) 410s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 410s Subject Public Key Info: 410s Public Key Algorithm: rsaEncryption 410s Public-Key: (1024 bit) 410s Modulus: 410s 00:ac:34:65:32:17:26:3b:3a:96:6d:e0:0f:0a:ea: 410s 3a:66:0d:e6:ce:3e:37:34:36:c1:ae:4d:7c:4f:60: 410s c7:55:c3:aa:d7:71:bf:07:0b:61:88:19:14:fa:2c: 410s ed:04:aa:da:73:60:03:3c:3b:7a:6c:20:0a:30:ac: 410s 1a:36:6d:04:69:c4:a9:55:66:4f:72:38:62:7c:40: 410s b0:09:2d:4c:98:2f:f5:63:8b:8b:bb:57:fe:9f:cc: 410s bb:e1:4b:d0:52:5d:0d:4a:27:88:b8:a4:f8:38:47: 410s cb:9e:1a:e1:c7:d9:8f:cf:c9:3d:80:12:36:71:4b: 410s c7:43:03:ef:ee:5b:a3:e7:c1 410s Exponent: 65537 (0x10001) 410s Attributes: 410s (none) 410s Requested Extensions: 410s Signature Algorithm: sha256WithRSAEncryption 410s Signature Value: 410s 44:c6:9b:99:41:85:4e:0b:52:67:c6:c7:bc:7f:57:87:6d:d9: 410s 3d:47:19:52:3e:c8:dc:66:dd:f1:d2:d7:37:df:eb:38:5e:27: 410s 6a:03:53:c3:f1:a1:4f:02:be:24:a6:58:aa:df:b2:89:52:b5: 410s a1:43:4c:b0:50:6c:d3:0e:e2:df:6e:77:b5:58:d7:84:67:65: 410s 20:e5:2f:7f:65:af:79:2c:b7:33:fa:db:97:ac:57:76:37:18: 410s dd:44:11:83:20:a8:23:52:81:1c:c5:66:6b:5a:fc:f6:4e:b5: 410s 45:18:08:6e:39:20:f9:de:94:43:7e:c4:c2:aa:6a:a7:e4:6d: 410s 02:0a 410s + openssl ca -batch -notext -config /tmp/sssd-softhsm2-r0YAhf/test-root-CA.config -passin pass:random-root-CA-password-23252 -keyfile /tmp/sssd-softhsm2-r0YAhf/test-root-CA-key.pem -in /tmp/sssd-softhsm2-r0YAhf/test-intermediate-CA-certificate-request.pem -days 365 -extensions v3_intermediate_ca -out /tmp/sssd-softhsm2-r0YAhf/test-intermediate-CA.pem 410s Using configuration from /tmp/sssd-softhsm2-r0YAhf/test-root-CA.config 410s Check that the request matches the signature 410s Signature ok 410s Certificate Details: 410s Serial Number: 1 (0x1) 410s Validity 410s Not Before: Jun 14 15:18:41 2024 GMT 410s Not After : Jun 14 15:18:41 2025 GMT 410s Subject: 410s organizationName = Test Organization 410s organizationalUnitName = Test Organization Unit 410s commonName = Test Organization Intermediate CA 410s X509v3 extensions: 410s X509v3 Subject Key Identifier: 410s 4D:4B:39:58:01:C0:20:7E:87:BD:BC:88:5D:D2:F5:01:1B:91:58:EC 410s X509v3 Authority Key Identifier: 410s keyid:FB:9F:83:9D:ED:50:0F:1C:13:34:B1:AF:EA:FB:8C:90:55:0C:6A:29 410s DirName:/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root CA 410s serial:00 410s X509v3 Basic Constraints: 410s CA:TRUE 410s X509v3 Key Usage: critical 410s Digital Signature, Certificate Sign, CRL Sign 410s Certificate is to be certified until Jun 14 15:18:41 2025 GMT (365 days) 410s 410s Write out database with 1 new entries 410s Database updated 410s + openssl x509 -noout -in /tmp/sssd-softhsm2-r0YAhf/test-intermediate-CA.pem 410s + openssl verify -CAfile /tmp/sssd-softhsm2-r0YAhf/test-root-CA.pem /tmp/sssd-softhsm2-r0YAhf/test-intermediate-CA.pem 410s /tmp/sssd-softhsm2-r0YAhf/test-intermediate-CA.pem: OK 410s + cat 410s + sub_intermediate_ca_key_pass=pass:random-sub-intermediate-CA-password-32314 410s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-r0YAhf/test-sub-intermediate-CA-key.pem -passout pass:random-sub-intermediate-CA-password-32314 1024 410s + openssl req -batch -new -nodes -passin pass:random-sub-intermediate-CA-password-32314 -config /tmp/sssd-softhsm2-r0YAhf/test-sub-intermediate-CA.config -key /tmp/sssd-softhsm2-r0YAhf/test-sub-intermediate-CA-key.pem -passout pass:random-intermediate-CA-password-17900 -sha256 -extensions v3_ca -out /tmp/sssd-softhsm2-r0YAhf/test-sub-intermediate-CA-certificate-request.pem 410s + openssl req -text -noout -in /tmp/sssd-softhsm2-r0YAhf/test-sub-intermediate-CA-certificate-request.pem 410s Certificate Request: 410s Data: 410s Version: 1 (0x0) 410s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 410s Subject Public Key Info: 410s Public Key Algorithm: rsaEncryption 410s Public-Key: (1024 bit) 410s Modulus: 410s 00:ac:04:00:7f:60:53:12:34:a9:d1:73:61:3e:7e: 410s 3b:18:08:6c:ee:07:5a:fd:ec:f5:fb:26:67:4d:b3: 410s ee:05:71:fb:2e:3d:08:eb:54:db:79:21:7e:a9:f0: 410s b0:fc:38:d4:18:77:f5:8c:fa:a0:7b:c4:fd:24:2f: 410s ee:dc:ae:3b:9d:ae:2a:90:9d:3e:f7:75:c6:d1:3d: 410s 5a:31:10:f0:c9:9a:ab:ab:47:5e:65:7f:b0:46:c1: 410s 15:18:59:0a:da:bd:36:64:f5:10:69:26:73:cb:bd: 410s f6:1c:02:a7:3b:7d:2e:b5:92:c1:8f:fc:ff:db:ba: 410s e7:ce:51:82:45:48:5d:26:fb 410s Exponent: 65537 (0x10001) 410s Attributes: 410s (none) 410s Requested Extensions: 410s Signature Algorithm: sha256WithRSAEncryption 410s Signature Value: 410s 54:90:a9:ba:e8:a2:b2:41:5b:d6:81:d4:cc:74:56:ae:17:28: 410s 92:d0:cb:10:9d:06:48:8b:8a:e0:6d:17:14:72:9f:7b:0e:52: 410s 27:ed:29:d7:3c:63:7f:d0:f5:f8:17:26:80:fb:bd:19:ea:65: 410s e3:97:8c:89:92:51:9c:d7:d9:4a:3c:8e:1d:ac:88:c1:8c:38: 410s 69:e3:8d:f1:ca:c5:50:f7:b7:9d:09:1c:3a:0f:b2:35:64:18: 410s aa:27:61:b2:d5:4c:8a:54:bb:09:0f:32:da:28:1a:8b:d0:65: 410s 0b:40:45:60:ea:3d:29:59:00:0c:26:56:98:f4:fe:43:7f:fa: 410s 4b:c7 410s + openssl ca -batch -notext -config /tmp/sssd-softhsm2-r0YAhf/test-intermediate-CA.config -passin pass:random-intermediate-CA-password-17900 -keyfile /tmp/sssd-softhsm2-r0YAhf/test-intermediate-CA-key.pem -in /tmp/sssd-softhsm2-r0YAhf/test-sub-intermediate-CA-certificate-request.pem -days 365 -extensions v3_intermediate_ca -out /tmp/sssd-softhsm2-r0YAhf/test-sub-intermediate-CA.pem 410s Using configuration from /tmp/sssd-softhsm2-r0YAhf/test-intermediate-CA.config 410s Check that the request matches the signature 410s Signature ok 410s Certificate Details: 410s Serial Number: 2 (0x2) 410s Validity 410s Not Before: Jun 14 15:18:41 2024 GMT 410s Not After : Jun 14 15:18:41 2025 GMT 410s Subject: 410s organizationName = Test Organization 410s organizationalUnitName = Test Organization Unit 410s commonName = Test Organization Sub Intermediate CA 410s X509v3 extensions: 410s X509v3 Subject Key Identifier: 410s B9:55:20:46:10:7F:CF:35:E3:91:10:9A:1D:75:55:5C:BD:97:21:70 410s X509v3 Authority Key Identifier: 410s keyid:4D:4B:39:58:01:C0:20:7E:87:BD:BC:88:5D:D2:F5:01:1B:91:58:EC 410s DirName:/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root CA 410s serial:01 410s X509v3 Basic Constraints: 410s CA:TRUE 410s X509v3 Key Usage: critical 410s Digital Signature, Certificate Sign, CRL Sign 410s Certificate is to be certified until Jun 14 15:18:41 2025 GMT (365 days) 410s 410s Write out database with 1 new entries 410s Database updated 410s + openssl x509 -noout -in /tmp/sssd-softhsm2-r0YAhf/test-sub-intermediate-CA.pem 410s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-r0YAhf/test-intermediate-CA.pem /tmp/sssd-softhsm2-r0YAhf/test-sub-intermediate-CA.pem 410s /tmp/sssd-softhsm2-r0YAhf/test-sub-intermediate-CA.pem: OK 410s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-r0YAhf/test-root-CA.pem /tmp/sssd-softhsm2-r0YAhf/test-sub-intermediate-CA.pem 410s + local cmd=openssl 410s + shift 410s + openssl verify -CAfile /tmp/sssd-softhsm2-r0YAhf/test-root-CA.pem /tmp/sssd-softhsm2-r0YAhf/test-sub-intermediate-CA.pem 410s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 410s error 20 at 0 depth lookup: unable to get local issuer certificate 410s error /tmp/sssd-softhsm2-r0YAhf/test-sub-intermediate-CA.pem: verification failed 410s + cat 410s + root_ca_trusted_cert_0001_key_pass=pass:random-root-ca-trusted-cert-0001-6982 410s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-r0YAhf/test-root-CA-trusted-certificate-0001-key.pem -passout pass:random-root-ca-trusted-cert-0001-6982 1024 410s + openssl req -new -nodes -reqexts req_exts -passin pass:random-root-ca-trusted-cert-0001-6982 -key /tmp/sssd-softhsm2-r0YAhf/test-root-CA-trusted-certificate-0001-key.pem -config /tmp/sssd-softhsm2-r0YAhf/test-root-CA-trusted-certificate-0001.config -out /tmp/sssd-softhsm2-r0YAhf/test-root-CA-trusted-certificate-0001-request.pem 410s + openssl req -text -noout -in /tmp/sssd-softhsm2-r0YAhf/test-root-CA-trusted-certificate-0001-request.pem 410s Certificate Request: 410s Data: 410s Version: 1 (0x0) 410s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 410s Subject Public Key Info: 410s Public Key Algorithm: rsaEncryption 410s Public-Key: (1024 bit) 410s Modulus: 410s 00:a8:d1:f0:f5:c9:95:dc:47:ee:eb:17:35:f9:7e: 410s c3:56:26:45:71:0a:39:bd:96:3b:e4:59:f0:e1:c7: 410s 21:a7:92:cc:d8:db:76:54:9f:f1:c0:e4:d9:06:a4: 410s 99:51:81:5a:2f:b9:d2:93:7b:3f:52:f6:09:f0:02: 410s f2:4d:24:78:1c:bc:08:c1:94:e0:ad:d1:21:de:d2: 410s cb:bc:50:41:67:13:0e:2d:6a:fe:b9:bc:36:5e:01: 410s 3d:7a:ba:94:51:8e:a9:02:59:02:d7:6e:b7:08:7c: 410s 6a:2f:98:a2:d4:89:14:8d:4e:c7:96:1c:b4:0d:19: 410s 4b:f0:7e:4f:bf:f7:3b:78:43 410s Exponent: 65537 (0x10001) 410s Attributes: 410s Requested Extensions: 410s X509v3 Basic Constraints: 410s CA:FALSE 410s Netscape Cert Type: 410s SSL Client, S/MIME 410s Netscape Comment: 410s Test Organization Root CA trusted Certificate 410s X509v3 Subject Key Identifier: 410s EF:1F:C1:5A:4D:2D:82:C1:18:8D:0B:C8:E1:99:71:83:5F:13:59:EF 410s X509v3 Key Usage: critical 410s Digital Signature, Non Repudiation, Key Encipherment 410s X509v3 Extended Key Usage: 410s TLS Web Client Authentication, E-mail Protection 410s X509v3 Subject Alternative Name: 410s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 410s Signature Algorithm: sha256WithRSAEncryption 410s Signature Value: 410s 1e:f5:df:6a:d5:6d:c1:b8:8a:19:78:62:bb:d5:fa:df:2b:5b: 410s 34:c9:36:6b:6a:2d:46:f2:49:d8:99:29:54:74:d5:c8:33:e4: 410s 00:eb:9d:ae:ae:3d:8f:04:3a:9d:9f:d2:ed:bc:ab:b3:fc:c0: 410s ce:0d:d6:b3:42:4c:dc:71:c4:10:5a:53:2b:d2:38:fb:9c:fe: 410s 1f:42:d6:9b:d2:0a:36:1a:e3:40:9e:1b:c6:98:11:2c:26:31: 410s e0:02:8a:99:ea:aa:3c:f6:00:14:89:3a:8d:69:ad:a9:d4:e9: 410s 91:76:86:fa:d3:d1:f7:68:26:c4:d4:dd:a3:64:55:14:66:b2: 410s b1:47 410s + openssl ca -batch -notext -config /tmp/sssd-softhsm2-r0YAhf/test-root-CA.config -passin pass:random-root-CA-password-23252 -keyfile /tmp/sssd-softhsm2-r0YAhf/test-root-CA-key.pem -in /tmp/sssd-softhsm2-r0YAhf/test-root-CA-trusted-certificate-0001-request.pem -days 365 -extensions usr_cert -out /tmp/sssd-softhsm2-r0YAhf/test-root-CA-trusted-certificate-0001.pem 410s Using configuration from /tmp/sssd-softhsm2-r0YAhf/test-root-CA.config 410s Check that the request matches the signature 410s Signature ok 410s Certificate Details: 410s Serial Number: 3 (0x3) 410s Validity 410s Not Before: Jun 14 15:18:41 2024 GMT 410s Not After : Jun 14 15:18:41 2025 GMT 410s Subject: 410s organizationName = Test Organization 410s organizationalUnitName = Test Organization Unit 410s commonName = Test Organization Root Trusted Certificate 0001 410s X509v3 extensions: 410s X509v3 Authority Key Identifier: 410s FB:9F:83:9D:ED:50:0F:1C:13:34:B1:AF:EA:FB:8C:90:55:0C:6A:29 410s X509v3 Basic Constraints: 410s CA:FALSE 410s Netscape Cert Type: 410s SSL Client, S/MIME 410s Netscape Comment: 410s Test Organization Root CA trusted Certificate 410s X509v3 Subject Key Identifier: 410s EF:1F:C1:5A:4D:2D:82:C1:18:8D:0B:C8:E1:99:71:83:5F:13:59:EF 410s X509v3 Key Usage: critical 410s Digital Signature, Non Repudiation, Key Encipherment 410s X509v3 Extended Key Usage: 410s TLS Web Client Authentication, E-mail Protection 410s X509v3 Subject Alternative Name: 410s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 410s Certificate is to be certified until Jun 14 15:18:41 2025 GMT (365 days) 410s 410s Write out database with 1 new entries 410s Database updated 410s + openssl x509 -noout -in /tmp/sssd-softhsm2-r0YAhf/test-root-CA-trusted-certificate-0001.pem 410s /tmp/sssd-softhsm2-r0YAhf/test-root-CA-trusted-certificate-0001.pem: OK 410s + openssl verify -CAfile /tmp/sssd-softhsm2-r0YAhf/test-root-CA.pem /tmp/sssd-softhsm2-r0YAhf/test-root-CA-trusted-certificate-0001.pem 410s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-r0YAhf/test-intermediate-CA.pem /tmp/sssd-softhsm2-r0YAhf/test-root-CA-trusted-certificate-0001.pem 410s + local cmd=openssl 410s + shift 410s + openssl verify -CAfile /tmp/sssd-softhsm2-r0YAhf/test-intermediate-CA.pem /tmp/sssd-softhsm2-r0YAhf/test-root-CA-trusted-certificate-0001.pem 410s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 410s error 20 at 0 depth lookup: unable to get local issuer certificate 410s error /tmp/sssd-softhsm2-r0YAhf/test-root-CA-trusted-certificate-0001.pem: verification failed 410s + cat 410s + intermediate_ca_trusted_cert_0001_key_pass=pass:random-intermediate-ca-trusted-cert-0001-811 410s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-r0YAhf/test-intermediate-CA-trusted-certificate-0001-key.pem -passout pass:random-intermediate-ca-trusted-cert-0001-811 1024 410s + openssl req -new -nodes -reqexts req_exts -passin pass:random-intermediate-ca-trusted-cert-0001-811 -key /tmp/sssd-softhsm2-r0YAhf/test-intermediate-CA-trusted-certificate-0001-key.pem -config /tmp/sssd-softhsm2-r0YAhf/test-intermediate-CA-trusted-certificate-0001.config -out /tmp/sssd-softhsm2-r0YAhf/test-intermediate-CA-trusted-certificate-0001-request.pem 410s + openssl req -text -noout -in /tmp/sssd-softhsm2-r0YAhf/test-intermediate-CA-trusted-certificate-0001-request.pem 410s Certificate Request: 410s Data: 410s Version: 1 (0x0) 410s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 410s Subject Public Key Info: 410s Public Key Algorithm: rsaEncryption 410s Public-Key: (1024 bit) 410s Modulus: 410s 00:d7:8b:ee:48:46:3f:a6:0e:24:a3:0a:7e:d8:6f: 410s 4e:ba:b5:e2:cf:2d:70:90:6c:60:6f:75:e4:a5:93: 410s 58:90:fc:d9:6e:13:f4:c1:2b:ba:5b:b5:93:96:2d: 410s 20:75:fc:20:c1:60:d3:30:0e:d4:66:ee:53:2d:63: 410s 97:89:0c:1b:2c:e5:14:c9:5c:d4:c7:9a:9f:8c:73: 410s 95:6a:c9:2c:a5:cf:8a:ca:86:ce:d4:b9:99:2e:d9: 410s c4:ef:e8:00:7a:1b:dc:cb:a6:aa:0e:ae:70:23:80: 410s a2:b1:c2:2d:fd:d8:b8:a6:0d:ea:b8:53:1a:9c:42: 410s c4:47:c7:02:eb:4d:1e:d6:13 410s Exponent: 65537 (0x10001) 410s Attributes: 410s Requested Extensions: 410s X509v3 Basic Constraints: 410s CA:FALSE 410s Netscape Cert Type: 410s SSL Client, S/MIME 410s Netscape Comment: 410s Test Organization Intermediate CA trusted Certificate 410s X509v3 Subject Key Identifier: 410s A4:B5:22:66:A3:8C:99:45:12:07:7E:F5:93:03:A4:D5:B8:0A:1B:B3 410s X509v3 Key Usage: critical 410s Digital Signature, Non Repudiation, Key Encipherment 410s X509v3 Extended Key Usage: 410s TLS Web Client Authentication, E-mail Protection 410s X509v3 Subject Alternative Name: 410s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 410s Signature Algorithm: sha256WithRSAEncryption 410s Signature Value: 410s bc:9d:0d:47:69:48:47:13:f6:21:89:b7:60:30:14:ca:c3:71: 410s c3:ba:01:66:e4:aa:b2:05:32:7b:44:07:e2:49:16:c3:a1:9a: 410s 51:f7:da:04:a0:70:0e:ec:61:87:ed:29:ff:66:46:df:4d:0c: 410s a3:f1:98:e8:c1:ef:96:ca:dc:38:41:64:80:61:af:98:ba:56: 410s b5:fe:aa:e1:00:58:e3:ee:50:f2:0e:36:0b:d4:f9:58:06:48: 410s 26:62:d4:98:c3:bf:6c:00:e4:ce:bc:db:95:d0:8e:c4:24:87: 410s 0e:e6:ca:25:ad:8b:08:63:b9:e1:6b:60:d2:b0:de:8c:7d:16: 410s 30:4d 410s + openssl ca -passin pass:random-intermediate-CA-password-17900 -config /tmp/sssd-softhsm2-r0YAhf/test-intermediate-CA.config -batch -notext -keyfile /tmp/sssd-softhsm2-r0YAhf/test-intermediate-CA-key.pem -in /tmp/sssd-softhsm2-r0YAhf/test-intermediate-CA-trusted-certificate-0001-request.pem -days 365 -extensions usr_cert -out /tmp/sssd-softhsm2-r0YAhf/test-intermediate-CA-trusted-certificate-0001.pem 410s Using configuration from /tmp/sssd-softhsm2-r0YAhf/test-intermediate-CA.config 410s Check that the request matches the signature 410s Signature ok 410s Certificate Details: 410s Serial Number: 4 (0x4) 410s Validity 410s Not Before: Jun 14 15:18:41 2024 GMT 410s Not After : Jun 14 15:18:41 2025 GMT 410s Subject: 410s organizationName = Test Organization 410s organizationalUnitName = Test Organization Unit 410s commonName = Test Organization Intermediate Trusted Certificate 0001 410s X509v3 extensions: 410s X509v3 Authority Key Identifier: 410s 4D:4B:39:58:01:C0:20:7E:87:BD:BC:88:5D:D2:F5:01:1B:91:58:EC 410s X509v3 Basic Constraints: 410s CA:FALSE 410s Netscape Cert Type: 410s SSL Client, S/MIME 410s Netscape Comment: 410s Test Organization Intermediate CA trusted Certificate 410s X509v3 Subject Key Identifier: 410s A4:B5:22:66:A3:8C:99:45:12:07:7E:F5:93:03:A4:D5:B8:0A:1B:B3 410s X509v3 Key Usage: critical 410s Digital Signature, Non Repudiation, Key Encipherment 410s X509v3 Extended Key Usage: 410s TLS Web Client Authentication, E-mail Protection 410s X509v3 Subject Alternative Name: 410s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 410s Certificate is to be certified until Jun 14 15:18:41 2025 GMT (365 days) 410s 410s Write out database with 1 new entries 410s Database updated 410s + openssl x509 -noout -in /tmp/sssd-softhsm2-r0YAhf/test-intermediate-CA-trusted-certificate-0001.pem 410s This certificate should not be trusted fully 410s + echo 'This certificate should not be trusted fully' 410s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-r0YAhf/test-intermediate-CA.pem /tmp/sssd-softhsm2-r0YAhf/test-intermediate-CA-trusted-certificate-0001.pem 410s + local cmd=openssl 410s + shift 410s + openssl verify -CAfile /tmp/sssd-softhsm2-r0YAhf/test-intermediate-CA.pem /tmp/sssd-softhsm2-r0YAhf/test-intermediate-CA-trusted-certificate-0001.pem 410s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 410s error 2 at 1 depth lookup: unable to get issuer certificate 410s error /tmp/sssd-softhsm2-r0YAhf/test-intermediate-CA-trusted-certificate-0001.pem: verification failed 410s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-r0YAhf/test-intermediate-CA.pem /tmp/sssd-softhsm2-r0YAhf/test-intermediate-CA-trusted-certificate-0001.pem 410s /tmp/sssd-softhsm2-r0YAhf/test-intermediate-CA-trusted-certificate-0001.pem: OK 410s + cat 410s + sub_intermediate_ca_trusted_cert_0001_key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-1245 410s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-r0YAhf/test-sub-intermediate-CA-trusted-certificate-0001-key.pem -passout pass:random-sub-intermediate-ca-trusted-cert-0001-1245 1024 410s + openssl req -new -nodes -reqexts req_exts -passin pass:random-sub-intermediate-ca-trusted-cert-0001-1245 -key /tmp/sssd-softhsm2-r0YAhf/test-sub-intermediate-CA-trusted-certificate-0001-key.pem -config /tmp/sssd-softhsm2-r0YAhf/test-sub-intermediate-CA-trusted-certificate-0001.config -out /tmp/sssd-softhsm2-r0YAhf/test-sub-intermediate-CA-trusted-certificate-0001-request.pem 410s + openssl req -text -noout -in /tmp/sssd-softhsm2-r0YAhf/test-sub-intermediate-CA-trusted-certificate-0001-request.pem 410s Certificate Request: 410s Data: 410s Version: 1 (0x0) 410s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 410s Subject Public Key Info: 410s Public Key Algorithm: rsaEncryption 410s Public-Key: (1024 bit) 410s Modulus: 410s 00:bb:27:66:ff:4d:7e:9f:e0:1b:17:5d:e5:b2:af: 410s 8d:cf:a1:f5:6c:6a:92:02:42:14:27:4c:92:f0:bf: 410s 89:70:a7:47:d0:bb:2a:78:7f:97:e8:2b:fe:ff:42: 410s f4:68:b1:1f:a1:ff:0c:c0:4c:9b:8e:34:7d:27:7e: 410s 9b:55:a4:90:b4:30:90:ed:9e:05:dd:19:b5:18:c2: 410s 9a:c1:b6:f3:a5:be:20:00:2d:dd:25:e9:f3:eb:e9: 410s ae:51:b1:77:17:da:76:9b:0f:72:73:96:0e:86:54: 410s 80:88:98:2e:65:87:e8:ca:c4:ea:42:79:24:c2:a4: 410s a8:da:91:4f:bb:37:49:2d:e1 410s Exponent: 65537 (0x10001) 410s Attributes: 410s Requested Extensions: 410s X509v3 Basic Constraints: 410s CA:FALSE 410s Netscape Cert Type: 410s SSL Client, S/MIME 410s Netscape Comment: 410s Test Organization Sub Intermediate CA trusted Certificate 410s X509v3 Subject Key Identifier: 410s F0:4E:7F:68:33:13:6E:E3:F0:66:1D:EF:30:CC:79:50:D0:4B:42:60 410s X509v3 Key Usage: critical 410s Digital Signature, Non Repudiation, Key Encipherment 410s X509v3 Extended Key Usage: 410s TLS Web Client Authentication, E-mail Protection 410s X509v3 Subject Alternative Name: 410s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 410s Signature Algorithm: sha256WithRSAEncryption 410s Signature Value: 410s 6b:ef:0e:1b:2c:ff:43:00:49:15:fd:85:0f:cc:d2:67:e2:9b: 410s a0:61:28:98:2c:96:e8:67:2d:c8:94:f2:21:f0:c9:5a:85:a5: 410s 0e:c6:2f:21:7b:31:b8:62:08:9b:5d:90:5d:30:80:64:b6:78: 410s a0:0d:6c:0f:d5:af:1a:fc:9e:0d:3c:e4:38:d6:86:59:3b:e2: 410s 66:d5:53:2e:35:03:89:63:31:66:7a:13:81:75:63:a9:62:79: 410s 7f:bc:4b:8c:f8:f3:85:b8:00:0d:56:c4:9e:1f:63:29:9d:ee: 410s 11:a7:5e:20:97:20:87:72:02:6f:68:6f:35:36:54:7c:83:e1: 410s 12:6c 410s + openssl ca -passin pass:random-sub-intermediate-CA-password-32314 -config /tmp/sssd-softhsm2-r0YAhf/test-sub-intermediate-CA.config -batch -notext -keyfile /tmp/sssd-softhsm2-r0YAhf/test-sub-intermediate-CA-key.pem -in /tmp/sssd-softhsm2-r0YAhf/test-sub-intermediate-CA-trusted-certificate-0001-request.pem -days 365 -extensions usr_cert -out /tmp/sssd-softhsm2-r0YAhf/test-sub-intermediate-CA-trusted-certificate-0001.pem 410s Using configuration from /tmp/sssd-softhsm2-r0YAhf/test-sub-intermediate-CA.config 410s Check that the request matches the signature 410s Signature ok 410s Certificate Details: 410s Serial Number: 5 (0x5) 410s Validity 410s Not Before: Jun 14 15:18:41 2024 GMT 410s Not After : Jun 14 15:18:41 2025 GMT 410s Subject: 410s organizationName = Test Organization 410s organizationalUnitName = Test Organization Unit 410s commonName = Test Organization Sub Intermediate Trusted Certificate 0001 410s X509v3 extensions: 410s X509v3 Authority Key Identifier: 410s B9:55:20:46:10:7F:CF:35:E3:91:10:9A:1D:75:55:5C:BD:97:21:70 410s X509v3 Basic Constraints: 410s CA:FALSE 410s Netscape Cert Type: 410s SSL Client, S/MIME 410s Netscape Comment: 410s Test Organization Sub Intermediate CA trusted Certificate 410s X509v3 Subject Key Identifier: 410s F0:4E:7F:68:33:13:6E:E3:F0:66:1D:EF:30:CC:79:50:D0:4B:42:60 410s X509v3 Key Usage: critical 410s Digital Signature, Non Repudiation, Key Encipherment 410s X509v3 Extended Key Usage: 410s TLS Web Client Authentication, E-mail Protection 410s X509v3 Subject Alternative Name: 410s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 410s Certificate is to be certified until Jun 14 15:18:41 2025 GMT (365 days) 410s 410s Write out database with 1 new entries 410s Database updated 410s + openssl x509 -noout -in /tmp/sssd-softhsm2-r0YAhf/test-sub-intermediate-CA-trusted-certificate-0001.pem 410s This certificate should not be trusted fully 410s + echo 'This certificate should not be trusted fully' 410s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-r0YAhf/test-sub-intermediate-CA.pem /tmp/sssd-softhsm2-r0YAhf/test-sub-intermediate-CA-trusted-certificate-0001.pem 410s + local cmd=openssl 410s + shift 410s + openssl verify -CAfile /tmp/sssd-softhsm2-r0YAhf/test-sub-intermediate-CA.pem /tmp/sssd-softhsm2-r0YAhf/test-sub-intermediate-CA-trusted-certificate-0001.pem 410s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 410s error 2 at 1 depth lookup: unable to get issuer certificate 410s error /tmp/sssd-softhsm2-r0YAhf/test-sub-intermediate-CA-trusted-certificate-0001.pem: verification failed 410s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-r0YAhf/test-intermediate-CA.pem /tmp/sssd-softhsm2-r0YAhf/test-sub-intermediate-CA-trusted-certificate-0001.pem 410s + local cmd=openssl 410s + shift 410s + openssl verify -CAfile /tmp/sssd-softhsm2-r0YAhf/test-intermediate-CA.pem /tmp/sssd-softhsm2-r0YAhf/test-sub-intermediate-CA-trusted-certificate-0001.pem 410s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 410s error 20 at 0 depth lookup: unable to get local issuer certificate 410s error /tmp/sssd-softhsm2-r0YAhf/test-sub-intermediate-CA-trusted-certificate-0001.pem: verification failed 410s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-r0YAhf/test-sub-intermediate-CA.pem /tmp/sssd-softhsm2-r0YAhf/test-sub-intermediate-CA-trusted-certificate-0001.pem 410s /tmp/sssd-softhsm2-r0YAhf/test-sub-intermediate-CA-trusted-certificate-0001.pem: OK 410s + expect_fail openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-r0YAhf/test-intermediate-CA.pem /tmp/sssd-softhsm2-r0YAhf/test-sub-intermediate-CA-trusted-certificate-0001.pem 410s + local cmd=openssl 410s + shift 410s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-r0YAhf/test-intermediate-CA.pem /tmp/sssd-softhsm2-r0YAhf/test-sub-intermediate-CA-trusted-certificate-0001.pem 410s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 410s error 20 at 0 depth lookup: unable to get local issuer certificate 410s error /tmp/sssd-softhsm2-r0YAhf/test-sub-intermediate-CA-trusted-certificate-0001.pem: verification failed 410s + echo 'Building a the full-chain CA file...' 410s + cat /tmp/sssd-softhsm2-r0YAhf/test-root-CA.pem /tmp/sssd-softhsm2-r0YAhf/test-intermediate-CA.pem /tmp/sssd-softhsm2-r0YAhf/test-sub-intermediate-CA.pem 410s Building a the full-chain CA file... 410s + cat /tmp/sssd-softhsm2-r0YAhf/test-root-CA.pem /tmp/sssd-softhsm2-r0YAhf/test-intermediate-CA.pem 410s + cat /tmp/sssd-softhsm2-r0YAhf/test-intermediate-CA.pem /tmp/sssd-softhsm2-r0YAhf/test-sub-intermediate-CA.pem 410s + openssl crl2pkcs7 -nocrl -certfile /tmp/sssd-softhsm2-r0YAhf/test-full-chain-CA.pem 410s + openssl pkcs7 -print_certs -noout 410s subject=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 410s issuer=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 410s 410s subject=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 410s issuer=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 410s 410s subject=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 410s issuer=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 410s 410s + openssl verify -CAfile /tmp/sssd-softhsm2-r0YAhf/test-full-chain-CA.pem /tmp/sssd-softhsm2-r0YAhf/test-intermediate-CA.pem 410s /tmp/sssd-softhsm2-r0YAhf/test-intermediate-CA.pem: OK 410s + openssl verify -CAfile /tmp/sssd-softhsm2-r0YAhf/test-full-chain-CA.pem /tmp/sssd-softhsm2-r0YAhf/test-root-CA-trusted-certificate-0001.pem 410s + openssl verify -CAfile /tmp/sssd-softhsm2-r0YAhf/test-full-chain-CA.pem /tmp/sssd-softhsm2-r0YAhf/test-intermediate-CA-trusted-certificate-0001.pem 410s /tmp/sssd-softhsm2-r0YAhf/test-root-CA-trusted-certificate-0001.pem: OK 410s /tmp/sssd-softhsm2-r0YAhf/test-intermediate-CA-trusted-certificate-0001.pem: OK 410s + openssl verify -CAfile /tmp/sssd-softhsm2-r0YAhf/test-full-chain-CA.pem /tmp/sssd-softhsm2-r0YAhf/test-root-intermediate-chain-CA.pem 410s + openssl verify -CAfile /tmp/sssd-softhsm2-r0YAhf/test-full-chain-CA.pem /tmp/sssd-softhsm2-r0YAhf/test-sub-intermediate-CA-trusted-certificate-0001.pem 410s /tmp/sssd-softhsm2-r0YAhf/test-root-intermediate-chain-CA.pem: OK 410s /tmp/sssd-softhsm2-r0YAhf/test-sub-intermediate-CA-trusted-certificate-0001.pem: OK 410s Certificates generation completed! 410s + echo 'Certificates generation completed!' 410s + [[ -v NO_SSSD_TESTS ]] 410s + invalid_certificate /tmp/sssd-softhsm2-r0YAhf/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-6982 /dev/null 410s + check_certificate /tmp/sssd-softhsm2-r0YAhf/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-6982 /dev/null 410s + local certificate=/tmp/sssd-softhsm2-r0YAhf/test-root-CA-trusted-certificate-0001.pem 410s + local key_pass=pass:random-root-ca-trusted-cert-0001-6982 410s + local key_ring=/dev/null 410s + local verify_option= 410s + prepare_softhsm2_card /tmp/sssd-softhsm2-r0YAhf/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-6982 410s + local certificate=/tmp/sssd-softhsm2-r0YAhf/test-root-CA-trusted-certificate-0001.pem 410s + local key_pass=pass:random-root-ca-trusted-cert-0001-6982 410s + local key_cn 410s + local key_name 410s + local tokens_dir 410s + local output_cert_file 410s + token_name= 410s ++ basename /tmp/sssd-softhsm2-r0YAhf/test-root-CA-trusted-certificate-0001.pem .pem 410s + key_name=test-root-CA-trusted-certificate-0001 410s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-r0YAhf/test-root-CA-trusted-certificate-0001.pem 410s ++ sed -n 's/ *commonName *= //p' 410s + key_cn='Test Organization Root Trusted Certificate 0001' 410s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 410s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-r0YAhf/softhsm2-test-root-CA-trusted-certificate-0001.conf 410s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-r0YAhf/softhsm2-test-root-CA-trusted-certificate-0001.conf 410s ++ basename /tmp/sssd-softhsm2-r0YAhf/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 410s + tokens_dir=/tmp/sssd-softhsm2-r0YAhf/softhsm2-test-root-CA-trusted-certificate-0001 410s + token_name='Test Organization Root Tr Token' 410s + '[' '!' -e /tmp/sssd-softhsm2-r0YAhf/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 410s + local key_file 410s + local decrypted_key 410s + mkdir -p /tmp/sssd-softhsm2-r0YAhf/softhsm2-test-root-CA-trusted-certificate-0001 410s + key_file=/tmp/sssd-softhsm2-r0YAhf/test-root-CA-trusted-certificate-0001-key.pem 410s + decrypted_key=/tmp/sssd-softhsm2-r0YAhf/test-root-CA-trusted-certificate-0001-key-decrypted.pem 410s + cat 410s + softhsm2-util --init-token --label 'Test Organization Root Tr Token' --pin 053350 --so-pin 053350 --free 410s Slot 0 has a free/uninitialized token. 410s The token has been initialized and is reassigned to slot 1024773401 410s + softhsm2-util --show-slots 410s Available slots: 410s Slot 1024773401 410s Slot info: 410s Description: SoftHSM slot ID 0x3d14cd19 410s Manufacturer ID: SoftHSM project 410s Hardware version: 2.6 410s Firmware version: 2.6 410s Token present: yes 410s Token info: 410s Manufacturer ID: SoftHSM project 410s Model: SoftHSM v2 410s Hardware version: 2.6 410s Firmware version: 2.6 410s Serial number: 99031b19bd14cd19 410s Initialized: yes 410s User PIN init.: yes 410s Label: Test Organization Root Tr Token 410s Slot 1 410s Slot info: 410s Description: SoftHSM slot ID 0x1 410s Manufacturer ID: SoftHSM project 410s Hardware version: 2.6 410s Firmware version: 2.6 410s Token present: yes 410s Token info: 410s Manufacturer ID: SoftHSM project 410s Model: SoftHSM v2 410s Hardware version: 2.6 410s Firmware version: 2.6 410s Serial number: 410s Initialized: no 410s User PIN init.: no 410s Label: 410s + p11tool --provider=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=/tmp/sssd-softhsm2-r0YAhf/test-root-CA-trusted-certificate-0001.pem --login --set-pin=053350 --label 'Test Organization Root Trusted Certificate 0001' --id 00112233445566778899FFAABBCCDDEEFF012345 410s + openssl rsa -passin pass:random-root-ca-trusted-cert-0001-6982 -in /tmp/sssd-softhsm2-r0YAhf/test-root-CA-trusted-certificate-0001-key.pem -out /tmp/sssd-softhsm2-r0YAhf/test-root-CA-trusted-certificate-0001-key-decrypted.pem 410s writing RSA key 410s + p11tool --provider=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so --write --load-privkey=/tmp/sssd-softhsm2-r0YAhf/test-root-CA-trusted-certificate-0001-key-decrypted.pem --login --set-pin=053350 --label 'Test Organization Root Trusted Certificate 0001 Key' --id 00112233445566778899FFAABBCCDDEEFF012345 410s + rm /tmp/sssd-softhsm2-r0YAhf/test-root-CA-trusted-certificate-0001-key-decrypted.pem 410s + p11tool --provider=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so --list-all 410s Object 0: 410s URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=99031b19bd14cd19;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert 410s Type: X.509 Certificate (RSA-1024) 410s Expires: Sat Jun 14 15:18:41 2025 410s Label: Test Organization Root Trusted Certificate 0001 410s ID: 00:11:22:33:44:55:66:77:88:99:ff:aa:bb:cc:dd:ee:ff:01:23:45 410s 410s Test Organization Root Tr Token 410s + echo 'Test Organization Root Tr Token' 410s + '[' -n '' ']' 410s + local output_base_name=SSSD-child-12168 410s + local output_file=/tmp/sssd-softhsm2-r0YAhf/SSSD-child-12168.output 410s + output_cert_file=/tmp/sssd-softhsm2-r0YAhf/SSSD-child-12168.pem 410s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/dev/null 410s [p11_child[2213]] [main] (0x0400): p11_child started. 410s [p11_child[2213]] [main] (0x2000): Running in [pre-auth] mode. 410s [p11_child[2213]] [main] (0x2000): Running with effective IDs: [0][0]. 410s [p11_child[2213]] [main] (0x2000): Running with real IDs [0][0]. 410s [p11_child[2213]] [init_verification] (0x0040): X509_LOOKUP_load_file [/dev/null] failed [92274824][error:05800088:x509 certificate routines::no certificate or crl found]. 410s [p11_child[2213]] [do_work] (0x0040): init_verification failed. 410s [p11_child[2213]] [main] (0x0020): p11_child failed (5) 410s + return 2 410s + valid_certificate /tmp/sssd-softhsm2-r0YAhf/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-6982 /dev/null no_verification 410s + check_certificate /tmp/sssd-softhsm2-r0YAhf/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-6982 /dev/null no_verification 410s + local certificate=/tmp/sssd-softhsm2-r0YAhf/test-root-CA-trusted-certificate-0001.pem 410s + local key_pass=pass:random-root-ca-trusted-cert-0001-6982 410s + local key_ring=/dev/null 410s + local verify_option=no_verification 410s + prepare_softhsm2_card /tmp/sssd-softhsm2-r0YAhf/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-6982 410s + local certificate=/tmp/sssd-softhsm2-r0YAhf/test-root-CA-trusted-certificate-0001.pem 410s + local key_pass=pass:random-root-ca-trusted-cert-0001-6982 410s + local key_cn 410s + local key_name 410s + local tokens_dir 410s + local output_cert_file 410s + token_name= 410s ++ basename /tmp/sssd-softhsm2-r0YAhf/test-root-CA-trusted-certificate-0001.pem .pem 410s + key_name=test-root-CA-trusted-certificate-0001 410s ++ sed -n 's/ *commonName *= //p' 410s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-r0YAhf/test-root-CA-trusted-certificate-0001.pem 410s + key_cn='Test Organization Root Trusted Certificate 0001' 410s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 410s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-r0YAhf/softhsm2-test-root-CA-trusted-certificate-0001.conf 410s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-r0YAhf/softhsm2-test-root-CA-trusted-certificate-0001.conf 410s ++ basename /tmp/sssd-softhsm2-r0YAhf/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 410s Test Organization Root Tr Token 410s + tokens_dir=/tmp/sssd-softhsm2-r0YAhf/softhsm2-test-root-CA-trusted-certificate-0001 410s + token_name='Test Organization Root Tr Token' 410s + '[' '!' -e /tmp/sssd-softhsm2-r0YAhf/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 410s + '[' '!' -d /tmp/sssd-softhsm2-r0YAhf/softhsm2-test-root-CA-trusted-certificate-0001 ']' 410s + echo 'Test Organization Root Tr Token' 410s + '[' -n no_verification ']' 410s + local verify_arg=--verify=no_verification 410s + local output_base_name=SSSD-child-28954 410s + local output_file=/tmp/sssd-softhsm2-r0YAhf/SSSD-child-28954.output 410s + output_cert_file=/tmp/sssd-softhsm2-r0YAhf/SSSD-child-28954.pem 410s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so --verify=no_verification --ca_db=/dev/null 410s [p11_child[2219]] [main] (0x0400): p11_child started. 410s [p11_child[2219]] [main] (0x2000): Running in [pre-auth] mode. 410s [p11_child[2219]] [main] (0x2000): Running with effective IDs: [0][0]. 410s [p11_child[2219]] [main] (0x2000): Running with real IDs [0][0]. 410s [p11_child[2219]] [parse_cert_verify_opts] (0x0020): Found 'no_verification' option, disabling verification completely. This should not be used in production. 410s [p11_child[2219]] [do_card] (0x4000): Module List: 410s [p11_child[2219]] [do_card] (0x4000): common name: [softhsm2]. 410s [p11_child[2219]] [do_card] (0x4000): dll name: [/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 410s [p11_child[2219]] [do_card] (0x4000): Description [SoftHSM slot ID 0x3d14cd19] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 410s [p11_child[2219]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 410s [p11_child[2219]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x3d14cd19][1024773401] of module [0][/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 410s [p11_child[2219]] [do_card] (0x4000): Login NOT required. 410s [p11_child[2219]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 410s [p11_child[2219]] [do_card] (0x4000): /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Root Tr Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 410s [p11_child[2219]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x3d14cd19;slot-manufacturer=SoftHSM%20project;slot-id=1024773401;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=99031b19bd14cd19;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 410s [p11_child[2219]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 410s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-r0YAhf/SSSD-child-28954.output 410s + echo '-----BEGIN CERTIFICATE-----' 410s + tail -n1 /tmp/sssd-softhsm2-r0YAhf/SSSD-child-28954.output 410s + echo '-----END CERTIFICATE-----' 410s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-r0YAhf/SSSD-child-28954.pem 410s Certificate: 410s Data: 410s Version: 3 (0x2) 410s Serial Number: 3 (0x3) 410s Signature Algorithm: sha256WithRSAEncryption 410s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 410s Validity 410s Not Before: Jun 14 15:18:41 2024 GMT 410s Not After : Jun 14 15:18:41 2025 GMT 410s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 410s Subject Public Key Info: 410s Public Key Algorithm: rsaEncryption 410s Public-Key: (1024 bit) 410s Modulus: 410s 00:a8:d1:f0:f5:c9:95:dc:47:ee:eb:17:35:f9:7e: 410s c3:56:26:45:71:0a:39:bd:96:3b:e4:59:f0:e1:c7: 410s 21:a7:92:cc:d8:db:76:54:9f:f1:c0:e4:d9:06:a4: 410s 99:51:81:5a:2f:b9:d2:93:7b:3f:52:f6:09:f0:02: 410s f2:4d:24:78:1c:bc:08:c1:94:e0:ad:d1:21:de:d2: 410s cb:bc:50:41:67:13:0e:2d:6a:fe:b9:bc:36:5e:01: 410s 3d:7a:ba:94:51:8e:a9:02:59:02:d7:6e:b7:08:7c: 410s 6a:2f:98:a2:d4:89:14:8d:4e:c7:96:1c:b4:0d:19: 410s 4b:f0:7e:4f:bf:f7:3b:78:43 410s Exponent: 65537 (0x10001) 410s X509v3 extensions: 410s X509v3 Authority Key Identifier: 410s FB:9F:83:9D:ED:50:0F:1C:13:34:B1:AF:EA:FB:8C:90:55:0C:6A:29 410s X509v3 Basic Constraints: 410s CA:FALSE 410s Netscape Cert Type: 410s SSL Client, S/MIME 410s Netscape Comment: 410s Test Organization Root CA trusted Certificate 410s X509v3 Subject Key Identifier: 410s EF:1F:C1:5A:4D:2D:82:C1:18:8D:0B:C8:E1:99:71:83:5F:13:59:EF 410s X509v3 Key Usage: critical 410s Digital Signature, Non Repudiation, Key Encipherment 410s X509v3 Extended Key Usage: 410s TLS Web Client Authentication, E-mail Protection 410s X509v3 Subject Alternative Name: 410s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 410s Signature Algorithm: sha256WithRSAEncryption 410s Signature Value: 410s 44:1f:5e:75:b2:9b:e0:1a:56:dd:e6:06:d7:d1:5d:3f:15:7b: 410s 0f:9c:4f:2b:07:19:b5:39:4d:2b:1d:9a:0a:2c:87:dd:c2:6c: 410s d2:c5:c2:e6:93:2a:f9:ea:03:74:f7:e4:38:a3:1c:6b:d7:c8: 410s 50:f8:68:5a:4f:ba:7e:95:17:0f:f5:2f:10:51:71:83:8e:7c: 410s e4:d3:86:7c:6d:c3:6a:d0:a4:3f:20:af:7a:79:c0:7b:51:5a: 410s 7f:92:3a:b8:dd:b7:fa:e2:c8:5e:93:49:a0:3b:95:ae:b4:8f: 410s c0:e8:ae:21:9b:de:0b:72:be:d0:b7:4b:bc:82:0f:a9:6a:b6: 410s 49:d3 410s + local found_md5 expected_md5 410s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-r0YAhf/test-root-CA-trusted-certificate-0001.pem 410s + expected_md5=Modulus=A8D1F0F5C995DC47EEEB1735F97EC3562645710A39BD963BE459F0E1C721A792CCD8DB76549FF1C0E4D906A49951815A2FB9D2937B3F52F609F002F24D24781CBC08C194E0ADD121DED2CBBC504167130E2D6AFEB9BC365E013D7ABA94518EA9025902D76EB7087C6A2F98A2D489148D4EC7961CB40D194BF07E4FBFF73B7843 410s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-r0YAhf/SSSD-child-28954.pem 410s + found_md5=Modulus=A8D1F0F5C995DC47EEEB1735F97EC3562645710A39BD963BE459F0E1C721A792CCD8DB76549FF1C0E4D906A49951815A2FB9D2937B3F52F609F002F24D24781CBC08C194E0ADD121DED2CBBC504167130E2D6AFEB9BC365E013D7ABA94518EA9025902D76EB7087C6A2F98A2D489148D4EC7961CB40D194BF07E4FBFF73B7843 410s + '[' Modulus=A8D1F0F5C995DC47EEEB1735F97EC3562645710A39BD963BE459F0E1C721A792CCD8DB76549FF1C0E4D906A49951815A2FB9D2937B3F52F609F002F24D24781CBC08C194E0ADD121DED2CBBC504167130E2D6AFEB9BC365E013D7ABA94518EA9025902D76EB7087C6A2F98A2D489148D4EC7961CB40D194BF07E4FBFF73B7843 '!=' Modulus=A8D1F0F5C995DC47EEEB1735F97EC3562645710A39BD963BE459F0E1C721A792CCD8DB76549FF1C0E4D906A49951815A2FB9D2937B3F52F609F002F24D24781CBC08C194E0ADD121DED2CBBC504167130E2D6AFEB9BC365E013D7ABA94518EA9025902D76EB7087C6A2F98A2D489148D4EC7961CB40D194BF07E4FBFF73B7843 ']' 410s + output_file=/tmp/sssd-softhsm2-r0YAhf/SSSD-child-28954-auth.output 410s ++ basename /tmp/sssd-softhsm2-r0YAhf/SSSD-child-28954-auth.output .output 410s + output_cert_file=/tmp/sssd-softhsm2-r0YAhf/SSSD-child-28954-auth.pem 410s + echo -n 053350 410s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/dev/null --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=no_verification --token_name 'Test Organization Root Tr Token' --module_name /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so 410s [p11_child[2227]] [main] (0x0400): p11_child started. 410s [p11_child[2227]] [main] (0x2000): Running in [auth] mode. 410s [p11_child[2227]] [main] (0x2000): Running with effective IDs: [0][0]. 410s [p11_child[2227]] [main] (0x2000): Running with real IDs [0][0]. 410s [p11_child[2227]] [parse_cert_verify_opts] (0x0020): Found 'no_verification' option, disabling verification completely. This should not be used in production. 410s [p11_child[2227]] [do_card] (0x4000): Module List: 410s [p11_child[2227]] [do_card] (0x4000): common name: [softhsm2]. 410s [p11_child[2227]] [do_card] (0x4000): dll name: [/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 410s [p11_child[2227]] [do_card] (0x4000): Description [SoftHSM slot ID 0x3d14cd19] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 410s [p11_child[2227]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 410s [p11_child[2227]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x3d14cd19][1024773401] of module [0][/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 410s [p11_child[2227]] [do_card] (0x4000): Login required. 410s [p11_child[2227]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 410s [p11_child[2227]] [do_card] (0x4000): /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so Test Organization Root Tr Token Test Organization Root Tr Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 410s [p11_child[2227]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x3d14cd19;slot-manufacturer=SoftHSM%20project;slot-id=1024773401;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=99031b19bd14cd19;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 410s [p11_child[2227]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 410s [p11_child[2227]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 410s [p11_child[2227]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 410s [p11_child[2227]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 410s [p11_child[2227]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 410s [p11_child[2227]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 410s [p11_child[2227]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 410s [p11_child[2227]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 410s [p11_child[2227]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 410s [p11_child[2227]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 410s [p11_child[2227]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 410s [p11_child[2227]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 410s [p11_child[2227]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 410s [p11_child[2227]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 410s [p11_child[2227]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 410s [p11_child[2227]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 410s [p11_child[2227]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 410s [p11_child[2227]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 410s [p11_child[2227]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 410s [p11_child[2227]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 410s [p11_child[2227]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 410s [p11_child[2227]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 410s [p11_child[2227]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 410s [p11_child[2227]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 410s [p11_child[2227]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 410s [p11_child[2227]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 410s [p11_child[2227]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 410s [p11_child[2227]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 410s [p11_child[2227]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 410s [p11_child[2227]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 410s [p11_child[2227]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 410s [p11_child[2227]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 410s [p11_child[2227]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 410s [p11_child[2227]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 410s [p11_child[2227]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 410s [p11_child[2227]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 410s [p11_child[2227]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 410s [p11_child[2227]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 410s [p11_child[2227]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 410s [p11_child[2227]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 410s [p11_child[2227]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 410s [p11_child[2227]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 410s [p11_child[2227]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 410s [p11_child[2227]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 410s [p11_child[2227]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 410s [p11_child[2227]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 410s [p11_child[2227]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 410s [p11_child[2227]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 410s [p11_child[2227]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 410s [p11_child[2227]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 410s [p11_child[2227]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 410s [p11_child[2227]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 410s [p11_child[2227]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 410s [p11_child[2227]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 410s [p11_child[2227]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 410s [p11_child[2227]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 410s [p11_child[2227]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 410s [p11_child[2227]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 410s [p11_child[2227]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 410s [p11_child[2227]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 410s [p11_child[2227]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 410s [p11_child[2227]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 410s [p11_child[2227]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 410s [p11_child[2227]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 410s [p11_child[2227]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 410s [p11_child[2227]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 410s [p11_child[2227]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 410s [p11_child[2227]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 410s [p11_child[2227]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 410s [p11_child[2227]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 410s [p11_child[2227]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 410s [p11_child[2227]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 410s [p11_child[2227]] [do_card] (0x4000): Certificate verified and validated. 410s [p11_child[2227]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 410s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-r0YAhf/SSSD-child-28954-auth.output 410s + echo '-----BEGIN CERTIFICATE-----' 410s + tail -n1 /tmp/sssd-softhsm2-r0YAhf/SSSD-child-28954-auth.output 410s + echo '-----END CERTIFICATE-----' 410s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-r0YAhf/SSSD-child-28954-auth.pem 410s Certificate: 410s Data: 410s Version: 3 (0x2) 410s Serial Number: 3 (0x3) 410s Signature Algorithm: sha256WithRSAEncryption 410s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 410s Validity 410s Not Before: Jun 14 15:18:41 2024 GMT 410s Not After : Jun 14 15:18:41 2025 GMT 410s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 410s Subject Public Key Info: 410s Public Key Algorithm: rsaEncryption 410s Public-Key: (1024 bit) 410s Modulus: 410s 00:a8:d1:f0:f5:c9:95:dc:47:ee:eb:17:35:f9:7e: 410s c3:56:26:45:71:0a:39:bd:96:3b:e4:59:f0:e1:c7: 410s 21:a7:92:cc:d8:db:76:54:9f:f1:c0:e4:d9:06:a4: 410s 99:51:81:5a:2f:b9:d2:93:7b:3f:52:f6:09:f0:02: 410s f2:4d:24:78:1c:bc:08:c1:94:e0:ad:d1:21:de:d2: 410s cb:bc:50:41:67:13:0e:2d:6a:fe:b9:bc:36:5e:01: 410s 3d:7a:ba:94:51:8e:a9:02:59:02:d7:6e:b7:08:7c: 410s 6a:2f:98:a2:d4:89:14:8d:4e:c7:96:1c:b4:0d:19: 410s 4b:f0:7e:4f:bf:f7:3b:78:43 410s Exponent: 65537 (0x10001) 410s X509v3 extensions: 410s X509v3 Authority Key Identifier: 410s FB:9F:83:9D:ED:50:0F:1C:13:34:B1:AF:EA:FB:8C:90:55:0C:6A:29 410s X509v3 Basic Constraints: 410s CA:FALSE 410s Netscape Cert Type: 410s SSL Client, S/MIME 410s Netscape Comment: 410s Test Organization Root CA trusted Certificate 410s X509v3 Subject Key Identifier: 410s EF:1F:C1:5A:4D:2D:82:C1:18:8D:0B:C8:E1:99:71:83:5F:13:59:EF 410s X509v3 Key Usage: critical 410s Digital Signature, Non Repudiation, Key Encipherment 410s X509v3 Extended Key Usage: 410s TLS Web Client Authentication, E-mail Protection 410s X509v3 Subject Alternative Name: 410s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 410s Signature Algorithm: sha256WithRSAEncryption 410s Signature Value: 410s 44:1f:5e:75:b2:9b:e0:1a:56:dd:e6:06:d7:d1:5d:3f:15:7b: 410s 0f:9c:4f:2b:07:19:b5:39:4d:2b:1d:9a:0a:2c:87:dd:c2:6c: 410s d2:c5:c2:e6:93:2a:f9:ea:03:74:f7:e4:38:a3:1c:6b:d7:c8: 410s 50:f8:68:5a:4f:ba:7e:95:17:0f:f5:2f:10:51:71:83:8e:7c: 410s e4:d3:86:7c:6d:c3:6a:d0:a4:3f:20:af:7a:79:c0:7b:51:5a: 410s 7f:92:3a:b8:dd:b7:fa:e2:c8:5e:93:49:a0:3b:95:ae:b4:8f: 410s c0:e8:ae:21:9b:de:0b:72:be:d0:b7:4b:bc:82:0f:a9:6a:b6: 410s 49:d3 410s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-r0YAhf/SSSD-child-28954-auth.pem 411s + found_md5=Modulus=A8D1F0F5C995DC47EEEB1735F97EC3562645710A39BD963BE459F0E1C721A792CCD8DB76549FF1C0E4D906A49951815A2FB9D2937B3F52F609F002F24D24781CBC08C194E0ADD121DED2CBBC504167130E2D6AFEB9BC365E013D7ABA94518EA9025902D76EB7087C6A2F98A2D489148D4EC7961CB40D194BF07E4FBFF73B7843 411s + '[' Modulus=A8D1F0F5C995DC47EEEB1735F97EC3562645710A39BD963BE459F0E1C721A792CCD8DB76549FF1C0E4D906A49951815A2FB9D2937B3F52F609F002F24D24781CBC08C194E0ADD121DED2CBBC504167130E2D6AFEB9BC365E013D7ABA94518EA9025902D76EB7087C6A2F98A2D489148D4EC7961CB40D194BF07E4FBFF73B7843 '!=' Modulus=A8D1F0F5C995DC47EEEB1735F97EC3562645710A39BD963BE459F0E1C721A792CCD8DB76549FF1C0E4D906A49951815A2FB9D2937B3F52F609F002F24D24781CBC08C194E0ADD121DED2CBBC504167130E2D6AFEB9BC365E013D7ABA94518EA9025902D76EB7087C6A2F98A2D489148D4EC7961CB40D194BF07E4FBFF73B7843 ']' 411s + valid_certificate /tmp/sssd-softhsm2-r0YAhf/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-6982 /tmp/sssd-softhsm2-r0YAhf/test-root-CA.pem 411s + check_certificate /tmp/sssd-softhsm2-r0YAhf/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-6982 /tmp/sssd-softhsm2-r0YAhf/test-root-CA.pem 411s + local certificate=/tmp/sssd-softhsm2-r0YAhf/test-root-CA-trusted-certificate-0001.pem 411s + local key_pass=pass:random-root-ca-trusted-cert-0001-6982 411s + local key_ring=/tmp/sssd-softhsm2-r0YAhf/test-root-CA.pem 411s + local verify_option= 411s + prepare_softhsm2_card /tmp/sssd-softhsm2-r0YAhf/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-6982 411s + local certificate=/tmp/sssd-softhsm2-r0YAhf/test-root-CA-trusted-certificate-0001.pem 411s + local key_pass=pass:random-root-ca-trusted-cert-0001-6982 411s + local key_cn 411s + local key_name 411s + local tokens_dir 411s + local output_cert_file 411s + token_name= 411s ++ basename /tmp/sssd-softhsm2-r0YAhf/test-root-CA-trusted-certificate-0001.pem .pem 411s + key_name=test-root-CA-trusted-certificate-0001 411s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-r0YAhf/test-root-CA-trusted-certificate-0001.pem 411s ++ sed -n 's/ *commonName *= //p' 411s + key_cn='Test Organization Root Trusted Certificate 0001' 411s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 411s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-r0YAhf/softhsm2-test-root-CA-trusted-certificate-0001.conf 411s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-r0YAhf/softhsm2-test-root-CA-trusted-certificate-0001.conf 411s ++ basename /tmp/sssd-softhsm2-r0YAhf/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 411s Test Organization Root Tr Token 411s + tokens_dir=/tmp/sssd-softhsm2-r0YAhf/softhsm2-test-root-CA-trusted-certificate-0001 411s + token_name='Test Organization Root Tr Token' 411s + '[' '!' -e /tmp/sssd-softhsm2-r0YAhf/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 411s + '[' '!' -d /tmp/sssd-softhsm2-r0YAhf/softhsm2-test-root-CA-trusted-certificate-0001 ']' 411s + echo 'Test Organization Root Tr Token' 411s + '[' -n '' ']' 411s + local output_base_name=SSSD-child-2248 411s + local output_file=/tmp/sssd-softhsm2-r0YAhf/SSSD-child-2248.output 411s + output_cert_file=/tmp/sssd-softhsm2-r0YAhf/SSSD-child-2248.pem 411s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-r0YAhf/test-root-CA.pem 411s [p11_child[2237]] [main] (0x0400): p11_child started. 411s [p11_child[2237]] [main] (0x2000): Running in [pre-auth] mode. 411s [p11_child[2237]] [main] (0x2000): Running with effective IDs: [0][0]. 411s [p11_child[2237]] [main] (0x2000): Running with real IDs [0][0]. 411s [p11_child[2237]] [do_card] (0x4000): Module List: 411s [p11_child[2237]] [do_card] (0x4000): common name: [softhsm2]. 411s [p11_child[2237]] [do_card] (0x4000): dll name: [/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 411s [p11_child[2237]] [do_card] (0x4000): Description [SoftHSM slot ID 0x3d14cd19] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 411s [p11_child[2237]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 411s [p11_child[2237]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x3d14cd19][1024773401] of module [0][/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 411s [p11_child[2237]] [do_card] (0x4000): Login NOT required. 411s [p11_child[2237]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 411s [p11_child[2237]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 411s [p11_child[2237]] [do_card] (0x4000): /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Root Tr Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 411s [p11_child[2237]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x3d14cd19;slot-manufacturer=SoftHSM%20project;slot-id=1024773401;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=99031b19bd14cd19;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 411s [p11_child[2237]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 411s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-r0YAhf/SSSD-child-2248.output 411s + echo '-----BEGIN CERTIFICATE-----' 411s + tail -n1 /tmp/sssd-softhsm2-r0YAhf/SSSD-child-2248.output 411s + echo '-----END CERTIFICATE-----' 411s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-r0YAhf/SSSD-child-2248.pem 411s Certificate: 411s Data: 411s Version: 3 (0x2) 411s Serial Number: 3 (0x3) 411s Signature Algorithm: sha256WithRSAEncryption 411s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 411s Validity 411s Not Before: Jun 14 15:18:41 2024 GMT 411s Not After : Jun 14 15:18:41 2025 GMT 411s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 411s Subject Public Key Info: 411s Public Key Algorithm: rsaEncryption 411s Public-Key: (1024 bit) 411s Modulus: 411s 00:a8:d1:f0:f5:c9:95:dc:47:ee:eb:17:35:f9:7e: 411s c3:56:26:45:71:0a:39:bd:96:3b:e4:59:f0:e1:c7: 411s 21:a7:92:cc:d8:db:76:54:9f:f1:c0:e4:d9:06:a4: 411s 99:51:81:5a:2f:b9:d2:93:7b:3f:52:f6:09:f0:02: 411s f2:4d:24:78:1c:bc:08:c1:94:e0:ad:d1:21:de:d2: 411s cb:bc:50:41:67:13:0e:2d:6a:fe:b9:bc:36:5e:01: 411s 3d:7a:ba:94:51:8e:a9:02:59:02:d7:6e:b7:08:7c: 411s 6a:2f:98:a2:d4:89:14:8d:4e:c7:96:1c:b4:0d:19: 411s 4b:f0:7e:4f:bf:f7:3b:78:43 411s Exponent: 65537 (0x10001) 411s X509v3 extensions: 411s X509v3 Authority Key Identifier: 411s FB:9F:83:9D:ED:50:0F:1C:13:34:B1:AF:EA:FB:8C:90:55:0C:6A:29 411s X509v3 Basic Constraints: 411s CA:FALSE 411s Netscape Cert Type: 411s SSL Client, S/MIME 411s Netscape Comment: 411s Test Organization Root CA trusted Certificate 411s X509v3 Subject Key Identifier: 411s EF:1F:C1:5A:4D:2D:82:C1:18:8D:0B:C8:E1:99:71:83:5F:13:59:EF 411s X509v3 Key Usage: critical 411s Digital Signature, Non Repudiation, Key Encipherment 411s X509v3 Extended Key Usage: 411s TLS Web Client Authentication, E-mail Protection 411s X509v3 Subject Alternative Name: 411s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 411s Signature Algorithm: sha256WithRSAEncryption 411s Signature Value: 411s 44:1f:5e:75:b2:9b:e0:1a:56:dd:e6:06:d7:d1:5d:3f:15:7b: 411s 0f:9c:4f:2b:07:19:b5:39:4d:2b:1d:9a:0a:2c:87:dd:c2:6c: 411s d2:c5:c2:e6:93:2a:f9:ea:03:74:f7:e4:38:a3:1c:6b:d7:c8: 411s 50:f8:68:5a:4f:ba:7e:95:17:0f:f5:2f:10:51:71:83:8e:7c: 411s e4:d3:86:7c:6d:c3:6a:d0:a4:3f:20:af:7a:79:c0:7b:51:5a: 411s 7f:92:3a:b8:dd:b7:fa:e2:c8:5e:93:49:a0:3b:95:ae:b4:8f: 411s c0:e8:ae:21:9b:de:0b:72:be:d0:b7:4b:bc:82:0f:a9:6a:b6: 411s 49:d3 411s + local found_md5 expected_md5 411s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-r0YAhf/test-root-CA-trusted-certificate-0001.pem 411s + expected_md5=Modulus=A8D1F0F5C995DC47EEEB1735F97EC3562645710A39BD963BE459F0E1C721A792CCD8DB76549FF1C0E4D906A49951815A2FB9D2937B3F52F609F002F24D24781CBC08C194E0ADD121DED2CBBC504167130E2D6AFEB9BC365E013D7ABA94518EA9025902D76EB7087C6A2F98A2D489148D4EC7961CB40D194BF07E4FBFF73B7843 411s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-r0YAhf/SSSD-child-2248.pem 411s + found_md5=Modulus=A8D1F0F5C995DC47EEEB1735F97EC3562645710A39BD963BE459F0E1C721A792CCD8DB76549FF1C0E4D906A49951815A2FB9D2937B3F52F609F002F24D24781CBC08C194E0ADD121DED2CBBC504167130E2D6AFEB9BC365E013D7ABA94518EA9025902D76EB7087C6A2F98A2D489148D4EC7961CB40D194BF07E4FBFF73B7843 411s + '[' Modulus=A8D1F0F5C995DC47EEEB1735F97EC3562645710A39BD963BE459F0E1C721A792CCD8DB76549FF1C0E4D906A49951815A2FB9D2937B3F52F609F002F24D24781CBC08C194E0ADD121DED2CBBC504167130E2D6AFEB9BC365E013D7ABA94518EA9025902D76EB7087C6A2F98A2D489148D4EC7961CB40D194BF07E4FBFF73B7843 '!=' Modulus=A8D1F0F5C995DC47EEEB1735F97EC3562645710A39BD963BE459F0E1C721A792CCD8DB76549FF1C0E4D906A49951815A2FB9D2937B3F52F609F002F24D24781CBC08C194E0ADD121DED2CBBC504167130E2D6AFEB9BC365E013D7ABA94518EA9025902D76EB7087C6A2F98A2D489148D4EC7961CB40D194BF07E4FBFF73B7843 ']' 411s + output_file=/tmp/sssd-softhsm2-r0YAhf/SSSD-child-2248-auth.output 411s ++ basename /tmp/sssd-softhsm2-r0YAhf/SSSD-child-2248-auth.output .output 411s + output_cert_file=/tmp/sssd-softhsm2-r0YAhf/SSSD-child-2248-auth.pem 411s + echo -n 053350 411s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-r0YAhf/test-root-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 '' --token_name 'Test Organization Root Tr Token' --module_name /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so 411s [p11_child[2245]] [main] (0x0400): p11_child started. 411s [p11_child[2245]] [main] (0x2000): Running in [auth] mode. 411s [p11_child[2245]] [main] (0x2000): Running with effective IDs: [0][0]. 411s [p11_child[2245]] [main] (0x2000): Running with real IDs [0][0]. 411s [p11_child[2245]] [do_card] (0x4000): Module List: 411s [p11_child[2245]] [do_card] (0x4000): common name: [softhsm2]. 411s [p11_child[2245]] [do_card] (0x4000): dll name: [/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 411s [p11_child[2245]] [do_card] (0x4000): Description [SoftHSM slot ID 0x3d14cd19] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 411s [p11_child[2245]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 411s [p11_child[2245]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x3d14cd19][1024773401] of module [0][/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 411s [p11_child[2245]] [do_card] (0x4000): Login required. 411s [p11_child[2245]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 411s [p11_child[2245]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 411s [p11_child[2245]] [do_card] (0x4000): /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so Test Organization Root Tr Token Test Organization Root Tr Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 411s [p11_child[2245]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x3d14cd19;slot-manufacturer=SoftHSM%20project;slot-id=1024773401;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=99031b19bd14cd19;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 411s [p11_child[2245]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 411s [p11_child[2245]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 411s [p11_child[2245]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 411s [p11_child[2245]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 411s [p11_child[2245]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 411s [p11_child[2245]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 411s [p11_child[2245]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 411s [p11_child[2245]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 411s [p11_child[2245]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 411s [p11_child[2245]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 411s [p11_child[2245]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 411s [p11_child[2245]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 411s [p11_child[2245]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 411s [p11_child[2245]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 411s [p11_child[2245]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 411s [p11_child[2245]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 411s [p11_child[2245]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 411s [p11_child[2245]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 411s [p11_child[2245]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 411s [p11_child[2245]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 411s [p11_child[2245]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 411s [p11_child[2245]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 411s [p11_child[2245]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 411s [p11_child[2245]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 411s [p11_child[2245]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 411s [p11_child[2245]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 411s [p11_child[2245]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 411s [p11_child[2245]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 411s [p11_child[2245]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 411s [p11_child[2245]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 411s [p11_child[2245]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 411s [p11_child[2245]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 411s [p11_child[2245]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 411s [p11_child[2245]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 411s [p11_child[2245]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 411s [p11_child[2245]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 411s [p11_child[2245]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 411s [p11_child[2245]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 411s [p11_child[2245]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 411s [p11_child[2245]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 411s [p11_child[2245]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 411s [p11_child[2245]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 411s [p11_child[2245]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 411s [p11_child[2245]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 411s [p11_child[2245]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 411s [p11_child[2245]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 411s [p11_child[2245]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 411s [p11_child[2245]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 411s [p11_child[2245]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 411s [p11_child[2245]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 411s [p11_child[2245]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 411s [p11_child[2245]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 411s [p11_child[2245]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 411s [p11_child[2245]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 411s [p11_child[2245]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 411s [p11_child[2245]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 411s [p11_child[2245]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 411s [p11_child[2245]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 411s [p11_child[2245]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 411s [p11_child[2245]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 411s [p11_child[2245]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 411s [p11_child[2245]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 411s [p11_child[2245]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 411s [p11_child[2245]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 411s [p11_child[2245]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 411s [p11_child[2245]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 411s [p11_child[2245]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 411s [p11_child[2245]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 411s [p11_child[2245]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 411s [p11_child[2245]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 411s [p11_child[2245]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 411s [p11_child[2245]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 411s [p11_child[2245]] [do_card] (0x4000): Certificate verified and validated. 411s [p11_child[2245]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 411s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-r0YAhf/SSSD-child-2248-auth.output 411s + echo '-----BEGIN CERTIFICATE-----' 411s + tail -n1 /tmp/sssd-softhsm2-r0YAhf/SSSD-child-2248-auth.output 411s + echo '-----END CERTIFICATE-----' 411s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-r0YAhf/SSSD-child-2248-auth.pem 411s Certificate: 411s Data: 411s Version: 3 (0x2) 411s Serial Number: 3 (0x3) 411s Signature Algorithm: sha256WithRSAEncryption 411s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 411s Validity 411s Not Before: Jun 14 15:18:41 2024 GMT 411s Not After : Jun 14 15:18:41 2025 GMT 411s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 411s Subject Public Key Info: 411s Public Key Algorithm: rsaEncryption 411s Public-Key: (1024 bit) 411s Modulus: 411s 00:a8:d1:f0:f5:c9:95:dc:47:ee:eb:17:35:f9:7e: 411s c3:56:26:45:71:0a:39:bd:96:3b:e4:59:f0:e1:c7: 411s 21:a7:92:cc:d8:db:76:54:9f:f1:c0:e4:d9:06:a4: 411s 99:51:81:5a:2f:b9:d2:93:7b:3f:52:f6:09:f0:02: 411s f2:4d:24:78:1c:bc:08:c1:94:e0:ad:d1:21:de:d2: 411s cb:bc:50:41:67:13:0e:2d:6a:fe:b9:bc:36:5e:01: 411s 3d:7a:ba:94:51:8e:a9:02:59:02:d7:6e:b7:08:7c: 411s 6a:2f:98:a2:d4:89:14:8d:4e:c7:96:1c:b4:0d:19: 411s 4b:f0:7e:4f:bf:f7:3b:78:43 411s Exponent: 65537 (0x10001) 411s X509v3 extensions: 411s X509v3 Authority Key Identifier: 411s FB:9F:83:9D:ED:50:0F:1C:13:34:B1:AF:EA:FB:8C:90:55:0C:6A:29 411s X509v3 Basic Constraints: 411s CA:FALSE 411s Netscape Cert Type: 411s SSL Client, S/MIME 411s Netscape Comment: 411s Test Organization Root CA trusted Certificate 411s X509v3 Subject Key Identifier: 411s EF:1F:C1:5A:4D:2D:82:C1:18:8D:0B:C8:E1:99:71:83:5F:13:59:EF 411s X509v3 Key Usage: critical 411s Digital Signature, Non Repudiation, Key Encipherment 411s X509v3 Extended Key Usage: 411s TLS Web Client Authentication, E-mail Protection 411s X509v3 Subject Alternative Name: 411s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 411s Signature Algorithm: sha256WithRSAEncryption 411s Signature Value: 411s 44:1f:5e:75:b2:9b:e0:1a:56:dd:e6:06:d7:d1:5d:3f:15:7b: 411s 0f:9c:4f:2b:07:19:b5:39:4d:2b:1d:9a:0a:2c:87:dd:c2:6c: 411s d2:c5:c2:e6:93:2a:f9:ea:03:74:f7:e4:38:a3:1c:6b:d7:c8: 411s 50:f8:68:5a:4f:ba:7e:95:17:0f:f5:2f:10:51:71:83:8e:7c: 411s e4:d3:86:7c:6d:c3:6a:d0:a4:3f:20:af:7a:79:c0:7b:51:5a: 411s 7f:92:3a:b8:dd:b7:fa:e2:c8:5e:93:49:a0:3b:95:ae:b4:8f: 411s c0:e8:ae:21:9b:de:0b:72:be:d0:b7:4b:bc:82:0f:a9:6a:b6: 411s 49:d3 411s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-r0YAhf/SSSD-child-2248-auth.pem 411s + found_md5=Modulus=A8D1F0F5C995DC47EEEB1735F97EC3562645710A39BD963BE459F0E1C721A792CCD8DB76549FF1C0E4D906A49951815A2FB9D2937B3F52F609F002F24D24781CBC08C194E0ADD121DED2CBBC504167130E2D6AFEB9BC365E013D7ABA94518EA9025902D76EB7087C6A2F98A2D489148D4EC7961CB40D194BF07E4FBFF73B7843 411s + '[' Modulus=A8D1F0F5C995DC47EEEB1735F97EC3562645710A39BD963BE459F0E1C721A792CCD8DB76549FF1C0E4D906A49951815A2FB9D2937B3F52F609F002F24D24781CBC08C194E0ADD121DED2CBBC504167130E2D6AFEB9BC365E013D7ABA94518EA9025902D76EB7087C6A2F98A2D489148D4EC7961CB40D194BF07E4FBFF73B7843 '!=' Modulus=A8D1F0F5C995DC47EEEB1735F97EC3562645710A39BD963BE459F0E1C721A792CCD8DB76549FF1C0E4D906A49951815A2FB9D2937B3F52F609F002F24D24781CBC08C194E0ADD121DED2CBBC504167130E2D6AFEB9BC365E013D7ABA94518EA9025902D76EB7087C6A2F98A2D489148D4EC7961CB40D194BF07E4FBFF73B7843 ']' 411s + valid_certificate /tmp/sssd-softhsm2-r0YAhf/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-6982 /tmp/sssd-softhsm2-r0YAhf/test-root-CA.pem partial_chain 411s + check_certificate /tmp/sssd-softhsm2-r0YAhf/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-6982 /tmp/sssd-softhsm2-r0YAhf/test-root-CA.pem partial_chain 411s + local certificate=/tmp/sssd-softhsm2-r0YAhf/test-root-CA-trusted-certificate-0001.pem 411s + local key_pass=pass:random-root-ca-trusted-cert-0001-6982 411s + local key_ring=/tmp/sssd-softhsm2-r0YAhf/test-root-CA.pem 411s + local verify_option=partial_chain 411s + prepare_softhsm2_card /tmp/sssd-softhsm2-r0YAhf/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-6982 411s + local certificate=/tmp/sssd-softhsm2-r0YAhf/test-root-CA-trusted-certificate-0001.pem 411s + local key_pass=pass:random-root-ca-trusted-cert-0001-6982 411s + local key_cn 411s + local key_name 411s + local tokens_dir 411s + local output_cert_file 411s + token_name= 411s ++ basename /tmp/sssd-softhsm2-r0YAhf/test-root-CA-trusted-certificate-0001.pem .pem 411s + key_name=test-root-CA-trusted-certificate-0001 411s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-r0YAhf/test-root-CA-trusted-certificate-0001.pem 411s ++ sed -n 's/ *commonName *= //p' 411s + key_cn='Test Organization Root Trusted Certificate 0001' 411s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 411s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-r0YAhf/softhsm2-test-root-CA-trusted-certificate-0001.conf 411s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-r0YAhf/softhsm2-test-root-CA-trusted-certificate-0001.conf 411s ++ basename /tmp/sssd-softhsm2-r0YAhf/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 411s Test Organization Root Tr Token 411s + tokens_dir=/tmp/sssd-softhsm2-r0YAhf/softhsm2-test-root-CA-trusted-certificate-0001 411s + token_name='Test Organization Root Tr Token' 411s + '[' '!' -e /tmp/sssd-softhsm2-r0YAhf/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 411s + '[' '!' -d /tmp/sssd-softhsm2-r0YAhf/softhsm2-test-root-CA-trusted-certificate-0001 ']' 411s + echo 'Test Organization Root Tr Token' 411s + '[' -n partial_chain ']' 411s + local verify_arg=--verify=partial_chain 411s + local output_base_name=SSSD-child-1311 411s + local output_file=/tmp/sssd-softhsm2-r0YAhf/SSSD-child-1311.output 411s + output_cert_file=/tmp/sssd-softhsm2-r0YAhf/SSSD-child-1311.pem 411s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-r0YAhf/test-root-CA.pem 411s [p11_child[2255]] [main] (0x0400): p11_child started. 411s [p11_child[2255]] [main] (0x2000): Running in [pre-auth] mode. 411s [p11_child[2255]] [main] (0x2000): Running with effective IDs: [0][0]. 411s [p11_child[2255]] [main] (0x2000): Running with real IDs [0][0]. 411s [p11_child[2255]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 411s [p11_child[2255]] [do_card] (0x4000): Module List: 411s [p11_child[2255]] [do_card] (0x4000): common name: [softhsm2]. 411s [p11_child[2255]] [do_card] (0x4000): dll name: [/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 411s [p11_child[2255]] [do_card] (0x4000): Description [SoftHSM slot ID 0x3d14cd19] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 411s [p11_child[2255]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 411s [p11_child[2255]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x3d14cd19][1024773401] of module [0][/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 411s [p11_child[2255]] [do_card] (0x4000): Login NOT required. 411s [p11_child[2255]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 411s [p11_child[2255]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 411s [p11_child[2255]] [do_card] (0x4000): /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Root Tr Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 411s [p11_child[2255]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x3d14cd19;slot-manufacturer=SoftHSM%20project;slot-id=1024773401;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=99031b19bd14cd19;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 411s [p11_child[2255]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 411s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-r0YAhf/SSSD-child-1311.output 411s + echo '-----BEGIN CERTIFICATE-----' 411s + tail -n1 /tmp/sssd-softhsm2-r0YAhf/SSSD-child-1311.output 411s + echo '-----END CERTIFICATE-----' 411s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-r0YAhf/SSSD-child-1311.pem 411s Certificate: 411s Data: 411s Version: 3 (0x2) 411s Serial Number: 3 (0x3) 411s Signature Algorithm: sha256WithRSAEncryption 411s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 411s Validity 411s Not Before: Jun 14 15:18:41 2024 GMT 411s Not After : Jun 14 15:18:41 2025 GMT 411s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 411s Subject Public Key Info: 411s Public Key Algorithm: rsaEncryption 411s Public-Key: (1024 bit) 411s Modulus: 411s 00:a8:d1:f0:f5:c9:95:dc:47:ee:eb:17:35:f9:7e: 411s c3:56:26:45:71:0a:39:bd:96:3b:e4:59:f0:e1:c7: 411s 21:a7:92:cc:d8:db:76:54:9f:f1:c0:e4:d9:06:a4: 411s 99:51:81:5a:2f:b9:d2:93:7b:3f:52:f6:09:f0:02: 411s f2:4d:24:78:1c:bc:08:c1:94:e0:ad:d1:21:de:d2: 411s cb:bc:50:41:67:13:0e:2d:6a:fe:b9:bc:36:5e:01: 411s 3d:7a:ba:94:51:8e:a9:02:59:02:d7:6e:b7:08:7c: 411s 6a:2f:98:a2:d4:89:14:8d:4e:c7:96:1c:b4:0d:19: 411s 4b:f0:7e:4f:bf:f7:3b:78:43 411s Exponent: 65537 (0x10001) 411s X509v3 extensions: 411s X509v3 Authority Key Identifier: 411s FB:9F:83:9D:ED:50:0F:1C:13:34:B1:AF:EA:FB:8C:90:55:0C:6A:29 411s X509v3 Basic Constraints: 411s CA:FALSE 411s Netscape Cert Type: 411s SSL Client, S/MIME 411s Netscape Comment: 411s Test Organization Root CA trusted Certificate 411s X509v3 Subject Key Identifier: 411s EF:1F:C1:5A:4D:2D:82:C1:18:8D:0B:C8:E1:99:71:83:5F:13:59:EF 411s X509v3 Key Usage: critical 411s Digital Signature, Non Repudiation, Key Encipherment 411s X509v3 Extended Key Usage: 411s TLS Web Client Authentication, E-mail Protection 411s X509v3 Subject Alternative Name: 411s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 411s Signature Algorithm: sha256WithRSAEncryption 411s Signature Value: 411s 44:1f:5e:75:b2:9b:e0:1a:56:dd:e6:06:d7:d1:5d:3f:15:7b: 411s 0f:9c:4f:2b:07:19:b5:39:4d:2b:1d:9a:0a:2c:87:dd:c2:6c: 411s d2:c5:c2:e6:93:2a:f9:ea:03:74:f7:e4:38:a3:1c:6b:d7:c8: 411s 50:f8:68:5a:4f:ba:7e:95:17:0f:f5:2f:10:51:71:83:8e:7c: 411s e4:d3:86:7c:6d:c3:6a:d0:a4:3f:20:af:7a:79:c0:7b:51:5a: 411s 7f:92:3a:b8:dd:b7:fa:e2:c8:5e:93:49:a0:3b:95:ae:b4:8f: 411s c0:e8:ae:21:9b:de:0b:72:be:d0:b7:4b:bc:82:0f:a9:6a:b6: 411s 49:d3 411s + local found_md5 expected_md5 411s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-r0YAhf/test-root-CA-trusted-certificate-0001.pem 411s + expected_md5=Modulus=A8D1F0F5C995DC47EEEB1735F97EC3562645710A39BD963BE459F0E1C721A792CCD8DB76549FF1C0E4D906A49951815A2FB9D2937B3F52F609F002F24D24781CBC08C194E0ADD121DED2CBBC504167130E2D6AFEB9BC365E013D7ABA94518EA9025902D76EB7087C6A2F98A2D489148D4EC7961CB40D194BF07E4FBFF73B7843 411s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-r0YAhf/SSSD-child-1311.pem 411s + found_md5=Modulus=A8D1F0F5C995DC47EEEB1735F97EC3562645710A39BD963BE459F0E1C721A792CCD8DB76549FF1C0E4D906A49951815A2FB9D2937B3F52F609F002F24D24781CBC08C194E0ADD121DED2CBBC504167130E2D6AFEB9BC365E013D7ABA94518EA9025902D76EB7087C6A2F98A2D489148D4EC7961CB40D194BF07E4FBFF73B7843 411s + '[' Modulus=A8D1F0F5C995DC47EEEB1735F97EC3562645710A39BD963BE459F0E1C721A792CCD8DB76549FF1C0E4D906A49951815A2FB9D2937B3F52F609F002F24D24781CBC08C194E0ADD121DED2CBBC504167130E2D6AFEB9BC365E013D7ABA94518EA9025902D76EB7087C6A2F98A2D489148D4EC7961CB40D194BF07E4FBFF73B7843 '!=' Modulus=A8D1F0F5C995DC47EEEB1735F97EC3562645710A39BD963BE459F0E1C721A792CCD8DB76549FF1C0E4D906A49951815A2FB9D2937B3F52F609F002F24D24781CBC08C194E0ADD121DED2CBBC504167130E2D6AFEB9BC365E013D7ABA94518EA9025902D76EB7087C6A2F98A2D489148D4EC7961CB40D194BF07E4FBFF73B7843 ']' 411s + output_file=/tmp/sssd-softhsm2-r0YAhf/SSSD-child-1311-auth.output 411s ++ basename /tmp/sssd-softhsm2-r0YAhf/SSSD-child-1311-auth.output .output 411s + output_cert_file=/tmp/sssd-softhsm2-r0YAhf/SSSD-child-1311-auth.pem 411s + echo -n 053350 411s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-r0YAhf/test-root-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Root Tr Token' --module_name /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so 411s [p11_child[2263]] [main] (0x0400): p11_child started. 411s [p11_child[2263]] [main] (0x2000): Running in [auth] mode. 411s [p11_child[2263]] [main] (0x2000): Running with effective IDs: [0][0]. 411s [p11_child[2263]] [main] (0x2000): Running with real IDs [0][0]. 411s [p11_child[2263]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 411s [p11_child[2263]] [do_card] (0x4000): Module List: 411s [p11_child[2263]] [do_card] (0x4000): common name: [softhsm2]. 411s [p11_child[2263]] [do_card] (0x4000): dll name: [/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 411s [p11_child[2263]] [do_card] (0x4000): Description [SoftHSM slot ID 0x3d14cd19] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 411s [p11_child[2263]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 411s [p11_child[2263]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x3d14cd19][1024773401] of module [0][/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 411s [p11_child[2263]] [do_card] (0x4000): Login required. 411s [p11_child[2263]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 411s [p11_child[2263]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 411s [p11_child[2263]] [do_card] (0x4000): /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so Test Organization Root Tr Token Test Organization Root Tr Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 411s [p11_child[2263]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x3d14cd19;slot-manufacturer=SoftHSM%20project;slot-id=1024773401;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=99031b19bd14cd19;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 411s [p11_child[2263]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 411s [p11_child[2263]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 411s [p11_child[2263]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 411s [p11_child[2263]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 411s [p11_child[2263]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 411s [p11_child[2263]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 411s [p11_child[2263]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 411s [p11_child[2263]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 411s [p11_child[2263]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 411s [p11_child[2263]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 411s [p11_child[2263]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 411s [p11_child[2263]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 411s [p11_child[2263]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 411s [p11_child[2263]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 411s [p11_child[2263]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 411s [p11_child[2263]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 411s [p11_child[2263]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 411s [p11_child[2263]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 411s [p11_child[2263]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 411s [p11_child[2263]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 411s [p11_child[2263]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 411s [p11_child[2263]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 411s [p11_child[2263]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 411s [p11_child[2263]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 411s [p11_child[2263]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 411s [p11_child[2263]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 411s [p11_child[2263]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 411s [p11_child[2263]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 411s [p11_child[2263]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 411s [p11_child[2263]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 411s [p11_child[2263]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 411s [p11_child[2263]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 411s [p11_child[2263]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 411s [p11_child[2263]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 411s [p11_child[2263]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 411s [p11_child[2263]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 411s [p11_child[2263]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 411s [p11_child[2263]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 411s [p11_child[2263]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 411s [p11_child[2263]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 411s [p11_child[2263]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 411s [p11_child[2263]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 411s [p11_child[2263]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 411s [p11_child[2263]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 411s [p11_child[2263]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 411s [p11_child[2263]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 411s [p11_child[2263]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 411s [p11_child[2263]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 411s [p11_child[2263]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 411s [p11_child[2263]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 411s [p11_child[2263]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 411s [p11_child[2263]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 411s [p11_child[2263]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 411s [p11_child[2263]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 411s [p11_child[2263]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 411s [p11_child[2263]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 411s [p11_child[2263]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 411s [p11_child[2263]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 411s [p11_child[2263]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 411s [p11_child[2263]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 411s [p11_child[2263]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 411s [p11_child[2263]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 411s [p11_child[2263]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 411s [p11_child[2263]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 411s [p11_child[2263]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 411s [p11_child[2263]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 411s [p11_child[2263]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 411s [p11_child[2263]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 411s [p11_child[2263]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 411s [p11_child[2263]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 411s [p11_child[2263]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 411s [p11_child[2263]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 411s [p11_child[2263]] [do_card] (0x4000): Certificate verified and validated. 411s [p11_child[2263]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 411s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-r0YAhf/SSSD-child-1311-auth.output 411s + echo '-----BEGIN CERTIFICATE-----' 411s + tail -n1 /tmp/sssd-softhsm2-r0YAhf/SSSD-child-1311-auth.output 411s + echo '-----END CERTIFICATE-----' 411s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-r0YAhf/SSSD-child-1311-auth.pem 411s Certificate: 411s Data: 411s Version: 3 (0x2) 411s Serial Number: 3 (0x3) 411s Signature Algorithm: sha256WithRSAEncryption 411s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 411s Validity 411s Not Before: Jun 14 15:18:41 2024 GMT 411s Not After : Jun 14 15:18:41 2025 GMT 411s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 411s Subject Public Key Info: 411s Public Key Algorithm: rsaEncryption 411s Public-Key: (1024 bit) 411s Modulus: 411s 00:a8:d1:f0:f5:c9:95:dc:47:ee:eb:17:35:f9:7e: 411s c3:56:26:45:71:0a:39:bd:96:3b:e4:59:f0:e1:c7: 411s 21:a7:92:cc:d8:db:76:54:9f:f1:c0:e4:d9:06:a4: 411s 99:51:81:5a:2f:b9:d2:93:7b:3f:52:f6:09:f0:02: 411s f2:4d:24:78:1c:bc:08:c1:94:e0:ad:d1:21:de:d2: 411s cb:bc:50:41:67:13:0e:2d:6a:fe:b9:bc:36:5e:01: 411s 3d:7a:ba:94:51:8e:a9:02:59:02:d7:6e:b7:08:7c: 411s 6a:2f:98:a2:d4:89:14:8d:4e:c7:96:1c:b4:0d:19: 411s 4b:f0:7e:4f:bf:f7:3b:78:43 411s Exponent: 65537 (0x10001) 411s X509v3 extensions: 411s X509v3 Authority Key Identifier: 411s FB:9F:83:9D:ED:50:0F:1C:13:34:B1:AF:EA:FB:8C:90:55:0C:6A:29 411s X509v3 Basic Constraints: 411s CA:FALSE 411s Netscape Cert Type: 411s SSL Client, S/MIME 411s Netscape Comment: 411s Test Organization Root CA trusted Certificate 411s X509v3 Subject Key Identifier: 411s EF:1F:C1:5A:4D:2D:82:C1:18:8D:0B:C8:E1:99:71:83:5F:13:59:EF 411s X509v3 Key Usage: critical 411s Digital Signature, Non Repudiation, Key Encipherment 411s X509v3 Extended Key Usage: 411s TLS Web Client Authentication, E-mail Protection 411s X509v3 Subject Alternative Name: 411s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 411s Signature Algorithm: sha256WithRSAEncryption 411s Signature Value: 411s 44:1f:5e:75:b2:9b:e0:1a:56:dd:e6:06:d7:d1:5d:3f:15:7b: 411s 0f:9c:4f:2b:07:19:b5:39:4d:2b:1d:9a:0a:2c:87:dd:c2:6c: 411s d2:c5:c2:e6:93:2a:f9:ea:03:74:f7:e4:38:a3:1c:6b:d7:c8: 411s 50:f8:68:5a:4f:ba:7e:95:17:0f:f5:2f:10:51:71:83:8e:7c: 411s e4:d3:86:7c:6d:c3:6a:d0:a4:3f:20:af:7a:79:c0:7b:51:5a: 411s 7f:92:3a:b8:dd:b7:fa:e2:c8:5e:93:49:a0:3b:95:ae:b4:8f: 411s c0:e8:ae:21:9b:de:0b:72:be:d0:b7:4b:bc:82:0f:a9:6a:b6: 411s 49:d3 411s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-r0YAhf/SSSD-child-1311-auth.pem 411s + found_md5=Modulus=A8D1F0F5C995DC47EEEB1735F97EC3562645710A39BD963BE459F0E1C721A792CCD8DB76549FF1C0E4D906A49951815A2FB9D2937B3F52F609F002F24D24781CBC08C194E0ADD121DED2CBBC504167130E2D6AFEB9BC365E013D7ABA94518EA9025902D76EB7087C6A2F98A2D489148D4EC7961CB40D194BF07E4FBFF73B7843 411s + '[' Modulus=A8D1F0F5C995DC47EEEB1735F97EC3562645710A39BD963BE459F0E1C721A792CCD8DB76549FF1C0E4D906A49951815A2FB9D2937B3F52F609F002F24D24781CBC08C194E0ADD121DED2CBBC504167130E2D6AFEB9BC365E013D7ABA94518EA9025902D76EB7087C6A2F98A2D489148D4EC7961CB40D194BF07E4FBFF73B7843 '!=' Modulus=A8D1F0F5C995DC47EEEB1735F97EC3562645710A39BD963BE459F0E1C721A792CCD8DB76549FF1C0E4D906A49951815A2FB9D2937B3F52F609F002F24D24781CBC08C194E0ADD121DED2CBBC504167130E2D6AFEB9BC365E013D7ABA94518EA9025902D76EB7087C6A2F98A2D489148D4EC7961CB40D194BF07E4FBFF73B7843 ']' 411s + valid_certificate /tmp/sssd-softhsm2-r0YAhf/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-6982 /tmp/sssd-softhsm2-r0YAhf/test-full-chain-CA.pem 411s + check_certificate /tmp/sssd-softhsm2-r0YAhf/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-6982 /tmp/sssd-softhsm2-r0YAhf/test-full-chain-CA.pem 411s + local certificate=/tmp/sssd-softhsm2-r0YAhf/test-root-CA-trusted-certificate-0001.pem 411s + local key_pass=pass:random-root-ca-trusted-cert-0001-6982 411s + local key_ring=/tmp/sssd-softhsm2-r0YAhf/test-full-chain-CA.pem 411s + local verify_option= 411s + prepare_softhsm2_card /tmp/sssd-softhsm2-r0YAhf/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-6982 411s + local certificate=/tmp/sssd-softhsm2-r0YAhf/test-root-CA-trusted-certificate-0001.pem 411s + local key_pass=pass:random-root-ca-trusted-cert-0001-6982 411s + local key_cn 411s + local key_name 411s + local tokens_dir 411s + local output_cert_file 411s + token_name= 411s ++ basename /tmp/sssd-softhsm2-r0YAhf/test-root-CA-trusted-certificate-0001.pem .pem 411s + key_name=test-root-CA-trusted-certificate-0001 411s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-r0YAhf/test-root-CA-trusted-certificate-0001.pem 411s ++ sed -n 's/ *commonName *= //p' 411s + key_cn='Test Organization Root Trusted Certificate 0001' 411s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 411s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-r0YAhf/softhsm2-test-root-CA-trusted-certificate-0001.conf 411s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-r0YAhf/softhsm2-test-root-CA-trusted-certificate-0001.conf 411s Test Organization Root Tr Token 411s ++ basename /tmp/sssd-softhsm2-r0YAhf/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 411s + tokens_dir=/tmp/sssd-softhsm2-r0YAhf/softhsm2-test-root-CA-trusted-certificate-0001 411s + token_name='Test Organization Root Tr Token' 411s + '[' '!' -e /tmp/sssd-softhsm2-r0YAhf/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 411s + '[' '!' -d /tmp/sssd-softhsm2-r0YAhf/softhsm2-test-root-CA-trusted-certificate-0001 ']' 411s + echo 'Test Organization Root Tr Token' 411s + '[' -n '' ']' 411s + local output_base_name=SSSD-child-18330 411s + local output_file=/tmp/sssd-softhsm2-r0YAhf/SSSD-child-18330.output 411s + output_cert_file=/tmp/sssd-softhsm2-r0YAhf/SSSD-child-18330.pem 411s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-r0YAhf/test-full-chain-CA.pem 411s [p11_child[2273]] [main] (0x0400): p11_child started. 411s [p11_child[2273]] [main] (0x2000): Running in [pre-auth] mode. 411s [p11_child[2273]] [main] (0x2000): Running with effective IDs: [0][0]. 411s [p11_child[2273]] [main] (0x2000): Running with real IDs [0][0]. 411s [p11_child[2273]] [do_card] (0x4000): Module List: 411s [p11_child[2273]] [do_card] (0x4000): common name: [softhsm2]. 411s [p11_child[2273]] [do_card] (0x4000): dll name: [/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 411s [p11_child[2273]] [do_card] (0x4000): Description [SoftHSM slot ID 0x3d14cd19] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 411s [p11_child[2273]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 411s [p11_child[2273]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x3d14cd19][1024773401] of module [0][/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 411s [p11_child[2273]] [do_card] (0x4000): Login NOT required. 411s [p11_child[2273]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 411s [p11_child[2273]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 411s [p11_child[2273]] [do_card] (0x4000): /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Root Tr Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 411s [p11_child[2273]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x3d14cd19;slot-manufacturer=SoftHSM%20project;slot-id=1024773401;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=99031b19bd14cd19;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 411s [p11_child[2273]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 411s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-r0YAhf/SSSD-child-18330.output 411s + echo '-----BEGIN CERTIFICATE-----' 411s + tail -n1 /tmp/sssd-softhsm2-r0YAhf/SSSD-child-18330.output 411s + echo '-----END CERTIFICATE-----' 411s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-r0YAhf/SSSD-child-18330.pem 411s + local found_md5 expected_md5 411s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-r0YAhf/test-root-CA-trusted-certificate-0001.pem 411s Certificate: 411s Data: 411s Version: 3 (0x2) 411s Serial Number: 3 (0x3) 411s Signature Algorithm: sha256WithRSAEncryption 411s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 411s Validity 411s Not Before: Jun 14 15:18:41 2024 GMT 411s Not After : Jun 14 15:18:41 2025 GMT 411s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 411s Subject Public Key Info: 411s Public Key Algorithm: rsaEncryption 411s Public-Key: (1024 bit) 411s Modulus: 411s 00:a8:d1:f0:f5:c9:95:dc:47:ee:eb:17:35:f9:7e: 411s c3:56:26:45:71:0a:39:bd:96:3b:e4:59:f0:e1:c7: 411s 21:a7:92:cc:d8:db:76:54:9f:f1:c0:e4:d9:06:a4: 411s 99:51:81:5a:2f:b9:d2:93:7b:3f:52:f6:09:f0:02: 411s f2:4d:24:78:1c:bc:08:c1:94:e0:ad:d1:21:de:d2: 411s cb:bc:50:41:67:13:0e:2d:6a:fe:b9:bc:36:5e:01: 411s 3d:7a:ba:94:51:8e:a9:02:59:02:d7:6e:b7:08:7c: 411s 6a:2f:98:a2:d4:89:14:8d:4e:c7:96:1c:b4:0d:19: 411s 4b:f0:7e:4f:bf:f7:3b:78:43 411s Exponent: 65537 (0x10001) 411s X509v3 extensions: 411s X509v3 Authority Key Identifier: 411s FB:9F:83:9D:ED:50:0F:1C:13:34:B1:AF:EA:FB:8C:90:55:0C:6A:29 411s X509v3 Basic Constraints: 411s CA:FALSE 411s Netscape Cert Type: 411s SSL Client, S/MIME 411s Netscape Comment: 411s Test Organization Root CA trusted Certificate 411s X509v3 Subject Key Identifier: 411s EF:1F:C1:5A:4D:2D:82:C1:18:8D:0B:C8:E1:99:71:83:5F:13:59:EF 411s X509v3 Key Usage: critical 411s Digital Signature, Non Repudiation, Key Encipherment 411s X509v3 Extended Key Usage: 411s TLS Web Client Authentication, E-mail Protection 411s X509v3 Subject Alternative Name: 411s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 411s Signature Algorithm: sha256WithRSAEncryption 411s Signature Value: 411s 44:1f:5e:75:b2:9b:e0:1a:56:dd:e6:06:d7:d1:5d:3f:15:7b: 411s 0f:9c:4f:2b:07:19:b5:39:4d:2b:1d:9a:0a:2c:87:dd:c2:6c: 411s d2:c5:c2:e6:93:2a:f9:ea:03:74:f7:e4:38:a3:1c:6b:d7:c8: 411s 50:f8:68:5a:4f:ba:7e:95:17:0f:f5:2f:10:51:71:83:8e:7c: 411s e4:d3:86:7c:6d:c3:6a:d0:a4:3f:20:af:7a:79:c0:7b:51:5a: 411s 7f:92:3a:b8:dd:b7:fa:e2:c8:5e:93:49:a0:3b:95:ae:b4:8f: 411s c0:e8:ae:21:9b:de:0b:72:be:d0:b7:4b:bc:82:0f:a9:6a:b6: 411s 49:d3 411s + expected_md5=Modulus=A8D1F0F5C995DC47EEEB1735F97EC3562645710A39BD963BE459F0E1C721A792CCD8DB76549FF1C0E4D906A49951815A2FB9D2937B3F52F609F002F24D24781CBC08C194E0ADD121DED2CBBC504167130E2D6AFEB9BC365E013D7ABA94518EA9025902D76EB7087C6A2F98A2D489148D4EC7961CB40D194BF07E4FBFF73B7843 411s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-r0YAhf/SSSD-child-18330.pem 411s + found_md5=Modulus=A8D1F0F5C995DC47EEEB1735F97EC3562645710A39BD963BE459F0E1C721A792CCD8DB76549FF1C0E4D906A49951815A2FB9D2937B3F52F609F002F24D24781CBC08C194E0ADD121DED2CBBC504167130E2D6AFEB9BC365E013D7ABA94518EA9025902D76EB7087C6A2F98A2D489148D4EC7961CB40D194BF07E4FBFF73B7843 411s + '[' Modulus=A8D1F0F5C995DC47EEEB1735F97EC3562645710A39BD963BE459F0E1C721A792CCD8DB76549FF1C0E4D906A49951815A2FB9D2937B3F52F609F002F24D24781CBC08C194E0ADD121DED2CBBC504167130E2D6AFEB9BC365E013D7ABA94518EA9025902D76EB7087C6A2F98A2D489148D4EC7961CB40D194BF07E4FBFF73B7843 '!=' Modulus=A8D1F0F5C995DC47EEEB1735F97EC3562645710A39BD963BE459F0E1C721A792CCD8DB76549FF1C0E4D906A49951815A2FB9D2937B3F52F609F002F24D24781CBC08C194E0ADD121DED2CBBC504167130E2D6AFEB9BC365E013D7ABA94518EA9025902D76EB7087C6A2F98A2D489148D4EC7961CB40D194BF07E4FBFF73B7843 ']' 411s + output_file=/tmp/sssd-softhsm2-r0YAhf/SSSD-child-18330-auth.output 411s ++ basename /tmp/sssd-softhsm2-r0YAhf/SSSD-child-18330-auth.output .output 411s + output_cert_file=/tmp/sssd-softhsm2-r0YAhf/SSSD-child-18330-auth.pem 411s + echo -n 053350 411s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-r0YAhf/test-full-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 '' --token_name 'Test Organization Root Tr Token' --module_name /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so 411s [p11_child[2281]] [main] (0x0400): p11_child started. 411s [p11_child[2281]] [main] (0x2000): Running in [auth] mode. 411s [p11_child[2281]] [main] (0x2000): Running with effective IDs: [0][0]. 411s [p11_child[2281]] [main] (0x2000): Running with real IDs [0][0]. 411s [p11_child[2281]] [do_card] (0x4000): Module List: 411s [p11_child[2281]] [do_card] (0x4000): common name: [softhsm2]. 411s [p11_child[2281]] [do_card] (0x4000): dll name: [/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 411s [p11_child[2281]] [do_card] (0x4000): Description [SoftHSM slot ID 0x3d14cd19] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 411s [p11_child[2281]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 411s [p11_child[2281]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x3d14cd19][1024773401] of module [0][/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 411s [p11_child[2281]] [do_card] (0x4000): Login required. 411s [p11_child[2281]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 411s [p11_child[2281]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 411s [p11_child[2281]] [do_card] (0x4000): /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so Test Organization Root Tr Token Test Organization Root Tr Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 411s [p11_child[2281]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x3d14cd19;slot-manufacturer=SoftHSM%20project;slot-id=1024773401;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=99031b19bd14cd19;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 411s [p11_child[2281]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 411s [p11_child[2281]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 411s [p11_child[2281]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 411s [p11_child[2281]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 411s [p11_child[2281]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 411s [p11_child[2281]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 411s [p11_child[2281]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 411s [p11_child[2281]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 411s [p11_child[2281]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 411s [p11_child[2281]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 411s [p11_child[2281]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 411s [p11_child[2281]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 411s [p11_child[2281]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 411s [p11_child[2281]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 411s [p11_child[2281]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 411s [p11_child[2281]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 411s [p11_child[2281]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 411s [p11_child[2281]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 411s [p11_child[2281]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 411s [p11_child[2281]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 411s [p11_child[2281]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 411s [p11_child[2281]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 411s [p11_child[2281]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 411s [p11_child[2281]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 411s [p11_child[2281]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 411s [p11_child[2281]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 411s [p11_child[2281]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 411s [p11_child[2281]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 411s [p11_child[2281]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 411s [p11_child[2281]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 411s [p11_child[2281]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 411s [p11_child[2281]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 411s [p11_child[2281]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 411s [p11_child[2281]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 411s [p11_child[2281]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 411s [p11_child[2281]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 411s [p11_child[2281]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 411s [p11_child[2281]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 411s [p11_child[2281]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 411s [p11_child[2281]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 411s [p11_child[2281]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 411s [p11_child[2281]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 411s [p11_child[2281]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 411s [p11_child[2281]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 411s [p11_child[2281]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 411s [p11_child[2281]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 411s [p11_child[2281]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 411s [p11_child[2281]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 411s [p11_child[2281]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 411s [p11_child[2281]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 411s [p11_child[2281]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 411s [p11_child[2281]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 411s [p11_child[2281]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 411s [p11_child[2281]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 411s [p11_child[2281]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 411s [p11_child[2281]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 411s [p11_child[2281]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 411s [p11_child[2281]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 411s [p11_child[2281]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 411s [p11_child[2281]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 411s [p11_child[2281]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 411s [p11_child[2281]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 411s [p11_child[2281]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 411s [p11_child[2281]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 411s [p11_child[2281]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 411s [p11_child[2281]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 411s [p11_child[2281]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 411s [p11_child[2281]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 411s [p11_child[2281]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 411s [p11_child[2281]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 411s [p11_child[2281]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 411s [p11_child[2281]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 411s [p11_child[2281]] [do_card] (0x4000): Certificate verified and validated. 411s [p11_child[2281]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 411s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-r0YAhf/SSSD-child-18330-auth.output 411s + echo '-----BEGIN CERTIFICATE-----' 411s + tail -n1 /tmp/sssd-softhsm2-r0YAhf/SSSD-child-18330-auth.output 411s + echo '-----END CERTIFICATE-----' 411s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-r0YAhf/SSSD-child-18330-auth.pem 411s Certificate: 411s Data: 411s Version: 3 (0x2) 411s Serial Number: 3 (0x3) 411s Signature Algorithm: sha256WithRSAEncryption 411s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 411s Validity 411s Not Before: Jun 14 15:18:41 2024 GMT 411s Not After : Jun 14 15:18:41 2025 GMT 411s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 411s Subject Public Key Info: 411s Public Key Algorithm: rsaEncryption 411s Public-Key: (1024 bit) 411s Modulus: 411s 00:a8:d1:f0:f5:c9:95:dc:47:ee:eb:17:35:f9:7e: 411s c3:56:26:45:71:0a:39:bd:96:3b:e4:59:f0:e1:c7: 411s 21:a7:92:cc:d8:db:76:54:9f:f1:c0:e4:d9:06:a4: 411s 99:51:81:5a:2f:b9:d2:93:7b:3f:52:f6:09:f0:02: 411s f2:4d:24:78:1c:bc:08:c1:94:e0:ad:d1:21:de:d2: 411s cb:bc:50:41:67:13:0e:2d:6a:fe:b9:bc:36:5e:01: 411s 3d:7a:ba:94:51:8e:a9:02:59:02:d7:6e:b7:08:7c: 411s 6a:2f:98:a2:d4:89:14:8d:4e:c7:96:1c:b4:0d:19: 411s 4b:f0:7e:4f:bf:f7:3b:78:43 411s Exponent: 65537 (0x10001) 411s X509v3 extensions: 411s X509v3 Authority Key Identifier: 411s FB:9F:83:9D:ED:50:0F:1C:13:34:B1:AF:EA:FB:8C:90:55:0C:6A:29 411s X509v3 Basic Constraints: 411s CA:FALSE 411s Netscape Cert Type: 411s SSL Client, S/MIME 411s Netscape Comment: 411s Test Organization Root CA trusted Certificate 411s X509v3 Subject Key Identifier: 411s EF:1F:C1:5A:4D:2D:82:C1:18:8D:0B:C8:E1:99:71:83:5F:13:59:EF 411s X509v3 Key Usage: critical 411s Digital Signature, Non Repudiation, Key Encipherment 411s X509v3 Extended Key Usage: 411s TLS Web Client Authentication, E-mail Protection 411s X509v3 Subject Alternative Name: 411s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 411s Signature Algorithm: sha256WithRSAEncryption 411s Signature Value: 411s 44:1f:5e:75:b2:9b:e0:1a:56:dd:e6:06:d7:d1:5d:3f:15:7b: 411s 0f:9c:4f:2b:07:19:b5:39:4d:2b:1d:9a:0a:2c:87:dd:c2:6c: 411s d2:c5:c2:e6:93:2a:f9:ea:03:74:f7:e4:38:a3:1c:6b:d7:c8: 411s 50:f8:68:5a:4f:ba:7e:95:17:0f:f5:2f:10:51:71:83:8e:7c: 411s e4:d3:86:7c:6d:c3:6a:d0:a4:3f:20:af:7a:79:c0:7b:51:5a: 411s 7f:92:3a:b8:dd:b7:fa:e2:c8:5e:93:49:a0:3b:95:ae:b4:8f: 411s c0:e8:ae:21:9b:de:0b:72:be:d0:b7:4b:bc:82:0f:a9:6a:b6: 411s 49:d3 411s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-r0YAhf/SSSD-child-18330-auth.pem 411s + found_md5=Modulus=A8D1F0F5C995DC47EEEB1735F97EC3562645710A39BD963BE459F0E1C721A792CCD8DB76549FF1C0E4D906A49951815A2FB9D2937B3F52F609F002F24D24781CBC08C194E0ADD121DED2CBBC504167130E2D6AFEB9BC365E013D7ABA94518EA9025902D76EB7087C6A2F98A2D489148D4EC7961CB40D194BF07E4FBFF73B7843 411s + '[' Modulus=A8D1F0F5C995DC47EEEB1735F97EC3562645710A39BD963BE459F0E1C721A792CCD8DB76549FF1C0E4D906A49951815A2FB9D2937B3F52F609F002F24D24781CBC08C194E0ADD121DED2CBBC504167130E2D6AFEB9BC365E013D7ABA94518EA9025902D76EB7087C6A2F98A2D489148D4EC7961CB40D194BF07E4FBFF73B7843 '!=' Modulus=A8D1F0F5C995DC47EEEB1735F97EC3562645710A39BD963BE459F0E1C721A792CCD8DB76549FF1C0E4D906A49951815A2FB9D2937B3F52F609F002F24D24781CBC08C194E0ADD121DED2CBBC504167130E2D6AFEB9BC365E013D7ABA94518EA9025902D76EB7087C6A2F98A2D489148D4EC7961CB40D194BF07E4FBFF73B7843 ']' 411s + valid_certificate /tmp/sssd-softhsm2-r0YAhf/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-6982 /tmp/sssd-softhsm2-r0YAhf/test-full-chain-CA.pem partial_chain 411s + check_certificate /tmp/sssd-softhsm2-r0YAhf/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-6982 /tmp/sssd-softhsm2-r0YAhf/test-full-chain-CA.pem partial_chain 411s + local certificate=/tmp/sssd-softhsm2-r0YAhf/test-root-CA-trusted-certificate-0001.pem 411s + local key_pass=pass:random-root-ca-trusted-cert-0001-6982 411s + local key_ring=/tmp/sssd-softhsm2-r0YAhf/test-full-chain-CA.pem 411s + local verify_option=partial_chain 411s + prepare_softhsm2_card /tmp/sssd-softhsm2-r0YAhf/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-6982 411s + local certificate=/tmp/sssd-softhsm2-r0YAhf/test-root-CA-trusted-certificate-0001.pem 411s + local key_pass=pass:random-root-ca-trusted-cert-0001-6982 411s + local key_cn 411s + local key_name 411s + local tokens_dir 411s + local output_cert_file 411s + token_name= 411s ++ basename /tmp/sssd-softhsm2-r0YAhf/test-root-CA-trusted-certificate-0001.pem .pem 411s + key_name=test-root-CA-trusted-certificate-0001 411s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-r0YAhf/test-root-CA-trusted-certificate-0001.pem 411s ++ sed -n 's/ *commonName *= //p' 411s + key_cn='Test Organization Root Trusted Certificate 0001' 411s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 411s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-r0YAhf/softhsm2-test-root-CA-trusted-certificate-0001.conf 411s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-r0YAhf/softhsm2-test-root-CA-trusted-certificate-0001.conf 411s ++ basename /tmp/sssd-softhsm2-r0YAhf/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 411s + tokens_dir=/tmp/sssd-softhsm2-r0YAhf/softhsm2-test-root-CA-trusted-certificate-0001 411s + token_name='Test Organization Root Tr Token' 411s + '[' '!' -e /tmp/sssd-softhsm2-r0YAhf/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 411s + '[' '!' -d /tmp/sssd-softhsm2-r0YAhf/softhsm2-test-root-CA-trusted-certificate-0001 ']' 411s + echo 'Test Organization Root Tr Token' 411s + '[' -n partial_chain ']' 411s + local verify_arg=--verify=partial_chain 411s + local output_base_name=SSSD-child-14646 411s + local output_file=/tmp/sssd-softhsm2-r0YAhf/SSSD-child-14646.output 411s + output_cert_file=/tmp/sssd-softhsm2-r0YAhf/SSSD-child-14646.pem 411s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-r0YAhf/test-full-chain-CA.pem 411s Test Organization Root Tr Token 411s [p11_child[2291]] [main] (0x0400): p11_child started. 411s [p11_child[2291]] [main] (0x2000): Running in [pre-auth] mode. 411s [p11_child[2291]] [main] (0x2000): Running with effective IDs: [0][0]. 411s [p11_child[2291]] [main] (0x2000): Running with real IDs [0][0]. 411s [p11_child[2291]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 411s [p11_child[2291]] [do_card] (0x4000): Module List: 411s [p11_child[2291]] [do_card] (0x4000): common name: [softhsm2]. 411s [p11_child[2291]] [do_card] (0x4000): dll name: [/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 411s [p11_child[2291]] [do_card] (0x4000): Description [SoftHSM slot ID 0x3d14cd19] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 411s [p11_child[2291]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 411s [p11_child[2291]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x3d14cd19][1024773401] of module [0][/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 411s [p11_child[2291]] [do_card] (0x4000): Login NOT required. 411s [p11_child[2291]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 411s [p11_child[2291]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 411s [p11_child[2291]] [do_card] (0x4000): /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Root Tr Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 411s [p11_child[2291]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x3d14cd19;slot-manufacturer=SoftHSM%20project;slot-id=1024773401;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=99031b19bd14cd19;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 411s [p11_child[2291]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 411s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-r0YAhf/SSSD-child-14646.output 411s + echo '-----BEGIN CERTIFICATE-----' 411s + tail -n1 /tmp/sssd-softhsm2-r0YAhf/SSSD-child-14646.output 411s + echo '-----END CERTIFICATE-----' 411s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-r0YAhf/SSSD-child-14646.pem 411s + local found_md5 expected_md5 411s Certificate: 411s Data: 411s Version: 3 (0x2) 411s Serial Number: 3 (0x3) 411s Signature Algorithm: sha256WithRSAEncryption 411s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 411s Validity 411s Not Before: Jun 14 15:18:41 2024 GMT 411s Not After : Jun 14 15:18:41 2025 GMT 411s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 411s Subject Public Key Info: 411s Public Key Algorithm: rsaEncryption 411s Public-Key: (1024 bit) 411s Modulus: 411s 00:a8:d1:f0:f5:c9:95:dc:47:ee:eb:17:35:f9:7e: 411s c3:56:26:45:71:0a:39:bd:96:3b:e4:59:f0:e1:c7: 411s 21:a7:92:cc:d8:db:76:54:9f:f1:c0:e4:d9:06:a4: 411s 99:51:81:5a:2f:b9:d2:93:7b:3f:52:f6:09:f0:02: 411s f2:4d:24:78:1c:bc:08:c1:94:e0:ad:d1:21:de:d2: 411s cb:bc:50:41:67:13:0e:2d:6a:fe:b9:bc:36:5e:01: 411s 3d:7a:ba:94:51:8e:a9:02:59:02:d7:6e:b7:08:7c: 411s 6a:2f:98:a2:d4:89:14:8d:4e:c7:96:1c:b4:0d:19: 411s 4b:f0:7e:4f:bf:f7:3b:78:43 411s Exponent: 65537 (0x10001) 411s X509v3 extensions: 411s X509v3 Authority Key Identifier: 411s FB:9F:83:9D:ED:50:0F:1C:13:34:B1:AF:EA:FB:8C:90:55:0C:6A:29 411s X509v3 Basic Constraints: 411s CA:FALSE 411s Netscape Cert Type: 411s SSL Client, S/MIME 411s Netscape Comment: 411s Test Organization Root CA trusted Certificate 411s X509v3 Subject Key Identifier: 411s EF:1F:C1:5A:4D:2D:82:C1:18:8D:0B:C8:E1:99:71:83:5F:13:59:EF 411s X509v3 Key Usage: critical 411s Digital Signature, Non Repudiation, Key Encipherment 411s X509v3 Extended Key Usage: 411s TLS Web Client Authentication, E-mail Protection 411s X509v3 Subject Alternative Name: 411s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 411s Signature Algorithm: sha256WithRSAEncryption 411s Signature Value: 411s 44:1f:5e:75:b2:9b:e0:1a:56:dd:e6:06:d7:d1:5d:3f:15:7b: 411s 0f:9c:4f:2b:07:19:b5:39:4d:2b:1d:9a:0a:2c:87:dd:c2:6c: 411s d2:c5:c2:e6:93:2a:f9:ea:03:74:f7:e4:38:a3:1c:6b:d7:c8: 411s 50:f8:68:5a:4f:ba:7e:95:17:0f:f5:2f:10:51:71:83:8e:7c: 411s e4:d3:86:7c:6d:c3:6a:d0:a4:3f:20:af:7a:79:c0:7b:51:5a: 411s 7f:92:3a:b8:dd:b7:fa:e2:c8:5e:93:49:a0:3b:95:ae:b4:8f: 411s c0:e8:ae:21:9b:de:0b:72:be:d0:b7:4b:bc:82:0f:a9:6a:b6: 411s 49:d3 411s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-r0YAhf/test-root-CA-trusted-certificate-0001.pem 411s + expected_md5=Modulus=A8D1F0F5C995DC47EEEB1735F97EC3562645710A39BD963BE459F0E1C721A792CCD8DB76549FF1C0E4D906A49951815A2FB9D2937B3F52F609F002F24D24781CBC08C194E0ADD121DED2CBBC504167130E2D6AFEB9BC365E013D7ABA94518EA9025902D76EB7087C6A2F98A2D489148D4EC7961CB40D194BF07E4FBFF73B7843 411s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-r0YAhf/SSSD-child-14646.pem 411s + found_md5=Modulus=A8D1F0F5C995DC47EEEB1735F97EC3562645710A39BD963BE459F0E1C721A792CCD8DB76549FF1C0E4D906A49951815A2FB9D2937B3F52F609F002F24D24781CBC08C194E0ADD121DED2CBBC504167130E2D6AFEB9BC365E013D7ABA94518EA9025902D76EB7087C6A2F98A2D489148D4EC7961CB40D194BF07E4FBFF73B7843 411s + '[' Modulus=A8D1F0F5C995DC47EEEB1735F97EC3562645710A39BD963BE459F0E1C721A792CCD8DB76549FF1C0E4D906A49951815A2FB9D2937B3F52F609F002F24D24781CBC08C194E0ADD121DED2CBBC504167130E2D6AFEB9BC365E013D7ABA94518EA9025902D76EB7087C6A2F98A2D489148D4EC7961CB40D194BF07E4FBFF73B7843 '!=' Modulus=A8D1F0F5C995DC47EEEB1735F97EC3562645710A39BD963BE459F0E1C721A792CCD8DB76549FF1C0E4D906A49951815A2FB9D2937B3F52F609F002F24D24781CBC08C194E0ADD121DED2CBBC504167130E2D6AFEB9BC365E013D7ABA94518EA9025902D76EB7087C6A2F98A2D489148D4EC7961CB40D194BF07E4FBFF73B7843 ']' 411s + output_file=/tmp/sssd-softhsm2-r0YAhf/SSSD-child-14646-auth.output 411s ++ basename /tmp/sssd-softhsm2-r0YAhf/SSSD-child-14646-auth.output .output 411s + output_cert_file=/tmp/sssd-softhsm2-r0YAhf/SSSD-child-14646-auth.pem 411s + echo -n 053350 411s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-r0YAhf/test-full-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Root Tr Token' --module_name /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so 411s [p11_child[2299]] [main] (0x0400): p11_child started. 411s [p11_child[2299]] [main] (0x2000): Running in [auth] mode. 411s [p11_child[2299]] [main] (0x2000): Running with effective IDs: [0][0]. 411s [p11_child[2299]] [main] (0x2000): Running with real IDs [0][0]. 411s [p11_child[2299]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 411s [p11_child[2299]] [do_card] (0x4000): Module List: 411s [p11_child[2299]] [do_card] (0x4000): common name: [softhsm2]. 411s [p11_child[2299]] [do_card] (0x4000): dll name: [/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 411s [p11_child[2299]] [do_card] (0x4000): Description [SoftHSM slot ID 0x3d14cd19] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 411s [p11_child[2299]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 411s [p11_child[2299]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x3d14cd19][1024773401] of module [0][/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 411s [p11_child[2299]] [do_card] (0x4000): Login required. 411s [p11_child[2299]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 411s [p11_child[2299]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 411s [p11_child[2299]] [do_card] (0x4000): /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so Test Organization Root Tr Token Test Organization Root Tr Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 411s [p11_child[2299]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x3d14cd19;slot-manufacturer=SoftHSM%20project;slot-id=1024773401;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=99031b19bd14cd19;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 411s [p11_child[2299]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 411s [p11_child[2299]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 411s [p11_child[2299]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 411s [p11_child[2299]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 411s [p11_child[2299]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 411s [p11_child[2299]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 411s [p11_child[2299]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 411s [p11_child[2299]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 411s [p11_child[2299]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 411s [p11_child[2299]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 411s [p11_child[2299]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 411s [p11_child[2299]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 411s [p11_child[2299]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 411s [p11_child[2299]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 411s [p11_child[2299]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 411s [p11_child[2299]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 411s [p11_child[2299]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 411s [p11_child[2299]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 411s [p11_child[2299]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 411s [p11_child[2299]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 411s [p11_child[2299]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 411s [p11_child[2299]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 411s [p11_child[2299]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 411s [p11_child[2299]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 411s [p11_child[2299]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 411s [p11_child[2299]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 411s [p11_child[2299]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 411s [p11_child[2299]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 411s [p11_child[2299]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 411s [p11_child[2299]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 411s [p11_child[2299]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 411s [p11_child[2299]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 411s [p11_child[2299]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 411s [p11_child[2299]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 411s [p11_child[2299]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 411s [p11_child[2299]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 411s [p11_child[2299]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 411s [p11_child[2299]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 411s [p11_child[2299]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 411s [p11_child[2299]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 411s [p11_child[2299]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 411s [p11_child[2299]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 411s [p11_child[2299]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 411s [p11_child[2299]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 411s [p11_child[2299]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 411s [p11_child[2299]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 411s [p11_child[2299]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 411s [p11_child[2299]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 411s [p11_child[2299]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 411s [p11_child[2299]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 411s [p11_child[2299]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 411s [p11_child[2299]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 411s [p11_child[2299]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 411s [p11_child[2299]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 411s [p11_child[2299]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 411s [p11_child[2299]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 411s [p11_child[2299]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 411s [p11_child[2299]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 411s [p11_child[2299]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 411s [p11_child[2299]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 411s [p11_child[2299]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 411s [p11_child[2299]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 411s [p11_child[2299]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 411s [p11_child[2299]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 411s [p11_child[2299]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 411s [p11_child[2299]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 411s [p11_child[2299]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 411s [p11_child[2299]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 411s [p11_child[2299]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 411s [p11_child[2299]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 411s [p11_child[2299]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 411s [p11_child[2299]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 411s [p11_child[2299]] [do_card] (0x4000): Certificate verified and validated. 411s [p11_child[2299]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 411s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-r0YAhf/SSSD-child-14646-auth.output 411s + echo '-----BEGIN CERTIFICATE-----' 411s + tail -n1 /tmp/sssd-softhsm2-r0YAhf/SSSD-child-14646-auth.output 411s + echo '-----END CERTIFICATE-----' 411s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-r0YAhf/SSSD-child-14646-auth.pem 411s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-r0YAhf/SSSD-child-14646-auth.pem 411s Certificate: 411s Data: 411s Version: 3 (0x2) 411s Serial Number: 3 (0x3) 411s Signature Algorithm: sha256WithRSAEncryption 411s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 411s Validity 411s Not Before: Jun 14 15:18:41 2024 GMT 411s Not After : Jun 14 15:18:41 2025 GMT 411s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 411s Subject Public Key Info: 411s Public Key Algorithm: rsaEncryption 411s Public-Key: (1024 bit) 411s Modulus: 411s 00:a8:d1:f0:f5:c9:95:dc:47:ee:eb:17:35:f9:7e: 411s c3:56:26:45:71:0a:39:bd:96:3b:e4:59:f0:e1:c7: 411s 21:a7:92:cc:d8:db:76:54:9f:f1:c0:e4:d9:06:a4: 411s 99:51:81:5a:2f:b9:d2:93:7b:3f:52:f6:09:f0:02: 411s f2:4d:24:78:1c:bc:08:c1:94:e0:ad:d1:21:de:d2: 411s cb:bc:50:41:67:13:0e:2d:6a:fe:b9:bc:36:5e:01: 411s 3d:7a:ba:94:51:8e:a9:02:59:02:d7:6e:b7:08:7c: 411s 6a:2f:98:a2:d4:89:14:8d:4e:c7:96:1c:b4:0d:19: 411s 4b:f0:7e:4f:bf:f7:3b:78:43 411s Exponent: 65537 (0x10001) 411s X509v3 extensions: 411s X509v3 Authority Key Identifier: 411s FB:9F:83:9D:ED:50:0F:1C:13:34:B1:AF:EA:FB:8C:90:55:0C:6A:29 411s X509v3 Basic Constraints: 411s CA:FALSE 411s Netscape Cert Type: 411s SSL Client, S/MIME 411s Netscape Comment: 411s Test Organization Root CA trusted Certificate 411s X509v3 Subject Key Identifier: 411s EF:1F:C1:5A:4D:2D:82:C1:18:8D:0B:C8:E1:99:71:83:5F:13:59:EF 411s X509v3 Key Usage: critical 411s Digital Signature, Non Repudiation, Key Encipherment 411s X509v3 Extended Key Usage: 411s TLS Web Client Authentication, E-mail Protection 411s X509v3 Subject Alternative Name: 411s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 411s Signature Algorithm: sha256WithRSAEncryption 411s Signature Value: 411s 44:1f:5e:75:b2:9b:e0:1a:56:dd:e6:06:d7:d1:5d:3f:15:7b: 411s 0f:9c:4f:2b:07:19:b5:39:4d:2b:1d:9a:0a:2c:87:dd:c2:6c: 411s d2:c5:c2:e6:93:2a:f9:ea:03:74:f7:e4:38:a3:1c:6b:d7:c8: 411s 50:f8:68:5a:4f:ba:7e:95:17:0f:f5:2f:10:51:71:83:8e:7c: 411s e4:d3:86:7c:6d:c3:6a:d0:a4:3f:20:af:7a:79:c0:7b:51:5a: 411s 7f:92:3a:b8:dd:b7:fa:e2:c8:5e:93:49:a0:3b:95:ae:b4:8f: 411s c0:e8:ae:21:9b:de:0b:72:be:d0:b7:4b:bc:82:0f:a9:6a:b6: 411s 49:d3 411s + found_md5=Modulus=A8D1F0F5C995DC47EEEB1735F97EC3562645710A39BD963BE459F0E1C721A792CCD8DB76549FF1C0E4D906A49951815A2FB9D2937B3F52F609F002F24D24781CBC08C194E0ADD121DED2CBBC504167130E2D6AFEB9BC365E013D7ABA94518EA9025902D76EB7087C6A2F98A2D489148D4EC7961CB40D194BF07E4FBFF73B7843 411s + '[' Modulus=A8D1F0F5C995DC47EEEB1735F97EC3562645710A39BD963BE459F0E1C721A792CCD8DB76549FF1C0E4D906A49951815A2FB9D2937B3F52F609F002F24D24781CBC08C194E0ADD121DED2CBBC504167130E2D6AFEB9BC365E013D7ABA94518EA9025902D76EB7087C6A2F98A2D489148D4EC7961CB40D194BF07E4FBFF73B7843 '!=' Modulus=A8D1F0F5C995DC47EEEB1735F97EC3562645710A39BD963BE459F0E1C721A792CCD8DB76549FF1C0E4D906A49951815A2FB9D2937B3F52F609F002F24D24781CBC08C194E0ADD121DED2CBBC504167130E2D6AFEB9BC365E013D7ABA94518EA9025902D76EB7087C6A2F98A2D489148D4EC7961CB40D194BF07E4FBFF73B7843 ']' 411s + invalid_certificate /tmp/sssd-softhsm2-r0YAhf/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-6982 /tmp/sssd-softhsm2-r0YAhf/test-intermediate-CA.pem 411s + check_certificate /tmp/sssd-softhsm2-r0YAhf/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-6982 /tmp/sssd-softhsm2-r0YAhf/test-intermediate-CA.pem 411s + local certificate=/tmp/sssd-softhsm2-r0YAhf/test-root-CA-trusted-certificate-0001.pem 411s + local key_pass=pass:random-root-ca-trusted-cert-0001-6982 411s + local key_ring=/tmp/sssd-softhsm2-r0YAhf/test-intermediate-CA.pem 411s + local verify_option= 411s + prepare_softhsm2_card /tmp/sssd-softhsm2-r0YAhf/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-6982 411s + local certificate=/tmp/sssd-softhsm2-r0YAhf/test-root-CA-trusted-certificate-0001.pem 411s + local key_pass=pass:random-root-ca-trusted-cert-0001-6982 411s + local key_cn 411s + local key_name 411s + local tokens_dir 411s + local output_cert_file 411s + token_name= 411s ++ basename /tmp/sssd-softhsm2-r0YAhf/test-root-CA-trusted-certificate-0001.pem .pem 411s + key_name=test-root-CA-trusted-certificate-0001 411s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-r0YAhf/test-root-CA-trusted-certificate-0001.pem 411s ++ sed -n 's/ *commonName *= //p' 411s Test Organization Root Tr Token 411s + key_cn='Test Organization Root Trusted Certificate 0001' 411s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 411s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-r0YAhf/softhsm2-test-root-CA-trusted-certificate-0001.conf 411s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-r0YAhf/softhsm2-test-root-CA-trusted-certificate-0001.conf 411s ++ basename /tmp/sssd-softhsm2-r0YAhf/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 411s + tokens_dir=/tmp/sssd-softhsm2-r0YAhf/softhsm2-test-root-CA-trusted-certificate-0001 411s + token_name='Test Organization Root Tr Token' 411s + '[' '!' -e /tmp/sssd-softhsm2-r0YAhf/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 411s + '[' '!' -d /tmp/sssd-softhsm2-r0YAhf/softhsm2-test-root-CA-trusted-certificate-0001 ']' 411s + echo 'Test Organization Root Tr Token' 411s + '[' -n '' ']' 411s + local output_base_name=SSSD-child-24835 411s + local output_file=/tmp/sssd-softhsm2-r0YAhf/SSSD-child-24835.output 411s + output_cert_file=/tmp/sssd-softhsm2-r0YAhf/SSSD-child-24835.pem 411s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-r0YAhf/test-intermediate-CA.pem 411s [p11_child[2309]] [main] (0x0400): p11_child started. 411s [p11_child[2309]] [main] (0x2000): Running in [pre-auth] mode. 411s [p11_child[2309]] [main] (0x2000): Running with effective IDs: [0][0]. 411s [p11_child[2309]] [main] (0x2000): Running with real IDs [0][0]. 411s [p11_child[2309]] [do_card] (0x4000): Module List: 411s [p11_child[2309]] [do_card] (0x4000): common name: [softhsm2]. 411s [p11_child[2309]] [do_card] (0x4000): dll name: [/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 411s [p11_child[2309]] [do_card] (0x4000): Description [SoftHSM slot ID 0x3d14cd19] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 411s [p11_child[2309]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 411s [p11_child[2309]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x3d14cd19][1024773401] of module [0][/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 411s [p11_child[2309]] [do_card] (0x4000): Login NOT required. 411s [p11_child[2309]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 411s [p11_child[2309]] [do_verification] (0x0040): X509_verify_cert failed [0]. 411s [p11_child[2309]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 411s [p11_child[2309]] [read_certs] (0x0040): Certificate [Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] not valid, skipping. 411s [p11_child[2309]] [do_card] (0x4000): No certificate found. 411s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-r0YAhf/SSSD-child-24835.output 411s + return 2 411s + invalid_certificate /tmp/sssd-softhsm2-r0YAhf/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-6982 /tmp/sssd-softhsm2-r0YAhf/test-intermediate-CA.pem partial_chain 411s + check_certificate /tmp/sssd-softhsm2-r0YAhf/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-6982 /tmp/sssd-softhsm2-r0YAhf/test-intermediate-CA.pem partial_chain 411s + local certificate=/tmp/sssd-softhsm2-r0YAhf/test-root-CA-trusted-certificate-0001.pem 411s + local key_pass=pass:random-root-ca-trusted-cert-0001-6982 411s + local key_ring=/tmp/sssd-softhsm2-r0YAhf/test-intermediate-CA.pem 411s + local verify_option=partial_chain 411s + prepare_softhsm2_card /tmp/sssd-softhsm2-r0YAhf/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-6982 411s + local certificate=/tmp/sssd-softhsm2-r0YAhf/test-root-CA-trusted-certificate-0001.pem 411s + local key_pass=pass:random-root-ca-trusted-cert-0001-6982 411s + local key_cn 411s + local key_name 411s + local tokens_dir 411s + local output_cert_file 411s + token_name= 411s ++ basename /tmp/sssd-softhsm2-r0YAhf/test-root-CA-trusted-certificate-0001.pem .pem 411s + key_name=test-root-CA-trusted-certificate-0001 411s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-r0YAhf/test-root-CA-trusted-certificate-0001.pem 411s ++ sed -n 's/ *commonName *= //p' 411s + key_cn='Test Organization Root Trusted Certificate 0001' 411s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 411s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-r0YAhf/softhsm2-test-root-CA-trusted-certificate-0001.conf 411s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-r0YAhf/softhsm2-test-root-CA-trusted-certificate-0001.conf 411s Test Organization Root Tr Token 411s ++ basename /tmp/sssd-softhsm2-r0YAhf/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 411s + tokens_dir=/tmp/sssd-softhsm2-r0YAhf/softhsm2-test-root-CA-trusted-certificate-0001 411s + token_name='Test Organization Root Tr Token' 411s + '[' '!' -e /tmp/sssd-softhsm2-r0YAhf/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 411s + '[' '!' -d /tmp/sssd-softhsm2-r0YAhf/softhsm2-test-root-CA-trusted-certificate-0001 ']' 411s + echo 'Test Organization Root Tr Token' 411s + '[' -n partial_chain ']' 411s + local verify_arg=--verify=partial_chain 411s + local output_base_name=SSSD-child-5337 411s + local output_file=/tmp/sssd-softhsm2-r0YAhf/SSSD-child-5337.output 411s + output_cert_file=/tmp/sssd-softhsm2-r0YAhf/SSSD-child-5337.pem 411s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-r0YAhf/test-intermediate-CA.pem 412s [p11_child[2316]] [main] (0x0400): p11_child started. 412s [p11_child[2316]] [main] (0x2000): Running in [pre-auth] mode. 412s [p11_child[2316]] [main] (0x2000): Running with effective IDs: [0][0]. 412s [p11_child[2316]] [main] (0x2000): Running with real IDs [0][0]. 412s [p11_child[2316]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 412s [p11_child[2316]] [do_card] (0x4000): Module List: 412s [p11_child[2316]] [do_card] (0x4000): common name: [softhsm2]. 412s [p11_child[2316]] [do_card] (0x4000): dll name: [/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 412s [p11_child[2316]] [do_card] (0x4000): Description [SoftHSM slot ID 0x3d14cd19] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 412s [p11_child[2316]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 412s [p11_child[2316]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x3d14cd19][1024773401] of module [0][/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 412s [p11_child[2316]] [do_card] (0x4000): Login NOT required. 412s [p11_child[2316]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 412s [p11_child[2316]] [do_verification] (0x0040): X509_verify_cert failed [0]. 412s [p11_child[2316]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 412s [p11_child[2316]] [read_certs] (0x0040): Certificate [Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] not valid, skipping. 412s [p11_child[2316]] [do_card] (0x4000): No certificate found. 412s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-r0YAhf/SSSD-child-5337.output 412s + return 2 412s + invalid_certificate /tmp/sssd-softhsm2-r0YAhf/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-811 /dev/null 412s + check_certificate /tmp/sssd-softhsm2-r0YAhf/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-811 /dev/null 412s + local certificate=/tmp/sssd-softhsm2-r0YAhf/test-intermediate-CA-trusted-certificate-0001.pem 412s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-811 412s + local key_ring=/dev/null 412s + local verify_option= 412s + prepare_softhsm2_card /tmp/sssd-softhsm2-r0YAhf/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-811 412s + local certificate=/tmp/sssd-softhsm2-r0YAhf/test-intermediate-CA-trusted-certificate-0001.pem 412s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-811 412s + local key_cn 412s + local key_name 412s + local tokens_dir 412s + local output_cert_file 412s + token_name= 412s ++ basename /tmp/sssd-softhsm2-r0YAhf/test-intermediate-CA-trusted-certificate-0001.pem .pem 412s + key_name=test-intermediate-CA-trusted-certificate-0001 412s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-r0YAhf/test-intermediate-CA-trusted-certificate-0001.pem 412s ++ sed -n 's/ *commonName *= //p' 412s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 412s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 412s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-r0YAhf/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 412s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-r0YAhf/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 412s ++ basename /tmp/sssd-softhsm2-r0YAhf/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 412s + tokens_dir=/tmp/sssd-softhsm2-r0YAhf/softhsm2-test-intermediate-CA-trusted-certificate-0001 412s + token_name='Test Organization Interme Token' 412s + '[' '!' -e /tmp/sssd-softhsm2-r0YAhf/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 412s + local key_file 412s + local decrypted_key 412s + mkdir -p /tmp/sssd-softhsm2-r0YAhf/softhsm2-test-intermediate-CA-trusted-certificate-0001 412s + key_file=/tmp/sssd-softhsm2-r0YAhf/test-intermediate-CA-trusted-certificate-0001-key.pem 412s + decrypted_key=/tmp/sssd-softhsm2-r0YAhf/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 412s + cat 412s + softhsm2-util --init-token --label 'Test Organization Interme Token' --pin 053350 --so-pin 053350 --free 412s Slot 0 has a free/uninitialized token. 412s The token has been initialized and is reassigned to slot 847006458 412s + softhsm2-util --show-slots 412s Available slots: 412s Slot 847006458 412s Slot info: 412s Description: SoftHSM slot ID 0x327c4afa 412s Manufacturer ID: SoftHSM project 412s Hardware version: 2.6 412s Firmware version: 2.6 412s Token present: yes 412s Token info: 412s Manufacturer ID: SoftHSM project 412s Model: SoftHSM v2 412s Hardware version: 2.6 412s Firmware version: 2.6 412s Serial number: 009fea51b27c4afa 412s Initialized: yes 412s User PIN init.: yes 412s Label: Test Organization Interme Token 412s Slot 1 412s Slot info: 412s Description: SoftHSM slot ID 0x1 412s Manufacturer ID: SoftHSM project 412s Hardware version: 2.6 412s Firmware version: 2.6 412s Token present: yes 412s Token info: 412s Manufacturer ID: SoftHSM project 412s Model: SoftHSM v2 412s Hardware version: 2.6 412s Firmware version: 2.6 412s Serial number: 412s Initialized: no 412s User PIN init.: no 412s Label: 412s + p11tool --provider=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=/tmp/sssd-softhsm2-r0YAhf/test-intermediate-CA-trusted-certificate-0001.pem --login --set-pin=053350 --label 'Test Organization Intermediate Trusted Certificate 0001' --id 00112233445566778899FFAABBCCDDEEFF012345 412s + openssl rsa -passin pass:random-intermediate-ca-trusted-cert-0001-811 -in /tmp/sssd-softhsm2-r0YAhf/test-intermediate-CA-trusted-certificate-0001-key.pem -out /tmp/sssd-softhsm2-r0YAhf/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 412s writing RSA key 412s + p11tool --provider=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so --write --load-privkey=/tmp/sssd-softhsm2-r0YAhf/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem --login --set-pin=053350 --label 'Test Organization Intermediate Trusted Certificate 0001 Key' --id 00112233445566778899FFAABBCCDDEEFF012345 412s + rm /tmp/sssd-softhsm2-r0YAhf/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 412s + p11tool --provider=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so --list-all 412s Object 0: 412s URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=009fea51b27c4afa;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert 412s Type: X.509 Certificate (RSA-1024) 412s Expires: Sat Jun 14 15:18:41 2025 412s Label: Test Organization Intermediate Trusted Certificate 0001 412s ID: 00:11:22:33:44:55:66:77:88:99:ff:aa:bb:cc:dd:ee:ff:01:23:45 412s 412s + echo 'Test Organization Interme Token' 412s Test Organization Interme Token 412s + '[' -n '' ']' 412s + local output_base_name=SSSD-child-18571 412s + local output_file=/tmp/sssd-softhsm2-r0YAhf/SSSD-child-18571.output 412s + output_cert_file=/tmp/sssd-softhsm2-r0YAhf/SSSD-child-18571.pem 412s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/dev/null 412s [p11_child[2332]] [main] (0x0400): p11_child started. 412s [p11_child[2332]] [main] (0x2000): Running in [pre-auth] mode. 412s [p11_child[2332]] [main] (0x2000): Running with effective IDs: [0][0]. 412s [p11_child[2332]] [main] (0x2000): Running with real IDs [0][0]. 412s [p11_child[2332]] [init_verification] (0x0040): X509_LOOKUP_load_file [/dev/null] failed [92274824][error:05800088:x509 certificate routines::no certificate or crl found]. 412s [p11_child[2332]] [do_work] (0x0040): init_verification failed. 412s [p11_child[2332]] [main] (0x0020): p11_child failed (5) 412s + return 2 412s + valid_certificate /tmp/sssd-softhsm2-r0YAhf/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-811 /dev/null no_verification 412s + check_certificate /tmp/sssd-softhsm2-r0YAhf/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-811 /dev/null no_verification 412s + local certificate=/tmp/sssd-softhsm2-r0YAhf/test-intermediate-CA-trusted-certificate-0001.pem 412s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-811 412s + local key_ring=/dev/null 412s + local verify_option=no_verification 412s + prepare_softhsm2_card /tmp/sssd-softhsm2-r0YAhf/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-811 412s + local certificate=/tmp/sssd-softhsm2-r0YAhf/test-intermediate-CA-trusted-certificate-0001.pem 412s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-811 412s + local key_cn 412s + local key_name 412s + local tokens_dir 412s + local output_cert_file 412s + token_name= 412s ++ basename /tmp/sssd-softhsm2-r0YAhf/test-intermediate-CA-trusted-certificate-0001.pem .pem 412s + key_name=test-intermediate-CA-trusted-certificate-0001 412s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-r0YAhf/test-intermediate-CA-trusted-certificate-0001.pem 412s ++ sed -n 's/ *commonName *= //p' 412s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 412s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 412s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-r0YAhf/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 412s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-r0YAhf/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 412s ++ basename /tmp/sssd-softhsm2-r0YAhf/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 412s Test Organization Interme Token 412s + tokens_dir=/tmp/sssd-softhsm2-r0YAhf/softhsm2-test-intermediate-CA-trusted-certificate-0001 412s + token_name='Test Organization Interme Token' 412s + '[' '!' -e /tmp/sssd-softhsm2-r0YAhf/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 412s + '[' '!' -d /tmp/sssd-softhsm2-r0YAhf/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 412s + echo 'Test Organization Interme Token' 412s + '[' -n no_verification ']' 412s + local verify_arg=--verify=no_verification 412s + local output_base_name=SSSD-child-13676 412s + local output_file=/tmp/sssd-softhsm2-r0YAhf/SSSD-child-13676.output 412s + output_cert_file=/tmp/sssd-softhsm2-r0YAhf/SSSD-child-13676.pem 412s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so --verify=no_verification --ca_db=/dev/null 412s [p11_child[2338]] [main] (0x0400): p11_child started. 412s [p11_child[2338]] [main] (0x2000): Running in [pre-auth] mode. 412s [p11_child[2338]] [main] (0x2000): Running with effective IDs: [0][0]. 412s [p11_child[2338]] [main] (0x2000): Running with real IDs [0][0]. 412s [p11_child[2338]] [parse_cert_verify_opts] (0x0020): Found 'no_verification' option, disabling verification completely. This should not be used in production. 412s [p11_child[2338]] [do_card] (0x4000): Module List: 412s [p11_child[2338]] [do_card] (0x4000): common name: [softhsm2]. 412s [p11_child[2338]] [do_card] (0x4000): dll name: [/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 412s [p11_child[2338]] [do_card] (0x4000): Description [SoftHSM slot ID 0x327c4afa] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 412s [p11_child[2338]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 412s [p11_child[2338]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x327c4afa][847006458] of module [0][/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 412s [p11_child[2338]] [do_card] (0x4000): Login NOT required. 412s [p11_child[2338]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 412s [p11_child[2338]] [do_card] (0x4000): /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Interme Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 412s [p11_child[2338]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x327c4afa;slot-manufacturer=SoftHSM%20project;slot-id=847006458;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=009fea51b27c4afa;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 412s [p11_child[2338]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 412s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-r0YAhf/SSSD-child-13676.output 412s + echo '-----BEGIN CERTIFICATE-----' 412s + tail -n1 /tmp/sssd-softhsm2-r0YAhf/SSSD-child-13676.output 412s + echo '-----END CERTIFICATE-----' 412s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-r0YAhf/SSSD-child-13676.pem 412s Certificate: 412s Data: 412s Version: 3 (0x2) 412s Serial Number: 4 (0x4) 412s Signature Algorithm: sha256WithRSAEncryption 412s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 412s Validity 412s Not Before: Jun 14 15:18:41 2024 GMT 412s Not After : Jun 14 15:18:41 2025 GMT 412s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 412s Subject Public Key Info: 412s Public Key Algorithm: rsaEncryption 412s Public-Key: (1024 bit) 412s Modulus: 412s 00:d7:8b:ee:48:46:3f:a6:0e:24:a3:0a:7e:d8:6f: 412s 4e:ba:b5:e2:cf:2d:70:90:6c:60:6f:75:e4:a5:93: 412s 58:90:fc:d9:6e:13:f4:c1:2b:ba:5b:b5:93:96:2d: 412s 20:75:fc:20:c1:60:d3:30:0e:d4:66:ee:53:2d:63: 412s 97:89:0c:1b:2c:e5:14:c9:5c:d4:c7:9a:9f:8c:73: 412s 95:6a:c9:2c:a5:cf:8a:ca:86:ce:d4:b9:99:2e:d9: 412s c4:ef:e8:00:7a:1b:dc:cb:a6:aa:0e:ae:70:23:80: 412s a2:b1:c2:2d:fd:d8:b8:a6:0d:ea:b8:53:1a:9c:42: 412s c4:47:c7:02:eb:4d:1e:d6:13 412s Exponent: 65537 (0x10001) 412s X509v3 extensions: 412s X509v3 Authority Key Identifier: 412s 4D:4B:39:58:01:C0:20:7E:87:BD:BC:88:5D:D2:F5:01:1B:91:58:EC 412s X509v3 Basic Constraints: 412s CA:FALSE 412s Netscape Cert Type: 412s SSL Client, S/MIME 412s Netscape Comment: 412s Test Organization Intermediate CA trusted Certificate 412s X509v3 Subject Key Identifier: 412s A4:B5:22:66:A3:8C:99:45:12:07:7E:F5:93:03:A4:D5:B8:0A:1B:B3 412s X509v3 Key Usage: critical 412s Digital Signature, Non Repudiation, Key Encipherment 412s X509v3 Extended Key Usage: 412s TLS Web Client Authentication, E-mail Protection 412s X509v3 Subject Alternative Name: 412s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 412s Signature Algorithm: sha256WithRSAEncryption 412s Signature Value: 412s 69:1c:41:2f:f0:fd:c7:57:35:f9:99:4f:21:b6:55:1b:de:1e: 412s 2f:0c:85:b1:2c:2c:b2:6b:1c:18:12:ce:07:e4:2f:bc:6b:62: 412s c6:33:c1:aa:4c:ce:46:6d:0e:ad:9a:35:54:b0:1c:fb:70:73: 412s c9:3d:be:24:0a:f8:32:35:7e:4e:da:34:5b:1e:81:01:26:16: 412s 86:f2:77:71:22:0c:26:06:b3:7d:6a:7f:eb:4e:38:c2:25:3e: 412s 33:33:bd:e4:07:3e:fd:b4:a3:e8:67:25:8f:f8:c1:f3:e3:d3: 412s 91:46:18:d4:b9:87:51:f3:01:04:ef:1b:67:c4:53:9e:9a:b3: 412s 61:68 412s + local found_md5 expected_md5 412s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-r0YAhf/test-intermediate-CA-trusted-certificate-0001.pem 412s + expected_md5=Modulus=D78BEE48463FA60E24A30A7ED86F4EBAB5E2CF2D70906C606F75E4A5935890FCD96E13F4C12BBA5BB593962D2075FC20C160D3300ED466EE532D6397890C1B2CE514C95CD4C79A9F8C73956AC92CA5CF8ACA86CED4B9992ED9C4EFE8007A1BDCCBA6AA0EAE702380A2B1C22DFDD8B8A60DEAB8531A9C42C447C702EB4D1ED613 412s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-r0YAhf/SSSD-child-13676.pem 412s + found_md5=Modulus=D78BEE48463FA60E24A30A7ED86F4EBAB5E2CF2D70906C606F75E4A5935890FCD96E13F4C12BBA5BB593962D2075FC20C160D3300ED466EE532D6397890C1B2CE514C95CD4C79A9F8C73956AC92CA5CF8ACA86CED4B9992ED9C4EFE8007A1BDCCBA6AA0EAE702380A2B1C22DFDD8B8A60DEAB8531A9C42C447C702EB4D1ED613 412s + '[' Modulus=D78BEE48463FA60E24A30A7ED86F4EBAB5E2CF2D70906C606F75E4A5935890FCD96E13F4C12BBA5BB593962D2075FC20C160D3300ED466EE532D6397890C1B2CE514C95CD4C79A9F8C73956AC92CA5CF8ACA86CED4B9992ED9C4EFE8007A1BDCCBA6AA0EAE702380A2B1C22DFDD8B8A60DEAB8531A9C42C447C702EB4D1ED613 '!=' Modulus=D78BEE48463FA60E24A30A7ED86F4EBAB5E2CF2D70906C606F75E4A5935890FCD96E13F4C12BBA5BB593962D2075FC20C160D3300ED466EE532D6397890C1B2CE514C95CD4C79A9F8C73956AC92CA5CF8ACA86CED4B9992ED9C4EFE8007A1BDCCBA6AA0EAE702380A2B1C22DFDD8B8A60DEAB8531A9C42C447C702EB4D1ED613 ']' 412s + output_file=/tmp/sssd-softhsm2-r0YAhf/SSSD-child-13676-auth.output 412s ++ basename /tmp/sssd-softhsm2-r0YAhf/SSSD-child-13676-auth.output .output 412s + output_cert_file=/tmp/sssd-softhsm2-r0YAhf/SSSD-child-13676-auth.pem 412s + echo -n 053350 412s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/dev/null --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=no_verification --token_name 'Test Organization Interme Token' --module_name /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so 412s [p11_child[2346]] [main] (0x0400): p11_child started. 412s [p11_child[2346]] [main] (0x2000): Running in [auth] mode. 412s [p11_child[2346]] [main] (0x2000): Running with effective IDs: [0][0]. 412s [p11_child[2346]] [main] (0x2000): Running with real IDs [0][0]. 412s [p11_child[2346]] [parse_cert_verify_opts] (0x0020): Found 'no_verification' option, disabling verification completely. This should not be used in production. 412s [p11_child[2346]] [do_card] (0x4000): Module List: 412s [p11_child[2346]] [do_card] (0x4000): common name: [softhsm2]. 412s [p11_child[2346]] [do_card] (0x4000): dll name: [/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 412s [p11_child[2346]] [do_card] (0x4000): Description [SoftHSM slot ID 0x327c4afa] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 412s [p11_child[2346]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 412s [p11_child[2346]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x327c4afa][847006458] of module [0][/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 412s [p11_child[2346]] [do_card] (0x4000): Login required. 412s [p11_child[2346]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 412s [p11_child[2346]] [do_card] (0x4000): /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so Test Organization Interme Token Test Organization Interme Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 412s [p11_child[2346]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x327c4afa;slot-manufacturer=SoftHSM%20project;slot-id=847006458;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=009fea51b27c4afa;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 412s [p11_child[2346]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 412s [p11_child[2346]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 412s [p11_child[2346]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 412s [p11_child[2346]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 412s [p11_child[2346]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 412s [p11_child[2346]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 412s [p11_child[2346]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 412s [p11_child[2346]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 412s [p11_child[2346]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 412s [p11_child[2346]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 412s [p11_child[2346]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 412s [p11_child[2346]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 412s [p11_child[2346]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 412s [p11_child[2346]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 412s [p11_child[2346]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 412s [p11_child[2346]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 412s [p11_child[2346]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 412s [p11_child[2346]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 412s [p11_child[2346]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 412s [p11_child[2346]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 412s [p11_child[2346]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 412s [p11_child[2346]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 412s [p11_child[2346]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 412s [p11_child[2346]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 412s [p11_child[2346]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 412s [p11_child[2346]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 412s [p11_child[2346]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 412s [p11_child[2346]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 412s [p11_child[2346]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 412s [p11_child[2346]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 412s [p11_child[2346]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 412s [p11_child[2346]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 412s [p11_child[2346]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 412s [p11_child[2346]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 412s [p11_child[2346]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 412s [p11_child[2346]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 412s [p11_child[2346]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 412s [p11_child[2346]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 412s [p11_child[2346]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 412s [p11_child[2346]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 412s [p11_child[2346]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 412s [p11_child[2346]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 412s [p11_child[2346]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 412s [p11_child[2346]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 412s [p11_child[2346]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 412s [p11_child[2346]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 412s [p11_child[2346]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 412s [p11_child[2346]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 412s [p11_child[2346]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 412s [p11_child[2346]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 412s [p11_child[2346]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 412s [p11_child[2346]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 412s [p11_child[2346]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 412s [p11_child[2346]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 412s [p11_child[2346]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 412s [p11_child[2346]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 412s [p11_child[2346]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 412s [p11_child[2346]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 412s [p11_child[2346]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 412s [p11_child[2346]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 412s [p11_child[2346]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 412s [p11_child[2346]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 412s [p11_child[2346]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 412s [p11_child[2346]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 412s [p11_child[2346]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 412s [p11_child[2346]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 412s [p11_child[2346]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 412s [p11_child[2346]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 412s [p11_child[2346]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 412s [p11_child[2346]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 412s [p11_child[2346]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 412s [p11_child[2346]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 412s [p11_child[2346]] [do_card] (0x4000): Certificate verified and validated. 412s [p11_child[2346]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 412s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-r0YAhf/SSSD-child-13676-auth.output 412s + echo '-----BEGIN CERTIFICATE-----' 412s + tail -n1 /tmp/sssd-softhsm2-r0YAhf/SSSD-child-13676-auth.output 412s + echo '-----END CERTIFICATE-----' 412s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-r0YAhf/SSSD-child-13676-auth.pem 412s Certificate: 412s Data: 412s Version: 3 (0x2) 412s Serial Number: 4 (0x4) 412s Signature Algorithm: sha256WithRSAEncryption 412s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 412s Validity 412s Not Before: Jun 14 15:18:41 2024 GMT 412s Not After : Jun 14 15:18:41 2025 GMT 412s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 412s Subject Public Key Info: 412s Public Key Algorithm: rsaEncryption 412s Public-Key: (1024 bit) 412s Modulus: 412s 00:d7:8b:ee:48:46:3f:a6:0e:24:a3:0a:7e:d8:6f: 412s 4e:ba:b5:e2:cf:2d:70:90:6c:60:6f:75:e4:a5:93: 412s 58:90:fc:d9:6e:13:f4:c1:2b:ba:5b:b5:93:96:2d: 412s 20:75:fc:20:c1:60:d3:30:0e:d4:66:ee:53:2d:63: 412s 97:89:0c:1b:2c:e5:14:c9:5c:d4:c7:9a:9f:8c:73: 412s 95:6a:c9:2c:a5:cf:8a:ca:86:ce:d4:b9:99:2e:d9: 412s c4:ef:e8:00:7a:1b:dc:cb:a6:aa:0e:ae:70:23:80: 412s a2:b1:c2:2d:fd:d8:b8:a6:0d:ea:b8:53:1a:9c:42: 412s c4:47:c7:02:eb:4d:1e:d6:13 412s Exponent: 65537 (0x10001) 412s X509v3 extensions: 412s X509v3 Authority Key Identifier: 412s 4D:4B:39:58:01:C0:20:7E:87:BD:BC:88:5D:D2:F5:01:1B:91:58:EC 412s X509v3 Basic Constraints: 412s CA:FALSE 412s Netscape Cert Type: 412s SSL Client, S/MIME 412s Netscape Comment: 412s Test Organization Intermediate CA trusted Certificate 412s X509v3 Subject Key Identifier: 412s A4:B5:22:66:A3:8C:99:45:12:07:7E:F5:93:03:A4:D5:B8:0A:1B:B3 412s X509v3 Key Usage: critical 412s Digital Signature, Non Repudiation, Key Encipherment 412s X509v3 Extended Key Usage: 412s TLS Web Client Authentication, E-mail Protection 412s X509v3 Subject Alternative Name: 412s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 412s Signature Algorithm: sha256WithRSAEncryption 412s Signature Value: 412s 69:1c:41:2f:f0:fd:c7:57:35:f9:99:4f:21:b6:55:1b:de:1e: 412s 2f:0c:85:b1:2c:2c:b2:6b:1c:18:12:ce:07:e4:2f:bc:6b:62: 412s c6:33:c1:aa:4c:ce:46:6d:0e:ad:9a:35:54:b0:1c:fb:70:73: 412s c9:3d:be:24:0a:f8:32:35:7e:4e:da:34:5b:1e:81:01:26:16: 412s 86:f2:77:71:22:0c:26:06:b3:7d:6a:7f:eb:4e:38:c2:25:3e: 412s 33:33:bd:e4:07:3e:fd:b4:a3:e8:67:25:8f:f8:c1:f3:e3:d3: 412s 91:46:18:d4:b9:87:51:f3:01:04:ef:1b:67:c4:53:9e:9a:b3: 412s 61:68 412s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-r0YAhf/SSSD-child-13676-auth.pem 412s + found_md5=Modulus=D78BEE48463FA60E24A30A7ED86F4EBAB5E2CF2D70906C606F75E4A5935890FCD96E13F4C12BBA5BB593962D2075FC20C160D3300ED466EE532D6397890C1B2CE514C95CD4C79A9F8C73956AC92CA5CF8ACA86CED4B9992ED9C4EFE8007A1BDCCBA6AA0EAE702380A2B1C22DFDD8B8A60DEAB8531A9C42C447C702EB4D1ED613 412s + '[' Modulus=D78BEE48463FA60E24A30A7ED86F4EBAB5E2CF2D70906C606F75E4A5935890FCD96E13F4C12BBA5BB593962D2075FC20C160D3300ED466EE532D6397890C1B2CE514C95CD4C79A9F8C73956AC92CA5CF8ACA86CED4B9992ED9C4EFE8007A1BDCCBA6AA0EAE702380A2B1C22DFDD8B8A60DEAB8531A9C42C447C702EB4D1ED613 '!=' Modulus=D78BEE48463FA60E24A30A7ED86F4EBAB5E2CF2D70906C606F75E4A5935890FCD96E13F4C12BBA5BB593962D2075FC20C160D3300ED466EE532D6397890C1B2CE514C95CD4C79A9F8C73956AC92CA5CF8ACA86CED4B9992ED9C4EFE8007A1BDCCBA6AA0EAE702380A2B1C22DFDD8B8A60DEAB8531A9C42C447C702EB4D1ED613 ']' 412s + invalid_certificate /tmp/sssd-softhsm2-r0YAhf/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-811 /tmp/sssd-softhsm2-r0YAhf/test-root-CA.pem 412s + check_certificate /tmp/sssd-softhsm2-r0YAhf/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-811 /tmp/sssd-softhsm2-r0YAhf/test-root-CA.pem 412s + local certificate=/tmp/sssd-softhsm2-r0YAhf/test-intermediate-CA-trusted-certificate-0001.pem 412s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-811 412s + local key_ring=/tmp/sssd-softhsm2-r0YAhf/test-root-CA.pem 412s + local verify_option= 412s + prepare_softhsm2_card /tmp/sssd-softhsm2-r0YAhf/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-811 412s + local certificate=/tmp/sssd-softhsm2-r0YAhf/test-intermediate-CA-trusted-certificate-0001.pem 412s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-811 412s + local key_cn 412s + local key_name 412s + local tokens_dir 412s + local output_cert_file 412s + token_name= 412s ++ basename /tmp/sssd-softhsm2-r0YAhf/test-intermediate-CA-trusted-certificate-0001.pem .pem 412s + key_name=test-intermediate-CA-trusted-certificate-0001 412s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-r0YAhf/test-intermediate-CA-trusted-certificate-0001.pem 412s ++ sed -n 's/ *commonName *= //p' 412s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 412s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 412s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-r0YAhf/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 412s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-r0YAhf/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 412s ++ basename /tmp/sssd-softhsm2-r0YAhf/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 412s Test Organization Interme Token 412s + tokens_dir=/tmp/sssd-softhsm2-r0YAhf/softhsm2-test-intermediate-CA-trusted-certificate-0001 412s + token_name='Test Organization Interme Token' 412s + '[' '!' -e /tmp/sssd-softhsm2-r0YAhf/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 412s + '[' '!' -d /tmp/sssd-softhsm2-r0YAhf/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 412s + echo 'Test Organization Interme Token' 412s + '[' -n '' ']' 412s + local output_base_name=SSSD-child-11543 412s + local output_file=/tmp/sssd-softhsm2-r0YAhf/SSSD-child-11543.output 412s + output_cert_file=/tmp/sssd-softhsm2-r0YAhf/SSSD-child-11543.pem 412s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-r0YAhf/test-root-CA.pem 412s [p11_child[2356]] [main] (0x0400): p11_child started. 412s [p11_child[2356]] [main] (0x2000): Running in [pre-auth] mode. 412s [p11_child[2356]] [main] (0x2000): Running with effective IDs: [0][0]. 412s [p11_child[2356]] [main] (0x2000): Running with real IDs [0][0]. 412s [p11_child[2356]] [do_card] (0x4000): Module List: 412s [p11_child[2356]] [do_card] (0x4000): common name: [softhsm2]. 412s [p11_child[2356]] [do_card] (0x4000): dll name: [/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 412s [p11_child[2356]] [do_card] (0x4000): Description [SoftHSM slot ID 0x327c4afa] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 412s [p11_child[2356]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 412s [p11_child[2356]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x327c4afa][847006458] of module [0][/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 412s [p11_child[2356]] [do_card] (0x4000): Login NOT required. 412s [p11_child[2356]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 412s [p11_child[2356]] [do_verification] (0x0040): X509_verify_cert failed [0]. 412s [p11_child[2356]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 412s [p11_child[2356]] [read_certs] (0x0040): Certificate [Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] not valid, skipping. 412s [p11_child[2356]] [do_card] (0x4000): No certificate found. 412s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-r0YAhf/SSSD-child-11543.output 412s + return 2 412s + invalid_certificate /tmp/sssd-softhsm2-r0YAhf/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-811 /tmp/sssd-softhsm2-r0YAhf/test-root-CA.pem partial_chain 412s + check_certificate /tmp/sssd-softhsm2-r0YAhf/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-811 /tmp/sssd-softhsm2-r0YAhf/test-root-CA.pem partial_chain 412s + local certificate=/tmp/sssd-softhsm2-r0YAhf/test-intermediate-CA-trusted-certificate-0001.pem 412s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-811 412s + local key_ring=/tmp/sssd-softhsm2-r0YAhf/test-root-CA.pem 412s + local verify_option=partial_chain 412s + prepare_softhsm2_card /tmp/sssd-softhsm2-r0YAhf/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-811 412s + local certificate=/tmp/sssd-softhsm2-r0YAhf/test-intermediate-CA-trusted-certificate-0001.pem 412s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-811 412s + local key_cn 412s + local key_name 412s + local tokens_dir 412s + local output_cert_file 412s + token_name= 412s ++ basename /tmp/sssd-softhsm2-r0YAhf/test-intermediate-CA-trusted-certificate-0001.pem .pem 412s + key_name=test-intermediate-CA-trusted-certificate-0001 412s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-r0YAhf/test-intermediate-CA-trusted-certificate-0001.pem 412s ++ sed -n 's/ *commonName *= //p' 412s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 412s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 412s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-r0YAhf/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 412s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-r0YAhf/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 412s ++ basename /tmp/sssd-softhsm2-r0YAhf/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 412s Test Organization Interme Token 412s + tokens_dir=/tmp/sssd-softhsm2-r0YAhf/softhsm2-test-intermediate-CA-trusted-certificate-0001 412s + token_name='Test Organization Interme Token' 412s + '[' '!' -e /tmp/sssd-softhsm2-r0YAhf/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 412s + '[' '!' -d /tmp/sssd-softhsm2-r0YAhf/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 412s + echo 'Test Organization Interme Token' 412s + '[' -n partial_chain ']' 412s + local verify_arg=--verify=partial_chain 412s + local output_base_name=SSSD-child-11754 412s + local output_file=/tmp/sssd-softhsm2-r0YAhf/SSSD-child-11754.output 412s + output_cert_file=/tmp/sssd-softhsm2-r0YAhf/SSSD-child-11754.pem 412s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-r0YAhf/test-root-CA.pem 412s [p11_child[2363]] [main] (0x0400): p11_child started. 412s [p11_child[2363]] [main] (0x2000): Running in [pre-auth] mode. 412s [p11_child[2363]] [main] (0x2000): Running with effective IDs: [0][0]. 412s [p11_child[2363]] [main] (0x2000): Running with real IDs [0][0]. 412s [p11_child[2363]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 412s [p11_child[2363]] [do_card] (0x4000): Module List: 412s [p11_child[2363]] [do_card] (0x4000): common name: [softhsm2]. 412s [p11_child[2363]] [do_card] (0x4000): dll name: [/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 412s [p11_child[2363]] [do_card] (0x4000): Description [SoftHSM slot ID 0x327c4afa] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 412s [p11_child[2363]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 412s [p11_child[2363]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x327c4afa][847006458] of module [0][/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 412s [p11_child[2363]] [do_card] (0x4000): Login NOT required. 412s [p11_child[2363]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 412s [p11_child[2363]] [do_verification] (0x0040): X509_verify_cert failed [0]. 412s [p11_child[2363]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 412s [p11_child[2363]] [read_certs] (0x0040): Certificate [Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] not valid, skipping. 412s [p11_child[2363]] [do_card] (0x4000): No certificate found. 412s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-r0YAhf/SSSD-child-11754.output 412s + return 2 412s + valid_certificate /tmp/sssd-softhsm2-r0YAhf/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-811 /tmp/sssd-softhsm2-r0YAhf/test-full-chain-CA.pem 412s + check_certificate /tmp/sssd-softhsm2-r0YAhf/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-811 /tmp/sssd-softhsm2-r0YAhf/test-full-chain-CA.pem 412s + local certificate=/tmp/sssd-softhsm2-r0YAhf/test-intermediate-CA-trusted-certificate-0001.pem 412s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-811 412s + local key_ring=/tmp/sssd-softhsm2-r0YAhf/test-full-chain-CA.pem 412s + local verify_option= 412s + prepare_softhsm2_card /tmp/sssd-softhsm2-r0YAhf/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-811 412s + local certificate=/tmp/sssd-softhsm2-r0YAhf/test-intermediate-CA-trusted-certificate-0001.pem 412s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-811 412s + local key_cn 412s + local key_name 412s + local tokens_dir 412s + local output_cert_file 412s + token_name= 412s ++ basename /tmp/sssd-softhsm2-r0YAhf/test-intermediate-CA-trusted-certificate-0001.pem .pem 412s + key_name=test-intermediate-CA-trusted-certificate-0001 412s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-r0YAhf/test-intermediate-CA-trusted-certificate-0001.pem 412s ++ sed -n 's/ *commonName *= //p' 412s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 412s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 412s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-r0YAhf/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 412s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-r0YAhf/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 412s ++ basename /tmp/sssd-softhsm2-r0YAhf/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 412s + tokens_dir=/tmp/sssd-softhsm2-r0YAhf/softhsm2-test-intermediate-CA-trusted-certificate-0001 412s + token_name='Test Organization Interme Token' 412s + '[' '!' -e /tmp/sssd-softhsm2-r0YAhf/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 412s + '[' '!' -d /tmp/sssd-softhsm2-r0YAhf/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 412s + echo 'Test Organization Interme Token' 412s + '[' -n '' ']' 412s + local output_base_name=SSSD-child-17033 412s + local output_file=/tmp/sssd-softhsm2-r0YAhf/SSSD-child-17033.output 412s + output_cert_file=/tmp/sssd-softhsm2-r0YAhf/SSSD-child-17033.pem 412s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-r0YAhf/test-full-chain-CA.pem 412s Test Organization Interme Token 412s [p11_child[2370]] [main] (0x0400): p11_child started. 412s [p11_child[2370]] [main] (0x2000): Running in [pre-auth] mode. 412s [p11_child[2370]] [main] (0x2000): Running with effective IDs: [0][0]. 412s [p11_child[2370]] [main] (0x2000): Running with real IDs [0][0]. 412s [p11_child[2370]] [do_card] (0x4000): Module List: 412s [p11_child[2370]] [do_card] (0x4000): common name: [softhsm2]. 412s [p11_child[2370]] [do_card] (0x4000): dll name: [/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 412s [p11_child[2370]] [do_card] (0x4000): Description [SoftHSM slot ID 0x327c4afa] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 412s [p11_child[2370]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 412s [p11_child[2370]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x327c4afa][847006458] of module [0][/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 412s [p11_child[2370]] [do_card] (0x4000): Login NOT required. 412s [p11_child[2370]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 412s [p11_child[2370]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 412s [p11_child[2370]] [do_card] (0x4000): /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Interme Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 412s [p11_child[2370]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x327c4afa;slot-manufacturer=SoftHSM%20project;slot-id=847006458;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=009fea51b27c4afa;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 412s [p11_child[2370]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 412s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-r0YAhf/SSSD-child-17033.output 412s + echo '-----BEGIN CERTIFICATE-----' 412s + tail -n1 /tmp/sssd-softhsm2-r0YAhf/SSSD-child-17033.output 412s + echo '-----END CERTIFICATE-----' 412s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-r0YAhf/SSSD-child-17033.pem 412s Certificate: 412s Data: 412s Version: 3 (0x2) 412s Serial Number: 4 (0x4) 412s Signature Algorithm: sha256WithRSAEncryption 412s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 412s Validity 412s Not Before: Jun 14 15:18:41 2024 GMT 412s Not After : Jun 14 15:18:41 2025 GMT 412s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 412s Subject Public Key Info: 412s Public Key Algorithm: rsaEncryption 412s Public-Key: (1024 bit) 412s Modulus: 412s 00:d7:8b:ee:48:46:3f:a6:0e:24:a3:0a:7e:d8:6f: 412s 4e:ba:b5:e2:cf:2d:70:90:6c:60:6f:75:e4:a5:93: 412s 58:90:fc:d9:6e:13:f4:c1:2b:ba:5b:b5:93:96:2d: 412s 20:75:fc:20:c1:60:d3:30:0e:d4:66:ee:53:2d:63: 412s 97:89:0c:1b:2c:e5:14:c9:5c:d4:c7:9a:9f:8c:73: 412s 95:6a:c9:2c:a5:cf:8a:ca:86:ce:d4:b9:99:2e:d9: 412s c4:ef:e8:00:7a:1b:dc:cb:a6:aa:0e:ae:70:23:80: 412s a2:b1:c2:2d:fd:d8:b8:a6:0d:ea:b8:53:1a:9c:42: 412s c4:47:c7:02:eb:4d:1e:d6:13 412s Exponent: 65537 (0x10001) 412s X509v3 extensions: 412s X509v3 Authority Key Identifier: 412s 4D:4B:39:58:01:C0:20:7E:87:BD:BC:88:5D:D2:F5:01:1B:91:58:EC 412s X509v3 Basic Constraints: 412s CA:FALSE 412s Netscape Cert Type: 412s SSL Client, S/MIME 412s Netscape Comment: 412s Test Organization Intermediate CA trusted Certificate 412s X509v3 Subject Key Identifier: 412s A4:B5:22:66:A3:8C:99:45:12:07:7E:F5:93:03:A4:D5:B8:0A:1B:B3 412s X509v3 Key Usage: critical 412s Digital Signature, Non Repudiation, Key Encipherment 412s X509v3 Extended Key Usage: 412s TLS Web Client Authentication, E-mail Protection 412s X509v3 Subject Alternative Name: 412s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 412s Signature Algorithm: sha256WithRSAEncryption 412s Signature Value: 412s 69:1c:41:2f:f0:fd:c7:57:35:f9:99:4f:21:b6:55:1b:de:1e: 412s 2f:0c:85:b1:2c:2c:b2:6b:1c:18:12:ce:07:e4:2f:bc:6b:62: 412s c6:33:c1:aa:4c:ce:46:6d:0e:ad:9a:35:54:b0:1c:fb:70:73: 412s c9:3d:be:24:0a:f8:32:35:7e:4e:da:34:5b:1e:81:01:26:16: 412s 86:f2:77:71:22:0c:26:06:b3:7d:6a:7f:eb:4e:38:c2:25:3e: 412s 33:33:bd:e4:07:3e:fd:b4:a3:e8:67:25:8f:f8:c1:f3:e3:d3: 412s 91:46:18:d4:b9:87:51:f3:01:04:ef:1b:67:c4:53:9e:9a:b3: 412s 61:68 412s + local found_md5 expected_md5 412s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-r0YAhf/test-intermediate-CA-trusted-certificate-0001.pem 412s + expected_md5=Modulus=D78BEE48463FA60E24A30A7ED86F4EBAB5E2CF2D70906C606F75E4A5935890FCD96E13F4C12BBA5BB593962D2075FC20C160D3300ED466EE532D6397890C1B2CE514C95CD4C79A9F8C73956AC92CA5CF8ACA86CED4B9992ED9C4EFE8007A1BDCCBA6AA0EAE702380A2B1C22DFDD8B8A60DEAB8531A9C42C447C702EB4D1ED613 412s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-r0YAhf/SSSD-child-17033.pem 412s + found_md5=Modulus=D78BEE48463FA60E24A30A7ED86F4EBAB5E2CF2D70906C606F75E4A5935890FCD96E13F4C12BBA5BB593962D2075FC20C160D3300ED466EE532D6397890C1B2CE514C95CD4C79A9F8C73956AC92CA5CF8ACA86CED4B9992ED9C4EFE8007A1BDCCBA6AA0EAE702380A2B1C22DFDD8B8A60DEAB8531A9C42C447C702EB4D1ED613 412s + '[' Modulus=D78BEE48463FA60E24A30A7ED86F4EBAB5E2CF2D70906C606F75E4A5935890FCD96E13F4C12BBA5BB593962D2075FC20C160D3300ED466EE532D6397890C1B2CE514C95CD4C79A9F8C73956AC92CA5CF8ACA86CED4B9992ED9C4EFE8007A1BDCCBA6AA0EAE702380A2B1C22DFDD8B8A60DEAB8531A9C42C447C702EB4D1ED613 '!=' Modulus=D78BEE48463FA60E24A30A7ED86F4EBAB5E2CF2D70906C606F75E4A5935890FCD96E13F4C12BBA5BB593962D2075FC20C160D3300ED466EE532D6397890C1B2CE514C95CD4C79A9F8C73956AC92CA5CF8ACA86CED4B9992ED9C4EFE8007A1BDCCBA6AA0EAE702380A2B1C22DFDD8B8A60DEAB8531A9C42C447C702EB4D1ED613 ']' 412s + output_file=/tmp/sssd-softhsm2-r0YAhf/SSSD-child-17033-auth.output 412s ++ basename /tmp/sssd-softhsm2-r0YAhf/SSSD-child-17033-auth.output .output 412s + output_cert_file=/tmp/sssd-softhsm2-r0YAhf/SSSD-child-17033-auth.pem 412s + echo -n 053350 412s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-r0YAhf/test-full-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 '' --token_name 'Test Organization Interme Token' --module_name /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so 412s [p11_child[2378]] [main] (0x0400): p11_child started. 412s [p11_child[2378]] [main] (0x2000): Running in [auth] mode. 412s [p11_child[2378]] [main] (0x2000): Running with effective IDs: [0][0]. 412s [p11_child[2378]] [main] (0x2000): Running with real IDs [0][0]. 412s [p11_child[2378]] [do_card] (0x4000): Module List: 412s [p11_child[2378]] [do_card] (0x4000): common name: [softhsm2]. 412s [p11_child[2378]] [do_card] (0x4000): dll name: [/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 412s [p11_child[2378]] [do_card] (0x4000): Description [SoftHSM slot ID 0x327c4afa] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 412s [p11_child[2378]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 412s [p11_child[2378]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x327c4afa][847006458] of module [0][/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 412s [p11_child[2378]] [do_card] (0x4000): Login required. 412s [p11_child[2378]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 412s [p11_child[2378]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 412s [p11_child[2378]] [do_card] (0x4000): /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so Test Organization Interme Token Test Organization Interme Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 412s [p11_child[2378]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x327c4afa;slot-manufacturer=SoftHSM%20project;slot-id=847006458;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=009fea51b27c4afa;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 412s [p11_child[2378]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 412s [p11_child[2378]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 412s [p11_child[2378]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 412s [p11_child[2378]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 412s [p11_child[2378]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 412s [p11_child[2378]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 412s [p11_child[2378]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 412s [p11_child[2378]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 412s [p11_child[2378]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 412s [p11_child[2378]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 412s [p11_child[2378]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 412s [p11_child[2378]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 412s [p11_child[2378]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 412s [p11_child[2378]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 412s [p11_child[2378]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 412s [p11_child[2378]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 412s [p11_child[2378]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 412s [p11_child[2378]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 412s [p11_child[2378]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 412s [p11_child[2378]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 412s [p11_child[2378]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 412s [p11_child[2378]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 412s [p11_child[2378]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 412s [p11_child[2378]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 412s [p11_child[2378]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 412s [p11_child[2378]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 412s [p11_child[2378]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 412s [p11_child[2378]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 412s [p11_child[2378]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 412s [p11_child[2378]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 412s [p11_child[2378]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 412s [p11_child[2378]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 412s [p11_child[2378]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 412s [p11_child[2378]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 412s [p11_child[2378]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 412s [p11_child[2378]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 412s [p11_child[2378]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 412s [p11_child[2378]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 412s [p11_child[2378]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 412s [p11_child[2378]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 412s [p11_child[2378]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 412s [p11_child[2378]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 412s [p11_child[2378]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 412s [p11_child[2378]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 412s [p11_child[2378]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 412s [p11_child[2378]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 412s [p11_child[2378]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 412s [p11_child[2378]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 412s [p11_child[2378]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 412s [p11_child[2378]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 412s [p11_child[2378]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 412s [p11_child[2378]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 412s [p11_child[2378]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 412s [p11_child[2378]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 412s [p11_child[2378]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 412s [p11_child[2378]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 412s [p11_child[2378]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 412s [p11_child[2378]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 412s [p11_child[2378]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 412s [p11_child[2378]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 412s [p11_child[2378]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 412s [p11_child[2378]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 412s [p11_child[2378]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 412s [p11_child[2378]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 412s [p11_child[2378]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 412s [p11_child[2378]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 412s [p11_child[2378]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 412s [p11_child[2378]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 412s [p11_child[2378]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 412s [p11_child[2378]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 412s [p11_child[2378]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 412s [p11_child[2378]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 412s [p11_child[2378]] [do_card] (0x4000): Certificate verified and validated. 412s [p11_child[2378]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 412s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-r0YAhf/SSSD-child-17033-auth.output 412s + echo '-----BEGIN CERTIFICATE-----' 412s + tail -n1 /tmp/sssd-softhsm2-r0YAhf/SSSD-child-17033-auth.output 412s + echo '-----END CERTIFICATE-----' 412s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-r0YAhf/SSSD-child-17033-auth.pem 412s Certificate: 412s Data: 412s Version: 3 (0x2) 412s Serial Number: 4 (0x4) 412s Signature Algorithm: sha256WithRSAEncryption 412s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 412s Validity 412s Not Before: Jun 14 15:18:41 2024 GMT 412s Not After : Jun 14 15:18:41 2025 GMT 412s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 412s Subject Public Key Info: 412s Public Key Algorithm: rsaEncryption 412s Public-Key: (1024 bit) 412s Modulus: 412s 00:d7:8b:ee:48:46:3f:a6:0e:24:a3:0a:7e:d8:6f: 412s 4e:ba:b5:e2:cf:2d:70:90:6c:60:6f:75:e4:a5:93: 412s 58:90:fc:d9:6e:13:f4:c1:2b:ba:5b:b5:93:96:2d: 412s 20:75:fc:20:c1:60:d3:30:0e:d4:66:ee:53:2d:63: 412s 97:89:0c:1b:2c:e5:14:c9:5c:d4:c7:9a:9f:8c:73: 412s 95:6a:c9:2c:a5:cf:8a:ca:86:ce:d4:b9:99:2e:d9: 412s c4:ef:e8:00:7a:1b:dc:cb:a6:aa:0e:ae:70:23:80: 412s a2:b1:c2:2d:fd:d8:b8:a6:0d:ea:b8:53:1a:9c:42: 412s c4:47:c7:02:eb:4d:1e:d6:13 412s Exponent: 65537 (0x10001) 412s X509v3 extensions: 412s X509v3 Authority Key Identifier: 412s 4D:4B:39:58:01:C0:20:7E:87:BD:BC:88:5D:D2:F5:01:1B:91:58:EC 412s X509v3 Basic Constraints: 412s CA:FALSE 412s Netscape Cert Type: 412s SSL Client, S/MIME 412s Netscape Comment: 412s Test Organization Intermediate CA trusted Certificate 412s X509v3 Subject Key Identifier: 412s A4:B5:22:66:A3:8C:99:45:12:07:7E:F5:93:03:A4:D5:B8:0A:1B:B3 412s X509v3 Key Usage: critical 412s Digital Signature, Non Repudiation, Key Encipherment 412s X509v3 Extended Key Usage: 412s TLS Web Client Authentication, E-mail Protection 412s X509v3 Subject Alternative Name: 412s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 412s Signature Algorithm: sha256WithRSAEncryption 412s Signature Value: 412s 69:1c:41:2f:f0:fd:c7:57:35:f9:99:4f:21:b6:55:1b:de:1e: 412s 2f:0c:85:b1:2c:2c:b2:6b:1c:18:12:ce:07:e4:2f:bc:6b:62: 412s c6:33:c1:aa:4c:ce:46:6d:0e:ad:9a:35:54:b0:1c:fb:70:73: 412s c9:3d:be:24:0a:f8:32:35:7e:4e:da:34:5b:1e:81:01:26:16: 412s 86:f2:77:71:22:0c:26:06:b3:7d:6a:7f:eb:4e:38:c2:25:3e: 412s 33:33:bd:e4:07:3e:fd:b4:a3:e8:67:25:8f:f8:c1:f3:e3:d3: 412s 91:46:18:d4:b9:87:51:f3:01:04:ef:1b:67:c4:53:9e:9a:b3: 412s 61:68 412s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-r0YAhf/SSSD-child-17033-auth.pem 412s + found_md5=Modulus=D78BEE48463FA60E24A30A7ED86F4EBAB5E2CF2D70906C606F75E4A5935890FCD96E13F4C12BBA5BB593962D2075FC20C160D3300ED466EE532D6397890C1B2CE514C95CD4C79A9F8C73956AC92CA5CF8ACA86CED4B9992ED9C4EFE8007A1BDCCBA6AA0EAE702380A2B1C22DFDD8B8A60DEAB8531A9C42C447C702EB4D1ED613 412s + '[' Modulus=D78BEE48463FA60E24A30A7ED86F4EBAB5E2CF2D70906C606F75E4A5935890FCD96E13F4C12BBA5BB593962D2075FC20C160D3300ED466EE532D6397890C1B2CE514C95CD4C79A9F8C73956AC92CA5CF8ACA86CED4B9992ED9C4EFE8007A1BDCCBA6AA0EAE702380A2B1C22DFDD8B8A60DEAB8531A9C42C447C702EB4D1ED613 '!=' Modulus=D78BEE48463FA60E24A30A7ED86F4EBAB5E2CF2D70906C606F75E4A5935890FCD96E13F4C12BBA5BB593962D2075FC20C160D3300ED466EE532D6397890C1B2CE514C95CD4C79A9F8C73956AC92CA5CF8ACA86CED4B9992ED9C4EFE8007A1BDCCBA6AA0EAE702380A2B1C22DFDD8B8A60DEAB8531A9C42C447C702EB4D1ED613 ']' 412s + valid_certificate /tmp/sssd-softhsm2-r0YAhf/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-811 /tmp/sssd-softhsm2-r0YAhf/test-full-chain-CA.pem partial_chain 412s + check_certificate /tmp/sssd-softhsm2-r0YAhf/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-811 /tmp/sssd-softhsm2-r0YAhf/test-full-chain-CA.pem partial_chain 412s + local certificate=/tmp/sssd-softhsm2-r0YAhf/test-intermediate-CA-trusted-certificate-0001.pem 412s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-811 412s + local key_ring=/tmp/sssd-softhsm2-r0YAhf/test-full-chain-CA.pem 412s + local verify_option=partial_chain 412s + prepare_softhsm2_card /tmp/sssd-softhsm2-r0YAhf/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-811 412s + local certificate=/tmp/sssd-softhsm2-r0YAhf/test-intermediate-CA-trusted-certificate-0001.pem 412s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-811 412s + local key_cn 412s + local key_name 412s + local tokens_dir 412s + local output_cert_file 412s + token_name= 412s ++ basename /tmp/sssd-softhsm2-r0YAhf/test-intermediate-CA-trusted-certificate-0001.pem .pem 412s + key_name=test-intermediate-CA-trusted-certificate-0001 412s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-r0YAhf/test-intermediate-CA-trusted-certificate-0001.pem 412s ++ sed -n 's/ *commonName *= //p' 412s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 412s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 412s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-r0YAhf/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 412s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-r0YAhf/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 412s ++ basename /tmp/sssd-softhsm2-r0YAhf/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 412s + tokens_dir=/tmp/sssd-softhsm2-r0YAhf/softhsm2-test-intermediate-CA-trusted-certificate-0001 412s + token_name='Test Organization Interme Token' 412s + '[' '!' -e /tmp/sssd-softhsm2-r0YAhf/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 412s + '[' '!' -d /tmp/sssd-softhsm2-r0YAhf/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 421s + echo 'Test Organization Interme Token' 421s + '[' -n partial_chain ']' 421s + local verify_arg=--verify=partial_chain 421s + local output_base_name=SSSD-child-17253 421s + local output_file=/tmp/sssd-softhsm2-r0YAhf/SSSD-child-17253.output 421s + output_cert_file=/tmp/sssd-softhsm2-r0YAhf/SSSD-child-17253.pem 421s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-r0YAhf/test-full-chain-CA.pem 421s Test Organization Interme Token 421s [p11_child[2388]] [main] (0x0400): p11_child started. 421s [p11_child[2388]] [main] (0x2000): Running in [pre-auth] mode. 421s [p11_child[2388]] [main] (0x2000): Running with effective IDs: [0][0]. 421s [p11_child[2388]] [main] (0x2000): Running with real IDs [0][0]. 421s [p11_child[2388]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 421s [p11_child[2388]] [do_card] (0x4000): Module List: 421s [p11_child[2388]] [do_card] (0x4000): common name: [softhsm2]. 421s [p11_child[2388]] [do_card] (0x4000): dll name: [/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 421s [p11_child[2388]] [do_card] (0x4000): Description [SoftHSM slot ID 0x327c4afa] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 421s [p11_child[2388]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 421s [p11_child[2388]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x327c4afa][847006458] of module [0][/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 421s [p11_child[2388]] [do_card] (0x4000): Login NOT required. 421s [p11_child[2388]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 421s [p11_child[2388]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 421s [p11_child[2388]] [do_card] (0x4000): /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Interme Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 421s [p11_child[2388]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x327c4afa;slot-manufacturer=SoftHSM%20project;slot-id=847006458;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=009fea51b27c4afa;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 421s [p11_child[2388]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 421s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-r0YAhf/SSSD-child-17253.output 421s + echo '-----BEGIN CERTIFICATE-----' 421s + tail -n1 /tmp/sssd-softhsm2-r0YAhf/SSSD-child-17253.output 421s + echo '-----END CERTIFICATE-----' 421s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-r0YAhf/SSSD-child-17253.pem 421s Certificate: 421s Data: 421s Version: 3 (0x2) 421s Serial Number: 4 (0x4) 421s Signature Algorithm: sha256WithRSAEncryption 421s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 421s Validity 421s Not Before: Jun 14 15:18:41 2024 GMT 421s Not After : Jun 14 15:18:41 2025 GMT 421s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 421s Subject Public Key Info: 421s Public Key Algorithm: rsaEncryption 421s Public-Key: (1024 bit) 421s Modulus: 421s 00:d7:8b:ee:48:46:3f:a6:0e:24:a3:0a:7e:d8:6f: 421s 4e:ba:b5:e2:cf:2d:70:90:6c:60:6f:75:e4:a5:93: 421s 58:90:fc:d9:6e:13:f4:c1:2b:ba:5b:b5:93:96:2d: 421s 20:75:fc:20:c1:60:d3:30:0e:d4:66:ee:53:2d:63: 421s 97:89:0c:1b:2c:e5:14:c9:5c:d4:c7:9a:9f:8c:73: 421s 95:6a:c9:2c:a5:cf:8a:ca:86:ce:d4:b9:99:2e:d9: 421s c4:ef:e8:00:7a:1b:dc:cb:a6:aa:0e:ae:70:23:80: 421s a2:b1:c2:2d:fd:d8:b8:a6:0d:ea:b8:53:1a:9c:42: 421s c4:47:c7:02:eb:4d:1e:d6:13 421s Exponent: 65537 (0x10001) 421s X509v3 extensions: 421s X509v3 Authority Key Identifier: 421s 4D:4B:39:58:01:C0:20:7E:87:BD:BC:88:5D:D2:F5:01:1B:91:58:EC 421s X509v3 Basic Constraints: 421s CA:FALSE 421s Netscape Cert Type: 421s SSL Client, S/MIME 421s Netscape Comment: 421s Test Organization Intermediate CA trusted Certificate 421s X509v3 Subject Key Identifier: 421s A4:B5:22:66:A3:8C:99:45:12:07:7E:F5:93:03:A4:D5:B8:0A:1B:B3 421s X509v3 Key Usage: critical 421s Digital Signature, Non Repudiation, Key Encipherment 421s X509v3 Extended Key Usage: 421s TLS Web Client Authentication, E-mail Protection 421s X509v3 Subject Alternative Name: 421s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 421s Signature Algorithm: sha256WithRSAEncryption 421s Signature Value: 421s 69:1c:41:2f:f0:fd:c7:57:35:f9:99:4f:21:b6:55:1b:de:1e: 421s 2f:0c:85:b1:2c:2c:b2:6b:1c:18:12:ce:07:e4:2f:bc:6b:62: 421s c6:33:c1:aa:4c:ce:46:6d:0e:ad:9a:35:54:b0:1c:fb:70:73: 421s c9:3d:be:24:0a:f8:32:35:7e:4e:da:34:5b:1e:81:01:26:16: 421s 86:f2:77:71:22:0c:26:06:b3:7d:6a:7f:eb:4e:38:c2:25:3e: 421s 33:33:bd:e4:07:3e:fd:b4:a3:e8:67:25:8f:f8:c1:f3:e3:d3: 421s 91:46:18:d4:b9:87:51:f3:01:04:ef:1b:67:c4:53:9e:9a:b3: 421s 61:68 421s + local found_md5 expected_md5 421s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-r0YAhf/test-intermediate-CA-trusted-certificate-0001.pem 421s + expected_md5=Modulus=D78BEE48463FA60E24A30A7ED86F4EBAB5E2CF2D70906C606F75E4A5935890FCD96E13F4C12BBA5BB593962D2075FC20C160D3300ED466EE532D6397890C1B2CE514C95CD4C79A9F8C73956AC92CA5CF8ACA86CED4B9992ED9C4EFE8007A1BDCCBA6AA0EAE702380A2B1C22DFDD8B8A60DEAB8531A9C42C447C702EB4D1ED613 421s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-r0YAhf/SSSD-child-17253.pem 421s + found_md5=Modulus=D78BEE48463FA60E24A30A7ED86F4EBAB5E2CF2D70906C606F75E4A5935890FCD96E13F4C12BBA5BB593962D2075FC20C160D3300ED466EE532D6397890C1B2CE514C95CD4C79A9F8C73956AC92CA5CF8ACA86CED4B9992ED9C4EFE8007A1BDCCBA6AA0EAE702380A2B1C22DFDD8B8A60DEAB8531A9C42C447C702EB4D1ED613 421s + '[' Modulus=D78BEE48463FA60E24A30A7ED86F4EBAB5E2CF2D70906C606F75E4A5935890FCD96E13F4C12BBA5BB593962D2075FC20C160D3300ED466EE532D6397890C1B2CE514C95CD4C79A9F8C73956AC92CA5CF8ACA86CED4B9992ED9C4EFE8007A1BDCCBA6AA0EAE702380A2B1C22DFDD8B8A60DEAB8531A9C42C447C702EB4D1ED613 '!=' Modulus=D78BEE48463FA60E24A30A7ED86F4EBAB5E2CF2D70906C606F75E4A5935890FCD96E13F4C12BBA5BB593962D2075FC20C160D3300ED466EE532D6397890C1B2CE514C95CD4C79A9F8C73956AC92CA5CF8ACA86CED4B9992ED9C4EFE8007A1BDCCBA6AA0EAE702380A2B1C22DFDD8B8A60DEAB8531A9C42C447C702EB4D1ED613 ']' 421s + output_file=/tmp/sssd-softhsm2-r0YAhf/SSSD-child-17253-auth.output 421s ++ basename /tmp/sssd-softhsm2-r0YAhf/SSSD-child-17253-auth.output .output 421s + output_cert_file=/tmp/sssd-softhsm2-r0YAhf/SSSD-child-17253-auth.pem 421s + echo -n 053350 421s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-r0YAhf/test-full-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Interme Token' --module_name /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so 421s [p11_child[2396]] [main] (0x0400): p11_child started. 421s [p11_child[2396]] [main] (0x2000): Running in [auth] mode. 421s [p11_child[2396]] [main] (0x2000): Running with effective IDs: [0][0]. 421s [p11_child[2396]] [main] (0x2000): Running with real IDs [0][0]. 421s [p11_child[2396]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 421s [p11_child[2396]] [do_card] (0x4000): Module List: 421s [p11_child[2396]] [do_card] (0x4000): common name: [softhsm2]. 421s [p11_child[2396]] [do_card] (0x4000): dll name: [/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 421s [p11_child[2396]] [do_card] (0x4000): Description [SoftHSM slot ID 0x327c4afa] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 421s [p11_child[2396]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 421s [p11_child[2396]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x327c4afa][847006458] of module [0][/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 421s [p11_child[2396]] [do_card] (0x4000): Login required. 421s [p11_child[2396]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 421s [p11_child[2396]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 421s [p11_child[2396]] [do_card] (0x4000): /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so Test Organization Interme Token Test Organization Interme Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 421s [p11_child[2396]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x327c4afa;slot-manufacturer=SoftHSM%20project;slot-id=847006458;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=009fea51b27c4afa;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 421s [p11_child[2396]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 421s [p11_child[2396]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 421s [p11_child[2396]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 421s [p11_child[2396]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 421s [p11_child[2396]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 421s [p11_child[2396]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 421s [p11_child[2396]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 421s [p11_child[2396]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 421s [p11_child[2396]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 421s [p11_child[2396]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 421s [p11_child[2396]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 421s [p11_child[2396]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 421s [p11_child[2396]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 421s [p11_child[2396]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 421s [p11_child[2396]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 421s [p11_child[2396]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 421s [p11_child[2396]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 421s [p11_child[2396]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 421s [p11_child[2396]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 421s [p11_child[2396]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 421s [p11_child[2396]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 421s [p11_child[2396]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 421s [p11_child[2396]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 421s [p11_child[2396]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 421s [p11_child[2396]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 421s [p11_child[2396]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 421s [p11_child[2396]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 421s [p11_child[2396]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 421s [p11_child[2396]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 421s [p11_child[2396]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 421s [p11_child[2396]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 421s [p11_child[2396]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 421s [p11_child[2396]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 421s [p11_child[2396]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 421s [p11_child[2396]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 421s [p11_child[2396]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 421s [p11_child[2396]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 421s [p11_child[2396]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 421s [p11_child[2396]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 421s [p11_child[2396]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 421s [p11_child[2396]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 421s [p11_child[2396]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 421s [p11_child[2396]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 421s [p11_child[2396]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 421s [p11_child[2396]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 421s [p11_child[2396]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 421s [p11_child[2396]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 421s [p11_child[2396]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 421s [p11_child[2396]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 421s [p11_child[2396]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 421s [p11_child[2396]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 421s [p11_child[2396]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 421s [p11_child[2396]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 421s [p11_child[2396]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 421s [p11_child[2396]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 421s [p11_child[2396]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 421s [p11_child[2396]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 421s [p11_child[2396]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 421s [p11_child[2396]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 421s [p11_child[2396]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 421s [p11_child[2396]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 421s [p11_child[2396]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 421s [p11_child[2396]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 421s [p11_child[2396]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 421s [p11_child[2396]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 421s [p11_child[2396]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 421s [p11_child[2396]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 421s [p11_child[2396]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 421s [p11_child[2396]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 421s [p11_child[2396]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 421s [p11_child[2396]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 421s [p11_child[2396]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 421s [p11_child[2396]] [do_card] (0x4000): Certificate verified and validated. 421s [p11_child[2396]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 421s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-r0YAhf/SSSD-child-17253-auth.output 421s + echo '-----BEGIN CERTIFICATE-----' 421s + tail -n1 /tmp/sssd-softhsm2-r0YAhf/SSSD-child-17253-auth.output 421s + echo '-----END CERTIFICATE-----' 421s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-r0YAhf/SSSD-child-17253-auth.pem 421s Certificate: 421s Data: 421s Version: 3 (0x2) 421s Serial Number: 4 (0x4) 421s Signature Algorithm: sha256WithRSAEncryption 421s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 421s Validity 421s Not Before: Jun 14 15:18:41 2024 GMT 421s Not After : Jun 14 15:18:41 2025 GMT 421s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 421s Subject Public Key Info: 421s Public Key Algorithm: rsaEncryption 421s Public-Key: (1024 bit) 421s Modulus: 421s 00:d7:8b:ee:48:46:3f:a6:0e:24:a3:0a:7e:d8:6f: 421s 4e:ba:b5:e2:cf:2d:70:90:6c:60:6f:75:e4:a5:93: 421s 58:90:fc:d9:6e:13:f4:c1:2b:ba:5b:b5:93:96:2d: 421s 20:75:fc:20:c1:60:d3:30:0e:d4:66:ee:53:2d:63: 421s 97:89:0c:1b:2c:e5:14:c9:5c:d4:c7:9a:9f:8c:73: 421s 95:6a:c9:2c:a5:cf:8a:ca:86:ce:d4:b9:99:2e:d9: 421s c4:ef:e8:00:7a:1b:dc:cb:a6:aa:0e:ae:70:23:80: 421s a2:b1:c2:2d:fd:d8:b8:a6:0d:ea:b8:53:1a:9c:42: 421s c4:47:c7:02:eb:4d:1e:d6:13 421s Exponent: 65537 (0x10001) 421s X509v3 extensions: 421s X509v3 Authority Key Identifier: 421s 4D:4B:39:58:01:C0:20:7E:87:BD:BC:88:5D:D2:F5:01:1B:91:58:EC 421s X509v3 Basic Constraints: 421s CA:FALSE 421s Netscape Cert Type: 421s SSL Client, S/MIME 421s Netscape Comment: 421s Test Organization Intermediate CA trusted Certificate 421s X509v3 Subject Key Identifier: 421s A4:B5:22:66:A3:8C:99:45:12:07:7E:F5:93:03:A4:D5:B8:0A:1B:B3 421s X509v3 Key Usage: critical 421s Digital Signature, Non Repudiation, Key Encipherment 421s X509v3 Extended Key Usage: 421s TLS Web Client Authentication, E-mail Protection 421s X509v3 Subject Alternative Name: 421s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 421s Signature Algorithm: sha256WithRSAEncryption 421s Signature Value: 421s 69:1c:41:2f:f0:fd:c7:57:35:f9:99:4f:21:b6:55:1b:de:1e: 421s 2f:0c:85:b1:2c:2c:b2:6b:1c:18:12:ce:07:e4:2f:bc:6b:62: 421s c6:33:c1:aa:4c:ce:46:6d:0e:ad:9a:35:54:b0:1c:fb:70:73: 421s c9:3d:be:24:0a:f8:32:35:7e:4e:da:34:5b:1e:81:01:26:16: 421s 86:f2:77:71:22:0c:26:06:b3:7d:6a:7f:eb:4e:38:c2:25:3e: 421s 33:33:bd:e4:07:3e:fd:b4:a3:e8:67:25:8f:f8:c1:f3:e3:d3: 421s 91:46:18:d4:b9:87:51:f3:01:04:ef:1b:67:c4:53:9e:9a:b3: 421s 61:68 421s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-r0YAhf/SSSD-child-17253-auth.pem 421s + found_md5=Modulus=D78BEE48463FA60E24A30A7ED86F4EBAB5E2CF2D70906C606F75E4A5935890FCD96E13F4C12BBA5BB593962D2075FC20C160D3300ED466EE532D6397890C1B2CE514C95CD4C79A9F8C73956AC92CA5CF8ACA86CED4B9992ED9C4EFE8007A1BDCCBA6AA0EAE702380A2B1C22DFDD8B8A60DEAB8531A9C42C447C702EB4D1ED613 421s + '[' Modulus=D78BEE48463FA60E24A30A7ED86F4EBAB5E2CF2D70906C606F75E4A5935890FCD96E13F4C12BBA5BB593962D2075FC20C160D3300ED466EE532D6397890C1B2CE514C95CD4C79A9F8C73956AC92CA5CF8ACA86CED4B9992ED9C4EFE8007A1BDCCBA6AA0EAE702380A2B1C22DFDD8B8A60DEAB8531A9C42C447C702EB4D1ED613 '!=' Modulus=D78BEE48463FA60E24A30A7ED86F4EBAB5E2CF2D70906C606F75E4A5935890FCD96E13F4C12BBA5BB593962D2075FC20C160D3300ED466EE532D6397890C1B2CE514C95CD4C79A9F8C73956AC92CA5CF8ACA86CED4B9992ED9C4EFE8007A1BDCCBA6AA0EAE702380A2B1C22DFDD8B8A60DEAB8531A9C42C447C702EB4D1ED613 ']' 421s + invalid_certificate /tmp/sssd-softhsm2-r0YAhf/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-811 /tmp/sssd-softhsm2-r0YAhf/test-intermediate-CA.pem 421s + check_certificate /tmp/sssd-softhsm2-r0YAhf/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-811 /tmp/sssd-softhsm2-r0YAhf/test-intermediate-CA.pem 421s + local certificate=/tmp/sssd-softhsm2-r0YAhf/test-intermediate-CA-trusted-certificate-0001.pem 421s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-811 421s + local key_ring=/tmp/sssd-softhsm2-r0YAhf/test-intermediate-CA.pem 421s + local verify_option= 421s + prepare_softhsm2_card /tmp/sssd-softhsm2-r0YAhf/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-811 421s + local certificate=/tmp/sssd-softhsm2-r0YAhf/test-intermediate-CA-trusted-certificate-0001.pem 421s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-811 421s + local key_cn 421s + local key_name 421s + local tokens_dir 421s + local output_cert_file 421s + token_name= 421s ++ basename /tmp/sssd-softhsm2-r0YAhf/test-intermediate-CA-trusted-certificate-0001.pem .pem 421s + key_name=test-intermediate-CA-trusted-certificate-0001 421s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-r0YAhf/test-intermediate-CA-trusted-certificate-0001.pem 421s ++ sed -n 's/ *commonName *= //p' 421s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 421s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 421s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-r0YAhf/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 421s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-r0YAhf/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 421s ++ basename /tmp/sssd-softhsm2-r0YAhf/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 421s + tokens_dir=/tmp/sssd-softhsm2-r0YAhf/softhsm2-test-intermediate-CA-trusted-certificate-0001 421s + token_name='Test Organization Interme Token' 421s + '[' '!' -e /tmp/sssd-softhsm2-r0YAhf/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 421s + '[' '!' -d /tmp/sssd-softhsm2-r0YAhf/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 421s + echo 'Test Organization Interme Token' 421s + '[' -n '' ']' 421s + local output_base_name=SSSD-child-31456 421s Test Organization Interme Token 421s + local output_file=/tmp/sssd-softhsm2-r0YAhf/SSSD-child-31456.output 421s + output_cert_file=/tmp/sssd-softhsm2-r0YAhf/SSSD-child-31456.pem 421s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-r0YAhf/test-intermediate-CA.pem 421s [p11_child[2406]] [main] (0x0400): p11_child started. 421s [p11_child[2406]] [main] (0x2000): Running in [pre-auth] mode. 421s [p11_child[2406]] [main] (0x2000): Running with effective IDs: [0][0]. 421s [p11_child[2406]] [main] (0x2000): Running with real IDs [0][0]. 421s [p11_child[2406]] [do_card] (0x4000): Module List: 421s [p11_child[2406]] [do_card] (0x4000): common name: [softhsm2]. 421s [p11_child[2406]] [do_card] (0x4000): dll name: [/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 421s [p11_child[2406]] [do_card] (0x4000): Description [SoftHSM slot ID 0x327c4afa] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 421s [p11_child[2406]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 421s [p11_child[2406]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x327c4afa][847006458] of module [0][/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 421s [p11_child[2406]] [do_card] (0x4000): Login NOT required. 421s [p11_child[2406]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 421s [p11_child[2406]] [do_verification] (0x0040): X509_verify_cert failed [0]. 421s [p11_child[2406]] [do_verification] (0x0040): X509_verify_cert failed [2][unable to get issuer certificate]. 421s [p11_child[2406]] [read_certs] (0x0040): Certificate [Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] not valid, skipping. 421s [p11_child[2406]] [do_card] (0x4000): No certificate found. 421s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-r0YAhf/SSSD-child-31456.output 421s + return 2 421s + valid_certificate /tmp/sssd-softhsm2-r0YAhf/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-811 /tmp/sssd-softhsm2-r0YAhf/test-intermediate-CA.pem partial_chain 421s + check_certificate /tmp/sssd-softhsm2-r0YAhf/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-811 /tmp/sssd-softhsm2-r0YAhf/test-intermediate-CA.pem partial_chain 421s + local certificate=/tmp/sssd-softhsm2-r0YAhf/test-intermediate-CA-trusted-certificate-0001.pem 421s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-811 421s + local key_ring=/tmp/sssd-softhsm2-r0YAhf/test-intermediate-CA.pem 421s + local verify_option=partial_chain 421s + prepare_softhsm2_card /tmp/sssd-softhsm2-r0YAhf/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-811 421s + local certificate=/tmp/sssd-softhsm2-r0YAhf/test-intermediate-CA-trusted-certificate-0001.pem 421s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-811 421s + local key_cn 421s + local key_name 421s + local tokens_dir 421s + local output_cert_file 421s + token_name= 421s ++ basename /tmp/sssd-softhsm2-r0YAhf/test-intermediate-CA-trusted-certificate-0001.pem .pem 421s + key_name=test-intermediate-CA-trusted-certificate-0001 421s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-r0YAhf/test-intermediate-CA-trusted-certificate-0001.pem 421s ++ sed -n 's/ *commonName *= //p' 421s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 421s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 421s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-r0YAhf/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 421s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-r0YAhf/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 421s ++ basename /tmp/sssd-softhsm2-r0YAhf/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 421s + tokens_dir=/tmp/sssd-softhsm2-r0YAhf/softhsm2-test-intermediate-CA-trusted-certificate-0001 421s + token_name='Test Organization Interme Token' 421s + '[' '!' -e /tmp/sssd-softhsm2-r0YAhf/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 421s + '[' '!' -d /tmp/sssd-softhsm2-r0YAhf/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 421s + echo 'Test Organization Interme Token' 421s + '[' -n partial_chain ']' 421s + local verify_arg=--verify=partial_chain 421s Test Organization Interme Token 421s + local output_base_name=SSSD-child-23844 421s + local output_file=/tmp/sssd-softhsm2-r0YAhf/SSSD-child-23844.output 421s + output_cert_file=/tmp/sssd-softhsm2-r0YAhf/SSSD-child-23844.pem 421s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-r0YAhf/test-intermediate-CA.pem 421s [p11_child[2413]] [main] (0x0400): p11_child started. 421s [p11_child[2413]] [main] (0x2000): Running in [pre-auth] mode. 421s [p11_child[2413]] [main] (0x2000): Running with effective IDs: [0][0]. 421s [p11_child[2413]] [main] (0x2000): Running with real IDs [0][0]. 421s [p11_child[2413]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 421s [p11_child[2413]] [do_card] (0x4000): Module List: 421s [p11_child[2413]] [do_card] (0x4000): common name: [softhsm2]. 421s [p11_child[2413]] [do_card] (0x4000): dll name: [/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 421s [p11_child[2413]] [do_card] (0x4000): Description [SoftHSM slot ID 0x327c4afa] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 421s [p11_child[2413]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 421s [p11_child[2413]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x327c4afa][847006458] of module [0][/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 421s [p11_child[2413]] [do_card] (0x4000): Login NOT required. 421s [p11_child[2413]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 421s [p11_child[2413]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 421s [p11_child[2413]] [do_card] (0x4000): /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Interme Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 421s [p11_child[2413]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x327c4afa;slot-manufacturer=SoftHSM%20project;slot-id=847006458;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=009fea51b27c4afa;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 421s [p11_child[2413]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 421s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-r0YAhf/SSSD-child-23844.output 421s + echo '-----BEGIN CERTIFICATE-----' 421s + tail -n1 /tmp/sssd-softhsm2-r0YAhf/SSSD-child-23844.output 421s + echo '-----END CERTIFICATE-----' 421s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-r0YAhf/SSSD-child-23844.pem 421s Certificate: 421s Data: 421s Version: 3 (0x2) 421s Serial Number: 4 (0x4) 421s Signature Algorithm: sha256WithRSAEncryption 421s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 421s Validity 421s Not Before: Jun 14 15:18:41 2024 GMT 421s Not After : Jun 14 15:18:41 2025 GMT 421s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 421s Subject Public Key Info: 421s Public Key Algorithm: rsaEncryption 421s Public-Key: (1024 bit) 421s Modulus: 421s 00:d7:8b:ee:48:46:3f:a6:0e:24:a3:0a:7e:d8:6f: 421s 4e:ba:b5:e2:cf:2d:70:90:6c:60:6f:75:e4:a5:93: 421s 58:90:fc:d9:6e:13:f4:c1:2b:ba:5b:b5:93:96:2d: 421s 20:75:fc:20:c1:60:d3:30:0e:d4:66:ee:53:2d:63: 421s 97:89:0c:1b:2c:e5:14:c9:5c:d4:c7:9a:9f:8c:73: 421s 95:6a:c9:2c:a5:cf:8a:ca:86:ce:d4:b9:99:2e:d9: 421s c4:ef:e8:00:7a:1b:dc:cb:a6:aa:0e:ae:70:23:80: 421s a2:b1:c2:2d:fd:d8:b8:a6:0d:ea:b8:53:1a:9c:42: 421s c4:47:c7:02:eb:4d:1e:d6:13 421s Exponent: 65537 (0x10001) 421s X509v3 extensions: 421s X509v3 Authority Key Identifier: 421s 4D:4B:39:58:01:C0:20:7E:87:BD:BC:88:5D:D2:F5:01:1B:91:58:EC 421s X509v3 Basic Constraints: 421s CA:FALSE 421s Netscape Cert Type: 421s SSL Client, S/MIME 421s Netscape Comment: 421s Test Organization Intermediate CA trusted Certificate 421s X509v3 Subject Key Identifier: 421s A4:B5:22:66:A3:8C:99:45:12:07:7E:F5:93:03:A4:D5:B8:0A:1B:B3 421s X509v3 Key Usage: critical 421s Digital Signature, Non Repudiation, Key Encipherment 421s X509v3 Extended Key Usage: 421s TLS Web Client Authentication, E-mail Protection 421s X509v3 Subject Alternative Name: 421s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 421s Signature Algorithm: sha256WithRSAEncryption 421s Signature Value: 421s 69:1c:41:2f:f0:fd:c7:57:35:f9:99:4f:21:b6:55:1b:de:1e: 421s 2f:0c:85:b1:2c:2c:b2:6b:1c:18:12:ce:07:e4:2f:bc:6b:62: 421s c6:33:c1:aa:4c:ce:46:6d:0e:ad:9a:35:54:b0:1c:fb:70:73: 421s c9:3d:be:24:0a:f8:32:35:7e:4e:da:34:5b:1e:81:01:26:16: 421s 86:f2:77:71:22:0c:26:06:b3:7d:6a:7f:eb:4e:38:c2:25:3e: 421s 33:33:bd:e4:07:3e:fd:b4:a3:e8:67:25:8f:f8:c1:f3:e3:d3: 421s 91:46:18:d4:b9:87:51:f3:01:04:ef:1b:67:c4:53:9e:9a:b3: 421s 61:68 421s + local found_md5 expected_md5 421s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-r0YAhf/test-intermediate-CA-trusted-certificate-0001.pem 421s + expected_md5=Modulus=D78BEE48463FA60E24A30A7ED86F4EBAB5E2CF2D70906C606F75E4A5935890FCD96E13F4C12BBA5BB593962D2075FC20C160D3300ED466EE532D6397890C1B2CE514C95CD4C79A9F8C73956AC92CA5CF8ACA86CED4B9992ED9C4EFE8007A1BDCCBA6AA0EAE702380A2B1C22DFDD8B8A60DEAB8531A9C42C447C702EB4D1ED613 421s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-r0YAhf/SSSD-child-23844.pem 421s + found_md5=Modulus=D78BEE48463FA60E24A30A7ED86F4EBAB5E2CF2D70906C606F75E4A5935890FCD96E13F4C12BBA5BB593962D2075FC20C160D3300ED466EE532D6397890C1B2CE514C95CD4C79A9F8C73956AC92CA5CF8ACA86CED4B9992ED9C4EFE8007A1BDCCBA6AA0EAE702380A2B1C22DFDD8B8A60DEAB8531A9C42C447C702EB4D1ED613 421s + '[' Modulus=D78BEE48463FA60E24A30A7ED86F4EBAB5E2CF2D70906C606F75E4A5935890FCD96E13F4C12BBA5BB593962D2075FC20C160D3300ED466EE532D6397890C1B2CE514C95CD4C79A9F8C73956AC92CA5CF8ACA86CED4B9992ED9C4EFE8007A1BDCCBA6AA0EAE702380A2B1C22DFDD8B8A60DEAB8531A9C42C447C702EB4D1ED613 '!=' Modulus=D78BEE48463FA60E24A30A7ED86F4EBAB5E2CF2D70906C606F75E4A5935890FCD96E13F4C12BBA5BB593962D2075FC20C160D3300ED466EE532D6397890C1B2CE514C95CD4C79A9F8C73956AC92CA5CF8ACA86CED4B9992ED9C4EFE8007A1BDCCBA6AA0EAE702380A2B1C22DFDD8B8A60DEAB8531A9C42C447C702EB4D1ED613 ']' 421s + output_file=/tmp/sssd-softhsm2-r0YAhf/SSSD-child-23844-auth.output 421s ++ basename /tmp/sssd-softhsm2-r0YAhf/SSSD-child-23844-auth.output .output 421s + output_cert_file=/tmp/sssd-softhsm2-r0YAhf/SSSD-child-23844-auth.pem 421s + echo -n 053350 421s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-r0YAhf/test-intermediate-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Interme Token' --module_name /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so 421s [p11_child[2421]] [main] (0x0400): p11_child started. 421s [p11_child[2421]] [main] (0x2000): Running in [auth] mode. 421s [p11_child[2421]] [main] (0x2000): Running with effective IDs: [0][0]. 421s [p11_child[2421]] [main] (0x2000): Running with real IDs [0][0]. 421s [p11_child[2421]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 421s [p11_child[2421]] [do_card] (0x4000): Module List: 421s [p11_child[2421]] [do_card] (0x4000): common name: [softhsm2]. 421s [p11_child[2421]] [do_card] (0x4000): dll name: [/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 421s [p11_child[2421]] [do_card] (0x4000): Description [SoftHSM slot ID 0x327c4afa] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 421s [p11_child[2421]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 421s [p11_child[2421]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x327c4afa][847006458] of module [0][/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 421s [p11_child[2421]] [do_card] (0x4000): Login required. 421s [p11_child[2421]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 421s [p11_child[2421]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 421s [p11_child[2421]] [do_card] (0x4000): /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so Test Organization Interme Token Test Organization Interme Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 421s [p11_child[2421]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x327c4afa;slot-manufacturer=SoftHSM%20project;slot-id=847006458;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=009fea51b27c4afa;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 421s [p11_child[2421]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 421s [p11_child[2421]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 421s [p11_child[2421]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 421s [p11_child[2421]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 421s [p11_child[2421]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 421s [p11_child[2421]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 421s [p11_child[2421]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 421s [p11_child[2421]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 421s [p11_child[2421]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 421s [p11_child[2421]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 421s [p11_child[2421]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 421s [p11_child[2421]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 421s [p11_child[2421]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 421s [p11_child[2421]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 421s [p11_child[2421]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 421s [p11_child[2421]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 421s [p11_child[2421]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 421s [p11_child[2421]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 421s [p11_child[2421]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 421s [p11_child[2421]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 421s [p11_child[2421]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 421s [p11_child[2421]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 421s [p11_child[2421]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 421s [p11_child[2421]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 421s [p11_child[2421]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 421s [p11_child[2421]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 421s [p11_child[2421]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 421s [p11_child[2421]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 421s [p11_child[2421]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 421s [p11_child[2421]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 421s [p11_child[2421]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 421s [p11_child[2421]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 421s [p11_child[2421]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 421s [p11_child[2421]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 421s [p11_child[2421]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 421s [p11_child[2421]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 421s [p11_child[2421]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 421s [p11_child[2421]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 421s [p11_child[2421]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 421s [p11_child[2421]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 421s [p11_child[2421]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 421s [p11_child[2421]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 421s [p11_child[2421]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 421s [p11_child[2421]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 421s [p11_child[2421]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 421s [p11_child[2421]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 421s [p11_child[2421]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 421s [p11_child[2421]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 421s [p11_child[2421]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 421s [p11_child[2421]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 421s [p11_child[2421]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 421s [p11_child[2421]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 421s [p11_child[2421]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 421s [p11_child[2421]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 421s [p11_child[2421]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 421s [p11_child[2421]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 421s [p11_child[2421]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 421s [p11_child[2421]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 421s [p11_child[2421]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 421s [p11_child[2421]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 421s [p11_child[2421]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 421s [p11_child[2421]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 421s [p11_child[2421]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 421s [p11_child[2421]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 421s [p11_child[2421]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 421s [p11_child[2421]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 421s [p11_child[2421]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 421s [p11_child[2421]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 421s [p11_child[2421]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 421s [p11_child[2421]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 421s [p11_child[2421]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 421s [p11_child[2421]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 421s [p11_child[2421]] [do_card] (0x4000): Certificate verified and validated. 421s [p11_child[2421]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 421s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-r0YAhf/SSSD-child-23844-auth.output 421s + echo '-----BEGIN CERTIFICATE-----' 421s + tail -n1 /tmp/sssd-softhsm2-r0YAhf/SSSD-child-23844-auth.output 421s + echo '-----END CERTIFICATE-----' 421s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-r0YAhf/SSSD-child-23844-auth.pem 421s Certificate: 421s Data: 421s Version: 3 (0x2) 421s Serial Number: 4 (0x4) 421s Signature Algorithm: sha256WithRSAEncryption 421s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 421s Validity 421s Not Before: Jun 14 15:18:41 2024 GMT 421s Not After : Jun 14 15:18:41 2025 GMT 421s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 421s Subject Public Key Info: 421s Public Key Algorithm: rsaEncryption 421s Public-Key: (1024 bit) 421s Modulus: 421s 00:d7:8b:ee:48:46:3f:a6:0e:24:a3:0a:7e:d8:6f: 421s 4e:ba:b5:e2:cf:2d:70:90:6c:60:6f:75:e4:a5:93: 421s 58:90:fc:d9:6e:13:f4:c1:2b:ba:5b:b5:93:96:2d: 421s 20:75:fc:20:c1:60:d3:30:0e:d4:66:ee:53:2d:63: 421s 97:89:0c:1b:2c:e5:14:c9:5c:d4:c7:9a:9f:8c:73: 421s 95:6a:c9:2c:a5:cf:8a:ca:86:ce:d4:b9:99:2e:d9: 421s c4:ef:e8:00:7a:1b:dc:cb:a6:aa:0e:ae:70:23:80: 421s a2:b1:c2:2d:fd:d8:b8:a6:0d:ea:b8:53:1a:9c:42: 421s c4:47:c7:02:eb:4d:1e:d6:13 421s Exponent: 65537 (0x10001) 421s X509v3 extensions: 421s X509v3 Authority Key Identifier: 421s 4D:4B:39:58:01:C0:20:7E:87:BD:BC:88:5D:D2:F5:01:1B:91:58:EC 421s X509v3 Basic Constraints: 421s CA:FALSE 421s Netscape Cert Type: 421s SSL Client, S/MIME 421s Netscape Comment: 421s Test Organization Intermediate CA trusted Certificate 421s X509v3 Subject Key Identifier: 421s A4:B5:22:66:A3:8C:99:45:12:07:7E:F5:93:03:A4:D5:B8:0A:1B:B3 421s X509v3 Key Usage: critical 421s Digital Signature, Non Repudiation, Key Encipherment 421s X509v3 Extended Key Usage: 421s TLS Web Client Authentication, E-mail Protection 421s X509v3 Subject Alternative Name: 421s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 421s Signature Algorithm: sha256WithRSAEncryption 421s Signature Value: 421s 69:1c:41:2f:f0:fd:c7:57:35:f9:99:4f:21:b6:55:1b:de:1e: 421s 2f:0c:85:b1:2c:2c:b2:6b:1c:18:12:ce:07:e4:2f:bc:6b:62: 421s c6:33:c1:aa:4c:ce:46:6d:0e:ad:9a:35:54:b0:1c:fb:70:73: 421s c9:3d:be:24:0a:f8:32:35:7e:4e:da:34:5b:1e:81:01:26:16: 421s 86:f2:77:71:22:0c:26:06:b3:7d:6a:7f:eb:4e:38:c2:25:3e: 421s 33:33:bd:e4:07:3e:fd:b4:a3:e8:67:25:8f:f8:c1:f3:e3:d3: 421s 91:46:18:d4:b9:87:51:f3:01:04:ef:1b:67:c4:53:9e:9a:b3: 421s 61:68 421s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-r0YAhf/SSSD-child-23844-auth.pem 421s + found_md5=Modulus=D78BEE48463FA60E24A30A7ED86F4EBAB5E2CF2D70906C606F75E4A5935890FCD96E13F4C12BBA5BB593962D2075FC20C160D3300ED466EE532D6397890C1B2CE514C95CD4C79A9F8C73956AC92CA5CF8ACA86CED4B9992ED9C4EFE8007A1BDCCBA6AA0EAE702380A2B1C22DFDD8B8A60DEAB8531A9C42C447C702EB4D1ED613 421s + '[' Modulus=D78BEE48463FA60E24A30A7ED86F4EBAB5E2CF2D70906C606F75E4A5935890FCD96E13F4C12BBA5BB593962D2075FC20C160D3300ED466EE532D6397890C1B2CE514C95CD4C79A9F8C73956AC92CA5CF8ACA86CED4B9992ED9C4EFE8007A1BDCCBA6AA0EAE702380A2B1C22DFDD8B8A60DEAB8531A9C42C447C702EB4D1ED613 '!=' Modulus=D78BEE48463FA60E24A30A7ED86F4EBAB5E2CF2D70906C606F75E4A5935890FCD96E13F4C12BBA5BB593962D2075FC20C160D3300ED466EE532D6397890C1B2CE514C95CD4C79A9F8C73956AC92CA5CF8ACA86CED4B9992ED9C4EFE8007A1BDCCBA6AA0EAE702380A2B1C22DFDD8B8A60DEAB8531A9C42C447C702EB4D1ED613 ']' 421s + invalid_certificate /tmp/sssd-softhsm2-r0YAhf/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-1245 /tmp/sssd-softhsm2-r0YAhf/test-root-CA.pem 421s + check_certificate /tmp/sssd-softhsm2-r0YAhf/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-1245 /tmp/sssd-softhsm2-r0YAhf/test-root-CA.pem 421s + local certificate=/tmp/sssd-softhsm2-r0YAhf/test-sub-intermediate-CA-trusted-certificate-0001.pem 421s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-1245 421s + local key_ring=/tmp/sssd-softhsm2-r0YAhf/test-root-CA.pem 421s + local verify_option= 421s + prepare_softhsm2_card /tmp/sssd-softhsm2-r0YAhf/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-1245 421s + local certificate=/tmp/sssd-softhsm2-r0YAhf/test-sub-intermediate-CA-trusted-certificate-0001.pem 421s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-1245 421s + local key_cn 421s + local key_name 421s + local tokens_dir 421s + local output_cert_file 421s + token_name= 421s ++ basename /tmp/sssd-softhsm2-r0YAhf/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 421s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 421s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-r0YAhf/test-sub-intermediate-CA-trusted-certificate-0001.pem 421s ++ sed -n 's/ *commonName *= //p' 421s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 421s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 421s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-r0YAhf/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 421s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-r0YAhf/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 421s ++ basename /tmp/sssd-softhsm2-r0YAhf/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 421s + tokens_dir=/tmp/sssd-softhsm2-r0YAhf/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 421s + token_name='Test Organization Sub Int Token' 421s + '[' '!' -e /tmp/sssd-softhsm2-r0YAhf/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 421s + local key_file 421s + local decrypted_key 421s + mkdir -p /tmp/sssd-softhsm2-r0YAhf/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 421s + key_file=/tmp/sssd-softhsm2-r0YAhf/test-sub-intermediate-CA-trusted-certificate-0001-key.pem 421s + decrypted_key=/tmp/sssd-softhsm2-r0YAhf/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 421s + cat 421s + softhsm2-util --init-token --label 'Test Organization Sub Int Token' --pin 053350 --so-pin 053350 --free 421s Slot 0 has a free/uninitialized token. 421s The token has been initialized and is reassigned to slot 391877671 421s + softhsm2-util --show-slots 421s Available slots: 421s Slot 391877671 421s Slot info: 421s Description: SoftHSM slot ID 0x175b9427 421s Manufacturer ID: SoftHSM project 421s Hardware version: 2.6 421s Firmware version: 2.6 421s Token present: yes 421s Token info: 421s Manufacturer ID: SoftHSM project 421s Model: SoftHSM v2 421s Hardware version: 2.6 421s Firmware version: 2.6 421s Serial number: 9cd969a3975b9427 421s Initialized: yes 421s User PIN init.: yes 421s Label: Test Organization Sub Int Token 421s Slot 1 421s Slot info: 421s Description: SoftHSM slot ID 0x1 421s Manufacturer ID: SoftHSM project 421s Hardware version: 2.6 421s Firmware version: 2.6 421s Token present: yes 421s Token info: 421s Manufacturer ID: SoftHSM project 421s Model: SoftHSM v2 421s Hardware version: 2.6 421s Firmware version: 2.6 421s Serial number: 421s Initialized: no 421s User PIN init.: no 421s Label: 421s + p11tool --provider=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=/tmp/sssd-softhsm2-r0YAhf/test-sub-intermediate-CA-trusted-certificate-0001.pem --login --set-pin=053350 --label 'Test Organization Sub Intermediate Trusted Certificate 0001' --id 00112233445566778899FFAABBCCDDEEFF012345 421s + openssl rsa -passin pass:random-sub-intermediate-ca-trusted-cert-0001-1245 -in /tmp/sssd-softhsm2-r0YAhf/test-sub-intermediate-CA-trusted-certificate-0001-key.pem -out /tmp/sssd-softhsm2-r0YAhf/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 421s writing RSA key 421s + p11tool --provider=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so --write --load-privkey=/tmp/sssd-softhsm2-r0YAhf/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem --login --set-pin=053350 --label 'Test Organization Sub Intermediate Trusted Certificate 0001 Key' --id 00112233445566778899FFAABBCCDDEEFF012345 421s + rm /tmp/sssd-softhsm2-r0YAhf/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 421s + p11tool --provider=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so --list-all 421s Object 0: 421s URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=9cd969a3975b9427;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert 421s Type: X.509 Certificate (RSA-1024) 421s Expires: Sat Jun 14 15:18:41 2025 421s Label: Test Organization Sub Intermediate Trusted Certificate 0001 421s ID: 00:11:22:33:44:55:66:77:88:99:ff:aa:bb:cc:dd:ee:ff:01:23:45 421s 421s + echo 'Test Organization Sub Int Token' 421s Test Organization Sub Int Token 421s + '[' -n '' ']' 421s + local output_base_name=SSSD-child-17416 421s + local output_file=/tmp/sssd-softhsm2-r0YAhf/SSSD-child-17416.output 421s + output_cert_file=/tmp/sssd-softhsm2-r0YAhf/SSSD-child-17416.pem 421s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-r0YAhf/test-root-CA.pem 421s [p11_child[2440]] [main] (0x0400): p11_child started. 421s [p11_child[2440]] [main] (0x2000): Running in [pre-auth] mode. 421s [p11_child[2440]] [main] (0x2000): Running with effective IDs: [0][0]. 421s [p11_child[2440]] [main] (0x2000): Running with real IDs [0][0]. 421s [p11_child[2440]] [do_card] (0x4000): Module List: 421s [p11_child[2440]] [do_card] (0x4000): common name: [softhsm2]. 421s [p11_child[2440]] [do_card] (0x4000): dll name: [/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 421s [p11_child[2440]] [do_card] (0x4000): Description [SoftHSM slot ID 0x175b9427] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 421s [p11_child[2440]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 421s [p11_child[2440]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x175b9427][391877671] of module [0][/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 421s [p11_child[2440]] [do_card] (0x4000): Login NOT required. 421s [p11_child[2440]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 421s [p11_child[2440]] [do_verification] (0x0040): X509_verify_cert failed [0]. 421s [p11_child[2440]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 421s [p11_child[2440]] [read_certs] (0x0040): Certificate [Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] not valid, skipping. 421s [p11_child[2440]] [do_card] (0x4000): No certificate found. 421s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-r0YAhf/SSSD-child-17416.output 421s Test Organization Sub Int Token 421s Test Organization Sub Int Token 421s Certificate: 421s Data: 421s Version: 3 (0x2) 421s Serial Number: 5 (0x5) 421s Signature Algorithm: sha256WithRSAEncryption 421s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 421s Validity 421s Not Before: Jun 14 15:18:41 2024 GMT 421s Not After : Jun 14 15:18:41 2025 GMT 421s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 421s Subject Public Key Info: 421s Public Key Algorithm: rsaEncryption 421s Public-Key: (1024 bit) 421s Modulus: 421s 00:bb:27:66:ff:4d:7e:9f:e0:1b:17:5d:e5:b2:af: 421s 8d:cf:a1:f5:6c:6a:92:02:42:14:27:4c:92:f0:bf: 421s 89:70:a7:47:d0:bb:2a:78:7f:97:e8:2b:fe:ff:42: 421s f4:68:b1:1f:a1:ff:0c:c0:4c:9b:8e:34:7d:27:7e: 421s 9b:55:a4:90:b4:30:90:ed:9e:05:dd:19:b5:18:c2: 421s 9a:c1:b6:f3:a5:be:20:00:2d:dd:25:e9:f3:eb:e9: 421s ae:51:b1:77:17:da:76:9b:0f:72:73:96:0e:86:54: 421s 80:88:98:2e:65:87:e8:ca:c4:ea:42:79:24:c2:a4: 421s a8:da:91:4f:bb:37:49:2d:e1 421s Exponent: 65537 (0x10001) 421s X509v3 extensions: 421s X509v3 Authority Key Identifier: 421s B9:55:20:46:10:7F:CF:35:E3:91:10:9A:1D:75:55:5C:BD:97:21:70 421s X509v3 Basic Constraints: 421s CA:FALSE 421s Netscape Cert Type: 421s SSL Client, S/MIME 421s Netscape Comment: 421s Test Organization Sub Intermediate CA trusted Certificate 421s X509v3 Subject Key Identifier: 421s F0:4E:7F:68:33:13:6E:E3:F0:66:1D:EF:30:CC:79:50:D0:4B:42:60 421s X509v3 Key Usage: critical 421s Digital Signature, Non Repudiation, Key Encipherment 421s X509v3 Extended Key Usage: 421s TLS Web Client Authentication, E-mail Protection 421s X509v3 Subject Alternative Name: 421s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 421s Signature Algorithm: sha256WithRSAEncryption 421s Signature Value: 421s 7a:bd:ae:7c:c4:d8:c0:69:3d:b1:90:46:4f:a2:88:2f:23:fa: 421s ce:0e:4d:85:a2:cd:04:dc:f4:ac:ff:ab:da:cf:06:1e:30:64: 421s c4:dc:88:b6:68:15:9f:ab:aa:4b:00:84:f5:d6:e1:99:39:e3: 421s 69:59:18:8c:92:92:aa:9c:3f:c1:a5:d5:41:dc:52:bc:6b:78: 421s f9:64:80:bc:60:5e:56:3d:87:8b:85:77:1b:e6:25:e9:d5:ce: 421s c7:d5:74:21:08:8c:67:8b:05:e1:f7:aa:0a:82:7d:2a:98:0d: 421s 82:74:51:01:52:3e:cd:b5:2f:71:55:07:06:63:f6:41:9f:36: 421s 48:de 421s Certificate: 421s Data: 421s Version: 3 (0x2) 421s Serial Number: 5 (0x5) 421s Signature Algorithm: sha256WithRSAEncryption 421s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 421s Validity 421s Not Before: Jun 14 15:18:41 2024 GMT 421s Not After : Jun 14 15:18:41 2025 GMT 421s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 421s Subject Public Key Info: 421s Public Key Algorithm: rsaEncryption 421s Public-Key: (1024 bit) 421s Modulus: 421s 00:bb:27:66:ff:4d:7e:9f:e0:1b:17:5d:e5:b2:af: 421s 8d:cf:a1:f5:6c:6a:92:02:42:14:27:4c:92:f0:bf: 421s 89:70:a7:47:d0:bb:2a:78:7f:97:e8:2b:fe:ff:42: 421s f4:68:b1:1f:a1:ff:0c:c0:4c:9b:8e:34:7d:27:7e: 421s 9b:55:a4:90:b4:30:90:ed:9e:05:dd:19:b5:18:c2: 421s 9a:c1:b6:f3:a5:be:20:00:2d:dd:25:e9:f3:eb:e9: 421s ae:51:b1:77:17:da:76:9b:0f:72:73:96:0e:86:54: 421s 80:88:98:2e:65:87:e8:ca:c4:ea:42:79:24:c2:a4: 421s a8:da:91:4f:bb:37:49:2d:e1 421s Exponent: 65537 (0x10001) 421s X509v3 extensions: 421s X509v3 Authority Key Identifier: 421s B9:55:20:46:10:7F:CF:35:E3:91:10:9A:1D:75:55:5C:BD:97:21:70 421s X509v3 Basic Constraints: 421s CA:FALSE 421s Netscape Cert Type: 421s SSL Client, S/MIME 421s Netscape Comment: 421s Test Organization Sub Intermediate CA trusted Certificate 421s X509v3 Subject Key Identifier: 421s F0:4E:7F:68:33:13:6E:E3:F0:66:1D:EF:30:CC:79:50:D0:4B:42:60 421s X509v3 Key Usage: critical 421s Digital Signature, Non Repudiation, Key Encipherment 421s X509v3 Extended Key Usage: 421s TLS Web Client Authentication, E-mail Protection 421s X509v3 Subject Alternative Name: 421s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 421s Signature Algorithm: sha256WithRSAEncryption 421s Signature Value: 421s 7a:bd:ae:7c:c4:d8:c0:69:3d:b1:90:46:4f:a2:88:2f:23:fa: 421s ce:0e:4d:85:a2:cd:04:dc:f4:ac:ff:ab:da:cf:06:1e:30:64: 421s c4:dc:88:b6:68:15:9f:ab:aa:4b:00:84:f5:d6:e1:99:39:e3: 421s 69:59:18:8c:92:92:aa:9c:3f:c1:a5:d5:41:dc:52:bc:6b:78: 421s f9:64:80:bc:60:5e:56:3d:87:8b:85:77:1b:e6:25:e9:d5:ce: 421s c7:d5:74:21:08:8c:67:8b:05:e1:f7:aa:0a:82:7d:2a:98:0d: 421s 82:74:51:01:52:3e:cd:b5:2f:71:55:07:06:63:f6:41:9f:36: 421s 48:de 421s Test Organization Sub Int Token 421s Certificate: 421s Data: 421s Version: 3 (0x2) 421s Serial Number: 5 (0x5) 421s Signature Algorithm: sha256WithRSAEncryption 421s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 421s Validity 421s Not Before: Jun 14 15:18:41 2024 GMT 421s Not After : Jun 14 15:18:41 2025 GMT 421s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 421s Subject Public Key Info: 421s Public Key Algorithm: rsaEncryption 421s Public-Key: (1024 bit) 421s Modulus: 421s 00:bb:27:66:ff:4d:7e:9f:e0:1b:17:5d:e5:b2:af: 421s 8d:cf:a1:f5:6c:6a:92:02:42:14:27:4c:92:f0:bf: 421s 89:70:a7:47:d0:bb:2a:78:7f:97:e8:2b:fe:ff:42: 421s f4:68:b1:1f:a1:ff:0c:c0:4c:9b:8e:34:7d:27:7e: 421s 9b:55:a4:90:b4:30:90:ed:9e:05:dd:19:b5:18:c2: 421s 9a:c1:b6:f3:a5:be:20:00:2d:dd:25:e9:f3:eb:e9: 421s ae:51:b1:77:17:da:76:9b:0f:72:73:96:0e:86:54: 421s 80:88:98:2e:65:87:e8:ca:c4:ea:42:79:24:c2:a4: 421s a8:da:91:4f:bb:37:49:2d:e1 421s Exponent: 65537 (0x10001) 421s X509v3 extensions: 421s X509v3 Authority Key Identifier: 421s B9:55:20:46:10:7F:CF:35:E3:91:10:9A:1D:75:55:5C:BD:97:21:70 421s X509v3 Basic Constraints: 421s CA:FALSE 421s Netscape Cert Type: 421s SSL Client, S/MIME 421s Netscape Comment: 421s Test Organization Sub Intermediate CA trusted Certificate 421s X509v3 Subject Key Identifier: 421s F0:4E:7F:68:33:13:6E:E3:F0:66:1D:EF:30:CC:79:50:D0:4B:42:60 421s X509v3 Key Usage: critical 421s Digital Signature, Non Repudiation, Key Encipherment 421s X509v3 Extended Key Usage: 421s TLS Web Client Authentication, E-mail Protection 421s X509v3 Subject Alternative Name: 421s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 421s Signature Algorithm: sha256WithRSAEncryption 421s Signature Value: 421s 7a:bd:ae:7c:c4:d8:c0:69:3d:b1:90:46:4f:a2:88:2f:23:fa: 421s ce:0e:4d:85:a2:cd:04:dc:f4:ac:ff:ab:da:cf:06:1e:30:64: 421s c4:dc:88:b6:68:15:9f:ab:aa:4b:00:84:f5:d6:e1:99:39:e3: 421s 69:59:18:8c:92:92:aa:9c:3f:c1:a5:d5:41:dc:52:bc:6b:78: 421s f9:64:80:bc:60:5e:56:3d:87:8b:85:77:1b:e6:25:e9:d5:ce: 421s c7:d5:74:21:08:8c:67:8b:05:e1:f7:aa:0a:82:7d:2a:98:0d: 421s 82:74:51:01:52:3e:cd:b5:2f:71:55:07:06:63:f6:41:9f:36: 421s 48:de 421s Certificate: 421s Data: 421s Version: 3 (0x2) 421s Serial Number: 5 (0x5) 421s Signature Algorithm: sha256WithRSAEncryption 421s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 421s Validity 421s Not Before: Jun 14 15:18:41 2024 GMT 421s Not After : Jun 14 15:18:41 2025 GMT 421s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 421s Subject Public Key Info: 421s Public Key Algorithm: rsaEncryption 421s Public-Key: (1024 bit) 421s Modulus: 421s 00:bb:27:66:ff:4d:7e:9f:e0:1b:17:5d:e5:b2:af: 421s 8d:cf:a1:f5:6c:6a:92:02:42:14:27:4c:92:f0:bf: 421s 89:70:a7:47:d0:bb:2a:78:7f:97:e8:2b:fe:ff:42: 421s f4:68:b1:1f:a1:ff:0c:c0:4c:9b:8e:34:7d:27:7e: 421s 9b:55:a4:90:b4:30:90:ed:9e:05:dd:19:b5:18:c2: 421s 9a:c1:b6:f3:a5:be:20:00:2d:dd:25:e9:f3:eb:e9: 421s ae:51:b1:77:17:da:76:9b:0f:72:73:96:0e:86:54: 421s 80:88:98:2e:65:87:e8:ca:c4:ea:42:79:24:c2:a4: 421s a8:da:91:4f:bb:37:49:2d:e1 421s Exponent: 65537 (0x10001) 421s X509v3 extensions: 421s X509v3 Authority Key Identifier: 421s B9:55:20:46:10:7F:CF:35:E3:91:10:9A:1D:75:55:5C:BD:97:21:70 421s X509v3 Basic Constraints: 421s CA:FALSE 421s Netscape Cert Type: 421s SSL Client, S/MIME 421s Netscape Comment: 421s Test Organization Sub Intermediate CA trusted Certificate 421s X509v3 Subject Key Identifier: 421s F0:4E:7F:68:33:13:6E:E3:F0:66:1D:EF:30:CC:79:50:D0:4B:42:60 421s X509v3 Key Usage: critical 421s Digital Signature, Non Repudiation, Key Encipherment 421s X509v3 Extended Key Usage: 421s TLS Web Client Authentication, E-mail Protection 421s X509v3 Subject Alternative Name: 421s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 421s Signature Algorithm: sha256WithRSAEncryption 421s Signature Value: 421s 7a:bd:ae:7c:c4:d8:c0:69:3d:b1:90:46:4f:a2:88:2f:23:fa: 421s ce:0e:4d:85:a2:cd:04:dc:f4:ac:ff:ab:da:cf:06:1e:30:64: 421s c4:dc:88:b6:68:15:9f:ab:aa:4b:00:84:f5:d6:e1:99:39:e3: 421s 69:59:18:8c:92:92:aa:9c:3f:c1:a5:d5:41:dc:52:bc:6b:78: 421s f9:64:80:bc:60:5e:56:3d:87:8b:85:77:1b:e6:25:e9:d5:ce: 421s c7:d5:74:21:08:8c:67:8b:05:e1:f7:aa:0a:82:7d:2a:98:0d: 421s 82:74:51:01:52:3e:cd:b5:2f:71:55:07:06:63:f6:41:9f:36: 421s 48:de 421s Test Organization Sub Int Token 421s Test Organization Sub Int Token 421s Test Organization Sub Int Token 421s Certificate: 421s Data: 421s Version: 3 (0x2) 421s Serial Number: 5 (0x5) 421s Signature Algorithm: sha256WithRSAEncryption 421s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 421s Validity 421s Not Before: Jun 14 15:18:41 2024 GMT 421s Not After : Jun 14 15:18:41 2025 GMT 421s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 421s Subject Public Key Info: 421s Public Key Algorithm: rsaEncryption 421s Public-Key: (1024 bit) 421s Modulus: 421s 00:bb:27:66:ff:4d:7e:9f:e0:1b:17:5d:e5:b2:af: 421s 8d:cf:a1:f5:6c:6a:92:02:42:14:27:4c:92:f0:bf: 421s 89:70:a7:47:d0:bb:2a:78:7f:97:e8:2b:fe:ff:42: 421s f4:68:b1:1f:a1:ff:0c:c0:4c:9b:8e:34:7d:27:7e: 421s 9b:55:a4:90:b4:30:90:ed:9e:05:dd:19:b5:18:c2: 421s 9a:c1:b6:f3:a5:be:20:00:2d:dd:25:e9:f3:eb:e9: 421s ae:51:b1:77:17:da:76:9b:0f:72:73:96:0e:86:54: 421s 80:88:98:2e:65:87:e8:ca:c4:ea:42:79:24:c2:a4: 421s a8:da:91:4f:bb:37:49:2d:e1 421s Exponent: 65537 (0x10001) 421s X509v3 extensions: 421s X509v3 Authority Key Identifier: 421s B9:55:20:46:10:7F:CF:35:E3:91:10:9A:1D:75:55:5C:BD:97:21:70 421s X509v3 Basic Constraints: 421s CA:FALSE 421s Netscape Cert Type: 421s SSL Client, S/MIME 421s Netscape Comment: 421s Test Organization Sub Intermediate CA trusted Certificate 421s X509v3 Subject Key Identifier: 421s F0:4E:7F:68:33:13:6E:E3:F0:66:1D:EF:30:CC:79:50:D0:4B:42:60 421s X509v3 Key Usage: critical 421s Digital Signature, Non Repudiation, Key Encipherment 421s X509v3 Extended Key Usage: 421s TLS Web Client Authentication, E-mail Protection 421s X509v3 Subject Alternative Name: 421s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 421s Signature Algorithm: sha256WithRSAEncryption 421s Signature Value: 421s 7a:bd:ae:7c:c4:d8:c0:69:3d:b1:90:46:4f:a2:88:2f:23:fa: 421s ce:0e:4d:85:a2:cd:04:dc:f4:ac:ff:ab:da:cf:06:1e:30:64: 421s c4:dc:88:b6:68:15:9f:ab:aa:4b:00:84:f5:d6:e1:99:39:e3: 421s 69:59:18:8c:92:92:aa:9c:3f:c1:a5:d5:41:dc:52:bc:6b:78: 421s f9:64:80:bc:60:5e:56:3d:87:8b:85:77:1b:e6:25:e9:d5:ce: 421s c7:d5:74:21:08:8c:67:8b:05:e1:f7:aa:0a:82:7d:2a:98:0d: 421s 82:74:51:01:52:3e:cd:b5:2f:71:55:07:06:63:f6:41:9f:36: 421s 48:de 421s Certificate: 421s Data: 421s Version: 3 (0x2) 421s Serial Number: 5 (0x5) 421s Signature Algorithm: sha256WithRSAEncryption 421s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 421s Validity 421s Not Before: Jun 14 15:18:41 2024 GMT 421s Not After : Jun 14 15:18:41 2025 GMT 421s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 421s Subject Public Key Info: 421s Public Key Algorithm: rsaEncryption 421s Public-Key: (1024 bit) 421s Modulus: 421s 00:bb:27:66:ff:4d:7e:9f:e0:1b:17:5d:e5:b2:af: 421s 8d:cf:a1:f5:6c:6a:92:02:42:14:27:4c:92:f0:bf: 421s 89:70:a7:47:d0:bb:2a:78:7f:97:e8:2b:fe:ff:42: 421s f4:68:b1:1f:a1:ff:0c:c0:4c:9b:8e:34:7d:27:7e: 421s 9b:55:a4:90:b4:30:90:ed:9e:05:dd:19:b5:18:c2: 421s 9a:c1:b6:f3:a5:be:20:00:2d:dd:25:e9:f3:eb:e9: 421s ae:51:b1:77:17:da:76:9b:0f:72:73:96:0e:86:54: 421s 80:88:98:2e:65:87:e8:ca:c4:ea:42:79:24:c2:a4: 421s a8:da:91:4f:bb:37:49:2d:e1 421s Exponent: 65537 (0x10001) 421s X509v3 extensions: 421s X509v3 Authority Key Identifier: 421s B9:55:20:46:10:7F:CF:35:E3:91:10:9A:1D:75:55:5C:BD:97:21:70 421s X509v3 Basic Constraints: 421s CA:FALSE 421s Netscape Cert Type: 421s SSL Client, S/MIME 421s Netscape Comment: 421s Test Organization Sub Intermediate CA trusted Certificate 421s X509v3 Subject Key Identifier: 421s F0:4E:7F:68:33:13:6E:E3:F0:66:1D:EF:30:CC:79:50:D0:4B:42:60 421s X509v3 Key Usage: critical 421s Digital Signature, Non Repudiation, Key Encipherment 421s X509v3 Extended Key Usage: 421s TLS Web Client Authentication, E-mail Protection 421s X509v3 Subject Alternative Name: 421s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 421s Signature Algorithm: sha256WithRSAEncryption 421s Signature Value: 421s 7a:bd:ae:7c:c4:d8:c0:69:3d:b1:90:46:4f:a2:88:2f:23:fa: 421s ce:0e:4d:85:a2:cd:04:dc:f4:ac:ff:ab:da:cf:06:1e:30:64: 421s c4:dc:88:b6:68:15:9f:ab:aa:4b:00:84:f5:d6:e1:99:39:e3: 421s 69:59:18:8c:92:92:aa:9c:3f:c1:a5:d5:41:dc:52:bc:6b:78: 421s f9:64:80:bc:60:5e:56:3d:87:8b:85:77:1b:e6:25:e9:d5:ce: 421s c7:d5:74:21:08:8c:67:8b:05:e1:f7:aa:0a:82:7d:2a:98:0d: 421s 82:74:51:01:52:3e:cd:b5:2f:71:55:07:06:63:f6:41:9f:36: 421s 48:de 421s Test Organization Sub Int Token 421s Certificate: 421s Data: 421s Version: 3 (0x2) 421s Serial Number: 5 (0x5) 421s Signature Algorithm: sha256WithRSAEncryption 421s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 421s Validity 421s Not Before: Jun 14 15:18:41 2024 GMT 421s Not After : Jun 14 15:18:41 2025 GMT 421s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 421s Subject Public Key Info: 421s Public Key Algorithm: rsaEncryption 421s Public-Key: (1024 bit) 421s Modulus: 421s 00:bb:27:66:ff:4d:7e:9f:e0:1b:17:5d:e5:b2:af: 421s 8d:cf:a1:f5:6c:6a:92:02:42:14:27:4c:92:f0:bf: 421s 89:70:a7:47:d0:bb:2a:78:7f:97:e8:2b:fe:ff:42: 421s f4:68:b1:1f:a1:ff:0c:c0:4c:9b:8e:34:7d:27:7e: 421s 9b:55:a4:90:b4:30:90:ed:9e:05:dd:19:b5:18:c2: 421s 9a:c1:b6:f3:a5:be:20:00:2d:dd:25:e9:f3:eb:e9: 421s ae:51:b1:77:17:da:76:9b:0f:72:73:96:0e:86:54: 421s 80:88:98:2e:65:87:e8:ca:c4:ea:42:79:24:c2:a4: 421s a8:da:91:4f:bb:37:49:2d:e1 421s Exponent: 65537 (0x10001) 421s X509v3 extensions: 421s X509v3 Authority Key Identifier: 421s B9:55:20:46:10:7F:CF:35:E3:91:10:9A:1D:75:55:5C:BD:97:21:70 421s X509v3 Basic Constraints: 421s CA:FALSE 421s Netscape Cert Type: 421s SSL Client, S/MIME 421s Netscape Comment: 421s Test Organization Sub Intermediate CA trusted Certificate 421s X509v3 Subject Key Identifier: 421s F0:4E:7F:68:33:13:6E:E3:F0:66:1D:EF:30:CC:79:50:D0:4B:42:60 421s X509v3 Key Usage: critical 421s Digital Signature, Non Repudiation, Key Encipherment 421s X509v3 Extended Key Usage: 421s TLS Web Client Authentication, E-mail Protection 421s X509v3 Subject Alternative Name: 421s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 421s Signature Algorithm: sha256WithRSAEncryption 421s Signature Value: 421s 7a:bd:ae:7c:c4:d8:c0:69:3d:b1:90:46:4f:a2:88:2f:23:fa: 421s ce:0e:4d:85:a2:cd:04:dc:f4:ac:ff:ab:da:cf:06:1e:30:64: 421s c4:dc:88:b6:68:15:9f:ab:aa:4b:00:84:f5:d6:e1:99:39:e3: 421s 69:59:18:8c:92:92:aa:9c:3f:c1:a5:d5:41:dc:52:bc:6b:78: 421s f9:64:80:bc:60:5e:56:3d:87:8b:85:77:1b:e6:25:e9:d5:ce: 421s c7:d5:74:21:08:8c:67:8b:05:e1:f7:aa:0a:82:7d:2a:98:0d: 421s 82:74:51:01:52:3e:cd:b5:2f:71:55:07:06:63:f6:41:9f:36: 421s 48:de 421s Certificate: 421s Data: 421s Version: 3 (0x2) 421s Serial Number: 5 (0x5) 421s Signature Algorithm: sha256WithRSAEncryption 421s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 421s Validity 421s Not Before: Jun 14 15:18:41 2024 GMT 421s Not After : Jun 14 15:18:41 2025 GMT 421s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 421s Subject Public Key Info: 421s Public Key Algo+ return 2 421s + invalid_certificate /tmp/sssd-softhsm2-r0YAhf/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-1245 /tmp/sssd-softhsm2-r0YAhf/test-root-CA.pem partial_chain 421s + check_certificate /tmp/sssd-softhsm2-r0YAhf/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-1245 /tmp/sssd-softhsm2-r0YAhf/test-root-CA.pem partial_chain 421s + local certificate=/tmp/sssd-softhsm2-r0YAhf/test-sub-intermediate-CA-trusted-certificate-0001.pem 421s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-1245 421s + local key_ring=/tmp/sssd-softhsm2-r0YAhf/test-root-CA.pem 421s + local verify_option=partial_chain 421s + prepare_softhsm2_card /tmp/sssd-softhsm2-r0YAhf/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-1245 421s + local certificate=/tmp/sssd-softhsm2-r0YAhf/test-sub-intermediate-CA-trusted-certificate-0001.pem 421s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-1245 421s + local key_cn 421s + local key_name 421s + local tokens_dir 421s + local output_cert_file 421s + token_name= 421s ++ basename /tmp/sssd-softhsm2-r0YAhf/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 421s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 421s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-r0YAhf/test-sub-intermediate-CA-trusted-certificate-0001.pem 421s ++ sed -n 's/ *commonName *= //p' 421s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 421s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 421s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-r0YAhf/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 421s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-r0YAhf/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 421s ++ basename /tmp/sssd-softhsm2-r0YAhf/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 421s + tokens_dir=/tmp/sssd-softhsm2-r0YAhf/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 421s + token_name='Test Organization Sub Int Token' 421s + '[' '!' -e /tmp/sssd-softhsm2-r0YAhf/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 421s + '[' '!' -d /tmp/sssd-softhsm2-r0YAhf/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 421s + echo 'Test Organization Sub Int Token' 421s + '[' -n partial_chain ']' 421s + local verify_arg=--verify=partial_chain 421s + local output_base_name=SSSD-child-1478 421s + local output_file=/tmp/sssd-softhsm2-r0YAhf/SSSD-child-1478.output 421s + output_cert_file=/tmp/sssd-softhsm2-r0YAhf/SSSD-child-1478.pem 421s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-r0YAhf/test-root-CA.pem 421s [p11_child[2447]] [main] (0x0400): p11_child started. 421s [p11_child[2447]] [main] (0x2000): Running in [pre-auth] mode. 421s [p11_child[2447]] [main] (0x2000): Running with effective IDs: [0][0]. 421s [p11_child[2447]] [main] (0x2000): Running with real IDs [0][0]. 421s [p11_child[2447]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 421s [p11_child[2447]] [do_card] (0x4000): Module List: 421s [p11_child[2447]] [do_card] (0x4000): common name: [softhsm2]. 421s [p11_child[2447]] [do_card] (0x4000): dll name: [/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 421s [p11_child[2447]] [do_card] (0x4000): Description [SoftHSM slot ID 0x175b9427] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 421s [p11_child[2447]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 421s [p11_child[2447]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x175b9427][391877671] of module [0][/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 421s [p11_child[2447]] [do_card] (0x4000): Login NOT required. 421s [p11_child[2447]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 421s [p11_child[2447]] [do_verification] (0x0040): X509_verify_cert failed [0]. 421s [p11_child[2447]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 421s [p11_child[2447]] [read_certs] (0x0040): Certificate [Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] not valid, skipping. 421s [p11_child[2447]] [do_card] (0x4000): No certificate found. 421s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-r0YAhf/SSSD-child-1478.output 421s + return 2 421s + valid_certificate /tmp/sssd-softhsm2-r0YAhf/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-1245 /tmp/sssd-softhsm2-r0YAhf/test-full-chain-CA.pem 421s + check_certificate /tmp/sssd-softhsm2-r0YAhf/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-1245 /tmp/sssd-softhsm2-r0YAhf/test-full-chain-CA.pem 421s + local certificate=/tmp/sssd-softhsm2-r0YAhf/test-sub-intermediate-CA-trusted-certificate-0001.pem 421s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-1245 421s + local key_ring=/tmp/sssd-softhsm2-r0YAhf/test-full-chain-CA.pem 421s + local verify_option= 421s + prepare_softhsm2_card /tmp/sssd-softhsm2-r0YAhf/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-1245 421s + local certificate=/tmp/sssd-softhsm2-r0YAhf/test-sub-intermediate-CA-trusted-certificate-0001.pem 421s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-1245 421s + local key_cn 421s + local key_name 421s + local tokens_dir 421s + local output_cert_file 421s + token_name= 421s ++ basename /tmp/sssd-softhsm2-r0YAhf/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 421s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 421s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-r0YAhf/test-sub-intermediate-CA-trusted-certificate-0001.pem 421s ++ sed -n 's/ *commonName *= //p' 421s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 421s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 421s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-r0YAhf/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 421s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-r0YAhf/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 421s ++ basename /tmp/sssd-softhsm2-r0YAhf/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 421s + tokens_dir=/tmp/sssd-softhsm2-r0YAhf/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 421s + token_name='Test Organization Sub Int Token' 421s + '[' '!' -e /tmp/sssd-softhsm2-r0YAhf/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 421s + '[' '!' -d /tmp/sssd-softhsm2-r0YAhf/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 421s + echo 'Test Organization Sub Int Token' 421s + '[' -n '' ']' 421s + local output_base_name=SSSD-child-16976 421s + local output_file=/tmp/sssd-softhsm2-r0YAhf/SSSD-child-16976.output 421s + output_cert_file=/tmp/sssd-softhsm2-r0YAhf/SSSD-child-16976.pem 421s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-r0YAhf/test-full-chain-CA.pem 421s [p11_child[2454]] [main] (0x0400): p11_child started. 421s [p11_child[2454]] [main] (0x2000): Running in [pre-auth] mode. 421s [p11_child[2454]] [main] (0x2000): Running with effective IDs: [0][0]. 421s [p11_child[2454]] [main] (0x2000): Running with real IDs [0][0]. 421s [p11_child[2454]] [do_card] (0x4000): Module List: 421s [p11_child[2454]] [do_card] (0x4000): common name: [softhsm2]. 421s [p11_child[2454]] [do_card] (0x4000): dll name: [/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 421s [p11_child[2454]] [do_card] (0x4000): Description [SoftHSM slot ID 0x175b9427] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 421s [p11_child[2454]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 421s [p11_child[2454]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x175b9427][391877671] of module [0][/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 421s [p11_child[2454]] [do_card] (0x4000): Login NOT required. 421s [p11_child[2454]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 421s [p11_child[2454]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 421s [p11_child[2454]] [do_card] (0x4000): /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Sub Int Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 421s [p11_child[2454]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x175b9427;slot-manufacturer=SoftHSM%20project;slot-id=391877671;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=9cd969a3975b9427;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 421s [p11_child[2454]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 421s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-r0YAhf/SSSD-child-16976.output 421s + echo '-----BEGIN CERTIFICATE-----' 421s + tail -n1 /tmp/sssd-softhsm2-r0YAhf/SSSD-child-16976.output 421s + echo '-----END CERTIFICATE-----' 421s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-r0YAhf/SSSD-child-16976.pem 421s + local found_md5 expected_md5 421s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-r0YAhf/test-sub-intermediate-CA-trusted-certificate-0001.pem 421s + expected_md5=Modulus=BB2766FF4D7E9FE01B175DE5B2AF8DCFA1F56C6A92024214274C92F0BF8970A747D0BB2A787F97E82BFEFF42F468B11FA1FF0CC04C9B8E347D277E9B55A490B43090ED9E05DD19B518C29AC1B6F3A5BE20002DDD25E9F3EBE9AE51B17717DA769B0F7273960E86548088982E6587E8CAC4EA427924C2A4A8DA914FBB37492DE1 421s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-r0YAhf/SSSD-child-16976.pem 421s + found_md5=Modulus=BB2766FF4D7E9FE01B175DE5B2AF8DCFA1F56C6A92024214274C92F0BF8970A747D0BB2A787F97E82BFEFF42F468B11FA1FF0CC04C9B8E347D277E9B55A490B43090ED9E05DD19B518C29AC1B6F3A5BE20002DDD25E9F3EBE9AE51B17717DA769B0F7273960E86548088982E6587E8CAC4EA427924C2A4A8DA914FBB37492DE1 421s + '[' Modulus=BB2766FF4D7E9FE01B175DE5B2AF8DCFA1F56C6A92024214274C92F0BF8970A747D0BB2A787F97E82BFEFF42F468B11FA1FF0CC04C9B8E347D277E9B55A490B43090ED9E05DD19B518C29AC1B6F3A5BE20002DDD25E9F3EBE9AE51B17717DA769B0F7273960E86548088982E6587E8CAC4EA427924C2A4A8DA914FBB37492DE1 '!=' Modulus=BB2766FF4D7E9FE01B175DE5B2AF8DCFA1F56C6A92024214274C92F0BF8970A747D0BB2A787F97E82BFEFF42F468B11FA1FF0CC04C9B8E347D277E9B55A490B43090ED9E05DD19B518C29AC1B6F3A5BE20002DDD25E9F3EBE9AE51B17717DA769B0F7273960E86548088982E6587E8CAC4EA427924C2A4A8DA914FBB37492DE1 ']' 421s + output_file=/tmp/sssd-softhsm2-r0YAhf/SSSD-child-16976-auth.output 421s ++ basename /tmp/sssd-softhsm2-r0YAhf/SSSD-child-16976-auth.output .output 421s + output_cert_file=/tmp/sssd-softhsm2-r0YAhf/SSSD-child-16976-auth.pem 421s + echo -n 053350 421s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-r0YAhf/test-full-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 '' --token_name 'Test Organization Sub Int Token' --module_name /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so 421s [p11_child[2462]] [main] (0x0400): p11_child started. 421s [p11_child[2462]] [main] (0x2000): Running in [auth] mode. 421s [p11_child[2462]] [main] (0x2000): Running with effective IDs: [0][0]. 421s [p11_child[2462]] [main] (0x2000): Running with real IDs [0][0]. 421s [p11_child[2462]] [do_card] (0x4000): Module List: 421s [p11_child[2462]] [do_card] (0x4000): common name: [softhsm2]. 421s [p11_child[2462]] [do_card] (0x4000): dll name: [/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 421s [p11_child[2462]] [do_card] (0x4000): Description [SoftHSM slot ID 0x175b9427] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 421s [p11_child[2462]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 421s [p11_child[2462]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x175b9427][391877671] of module [0][/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 421s [p11_child[2462]] [do_card] (0x4000): Login required. 421s [p11_child[2462]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 421s [p11_child[2462]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 421s [p11_child[2462]] [do_card] (0x4000): /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so Test Organization Sub Int Token Test Organization Sub Int Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 421s [p11_child[2462]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x175b9427;slot-manufacturer=SoftHSM%20project;slot-id=391877671;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=9cd969a3975b9427;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 421s [p11_child[2462]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 421s [p11_child[2462]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 421s [p11_child[2462]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 421s [p11_child[2462]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 421s [p11_child[2462]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 421s [p11_child[2462]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 421s [p11_child[2462]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 421s [p11_child[2462]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 421s [p11_child[2462]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 421s [p11_child[2462]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 421s [p11_child[2462]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 421s [p11_child[2462]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 421s [p11_child[2462]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 421s [p11_child[2462]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 421s [p11_child[2462]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 421s [p11_child[2462]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 421s [p11_child[2462]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 421s [p11_child[2462]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 421s [p11_child[2462]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 421s [p11_child[2462]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 421s [p11_child[2462]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 421s [p11_child[2462]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 421s [p11_child[2462]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 421s [p11_child[2462]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 421s [p11_child[2462]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 421s [p11_child[2462]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 421s [p11_child[2462]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 421s [p11_child[2462]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 421s [p11_child[2462]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 421s [p11_child[2462]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 421s [p11_child[2462]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 421s [p11_child[2462]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 421s [p11_child[2462]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 421s [p11_child[2462]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 421s [p11_child[2462]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 421s [p11_child[2462]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 421s [p11_child[2462]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 421s [p11_child[2462]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 421s [p11_child[2462]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 421s [p11_child[2462]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 421s [p11_child[2462]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 421s [p11_child[2462]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 421s [p11_child[2462]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 421s [p11_child[2462]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 421s [p11_child[2462]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 421s [p11_child[2462]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 421s [p11_child[2462]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 421s [p11_child[2462]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 421s [p11_child[2462]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 421s [p11_child[2462]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 421s [p11_child[2462]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 421s [p11_child[2462]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 421s [p11_child[2462]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 421s [p11_child[2462]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 421s [p11_child[2462]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 421s [p11_child[2462]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 421s [p11_child[2462]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 421s [p11_child[2462]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 421s [p11_child[2462]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 421s [p11_child[2462]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 421s [p11_child[2462]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 421s [p11_child[2462]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 421s [p11_child[2462]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 421s [p11_child[2462]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 421s [p11_child[2462]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 421s [p11_child[2462]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 421s [p11_child[2462]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 421s [p11_child[2462]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 421s [p11_child[2462]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 421s [p11_child[2462]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 421s [p11_child[2462]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 421s [p11_child[2462]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 421s [p11_child[2462]] [do_card] (0x4000): Certificate verified and validated. 421s [p11_child[2462]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 421s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-r0YAhf/SSSD-child-16976-auth.output 421s + echo '-----BEGIN CERTIFICATE-----' 421s + tail -n1 /tmp/sssd-softhsm2-r0YAhf/SSSD-child-16976-auth.output 421s + echo '-----END CERTIFICATE-----' 421s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-r0YAhf/SSSD-child-16976-auth.pem 421s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-r0YAhf/SSSD-child-16976-auth.pem 421s + found_md5=Modulus=BB2766FF4D7E9FE01B175DE5B2AF8DCFA1F56C6A92024214274C92F0BF8970A747D0BB2A787F97E82BFEFF42F468B11FA1FF0CC04C9B8E347D277E9B55A490B43090ED9E05DD19B518C29AC1B6F3A5BE20002DDD25E9F3EBE9AE51B17717DA769B0F7273960E86548088982E6587E8CAC4EA427924C2A4A8DA914FBB37492DE1 421s + '[' Modulus=BB2766FF4D7E9FE01B175DE5B2AF8DCFA1F56C6A92024214274C92F0BF8970A747D0BB2A787F97E82BFEFF42F468B11FA1FF0CC04C9B8E347D277E9B55A490B43090ED9E05DD19B518C29AC1B6F3A5BE20002DDD25E9F3EBE9AE51B17717DA769B0F7273960E86548088982E6587E8CAC4EA427924C2A4A8DA914FBB37492DE1 '!=' Modulus=BB2766FF4D7E9FE01B175DE5B2AF8DCFA1F56C6A92024214274C92F0BF8970A747D0BB2A787F97E82BFEFF42F468B11FA1FF0CC04C9B8E347D277E9B55A490B43090ED9E05DD19B518C29AC1B6F3A5BE20002DDD25E9F3EBE9AE51B17717DA769B0F7273960E86548088982E6587E8CAC4EA427924C2A4A8DA914FBB37492DE1 ']' 421s + valid_certificate /tmp/sssd-softhsm2-r0YAhf/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-1245 /tmp/sssd-softhsm2-r0YAhf/test-full-chain-CA.pem partial_chain 421s + check_certificate /tmp/sssd-softhsm2-r0YAhf/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-1245 /tmp/sssd-softhsm2-r0YAhf/test-full-chain-CA.pem partial_chain 421s + local certificate=/tmp/sssd-softhsm2-r0YAhf/test-sub-intermediate-CA-trusted-certificate-0001.pem 421s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-1245 421s + local key_ring=/tmp/sssd-softhsm2-r0YAhf/test-full-chain-CA.pem 421s + local verify_option=partial_chain 421s + prepare_softhsm2_card /tmp/sssd-softhsm2-r0YAhf/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-1245 421s + local certificate=/tmp/sssd-softhsm2-r0YAhf/test-sub-intermediate-CA-trusted-certificate-0001.pem 421s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-1245 421s + local key_cn 421s + local key_name 421s + local tokens_dir 421s + local output_cert_file 421s + token_name= 421s ++ basename /tmp/sssd-softhsm2-r0YAhf/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 421s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 421s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-r0YAhf/test-sub-intermediate-CA-trusted-certificate-0001.pem 421s ++ sed -n 's/ *commonName *= //p' 421s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 421s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 421s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-r0YAhf/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 421s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-r0YAhf/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 421s ++ basename /tmp/sssd-softhsm2-r0YAhf/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 421s + tokens_dir=/tmp/sssd-softhsm2-r0YAhf/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 421s + token_name='Test Organization Sub Int Token' 421s + '[' '!' -e /tmp/sssd-softhsm2-r0YAhf/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 421s + '[' '!' -d /tmp/sssd-softhsm2-r0YAhf/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 421s + echo 'Test Organization Sub Int Token' 421s + '[' -n partial_chain ']' 421s + local verify_arg=--verify=partial_chain 421s + local output_base_name=SSSD-child-14920 421s + local output_file=/tmp/sssd-softhsm2-r0YAhf/SSSD-child-14920.output 421s + output_cert_file=/tmp/sssd-softhsm2-r0YAhf/SSSD-child-14920.pem 421s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-r0YAhf/test-full-chain-CA.pem 421s [p11_child[2472]] [main] (0x0400): p11_child started. 421s [p11_child[2472]] [main] (0x2000): Running in [pre-auth] mode. 421s [p11_child[2472]] [main] (0x2000): Running with effective IDs: [0][0]. 421s [p11_child[2472]] [main] (0x2000): Running with real IDs [0][0]. 421s [p11_child[2472]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 421s [p11_child[2472]] [do_card] (0x4000): Module List: 421s [p11_child[2472]] [do_card] (0x4000): common name: [softhsm2]. 421s [p11_child[2472]] [do_card] (0x4000): dll name: [/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 421s [p11_child[2472]] [do_card] (0x4000): Description [SoftHSM slot ID 0x175b9427] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 421s [p11_child[2472]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 421s [p11_child[2472]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x175b9427][391877671] of module [0][/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 421s [p11_child[2472]] [do_card] (0x4000): Login NOT required. 421s [p11_child[2472]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 421s [p11_child[2472]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 421s [p11_child[2472]] [do_card] (0x4000): /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Sub Int Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 421s [p11_child[2472]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x175b9427;slot-manufacturer=SoftHSM%20project;slot-id=391877671;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=9cd969a3975b9427;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 421s [p11_child[2472]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 421s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-r0YAhf/SSSD-child-14920.output 421s + echo '-----BEGIN CERTIFICATE-----' 421s + tail -n1 /tmp/sssd-softhsm2-r0YAhf/SSSD-child-14920.output 421s + echo '-----END CERTIFICATE-----' 421s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-r0YAhf/SSSD-child-14920.pem 421s + local found_md5 expected_md5 421s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-r0YAhf/test-sub-intermediate-CA-trusted-certificate-0001.pem 421s + expected_md5=Modulus=BB2766FF4D7E9FE01B175DE5B2AF8DCFA1F56C6A92024214274C92F0BF8970A747D0BB2A787F97E82BFEFF42F468B11FA1FF0CC04C9B8E347D277E9B55A490B43090ED9E05DD19B518C29AC1B6F3A5BE20002DDD25E9F3EBE9AE51B17717DA769B0F7273960E86548088982E6587E8CAC4EA427924C2A4A8DA914FBB37492DE1 421s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-r0YAhf/SSSD-child-14920.pem 421s + found_md5=Modulus=BB2766FF4D7E9FE01B175DE5B2AF8DCFA1F56C6A92024214274C92F0BF8970A747D0BB2A787F97E82BFEFF42F468B11FA1FF0CC04C9B8E347D277E9B55A490B43090ED9E05DD19B518C29AC1B6F3A5BE20002DDD25E9F3EBE9AE51B17717DA769B0F7273960E86548088982E6587E8CAC4EA427924C2A4A8DA914FBB37492DE1 421s + '[' Modulus=BB2766FF4D7E9FE01B175DE5B2AF8DCFA1F56C6A92024214274C92F0BF8970A747D0BB2A787F97E82BFEFF42F468B11FA1FF0CC04C9B8E347D277E9B55A490B43090ED9E05DD19B518C29AC1B6F3A5BE20002DDD25E9F3EBE9AE51B17717DA769B0F7273960E86548088982E6587E8CAC4EA427924C2A4A8DA914FBB37492DE1 '!=' Modulus=BB2766FF4D7E9FE01B175DE5B2AF8DCFA1F56C6A92024214274C92F0BF8970A747D0BB2A787F97E82BFEFF42F468B11FA1FF0CC04C9B8E347D277E9B55A490B43090ED9E05DD19B518C29AC1B6F3A5BE20002DDD25E9F3EBE9AE51B17717DA769B0F7273960E86548088982E6587E8CAC4EA427924C2A4A8DA914FBB37492DE1 ']' 421s + output_file=/tmp/sssd-softhsm2-r0YAhf/SSSD-child-14920-auth.output 421s ++ basename /tmp/sssd-softhsm2-r0YAhf/SSSD-child-14920-auth.output .output 421s + output_cert_file=/tmp/sssd-softhsm2-r0YAhf/SSSD-child-14920-auth.pem 421s + echo -n 053350 421s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-r0YAhf/test-full-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Sub Int Token' --module_name /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so 421s [p11_child[2480]] [main] (0x0400): p11_child started. 421s [p11_child[2480]] [main] (0x2000): Running in [auth] mode. 421s [p11_child[2480]] [main] (0x2000): Running with effective IDs: [0][0]. 421s [p11_child[2480]] [main] (0x2000): Running with real IDs [0][0]. 421s [p11_child[2480]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 421s [p11_child[2480]] [do_card] (0x4000): Module List: 421s [p11_child[2480]] [do_card] (0x4000): common name: [softhsm2]. 421s [p11_child[2480]] [do_card] (0x4000): dll name: [/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 421s [p11_child[2480]] [do_card] (0x4000): Description [SoftHSM slot ID 0x175b9427] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 421s [p11_child[2480]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 421s [p11_child[2480]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x175b9427][391877671] of module [0][/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 421s [p11_child[2480]] [rithm: rsaEncryption 421s Public-Key: (1024 bit) 421s Modulus: 421s 00:bb:27:66:ff:4d:7e:9f:e0:1b:17:5d:e5:b2:af: 421s 8d:cf:a1:f5:6c:6a:92:02:42:14:27:4c:92:f0:bf: 421s 89:70:a7:47:d0:bb:2a:78:7f:97:e8:2b:fe:ff:42: 421s f4:68:b1:1f:a1:ff:0c:c0:4c:9b:8e:34:7d:27:7e: 421s 9b:55:a4:90:b4:30:90:ed:9e:05:dd:19:b5:18:c2: 421s 9a:c1:b6:f3:a5:be:20:00:2d:dd:25:e9:f3:eb:e9: 421s ae:51:b1:77:17:da:76:9b:0f:72:73:96:0e:86:54: 421s 80:88:98:2e:65:87:e8:ca:c4:ea:42:79:24:c2:a4: 421s a8:da:91:4f:bb:37:49:2d:e1 421s Exponent: 65537 (0x10001) 421s X509v3 extensions: 421s X509v3 Authority Key Identifier: 421s B9:55:20:46:10:7F:CF:35:E3:91:10:9A:1D:75:55:5C:BD:97:21:70 421s X509v3 Basic Constraints: 421s CA:FALSE 421s Netscape Cert Type: 421s SSL Client, S/MIME 421s Netscape Comment: 421s Test Organization Sub Intermediate CA trusted Certificate 421s X509v3 Subject Key Identifier: 421s F0:4E:7F:68:33:13:6E:E3:F0:66:1D:EF:30:CC:79:50:D0:4B:42:60 421s X509v3 Key Usage: critical 421s Digital Signature, Non Repudiation, Key Encipherment 421s X509v3 Extended Key Usage: 421s TLS Web Client Authentication, E-mail Protection 421s X509v3 Subject Alternative Name: 421s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 421s Signature Algorithm: sha256WithRSAEncryption 421s Signature Value: 421s 7a:bd:ae:7c:c4:d8:c0:69:3d:b1:90:46:4f:a2:88:2f:23:fa: 421s ce:0e:4d:85:a2:cd:04:dc:f4:ac:ff:ab:da:cf:06:1e:30:64: 421s c4:dc:88:b6:68:15:9f:ab:aa:4b:00:84:f5:d6:e1:99:39:e3: 421s 69:59:18:8c:92:92:aa:9c:3f:c1:a5:d5:41:dc:52:bc:6b:78: 421s f9:64:80:bc:60:5e:56:3d:87:8b:85:77:1b:e6:25:e9:d5:ce: 421s c7:d5:74:21:08:8c:67:8b:05:e1:f7:aa:0a:82:7d:2a:98:0d: 421s 82:74:51:01:52:3e:cd:b5:2f:71:55:07:06:63:f6:41:9f:36: 421s 48:de 421s 421s Test completed, Root CA and intermediate issued certificates verified! 421s do_card] (0x4000): Login required. 421s [p11_child[2480]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 421s [p11_child[2480]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 421s [p11_child[2480]] [do_card] (0x4000): /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so Test Organization Sub Int Token Test Organization Sub Int Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 421s [p11_child[2480]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x175b9427;slot-manufacturer=SoftHSM%20project;slot-id=391877671;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=9cd969a3975b9427;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 421s [p11_child[2480]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 421s [p11_child[2480]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 421s [p11_child[2480]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 421s [p11_child[2480]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 421s [p11_child[2480]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 421s [p11_child[2480]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 421s [p11_child[2480]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 421s [p11_child[2480]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 421s [p11_child[2480]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 421s [p11_child[2480]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 421s [p11_child[2480]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 421s [p11_child[2480]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 421s [p11_child[2480]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 421s [p11_child[2480]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 421s [p11_child[2480]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 421s [p11_child[2480]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 421s [p11_child[2480]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 421s [p11_child[2480]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 421s [p11_child[2480]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 421s [p11_child[2480]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 421s [p11_child[2480]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 421s [p11_child[2480]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 421s [p11_child[2480]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 421s [p11_child[2480]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 421s [p11_child[2480]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 421s [p11_child[2480]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 421s [p11_child[2480]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 421s [p11_child[2480]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 421s [p11_child[2480]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 421s [p11_child[2480]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 421s [p11_child[2480]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 421s [p11_child[2480]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 421s [p11_child[2480]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 421s [p11_child[2480]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 421s [p11_child[2480]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 421s [p11_child[2480]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 421s [p11_child[2480]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 421s [p11_child[2480]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 421s [p11_child[2480]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 421s [p11_child[2480]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 421s [p11_child[2480]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 421s [p11_child[2480]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 421s [p11_child[2480]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 421s [p11_child[2480]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 421s [p11_child[2480]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 421s [p11_child[2480]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 421s [p11_child[2480]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 421s [p11_child[2480]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 421s [p11_child[2480]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 421s [p11_child[2480]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 421s [p11_child[2480]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 421s [p11_child[2480]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 421s [p11_child[2480]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 421s [p11_child[2480]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 421s [p11_child[2480]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 421s [p11_child[2480]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 421s [p11_child[2480]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 421s [p11_child[2480]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 421s [p11_child[2480]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 421s [p11_child[2480]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 421s [p11_child[2480]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 421s [p11_child[2480]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 421s [p11_child[2480]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 421s [p11_child[2480]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 421s [p11_child[2480]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 421s [p11_child[2480]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 421s [p11_child[2480]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 421s [p11_child[2480]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 421s [p11_child[2480]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 421s [p11_child[2480]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 421s [p11_child[2480]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 421s [p11_child[2480]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 421s [p11_child[2480]] [do_card] (0x4000): Certificate verified and validated. 421s [p11_child[2480]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 421s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-r0YAhf/SSSD-child-14920-auth.output 421s + echo '-----BEGIN CERTIFICATE-----' 421s + tail -n1 /tmp/sssd-softhsm2-r0YAhf/SSSD-child-14920-auth.output 421s + echo '-----END CERTIFICATE-----' 421s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-r0YAhf/SSSD-child-14920-auth.pem 421s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-r0YAhf/SSSD-child-14920-auth.pem 421s + found_md5=Modulus=BB2766FF4D7E9FE01B175DE5B2AF8DCFA1F56C6A92024214274C92F0BF8970A747D0BB2A787F97E82BFEFF42F468B11FA1FF0CC04C9B8E347D277E9B55A490B43090ED9E05DD19B518C29AC1B6F3A5BE20002DDD25E9F3EBE9AE51B17717DA769B0F7273960E86548088982E6587E8CAC4EA427924C2A4A8DA914FBB37492DE1 421s + '[' Modulus=BB2766FF4D7E9FE01B175DE5B2AF8DCFA1F56C6A92024214274C92F0BF8970A747D0BB2A787F97E82BFEFF42F468B11FA1FF0CC04C9B8E347D277E9B55A490B43090ED9E05DD19B518C29AC1B6F3A5BE20002DDD25E9F3EBE9AE51B17717DA769B0F7273960E86548088982E6587E8CAC4EA427924C2A4A8DA914FBB37492DE1 '!=' Modulus=BB2766FF4D7E9FE01B175DE5B2AF8DCFA1F56C6A92024214274C92F0BF8970A747D0BB2A787F97E82BFEFF42F468B11FA1FF0CC04C9B8E347D277E9B55A490B43090ED9E05DD19B518C29AC1B6F3A5BE20002DDD25E9F3EBE9AE51B17717DA769B0F7273960E86548088982E6587E8CAC4EA427924C2A4A8DA914FBB37492DE1 ']' 421s + invalid_certificate /tmp/sssd-softhsm2-r0YAhf/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-1245 /tmp/sssd-softhsm2-r0YAhf/test-sub-intermediate-CA.pem 421s + check_certificate /tmp/sssd-softhsm2-r0YAhf/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-1245 /tmp/sssd-softhsm2-r0YAhf/test-sub-intermediate-CA.pem 421s + local certificate=/tmp/sssd-softhsm2-r0YAhf/test-sub-intermediate-CA-trusted-certificate-0001.pem 421s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-1245 421s + local key_ring=/tmp/sssd-softhsm2-r0YAhf/test-sub-intermediate-CA.pem 421s + local verify_option= 421s + prepare_softhsm2_card /tmp/sssd-softhsm2-r0YAhf/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-1245 421s + local certificate=/tmp/sssd-softhsm2-r0YAhf/test-sub-intermediate-CA-trusted-certificate-0001.pem 421s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-1245 421s + local key_cn 421s + local key_name 421s + local tokens_dir 421s + local output_cert_file 421s + token_name= 421s ++ basename /tmp/sssd-softhsm2-r0YAhf/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 421s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 421s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-r0YAhf/test-sub-intermediate-CA-trusted-certificate-0001.pem 421s ++ sed -n 's/ *commonName *= //p' 421s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 421s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 421s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-r0YAhf/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 421s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-r0YAhf/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 421s ++ basename /tmp/sssd-softhsm2-r0YAhf/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 421s + tokens_dir=/tmp/sssd-softhsm2-r0YAhf/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 421s + token_name='Test Organization Sub Int Token' 421s + '[' '!' -e /tmp/sssd-softhsm2-r0YAhf/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 421s + '[' '!' -d /tmp/sssd-softhsm2-r0YAhf/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 421s + echo 'Test Organization Sub Int Token' 421s + '[' -n '' ']' 421s + local output_base_name=SSSD-child-10361 421s + local output_file=/tmp/sssd-softhsm2-r0YAhf/SSSD-child-10361.output 421s + output_cert_file=/tmp/sssd-softhsm2-r0YAhf/SSSD-child-10361.pem 421s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-r0YAhf/test-sub-intermediate-CA.pem 421s [p11_child[2490]] [main] (0x0400): p11_child started. 421s [p11_child[2490]] [main] (0x2000): Running in [pre-auth] mode. 421s [p11_child[2490]] [main] (0x2000): Running with effective IDs: [0][0]. 421s [p11_child[2490]] [main] (0x2000): Running with real IDs [0][0]. 421s [p11_child[2490]] [do_card] (0x4000): Module List: 421s [p11_child[2490]] [do_card] (0x4000): common name: [softhsm2]. 421s [p11_child[2490]] [do_card] (0x4000): dll name: [/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 421s [p11_child[2490]] [do_card] (0x4000): Description [SoftHSM slot ID 0x175b9427] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 421s [p11_child[2490]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 421s [p11_child[2490]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x175b9427][391877671] of module [0][/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 421s [p11_child[2490]] [do_card] (0x4000): Login NOT required. 421s [p11_child[2490]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 421s [p11_child[2490]] [do_verification] (0x0040): X509_verify_cert failed [0]. 421s [p11_child[2490]] [do_verification] (0x0040): X509_verify_cert failed [2][unable to get issuer certificate]. 421s [p11_child[2490]] [read_certs] (0x0040): Certificate [Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] not valid, skipping. 421s [p11_child[2490]] [do_card] (0x4000): No certificate found. 421s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-r0YAhf/SSSD-child-10361.output 421s + return 2 421s + invalid_certificate /tmp/sssd-softhsm2-r0YAhf/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-1245 /tmp/sssd-softhsm2-r0YAhf/test-root-intermediate-chain-CA.pem partial_chain 421s + check_certificate /tmp/sssd-softhsm2-r0YAhf/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-1245 /tmp/sssd-softhsm2-r0YAhf/test-root-intermediate-chain-CA.pem partial_chain 421s + local certificate=/tmp/sssd-softhsm2-r0YAhf/test-sub-intermediate-CA-trusted-certificate-0001.pem 421s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-1245 421s + local key_ring=/tmp/sssd-softhsm2-r0YAhf/test-root-intermediate-chain-CA.pem 421s + local verify_option=partial_chain 421s + prepare_softhsm2_card /tmp/sssd-softhsm2-r0YAhf/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-1245 421s + local certificate=/tmp/sssd-softhsm2-r0YAhf/test-sub-intermediate-CA-trusted-certificate-0001.pem 421s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-1245 421s + local key_cn 421s + local key_name 421s + local tokens_dir 421s + local output_cert_file 421s + token_name= 421s ++ basename /tmp/sssd-softhsm2-r0YAhf/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 421s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 421s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-r0YAhf/test-sub-intermediate-CA-trusted-certificate-0001.pem 421s ++ sed -n 's/ *commonName *= //p' 421s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 421s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 421s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-r0YAhf/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 421s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-r0YAhf/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 421s ++ basename /tmp/sssd-softhsm2-r0YAhf/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 421s + tokens_dir=/tmp/sssd-softhsm2-r0YAhf/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 421s + token_name='Test Organization Sub Int Token' 421s + '[' '!' -e /tmp/sssd-softhsm2-r0YAhf/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 421s + '[' '!' -d /tmp/sssd-softhsm2-r0YAhf/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 421s + echo 'Test Organization Sub Int Token' 421s + '[' -n partial_chain ']' 421s + local verify_arg=--verify=partial_chain 421s + local output_base_name=SSSD-child-26807 421s + local output_file=/tmp/sssd-softhsm2-r0YAhf/SSSD-child-26807.output 421s + output_cert_file=/tmp/sssd-softhsm2-r0YAhf/SSSD-child-26807.pem 421s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-r0YAhf/test-root-intermediate-chain-CA.pem 421s [p11_child[2497]] [main] (0x0400): p11_child started. 421s [p11_child[2497]] [main] (0x2000): Running in [pre-auth] mode. 421s [p11_child[2497]] [main] (0x2000): Running with effective IDs: [0][0]. 421s [p11_child[2497]] [main] (0x2000): Running with real IDs [0][0]. 421s [p11_child[2497]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 421s [p11_child[2497]] [do_card] (0x4000): Module List: 421s [p11_child[2497]] [do_card] (0x4000): common name: [softhsm2]. 421s [p11_child[2497]] [do_card] (0x4000): dll name: [/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 421s [p11_child[2497]] [do_card] (0x4000): Description [SoftHSM slot ID 0x175b9427] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 421s [p11_child[2497]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 421s [p11_child[2497]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x175b9427][391877671] of module [0][/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 421s [p11_child[2497]] [do_card] (0x4000): Login NOT required. 421s [p11_child[2497]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 421s [p11_child[2497]] [do_verification] (0x0040): X509_verify_cert failed [0]. 421s [p11_child[2497]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 421s [p11_child[2497]] [read_certs] (0x0040): Certificate [Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] not valid, skipping. 421s [p11_child[2497]] [do_card] (0x4000): No certificate found. 421s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-r0YAhf/SSSD-child-26807.output 421s + return 2 421s + valid_certificate /tmp/sssd-softhsm2-r0YAhf/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-1245 /tmp/sssd-softhsm2-r0YAhf/test-sub-intermediate-CA.pem partial_chain 421s + check_certificate /tmp/sssd-softhsm2-r0YAhf/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-1245 /tmp/sssd-softhsm2-r0YAhf/test-sub-intermediate-CA.pem partial_chain 421s + local certificate=/tmp/sssd-softhsm2-r0YAhf/test-sub-intermediate-CA-trusted-certificate-0001.pem 421s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-1245 421s + local key_ring=/tmp/sssd-softhsm2-r0YAhf/test-sub-intermediate-CA.pem 421s + local verify_option=partial_chain 421s + prepare_softhsm2_card /tmp/sssd-softhsm2-r0YAhf/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-1245 421s + local certificate=/tmp/sssd-softhsm2-r0YAhf/test-sub-intermediate-CA-trusted-certificate-0001.pem 421s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-1245 421s + local key_cn 421s + local key_name 421s + local tokens_dir 421s + local output_cert_file 421s + token_name= 421s ++ basename /tmp/sssd-softhsm2-r0YAhf/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 421s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 421s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-r0YAhf/test-sub-intermediate-CA-trusted-certificate-0001.pem 421s ++ sed -n 's/ *commonName *= //p' 421s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 421s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 421s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-r0YAhf/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 421s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-r0YAhf/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 421s ++ basename /tmp/sssd-softhsm2-r0YAhf/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 421s + tokens_dir=/tmp/sssd-softhsm2-r0YAhf/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 421s + token_name='Test Organization Sub Int Token' 421s + '[' '!' -e /tmp/sssd-softhsm2-r0YAhf/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 421s + '[' '!' -d /tmp/sssd-softhsm2-r0YAhf/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 421s + echo 'Test Organization Sub Int Token' 421s + '[' -n partial_chain ']' 421s + local verify_arg=--verify=partial_chain 421s + local output_base_name=SSSD-child-17825 421s + local output_file=/tmp/sssd-softhsm2-r0YAhf/SSSD-child-17825.output 421s + output_cert_file=/tmp/sssd-softhsm2-r0YAhf/SSSD-child-17825.pem 421s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-r0YAhf/test-sub-intermediate-CA.pem 421s [p11_child[2504]] [main] (0x0400): p11_child started. 421s [p11_child[2504]] [main] (0x2000): Running in [pre-auth] mode. 421s [p11_child[2504]] [main] (0x2000): Running with effective IDs: [0][0]. 421s [p11_child[2504]] [main] (0x2000): Running with real IDs [0][0]. 421s [p11_child[2504]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 421s [p11_child[2504]] [do_card] (0x4000): Module List: 421s [p11_child[2504]] [do_card] (0x4000): common name: [softhsm2]. 421s [p11_child[2504]] [do_card] (0x4000): dll name: [/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 421s [p11_child[2504]] [do_card] (0x4000): Description [SoftHSM slot ID 0x175b9427] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 421s [p11_child[2504]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 421s [p11_child[2504]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x175b9427][391877671] of module [0][/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 421s [p11_child[2504]] [do_card] (0x4000): Login NOT required. 421s [p11_child[2504]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 421s [p11_child[2504]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 421s [p11_child[2504]] [do_card] (0x4000): /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Sub Int Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 421s [p11_child[2504]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x175b9427;slot-manufacturer=SoftHSM%20project;slot-id=391877671;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=9cd969a3975b9427;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 421s [p11_child[2504]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 421s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-r0YAhf/SSSD-child-17825.output 421s + echo '-----BEGIN CERTIFICATE-----' 421s + tail -n1 /tmp/sssd-softhsm2-r0YAhf/SSSD-child-17825.output 421s + echo '-----END CERTIFICATE-----' 421s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-r0YAhf/SSSD-child-17825.pem 421s + local found_md5 expected_md5 421s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-r0YAhf/test-sub-intermediate-CA-trusted-certificate-0001.pem 421s + expected_md5=Modulus=BB2766FF4D7E9FE01B175DE5B2AF8DCFA1F56C6A92024214274C92F0BF8970A747D0BB2A787F97E82BFEFF42F468B11FA1FF0CC04C9B8E347D277E9B55A490B43090ED9E05DD19B518C29AC1B6F3A5BE20002DDD25E9F3EBE9AE51B17717DA769B0F7273960E86548088982E6587E8CAC4EA427924C2A4A8DA914FBB37492DE1 421s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-r0YAhf/SSSD-child-17825.pem 421s + found_md5=Modulus=BB2766FF4D7E9FE01B175DE5B2AF8DCFA1F56C6A92024214274C92F0BF8970A747D0BB2A787F97E82BFEFF42F468B11FA1FF0CC04C9B8E347D277E9B55A490B43090ED9E05DD19B518C29AC1B6F3A5BE20002DDD25E9F3EBE9AE51B17717DA769B0F7273960E86548088982E6587E8CAC4EA427924C2A4A8DA914FBB37492DE1 421s + '[' Modulus=BB2766FF4D7E9FE01B175DE5B2AF8DCFA1F56C6A92024214274C92F0BF8970A747D0BB2A787F97E82BFEFF42F468B11FA1FF0CC04C9B8E347D277E9B55A490B43090ED9E05DD19B518C29AC1B6F3A5BE20002DDD25E9F3EBE9AE51B17717DA769B0F7273960E86548088982E6587E8CAC4EA427924C2A4A8DA914FBB37492DE1 '!=' Modulus=BB2766FF4D7E9FE01B175DE5B2AF8DCFA1F56C6A92024214274C92F0BF8970A747D0BB2A787F97E82BFEFF42F468B11FA1FF0CC04C9B8E347D277E9B55A490B43090ED9E05DD19B518C29AC1B6F3A5BE20002DDD25E9F3EBE9AE51B17717DA769B0F7273960E86548088982E6587E8CAC4EA427924C2A4A8DA914FBB37492DE1 ']' 421s + output_file=/tmp/sssd-softhsm2-r0YAhf/SSSD-child-17825-auth.output 421s ++ basename /tmp/sssd-softhsm2-r0YAhf/SSSD-child-17825-auth.output .output 421s + output_cert_file=/tmp/sssd-softhsm2-r0YAhf/SSSD-child-17825-auth.pem 421s + echo -n 053350 421s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-r0YAhf/test-sub-intermediate-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Sub Int Token' --module_name /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so 421s [p11_child[2512]] [main] (0x0400): p11_child started. 421s [p11_child[2512]] [main] (0x2000): Running in [auth] mode. 421s [p11_child[2512]] [main] (0x2000): Running with effective IDs: [0][0]. 421s [p11_child[2512]] [main] (0x2000): Running with real IDs [0][0]. 421s [p11_child[2512]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 421s [p11_child[2512]] [do_card] (0x4000): Module List: 421s [p11_child[2512]] [do_card] (0x4000): common name: [softhsm2]. 421s [p11_child[2512]] [do_card] (0x4000): dll name: [/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 421s [p11_child[2512]] [do_card] (0x4000): Description [SoftHSM slot ID 0x175b9427] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 421s [p11_child[2512]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 421s [p11_child[2512]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x175b9427][391877671] of module [0][/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 421s [p11_child[2512]] [do_card] (0x4000): Login required. 421s [p11_child[2512]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 421s [p11_child[2512]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 421s [p11_child[2512]] [do_card] (0x4000): /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so Test Organization Sub Int Token Test Organization Sub Int Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 421s [p11_child[2512]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x175b9427;slot-manufacturer=SoftHSM%20project;slot-id=391877671;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=9cd969a3975b9427;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 421s [p11_child[2512]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 421s [p11_child[2512]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 421s [p11_child[2512]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 421s [p11_child[2512]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 421s [p11_child[2512]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 421s [p11_child[2512]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 421s [p11_child[2512]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 421s [p11_child[2512]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 421s [p11_child[2512]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 421s [p11_child[2512]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 421s [p11_child[2512]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 421s [p11_child[2512]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 421s [p11_child[2512]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 421s [p11_child[2512]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 421s [p11_child[2512]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 421s [p11_child[2512]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 421s [p11_child[2512]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 421s [p11_child[2512]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 421s [p11_child[2512]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 421s [p11_child[2512]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 421s [p11_child[2512]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 421s [p11_child[2512]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 421s [p11_child[2512]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 421s [p11_child[2512]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 421s [p11_child[2512]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 421s [p11_child[2512]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 421s [p11_child[2512]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 421s [p11_child[2512]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 421s [p11_child[2512]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 421s [p11_child[2512]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 421s [p11_child[2512]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 421s [p11_child[2512]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 421s [p11_child[2512]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 421s [p11_child[2512]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 421s [p11_child[2512]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 421s [p11_child[2512]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 421s [p11_child[2512]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 421s [p11_child[2512]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 421s [p11_child[2512]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 421s [p11_child[2512]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 421s [p11_child[2512]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 421s [p11_child[2512]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 421s [p11_child[2512]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 421s [p11_child[2512]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 421s [p11_child[2512]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 421s [p11_child[2512]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 421s [p11_child[2512]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 421s [p11_child[2512]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 421s [p11_child[2512]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 421s [p11_child[2512]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 421s [p11_child[2512]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 421s [p11_child[2512]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 421s [p11_child[2512]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 421s [p11_child[2512]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 421s [p11_child[2512]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 421s [p11_child[2512]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 421s [p11_child[2512]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 421s [p11_child[2512]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 421s [p11_child[2512]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 421s [p11_child[2512]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 421s [p11_child[2512]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 421s [p11_child[2512]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 421s [p11_child[2512]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 421s [p11_child[2512]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 421s [p11_child[2512]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 421s [p11_child[2512]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 421s [p11_child[2512]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 421s [p11_child[2512]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 421s [p11_child[2512]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 421s [p11_child[2512]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 421s [p11_child[2512]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 421s [p11_child[2512]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 421s [p11_child[2512]] [do_card] (0x4000): Certificate verified and validated. 421s [p11_child[2512]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 421s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-r0YAhf/SSSD-child-17825-auth.output 421s + echo '-----BEGIN CERTIFICATE-----' 421s + tail -n1 /tmp/sssd-softhsm2-r0YAhf/SSSD-child-17825-auth.output 421s + echo '-----END CERTIFICATE-----' 421s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-r0YAhf/SSSD-child-17825-auth.pem 421s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-r0YAhf/SSSD-child-17825-auth.pem 421s + found_md5=Modulus=BB2766FF4D7E9FE01B175DE5B2AF8DCFA1F56C6A92024214274C92F0BF8970A747D0BB2A787F97E82BFEFF42F468B11FA1FF0CC04C9B8E347D277E9B55A490B43090ED9E05DD19B518C29AC1B6F3A5BE20002DDD25E9F3EBE9AE51B17717DA769B0F7273960E86548088982E6587E8CAC4EA427924C2A4A8DA914FBB37492DE1 421s + '[' Modulus=BB2766FF4D7E9FE01B175DE5B2AF8DCFA1F56C6A92024214274C92F0BF8970A747D0BB2A787F97E82BFEFF42F468B11FA1FF0CC04C9B8E347D277E9B55A490B43090ED9E05DD19B518C29AC1B6F3A5BE20002DDD25E9F3EBE9AE51B17717DA769B0F7273960E86548088982E6587E8CAC4EA427924C2A4A8DA914FBB37492DE1 '!=' Modulus=BB2766FF4D7E9FE01B175DE5B2AF8DCFA1F56C6A92024214274C92F0BF8970A747D0BB2A787F97E82BFEFF42F468B11FA1FF0CC04C9B8E347D277E9B55A490B43090ED9E05DD19B518C29AC1B6F3A5BE20002DDD25E9F3EBE9AE51B17717DA769B0F7273960E86548088982E6587E8CAC4EA427924C2A4A8DA914FBB37492DE1 ']' 421s + valid_certificate /tmp/sssd-softhsm2-r0YAhf/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-1245 /tmp/sssd-softhsm2-r0YAhf/test-intermediate-sub-chain-CA.pem partial_chain 421s + check_certificate /tmp/sssd-softhsm2-r0YAhf/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-1245 /tmp/sssd-softhsm2-r0YAhf/test-intermediate-sub-chain-CA.pem partial_chain 421s + local certificate=/tmp/sssd-softhsm2-r0YAhf/test-sub-intermediate-CA-trusted-certificate-0001.pem 421s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-1245 421s + local key_ring=/tmp/sssd-softhsm2-r0YAhf/test-intermediate-sub-chain-CA.pem 421s + local verify_option=partial_chain 421s + prepare_softhsm2_card /tmp/sssd-softhsm2-r0YAhf/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-1245 421s + local certificate=/tmp/sssd-softhsm2-r0YAhf/test-sub-intermediate-CA-trusted-certificate-0001.pem 421s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-1245 421s + local key_cn 421s + local key_name 421s + local tokens_dir 421s + local output_cert_file 421s + token_name= 421s ++ basename /tmp/sssd-softhsm2-r0YAhf/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 421s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 421s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-r0YAhf/test-sub-intermediate-CA-trusted-certificate-0001.pem 421s ++ sed -n 's/ *commonName *= //p' 421s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 421s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 421s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-r0YAhf/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 421s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-r0YAhf/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 421s ++ basename /tmp/sssd-softhsm2-r0YAhf/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 421s + tokens_dir=/tmp/sssd-softhsm2-r0YAhf/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 421s + token_name='Test Organization Sub Int Token' 421s + '[' '!' -e /tmp/sssd-softhsm2-r0YAhf/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 421s + '[' '!' -d /tmp/sssd-softhsm2-r0YAhf/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 421s + echo 'Test Organization Sub Int Token' 421s + '[' -n partial_chain ']' 421s + local verify_arg=--verify=partial_chain 421s + local output_base_name=SSSD-child-4215 421s + local output_file=/tmp/sssd-softhsm2-r0YAhf/SSSD-child-4215.output 421s + output_cert_file=/tmp/sssd-softhsm2-r0YAhf/SSSD-child-4215.pem 421s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-r0YAhf/test-intermediate-sub-chain-CA.pem 421s [p11_child[2522]] [main] (0x0400): p11_child started. 421s [p11_child[2522]] [main] (0x2000): Running in [pre-auth] mode. 421s [p11_child[2522]] [main] (0x2000): Running with effective IDs: [0][0]. 421s [p11_child[2522]] [main] (0x2000): Running with real IDs [0][0]. 421s [p11_child[2522]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 421s [p11_child[2522]] [do_card] (0x4000): Module List: 421s [p11_child[2522]] [do_card] (0x4000): common name: [softhsm2]. 421s [p11_child[2522]] [do_card] (0x4000): dll name: [/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 421s [p11_child[2522]] [do_card] (0x4000): Description [SoftHSM slot ID 0x175b9427] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 421s [p11_child[2522]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 421s [p11_child[2522]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x175b9427][391877671] of module [0][/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 421s [p11_child[2522]] [do_card] (0x4000): Login NOT required. 421s [p11_child[2522]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 421s [p11_child[2522]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 421s [p11_child[2522]] [do_card] (0x4000): /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Sub Int Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 421s [p11_child[2522]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x175b9427;slot-manufacturer=SoftHSM%20project;slot-id=391877671;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=9cd969a3975b9427;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 421s [p11_child[2522]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 421s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-r0YAhf/SSSD-child-4215.output 421s + echo '-----BEGIN CERTIFICATE-----' 421s + tail -n1 /tmp/sssd-softhsm2-r0YAhf/SSSD-child-4215.output 421s + echo '-----END CERTIFICATE-----' 421s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-r0YAhf/SSSD-child-4215.pem 421s + local found_md5 expected_md5 421s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-r0YAhf/test-sub-intermediate-CA-trusted-certificate-0001.pem 421s + expected_md5=Modulus=BB2766FF4D7E9FE01B175DE5B2AF8DCFA1F56C6A92024214274C92F0BF8970A747D0BB2A787F97E82BFEFF42F468B11FA1FF0CC04C9B8E347D277E9B55A490B43090ED9E05DD19B518C29AC1B6F3A5BE20002DDD25E9F3EBE9AE51B17717DA769B0F7273960E86548088982E6587E8CAC4EA427924C2A4A8DA914FBB37492DE1 421s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-r0YAhf/SSSD-child-4215.pem 421s + found_md5=Modulus=BB2766FF4D7E9FE01B175DE5B2AF8DCFA1F56C6A92024214274C92F0BF8970A747D0BB2A787F97E82BFEFF42F468B11FA1FF0CC04C9B8E347D277E9B55A490B43090ED9E05DD19B518C29AC1B6F3A5BE20002DDD25E9F3EBE9AE51B17717DA769B0F7273960E86548088982E6587E8CAC4EA427924C2A4A8DA914FBB37492DE1 421s + '[' Modulus=BB2766FF4D7E9FE01B175DE5B2AF8DCFA1F56C6A92024214274C92F0BF8970A747D0BB2A787F97E82BFEFF42F468B11FA1FF0CC04C9B8E347D277E9B55A490B43090ED9E05DD19B518C29AC1B6F3A5BE20002DDD25E9F3EBE9AE51B17717DA769B0F7273960E86548088982E6587E8CAC4EA427924C2A4A8DA914FBB37492DE1 '!=' Modulus=BB2766FF4D7E9FE01B175DE5B2AF8DCFA1F56C6A92024214274C92F0BF8970A747D0BB2A787F97E82BFEFF42F468B11FA1FF0CC04C9B8E347D277E9B55A490B43090ED9E05DD19B518C29AC1B6F3A5BE20002DDD25E9F3EBE9AE51B17717DA769B0F7273960E86548088982E6587E8CAC4EA427924C2A4A8DA914FBB37492DE1 ']' 421s + output_file=/tmp/sssd-softhsm2-r0YAhf/SSSD-child-4215-auth.output 421s ++ basename /tmp/sssd-softhsm2-r0YAhf/SSSD-child-4215-auth.output .output 421s + output_cert_file=/tmp/sssd-softhsm2-r0YAhf/SSSD-child-4215-auth.pem 421s + echo -n 053350 421s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-r0YAhf/test-intermediate-sub-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Sub Int Token' --module_name /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so 421s [p11_child[2530]] [main] (0x0400): p11_child started. 421s [p11_child[2530]] [main] (0x2000): Running in [auth] mode. 421s [p11_child[2530]] [main] (0x2000): Running with effective IDs: [0][0]. 421s [p11_child[2530]] [main] (0x2000): Running with real IDs [0][0]. 421s [p11_child[2530]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 421s [p11_child[2530]] [do_card] (0x4000): Module List: 421s [p11_child[2530]] [do_card] (0x4000): common name: [softhsm2]. 421s [p11_child[2530]] [do_card] (0x4000): dll name: [/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 421s [p11_child[2530]] [do_card] (0x4000): Description [SoftHSM slot ID 0x175b9427] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 421s [p11_child[2530]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 421s [p11_child[2530]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x175b9427][391877671] of module [0][/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 421s [p11_child[2530]] [do_card] (0x4000): Login required. 421s [p11_child[2530]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 421s [p11_child[2530]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 421s [p11_child[2530]] [do_card] (0x4000): /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so Test Organization Sub Int Token Test Organization Sub Int Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 421s [p11_child[2530]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x175b9427;slot-manufacturer=SoftHSM%20project;slot-id=391877671;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=9cd969a3975b9427;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 421s [p11_child[2530]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 421s [p11_child[2530]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 421s [p11_child[2530]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 421s [p11_child[2530]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 421s [p11_child[2530]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 421s [p11_child[2530]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 421s [p11_child[2530]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 421s [p11_child[2530]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 421s [p11_child[2530]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 421s [p11_child[2530]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 421s [p11_child[2530]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 421s [p11_child[2530]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 421s [p11_child[2530]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 421s [p11_child[2530]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 421s [p11_child[2530]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 421s [p11_child[2530]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 421s [p11_child[2530]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 421s [p11_child[2530]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 421s [p11_child[2530]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 421s [p11_child[2530]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 421s [p11_child[2530]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 421s [p11_child[2530]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 421s [p11_child[2530]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 421s [p11_child[2530]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 421s [p11_child[2530]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 421s [p11_child[2530]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 421s [p11_child[2530]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 421s [p11_child[2530]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 421s [p11_child[2530]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 421s [p11_child[2530]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 421s [p11_child[2530]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 421s [p11_child[2530]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 421s [p11_child[2530]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 421s [p11_child[2530]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 421s [p11_child[2530]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 421s [p11_child[2530]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 421s [p11_child[2530]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 421s [p11_child[2530]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 421s [p11_child[2530]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 421s [p11_child[2530]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 421s [p11_child[2530]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 421s [p11_child[2530]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 421s [p11_child[2530]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 421s [p11_child[2530]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 421s [p11_child[2530]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 421s [p11_child[2530]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 421s [p11_child[2530]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 421s [p11_child[2530]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 421s [p11_child[2530]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 421s [p11_child[2530]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 421s [p11_child[2530]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 421s [p11_child[2530]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 421s [p11_child[2530]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 421s [p11_child[2530]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 421s [p11_child[2530]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 421s [p11_child[2530]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 421s [p11_child[2530]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 421s [p11_child[2530]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 421s [p11_child[2530]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 421s [p11_child[2530]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 421s [p11_child[2530]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 421s [p11_child[2530]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 421s [p11_child[2530]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 421s [p11_child[2530]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 421s [p11_child[2530]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 421s [p11_child[2530]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 421s [p11_child[2530]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 421s [p11_child[2530]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 421s [p11_child[2530]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 421s [p11_child[2530]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 421s [p11_child[2530]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 421s [p11_child[2530]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 421s [p11_child[2530]] [do_card] (0x4000): Certificate verified and validated. 421s [p11_child[2530]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 421s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-r0YAhf/SSSD-child-4215-auth.output 421s + echo '-----BEGIN CERTIFICATE-----' 421s + tail -n1 /tmp/sssd-softhsm2-r0YAhf/SSSD-child-4215-auth.output 421s + echo '-----END CERTIFICATE-----' 421s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-r0YAhf/SSSD-child-4215-auth.pem 421s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-r0YAhf/SSSD-child-4215-auth.pem 421s + found_md5=Modulus=BB2766FF4D7E9FE01B175DE5B2AF8DCFA1F56C6A92024214274C92F0BF8970A747D0BB2A787F97E82BFEFF42F468B11FA1FF0CC04C9B8E347D277E9B55A490B43090ED9E05DD19B518C29AC1B6F3A5BE20002DDD25E9F3EBE9AE51B17717DA769B0F7273960E86548088982E6587E8CAC4EA427924C2A4A8DA914FBB37492DE1 421s + '[' Modulus=BB2766FF4D7E9FE01B175DE5B2AF8DCFA1F56C6A92024214274C92F0BF8970A747D0BB2A787F97E82BFEFF42F468B11FA1FF0CC04C9B8E347D277E9B55A490B43090ED9E05DD19B518C29AC1B6F3A5BE20002DDD25E9F3EBE9AE51B17717DA769B0F7273960E86548088982E6587E8CAC4EA427924C2A4A8DA914FBB37492DE1 '!=' Modulus=BB2766FF4D7E9FE01B175DE5B2AF8DCFA1F56C6A92024214274C92F0BF8970A747D0BB2A787F97E82BFEFF42F468B11FA1FF0CC04C9B8E347D277E9B55A490B43090ED9E05DD19B518C29AC1B6F3A5BE20002DDD25E9F3EBE9AE51B17717DA769B0F7273960E86548088982E6587E8CAC4EA427924C2A4A8DA914FBB37492DE1 ']' 421s + set +x 421s autopkgtest [15:18:52]: test sssd-softhism2-certificates-tests.sh: -----------------------] 447s autopkgtest [15:19:18]: test sssd-softhism2-certificates-tests.sh: - - - - - - - - - - results - - - - - - - - - - 447s sssd-softhism2-certificates-tests.sh PASS 448s autopkgtest [15:19:18]: test sssd-smart-card-pam-auth-configs: preparing testbed 470s Reading package lists... 470s Building dependency tree... 470s Reading state information... 470s Starting pkgProblemResolver with broken count: 0 470s Starting 2 pkgProblemResolver with broken count: 0 470s Done 471s The following additional packages will be installed: 471s pamtester 471s The following NEW packages will be installed: 471s autopkgtest-satdep pamtester 471s 0 upgraded, 2 newly installed, 0 to remove and 0 not upgraded. 471s Need to get 12.7 kB/13.5 kB of archives. 471s After this operation, 36.9 kB of additional disk space will be used. 471s Get:1 /tmp/autopkgtest.m2Kdas/4-autopkgtest-satdep.deb autopkgtest-satdep amd64 0 [764 B] 471s Get:2 http://ftpmaster.internal/ubuntu noble/universe amd64 pamtester amd64 0.1.2-4 [12.7 kB] 471s Fetched 12.7 kB in 0s (473 kB/s) 471s Selecting previously unselected package pamtester. 471s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 74558 files and directories currently installed.) 471s Preparing to unpack .../pamtester_0.1.2-4_amd64.deb ... 471s Unpacking pamtester (0.1.2-4) ... 471s Selecting previously unselected package autopkgtest-satdep. 471s Preparing to unpack .../4-autopkgtest-satdep.deb ... 471s Unpacking autopkgtest-satdep (0) ... 471s Setting up pamtester (0.1.2-4) ... 471s Setting up autopkgtest-satdep (0) ... 471s Processing triggers for man-db (2.12.0-4build2) ... 516s (Reading database ... 74564 files and directories currently installed.) 516s Removing autopkgtest-satdep (0) ... 537s autopkgtest [15:20:48]: test sssd-smart-card-pam-auth-configs: env OFFLINE_MODE=1 bash debian/tests/sssd-smart-card-pam-auth-configs-tester.sh 537s autopkgtest [15:20:48]: test sssd-smart-card-pam-auth-configs: [----------------------- 543s + '[' -z ubuntu ']' 543s + export DEBIAN_FRONTEND=noninteractive 543s + DEBIAN_FRONTEND=noninteractive 543s + required_tools=(pamtester softhsm2-util sssd) 543s + [[ ! -v OFFLINE_MODE ]] 543s + for cmd in "${required_tools[@]}" 543s + command -v pamtester 543s + for cmd in "${required_tools[@]}" 543s + command -v softhsm2-util 543s + for cmd in "${required_tools[@]}" 543s + command -v sssd 543s + PIN=123456 543s ++ mktemp -d -t sssd-softhsm2-certs-XXXXXX 543s + tmpdir=/tmp/sssd-softhsm2-certs-ygK9mT 543s + backupsdir= 543s + alternative_pam_configs=(sss-smart-card-optional sss-smart-card-required) 543s + declare -a restore_paths 543s + declare -a delete_paths 543s + trap handle_exit EXIT 543s ++ dirname debian/tests/sssd-smart-card-pam-auth-configs-tester.sh 543s + tester=debian/tests/sssd-softhism2-certificates-tests.sh 543s + '[' '!' -e debian/tests/sssd-softhism2-certificates-tests.sh ']' 543s + '[' '!' -e debian/tests/sssd-softhism2-certificates-tests.sh ']' 543s + export PIN TEST_TMPDIR=/tmp/sssd-softhsm2-certs-ygK9mT GENERATE_SMART_CARDS=1 KEEP_TEMPORARY_FILES=1 NO_SSSD_TESTS=1 543s + TEST_TMPDIR=/tmp/sssd-softhsm2-certs-ygK9mT 543s + GENERATE_SMART_CARDS=1 543s + KEEP_TEMPORARY_FILES=1 543s + NO_SSSD_TESTS=1 543s + bash debian/tests/sssd-softhism2-certificates-tests.sh 543s + '[' -z ubuntu ']' 543s + required_tools=(p11tool openssl softhsm2-util) 543s + for cmd in "${required_tools[@]}" 543s + command -v p11tool 543s + for cmd in "${required_tools[@]}" 543s + command -v openssl 543s + for cmd in "${required_tools[@]}" 543s + command -v softhsm2-util 543s + PIN=123456 543s +++ find /usr/lib/softhsm/libsofthsm2.so 543s +++ head -n 1 543s ++ realpath /usr/lib/softhsm/libsofthsm2.so 543s + SOFTHSM2_MODULE=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so 543s + SSSD_P11_CHILD=/usr/libexec/sssd/p11_child 543s + TOKEN_ID=00112233445566778899FFAABBCCDDEEFF012345 543s + '[' '!' -v NO_SSSD_TESTS ']' 543s + '[' '!' -e /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so ']' 543s + tmpdir=/tmp/sssd-softhsm2-certs-ygK9mT 543s + keys_size=1024 543s + [[ ! -v KEEP_TEMPORARY_FILES ]] 543s + trap 'set +x; echo -e "\nUnexpected failure!!!"' ERR 543s + echo -n 01 543s + touch /tmp/sssd-softhsm2-certs-ygK9mT/index.txt 543s + mkdir -p /tmp/sssd-softhsm2-certs-ygK9mT/new_certs 543s + cat 543s + root_ca_key_pass=pass:random-root-CA-password-20280 543s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-certs-ygK9mT/test-root-CA-key.pem -passout pass:random-root-CA-password-20280 1024 543s + openssl req -passin pass:random-root-CA-password-20280 -batch -config /tmp/sssd-softhsm2-certs-ygK9mT/test-root-CA.config -x509 -new -nodes -key /tmp/sssd-softhsm2-certs-ygK9mT/test-root-CA-key.pem -sha256 -days 1024 -set_serial 0 -extensions v3_ca -out /tmp/sssd-softhsm2-certs-ygK9mT/test-root-CA.pem 543s + openssl x509 -noout -in /tmp/sssd-softhsm2-certs-ygK9mT/test-root-CA.pem 543s + cat 543s + intermediate_ca_key_pass=pass:random-intermediate-CA-password-28053 543s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-certs-ygK9mT/test-intermediate-CA-key.pem -passout pass:random-intermediate-CA-password-28053 1024 543s + openssl req -batch -new -nodes -passin pass:random-intermediate-CA-password-28053 -config /tmp/sssd-softhsm2-certs-ygK9mT/test-intermediate-CA.config -key /tmp/sssd-softhsm2-certs-ygK9mT/test-intermediate-CA-key.pem -passout pass:random-root-CA-password-20280 -sha256 -extensions v3_ca -out /tmp/sssd-softhsm2-certs-ygK9mT/test-intermediate-CA-certificate-request.pem 543s + openssl req -text -noout -in /tmp/sssd-softhsm2-certs-ygK9mT/test-intermediate-CA-certificate-request.pem 543s Certificate Request: 543s Data: 543s Version: 1 (0x0) 543s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 543s Subject Public Key Info: 543s Public Key Algorithm: rsaEncryption 543s Public-Key: (1024 bit) 543s Modulus: 543s 00:b4:0a:e6:92:94:bc:25:08:38:06:6c:77:d6:8b: 543s fa:74:0b:a8:57:b8:f1:51:33:c6:77:f5:ce:a1:ed: 543s 03:45:87:6e:54:8e:64:f9:0b:a3:8b:76:ef:73:94: 543s 8e:e0:0f:56:16:92:77:94:e0:4c:26:d5:ea:fa:e5: 543s 5e:8d:db:e3:3f:37:c0:5c:ad:4a:3a:65:e5:74:27: 543s b5:ba:4f:c5:0d:be:81:d7:68:d4:aa:53:51:18:77: 543s 6f:3b:b0:16:bb:af:62:79:e4:d9:97:f9:fd:a0:7b: 543s 5f:6a:6c:ab:7c:66:cd:f5:97:24:66:e4:76:47:ca: 543s df:39:8b:91:f6:5b:40:49:0b 543s Exponent: 65537 (0x10001) 543s Attributes: 543s (none) 543s Requested Extensions: 543s Signature Algorithm: sha256WithRSAEncryption 543s Signature Value: 543s 80:41:30:5a:d7:c7:ea:05:1d:f7:a0:f2:79:97:b2:67:c0:38: 543s 9e:c3:d1:d0:9d:75:09:b7:7b:bc:86:9c:55:e7:58:19:58:8e: 543s be:f6:b8:09:fa:74:ac:b7:bc:69:37:bb:e3:50:bc:4b:7c:ec: 543s b6:6a:d5:7e:1a:42:0b:dd:d9:3d:27:96:ec:1a:5d:fb:7d:a0: 543s 20:44:49:ea:81:8b:03:9a:2b:14:a4:63:d1:12:e5:9c:5b:c0: 543s 58:33:56:35:3e:a4:74:b1:b5:f5:bc:2a:b6:85:48:4f:7b:b7: 543s 5d:41:f1:23:db:8f:f0:7c:e2:f1:0d:1e:5f:a5:41:f4:97:da: 543s 05:c5 543s + openssl ca -batch -notext -config /tmp/sssd-softhsm2-certs-ygK9mT/test-root-CA.config -passin pass:random-root-CA-password-20280 -keyfile /tmp/sssd-softhsm2-certs-ygK9mT/test-root-CA-key.pem -in /tmp/sssd-softhsm2-certs-ygK9mT/test-intermediate-CA-certificate-request.pem -days 365 -extensions v3_intermediate_ca -out /tmp/sssd-softhsm2-certs-ygK9mT/test-intermediate-CA.pem 543s Using configuration from /tmp/sssd-softhsm2-certs-ygK9mT/test-root-CA.config 543s Check that the request matches the signature 543s Signature ok 543s Certificate Details: 543s Serial Number: 1 (0x1) 543s Validity 543s Not Before: Jun 14 15:20:54 2024 GMT 543s Not After : Jun 14 15:20:54 2025 GMT 543s Subject: 543s organizationName = Test Organization 543s organizationalUnitName = Test Organization Unit 543s commonName = Test Organization Intermediate CA 543s X509v3 extensions: 543s X509v3 Subject Key Identifier: 543s B5:5B:9B:5B:89:84:80:81:78:20:6A:C6:D1:17:B6:54:E3:56:55:91 543s X509v3 Authority Key Identifier: 543s keyid:9A:70:EC:74:40:08:64:10:BC:48:99:28:A5:9C:7C:80:15:E6:86:16 543s DirName:/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root CA 543s serial:00 543s X509v3 Basic Constraints: 543s CA:TRUE 543s X509v3 Key Usage: critical 543s Digital Signature, Certificate Sign, CRL Sign 543s Certificate is to be certified until Jun 14 15:20:54 2025 GMT (365 days) 543s 543s Write out database with 1 new entries 543s Database updated 543s + openssl x509 -noout -in /tmp/sssd-softhsm2-certs-ygK9mT/test-intermediate-CA.pem 543s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-ygK9mT/test-root-CA.pem /tmp/sssd-softhsm2-certs-ygK9mT/test-intermediate-CA.pem 543s /tmp/sssd-softhsm2-certs-ygK9mT/test-intermediate-CA.pem: OK 543s + cat 543s + sub_intermediate_ca_key_pass=pass:random-sub-intermediate-CA-password-15744 543s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-certs-ygK9mT/test-sub-intermediate-CA-key.pem -passout pass:random-sub-intermediate-CA-password-15744 1024 544s + openssl req -batch -new -nodes -passin pass:random-sub-intermediate-CA-password-15744 -config /tmp/sssd-softhsm2-certs-ygK9mT/test-sub-intermediate-CA.config -key /tmp/sssd-softhsm2-certs-ygK9mT/test-sub-intermediate-CA-key.pem -passout pass:random-intermediate-CA-password-28053 -sha256 -extensions v3_ca -out /tmp/sssd-softhsm2-certs-ygK9mT/test-sub-intermediate-CA-certificate-request.pem 544s + openssl req -text -noout -in /tmp/sssd-softhsm2-certs-ygK9mT/test-sub-intermediate-CA-certificate-request.pem 544s Certificate Request: 544s Data: 544s Version: 1 (0x0) 544s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 544s Subject Public Key Info: 544s Public Key Algorithm: rsaEncryption 544s Public-Key: (1024 bit) 544s Modulus: 544s 00:e7:54:8e:a3:54:ce:91:35:6b:03:e3:18:63:33: 544s d9:0e:04:39:1f:ea:24:e3:a0:86:f1:25:73:f4:3e: 544s 96:8a:fe:00:94:01:02:f6:44:06:a6:da:0c:77:56: 544s 55:5c:31:ba:3b:51:40:8d:35:9e:f6:1d:56:6f:ff: 544s 3a:4a:41:62:bd:a8:24:f3:c4:24:b6:72:19:be:54: 544s c5:a2:a9:eb:36:3c:ae:14:2b:b4:c5:70:9d:4f:b2: 544s 5d:6a:66:4d:d4:86:bb:97:34:06:bc:f5:bd:cc:7f: 544s 8b:9a:27:82:a0:de:9b:83:fe:1f:71:76:db:ea:56: 544s 1e:7f:09:7c:dd:f9:7d:ef:69 544s Exponent: 65537 (0x10001) 544s Attributes: 544s (none) 544s Requested Extensions: 544s Signature Algorithm: sha256WithRSAEncryption 544s Signature Value: 544s 74:fa:3f:8c:08:0c:36:29:66:9f:fe:be:df:43:0e:ab:bc:81: 544s 4f:87:92:c7:27:e3:77:bb:5b:e8:d1:90:8b:dc:06:42:71:a6: 544s 85:ae:81:01:c6:02:c3:0c:6b:6f:47:a7:14:37:d8:33:9f:6c: 544s b7:8e:77:e9:8a:44:24:90:77:b9:08:69:9a:79:95:8e:fd:02: 544s f9:1f:56:74:9e:b0:d4:2e:c4:0e:48:72:5e:76:23:be:da:99: 544s be:3d:7a:2d:04:87:81:74:e8:c4:fd:e7:86:d6:a1:b9:c1:dc: 544s fc:61:b1:a6:03:ac:04:6c:ee:c4:1d:32:b0:58:5c:cd:2f:a4: 544s d3:3e 544s + openssl ca -batch -notext -config /tmp/sssd-softhsm2-certs-ygK9mT/test-intermediate-CA.config -passin pass:random-intermediate-CA-password-28053 -keyfile /tmp/sssd-softhsm2-certs-ygK9mT/test-intermediate-CA-key.pem -in /tmp/sssd-softhsm2-certs-ygK9mT/test-sub-intermediate-CA-certificate-request.pem -days 365 -extensions v3_intermediate_ca -out /tmp/sssd-softhsm2-certs-ygK9mT/test-sub-intermediate-CA.pem 544s Using configuration from /tmp/sssd-softhsm2-certs-ygK9mT/test-intermediate-CA.config 544s Check that the request matches the signature 544s Signature ok 544s Certificate Details: 544s Serial Number: 2 (0x2) 544s Validity 544s Not Before: Jun 14 15:20:55 2024 GMT 544s Not After : Jun 14 15:20:55 2025 GMT 544s Subject: 544s organizationName = Test Organization 544s organizationalUnitName = Test Organization Unit 544s commonName = Test Organization Sub Intermediate CA 544s X509v3 extensions: 544s X509v3 Subject Key Identifier: 544s D9:8B:71:BE:F0:22:B6:36:05:A1:2E:93:53:B7:5D:D1:42:28:50:17 544s X509v3 Authority Key Identifier: 544s keyid:B5:5B:9B:5B:89:84:80:81:78:20:6A:C6:D1:17:B6:54:E3:56:55:91 544s DirName:/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root CA 544s serial:01 544s X509v3 Basic Constraints: 544s CA:TRUE 544s X509v3 Key Usage: critical 544s Digital Signature, Certificate Sign, CRL Sign 544s Certificate is to be certified until Jun 14 15:20:55 2025 GMT (365 days) 544s 544s Write out database with 1 new entries 544s Database updated 544s + openssl x509 -noout -in /tmp/sssd-softhsm2-certs-ygK9mT/test-sub-intermediate-CA.pem 544s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-certs-ygK9mT/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-ygK9mT/test-sub-intermediate-CA.pem 544s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-certs-ygK9mT/test-root-CA.pem /tmp/sssd-softhsm2-certs-ygK9mT/test-sub-intermediate-CA.pem 544s + local cmd=openssl 544s + shift 544s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-ygK9mT/test-root-CA.pem /tmp/sssd-softhsm2-certs-ygK9mT/test-sub-intermediate-CA.pem 544s /tmp/sssd-softhsm2-certs-ygK9mT/test-sub-intermediate-CA.pem: OK 544s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 544s error 20 at 0 depth lookup: unable to get local issuer certificate 544s error /tmp/sssd-softhsm2-certs-ygK9mT/test-sub-intermediate-CA.pem: verification failed 544s + cat 544s + root_ca_trusted_cert_0001_key_pass=pass:random-root-ca-trusted-cert-0001-1482 544s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-certs-ygK9mT/test-root-CA-trusted-certificate-0001-key.pem -passout pass:random-root-ca-trusted-cert-0001-1482 1024 544s + openssl req -new -nodes -reqexts req_exts -passin pass:random-root-ca-trusted-cert-0001-1482 -key /tmp/sssd-softhsm2-certs-ygK9mT/test-root-CA-trusted-certificate-0001-key.pem -config /tmp/sssd-softhsm2-certs-ygK9mT/test-root-CA-trusted-certificate-0001.config -out /tmp/sssd-softhsm2-certs-ygK9mT/test-root-CA-trusted-certificate-0001-request.pem 544s + openssl req -text -noout -in /tmp/sssd-softhsm2-certs-ygK9mT/test-root-CA-trusted-certificate-0001-request.pem 544s Certificate Request: 544s Data: 544s Version: 1 (0x0) 544s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 544s Subject Public Key Info: 544s Public Key Algorithm: rsaEncryption 544s Public-Key: (1024 bit) 544s Modulus: 544s 00:f1:d9:e4:e7:5a:98:e3:1b:ec:3e:e6:d9:d6:27: 544s 56:ba:db:4c:38:7b:5b:c6:68:d0:96:8e:1f:ff:2b: 544s 39:46:1f:34:0d:08:2d:c1:65:cb:5f:5b:ef:6f:45: 544s 3a:c5:eb:6f:b2:a8:84:60:26:28:3b:60:e7:82:11: 544s ed:fb:44:aa:ab:03:59:75:51:7d:a5:6f:bd:bf:45: 544s cc:c9:0c:a8:c1:67:71:71:13:29:29:80:a2:b6:db: 544s 9e:ea:de:5b:97:c9:94:e9:28:fc:4f:f2:45:f4:8e: 544s ab:50:db:fa:4c:4b:90:13:9a:2e:84:f9:62:b6:03: 544s ef:ed:44:1f:b9:69:04:e6:1b 544s Exponent: 65537 (0x10001) 544s Attributes: 544s Requested Extensions: 544s X509v3 Basic Constraints: 544s CA:FALSE 544s Netscape Cert Type: 544s SSL Client, S/MIME 544s Netscape Comment: 544s Test Organization Root CA trusted Certificate 544s X509v3 Subject Key Identifier: 544s A0:D8:8D:55:27:9E:4C:59:B0:42:4F:76:A4:73:70:AE:C4:FA:14:E8 544s X509v3 Key Usage: critical 544s Digital Signature, Non Repudiation, Key Encipherment 544s X509v3 Extended Key Usage: 544s TLS Web Client Authentication, E-mail Protection 544s X509v3 Subject Alternative Name: 544s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 544s Signature Algorithm: sha256WithRSAEncryption 544s Signature Value: 544s d9:69:56:f7:ca:d8:3f:f4:c8:46:b9:9d:17:96:13:ca:ac:a4: 544s 4f:40:cb:c7:2b:60:32:44:90:5c:9d:35:e4:4a:22:fc:52:b4: 544s a6:30:65:55:be:9a:e4:ec:e5:06:5f:4b:a3:90:20:b3:1a:a7: 544s 59:f9:b4:da:1d:7b:4b:68:2d:a4:21:8a:95:a8:0f:71:6d:35: 544s d9:86:34:17:c4:de:21:1e:e1:2b:e9:ac:11:c1:a1:ea:aa:dc: 544s fb:66:e8:d2:52:94:a7:ff:68:f7:51:29:c8:26:19:3c:58:5b: 544s a7:81:81:fc:ec:43:72:0f:14:76:7b:c9:7c:82:25:04:b9:0d: 544s c8:34 544s + openssl ca -batch -notext -config /tmp/sssd-softhsm2-certs-ygK9mT/test-root-CA.config -passin pass:random-root-CA-password-20280 -keyfile /tmp/sssd-softhsm2-certs-ygK9mT/test-root-CA-key.pem -in /tmp/sssd-softhsm2-certs-ygK9mT/test-root-CA-trusted-certificate-0001-request.pem -days 365 -extensions usr_cert -out /tmp/sssd-softhsm2-certs-ygK9mT/test-root-CA-trusted-certificate-0001.pem 544s Using configuration from /tmp/sssd-softhsm2-certs-ygK9mT/test-root-CA.config 544s Check that the request matches the signature 544s Signature ok 544s Certificate Details: 544s Serial Number: 3 (0x3) 544s Validity 544s Not Before: Jun 14 15:20:55 2024 GMT 544s Not After : Jun 14 15:20:55 2025 GMT 544s Subject: 544s organizationName = Test Organization 544s organizationalUnitName = Test Organization Unit 544s commonName = Test Organization Root Trusted Certificate 0001 544s X509v3 extensions: 544s X509v3 Authority Key Identifier: 544s 9A:70:EC:74:40:08:64:10:BC:48:99:28:A5:9C:7C:80:15:E6:86:16 544s X509v3 Basic Constraints: 544s CA:FALSE 544s Netscape Cert Type: 544s SSL Client, S/MIME 544s Netscape Comment: 544s Test Organization Root CA trusted Certificate 544s X509v3 Subject Key Identifier: 544s A0:D8:8D:55:27:9E:4C:59:B0:42:4F:76:A4:73:70:AE:C4:FA:14:E8 544s X509v3 Key Usage: critical 544s Digital Signature, Non Repudiation, Key Encipherment 544s X509v3 Extended Key Usage: 544s TLS Web Client Authentication, E-mail Protection 544s X509v3 Subject Alternative Name: 544s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 544s Certificate is to be certified until Jun 14 15:20:55 2025 GMT (365 days) 544s 544s Write out database with 1 new entries 544s Database updated 544s + openssl x509 -noout -in /tmp/sssd-softhsm2-certs-ygK9mT/test-root-CA-trusted-certificate-0001.pem 544s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-ygK9mT/test-root-CA.pem /tmp/sssd-softhsm2-certs-ygK9mT/test-root-CA-trusted-certificate-0001.pem 544s /tmp/sssd-softhsm2-certs-ygK9mT/test-root-CA-trusted-certificate-0001.pem: OK 544s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-certs-ygK9mT/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-ygK9mT/test-root-CA-trusted-certificate-0001.pem 544s + local cmd=openssl 544s + shift 544s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-ygK9mT/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-ygK9mT/test-root-CA-trusted-certificate-0001.pem 544s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 544s error 20 at 0 depth lookup: unable to get local issuer certificate 544s error /tmp/sssd-softhsm2-certs-ygK9mT/test-root-CA-trusted-certificate-0001.pem: verification failed 544s + cat 544s + intermediate_ca_trusted_cert_0001_key_pass=pass:random-intermediate-ca-trusted-cert-0001-15787 544s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-certs-ygK9mT/test-intermediate-CA-trusted-certificate-0001-key.pem -passout pass:random-intermediate-ca-trusted-cert-0001-15787 1024 544s + openssl req -new -nodes -reqexts req_exts -passin pass:random-intermediate-ca-trusted-cert-0001-15787 -key /tmp/sssd-softhsm2-certs-ygK9mT/test-intermediate-CA-trusted-certificate-0001-key.pem -config /tmp/sssd-softhsm2-certs-ygK9mT/test-intermediate-CA-trusted-certificate-0001.config -out /tmp/sssd-softhsm2-certs-ygK9mT/test-intermediate-CA-trusted-certificate-0001-request.pem 544s + openssl req -text -noout -in /tmp/sssd-softhsm2-certs-ygK9mT/test-intermediate-CA-trusted-certificate-0001-request.pem 544s Certificate Request: 544s Data: 544s Version: 1 (0x0) 544s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 544s Subject Public Key Info: 544s Public Key Algorithm: rsaEncryption 544s Public-Key: (1024 bit) 544s Modulus: 544s 00:94:5f:75:e0:0d:a1:ea:50:a9:1d:f9:dc:2d:fd: 544s e8:5e:94:7a:7d:56:98:1c:21:fa:c9:0e:e8:e3:90: 544s 7e:cc:90:1f:5a:c8:f9:aa:59:f6:ed:09:96:8c:24: 544s 6d:78:96:a7:24:80:16:ad:65:f4:ae:85:12:14:63: 544s 2d:f5:5f:0b:39:9d:7a:7a:74:68:58:02:f8:c5:d2: 544s 18:e6:c6:bd:b3:9c:22:21:1a:9a:cd:9e:73:9b:c1: 544s 38:02:07:53:2a:39:83:b8:ca:4b:a4:f6:4d:d7:aa: 544s a0:58:dd:32:4a:65:e9:00:6e:d6:8e:01:de:52:00: 544s 45:7c:cf:b6:34:bf:7f:f0:0f 544s Exponent: 65537 (0x10001) 544s Attributes: 544s Requested Extensions: 544s X509v3 Basic Constraints: 544s CA:FALSE 544s Netscape Cert Type: 544s SSL Client, S/MIME 544s Netscape Comment: 544s Test Organization Intermediate CA trusted Certificate 544s X509v3 Subject Key Identifier: 544s 81:80:30:6E:FF:7A:5B:53:5E:06:F0:C4:30:E9:78:BA:BF:A4:32:A2 544s X509v3 Key Usage: critical 544s Digital Signature, Non Repudiation, Key Encipherment 544s X509v3 Extended Key Usage: 544s TLS Web Client Authentication, E-mail Protection 544s X509v3 Subject Alternative Name: 544s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 544s Signature Algorithm: sha256WithRSAEncryption 544s Signature Value: 544s 2c:8c:65:e0:8a:4c:5f:2a:08:a6:a0:55:b6:68:3b:0d:6d:1a: 544s 3e:68:65:2c:e8:f5:6c:5f:a5:67:7a:b3:f6:5b:ac:1d:c2:96: 544s 07:11:eb:cc:f4:2e:14:e3:ad:5a:f2:0d:84:6f:7c:b4:24:33: 544s 63:74:5d:04:7a:40:6c:fc:44:4f:57:fa:a3:30:bc:bc:e0:4a: 544s 06:19:ee:4e:c6:d8:f0:c6:3c:f6:f3:94:95:de:95:41:2f:b4: 544s 6b:00:8d:2c:7a:6b:dc:53:ca:20:c9:55:37:a7:cf:90:a3:94: 544s 6e:1b:b4:b4:db:fa:38:2c:65:c6:f3:91:13:7e:71:81:22:eb: 544s e3:c9 544s + openssl ca -passin pass:random-intermediate-CA-password-28053 -config /tmp/sssd-softhsm2-certs-ygK9mT/test-intermediate-CA.config -batch -notext -keyfile /tmp/sssd-softhsm2-certs-ygK9mT/test-intermediate-CA-key.pem -in /tmp/sssd-softhsm2-certs-ygK9mT/test-intermediate-CA-trusted-certificate-0001-request.pem -days 365 -extensions usr_cert -out /tmp/sssd-softhsm2-certs-ygK9mT/test-intermediate-CA-trusted-certificate-0001.pem 544s Using configuration from /tmp/sssd-softhsm2-certs-ygK9mT/test-intermediate-CA.config 544s Check that the request matches the signature 544s Signature ok 544s Certificate Details: 544s Serial Number: 4 (0x4) 544s Validity 544s Not Before: Jun 14 15:20:55 2024 GMT 544s Not After : Jun 14 15:20:55 2025 GMT 544s Subject: 544s organizationName = Test Organization 544s organizationalUnitName = Test Organization Unit 544s commonName = Test Organization Intermediate Trusted Certificate 0001 544s X509v3 extensions: 544s X509v3 Authority Key Identifier: 544s B5:5B:9B:5B:89:84:80:81:78:20:6A:C6:D1:17:B6:54:E3:56:55:91 544s X509v3 Basic Constraints: 544s CA:FALSE 544s Netscape Cert Type: 544s SSL Client, S/MIME 544s Netscape Comment: 544s Test Organization Intermediate CA trusted Certificate 544s X509v3 Subject Key Identifier: 544s 81:80:30:6E:FF:7A:5B:53:5E:06:F0:C4:30:E9:78:BA:BF:A4:32:A2 544s X509v3 Key Usage: critical 544s Digital Signature, Non Repudiation, Key Encipherment 544s X509v3 Extended Key Usage: 544s TLS Web Client Authentication, E-mail Protection 544s X509v3 Subject Alternative Name: 544s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 544s Certificate is to be certified until Jun 14 15:20:55 2025 GMT (365 days) 544s 544s Write out database with 1 new entries 544s Database updated 544s + openssl x509 -noout -in /tmp/sssd-softhsm2-certs-ygK9mT/test-intermediate-CA-trusted-certificate-0001.pem 544s This certificate should not be trusted fully 544s + echo 'This certificate should not be trusted fully' 544s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-certs-ygK9mT/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-ygK9mT/test-intermediate-CA-trusted-certificate-0001.pem 544s + local cmd=openssl 544s + shift 544s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-ygK9mT/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-ygK9mT/test-intermediate-CA-trusted-certificate-0001.pem 544s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 544s error 2 at 1 depth lookup: unable to get issuer certificate 544s error /tmp/sssd-softhsm2-certs-ygK9mT/test-intermediate-CA-trusted-certificate-0001.pem: verification failed 544s /tmp/sssd-softhsm2-certs-ygK9mT/test-intermediate-CA-trusted-certificate-0001.pem: OK 544s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-certs-ygK9mT/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-ygK9mT/test-intermediate-CA-trusted-certificate-0001.pem 544s + cat 544s + sub_intermediate_ca_trusted_cert_0001_key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-387 544s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-certs-ygK9mT/test-sub-intermediate-CA-trusted-certificate-0001-key.pem -passout pass:random-sub-intermediate-ca-trusted-cert-0001-387 1024 544s + openssl req -new -nodes -reqexts req_exts -passin pass:random-sub-intermediate-ca-trusted-cert-0001-387 -key /tmp/sssd-softhsm2-certs-ygK9mT/test-sub-intermediate-CA-trusted-certificate-0001-key.pem -config /tmp/sssd-softhsm2-certs-ygK9mT/test-sub-intermediate-CA-trusted-certificate-0001.config -out /tmp/sssd-softhsm2-certs-ygK9mT/test-sub-intermediate-CA-trusted-certificate-0001-request.pem 544s Certificate Request: 544s Data: 544s Version: 1 (0x0) 544s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 544s Subject Public Key Info: 544s Public Key Algorithm: rsaEncryption 544s Public-Key: (1024 bit) 544s Modulus: 544s 00:aa:6c:43:dd:ee:de:86:86:16:6e:93:b4:91:8c: 544s 86:34:39:95:89:e0:d7:85:17:22:f1:82:91:93:7a: 544s 90:9f:1b:6b:d8:f9:a1:9b:36:e9:2b:60:53:dd:77: 544s a4:52:15:3b:00:3f:3b:1e:f4:2d:45:d3:03:ba:84: 544s 2e:49:a8:55:cf:cc:87:eb:f3:8b:d2:6a:27:24:87: 544s d8:d0:ba:d9:9c:f9:7f:57:27:f0:ad:11:dd:4f:4d: 544s 7b:7d:21:b9:b1:a9:b7:15:38:ba:a2:c8:a4:39:38: 544s 60:df:1e:11:55:66:76:a5:60:fd:0d:76:ea:de:5e: 544s a1:d0:fb:b1:6e:f4:2f:f0:3b 544s Exponent: 65537 (0x10001) 544s Attributes: 544s Requested Extensions: 544s X509v3 Basic Constraints: 544s CA:FALSE 544s Netscape Cert Type: 544s SSL Client, S/MIME 544s Netscape Comment: 544s Test Organization Sub Intermediate CA trusted Certificate 544s X509v3 Subject Key Identifier: 544s 80:0C:5B:05:73:D3:A1:27:1B:C7:3F:DA:A5:8B:9B:88:F6:88:7A:4F 544s X509v3 Key Usage: critical 544s Digital Signature, Non Repudiation, Key Encipherment 544s X509v3 Extended Key Usage: 544s TLS Web Client Authentication, E-mail Protection 544s X509v3 Subject Alternative Name: 544s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 544s Signature Algorithm: sha256WithRSAEncryption 544s Signature Value: 544s 3b:84:64:7a:03:e7:fd:41:a7:cd:29:5a:45:d5:5e:0b:52:29: 544s 93:5c:6b:65:23:0c:32:00:bb:c6:b9:6e:7e:20:f9:2d:89:a7: 544s c7:d1:3e:b0:fa:39:f4:ee:9a:4a:09:b1:85:07:51:89:23:55: 544s b0:9a:34:b6:52:ee:ce:a5:97:2f:2b:36:6d:6b:0d:f9:30:96: 544s db:ce:3d:94:80:40:5a:4e:12:a3:a9:68:9b:fe:e8:49:2f:2d: 544s 8b:f2:fb:5c:ef:58:54:cc:0e:8b:b8:ce:15:19:dc:8e:85:95: 544s ea:a1:14:ec:22:e7:e4:b7:98:b5:a5:f5:d0:0e:68:eb:77:ac: 544s 72:44 544s + openssl req -text -noout -in /tmp/sssd-softhsm2-certs-ygK9mT/test-sub-intermediate-CA-trusted-certificate-0001-request.pem 544s + openssl ca -passin pass:random-sub-intermediate-CA-password-15744 -config /tmp/sssd-softhsm2-certs-ygK9mT/test-sub-intermediate-CA.config -batch -notext -keyfile /tmp/sssd-softhsm2-certs-ygK9mT/test-sub-intermediate-CA-key.pem -in /tmp/sssd-softhsm2-certs-ygK9mT/test-sub-intermediate-CA-trusted-certificate-0001-request.pem -days 365 -extensions usr_cert -out /tmp/sssd-softhsm2-certs-ygK9mT/test-sub-intermediate-CA-trusted-certificate-0001.pem 544s Using configuration from /tmp/sssd-softhsm2-certs-ygK9mT/test-sub-intermediate-CA.config 544s Check that the request matches the signature 544s Signature ok 544s Certificate Details: 544s Serial Number: 5 (0x5) 544s Validity 544s Not Before: Jun 14 15:20:55 2024 GMT 544s Not After : Jun 14 15:20:55 2025 GMT 544s Subject: 544s organizationName = Test Organization 544s organizationalUnitName = Test Organization Unit 544s commonName = Test Organization Sub Intermediate Trusted Certificate 0001 544s X509v3 extensions: 544s X509v3 Authority Key Identifier: 544s D9:8B:71:BE:F0:22:B6:36:05:A1:2E:93:53:B7:5D:D1:42:28:50:17 544s X509v3 Basic Constraints: 544s CA:FALSE 544s Netscape Cert Type: 544s SSL Client, S/MIME 544s Netscape Comment: 544s Test Organization Sub Intermediate CA trusted Certificate 544s X509v3 Subject Key Identifier: 544s 80:0C:5B:05:73:D3:A1:27:1B:C7:3F:DA:A5:8B:9B:88:F6:88:7A:4F 544s X509v3 Key Usage: critical 544s Digital Signature, Non Repudiation, Key Encipherment 544s X509v3 Extended Key Usage: 544s TLS Web Client Authentication, E-mail Protection 544s X509v3 Subject Alternative Name: 544s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 544s Certificate is to be certified until Jun 14 15:20:55 2025 GMT (365 days) 544s 544s Write out database with 1 new entries 544s Database updated 544s + openssl x509 -noout -in /tmp/sssd-softhsm2-certs-ygK9mT/test-sub-intermediate-CA-trusted-certificate-0001.pem 544s This certificate should not be trusted fully 544s + echo 'This certificate should not be trusted fully' 544s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-certs-ygK9mT/test-sub-intermediate-CA.pem /tmp/sssd-softhsm2-certs-ygK9mT/test-sub-intermediate-CA-trusted-certificate-0001.pem 544s + local cmd=openssl 544s + shift 544s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-ygK9mT/test-sub-intermediate-CA.pem /tmp/sssd-softhsm2-certs-ygK9mT/test-sub-intermediate-CA-trusted-certificate-0001.pem 544s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 544s error 2 at 1 depth lookup: unable to get issuer certificate 544s error /tmp/sssd-softhsm2-certs-ygK9mT/test-sub-intermediate-CA-trusted-certificate-0001.pem: verification failed 544s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-certs-ygK9mT/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-ygK9mT/test-sub-intermediate-CA-trusted-certificate-0001.pem 544s + local cmd=openssl 544s + shift 544s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-ygK9mT/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-ygK9mT/test-sub-intermediate-CA-trusted-certificate-0001.pem 544s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 544s error 20 at 0 depth lookup: unable to get local issuer certificate 544s error /tmp/sssd-softhsm2-certs-ygK9mT/test-sub-intermediate-CA-trusted-certificate-0001.pem: verification failed 544s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-certs-ygK9mT/test-sub-intermediate-CA.pem /tmp/sssd-softhsm2-certs-ygK9mT/test-sub-intermediate-CA-trusted-certificate-0001.pem 544s /tmp/sssd-softhsm2-certs-ygK9mT/test-sub-intermediate-CA-trusted-certificate-0001.pem: OK 544s Building a the full-chain CA file... 544s + expect_fail openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-certs-ygK9mT/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-ygK9mT/test-sub-intermediate-CA-trusted-certificate-0001.pem 544s + local cmd=openssl 544s + shift 544s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-certs-ygK9mT/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-ygK9mT/test-sub-intermediate-CA-trusted-certificate-0001.pem 544s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 544s error 20 at 0 depth lookup: unable to get local issuer certificate 544s error /tmp/sssd-softhsm2-certs-ygK9mT/test-sub-intermediate-CA-trusted-certificate-0001.pem: verification failed 544s + echo 'Building a the full-chain CA file...' 544s + cat /tmp/sssd-softhsm2-certs-ygK9mT/test-root-CA.pem /tmp/sssd-softhsm2-certs-ygK9mT/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-ygK9mT/test-sub-intermediate-CA.pem 544s + cat /tmp/sssd-softhsm2-certs-ygK9mT/test-root-CA.pem /tmp/sssd-softhsm2-certs-ygK9mT/test-intermediate-CA.pem 544s + cat /tmp/sssd-softhsm2-certs-ygK9mT/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-ygK9mT/test-sub-intermediate-CA.pem 544s subject=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 544s issuer=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 544s 544s subject=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 544s issuer=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 544s 544s subject=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 544s issuer=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 544s 544s + openssl crl2pkcs7 -nocrl -certfile /tmp/sssd-softhsm2-certs-ygK9mT/test-full-chain-CA.pem 544s + openssl pkcs7 -print_certs -noout 544s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-ygK9mT/test-full-chain-CA.pem /tmp/sssd-softhsm2-certs-ygK9mT/test-intermediate-CA.pem 544s /tmp/sssd-softhsm2-certs-ygK9mT/test-intermediate-CA.pem: OK 544s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-ygK9mT/test-full-chain-CA.pem /tmp/sssd-softhsm2-certs-ygK9mT/test-root-CA-trusted-certificate-0001.pem 544s /tmp/sssd-softhsm2-certs-ygK9mT/test-root-CA-trusted-certificate-0001.pem: OK 544s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-ygK9mT/test-full-chain-CA.pem /tmp/sssd-softhsm2-certs-ygK9mT/test-intermediate-CA-trusted-certificate-0001.pem 544s /tmp/sssd-softhsm2-certs-ygK9mT/test-intermediate-CA-trusted-certificate-0001.pem: OK 544s /tmp/sssd-softhsm2-certs-ygK9mT/test-root-intermediate-chain-CA.pem: OK 544s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-ygK9mT/test-full-chain-CA.pem /tmp/sssd-softhsm2-certs-ygK9mT/test-root-intermediate-chain-CA.pem 544s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-ygK9mT/test-full-chain-CA.pem /tmp/sssd-softhsm2-certs-ygK9mT/test-sub-intermediate-CA-trusted-certificate-0001.pem 544s /tmp/sssd-softhsm2-certs-ygK9mT/test-sub-intermediate-CA-trusted-certificate-0001.pem: OK 544s Certificates generation completed! 544s + echo 'Certificates generation completed!' 544s + [[ -v NO_SSSD_TESTS ]] 544s + [[ -v GENERATE_SMART_CARDS ]] 544s + prepare_softhsm2_card /tmp/sssd-softhsm2-certs-ygK9mT/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-1482 544s + local certificate=/tmp/sssd-softhsm2-certs-ygK9mT/test-root-CA-trusted-certificate-0001.pem 544s + local key_pass=pass:random-root-ca-trusted-cert-0001-1482 544s + local key_cn 544s + local key_name 544s + local tokens_dir 544s + local output_cert_file 544s + token_name= 544s ++ basename /tmp/sssd-softhsm2-certs-ygK9mT/test-root-CA-trusted-certificate-0001.pem .pem 544s + key_name=test-root-CA-trusted-certificate-0001 544s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-certs-ygK9mT/test-root-CA-trusted-certificate-0001.pem 544s ++ sed -n 's/ *commonName *= //p' 544s + key_cn='Test Organization Root Trusted Certificate 0001' 544s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 544s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-certs-ygK9mT/softhsm2-test-root-CA-trusted-certificate-0001.conf 544s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-certs-ygK9mT/softhsm2-test-root-CA-trusted-certificate-0001.conf 544s ++ basename /tmp/sssd-softhsm2-certs-ygK9mT/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 544s + tokens_dir=/tmp/sssd-softhsm2-certs-ygK9mT/softhsm2-test-root-CA-trusted-certificate-0001 544s + token_name='Test Organization Root Tr Token' 544s + '[' '!' -e /tmp/sssd-softhsm2-certs-ygK9mT/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 544s + local key_file 544s + local decrypted_key 544s + mkdir -p /tmp/sssd-softhsm2-certs-ygK9mT/softhsm2-test-root-CA-trusted-certificate-0001 544s + key_file=/tmp/sssd-softhsm2-certs-ygK9mT/test-root-CA-trusted-certificate-0001-key.pem 544s + decrypted_key=/tmp/sssd-softhsm2-certs-ygK9mT/test-root-CA-trusted-certificate-0001-key-decrypted.pem 544s + cat 544s + softhsm2-util --init-token --label 'Test Organization Root Tr Token' --pin 123456 --so-pin 123456 --free 544s Slot 0 has a free/uninitialized token. 544s The token has been initialized and is reassigned to slot 2088370449 544s + softhsm2-util --show-slots 544s Available slots: 544s Slot 2088370449 544s Slot info: 544s Description: SoftHSM slot ID 0x7c7a0111 544s Manufacturer ID: SoftHSM project 544s Hardware version: 2.6 544s Firmware version: 2.6 544s Token present: yes 544s Token info: 544s Manufacturer ID: SoftHSM project 544s Model: SoftHSM v2 544s Hardware version: 2.6 544s Firmware version: 2.6 544s Serial number: 271874437c7a0111 544s Initialized: yes 544s User PIN init.: yes 544s Label: Test Organization Root Tr Token 544s Slot 1 544s Slot info: 544s Description: SoftHSM slot ID 0x1 544s Manufacturer ID: SoftHSM project 544s Hardware version: 2.6 544s Firmware version: 2.6 544s Token present: yes 544s Token info: 544s Manufacturer ID: SoftHSM project 544s Model: SoftHSM v2 544s Hardware version: 2.6 544s Firmware version: 2.6 544s Serial number: 544s Initialized: no 544s User PIN init.: no 544s Label: 544s + p11tool --provider=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=/tmp/sssd-softhsm2-certs-ygK9mT/test-root-CA-trusted-certificate-0001.pem --login --set-pin=123456 --label 'Test Organization Root Trusted Certificate 0001' --id 00112233445566778899FFAABBCCDDEEFF012345 544s + openssl rsa -passin pass:random-root-ca-trusted-cert-0001-1482 -in /tmp/sssd-softhsm2-certs-ygK9mT/test-root-CA-trusted-certificate-0001-key.pem -out /tmp/sssd-softhsm2-certs-ygK9mT/test-root-CA-trusted-certificate-0001-key-decrypted.pem 544s writing RSA key 544s + p11tool --provider=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so --write --load-privkey=/tmp/sssd-softhsm2-certs-ygK9mT/test-root-CA-trusted-certificate-0001-key-decrypted.pem --login --set-pin=123456 --label 'Test Organization Root Trusted Certificate 0001 Key' --id 00112233445566778899FFAABBCCDDEEFF012345 544s Object 0: 544s URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=271874437c7a0111;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert 544s Type: X.509 Certificate (RSA-1024) 544s Expires: Sat Jun 14 15:20:55 2025 544s Label: Test Organization Root Trusted Certificate 0001 544s ID: 00:11:22:33:44:55:66:77:88:99:ff:aa:bb:cc:dd:ee:ff:01:23:45 544s 544s Test Organization Root Tr Token 544s + rm /tmp/sssd-softhsm2-certs-ygK9mT/test-root-CA-trusted-certificate-0001-key-decrypted.pem 544s + p11tool --provider=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so --list-all 544s + echo 'Test Organization Root Tr Token' 544s + prepare_softhsm2_card /tmp/sssd-softhsm2-certs-ygK9mT/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-15787 544s + local certificate=/tmp/sssd-softhsm2-certs-ygK9mT/test-intermediate-CA-trusted-certificate-0001.pem 544s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-15787 544s + local key_cn 544s + local key_name 544s + local tokens_dir 544s + local output_cert_file 544s + token_name= 544s ++ basename /tmp/sssd-softhsm2-certs-ygK9mT/test-intermediate-CA-trusted-certificate-0001.pem .pem 544s + key_name=test-intermediate-CA-trusted-certificate-0001 544s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-certs-ygK9mT/test-intermediate-CA-trusted-certificate-0001.pem 544s ++ sed -n 's/ *commonName *= //p' 544s Slot 0 has a free/uninitialized token. 544s The token has been initialized and is reassigned to slot 875421125 544s Available slots: 544s Slot 875421125 544s Slot info: 544s Description: SoftHSM slot ID 0x342dddc5 544s Manufacturer ID: SoftHSM project 544s Hardware version: 2.6 544s Firmware version: 2.6 544s Token present: yes 544s Token info: 544s Manufacturer ID: SoftHSM project 544s Model: SoftHSM v2 544s Hardware version: 2.6 544s Firmware version: 2.6 544s Serial number: 1526b97fb42dddc5 544s Initialized: yes 544s User PIN init.: yes 544s Label: Test Organization Interme Token 544s Slot 1 544s Slot info: 544s Description: SoftHSM slot ID 0x1 544s Manufacturer ID: SoftHSM project 544s Hardware version: 2.6 544s Firmware version: 2.6 544s Token present: yes 544s Token info: 544s Manufacturer ID: SoftHSM project 544s Model: SoftHSM v2 544s Hardware version: 2.6 544s Firmware version: 2.6 544s Serial number: 544s Initialized: no 544s User PIN init.: no 544s Label: 544s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 544s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 544s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-certs-ygK9mT/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 544s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-certs-ygK9mT/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 544s ++ basename /tmp/sssd-softhsm2-certs-ygK9mT/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 544s + tokens_dir=/tmp/sssd-softhsm2-certs-ygK9mT/softhsm2-test-intermediate-CA-trusted-certificate-0001 544s + token_name='Test Organization Interme Token' 544s + '[' '!' -e /tmp/sssd-softhsm2-certs-ygK9mT/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 544s + local key_file 544s + local decrypted_key 544s + mkdir -p /tmp/sssd-softhsm2-certs-ygK9mT/softhsm2-test-intermediate-CA-trusted-certificate-0001 544s + key_file=/tmp/sssd-softhsm2-certs-ygK9mT/test-intermediate-CA-trusted-certificate-0001-key.pem 544s + decrypted_key=/tmp/sssd-softhsm2-certs-ygK9mT/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 544s + cat 544s + softhsm2-util --init-token --label 'Test Organization Interme Token' --pin 123456 --so-pin 123456 --free 544s + softhsm2-util --show-slots 544s + p11tool --provider=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=/tmp/sssd-softhsm2-certs-ygK9mT/test-intermediate-CA-trusted-certificate-0001.pem --login --set-pin=123456 --label 'Test Organization Intermediate Trusted Certificate 0001' --id 00112233445566778899FFAABBCCDDEEFF012345 544s + openssl rsa -passin pass:random-intermediate-ca-trusted-cert-0001-15787 -in /tmp/sssd-softhsm2-certs-ygK9mT/test-intermediate-CA-trusted-certificate-0001-key.pem -out /tmp/sssd-softhsm2-certs-ygK9mT/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 544s writing RSA key 544s + p11tool --provider=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so --write --load-privkey=/tmp/sssd-softhsm2-certs-ygK9mT/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem --login --set-pin=123456 --label 'Test Organization Intermediate Trusted Certificate 0001 Key' --id 00112233445566778899FFAABBCCDDEEFF012345 544s + rm /tmp/sssd-softhsm2-certs-ygK9mT/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 544s + p11tool --provider=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so --list-all 544s Object 0: 544s URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=1526b97fb42dddc5;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert 544s Type: X.509 Certificate (RSA-1024) 544s Expires: Sat Jun 14 15:20:55 2025 544s Label: Test Organization Intermediate Trusted Certificate 0001 544s ID: 00:11:22:33:44:55:66:77:88:99:ff:aa:bb:cc:dd:ee:ff:01:23:45 544s 544s Test Organization Interme Token 544s + echo 'Test Organization Interme Token' 544s + prepare_softhsm2_card /tmp/sssd-softhsm2-certs-ygK9mT/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-387 544s + local certificate=/tmp/sssd-softhsm2-certs-ygK9mT/test-sub-intermediate-CA-trusted-certificate-0001.pem 544s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-387 544s + local key_cn 544s + local key_name 544s + local tokens_dir 544s + local output_cert_file 544s + token_name= 544s ++ basename /tmp/sssd-softhsm2-certs-ygK9mT/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 544s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 544s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-certs-ygK9mT/test-sub-intermediate-CA-trusted-certificate-0001.pem 544s ++ sed -n 's/ *commonName *= //p' 544s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 544s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 544s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-certs-ygK9mT/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 544s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-certs-ygK9mT/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 544s ++ basename /tmp/sssd-softhsm2-certs-ygK9mT/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 544s + tokens_dir=/tmp/sssd-softhsm2-certs-ygK9mT/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 544s + token_name='Test Organization Sub Int Token' 544s + '[' '!' -e /tmp/sssd-softhsm2-certs-ygK9mT/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 544s + local key_file 544s + local decrypted_key 544s + mkdir -p /tmp/sssd-softhsm2-certs-ygK9mT/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 544s + key_file=/tmp/sssd-softhsm2-certs-ygK9mT/test-sub-intermediate-CA-trusted-certificate-0001-key.pem 544s + decrypted_key=/tmp/sssd-softhsm2-certs-ygK9mT/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 544s + cat 544s + softhsm2-util --init-token --label 'Test Organization Sub Int Token' --pin 123456 --so-pin 123456 --free 544s Slot 0 has a free/uninitialized token. 544s The token has been initialized and is reassigned to slot 284784557 544s + softhsm2-util --show-slots 544s Available slots: 544s Slot 284784557 544s Slot info: 544s Description: SoftHSM slot ID 0x10f977ad 544s Manufacturer ID: SoftHSM project 544s Hardware version: 2.6 544s Firmware version: 2.6 544s Token present: yes 544s Token info: 544s Manufacturer ID: SoftHSM project 544s Model: SoftHSM v2 544s Hardware version: 2.6 544s Firmware version: 2.6 544s Serial number: 08fb1d3290f977ad 544s Initialized: yes 544s User PIN init.: yes 544s Label: Test Organization Sub Int Token 544s Slot 1 544s Slot info: 544s Description: SoftHSM slot ID 0x1 544s Manufacturer ID: SoftHSM project 544s Hardware version: 2.6 544s Firmware version: 2.6 544s Token present: yes 544s Token info: 544s Manufacturer ID: SoftHSM project 544s Model: SoftHSM v2 544s Hardware version: 2.6 544s Firmware version: 2.6 544s Serial number: 544s Initialized: no 544s User PIN init.: no 544s Label: 544s + p11tool --provider=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=/tmp/sssd-softhsm2-certs-ygK9mT/test-sub-intermediate-CA-trusted-certificate-0001.pem --login --set-pin=123456 --label 'Test Organization Sub Intermediate Trusted Certificate 0001' --id 00112233445566778899FFAABBCCDDEEFF012345 544s + openssl rsa -passin pass:random-sub-intermediate-ca-trusted-cert-0001-387 -in /tmp/sssd-softhsm2-certs-ygK9mT/test-sub-intermediate-CA-trusted-certificate-0001-key.pem -out /tmp/sssd-softhsm2-certs-ygK9mT/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 544s writing RSA key 544s + p11tool --provider=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so --write --load-privkey=/tmp/sssd-softhsm2-certs-ygK9mT/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem --login --set-pin=123456 --label 'Test Organization Sub Intermediate Trusted Certificate 0001 Key' --id 00112233445566778899FFAABBCCDDEEFF012345 544s + rm /tmp/sssd-softhsm2-certs-ygK9mT/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 544s + p11tool --provider=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so --list-all 544s Object 0: 544s URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=08fb1d3290f977ad;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert 544s Type: X.509 Certificate (RSA-1024) 544s Expires: Sat Jun 14 15:20:55 2025 544s Label: Test Organization Sub Intermediate Trusted Certificate 0001 544s ID: 00:11:22:33:44:55:66:77:88:99:ff:aa:bb:cc:dd:ee:ff:01:23:45 544s 544s Test Organization Sub Int Token 544s Certificates generation completed! 544s + echo 'Test Organization Sub Int Token' 544s + echo 'Certificates generation completed!' 544s + exit 0 544s + find /tmp/sssd-softhsm2-certs-ygK9mT -type d -exec chmod 777 '{}' ';' 544s + find /tmp/sssd-softhsm2-certs-ygK9mT -type f -exec chmod 666 '{}' ';' 544s + backup_file /etc/sssd/sssd.conf 544s + '[' -z '' ']' 544s ++ mktemp -d -t sssd-softhsm2-backups-XXXXXX 544s + backupsdir=/tmp/sssd-softhsm2-backups-CXkVFz 544s + '[' -e /etc/sssd/sssd.conf ']' 544s + delete_paths+=("$1") 544s + rm -f /etc/sssd/sssd.conf 544s ++ runuser -u ubuntu -- sh -c 'echo ~' 544s + user_home=/home/ubuntu 544s + mkdir -p /home/ubuntu 544s + chown ubuntu:ubuntu /home/ubuntu 544s ++ runuser -u ubuntu -- sh -c 'echo ${XDG_CONFIG_HOME:-~/.config}' 544s + user_config=/home/ubuntu/.config 544s + system_config=/etc 544s + softhsm2_conf_paths=("${AUTOPKGTEST_NORMAL_USER}:$user_config/softhsm2/softhsm2.conf" "root:$system_config/softhsm/softhsm2.conf") 544s + for path_pair in "${softhsm2_conf_paths[@]}" 544s + IFS=: 544s + read -r -a path 544s + path=/home/ubuntu/.config/softhsm2/softhsm2.conf 544s + backup_file /home/ubuntu/.config/softhsm2/softhsm2.conf 544s + '[' -z /tmp/sssd-softhsm2-backups-CXkVFz ']' 544s + '[' -e /home/ubuntu/.config/softhsm2/softhsm2.conf ']' 544s + delete_paths+=("$1") 544s + rm -f /home/ubuntu/.config/softhsm2/softhsm2.conf 544s + for path_pair in "${softhsm2_conf_paths[@]}" 544s + IFS=: 544s + read -r -a path 544s + path=/etc/softhsm/softhsm2.conf 544s + backup_file /etc/softhsm/softhsm2.conf 544s + '[' -z /tmp/sssd-softhsm2-backups-CXkVFz ']' 544s + '[' -e /etc/softhsm/softhsm2.conf ']' 544s ++ dirname /etc/softhsm/softhsm2.conf 544s + local back_dir=/tmp/sssd-softhsm2-backups-CXkVFz//etc/softhsm 544s ++ basename /etc/softhsm/softhsm2.conf 544s + local back_path=/tmp/sssd-softhsm2-backups-CXkVFz//etc/softhsm/softhsm2.conf 544s + '[' '!' -e /tmp/sssd-softhsm2-backups-CXkVFz//etc/softhsm/softhsm2.conf ']' 544s + mkdir -p /tmp/sssd-softhsm2-backups-CXkVFz//etc/softhsm 544s + cp -a /etc/softhsm/softhsm2.conf /tmp/sssd-softhsm2-backups-CXkVFz//etc/softhsm/softhsm2.conf 544s + restore_paths+=("$back_path") 544s + rm -f /etc/softhsm/softhsm2.conf 544s + test_authentication login /tmp/sssd-softhsm2-certs-ygK9mT/softhsm2-test-root-CA-trusted-certificate-0001.conf /tmp/sssd-softhsm2-certs-ygK9mT/test-full-chain-CA.pem 544s + pam_service=login 544s + certificate_config=/tmp/sssd-softhsm2-certs-ygK9mT/softhsm2-test-root-CA-trusted-certificate-0001.conf 544s + ca_db=/tmp/sssd-softhsm2-certs-ygK9mT/test-full-chain-CA.pem 544s + verification_options= 544s + mkdir -p -m 700 /etc/sssd 544s Using CA DB '/tmp/sssd-softhsm2-certs-ygK9mT/test-full-chain-CA.pem' with verification options: '' 544s + echo 'Using CA DB '\''/tmp/sssd-softhsm2-certs-ygK9mT/test-full-chain-CA.pem'\'' with verification options: '\'''\''' 544s + cat 544s + chmod 600 /etc/sssd/sssd.conf 544s + for path_pair in "${softhsm2_conf_paths[@]}" 544s + IFS=: 544s + read -r -a path 544s + user=ubuntu 544s + path=/home/ubuntu/.config/softhsm2/softhsm2.conf 544s ++ dirname /home/ubuntu/.config/softhsm2/softhsm2.conf 544s + runuser -u ubuntu -- mkdir -p /home/ubuntu/.config/softhsm2 544s + runuser -u ubuntu -- ln -sf /tmp/sssd-softhsm2-certs-ygK9mT/softhsm2-test-root-CA-trusted-certificate-0001.conf /home/ubuntu/.config/softhsm2/softhsm2.conf 544s + runuser -u ubuntu -- softhsm2-util --show-slots 544s + grep 'Test Organization' 544s Label: Test Organization Root Tr Token 544s + for path_pair in "${softhsm2_conf_paths[@]}" 544s + IFS=: 544s + read -r -a path 544s + user=root 544s + path=/etc/softhsm/softhsm2.conf 544s ++ dirname /etc/softhsm/softhsm2.conf 544s + runuser -u root -- mkdir -p /etc/softhsm 544s + runuser -u root -- ln -sf /tmp/sssd-softhsm2-certs-ygK9mT/softhsm2-test-root-CA-trusted-certificate-0001.conf /etc/softhsm/softhsm2.conf 544s + runuser -u root -- softhsm2-util --show-slots 544s + grep 'Test Organization' 544s Label: Test Organization Root Tr Token 544s + systemctl restart sssd 545s + pam-auth-update --disable sss-smart-card-optional sss-smart-card-required 545s + for alternative in "${alternative_pam_configs[@]}" 545s + pam-auth-update --enable sss-smart-card-optional 545s + cat /etc/pam.d/common-auth 545s # 545s # /etc/pam.d/common-auth - authentication settings common to all services 545s # 545s # This file is included from other service-specific PAM config files, 545s # and should contain a list of the authentication modules that define 545s # the central authentication scheme for use on the system 545s # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the 545s # traditional Unix authentication mechanisms. 545s # 545s # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. 545s # To take advantage of this, it is recommended that you configure any 545s # local modules either before or after the default block, and use 545s # pam-auth-update to manage selection of other modules. See 545s # pam-auth-update(8) for details. 545s 545s # here are the per-package modules (the "Primary" block) 545s auth [success=3 default=ignore] pam_sss.so allow_missing_name try_cert_auth 545s auth [success=2 default=ignore] pam_unix.so nullok try_first_pass 545s auth [success=1 default=ignore] pam_sss.so use_first_pass 545s # here's the fallback if no module succeeds 545s auth requisite pam_deny.so 545s # prime the stack with a positive return value if there isn't one already; 545s # this avoids us returning an error just because nothing sets a success code 545s # since the modules above will each just jump around 545s auth required pam_permit.so 545s # and here are more per-package modules (the "Additional" block) 545s auth optional pam_cap.so 545s # end of pam-auth-update config 545s + echo -n -e 123456 545s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 545s pamtester: invoking pam_start(login, ubuntu, ...) 545s pamtester: performing operation - authenticate 545s PIN for Test Organization Root Tr Token: pamtester: successfully authenticated 545s + echo -n -e 123456 545s + runuser -u ubuntu -- pamtester -v login '' authenticate 545s pamtester: invoking pam_start(login, , ...) 545s pamtester: performing operation - authenticate 545s PIN for Test Organization Root Tr Token: pamtester: successfully authenticated 545s + echo -n -e wrong123456 545s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 545s pamtester: invoking pam_start(login, ubuntu, ...) 545s pamtester: performing operation - authenticate 553s PIN for Test Organization Root Tr Token: Password: pamtester: Authentication failure 553s + echo -n -e wrong123456 553s + runuser -u ubuntu -- pamtester -v login '' authenticate 553s pamtester: invoking pam_start(login, , ...) 553s pamtester: performing operation - authenticate 553s PIN for Test Organization Root Tr Token: Password: pamtester: Authentication failure 553s + echo -n -e 123456 553s + pamtester -v login root authenticate 553s pamtester: invoking pam_start(login, root, ...) 553s pamtester: performing operation - authenticate 554s Password: pamtester: Authentication failure 554s + for alternative in "${alternative_pam_configs[@]}" 554s + pam-auth-update --enable sss-smart-card-required 554s PAM configuration 554s ----------------- 554s 554s Incompatible PAM profiles selected. 554s 554s The following PAM profiles cannot be used together: 554s 554s SSS required smart card authentication, SSS optional smart card 554s authentication 554s 554s Please select a different set of modules to enable. 554s 554s + cat /etc/pam.d/common-auth 554s # 554s # /etc/pam.d/common-auth - authentication settings common to all services 554s # 554s # This file is included from other service-specific PAM config files, 554s # and should contain a list of the authentication modules that define 554s # the central authentication scheme for use on the system 554s # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the 554s # traditional Unix authentication mechanisms. 554s # 554s # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. 554s # To take advantage of this, it is recommended that you configure any 554s # local modules either before or after the default block, and use 554s # pam-auth-update to manage selection of other modules. See 554s # pam-auth-update(8) for details. 554s 554s # here are the per-package modules (the "Primary" block) 554s auth [success=3 ignore=ignore default=die] pam_sss.so allow_missing_name require_cert_auth 554s auth [success=2 default=ignore] pam_unix.so nullok try_first_pass 554s auth [success=1 default=ignore] pam_sss.so use_first_pass 554s # here's the fallback if no module succeeds 554s auth requisite pam_deny.so 554s # prime the stack with a positive return value if there isn't one already; 554s # this avoids us returning an error just because nothing sets a success code 554s # since the modules above will each just jump around 554s auth required pam_permit.so 554s # and here are more per-package modules (the "Additional" block) 554s auth optional pam_cap.so 554s # end of pam-auth-update config 554s + echo -n -e 123456 554s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 554s pamtester: invoking pam_start(login, ubuntu, ...) 554s pamtester: performing operation - authenticate 554s PIN for Test Organization Root Tr Token: pamtester: successfully authenticated 554s + echo -n -e 123456 554s + runuser -u ubuntu -- pamtester -v login '' authenticate 554s pamtester: invoking pam_start(login, , ...) 554s pamtester: performing operation - authenticate 554s PIN for Test Organization Root Tr Token: pamtester: successfully authenticated 554s + echo -n -e wrong123456 554s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 554s pamtester: invoking pam_start(login, ubuntu, ...) 554s pamtester: performing operation - authenticate 557s PIN for Test Organization Root Tr Token: pamtester: Authentication failure 557s + echo -n -e wrong123456 557s + runuser -u ubuntu -- pamtester -v login '' authenticate 557s pamtester: invoking pam_start(login, , ...) 557s pamtester: performing operation - authenticate 560s PIN for Test Organization Root Tr Token: pamtester: Authentication failure 560s + echo -n -e 123456 560s + pamtester -v login root authenticate 560s pamtester: invoking pam_start(login, root, ...) 560s pamtester: performing operation - authenticate 563s pamtester: Authentication service cannot retrieve authentication info 563s + test_authentication login /tmp/sssd-softhsm2-certs-ygK9mT/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf /tmp/sssd-softhsm2-certs-ygK9mT/test-full-chain-CA.pem 563s + pam_service=login 563s + certificate_config=/tmp/sssd-softhsm2-certs-ygK9mT/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 563s + ca_db=/tmp/sssd-softhsm2-certs-ygK9mT/test-full-chain-CA.pem 563s + verification_options= 563s + mkdir -p -m 700 /etc/sssd 563s Using CA DB '/tmp/sssd-softhsm2-certs-ygK9mT/test-full-chain-CA.pem' with verification options: '' 563s + echo 'Using CA DB '\''/tmp/sssd-softhsm2-certs-ygK9mT/test-full-chain-CA.pem'\'' with verification options: '\'''\''' 563s + cat 563s + chmod 600 /etc/sssd/sssd.conf 563s + for path_pair in "${softhsm2_conf_paths[@]}" 563s + IFS=: 563s + read -r -a path 563s + user=ubuntu 563s + path=/home/ubuntu/.config/softhsm2/softhsm2.conf 563s ++ dirname /home/ubuntu/.config/softhsm2/softhsm2.conf 563s + runuser -u ubuntu -- mkdir -p /home/ubuntu/.config/softhsm2 563s + runuser -u ubuntu -- ln -sf /tmp/sssd-softhsm2-certs-ygK9mT/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf /home/ubuntu/.config/softhsm2/softhsm2.conf 563s + runuser -u ubuntu -- softhsm2-util --show-slots 563s + grep 'Test Organization' 563s Label: Test Organization Sub Int Token 563s + for path_pair in "${softhsm2_conf_paths[@]}" 563s + IFS=: 563s + read -r -a path 563s + user=root 563s + path=/etc/softhsm/softhsm2.conf 563s ++ dirname /etc/softhsm/softhsm2.conf 563s + runuser -u root -- mkdir -p /etc/softhsm 563s + runuser -u root -- ln -sf /tmp/sssd-softhsm2-certs-ygK9mT/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf /etc/softhsm/softhsm2.conf 563s + runuser -u root -- softhsm2-util --show-slots 563s + grep 'Test Organization' 563s Label: Test Organization Sub Int Token 563s + systemctl restart sssd 564s + pam-auth-update --disable sss-smart-card-optional sss-smart-card-required 564s + for alternative in "${alternative_pam_configs[@]}" 564s + pam-auth-update --enable sss-smart-card-optional 564s + cat /etc/pam.d/common-auth 564s # 564s # /etc/pam.d/common-auth - authentication settings common to all services 564s # 564s # This file is included from other service-specific PAM config files, 564s # and should contain a list of the authentication modules that define 564s # the central authentication scheme for use on the system 564s # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the 564s # traditional Unix authentication mechanisms. 564s # 564s # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. 564s # To take advantage of this, it is recommended that you configure any 564s # local modules either before or after the default block, and use 564s # pam-auth-update to manage selection of other modules. See 564s # pam-auth-update(8) for details. 564s 564s # here are the per-package modules (the "Primary" block) 564s auth [success=3 default=ignore] pam_sss.so allow_missing_name try_cert_auth 564s auth [success=2 default=ignore] pam_unix.so nullok try_first_pass 564s auth [success=1 default=ignore] pam_sss.so use_first_pass 564s # here's the fallback if no module succeeds 564s auth requisite pam_deny.so 564s # prime the stack with a positive return value if there isn't one already; 564s # this avoids us returning an error just because nothing sets a success code 564s # since the modules above will each just jump around 564s auth required pam_permit.so 564s # and here are more per-package modules (the "Additional" block) 564s auth optional pam_cap.so 564s # end of pam-auth-update config 564s + echo -n -e 123456 564s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 564s pamtester: invoking pam_start(login, ubuntu, ...) 564s pamtester: performing operation - authenticate 564s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 564s + echo -n -e 123456 564s + runuser -u ubuntu -- pamtester -v login '' authenticate 564s pamtester: invoking pam_start(login, , ...) 564s pamtester: performing operation - authenticate 564s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 564s + echo -n -e wrong123456 564s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 564s pamtester: invoking pam_start(login, ubuntu, ...) 564s pamtester: performing operation - authenticate 567s PIN for Test Organization Sub Int Token: Password: pamtester: Authentication failure 567s + echo -n -e wrong123456 567s + runuser -u ubuntu -- pamtester -v login '' authenticate 567s pamtester: invoking pam_start(login, , ...) 567s pamtester: performing operation - authenticate 571s PIN for Test Organization Sub Int Token: Password: pamtester: Authentication failure 571s + echo -n -e 123456 571s + pamtester -v login root authenticate 571s pamtester: invoking pam_start(login, root, ...) 571s pamtester: performing operation - authenticate 574s Password: pamtester: Authentication failure 574s + for alternative in "${alternative_pam_configs[@]}" 574s + pam-auth-update --enable sss-smart-card-required 574s PAM configuration 574s ----------------- 574s 574s Incompatible PAM profiles selected. 574s 574s The following PAM profiles cannot be used together: 574s 574s SSS required smart card authentication, SSS optional smart card 574s authentication 574s 574s Please select a different set of modules to enable. 574s 574s + cat /etc/pam.d/common-auth 574s # 574s # /etc/pam.d/common-auth - authentication settings common to all services 574s # 574s # This file is included from other service-specific PAM config files, 574s # and should contain a list of the authentication modules that define 574s # the central authentication scheme for use on the system 574s # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the 574s # traditional Unix authentication mechanisms. 574s # 574s # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. 574s # To take advantage of this, it is recommended that you configure any 574s # local modules either before or after the default block, and use 574s # pam-auth-update to manage selection of other modules. See 574s # pam-auth-update(8) for details. 574s 574s # here are the per-package modules (the "Primary" block) 574s auth [success=3 ignore=ignore default=die] pam_sss.so allow_missing_name require_cert_auth 574s auth [success=2 default=ignore] pam_unix.so nullok try_first_pass 574s auth [success=1 default=ignore] pam_sss.so use_first_pass 574s # here's the fallback if no module succeeds 574s auth requisite pam_deny.so 574s # prime the stack with a positive return value if there isn't one already; 574s # this avoids us returning an error just because nothing sets a success code 574s # since the modules above will each just jump around 574s auth required pam_permit.so 574s # and here are more per-package modules (the "Additional" block) 574s auth optional pam_cap.so 574s # end of pam-auth-update config 574s + echo -n -e 123456 574s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 574s pamtester: invoking pam_start(login, ubuntu, ...) 574s pamtester: performing operation - authenticate 574s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 574s + echo -n -e 123456 574s + runuser -u ubuntu -- pamtester -v login '' authenticate 574s pamtester: invoking pam_start(login, , ...) 574s pamtester: performing operation - authenticate 574s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 574s + echo -n -e wrong123456 574s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 574s pamtester: invoking pam_start(login, ubuntu, ...) 574s pamtester: performing operation - authenticate 577s PIN for Test Organization Sub Int Token: pamtester: Authentication failure 577s + echo -n -e wrong123456 577s + runuser -u ubuntu -- pamtester -v login '' authenticate 577s pamtester: invoking pam_start(login, , ...) 577s pamtester: performing operation - authenticate 580s PIN for Test Organization Sub Int Token: pamtester: Authentication failure 580s + echo -n -e 123456 580s + pamtester -v login root authenticate 580s pamtester: invoking pam_start(login, root, ...) 580s pamtester: performing operation - authenticate 583s pamtester: Authentication service cannot retrieve authentication info 583s + test_authentication login /tmp/sssd-softhsm2-certs-ygK9mT/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf /tmp/sssd-softhsm2-certs-ygK9mT/test-sub-intermediate-CA.pem partial_chain 583s + pam_service=login 583s + certificate_config=/tmp/sssd-softhsm2-certs-ygK9mT/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 583s + ca_db=/tmp/sssd-softhsm2-certs-ygK9mT/test-sub-intermediate-CA.pem 583s + verification_options=partial_chain 583s + mkdir -p -m 700 /etc/sssd 583s Using CA DB '/tmp/sssd-softhsm2-certs-ygK9mT/test-sub-intermediate-CA.pem' with verification options: 'partial_chain' 583s + echo 'Using CA DB '\''/tmp/sssd-softhsm2-certs-ygK9mT/test-sub-intermediate-CA.pem'\'' with verification options: '\''partial_chain'\''' 583s + cat 583s + chmod 600 /etc/sssd/sssd.conf 583s + for path_pair in "${softhsm2_conf_paths[@]}" 583s + IFS=: 583s + read -r -a path 583s + user=ubuntu 583s + path=/home/ubuntu/.config/softhsm2/softhsm2.conf 583s ++ dirname /home/ubuntu/.config/softhsm2/softhsm2.conf 583s + runuser -u ubuntu -- mkdir -p /home/ubuntu/.config/softhsm2 583s + runuser -u ubuntu -- ln -sf /tmp/sssd-softhsm2-certs-ygK9mT/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf /home/ubuntu/.config/softhsm2/softhsm2.conf 583s + runuser -u ubuntu -- softhsm2-util --show-slots 583s + grep 'Test Organization' 583s Label: Test Organization Sub Int Token 583s + for path_pair in "${softhsm2_conf_paths[@]}" 583s + IFS=: 583s + read -r -a path 583s + user=root 583s + path=/etc/softhsm/softhsm2.conf 583s ++ dirname /etc/softhsm/softhsm2.conf 583s + runuser -u root -- mkdir -p /etc/softhsm 583s + runuser -u root -- ln -sf /tmp/sssd-softhsm2-certs-ygK9mT/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf /etc/softhsm/softhsm2.conf 583s + runuser -u root -- softhsm2-util --show-slots 583s + grep 'Test Organization' 583s Label: Test Organization Sub Int Token 583s + systemctl restart sssd 583s + pam-auth-update --disable sss-smart-card-optional sss-smart-card-required 583s + for alternative in "${alternative_pam_configs[@]}" 583s + pam-auth-update --enable sss-smart-card-optional 584s # 584s # /etc/pam.d/common-auth - authentication settings common to all services 584s # 584s # This file is included from other service-specific PAM config files, 584s # and should contain a list of the authentication modules that define 584s # the central authentication scheme for use on the system 584s # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the 584s # traditional Unix authentication mechanisms. 584s # 584s # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. 584s # To take advantage of this, it is recommended that you configure any 584s # local modules either before or after the default block, and use 584s # pam-auth-update to manage selection of other modules. See 584s # pam-auth-update(8) for details. 584s 584s # here are the per-package modules (the "Primary" block) 584s auth [success=3 default=ignore] pam_sss.so allow_missing_name try_cert_auth 584s auth [success=2 default=ignore] pam_unix.so nullok try_first_pass 584s auth [success=1 default=ignore] pam_sss.so use_first_pass 584s # here's the fallback if no module succeeds 584s auth requisite pam_deny.so 584s # prime the stack with a positive return value if there isn't one already; 584s # this avoids us returning an error just because nothing sets a success code 584s # since the modules above will each just jump around 584s auth required pam_permit.so 584s # and here are more per-package modules (the "Additional" block) 584s auth optional pam_cap.so 584s # end of pam-auth-update config 584s + cat /etc/pam.d/common-auth 584s + echo -n -e 123456 584s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 584s pamtester: invoking pam_start(login, ubuntu, ...) 584s pamtester: performing operation - authenticate 584s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 584s + echo -n -e 123456 584s + runuser -u ubuntu -- pamtester -v login '' authenticate 584s pamtester: invoking pam_start(login, , ...) 584s pamtester: performing operation - authenticate 584s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 584s + echo -n -e wrong123456 584s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 584s pamtester: invoking pam_start(login, ubuntu, ...) 584s pamtester: performing operation - authenticate 586s PIN for Test Organization Sub Int Token: Password: pamtester: Authentication failure 586s + echo -n -e wrong123456 586s + runuser -u ubuntu -- pamtester -v login '' authenticate 586s pamtester: invoking pam_start(login, , ...) 586s pamtester: performing operation - authenticate 589s PIN for Test Organization Sub Int Token: Password: pamtester: Authentication failure 589s + echo -n -e 123456 589s + pamtester -v login root authenticate 589s pamtester: invoking pam_start(login, root, ...) 589s pamtester: performing operation - authenticate 592s Password: pamtester: Authentication failure 592s + for alternative in "${alternative_pam_configs[@]}" 592s + pam-auth-update --enable sss-smart-card-required 592s PAM configuration 592s ----------------- 592s 592s Incompatible PAM profiles selected. 592s 592s The following PAM profiles cannot be used together: 592s 592s SSS required smart card authentication, SSS optional smart card 592s authentication 592s 592s Please select a different set of modules to enable. 592s 592s + cat /etc/pam.d/common-auth 592s + echo -n -e 123456 592s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 592s # 592s # /etc/pam.d/common-auth - authentication settings common to all services 592s # 592s # This file is included from other service-specific PAM config files, 592s # and should contain a list of the authentication modules that define 592s # the central authentication scheme for use on the system 592s # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the 592s # traditional Unix authentication mechanisms. 592s # 592s # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. 592s # To take advantage of this, it is recommended that you configure any 592s # local modules either before or after the default block, and use 592s # pam-auth-update to manage selection of other modules. See 592s # pam-auth-update(8) for details. 592s 592s # here are the per-package modules (the "Primary" block) 592s auth [success=3 ignore=ignore default=die] pam_sss.so allow_missing_name require_cert_auth 592s auth [success=2 default=ignore] pam_unix.so nullok try_first_pass 592s auth [success=1 default=ignore] pam_sss.so use_first_pass 592s # here's the fallback if no module succeeds 592s auth requisite pam_deny.so 592s # prime the stack with a positive return value if there isn't one already; 592s # this avoids us returning an error just because nothing sets a success code 592s # since the modules above will each just jump around 592s auth required pam_permit.so 592s # and here are more per-package modules (the "Additional" block) 592s auth optional pam_cap.so 592s # end of pam-auth-update config 592s pamtester: invoking pam_start(login, ubuntu, ...) 592s pamtester: performing operation - authenticate 592s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 592s + echo -n -e 123456 592s + runuser -u ubuntu -- pamtester -v login '' authenticate 592s pamtester: invoking pam_start(login, , ...) 592s pamtester: performing operation - authenticate 592s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 592s + echo -n -e wrong123456 592s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 592s pamtester: invoking pam_start(login, ubuntu, ...) 592s pamtester: performing operation - authenticate 595s PIN for Test Organization Sub Int Token: pamtester: Authentication failure 595s + echo -n -e wrong123456 595s + runuser -u ubuntu -- pamtester -v login '' authenticate 595s pamtester: invoking pam_start(login, , ...) 595s pamtester: performing operation - authenticate 598s PIN for Test Organization Sub Int Token: pamtester: Authentication failure 598s + echo -n -e 123456 598s + pamtester -v login root authenticate 598s pamtester: invoking pam_start(login, root, ...) 598s pamtester: performing operation - authenticate 602s pamtester: Authentication service cannot retrieve authentication info 602s + handle_exit 602s + exit_code=0 602s + restore_changes 602s + for path in "${restore_paths[@]}" 602s + local original_path 602s ++ realpath --strip --relative-base=/tmp/sssd-softhsm2-backups-CXkVFz /tmp/sssd-softhsm2-backups-CXkVFz//etc/softhsm/softhsm2.conf 602s + original_path=/etc/softhsm/softhsm2.conf 602s + rm /etc/softhsm/softhsm2.conf 602s + mv /tmp/sssd-softhsm2-backups-CXkVFz//etc/softhsm/softhsm2.conf /etc/softhsm/softhsm2.conf 602s + for path in "${delete_paths[@]}" 602s + rm -f /etc/sssd/sssd.conf 602s + for path in "${delete_paths[@]}" 602s + rm -f /home/ubuntu/.config/softhsm2/softhsm2.conf 602s + pam-auth-update --disable sss-smart-card-optional sss-smart-card-required 602s + '[' -e /etc/sssd/sssd.conf ']' 602s + systemctl stop sssd 602s + '[' -e /etc/softhsm/softhsm2.conf ']' 602s + chmod 600 /etc/softhsm/softhsm2.conf 602s + rm -rf /tmp/sssd-softhsm2-certs-ygK9mT 602s + '[' 0 = 0 ']' 602s + rm -rf /tmp/sssd-softhsm2-backups-CXkVFz 602s + set +x 602s Script completed successfully! 602s autopkgtest [15:21:53]: test sssd-smart-card-pam-auth-configs: -----------------------] 605s autopkgtest [15:21:56]: test sssd-smart-card-pam-auth-configs: - - - - - - - - - - results - - - - - - - - - - 605s sssd-smart-card-pam-auth-configs PASS 605s autopkgtest [15:21:56]: @@@@@@@@@@@@@@@@@@@@ summary 605s ldap-user-group-ldap-auth PASS 605s ldap-user-group-krb5-auth PASS 605s sssd-softhism2-certificates-tests.sh PASS 605s sssd-smart-card-pam-auth-configs PASS 626s nova [W] Skipping flock for amd64 626s Creating nova instance adt-noble-amd64-sssd-20240614-151151-juju-7f2275-prod-proposed-migration-environment-3-756bd939-2796-4ffe-8250-143c8c98ab62 from image adt/ubuntu-noble-amd64-server-20240613.img (UUID 79c78cb3-7ed1-435a-9846-648a53ada8c9)... 626s nova [W] Skipping flock for amd64 626s Creating nova instance adt-noble-amd64-sssd-20240614-151151-juju-7f2275-prod-proposed-migration-environment-3-756bd939-2796-4ffe-8250-143c8c98ab62 from image adt/ubuntu-noble-amd64-server-20240613.img (UUID 79c78cb3-7ed1-435a-9846-648a53ada8c9)...