0s autopkgtest [08:16:40]: starting date and time: 2024-11-16 08:16:40+0000 0s autopkgtest [08:16:40]: git checkout: 0acbae0a WIP show VirtSubproc stderr in real-time 0s autopkgtest [08:16:40]: host juju-7f2275-prod-proposed-migration-environment-2; command line: /home/ubuntu/autopkgtest/runner/autopkgtest --output-dir /tmp/autopkgtest-work.mi0ihrck/out --timeout-copy=6000 --setup-commands /home/ubuntu/autopkgtest-cloud/worker-config-production/setup-canonical.sh --apt-pocket=proposed=src:systemd,src:openssh --apt-upgrade sssd --timeout-short=300 --timeout-copy=20000 --timeout-build=20000 '--env=ADT_TEST_TRIGGERS=systemd/255.4-1ubuntu8.5 openssh/1:9.6p1-3ubuntu13.7' -- ssh -s /home/ubuntu/autopkgtest/ssh-setup/nova -- --flavor autopkgtest --security-groups autopkgtest-juju-7f2275-prod-proposed-migration-environment-2@lcy02-70.secgroup --name adt-noble-amd64-sssd-20241116-074137-juju-7f2275-prod-proposed-migration-environment-2-245dba9c-4f04-4102-ad88-c19d5ebaeeb1 --image adt/ubuntu-noble-amd64-server --keyname testbed-juju-7f2275-prod-proposed-migration-environment-2 --net-id=net_prod-proposed-migration -e TERM=linux -e ''"'"'http_proxy=http://squid.internal:3128'"'"'' -e ''"'"'https_proxy=http://squid.internal:3128'"'"'' -e ''"'"'no_proxy=127.0.0.1,127.0.1.1,login.ubuntu.com,localhost,localdomain,novalocal,internal,archive.ubuntu.com,ports.ubuntu.com,security.ubuntu.com,ddebs.ubuntu.com,changelogs.ubuntu.com,keyserver.ubuntu.com,launchpadlibrarian.net,launchpadcontent.net,launchpad.net,10.24.0.0/24,keystone.ps5.canonical.com,objectstorage.prodstack5.canonical.com'"'"'' --mirror=http://ftpmaster.internal/ubuntu/ 43s autopkgtest [08:17:23]: testbed dpkg architecture: amd64 43s autopkgtest [08:17:23]: testbed apt version: 2.7.14build2 43s autopkgtest [08:17:23]: @@@@@@@@@@@@@@@@@@@@ test bed setup 43s Get:1 http://ftpmaster.internal/ubuntu noble-proposed InRelease [265 kB] 43s Get:2 http://ftpmaster.internal/ubuntu noble-proposed/main Sources [79.1 kB] 43s Get:3 http://ftpmaster.internal/ubuntu noble-proposed/restricted Sources [3240 B] 43s Get:4 http://ftpmaster.internal/ubuntu noble-proposed/universe Sources [88.3 kB] 43s Get:5 http://ftpmaster.internal/ubuntu noble-proposed/main i386 Packages [128 kB] 43s Get:6 http://ftpmaster.internal/ubuntu noble-proposed/main amd64 Packages [188 kB] 43s Get:7 http://ftpmaster.internal/ubuntu noble-proposed/main amd64 c-n-f Metadata [3768 B] 43s Get:8 http://ftpmaster.internal/ubuntu noble-proposed/restricted i386 Packages [1176 B] 43s Get:9 http://ftpmaster.internal/ubuntu noble-proposed/restricted amd64 Packages [52.6 kB] 43s Get:10 http://ftpmaster.internal/ubuntu noble-proposed/restricted amd64 c-n-f Metadata [360 B] 43s Get:11 http://ftpmaster.internal/ubuntu noble-proposed/universe amd64 Packages [665 kB] 43s Get:12 http://ftpmaster.internal/ubuntu noble-proposed/universe i386 Packages [511 kB] 43s Get:13 http://ftpmaster.internal/ubuntu noble-proposed/universe amd64 c-n-f Metadata [10.7 kB] 43s Get:14 http://ftpmaster.internal/ubuntu noble-proposed/multiverse amd64 c-n-f Metadata [344 B] 45s Fetched 1996 kB in 0s (5208 kB/s) 45s Reading package lists... 47s Reading package lists... 47s Building dependency tree... 47s Reading state information... 48s Calculating upgrade... 48s The following packages will be upgraded: 48s krb5-locales libacl1 libaudit-common libaudit1 libgssapi-krb5-2 libk5crypto3 48s libkrb5-3 libkrb5support0 libldap-common libldap2 libnss-systemd 48s libpam-systemd libsystemd-shared libsystemd0 libudev1 openssh-client 48s openssh-server openssh-sftp-server systemd systemd-dev systemd-resolved 48s systemd-sysv systemd-timesyncd udev vim-common vim-tiny xxd 48s 27 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 48s Need to get 12.5 MB of archives. 48s After this operation, 9216 B of additional disk space will be used. 48s Get:1 http://ftpmaster.internal/ubuntu noble-proposed/main amd64 libnss-systemd amd64 255.4-1ubuntu8.5 [159 kB] 48s Get:2 http://ftpmaster.internal/ubuntu noble-proposed/main amd64 systemd-dev all 255.4-1ubuntu8.5 [104 kB] 48s Get:3 http://ftpmaster.internal/ubuntu noble-proposed/main amd64 libacl1 amd64 2.3.2-1build1.1 [16.8 kB] 48s Get:4 http://ftpmaster.internal/ubuntu noble-proposed/main amd64 systemd-timesyncd amd64 255.4-1ubuntu8.5 [35.3 kB] 48s Get:5 http://ftpmaster.internal/ubuntu noble-proposed/main amd64 systemd-resolved amd64 255.4-1ubuntu8.5 [296 kB] 48s Get:6 http://ftpmaster.internal/ubuntu noble-proposed/main amd64 libsystemd-shared amd64 255.4-1ubuntu8.5 [2069 kB] 48s Get:7 http://ftpmaster.internal/ubuntu noble-proposed/main amd64 libsystemd0 amd64 255.4-1ubuntu8.5 [433 kB] 48s Get:8 http://ftpmaster.internal/ubuntu noble-proposed/main amd64 systemd-sysv amd64 255.4-1ubuntu8.5 [11.9 kB] 48s Get:9 http://ftpmaster.internal/ubuntu noble-proposed/main amd64 libpam-systemd amd64 255.4-1ubuntu8.5 [235 kB] 48s Get:10 http://ftpmaster.internal/ubuntu noble-proposed/main amd64 systemd amd64 255.4-1ubuntu8.5 [3471 kB] 48s Get:11 http://ftpmaster.internal/ubuntu noble-proposed/main amd64 udev amd64 255.4-1ubuntu8.5 [1874 kB] 48s Get:12 http://ftpmaster.internal/ubuntu noble-proposed/main amd64 libudev1 amd64 255.4-1ubuntu8.5 [175 kB] 48s Get:13 http://ftpmaster.internal/ubuntu noble-proposed/main amd64 libaudit-common all 1:3.1.2-2.1build1.1 [5824 B] 48s Get:14 http://ftpmaster.internal/ubuntu noble-proposed/main amd64 libaudit1 amd64 1:3.1.2-2.1build1.1 [47.0 kB] 48s Get:15 http://ftpmaster.internal/ubuntu noble-proposed/main amd64 libgssapi-krb5-2 amd64 1.20.1-6ubuntu2.2 [143 kB] 48s Get:16 http://ftpmaster.internal/ubuntu noble-proposed/main amd64 libkrb5-3 amd64 1.20.1-6ubuntu2.2 [347 kB] 48s Get:17 http://ftpmaster.internal/ubuntu noble-proposed/main amd64 libkrb5support0 amd64 1.20.1-6ubuntu2.2 [33.7 kB] 48s Get:18 http://ftpmaster.internal/ubuntu noble-proposed/main amd64 libk5crypto3 amd64 1.20.1-6ubuntu2.2 [81.8 kB] 48s Get:19 http://ftpmaster.internal/ubuntu noble-proposed/main amd64 openssh-sftp-server amd64 1:9.6p1-3ubuntu13.7 [37.3 kB] 48s Get:20 http://ftpmaster.internal/ubuntu noble-proposed/main amd64 openssh-server amd64 1:9.6p1-3ubuntu13.7 [509 kB] 48s Get:21 http://ftpmaster.internal/ubuntu noble-proposed/main amd64 openssh-client amd64 1:9.6p1-3ubuntu13.7 [905 kB] 48s Get:22 http://ftpmaster.internal/ubuntu noble-proposed/main amd64 krb5-locales all 1.20.1-6ubuntu2.2 [14.0 kB] 48s Get:23 http://ftpmaster.internal/ubuntu noble-updates/main amd64 vim-tiny amd64 2:9.1.0016-1ubuntu7.4 [803 kB] 48s Get:24 http://ftpmaster.internal/ubuntu noble-updates/main amd64 vim-common all 2:9.1.0016-1ubuntu7.4 [385 kB] 48s Get:25 http://ftpmaster.internal/ubuntu noble-updates/main amd64 xxd amd64 2:9.1.0016-1ubuntu7.4 [63.1 kB] 48s Get:26 http://ftpmaster.internal/ubuntu noble-proposed/main amd64 libldap-common all 2.6.7+dfsg-1~exp1ubuntu8.1 [31.5 kB] 48s Get:27 http://ftpmaster.internal/ubuntu noble-proposed/main amd64 libldap2 amd64 2.6.7+dfsg-1~exp1ubuntu8.1 [195 kB] 48s Preconfiguring packages ... 48s Fetched 12.5 MB in 0s (78.8 MB/s) 49s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 74137 files and directories currently installed.) 49s Preparing to unpack .../libnss-systemd_255.4-1ubuntu8.5_amd64.deb ... 49s Unpacking libnss-systemd:amd64 (255.4-1ubuntu8.5) over (255.4-1ubuntu8.4) ... 49s Preparing to unpack .../systemd-dev_255.4-1ubuntu8.5_all.deb ... 49s Unpacking systemd-dev (255.4-1ubuntu8.5) over (255.4-1ubuntu8.4) ... 49s Preparing to unpack .../libacl1_2.3.2-1build1.1_amd64.deb ... 49s Unpacking libacl1:amd64 (2.3.2-1build1.1) over (2.3.2-1build1) ... 49s Setting up libacl1:amd64 (2.3.2-1build1.1) ... 49s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 74137 files and directories currently installed.) 49s Preparing to unpack .../systemd-timesyncd_255.4-1ubuntu8.5_amd64.deb ... 49s Unpacking systemd-timesyncd (255.4-1ubuntu8.5) over (255.4-1ubuntu8.4) ... 49s Preparing to unpack .../systemd-resolved_255.4-1ubuntu8.5_amd64.deb ... 49s Unpacking systemd-resolved (255.4-1ubuntu8.5) over (255.4-1ubuntu8.4) ... 49s Preparing to unpack .../libsystemd-shared_255.4-1ubuntu8.5_amd64.deb ... 49s Unpacking libsystemd-shared:amd64 (255.4-1ubuntu8.5) over (255.4-1ubuntu8.4) ... 49s Preparing to unpack .../libsystemd0_255.4-1ubuntu8.5_amd64.deb ... 49s Unpacking libsystemd0:amd64 (255.4-1ubuntu8.5) over (255.4-1ubuntu8.4) ... 49s Setting up libsystemd0:amd64 (255.4-1ubuntu8.5) ... 49s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 74137 files and directories currently installed.) 49s Preparing to unpack .../systemd-sysv_255.4-1ubuntu8.5_amd64.deb ... 49s Unpacking systemd-sysv (255.4-1ubuntu8.5) over (255.4-1ubuntu8.4) ... 49s Preparing to unpack .../libpam-systemd_255.4-1ubuntu8.5_amd64.deb ... 49s Unpacking libpam-systemd:amd64 (255.4-1ubuntu8.5) over (255.4-1ubuntu8.4) ... 49s Preparing to unpack .../systemd_255.4-1ubuntu8.5_amd64.deb ... 49s Unpacking systemd (255.4-1ubuntu8.5) over (255.4-1ubuntu8.4) ... 49s Preparing to unpack .../udev_255.4-1ubuntu8.5_amd64.deb ... 49s Unpacking udev (255.4-1ubuntu8.5) over (255.4-1ubuntu8.4) ... 49s Preparing to unpack .../libudev1_255.4-1ubuntu8.5_amd64.deb ... 49s Unpacking libudev1:amd64 (255.4-1ubuntu8.5) over (255.4-1ubuntu8.4) ... 50s Setting up libudev1:amd64 (255.4-1ubuntu8.5) ... 50s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 74137 files and directories currently installed.) 50s Preparing to unpack .../libaudit-common_1%3a3.1.2-2.1build1.1_all.deb ... 50s Unpacking libaudit-common (1:3.1.2-2.1build1.1) over (1:3.1.2-2.1build1) ... 50s Setting up libaudit-common (1:3.1.2-2.1build1.1) ... 50s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 74137 files and directories currently installed.) 50s Preparing to unpack .../libaudit1_1%3a3.1.2-2.1build1.1_amd64.deb ... 50s Unpacking libaudit1:amd64 (1:3.1.2-2.1build1.1) over (1:3.1.2-2.1build1) ... 50s Setting up libaudit1:amd64 (1:3.1.2-2.1build1.1) ... 50s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 74137 files and directories currently installed.) 50s Preparing to unpack .../00-libgssapi-krb5-2_1.20.1-6ubuntu2.2_amd64.deb ... 50s Unpacking libgssapi-krb5-2:amd64 (1.20.1-6ubuntu2.2) over (1.20.1-6ubuntu2.1) ... 50s Preparing to unpack .../01-libkrb5-3_1.20.1-6ubuntu2.2_amd64.deb ... 50s Unpacking libkrb5-3:amd64 (1.20.1-6ubuntu2.2) over (1.20.1-6ubuntu2.1) ... 50s Preparing to unpack .../02-libkrb5support0_1.20.1-6ubuntu2.2_amd64.deb ... 50s Unpacking libkrb5support0:amd64 (1.20.1-6ubuntu2.2) over (1.20.1-6ubuntu2.1) ... 50s Preparing to unpack .../03-libk5crypto3_1.20.1-6ubuntu2.2_amd64.deb ... 50s Unpacking libk5crypto3:amd64 (1.20.1-6ubuntu2.2) over (1.20.1-6ubuntu2.1) ... 50s Preparing to unpack .../04-openssh-sftp-server_1%3a9.6p1-3ubuntu13.7_amd64.deb ... 50s Unpacking openssh-sftp-server (1:9.6p1-3ubuntu13.7) over (1:9.6p1-3ubuntu13.5) ... 50s Preparing to unpack .../05-openssh-server_1%3a9.6p1-3ubuntu13.7_amd64.deb ... 50s Unpacking openssh-server (1:9.6p1-3ubuntu13.7) over (1:9.6p1-3ubuntu13.5) ... 50s Preparing to unpack .../06-openssh-client_1%3a9.6p1-3ubuntu13.7_amd64.deb ... 50s Unpacking openssh-client (1:9.6p1-3ubuntu13.7) over (1:9.6p1-3ubuntu13.5) ... 50s Preparing to unpack .../07-krb5-locales_1.20.1-6ubuntu2.2_all.deb ... 50s Unpacking krb5-locales (1.20.1-6ubuntu2.2) over (1.20.1-6ubuntu2.1) ... 50s Preparing to unpack .../08-vim-tiny_2%3a9.1.0016-1ubuntu7.4_amd64.deb ... 50s Unpacking vim-tiny (2:9.1.0016-1ubuntu7.4) over (2:9.1.0016-1ubuntu7.3) ... 50s Preparing to unpack .../09-vim-common_2%3a9.1.0016-1ubuntu7.4_all.deb ... 50s Unpacking vim-common (2:9.1.0016-1ubuntu7.4) over (2:9.1.0016-1ubuntu7.3) ... 50s Preparing to unpack .../10-xxd_2%3a9.1.0016-1ubuntu7.4_amd64.deb ... 50s Unpacking xxd (2:9.1.0016-1ubuntu7.4) over (2:9.1.0016-1ubuntu7.3) ... 50s Preparing to unpack .../11-libldap-common_2.6.7+dfsg-1~exp1ubuntu8.1_all.deb ... 50s Unpacking libldap-common (2.6.7+dfsg-1~exp1ubuntu8.1) over (2.6.7+dfsg-1~exp1ubuntu8) ... 50s Preparing to unpack .../12-libldap2_2.6.7+dfsg-1~exp1ubuntu8.1_amd64.deb ... 50s Unpacking libldap2:amd64 (2.6.7+dfsg-1~exp1ubuntu8.1) over (2.6.7+dfsg-1~exp1ubuntu8) ... 50s Setting up systemd-dev (255.4-1ubuntu8.5) ... 50s Setting up krb5-locales (1.20.1-6ubuntu2.2) ... 50s Setting up libldap-common (2.6.7+dfsg-1~exp1ubuntu8.1) ... 50s Setting up xxd (2:9.1.0016-1ubuntu7.4) ... 50s Setting up libkrb5support0:amd64 (1.20.1-6ubuntu2.2) ... 50s Setting up vim-common (2:9.1.0016-1ubuntu7.4) ... 50s Setting up libsystemd-shared:amd64 (255.4-1ubuntu8.5) ... 50s Setting up libk5crypto3:amd64 (1.20.1-6ubuntu2.2) ... 50s Setting up libkrb5-3:amd64 (1.20.1-6ubuntu2.2) ... 50s Setting up libldap2:amd64 (2.6.7+dfsg-1~exp1ubuntu8.1) ... 50s Setting up systemd (255.4-1ubuntu8.5) ... 51s Setting up vim-tiny (2:9.1.0016-1ubuntu7.4) ... 51s Setting up systemd-timesyncd (255.4-1ubuntu8.5) ... 51s Setting up libgssapi-krb5-2:amd64 (1.20.1-6ubuntu2.2) ... 51s Setting up udev (255.4-1ubuntu8.5) ... 52s Setting up systemd-resolved (255.4-1ubuntu8.5) ... 53s Setting up systemd-sysv (255.4-1ubuntu8.5) ... 53s Setting up openssh-client (1:9.6p1-3ubuntu13.7) ... 53s Setting up libnss-systemd:amd64 (255.4-1ubuntu8.5) ... 53s Setting up libpam-systemd:amd64 (255.4-1ubuntu8.5) ... 53s Setting up openssh-sftp-server (1:9.6p1-3ubuntu13.7) ... 53s Setting up openssh-server (1:9.6p1-3ubuntu13.7) ... 53s Replacing config file /etc/ssh/sshd_config with new version 54s Processing triggers for ufw (0.36.2-6) ... 54s Processing triggers for man-db (2.12.0-4build2) ... 55s Processing triggers for dbus (1.14.10-4ubuntu4.1) ... 55s Processing triggers for initramfs-tools (0.142ubuntu25.4) ... 55s update-initramfs: Generating /boot/initrd.img-6.8.0-48-generic 55s W: No lz4 in /usr/bin:/sbin:/bin, using gzip 63s Processing triggers for libc-bin (2.39-0ubuntu8.3) ... 64s Reading package lists... 64s Building dependency tree... 64s Reading state information... 64s 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 64s Hit:1 http://ftpmaster.internal/ubuntu noble-proposed InRelease 64s Hit:2 http://ftpmaster.internal/ubuntu noble InRelease 64s Hit:3 http://ftpmaster.internal/ubuntu noble-updates InRelease 64s Hit:4 http://ftpmaster.internal/ubuntu noble-security InRelease 66s Reading package lists... 66s Reading package lists... 66s Building dependency tree... 66s Reading state information... 66s Calculating upgrade... 66s 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 66s Reading package lists... 67s Building dependency tree... 67s Reading state information... 67s 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 67s autopkgtest [08:17:47]: rebooting testbed after setup commands that affected boot 70s autopkgtest-virt-ssh: WARNING: ssh connection failed. Retrying in 3 seconds... 81s autopkgtest [08:18:01]: testbed running kernel: Linux 6.8.0-48-generic #48-Ubuntu SMP PREEMPT_DYNAMIC Fri Sep 27 14:04:52 UTC 2024 82s autopkgtest [08:18:02]: @@@@@@@@@@@@@@@@@@@@ apt-source sssd 90s Get:1 http://ftpmaster.internal/ubuntu noble-updates/main sssd 2.9.4-1.1ubuntu6.1 (dsc) [5064 B] 90s Get:2 http://ftpmaster.internal/ubuntu noble-updates/main sssd 2.9.4-1.1ubuntu6.1 (tar) [7983 kB] 90s Get:3 http://ftpmaster.internal/ubuntu noble-updates/main sssd 2.9.4-1.1ubuntu6.1 (diff) [51.3 kB] 90s gpgv: Signature made Mon Jun 10 14:26:32 2024 UTC 90s gpgv: using RSA key 50C4A0DDCF31E452CEB19B516569D855A744BE93 90s gpgv: Can't check signature: No public key 90s dpkg-source: warning: cannot verify inline signature for ./sssd_2.9.4-1.1ubuntu6.1.dsc: no acceptable signature found 90s autopkgtest [08:18:10]: testing package sssd version 2.9.4-1.1ubuntu6.1 91s autopkgtest [08:18:11]: build not needed 91s autopkgtest [08:18:11]: test ldap-user-group-ldap-auth: preparing testbed 92s Reading package lists... 92s Building dependency tree... 92s Reading state information... 92s Starting pkgProblemResolver with broken count: 0 92s Starting 2 pkgProblemResolver with broken count: 0 92s Done 93s The following additional packages will be installed: 93s expect ldap-utils libavahi-client3 libavahi-common-data libavahi-common3 93s libbasicobjects0t64 libcares2 libcollection4t64 libcrack2 libdhash1t64 93s libevent-2.1-7t64 libini-config5t64 libipa-hbac-dev libipa-hbac0t64 libjose0 93s libkrad0 libldb2 libltdl7 libnfsidmap1 libnss-sss libnss-sudo libodbc2 93s libpam-pwquality libpam-sss libpath-utils1t64 libpwquality-common 93s libpwquality1 libref-array1t64 libsmbclient0 libsss-certmap-dev 93s libsss-certmap0 libsss-idmap-dev libsss-idmap0 libsss-nss-idmap-dev 93s libsss-nss-idmap0 libsss-sudo libtalloc2 libtcl8.6 libtdb1 libtevent0t64 93s libverto-libevent1t64 libverto1t64 libwbclient0 python3-libipa-hbac 93s python3-libsss-nss-idmap python3-sss samba-libs slapd sssd sssd-ad 93s sssd-ad-common sssd-common sssd-dbus sssd-idp sssd-ipa sssd-kcm sssd-krb5 93s sssd-krb5-common sssd-ldap sssd-passkey sssd-proxy sssd-tools tcl-expect 93s tcl8.6 93s Suggested packages: 93s tk8.6 libsasl2-modules-gssapi-mit | libsasl2-modules-gssapi-heimdal 93s odbc-postgresql tdsodbc adcli libsasl2-modules-ldap tcl-tclreadline 93s Recommended packages: 93s cracklib-runtime libsasl2-modules-gssapi-mit 93s | libsasl2-modules-gssapi-heimdal 93s The following NEW packages will be installed: 93s autopkgtest-satdep expect ldap-utils libavahi-client3 libavahi-common-data 93s libavahi-common3 libbasicobjects0t64 libcares2 libcollection4t64 libcrack2 93s libdhash1t64 libevent-2.1-7t64 libini-config5t64 libipa-hbac-dev 93s libipa-hbac0t64 libjose0 libkrad0 libldb2 libltdl7 libnfsidmap1 libnss-sss 93s libnss-sudo libodbc2 libpam-pwquality libpam-sss libpath-utils1t64 93s libpwquality-common libpwquality1 libref-array1t64 libsmbclient0 93s libsss-certmap-dev libsss-certmap0 libsss-idmap-dev libsss-idmap0 93s libsss-nss-idmap-dev libsss-nss-idmap0 libsss-sudo libtalloc2 libtcl8.6 93s libtdb1 libtevent0t64 libverto-libevent1t64 libverto1t64 libwbclient0 93s python3-libipa-hbac python3-libsss-nss-idmap python3-sss samba-libs slapd 93s sssd sssd-ad sssd-ad-common sssd-common sssd-dbus sssd-idp sssd-ipa sssd-kcm 93s sssd-krb5 sssd-krb5-common sssd-ldap sssd-passkey sssd-proxy sssd-tools 93s tcl-expect tcl8.6 93s 0 upgraded, 65 newly installed, 0 to remove and 0 not upgraded. 93s Need to get 12.7 MB/12.7 MB of archives. 93s After this operation, 48.8 MB of additional disk space will be used. 93s Get:1 /tmp/autopkgtest.sqpKAL/1-autopkgtest-satdep.deb autopkgtest-satdep amd64 0 [872 B] 93s Get:2 http://ftpmaster.internal/ubuntu noble/main amd64 libltdl7 amd64 2.4.7-7build1 [40.3 kB] 93s Get:3 http://ftpmaster.internal/ubuntu noble-updates/main amd64 libodbc2 amd64 2.3.12-1ubuntu0.24.04.1 [158 kB] 93s Get:4 http://ftpmaster.internal/ubuntu noble-proposed/main amd64 slapd amd64 2.6.7+dfsg-1~exp1ubuntu8.1 [1553 kB] 93s Get:5 http://ftpmaster.internal/ubuntu noble/main amd64 libtcl8.6 amd64 8.6.14+dfsg-1build1 [988 kB] 93s Get:6 http://ftpmaster.internal/ubuntu noble/main amd64 tcl8.6 amd64 8.6.14+dfsg-1build1 [14.7 kB] 93s Get:7 http://ftpmaster.internal/ubuntu noble/universe amd64 tcl-expect amd64 5.45.4-3 [110 kB] 93s Get:8 http://ftpmaster.internal/ubuntu noble/universe amd64 expect amd64 5.45.4-3 [137 kB] 93s Get:9 http://ftpmaster.internal/ubuntu noble-proposed/main amd64 ldap-utils amd64 2.6.7+dfsg-1~exp1ubuntu8.1 [153 kB] 93s Get:10 http://ftpmaster.internal/ubuntu noble/main amd64 libavahi-common-data amd64 0.8-13ubuntu6 [29.7 kB] 93s Get:11 http://ftpmaster.internal/ubuntu noble/main amd64 libavahi-common3 amd64 0.8-13ubuntu6 [23.3 kB] 93s Get:12 http://ftpmaster.internal/ubuntu noble/main amd64 libavahi-client3 amd64 0.8-13ubuntu6 [26.8 kB] 93s Get:13 http://ftpmaster.internal/ubuntu noble/main amd64 libbasicobjects0t64 amd64 0.6.2-2.1build1 [5854 B] 93s Get:14 http://ftpmaster.internal/ubuntu noble/main amd64 libcares2 amd64 1.27.0-1.0ubuntu1 [73.7 kB] 93s Get:15 http://ftpmaster.internal/ubuntu noble/main amd64 libcollection4t64 amd64 0.6.2-2.1build1 [22.8 kB] 93s Get:16 http://ftpmaster.internal/ubuntu noble/main amd64 libcrack2 amd64 2.9.6-5.1build2 [29.0 kB] 93s Get:17 http://ftpmaster.internal/ubuntu noble/main amd64 libdhash1t64 amd64 0.6.2-2.1build1 [8614 B] 93s Get:18 http://ftpmaster.internal/ubuntu noble/main amd64 libevent-2.1-7t64 amd64 2.1.12-stable-9ubuntu2 [145 kB] 93s Get:19 http://ftpmaster.internal/ubuntu noble/main amd64 libpath-utils1t64 amd64 0.6.2-2.1build1 [8744 B] 93s Get:20 http://ftpmaster.internal/ubuntu noble/main amd64 libref-array1t64 amd64 0.6.2-2.1build1 [7420 B] 93s Get:21 http://ftpmaster.internal/ubuntu noble/main amd64 libini-config5t64 amd64 0.6.2-2.1build1 [43.5 kB] 93s Get:22 http://ftpmaster.internal/ubuntu noble-updates/main amd64 libipa-hbac0t64 amd64 2.9.4-1.1ubuntu6.1 [17.6 kB] 93s Get:23 http://ftpmaster.internal/ubuntu noble/universe amd64 libjose0 amd64 13-1 [44.5 kB] 93s Get:24 http://ftpmaster.internal/ubuntu noble/main amd64 libverto-libevent1t64 amd64 0.3.1-1.2ubuntu3 [6424 B] 93s Get:25 http://ftpmaster.internal/ubuntu noble/main amd64 libverto1t64 amd64 0.3.1-1.2ubuntu3 [10.5 kB] 93s Get:26 http://ftpmaster.internal/ubuntu noble-proposed/main amd64 libkrad0 amd64 1.20.1-6ubuntu2.2 [22.2 kB] 93s Get:27 http://ftpmaster.internal/ubuntu noble/main amd64 libtalloc2 amd64 2.4.2-1build2 [27.3 kB] 93s Get:28 http://ftpmaster.internal/ubuntu noble/main amd64 libtdb1 amd64 1.4.10-1build1 [46.8 kB] 93s Get:29 http://ftpmaster.internal/ubuntu noble/main amd64 libtevent0t64 amd64 0.16.1-2build1 [42.6 kB] 93s Get:30 http://ftpmaster.internal/ubuntu noble/main amd64 libldb2 amd64 2:2.8.0+samba4.19.5+dfsg-4ubuntu9 [187 kB] 93s Get:31 http://ftpmaster.internal/ubuntu noble/main amd64 libnfsidmap1 amd64 1:2.6.4-3ubuntu5 [48.2 kB] 93s Get:32 http://ftpmaster.internal/ubuntu noble/universe amd64 libnss-sudo all 1.9.15p5-3ubuntu5 [15.2 kB] 93s Get:33 http://ftpmaster.internal/ubuntu noble/main amd64 libpwquality-common all 1.4.5-3build1 [7748 B] 93s Get:34 http://ftpmaster.internal/ubuntu noble/main amd64 libpwquality1 amd64 1.4.5-3build1 [13.5 kB] 93s Get:35 http://ftpmaster.internal/ubuntu noble/main amd64 libpam-pwquality amd64 1.4.5-3build1 [11.7 kB] 93s Get:36 http://ftpmaster.internal/ubuntu noble/main amd64 libwbclient0 amd64 2:4.19.5+dfsg-4ubuntu9 [70.6 kB] 93s Get:37 http://ftpmaster.internal/ubuntu noble/main amd64 samba-libs amd64 2:4.19.5+dfsg-4ubuntu9 [6017 kB] 93s Get:38 http://ftpmaster.internal/ubuntu noble/main amd64 libsmbclient0 amd64 2:4.19.5+dfsg-4ubuntu9 [62.4 kB] 93s Get:39 http://ftpmaster.internal/ubuntu noble-updates/main amd64 libnss-sss amd64 2.9.4-1.1ubuntu6.1 [31.7 kB] 93s Get:40 http://ftpmaster.internal/ubuntu noble-updates/main amd64 libpam-sss amd64 2.9.4-1.1ubuntu6.1 [50.5 kB] 93s Get:41 http://ftpmaster.internal/ubuntu noble-updates/main amd64 python3-sss amd64 2.9.4-1.1ubuntu6.1 [47.3 kB] 93s Get:42 http://ftpmaster.internal/ubuntu noble-updates/main amd64 libsss-certmap0 amd64 2.9.4-1.1ubuntu6.1 [47.3 kB] 93s Get:43 http://ftpmaster.internal/ubuntu noble-updates/main amd64 libsss-idmap0 amd64 2.9.4-1.1ubuntu6.1 [21.9 kB] 93s Get:44 http://ftpmaster.internal/ubuntu noble-updates/main amd64 libsss-nss-idmap0 amd64 2.9.4-1.1ubuntu6.1 [30.5 kB] 93s Get:45 http://ftpmaster.internal/ubuntu noble-updates/main amd64 sssd-common amd64 2.9.4-1.1ubuntu6.1 [1139 kB] 93s Get:46 http://ftpmaster.internal/ubuntu noble-updates/universe amd64 sssd-idp amd64 2.9.4-1.1ubuntu6.1 [27.4 kB] 93s Get:47 http://ftpmaster.internal/ubuntu noble-updates/universe amd64 sssd-passkey amd64 2.9.4-1.1ubuntu6.1 [32.4 kB] 93s Get:48 http://ftpmaster.internal/ubuntu noble-updates/main amd64 sssd-ad-common amd64 2.9.4-1.1ubuntu6.1 [77.1 kB] 93s Get:49 http://ftpmaster.internal/ubuntu noble-updates/main amd64 sssd-krb5-common amd64 2.9.4-1.1ubuntu6.1 [88.8 kB] 93s Get:50 http://ftpmaster.internal/ubuntu noble-updates/main amd64 sssd-ad amd64 2.9.4-1.1ubuntu6.1 [136 kB] 93s Get:51 http://ftpmaster.internal/ubuntu noble-updates/main amd64 sssd-ipa amd64 2.9.4-1.1ubuntu6.1 [221 kB] 93s Get:52 http://ftpmaster.internal/ubuntu noble-updates/main amd64 sssd-krb5 amd64 2.9.4-1.1ubuntu6.1 [14.5 kB] 93s Get:53 http://ftpmaster.internal/ubuntu noble-updates/main amd64 sssd-ldap amd64 2.9.4-1.1ubuntu6.1 [31.3 kB] 93s Get:54 http://ftpmaster.internal/ubuntu noble-updates/main amd64 sssd-proxy amd64 2.9.4-1.1ubuntu6.1 [44.6 kB] 93s Get:55 http://ftpmaster.internal/ubuntu noble-updates/main amd64 sssd amd64 2.9.4-1.1ubuntu6.1 [4122 B] 93s Get:56 http://ftpmaster.internal/ubuntu noble-updates/main amd64 sssd-dbus amd64 2.9.4-1.1ubuntu6.1 [104 kB] 93s Get:57 http://ftpmaster.internal/ubuntu noble-updates/universe amd64 sssd-kcm amd64 2.9.4-1.1ubuntu6.1 [140 kB] 93s Get:58 http://ftpmaster.internal/ubuntu noble-updates/main amd64 sssd-tools amd64 2.9.4-1.1ubuntu6.1 [97.8 kB] 93s Get:59 http://ftpmaster.internal/ubuntu noble-updates/main amd64 libipa-hbac-dev amd64 2.9.4-1.1ubuntu6.1 [6668 B] 93s Get:60 http://ftpmaster.internal/ubuntu noble-updates/main amd64 libsss-certmap-dev amd64 2.9.4-1.1ubuntu6.1 [5736 B] 93s Get:61 http://ftpmaster.internal/ubuntu noble-updates/main amd64 libsss-idmap-dev amd64 2.9.4-1.1ubuntu6.1 [8382 B] 93s Get:62 http://ftpmaster.internal/ubuntu noble-updates/main amd64 libsss-nss-idmap-dev amd64 2.9.4-1.1ubuntu6.1 [6716 B] 93s Get:63 http://ftpmaster.internal/ubuntu noble-updates/universe amd64 libsss-sudo amd64 2.9.4-1.1ubuntu6.1 [21.3 kB] 93s Get:64 http://ftpmaster.internal/ubuntu noble-updates/universe amd64 python3-libipa-hbac amd64 2.9.4-1.1ubuntu6.1 [16.8 kB] 93s Get:65 http://ftpmaster.internal/ubuntu noble-updates/universe amd64 python3-libsss-nss-idmap amd64 2.9.4-1.1ubuntu6.1 [9182 B] 93s Preconfiguring packages ... 94s Fetched 12.7 MB in 0s (38.9 MB/s) 94s Selecting previously unselected package libltdl7:amd64. 94s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 74137 files and directories currently installed.) 94s Preparing to unpack .../00-libltdl7_2.4.7-7build1_amd64.deb ... 94s Unpacking libltdl7:amd64 (2.4.7-7build1) ... 94s Selecting previously unselected package libodbc2:amd64. 94s Preparing to unpack .../01-libodbc2_2.3.12-1ubuntu0.24.04.1_amd64.deb ... 94s Unpacking libodbc2:amd64 (2.3.12-1ubuntu0.24.04.1) ... 94s Selecting previously unselected package slapd. 94s Preparing to unpack .../02-slapd_2.6.7+dfsg-1~exp1ubuntu8.1_amd64.deb ... 94s Unpacking slapd (2.6.7+dfsg-1~exp1ubuntu8.1) ... 94s Selecting previously unselected package libtcl8.6:amd64. 94s Preparing to unpack .../03-libtcl8.6_8.6.14+dfsg-1build1_amd64.deb ... 94s Unpacking libtcl8.6:amd64 (8.6.14+dfsg-1build1) ... 94s Selecting previously unselected package tcl8.6. 94s Preparing to unpack .../04-tcl8.6_8.6.14+dfsg-1build1_amd64.deb ... 94s Unpacking tcl8.6 (8.6.14+dfsg-1build1) ... 94s Selecting previously unselected package tcl-expect:amd64. 94s Preparing to unpack .../05-tcl-expect_5.45.4-3_amd64.deb ... 94s Unpacking tcl-expect:amd64 (5.45.4-3) ... 94s Selecting previously unselected package expect. 94s Preparing to unpack .../06-expect_5.45.4-3_amd64.deb ... 94s Unpacking expect (5.45.4-3) ... 94s Selecting previously unselected package ldap-utils. 94s Preparing to unpack .../07-ldap-utils_2.6.7+dfsg-1~exp1ubuntu8.1_amd64.deb ... 94s Unpacking ldap-utils (2.6.7+dfsg-1~exp1ubuntu8.1) ... 94s Selecting previously unselected package libavahi-common-data:amd64. 94s Preparing to unpack .../08-libavahi-common-data_0.8-13ubuntu6_amd64.deb ... 94s Unpacking libavahi-common-data:amd64 (0.8-13ubuntu6) ... 94s Selecting previously unselected package libavahi-common3:amd64. 94s Preparing to unpack .../09-libavahi-common3_0.8-13ubuntu6_amd64.deb ... 94s Unpacking libavahi-common3:amd64 (0.8-13ubuntu6) ... 94s Selecting previously unselected package libavahi-client3:amd64. 94s Preparing to unpack .../10-libavahi-client3_0.8-13ubuntu6_amd64.deb ... 94s Unpacking libavahi-client3:amd64 (0.8-13ubuntu6) ... 94s Selecting previously unselected package libbasicobjects0t64:amd64. 94s Preparing to unpack .../11-libbasicobjects0t64_0.6.2-2.1build1_amd64.deb ... 94s Unpacking libbasicobjects0t64:amd64 (0.6.2-2.1build1) ... 94s Selecting previously unselected package libcares2:amd64. 94s Preparing to unpack .../12-libcares2_1.27.0-1.0ubuntu1_amd64.deb ... 94s Unpacking libcares2:amd64 (1.27.0-1.0ubuntu1) ... 94s Selecting previously unselected package libcollection4t64:amd64. 94s Preparing to unpack .../13-libcollection4t64_0.6.2-2.1build1_amd64.deb ... 94s Unpacking libcollection4t64:amd64 (0.6.2-2.1build1) ... 94s Selecting previously unselected package libcrack2:amd64. 94s Preparing to unpack .../14-libcrack2_2.9.6-5.1build2_amd64.deb ... 94s Unpacking libcrack2:amd64 (2.9.6-5.1build2) ... 94s Selecting previously unselected package libdhash1t64:amd64. 94s Preparing to unpack .../15-libdhash1t64_0.6.2-2.1build1_amd64.deb ... 94s Unpacking libdhash1t64:amd64 (0.6.2-2.1build1) ... 94s Selecting previously unselected package libevent-2.1-7t64:amd64. 94s Preparing to unpack .../16-libevent-2.1-7t64_2.1.12-stable-9ubuntu2_amd64.deb ... 94s Unpacking libevent-2.1-7t64:amd64 (2.1.12-stable-9ubuntu2) ... 94s Selecting previously unselected package libpath-utils1t64:amd64. 94s Preparing to unpack .../17-libpath-utils1t64_0.6.2-2.1build1_amd64.deb ... 94s Unpacking libpath-utils1t64:amd64 (0.6.2-2.1build1) ... 94s Selecting previously unselected package libref-array1t64:amd64. 94s Preparing to unpack .../18-libref-array1t64_0.6.2-2.1build1_amd64.deb ... 94s Unpacking libref-array1t64:amd64 (0.6.2-2.1build1) ... 94s Selecting previously unselected package libini-config5t64:amd64. 94s Preparing to unpack .../19-libini-config5t64_0.6.2-2.1build1_amd64.deb ... 94s Unpacking libini-config5t64:amd64 (0.6.2-2.1build1) ... 95s Selecting previously unselected package libipa-hbac0t64. 95s Preparing to unpack .../20-libipa-hbac0t64_2.9.4-1.1ubuntu6.1_amd64.deb ... 95s Unpacking libipa-hbac0t64 (2.9.4-1.1ubuntu6.1) ... 95s Selecting previously unselected package libjose0:amd64. 95s Preparing to unpack .../21-libjose0_13-1_amd64.deb ... 95s Unpacking libjose0:amd64 (13-1) ... 95s Selecting previously unselected package libverto-libevent1t64:amd64. 95s Preparing to unpack .../22-libverto-libevent1t64_0.3.1-1.2ubuntu3_amd64.deb ... 95s Unpacking libverto-libevent1t64:amd64 (0.3.1-1.2ubuntu3) ... 95s Selecting previously unselected package libverto1t64:amd64. 95s Preparing to unpack .../23-libverto1t64_0.3.1-1.2ubuntu3_amd64.deb ... 95s Unpacking libverto1t64:amd64 (0.3.1-1.2ubuntu3) ... 95s Selecting previously unselected package libkrad0:amd64. 95s Preparing to unpack .../24-libkrad0_1.20.1-6ubuntu2.2_amd64.deb ... 95s Unpacking libkrad0:amd64 (1.20.1-6ubuntu2.2) ... 95s Selecting previously unselected package libtalloc2:amd64. 95s Preparing to unpack .../25-libtalloc2_2.4.2-1build2_amd64.deb ... 95s Unpacking libtalloc2:amd64 (2.4.2-1build2) ... 95s Selecting previously unselected package libtdb1:amd64. 95s Preparing to unpack .../26-libtdb1_1.4.10-1build1_amd64.deb ... 95s Unpacking libtdb1:amd64 (1.4.10-1build1) ... 95s Selecting previously unselected package libtevent0t64:amd64. 95s Preparing to unpack .../27-libtevent0t64_0.16.1-2build1_amd64.deb ... 95s Unpacking libtevent0t64:amd64 (0.16.1-2build1) ... 95s Selecting previously unselected package libldb2:amd64. 95s Preparing to unpack .../28-libldb2_2%3a2.8.0+samba4.19.5+dfsg-4ubuntu9_amd64.deb ... 95s Unpacking libldb2:amd64 (2:2.8.0+samba4.19.5+dfsg-4ubuntu9) ... 95s Selecting previously unselected package libnfsidmap1:amd64. 95s Preparing to unpack .../29-libnfsidmap1_1%3a2.6.4-3ubuntu5_amd64.deb ... 95s Unpacking libnfsidmap1:amd64 (1:2.6.4-3ubuntu5) ... 95s Selecting previously unselected package libnss-sudo. 95s Preparing to unpack .../30-libnss-sudo_1.9.15p5-3ubuntu5_all.deb ... 95s Unpacking libnss-sudo (1.9.15p5-3ubuntu5) ... 95s Selecting previously unselected package libpwquality-common. 95s Preparing to unpack .../31-libpwquality-common_1.4.5-3build1_all.deb ... 95s Unpacking libpwquality-common (1.4.5-3build1) ... 95s Selecting previously unselected package libpwquality1:amd64. 95s Preparing to unpack .../32-libpwquality1_1.4.5-3build1_amd64.deb ... 95s Unpacking libpwquality1:amd64 (1.4.5-3build1) ... 95s Selecting previously unselected package libpam-pwquality:amd64. 95s Preparing to unpack .../33-libpam-pwquality_1.4.5-3build1_amd64.deb ... 95s Unpacking libpam-pwquality:amd64 (1.4.5-3build1) ... 95s Selecting previously unselected package libwbclient0:amd64. 95s Preparing to unpack .../34-libwbclient0_2%3a4.19.5+dfsg-4ubuntu9_amd64.deb ... 95s Unpacking libwbclient0:amd64 (2:4.19.5+dfsg-4ubuntu9) ... 95s Selecting previously unselected package samba-libs:amd64. 95s Preparing to unpack .../35-samba-libs_2%3a4.19.5+dfsg-4ubuntu9_amd64.deb ... 95s Unpacking samba-libs:amd64 (2:4.19.5+dfsg-4ubuntu9) ... 95s Selecting previously unselected package libsmbclient0:amd64. 95s Preparing to unpack .../36-libsmbclient0_2%3a4.19.5+dfsg-4ubuntu9_amd64.deb ... 95s Unpacking libsmbclient0:amd64 (2:4.19.5+dfsg-4ubuntu9) ... 95s Selecting previously unselected package libnss-sss:amd64. 95s Preparing to unpack .../37-libnss-sss_2.9.4-1.1ubuntu6.1_amd64.deb ... 95s Unpacking libnss-sss:amd64 (2.9.4-1.1ubuntu6.1) ... 95s Selecting previously unselected package libpam-sss:amd64. 95s Preparing to unpack .../38-libpam-sss_2.9.4-1.1ubuntu6.1_amd64.deb ... 95s Unpacking libpam-sss:amd64 (2.9.4-1.1ubuntu6.1) ... 95s Selecting previously unselected package python3-sss. 95s Preparing to unpack .../39-python3-sss_2.9.4-1.1ubuntu6.1_amd64.deb ... 95s Unpacking python3-sss (2.9.4-1.1ubuntu6.1) ... 95s Selecting previously unselected package libsss-certmap0. 95s Preparing to unpack .../40-libsss-certmap0_2.9.4-1.1ubuntu6.1_amd64.deb ... 95s Unpacking libsss-certmap0 (2.9.4-1.1ubuntu6.1) ... 95s Selecting previously unselected package libsss-idmap0. 95s Preparing to unpack .../41-libsss-idmap0_2.9.4-1.1ubuntu6.1_amd64.deb ... 95s Unpacking libsss-idmap0 (2.9.4-1.1ubuntu6.1) ... 95s Selecting previously unselected package libsss-nss-idmap0. 95s Preparing to unpack .../42-libsss-nss-idmap0_2.9.4-1.1ubuntu6.1_amd64.deb ... 95s Unpacking libsss-nss-idmap0 (2.9.4-1.1ubuntu6.1) ... 95s Selecting previously unselected package sssd-common. 95s Preparing to unpack .../43-sssd-common_2.9.4-1.1ubuntu6.1_amd64.deb ... 95s Unpacking sssd-common (2.9.4-1.1ubuntu6.1) ... 95s Selecting previously unselected package sssd-idp. 95s Preparing to unpack .../44-sssd-idp_2.9.4-1.1ubuntu6.1_amd64.deb ... 95s Unpacking sssd-idp (2.9.4-1.1ubuntu6.1) ... 95s Selecting previously unselected package sssd-passkey. 95s Preparing to unpack .../45-sssd-passkey_2.9.4-1.1ubuntu6.1_amd64.deb ... 95s Unpacking sssd-passkey (2.9.4-1.1ubuntu6.1) ... 95s Selecting previously unselected package sssd-ad-common. 95s Preparing to unpack .../46-sssd-ad-common_2.9.4-1.1ubuntu6.1_amd64.deb ... 95s Unpacking sssd-ad-common (2.9.4-1.1ubuntu6.1) ... 95s Selecting previously unselected package sssd-krb5-common. 95s Preparing to unpack .../47-sssd-krb5-common_2.9.4-1.1ubuntu6.1_amd64.deb ... 95s Unpacking sssd-krb5-common (2.9.4-1.1ubuntu6.1) ... 95s Selecting previously unselected package sssd-ad. 95s Preparing to unpack .../48-sssd-ad_2.9.4-1.1ubuntu6.1_amd64.deb ... 95s Unpacking sssd-ad (2.9.4-1.1ubuntu6.1) ... 95s Selecting previously unselected package sssd-ipa. 95s Preparing to unpack .../49-sssd-ipa_2.9.4-1.1ubuntu6.1_amd64.deb ... 95s Unpacking sssd-ipa (2.9.4-1.1ubuntu6.1) ... 95s Selecting previously unselected package sssd-krb5. 95s Preparing to unpack .../50-sssd-krb5_2.9.4-1.1ubuntu6.1_amd64.deb ... 95s Unpacking sssd-krb5 (2.9.4-1.1ubuntu6.1) ... 95s Selecting previously unselected package sssd-ldap. 95s Preparing to unpack .../51-sssd-ldap_2.9.4-1.1ubuntu6.1_amd64.deb ... 95s Unpacking sssd-ldap (2.9.4-1.1ubuntu6.1) ... 95s Selecting previously unselected package sssd-proxy. 95s Preparing to unpack .../52-sssd-proxy_2.9.4-1.1ubuntu6.1_amd64.deb ... 95s Unpacking sssd-proxy (2.9.4-1.1ubuntu6.1) ... 95s Selecting previously unselected package sssd. 95s Preparing to unpack .../53-sssd_2.9.4-1.1ubuntu6.1_amd64.deb ... 95s Unpacking sssd (2.9.4-1.1ubuntu6.1) ... 96s Selecting previously unselected package sssd-dbus. 96s Preparing to unpack .../54-sssd-dbus_2.9.4-1.1ubuntu6.1_amd64.deb ... 96s Unpacking sssd-dbus (2.9.4-1.1ubuntu6.1) ... 96s Selecting previously unselected package sssd-kcm. 96s Preparing to unpack .../55-sssd-kcm_2.9.4-1.1ubuntu6.1_amd64.deb ... 96s Unpacking sssd-kcm (2.9.4-1.1ubuntu6.1) ... 96s Selecting previously unselected package sssd-tools. 96s Preparing to unpack .../56-sssd-tools_2.9.4-1.1ubuntu6.1_amd64.deb ... 96s Unpacking sssd-tools (2.9.4-1.1ubuntu6.1) ... 96s Selecting previously unselected package libipa-hbac-dev. 96s Preparing to unpack .../57-libipa-hbac-dev_2.9.4-1.1ubuntu6.1_amd64.deb ... 96s Unpacking libipa-hbac-dev (2.9.4-1.1ubuntu6.1) ... 96s Selecting previously unselected package libsss-certmap-dev. 96s Preparing to unpack .../58-libsss-certmap-dev_2.9.4-1.1ubuntu6.1_amd64.deb ... 96s Unpacking libsss-certmap-dev (2.9.4-1.1ubuntu6.1) ... 96s Selecting previously unselected package libsss-idmap-dev. 96s Preparing to unpack .../59-libsss-idmap-dev_2.9.4-1.1ubuntu6.1_amd64.deb ... 96s Unpacking libsss-idmap-dev (2.9.4-1.1ubuntu6.1) ... 96s Selecting previously unselected package libsss-nss-idmap-dev. 96s Preparing to unpack .../60-libsss-nss-idmap-dev_2.9.4-1.1ubuntu6.1_amd64.deb ... 96s Unpacking libsss-nss-idmap-dev (2.9.4-1.1ubuntu6.1) ... 96s Selecting previously unselected package libsss-sudo. 96s Preparing to unpack .../61-libsss-sudo_2.9.4-1.1ubuntu6.1_amd64.deb ... 96s Unpacking libsss-sudo (2.9.4-1.1ubuntu6.1) ... 96s Selecting previously unselected package python3-libipa-hbac. 96s Preparing to unpack .../62-python3-libipa-hbac_2.9.4-1.1ubuntu6.1_amd64.deb ... 96s Unpacking python3-libipa-hbac (2.9.4-1.1ubuntu6.1) ... 96s Selecting previously unselected package python3-libsss-nss-idmap. 96s Preparing to unpack .../63-python3-libsss-nss-idmap_2.9.4-1.1ubuntu6.1_amd64.deb ... 96s Unpacking python3-libsss-nss-idmap (2.9.4-1.1ubuntu6.1) ... 96s Selecting previously unselected package autopkgtest-satdep. 96s Preparing to unpack .../64-1-autopkgtest-satdep.deb ... 96s Unpacking autopkgtest-satdep (0) ... 96s Setting up libpwquality-common (1.4.5-3build1) ... 96s Setting up libnfsidmap1:amd64 (1:2.6.4-3ubuntu5) ... 96s Setting up libsss-idmap0 (2.9.4-1.1ubuntu6.1) ... 96s Setting up libbasicobjects0t64:amd64 (0.6.2-2.1build1) ... 96s Setting up libipa-hbac0t64 (2.9.4-1.1ubuntu6.1) ... 96s Setting up libsss-idmap-dev (2.9.4-1.1ubuntu6.1) ... 96s Setting up libref-array1t64:amd64 (0.6.2-2.1build1) ... 96s Setting up libipa-hbac-dev (2.9.4-1.1ubuntu6.1) ... 96s Setting up libtdb1:amd64 (1.4.10-1build1) ... 96s Setting up libcollection4t64:amd64 (0.6.2-2.1build1) ... 96s Setting up libevent-2.1-7t64:amd64 (2.1.12-stable-9ubuntu2) ... 96s Setting up ldap-utils (2.6.7+dfsg-1~exp1ubuntu8.1) ... 96s Setting up libjose0:amd64 (13-1) ... 96s Setting up libwbclient0:amd64 (2:4.19.5+dfsg-4ubuntu9) ... 96s Setting up libtalloc2:amd64 (2.4.2-1build2) ... 96s Setting up libpath-utils1t64:amd64 (0.6.2-2.1build1) ... 96s Setting up libavahi-common-data:amd64 (0.8-13ubuntu6) ... 96s Setting up libcares2:amd64 (1.27.0-1.0ubuntu1) ... 96s Setting up libdhash1t64:amd64 (0.6.2-2.1build1) ... 96s Setting up libtcl8.6:amd64 (8.6.14+dfsg-1build1) ... 96s Setting up libltdl7:amd64 (2.4.7-7build1) ... 96s Setting up libcrack2:amd64 (2.9.6-5.1build2) ... 96s Setting up libodbc2:amd64 (2.3.12-1ubuntu0.24.04.1) ... 96s Setting up python3-libipa-hbac (2.9.4-1.1ubuntu6.1) ... 96s Setting up libnss-sudo (1.9.15p5-3ubuntu5) ... 96s Setting up libsss-nss-idmap0 (2.9.4-1.1ubuntu6.1) ... 96s Setting up libini-config5t64:amd64 (0.6.2-2.1build1) ... 96s Setting up libtevent0t64:amd64 (0.16.1-2build1) ... 96s Setting up libnss-sss:amd64 (2.9.4-1.1ubuntu6.1) ... 96s Setting up slapd (2.6.7+dfsg-1~exp1ubuntu8.1) ... 96s Creating new user openldap... done. 96s Creating initial configuration... done. 96s Creating LDAP directory... done. 97s Setting up tcl8.6 (8.6.14+dfsg-1build1) ... 97s Setting up libsss-sudo (2.9.4-1.1ubuntu6.1) ... 97s Setting up libsss-nss-idmap-dev (2.9.4-1.1ubuntu6.1) ... 97s Setting up libavahi-common3:amd64 (0.8-13ubuntu6) ... 97s Setting up tcl-expect:amd64 (5.45.4-3) ... 97s Setting up libsss-certmap0 (2.9.4-1.1ubuntu6.1) ... 97s Setting up libpwquality1:amd64 (1.4.5-3build1) ... 97s Setting up python3-libsss-nss-idmap (2.9.4-1.1ubuntu6.1) ... 97s Setting up libldb2:amd64 (2:2.8.0+samba4.19.5+dfsg-4ubuntu9) ... 97s Setting up libavahi-client3:amd64 (0.8-13ubuntu6) ... 97s Setting up expect (5.45.4-3) ... 97s Setting up libpam-pwquality:amd64 (1.4.5-3build1) ... 97s Setting up samba-libs:amd64 (2:4.19.5+dfsg-4ubuntu9) ... 97s Setting up libsss-certmap-dev (2.9.4-1.1ubuntu6.1) ... 97s Setting up python3-sss (2.9.4-1.1ubuntu6.1) ... 97s Setting up libsmbclient0:amd64 (2:4.19.5+dfsg-4ubuntu9) ... 97s Setting up libpam-sss:amd64 (2.9.4-1.1ubuntu6.1) ... 97s Setting up sssd-common (2.9.4-1.1ubuntu6.1) ... 97s Creating SSSD system user & group... 97s warn: The home directory `/var/lib/sss' already exists. Not touching this directory. 97s warn: Warning: The home directory `/var/lib/sss' does not belong to the user you are currently creating. 97s Warning: found usr.sbin.sssd in /etc/apparmor.d/force-complain, forcing complain mode 97s Warning from /etc/apparmor.d/usr.sbin.sssd (/etc/apparmor.d/usr.sbin.sssd line 63): Caching disabled for: 'usr.sbin.sssd' due to force complain 98s Created symlink /etc/systemd/system/sssd.service.wants/sssd-autofs.socket → /usr/lib/systemd/system/sssd-autofs.socket. 98s Created symlink /etc/systemd/system/sssd.service.wants/sssd-nss.socket → /usr/lib/systemd/system/sssd-nss.socket. 98s Created symlink /etc/systemd/system/sssd.service.wants/sssd-pam-priv.socket → /usr/lib/systemd/system/sssd-pam-priv.socket. 98s Created symlink /etc/systemd/system/sssd.service.wants/sssd-pam.socket → /usr/lib/systemd/system/sssd-pam.socket. 98s Created symlink /etc/systemd/system/sssd.service.wants/sssd-ssh.socket → /usr/lib/systemd/system/sssd-ssh.socket. 99s Created symlink /etc/systemd/system/sssd.service.wants/sssd-sudo.socket → /usr/lib/systemd/system/sssd-sudo.socket. 99s Created symlink /etc/systemd/system/multi-user.target.wants/sssd.service → /usr/lib/systemd/system/sssd.service. 99s sssd-autofs.service is a disabled or a static unit, not starting it. 99s sssd-nss.service is a disabled or a static unit, not starting it. 99s sssd-pam.service is a disabled or a static unit, not starting it. 99s sssd-ssh.service is a disabled or a static unit, not starting it. 99s sssd-sudo.service is a disabled or a static unit, not starting it. 99s Could not execute systemctl: at /usr/bin/deb-systemd-invoke line 148. 99s Setting up sssd-proxy (2.9.4-1.1ubuntu6.1) ... 99s Setting up sssd-kcm (2.9.4-1.1ubuntu6.1) ... 99s Created symlink /etc/systemd/system/sockets.target.wants/sssd-kcm.socket → /usr/lib/systemd/system/sssd-kcm.socket. 100s sssd-kcm.service is a disabled or a static unit, not starting it. 100s Setting up sssd-dbus (2.9.4-1.1ubuntu6.1) ... 100s sssd-ifp.service is a disabled or a static unit, not starting it. 100s Setting up sssd-ad-common (2.9.4-1.1ubuntu6.1) ... 100s Created symlink /etc/systemd/system/sssd.service.wants/sssd-pac.socket → /usr/lib/systemd/system/sssd-pac.socket. 101s sssd-pac.service is a disabled or a static unit, not starting it. 101s Could not execute systemctl: at /usr/bin/deb-systemd-invoke line 148. 101s Setting up sssd-krb5-common (2.9.4-1.1ubuntu6.1) ... 101s Setting up sssd-krb5 (2.9.4-1.1ubuntu6.1) ... 101s Setting up sssd-ldap (2.9.4-1.1ubuntu6.1) ... 101s Setting up sssd-ad (2.9.4-1.1ubuntu6.1) ... 101s Setting up sssd-tools (2.9.4-1.1ubuntu6.1) ... 101s Setting up sssd-ipa (2.9.4-1.1ubuntu6.1) ... 101s Setting up sssd (2.9.4-1.1ubuntu6.1) ... 101s Setting up libverto-libevent1t64:amd64 (0.3.1-1.2ubuntu3) ... 101s Setting up libverto1t64:amd64 (0.3.1-1.2ubuntu3) ... 101s Setting up libkrad0:amd64 (1.20.1-6ubuntu2.2) ... 101s Setting up sssd-passkey (2.9.4-1.1ubuntu6.1) ... 101s Setting up sssd-idp (2.9.4-1.1ubuntu6.1) ... 101s Setting up autopkgtest-satdep (0) ... 101s Processing triggers for libc-bin (2.39-0ubuntu8.3) ... 101s Processing triggers for ufw (0.36.2-6) ... 101s Processing triggers for man-db (2.12.0-4build2) ... 102s Processing triggers for dbus (1.14.10-4ubuntu4.1) ... 107s (Reading database ... 75428 files and directories currently installed.) 107s Removing autopkgtest-satdep (0) ... 107s autopkgtest [08:18:27]: test ldap-user-group-ldap-auth: [----------------------- 107s + . debian/tests/util 107s + . debian/tests/common-tests 107s + mydomain=example.com 107s + myhostname=ldap.example.com 107s + mysuffix=dc=example,dc=com 107s + admin_dn=cn=admin,dc=example,dc=com 107s + admin_pw=secret 107s + ldap_user=testuser1 107s + ldap_user_pw=testuser1secret 107s + ldap_group=ldapusers 107s + adjust_hostname ldap.example.com 107s + local myhostname=ldap.example.com 107s + echo ldap.example.com 107s + hostname ldap.example.com 107s + grep -qE ldap.example.com /etc/hosts 107s + echo 127.0.1.10 ldap.example.com 107s + reconfigure_slapd 107s + debconf-set-selections 107s + rm -rf /var/backups/*slapd* /var/backups/unknown*ldapdb 107s + dpkg-reconfigure -fnoninteractive -pcritical slapd 107s Backing up /etc/ldap/slapd.d in /var/backups/slapd-2.6.7+dfsg-1~exp1ubuntu8.1... done. 107s Moving old database directory to /var/backups: 107s - directory unknown... done. 107s Creating initial configuration... done. 107s Creating LDAP directory... done. 108s + generate_certs ldap.example.com 108s + local cn=ldap.example.com 108s + local cert=/etc/ldap/server.pem 108s + local key=/etc/ldap/server.key 108s + local cnf=/etc/ldap/openssl.cnf 108s + cat 108s + openssl req -new -x509 -nodes -out /etc/ldap/server.pem -keyout /etc/ldap/server.key -config /etc/ldap/openssl.cnf 108s ...................................................................................++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 108s .........................++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 108s ----- 108s + chmod 0640 /etc/ldap/server.key 108s + chgrp openldap /etc/ldap/server.key 108s + [ ! -f /etc/ldap/server.pem ] 108s + [ ! -f /etc/ldap/server.key ] 108s + enable_ldap_ssl 108s + cat 108s + cat 108s + ldapmodify -H ldapi:/// -Y EXTERNAL -Q 108s modifying entry "cn=config" 108s 108s + populate_ldap_rfc2307 108s + cat 108s + ldapadd -x -D cn=admin,dc=example,dc=com -w secret 108s adding new entry "ou=People,dc=example,dc=com" 108s 108s adding new entry "ou=Group,dc=example,dc=com" 108s 108s adding new entry "uid=testuser1,ou=People,dc=example,dc=com" 108s 108s adding new entry "cn=testuser1,ou=Group,dc=example,dc=com" 108s 108s adding new entry "cn=ldapusers,ou=Group,dc=example,dc=com" 108s 108s + configure_sssd_ldap_rfc2307 108s + cat 108s + chmod 0600 /etc/sssd/sssd.conf 108s + systemctl restart sssd 108s Assert local user databases do not have our LDAP test data 108s + enable_pam_mkhomedir 108s + grep -qE ^session.*pam_mkhomedir\.so /etc/pam.d/common-session 108s + echo session optional pam_mkhomedir.so 108s + run_common_tests 108s + echo Assert local user databases do not have our LDAP test data 108s + check_local_user testuser1 108s + local local_user=testuser1 108s + grep -q ^testuser1 /etc/passwd 108s + check_local_group testuser1 108s + local local_group=testuser1 108s + grep -q ^testuser1 /etc/group 108s + check_local_group ldapusers 108s + local local_group=ldapusers 108s + grep -q ^ldapusers /etc/group 108s The LDAP user is known to the system via getent 108s + echo The LDAP user is known to the system via getent 108s + check_getent_user testuser1 108s + local getent_user=testuser1 108s + local output 108s + getent passwd testuser1 108s + output=testuser1:*:10001:10001:testuser1:/home/testuser1:/bin/bash 108s + [ -z testuser1:*:10001:10001:testuser1:/home/testuser1:/bin/bash ] 108s + echo The LDAP user's private group is known to the system via getent 108s + check_getent_group testuser1 108s + local getent_group=testuser1 108s + local output 108s The LDAP user's private group is known to the system via getent 108s + getent group testuser1 108s The LDAP group ldapusers is known to the system via getent 108s + output=testuser1:*:10001:testuser1 108s + [ -z testuser1:*:10001:testuser1 ] 108s + echo The LDAP group ldapusers is known to the system via getent 108s + check_getent_group ldapusers 108s + local getent_group=ldapusers 108s + local output 108s + getent group ldapusers 108s + output=ldapusers:*:10100:testuser1 108s + [ -z ldapusers:*:10100:testuser1 ] 108s + echo The id(1) command can resolve the group membership of the LDAP user 108s + id -Gn testuser1 108s The id(1) command can resolve the group membership of the LDAP user 108s The LDAP user can login on a terminal 108s + output=testuser1 ldapusers 108s + [ testuser1 ldapusers != testuser1 ldapusers ] 108s + echo The LDAP user can login on a terminal 108s + /usr/bin/expect -f debian/tests/login.exp testuser1 testuser1secret 108s spawn login 108s ldap.example.com login: testuser1 108s Password: 108s Welcome to Ubuntu 24.04.1 LTS (GNU/Linux 6.8.0-48-generic x86_64) 108s 108s * Documentation: https://help.ubuntu.com 108s * Management: https://landscape.canonical.com 108s * Support: https://ubuntu.com/pro 108s 108s 108s The programs included with the Ubuntu system are free software; 108s the exact distribution terms for each program are described in the 108s individual files in /usr/share/doc/*/copyright. 108s 108s Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by 108s applicable law. 108s 108s 108s The programs included with the Ubuntu system are free software; 108s the exact distribution terms for each program are described in the 108s individual files in /usr/share/doc/*/copyright. 108s 108s Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by 108s applicable law. 108s 108s Creating directory '/home/testuser1'. 108s [?2004htestuser1@ldap:~$ id -un 108s [?2004l testuser1 109s [?2004htestuser1@ldap:~$ autopkgtest [08:18:29]: test ldap-user-group-ldap-auth: -----------------------] 109s autopkgtest [08:18:29]: test ldap-user-group-ldap-auth: - - - - - - - - - - results - - - - - - - - - - 109s ldap-user-group-ldap-auth PASS 109s autopkgtest [08:18:29]: test ldap-user-group-krb5-auth: preparing testbed 109s Reading package lists... 110s Building dependency tree... 110s Reading state information... 110s Starting pkgProblemResolver with broken count: 0 110s Starting 2 pkgProblemResolver with broken count: 0 110s Done 110s The following additional packages will be installed: 110s krb5-admin-server krb5-config krb5-kdc krb5-user libgssrpc4t64 110s libkadm5clnt-mit12 libkadm5srv-mit12 libkdb5-10t64 110s Suggested packages: 110s krb5-kdc-ldap krb5-kpropd krb5-k5tls krb5-doc 110s The following NEW packages will be installed: 110s autopkgtest-satdep krb5-admin-server krb5-config krb5-kdc krb5-user 110s libgssrpc4t64 libkadm5clnt-mit12 libkadm5srv-mit12 libkdb5-10t64 110s 0 upgraded, 9 newly installed, 0 to remove and 0 not upgraded. 110s Need to get 599 kB/600 kB of archives. 110s After this operation, 2119 kB of additional disk space will be used. 110s Get:1 /tmp/autopkgtest.sqpKAL/2-autopkgtest-satdep.deb autopkgtest-satdep amd64 0 [888 B] 110s Get:2 http://ftpmaster.internal/ubuntu noble/main amd64 krb5-config all 2.7 [22.0 kB] 110s Get:3 http://ftpmaster.internal/ubuntu noble-proposed/main amd64 libgssrpc4t64 amd64 1.20.1-6ubuntu2.2 [57.6 kB] 110s Get:4 http://ftpmaster.internal/ubuntu noble-proposed/main amd64 libkadm5clnt-mit12 amd64 1.20.1-6ubuntu2.2 [40.1 kB] 110s Get:5 http://ftpmaster.internal/ubuntu noble-proposed/main amd64 libkdb5-10t64 amd64 1.20.1-6ubuntu2.2 [40.3 kB] 110s Get:6 http://ftpmaster.internal/ubuntu noble-proposed/main amd64 libkadm5srv-mit12 amd64 1.20.1-6ubuntu2.2 [53.0 kB] 110s Get:7 http://ftpmaster.internal/ubuntu noble-proposed/universe amd64 krb5-user amd64 1.20.1-6ubuntu2.2 [109 kB] 110s Get:8 http://ftpmaster.internal/ubuntu noble-proposed/universe amd64 krb5-kdc amd64 1.20.1-6ubuntu2.2 [182 kB] 110s Get:9 http://ftpmaster.internal/ubuntu noble-proposed/universe amd64 krb5-admin-server amd64 1.20.1-6ubuntu2.2 [95.8 kB] 111s Preconfiguring packages ... 111s Fetched 599 kB in 0s (8656 kB/s) 111s Selecting previously unselected package krb5-config. 111s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 75428 files and directories currently installed.) 111s Preparing to unpack .../0-krb5-config_2.7_all.deb ... 111s Unpacking krb5-config (2.7) ... 111s Selecting previously unselected package libgssrpc4t64:amd64. 111s Preparing to unpack .../1-libgssrpc4t64_1.20.1-6ubuntu2.2_amd64.deb ... 111s Unpacking libgssrpc4t64:amd64 (1.20.1-6ubuntu2.2) ... 111s Selecting previously unselected package libkadm5clnt-mit12:amd64. 111s Preparing to unpack .../2-libkadm5clnt-mit12_1.20.1-6ubuntu2.2_amd64.deb ... 111s Unpacking libkadm5clnt-mit12:amd64 (1.20.1-6ubuntu2.2) ... 111s Selecting previously unselected package libkdb5-10t64:amd64. 111s Preparing to unpack .../3-libkdb5-10t64_1.20.1-6ubuntu2.2_amd64.deb ... 111s Unpacking libkdb5-10t64:amd64 (1.20.1-6ubuntu2.2) ... 111s Selecting previously unselected package libkadm5srv-mit12:amd64. 111s Preparing to unpack .../4-libkadm5srv-mit12_1.20.1-6ubuntu2.2_amd64.deb ... 111s Unpacking libkadm5srv-mit12:amd64 (1.20.1-6ubuntu2.2) ... 111s Selecting previously unselected package krb5-user. 111s Preparing to unpack .../5-krb5-user_1.20.1-6ubuntu2.2_amd64.deb ... 111s Unpacking krb5-user (1.20.1-6ubuntu2.2) ... 111s Selecting previously unselected package krb5-kdc. 111s Preparing to unpack .../6-krb5-kdc_1.20.1-6ubuntu2.2_amd64.deb ... 111s Unpacking krb5-kdc (1.20.1-6ubuntu2.2) ... 111s Selecting previously unselected package krb5-admin-server. 111s Preparing to unpack .../7-krb5-admin-server_1.20.1-6ubuntu2.2_amd64.deb ... 111s Unpacking krb5-admin-server (1.20.1-6ubuntu2.2) ... 111s Selecting previously unselected package autopkgtest-satdep. 111s Preparing to unpack .../8-2-autopkgtest-satdep.deb ... 111s Unpacking autopkgtest-satdep (0) ... 111s Setting up libgssrpc4t64:amd64 (1.20.1-6ubuntu2.2) ... 111s Setting up krb5-config (2.7) ... 111s Setting up libkadm5clnt-mit12:amd64 (1.20.1-6ubuntu2.2) ... 111s Setting up libkdb5-10t64:amd64 (1.20.1-6ubuntu2.2) ... 111s Setting up libkadm5srv-mit12:amd64 (1.20.1-6ubuntu2.2) ... 111s Setting up krb5-user (1.20.1-6ubuntu2.2) ... 111s update-alternatives: using /usr/bin/kinit.mit to provide /usr/bin/kinit (kinit) in auto mode 111s update-alternatives: using /usr/bin/klist.mit to provide /usr/bin/klist (klist) in auto mode 111s update-alternatives: using /usr/bin/kswitch.mit to provide /usr/bin/kswitch (kswitch) in auto mode 111s update-alternatives: using /usr/bin/ksu.mit to provide /usr/bin/ksu (ksu) in auto mode 111s update-alternatives: using /usr/bin/kpasswd.mit to provide /usr/bin/kpasswd (kpasswd) in auto mode 111s update-alternatives: using /usr/bin/kdestroy.mit to provide /usr/bin/kdestroy (kdestroy) in auto mode 111s update-alternatives: using /usr/bin/kadmin.mit to provide /usr/bin/kadmin (kadmin) in auto mode 111s update-alternatives: using /usr/bin/ktutil.mit to provide /usr/bin/ktutil (ktutil) in auto mode 111s Setting up krb5-kdc (1.20.1-6ubuntu2.2) ... 112s Created symlink /etc/systemd/system/multi-user.target.wants/krb5-kdc.service → /usr/lib/systemd/system/krb5-kdc.service. 112s Could not execute systemctl: at /usr/bin/deb-systemd-invoke line 148. 112s Setting up krb5-admin-server (1.20.1-6ubuntu2.2) ... 113s Created symlink /etc/systemd/system/multi-user.target.wants/krb5-admin-server.service → /usr/lib/systemd/system/krb5-admin-server.service. 113s Setting up autopkgtest-satdep (0) ... 113s Processing triggers for man-db (2.12.0-4build2) ... 114s Processing triggers for libc-bin (2.39-0ubuntu8.3) ... 117s (Reading database ... 75523 files and directories currently installed.) 117s Removing autopkgtest-satdep (0) ... 117s autopkgtest [08:18:37]: test ldap-user-group-krb5-auth: [----------------------- 117s + . debian/tests/util 117s + . debian/tests/common-tests 117s + mydomain=example.com 117s + myhostname=ldap.example.com 117s + mysuffix=dc=example,dc=com 117s + myrealm=EXAMPLE.COM 117s + admin_dn=cn=admin,dc=example,dc=com 117s + admin_pw=secret 117s + ldap_user=testuser1 117s + ldap_user_pw=testuser1secret 117s + kerberos_principal_pw=testuser1kerberos 117s + ldap_group=ldapusers 117s + adjust_hostname ldap.example.com 117s + local myhostname=ldap.example.com 117s + echo ldap.example.com 117s + hostname ldap.example.com 117s + grep -qE ldap.example.com /etc/hosts 117s + reconfigure_slapd 117s + debconf-set-selections 117s + rm -rf /var/backups/slapd-2.6.7+dfsg-1~exp1ubuntu8.1 /var/backups/unknown-2.6.7+dfsg-1~exp1ubuntu8.1-20241116-081828.ldapdb 117s + dpkg-reconfigure -fnoninteractive -pcritical slapd 118s Backing up /etc/ldap/slapd.d in /var/backups/slapd-2.6.7+dfsg-1~exp1ubuntu8.1... done. 118s Moving old database directory to /var/backups: 118s - directory unknown... done. 118s Creating initial configuration... done. 118s Creating LDAP directory... done. 118s + generate_certs ldap.example.com 118s + local cn=ldap.example.com 118s + local cert=/etc/ldap/server.pem 118s + local key=/etc/ldap/server.key 118s + local cnf=/etc/ldap/openssl.cnf 118s + cat 118s + openssl req -new -x509 -nodes -out /etc/ldap/server.pem -keyout /etc/ldap/server.key -config /etc/ldap/openssl.cnf 118s ............................++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 118s ...........................++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 118s ----- 118s + chmod 0640 /etc/ldap/server.key 118s + chgrp openldap /etc/ldap/server.key 118s + [ ! -f /etc/ldap/server.pem ] 118s + [ ! -f /etc/ldap/server.key ] 118s + enable_ldap_ssl 118s + cat 118s + cat 118s + ldapmodify -H ldapi:/// -Y EXTERNAL -Q 118s modifying entry "cn=config" 118s 118s + populate_ldap_rfc2307 118s + cat 118s + ldapadd -x -D cn=admin,dc=example,dc=com -w secret 118s adding new entry "ou=People,dc=example,dc=com" 118s 118s adding new entry "ou=Group,dc=example,dc=com" 118s 118s adding new entry "uid=testuser1,ou=People,dc=example,dc=com" 118s 118s adding new entry "cn=testuser1,ou=Group,dc=example,dc=com" 118s 118s adding new entry "cn=ldapusers,ou=Group,dc=example,dc=com" 118s 118s + create_realm EXAMPLE.COM ldap.example.com 118s + local realm_name=EXAMPLE.COM 118s + local kerberos_server=ldap.example.com 118s + rm -rf /var/lib/krb5kdc/* 118s + rm -rf /etc/krb5kdc/kdc.conf 118s + rm -f /etc/krb5.keytab 118s + cat 118s + cat 118s + echo # */admin * 118s + kdb5_util create -s -P secretpassword 118s Initializing database '/var/lib/krb5kdc/principal' for realm 'EXAMPLE.COM', 118s master key name 'K/M@EXAMPLE.COM' 118s + systemctl restart krb5-kdc.service krb5-admin-server.service 118s + create_krb_principal testuser1 testuser1kerberos 118s + local principal=testuser1 118s + local password=testuser1kerberos 118s + kadmin.local -q addprinc -pw testuser1kerberos testuser1 118s No policy specified for testuser1@EXAMPLE.COM; defaulting to no policy 118s Authenticating as principal root/admin@EXAMPLE.COM with password. 118s Principal "testuser1@EXAMPLE.COM" created. 118s + configure_sssd_ldap_rfc2307_krb5_auth 118s + cat 118s + chmod 0600 /etc/sssd/sssd.conf 118s + systemctl restart sssd 118s + enable_pam_mkhomedir 118s + grep -qE ^session.*pam_mkhomedir\.so /etc/pam.d/common-session 118s Assert local user databases do not have our LDAP test data 118s + run_common_tests 118s + echo Assert local user databases do not have our LDAP test data 118s + check_local_user testuser1 118s + local local_user=testuser1 118s + grep -q ^testuser1 /etc/passwd 118s + check_local_group testuser1 118s + local local_group=testuser1 118s + grep -q ^testuser1 /etc/group 118s + check_local_group ldapusers 118s + local local_group=ldapusers 118s + grep -q ^ldapusers /etc/group 118s The LDAP user is known to the system via getent 118s + echo The LDAP user is known to the system via getent 118s + check_getent_user testuser1 118s + local getent_user=testuser1 118s + local output 118s + getent passwd testuser1 118s + output=testuser1:*:10001:10001:testuser1:/home/testuser1:/bin/bash 118s + [The LDAP user's private group is known to the system via getent 118s -z testuser1:*:10001:10001:testuser1:/home/testuser1:/bin/bash ] 118s + echo The LDAP user's private group is known to the system via getent 118s + check_getent_group testuser1 118s + local getent_group=testuser1 118s + local output 118s + getent group testuser1 118s + The LDAP group ldapusers is known to the system via getent 118s output=testuser1:*:10001:testuser1 118s + [ -z testuser1:*:10001:testuser1 ] 118s + echo The LDAP group ldapusers is known to the system via getent 118s + check_getent_group ldapusers 118s + local getent_group=ldapusers 118s + local output 118s + getent group ldapusers 119s + The id(1) command can resolve the group membership of the LDAP user 119s output=ldapusers:*:10100:testuser1 119s + [ -z ldapusers:*:10100:testuser1 ] 119s + echo The id(1) command can resolve the group membership of the LDAP user 119s + id -Gn testuser1 119s The Kerberos principal can login on a terminal 119s + output=testuser1 ldapusers 119s + [ testuser1 ldapusers != testuser1 ldapusers ] 119s + echo The Kerberos principal can login on a terminal 119s + kdestroy 119s + /usr/bin/expect -f debian/tests/login.exp testuser1 testuser1kerberos testuser1@EXAMPLE.COM 119s spawn login 119s ldap.example.com login: testuser1 119s Password: 119s Welcome to Ubuntu 24.04.1 LTS (GNU/Linux 6.8.0-48-generic x86_64) 119s 119s * Documentation: https://help.ubuntu.com 119s * Management: https://landscape.canonical.com 119s * Support: https://ubuntu.com/pro 119s 119s 119s The programs included with the Ubuntu system are free software; 119s the exact distribution terms for each program are described in the 119s individual files in /usr/share/doc/*/copyright. 119s 119s Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by 119s applicable law. 119s 119s [?2004htestuser1@ldap:~$ id -un 119s [?2004l testuser1 119s [?2004htestuser1@ldap:~$ klist 119s [?2004l Ticket cache: FILE:/tmp/krb5cc_10001_jyBOmE 119s Default principal: testuser1@EXAMPLE.COM 119s 119s Valid starting Expires Service principal 119s 11/16/24 08:18:39 11/16/24 18:18:39 krbtgt/EXAMPLE.COM@EXAMPLE.COM 119s renew until 11/17/24 08:18:39 119s autopkgtest [08:18:39]: test ldap-user-group-krb5-auth: -----------------------] 119s ldap-user-group-krb5-auth PASS 119s autopkgtest [08:18:39]: test ldap-user-group-krb5-auth: - - - - - - - - - - results - - - - - - - - - - 119s autopkgtest [08:18:39]: test sssd-softhism2-certificates-tests.sh: preparing testbed 166s autopkgtest [08:19:26]: testbed dpkg architecture: amd64 167s autopkgtest [08:19:27]: testbed apt version: 2.7.14build2 167s autopkgtest [08:19:27]: @@@@@@@@@@@@@@@@@@@@ test bed setup 167s Get:1 http://ftpmaster.internal/ubuntu noble-proposed InRelease [265 kB] 167s Get:2 http://ftpmaster.internal/ubuntu noble-proposed/restricted Sources [3240 B] 167s Get:3 http://ftpmaster.internal/ubuntu noble-proposed/main Sources [79.1 kB] 167s Get:4 http://ftpmaster.internal/ubuntu noble-proposed/universe Sources [88.3 kB] 167s Get:5 http://ftpmaster.internal/ubuntu noble-proposed/main amd64 Packages [188 kB] 167s Get:6 http://ftpmaster.internal/ubuntu noble-proposed/main i386 Packages [128 kB] 167s Get:7 http://ftpmaster.internal/ubuntu noble-proposed/main amd64 c-n-f Metadata [3768 B] 167s Get:8 http://ftpmaster.internal/ubuntu noble-proposed/restricted amd64 Packages [52.6 kB] 167s Get:9 http://ftpmaster.internal/ubuntu noble-proposed/restricted i386 Packages [1176 B] 167s Get:10 http://ftpmaster.internal/ubuntu noble-proposed/restricted amd64 c-n-f Metadata [360 B] 167s Get:11 http://ftpmaster.internal/ubuntu noble-proposed/universe amd64 Packages [665 kB] 167s Get:12 http://ftpmaster.internal/ubuntu noble-proposed/universe i386 Packages [511 kB] 167s Get:13 http://ftpmaster.internal/ubuntu noble-proposed/universe amd64 c-n-f Metadata [10.7 kB] 167s Get:14 http://ftpmaster.internal/ubuntu noble-proposed/multiverse amd64 c-n-f Metadata [344 B] 169s Fetched 1996 kB in 0s (5822 kB/s) 169s Reading package lists... 170s Reading package lists... 171s Building dependency tree... 171s Reading state information... 171s Calculating upgrade... 171s The following packages will be upgraded: 171s krb5-locales libacl1 libaudit-common libaudit1 libgssapi-krb5-2 libk5crypto3 171s libkrb5-3 libkrb5support0 libldap-common libldap2 libnss-systemd 171s libpam-systemd libsystemd-shared libsystemd0 libudev1 openssh-client 171s openssh-server openssh-sftp-server systemd systemd-dev systemd-resolved 171s systemd-sysv systemd-timesyncd udev vim-common vim-tiny xxd 171s 27 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 171s Need to get 12.5 MB of archives. 171s After this operation, 9216 B of additional disk space will be used. 171s Get:1 http://ftpmaster.internal/ubuntu noble-proposed/main amd64 libnss-systemd amd64 255.4-1ubuntu8.5 [159 kB] 171s Get:2 http://ftpmaster.internal/ubuntu noble-proposed/main amd64 systemd-dev all 255.4-1ubuntu8.5 [104 kB] 171s Get:3 http://ftpmaster.internal/ubuntu noble-proposed/main amd64 libacl1 amd64 2.3.2-1build1.1 [16.8 kB] 171s Get:4 http://ftpmaster.internal/ubuntu noble-proposed/main amd64 systemd-timesyncd amd64 255.4-1ubuntu8.5 [35.3 kB] 171s Get:5 http://ftpmaster.internal/ubuntu noble-proposed/main amd64 systemd-resolved amd64 255.4-1ubuntu8.5 [296 kB] 171s Get:6 http://ftpmaster.internal/ubuntu noble-proposed/main amd64 libsystemd-shared amd64 255.4-1ubuntu8.5 [2069 kB] 171s Get:7 http://ftpmaster.internal/ubuntu noble-proposed/main amd64 libsystemd0 amd64 255.4-1ubuntu8.5 [433 kB] 171s Get:8 http://ftpmaster.internal/ubuntu noble-proposed/main amd64 systemd-sysv amd64 255.4-1ubuntu8.5 [11.9 kB] 171s Get:9 http://ftpmaster.internal/ubuntu noble-proposed/main amd64 libpam-systemd amd64 255.4-1ubuntu8.5 [235 kB] 171s Get:10 http://ftpmaster.internal/ubuntu noble-proposed/main amd64 systemd amd64 255.4-1ubuntu8.5 [3471 kB] 171s Get:11 http://ftpmaster.internal/ubuntu noble-proposed/main amd64 udev amd64 255.4-1ubuntu8.5 [1874 kB] 171s Get:12 http://ftpmaster.internal/ubuntu noble-proposed/main amd64 libudev1 amd64 255.4-1ubuntu8.5 [175 kB] 171s Get:13 http://ftpmaster.internal/ubuntu noble-proposed/main amd64 libaudit-common all 1:3.1.2-2.1build1.1 [5824 B] 171s Get:14 http://ftpmaster.internal/ubuntu noble-proposed/main amd64 libaudit1 amd64 1:3.1.2-2.1build1.1 [47.0 kB] 171s Get:15 http://ftpmaster.internal/ubuntu noble-proposed/main amd64 libgssapi-krb5-2 amd64 1.20.1-6ubuntu2.2 [143 kB] 171s Get:16 http://ftpmaster.internal/ubuntu noble-proposed/main amd64 libkrb5-3 amd64 1.20.1-6ubuntu2.2 [347 kB] 171s Get:17 http://ftpmaster.internal/ubuntu noble-proposed/main amd64 libkrb5support0 amd64 1.20.1-6ubuntu2.2 [33.7 kB] 171s Get:18 http://ftpmaster.internal/ubuntu noble-proposed/main amd64 libk5crypto3 amd64 1.20.1-6ubuntu2.2 [81.8 kB] 171s Get:19 http://ftpmaster.internal/ubuntu noble-proposed/main amd64 openssh-sftp-server amd64 1:9.6p1-3ubuntu13.7 [37.3 kB] 171s Get:20 http://ftpmaster.internal/ubuntu noble-proposed/main amd64 openssh-server amd64 1:9.6p1-3ubuntu13.7 [509 kB] 171s Get:21 http://ftpmaster.internal/ubuntu noble-proposed/main amd64 openssh-client amd64 1:9.6p1-3ubuntu13.7 [905 kB] 171s Get:22 http://ftpmaster.internal/ubuntu noble-proposed/main amd64 krb5-locales all 1.20.1-6ubuntu2.2 [14.0 kB] 171s Get:23 http://ftpmaster.internal/ubuntu noble-updates/main amd64 vim-tiny amd64 2:9.1.0016-1ubuntu7.4 [803 kB] 171s Get:24 http://ftpmaster.internal/ubuntu noble-updates/main amd64 vim-common all 2:9.1.0016-1ubuntu7.4 [385 kB] 171s Get:25 http://ftpmaster.internal/ubuntu noble-updates/main amd64 xxd amd64 2:9.1.0016-1ubuntu7.4 [63.1 kB] 171s Get:26 http://ftpmaster.internal/ubuntu noble-proposed/main amd64 libldap-common all 2.6.7+dfsg-1~exp1ubuntu8.1 [31.5 kB] 171s Get:27 http://ftpmaster.internal/ubuntu noble-proposed/main amd64 libldap2 amd64 2.6.7+dfsg-1~exp1ubuntu8.1 [195 kB] 172s Preconfiguring packages ... 172s Fetched 12.5 MB in 0s (110 MB/s) 172s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 74137 files and directories currently installed.) 172s Preparing to unpack .../libnss-systemd_255.4-1ubuntu8.5_amd64.deb ... 172s Unpacking libnss-systemd:amd64 (255.4-1ubuntu8.5) over (255.4-1ubuntu8.4) ... 172s Preparing to unpack .../systemd-dev_255.4-1ubuntu8.5_all.deb ... 172s Unpacking systemd-dev (255.4-1ubuntu8.5) over (255.4-1ubuntu8.4) ... 172s Preparing to unpack .../libacl1_2.3.2-1build1.1_amd64.deb ... 172s Unpacking libacl1:amd64 (2.3.2-1build1.1) over (2.3.2-1build1) ... 172s Setting up libacl1:amd64 (2.3.2-1build1.1) ... 172s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 74137 files and directories currently installed.) 172s Preparing to unpack .../systemd-timesyncd_255.4-1ubuntu8.5_amd64.deb ... 172s Unpacking systemd-timesyncd (255.4-1ubuntu8.5) over (255.4-1ubuntu8.4) ... 172s Preparing to unpack .../systemd-resolved_255.4-1ubuntu8.5_amd64.deb ... 172s Unpacking systemd-resolved (255.4-1ubuntu8.5) over (255.4-1ubuntu8.4) ... 172s Preparing to unpack .../libsystemd-shared_255.4-1ubuntu8.5_amd64.deb ... 172s Unpacking libsystemd-shared:amd64 (255.4-1ubuntu8.5) over (255.4-1ubuntu8.4) ... 172s Preparing to unpack .../libsystemd0_255.4-1ubuntu8.5_amd64.deb ... 172s Unpacking libsystemd0:amd64 (255.4-1ubuntu8.5) over (255.4-1ubuntu8.4) ... 172s Setting up libsystemd0:amd64 (255.4-1ubuntu8.5) ... 172s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 74137 files and directories currently installed.) 172s Preparing to unpack .../systemd-sysv_255.4-1ubuntu8.5_amd64.deb ... 172s Unpacking systemd-sysv (255.4-1ubuntu8.5) over (255.4-1ubuntu8.4) ... 172s Preparing to unpack .../libpam-systemd_255.4-1ubuntu8.5_amd64.deb ... 172s Unpacking libpam-systemd:amd64 (255.4-1ubuntu8.5) over (255.4-1ubuntu8.4) ... 173s Preparing to unpack .../systemd_255.4-1ubuntu8.5_amd64.deb ... 173s Unpacking systemd (255.4-1ubuntu8.5) over (255.4-1ubuntu8.4) ... 173s Preparing to unpack .../udev_255.4-1ubuntu8.5_amd64.deb ... 173s Unpacking udev (255.4-1ubuntu8.5) over (255.4-1ubuntu8.4) ... 173s Preparing to unpack .../libudev1_255.4-1ubuntu8.5_amd64.deb ... 173s Unpacking libudev1:amd64 (255.4-1ubuntu8.5) over (255.4-1ubuntu8.4) ... 173s Setting up libudev1:amd64 (255.4-1ubuntu8.5) ... 173s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 74137 files and directories currently installed.) 173s Preparing to unpack .../libaudit-common_1%3a3.1.2-2.1build1.1_all.deb ... 173s Unpacking libaudit-common (1:3.1.2-2.1build1.1) over (1:3.1.2-2.1build1) ... 173s Setting up libaudit-common (1:3.1.2-2.1build1.1) ... 173s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 74137 files and directories currently installed.) 173s Preparing to unpack .../libaudit1_1%3a3.1.2-2.1build1.1_amd64.deb ... 173s Unpacking libaudit1:amd64 (1:3.1.2-2.1build1.1) over (1:3.1.2-2.1build1) ... 173s Setting up libaudit1:amd64 (1:3.1.2-2.1build1.1) ... 173s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 74137 files and directories currently installed.) 173s Preparing to unpack .../00-libgssapi-krb5-2_1.20.1-6ubuntu2.2_amd64.deb ... 173s Unpacking libgssapi-krb5-2:amd64 (1.20.1-6ubuntu2.2) over (1.20.1-6ubuntu2.1) ... 173s Preparing to unpack .../01-libkrb5-3_1.20.1-6ubuntu2.2_amd64.deb ... 173s Unpacking libkrb5-3:amd64 (1.20.1-6ubuntu2.2) over (1.20.1-6ubuntu2.1) ... 173s Preparing to unpack .../02-libkrb5support0_1.20.1-6ubuntu2.2_amd64.deb ... 173s Unpacking libkrb5support0:amd64 (1.20.1-6ubuntu2.2) over (1.20.1-6ubuntu2.1) ... 173s Preparing to unpack .../03-libk5crypto3_1.20.1-6ubuntu2.2_amd64.deb ... 173s Unpacking libk5crypto3:amd64 (1.20.1-6ubuntu2.2) over (1.20.1-6ubuntu2.1) ... 173s Preparing to unpack .../04-openssh-sftp-server_1%3a9.6p1-3ubuntu13.7_amd64.deb ... 173s Unpacking openssh-sftp-server (1:9.6p1-3ubuntu13.7) over (1:9.6p1-3ubuntu13.5) ... 173s Preparing to unpack .../05-openssh-server_1%3a9.6p1-3ubuntu13.7_amd64.deb ... 173s Unpacking openssh-server (1:9.6p1-3ubuntu13.7) over (1:9.6p1-3ubuntu13.5) ... 173s Preparing to unpack .../06-openssh-client_1%3a9.6p1-3ubuntu13.7_amd64.deb ... 173s Unpacking openssh-client (1:9.6p1-3ubuntu13.7) over (1:9.6p1-3ubuntu13.5) ... 174s Preparing to unpack .../07-krb5-locales_1.20.1-6ubuntu2.2_all.deb ... 174s Unpacking krb5-locales (1.20.1-6ubuntu2.2) over (1.20.1-6ubuntu2.1) ... 174s Preparing to unpack .../08-vim-tiny_2%3a9.1.0016-1ubuntu7.4_amd64.deb ... 174s Unpacking vim-tiny (2:9.1.0016-1ubuntu7.4) over (2:9.1.0016-1ubuntu7.3) ... 174s Preparing to unpack .../09-vim-common_2%3a9.1.0016-1ubuntu7.4_all.deb ... 174s Unpacking vim-common (2:9.1.0016-1ubuntu7.4) over (2:9.1.0016-1ubuntu7.3) ... 174s Preparing to unpack .../10-xxd_2%3a9.1.0016-1ubuntu7.4_amd64.deb ... 174s Unpacking xxd (2:9.1.0016-1ubuntu7.4) over (2:9.1.0016-1ubuntu7.3) ... 174s Preparing to unpack .../11-libldap-common_2.6.7+dfsg-1~exp1ubuntu8.1_all.deb ... 174s Unpacking libldap-common (2.6.7+dfsg-1~exp1ubuntu8.1) over (2.6.7+dfsg-1~exp1ubuntu8) ... 174s Preparing to unpack .../12-libldap2_2.6.7+dfsg-1~exp1ubuntu8.1_amd64.deb ... 174s Unpacking libldap2:amd64 (2.6.7+dfsg-1~exp1ubuntu8.1) over (2.6.7+dfsg-1~exp1ubuntu8) ... 174s Setting up systemd-dev (255.4-1ubuntu8.5) ... 174s Setting up krb5-locales (1.20.1-6ubuntu2.2) ... 174s Setting up libldap-common (2.6.7+dfsg-1~exp1ubuntu8.1) ... 174s Setting up xxd (2:9.1.0016-1ubuntu7.4) ... 174s Setting up libkrb5support0:amd64 (1.20.1-6ubuntu2.2) ... 174s Setting up vim-common (2:9.1.0016-1ubuntu7.4) ... 174s Setting up libsystemd-shared:amd64 (255.4-1ubuntu8.5) ... 174s Setting up libk5crypto3:amd64 (1.20.1-6ubuntu2.2) ... 174s Setting up libkrb5-3:amd64 (1.20.1-6ubuntu2.2) ... 174s Setting up libldap2:amd64 (2.6.7+dfsg-1~exp1ubuntu8.1) ... 174s Setting up systemd (255.4-1ubuntu8.5) ... 174s Setting up vim-tiny (2:9.1.0016-1ubuntu7.4) ... 174s Setting up systemd-timesyncd (255.4-1ubuntu8.5) ... 175s Setting up libgssapi-krb5-2:amd64 (1.20.1-6ubuntu2.2) ... 175s Setting up udev (255.4-1ubuntu8.5) ... 175s Setting up systemd-resolved (255.4-1ubuntu8.5) ... 176s Setting up systemd-sysv (255.4-1ubuntu8.5) ... 176s Setting up openssh-client (1:9.6p1-3ubuntu13.7) ... 176s Setting up libnss-systemd:amd64 (255.4-1ubuntu8.5) ... 176s Setting up libpam-systemd:amd64 (255.4-1ubuntu8.5) ... 176s Setting up openssh-sftp-server (1:9.6p1-3ubuntu13.7) ... 176s Setting up openssh-server (1:9.6p1-3ubuntu13.7) ... 176s Replacing config file /etc/ssh/sshd_config with new version 177s Processing triggers for ufw (0.36.2-6) ... 177s Processing triggers for man-db (2.12.0-4build2) ... 179s Processing triggers for dbus (1.14.10-4ubuntu4.1) ... 179s Processing triggers for initramfs-tools (0.142ubuntu25.4) ... 179s update-initramfs: Generating /boot/initrd.img-6.8.0-48-generic 179s W: No lz4 in /usr/bin:/sbin:/bin, using gzip 187s Processing triggers for libc-bin (2.39-0ubuntu8.3) ... 187s Reading package lists... 188s Building dependency tree... 188s Reading state information... 188s 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 188s Hit:1 http://ftpmaster.internal/ubuntu noble-proposed InRelease 188s Hit:2 http://ftpmaster.internal/ubuntu noble InRelease 188s Hit:3 http://ftpmaster.internal/ubuntu noble-updates InRelease 188s Hit:4 http://ftpmaster.internal/ubuntu noble-security InRelease 189s Reading package lists... 189s Reading package lists... 190s Building dependency tree... 190s Reading state information... 190s Calculating upgrade... 190s 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 190s Reading package lists... 190s Building dependency tree... 190s Reading state information... 191s 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 191s autopkgtest [08:19:51]: rebooting testbed after setup commands that affected boot 194s autopkgtest-virt-ssh: WARNING: ssh connection failed. Retrying in 3 seconds... 207s Reading package lists... 208s Building dependency tree... 208s Reading state information... 208s Starting pkgProblemResolver with broken count: 0 208s Starting 2 pkgProblemResolver with broken count: 0 208s Done 208s The following additional packages will be installed: 208s gnutls-bin libavahi-client3 libavahi-common-data libavahi-common3 208s libbasicobjects0t64 libcares2 libcollection4t64 libcrack2 libdhash1t64 208s libevent-2.1-7t64 libgnutls-dane0t64 libini-config5t64 libipa-hbac0t64 208s libldb2 libnfsidmap1 libnss-sss libpam-pwquality libpam-sss 208s libpath-utils1t64 libpwquality-common libpwquality1 libref-array1t64 208s libsmbclient0 libsofthsm2 libsss-certmap0 libsss-idmap0 libsss-nss-idmap0 208s libtalloc2 libtdb1 libtevent0t64 libunbound8 libwbclient0 python3-sss 208s samba-libs softhsm2 softhsm2-common sssd sssd-ad sssd-ad-common sssd-common 208s sssd-ipa sssd-krb5 sssd-krb5-common sssd-ldap sssd-proxy 208s Suggested packages: 208s dns-root-data adcli libsss-sudo sssd-tools libsasl2-modules-ldap 208s Recommended packages: 208s cracklib-runtime libsasl2-modules-gssapi-mit 208s | libsasl2-modules-gssapi-heimdal ldap-utils 208s The following NEW packages will be installed: 208s autopkgtest-satdep gnutls-bin libavahi-client3 libavahi-common-data 208s libavahi-common3 libbasicobjects0t64 libcares2 libcollection4t64 libcrack2 208s libdhash1t64 libevent-2.1-7t64 libgnutls-dane0t64 libini-config5t64 208s libipa-hbac0t64 libldb2 libnfsidmap1 libnss-sss libpam-pwquality libpam-sss 208s libpath-utils1t64 libpwquality-common libpwquality1 libref-array1t64 208s libsmbclient0 libsofthsm2 libsss-certmap0 libsss-idmap0 libsss-nss-idmap0 208s libtalloc2 libtdb1 libtevent0t64 libunbound8 libwbclient0 python3-sss 208s samba-libs softhsm2 softhsm2-common sssd sssd-ad sssd-ad-common sssd-common 208s sssd-ipa sssd-krb5 sssd-krb5-common sssd-ldap sssd-proxy 208s 0 upgraded, 46 newly installed, 0 to remove and 0 not upgraded. 208s Need to get 10.1 MB/10.1 MB of archives. 208s After this operation, 39.2 MB of additional disk space will be used. 208s Get:1 /tmp/autopkgtest.sqpKAL/3-autopkgtest-satdep.deb autopkgtest-satdep amd64 0 [744 B] 208s Get:2 http://ftpmaster.internal/ubuntu noble/main amd64 libevent-2.1-7t64 amd64 2.1.12-stable-9ubuntu2 [145 kB] 208s Get:3 http://ftpmaster.internal/ubuntu noble-updates/main amd64 libunbound8 amd64 1.19.2-1ubuntu3.3 [442 kB] 208s Get:4 http://ftpmaster.internal/ubuntu noble-updates/main amd64 libgnutls-dane0t64 amd64 3.8.3-1.1ubuntu3.2 [23.5 kB] 208s Get:5 http://ftpmaster.internal/ubuntu noble-updates/universe amd64 gnutls-bin amd64 3.8.3-1.1ubuntu3.2 [270 kB] 208s Get:6 http://ftpmaster.internal/ubuntu noble/main amd64 libavahi-common-data amd64 0.8-13ubuntu6 [29.7 kB] 208s Get:7 http://ftpmaster.internal/ubuntu noble/main amd64 libavahi-common3 amd64 0.8-13ubuntu6 [23.3 kB] 208s Get:8 http://ftpmaster.internal/ubuntu noble/main amd64 libavahi-client3 amd64 0.8-13ubuntu6 [26.8 kB] 208s Get:9 http://ftpmaster.internal/ubuntu noble/main amd64 libbasicobjects0t64 amd64 0.6.2-2.1build1 [5854 B] 208s Get:10 http://ftpmaster.internal/ubuntu noble/main amd64 libcares2 amd64 1.27.0-1.0ubuntu1 [73.7 kB] 208s Get:11 http://ftpmaster.internal/ubuntu noble/main amd64 libcollection4t64 amd64 0.6.2-2.1build1 [22.8 kB] 208s Get:12 http://ftpmaster.internal/ubuntu noble/main amd64 libcrack2 amd64 2.9.6-5.1build2 [29.0 kB] 208s Get:13 http://ftpmaster.internal/ubuntu noble/main amd64 libdhash1t64 amd64 0.6.2-2.1build1 [8614 B] 208s Get:14 http://ftpmaster.internal/ubuntu noble/main amd64 libpath-utils1t64 amd64 0.6.2-2.1build1 [8744 B] 208s Get:15 http://ftpmaster.internal/ubuntu noble/main amd64 libref-array1t64 amd64 0.6.2-2.1build1 [7420 B] 208s Get:16 http://ftpmaster.internal/ubuntu noble/main amd64 libini-config5t64 amd64 0.6.2-2.1build1 [43.5 kB] 208s Get:17 http://ftpmaster.internal/ubuntu noble-updates/main amd64 libipa-hbac0t64 amd64 2.9.4-1.1ubuntu6.1 [17.6 kB] 208s Get:18 http://ftpmaster.internal/ubuntu noble/main amd64 libtalloc2 amd64 2.4.2-1build2 [27.3 kB] 208s Get:19 http://ftpmaster.internal/ubuntu noble/main amd64 libtdb1 amd64 1.4.10-1build1 [46.8 kB] 208s Get:20 http://ftpmaster.internal/ubuntu noble/main amd64 libtevent0t64 amd64 0.16.1-2build1 [42.6 kB] 208s Get:21 http://ftpmaster.internal/ubuntu noble/main amd64 libldb2 amd64 2:2.8.0+samba4.19.5+dfsg-4ubuntu9 [187 kB] 208s Get:22 http://ftpmaster.internal/ubuntu noble/main amd64 libnfsidmap1 amd64 1:2.6.4-3ubuntu5 [48.2 kB] 208s Get:23 http://ftpmaster.internal/ubuntu noble/main amd64 libpwquality-common all 1.4.5-3build1 [7748 B] 208s Get:24 http://ftpmaster.internal/ubuntu noble/main amd64 libpwquality1 amd64 1.4.5-3build1 [13.5 kB] 208s Get:25 http://ftpmaster.internal/ubuntu noble/main amd64 libpam-pwquality amd64 1.4.5-3build1 [11.7 kB] 208s Get:26 http://ftpmaster.internal/ubuntu noble/main amd64 libwbclient0 amd64 2:4.19.5+dfsg-4ubuntu9 [70.6 kB] 208s Get:27 http://ftpmaster.internal/ubuntu noble/main amd64 samba-libs amd64 2:4.19.5+dfsg-4ubuntu9 [6017 kB] 208s Get:28 http://ftpmaster.internal/ubuntu noble/main amd64 libsmbclient0 amd64 2:4.19.5+dfsg-4ubuntu9 [62.4 kB] 208s Get:29 http://ftpmaster.internal/ubuntu noble/universe amd64 softhsm2-common amd64 2.6.1-2.2ubuntu3 [6198 B] 208s Get:30 http://ftpmaster.internal/ubuntu noble/universe amd64 libsofthsm2 amd64 2.6.1-2.2ubuntu3 [266 kB] 209s Get:31 http://ftpmaster.internal/ubuntu noble/universe amd64 softhsm2 amd64 2.6.1-2.2ubuntu3 [175 kB] 209s Get:32 http://ftpmaster.internal/ubuntu noble-updates/main amd64 python3-sss amd64 2.9.4-1.1ubuntu6.1 [47.3 kB] 209s Get:33 http://ftpmaster.internal/ubuntu noble-updates/main amd64 libsss-idmap0 amd64 2.9.4-1.1ubuntu6.1 [21.9 kB] 209s Get:34 http://ftpmaster.internal/ubuntu noble-updates/main amd64 libnss-sss amd64 2.9.4-1.1ubuntu6.1 [31.7 kB] 209s Get:35 http://ftpmaster.internal/ubuntu noble-updates/main amd64 libpam-sss amd64 2.9.4-1.1ubuntu6.1 [50.5 kB] 209s Get:36 http://ftpmaster.internal/ubuntu noble-updates/main amd64 libsss-certmap0 amd64 2.9.4-1.1ubuntu6.1 [47.3 kB] 209s Get:37 http://ftpmaster.internal/ubuntu noble-updates/main amd64 libsss-nss-idmap0 amd64 2.9.4-1.1ubuntu6.1 [30.5 kB] 209s Get:38 http://ftpmaster.internal/ubuntu noble-updates/main amd64 sssd-common amd64 2.9.4-1.1ubuntu6.1 [1139 kB] 209s Get:39 http://ftpmaster.internal/ubuntu noble-updates/main amd64 sssd-ad-common amd64 2.9.4-1.1ubuntu6.1 [77.1 kB] 209s Get:40 http://ftpmaster.internal/ubuntu noble-updates/main amd64 sssd-krb5-common amd64 2.9.4-1.1ubuntu6.1 [88.8 kB] 209s Get:41 http://ftpmaster.internal/ubuntu noble-updates/main amd64 sssd-ad amd64 2.9.4-1.1ubuntu6.1 [136 kB] 209s Get:42 http://ftpmaster.internal/ubuntu noble-updates/main amd64 sssd-ipa amd64 2.9.4-1.1ubuntu6.1 [221 kB] 209s Get:43 http://ftpmaster.internal/ubuntu noble-updates/main amd64 sssd-krb5 amd64 2.9.4-1.1ubuntu6.1 [14.5 kB] 209s Get:44 http://ftpmaster.internal/ubuntu noble-updates/main amd64 sssd-ldap amd64 2.9.4-1.1ubuntu6.1 [31.3 kB] 209s Get:45 http://ftpmaster.internal/ubuntu noble-updates/main amd64 sssd-proxy amd64 2.9.4-1.1ubuntu6.1 [44.6 kB] 209s Get:46 http://ftpmaster.internal/ubuntu noble-updates/main amd64 sssd amd64 2.9.4-1.1ubuntu6.1 [4122 B] 209s Fetched 10.1 MB in 0s (68.5 MB/s) 209s Selecting previously unselected package libevent-2.1-7t64:amd64. 209s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 74137 files and directories currently installed.) 209s Preparing to unpack .../00-libevent-2.1-7t64_2.1.12-stable-9ubuntu2_amd64.deb ... 209s Unpacking libevent-2.1-7t64:amd64 (2.1.12-stable-9ubuntu2) ... 209s Selecting previously unselected package libunbound8:amd64. 209s Preparing to unpack .../01-libunbound8_1.19.2-1ubuntu3.3_amd64.deb ... 209s Unpacking libunbound8:amd64 (1.19.2-1ubuntu3.3) ... 209s Selecting previously unselected package libgnutls-dane0t64:amd64. 209s Preparing to unpack .../02-libgnutls-dane0t64_3.8.3-1.1ubuntu3.2_amd64.deb ... 209s Unpacking libgnutls-dane0t64:amd64 (3.8.3-1.1ubuntu3.2) ... 209s Selecting previously unselected package gnutls-bin. 209s Preparing to unpack .../03-gnutls-bin_3.8.3-1.1ubuntu3.2_amd64.deb ... 209s Unpacking gnutls-bin (3.8.3-1.1ubuntu3.2) ... 209s Selecting previously unselected package libavahi-common-data:amd64. 209s Preparing to unpack .../04-libavahi-common-data_0.8-13ubuntu6_amd64.deb ... 209s Unpacking libavahi-common-data:amd64 (0.8-13ubuntu6) ... 209s Selecting previously unselected package libavahi-common3:amd64. 209s Preparing to unpack .../05-libavahi-common3_0.8-13ubuntu6_amd64.deb ... 209s Unpacking libavahi-common3:amd64 (0.8-13ubuntu6) ... 209s Selecting previously unselected package libavahi-client3:amd64. 209s Preparing to unpack .../06-libavahi-client3_0.8-13ubuntu6_amd64.deb ... 209s Unpacking libavahi-client3:amd64 (0.8-13ubuntu6) ... 209s Selecting previously unselected package libbasicobjects0t64:amd64. 209s Preparing to unpack .../07-libbasicobjects0t64_0.6.2-2.1build1_amd64.deb ... 209s Unpacking libbasicobjects0t64:amd64 (0.6.2-2.1build1) ... 209s Selecting previously unselected package libcares2:amd64. 209s Preparing to unpack .../08-libcares2_1.27.0-1.0ubuntu1_amd64.deb ... 209s Unpacking libcares2:amd64 (1.27.0-1.0ubuntu1) ... 209s Selecting previously unselected package libcollection4t64:amd64. 209s Preparing to unpack .../09-libcollection4t64_0.6.2-2.1build1_amd64.deb ... 209s Unpacking libcollection4t64:amd64 (0.6.2-2.1build1) ... 209s Selecting previously unselected package libcrack2:amd64. 209s Preparing to unpack .../10-libcrack2_2.9.6-5.1build2_amd64.deb ... 209s Unpacking libcrack2:amd64 (2.9.6-5.1build2) ... 209s Selecting previously unselected package libdhash1t64:amd64. 209s Preparing to unpack .../11-libdhash1t64_0.6.2-2.1build1_amd64.deb ... 209s Unpacking libdhash1t64:amd64 (0.6.2-2.1build1) ... 209s Selecting previously unselected package libpath-utils1t64:amd64. 209s Preparing to unpack .../12-libpath-utils1t64_0.6.2-2.1build1_amd64.deb ... 209s Unpacking libpath-utils1t64:amd64 (0.6.2-2.1build1) ... 209s Selecting previously unselected package libref-array1t64:amd64. 209s Preparing to unpack .../13-libref-array1t64_0.6.2-2.1build1_amd64.deb ... 209s Unpacking libref-array1t64:amd64 (0.6.2-2.1build1) ... 209s Selecting previously unselected package libini-config5t64:amd64. 209s Preparing to unpack .../14-libini-config5t64_0.6.2-2.1build1_amd64.deb ... 209s Unpacking libini-config5t64:amd64 (0.6.2-2.1build1) ... 209s Selecting previously unselected package libipa-hbac0t64. 209s Preparing to unpack .../15-libipa-hbac0t64_2.9.4-1.1ubuntu6.1_amd64.deb ... 209s Unpacking libipa-hbac0t64 (2.9.4-1.1ubuntu6.1) ... 210s Selecting previously unselected package libtalloc2:amd64. 210s Preparing to unpack .../16-libtalloc2_2.4.2-1build2_amd64.deb ... 210s Unpacking libtalloc2:amd64 (2.4.2-1build2) ... 210s Selecting previously unselected package libtdb1:amd64. 210s Preparing to unpack .../17-libtdb1_1.4.10-1build1_amd64.deb ... 210s Unpacking libtdb1:amd64 (1.4.10-1build1) ... 210s Selecting previously unselected package libtevent0t64:amd64. 210s Preparing to unpack .../18-libtevent0t64_0.16.1-2build1_amd64.deb ... 210s Unpacking libtevent0t64:amd64 (0.16.1-2build1) ... 210s Selecting previously unselected package libldb2:amd64. 210s Preparing to unpack .../19-libldb2_2%3a2.8.0+samba4.19.5+dfsg-4ubuntu9_amd64.deb ... 210s Unpacking libldb2:amd64 (2:2.8.0+samba4.19.5+dfsg-4ubuntu9) ... 210s Selecting previously unselected package libnfsidmap1:amd64. 210s Preparing to unpack .../20-libnfsidmap1_1%3a2.6.4-3ubuntu5_amd64.deb ... 210s Unpacking libnfsidmap1:amd64 (1:2.6.4-3ubuntu5) ... 210s Selecting previously unselected package libpwquality-common. 210s Preparing to unpack .../21-libpwquality-common_1.4.5-3build1_all.deb ... 210s Unpacking libpwquality-common (1.4.5-3build1) ... 210s Selecting previously unselected package libpwquality1:amd64. 210s Preparing to unpack .../22-libpwquality1_1.4.5-3build1_amd64.deb ... 210s Unpacking libpwquality1:amd64 (1.4.5-3build1) ... 210s Selecting previously unselected package libpam-pwquality:amd64. 210s Preparing to unpack .../23-libpam-pwquality_1.4.5-3build1_amd64.deb ... 210s Unpacking libpam-pwquality:amd64 (1.4.5-3build1) ... 210s Selecting previously unselected package libwbclient0:amd64. 210s Preparing to unpack .../24-libwbclient0_2%3a4.19.5+dfsg-4ubuntu9_amd64.deb ... 210s Unpacking libwbclient0:amd64 (2:4.19.5+dfsg-4ubuntu9) ... 210s Selecting previously unselected package samba-libs:amd64. 210s Preparing to unpack .../25-samba-libs_2%3a4.19.5+dfsg-4ubuntu9_amd64.deb ... 210s Unpacking samba-libs:amd64 (2:4.19.5+dfsg-4ubuntu9) ... 210s Selecting previously unselected package libsmbclient0:amd64. 210s Preparing to unpack .../26-libsmbclient0_2%3a4.19.5+dfsg-4ubuntu9_amd64.deb ... 210s Unpacking libsmbclient0:amd64 (2:4.19.5+dfsg-4ubuntu9) ... 210s Selecting previously unselected package softhsm2-common. 210s Preparing to unpack .../27-softhsm2-common_2.6.1-2.2ubuntu3_amd64.deb ... 210s Unpacking softhsm2-common (2.6.1-2.2ubuntu3) ... 210s Selecting previously unselected package libsofthsm2. 210s Preparing to unpack .../28-libsofthsm2_2.6.1-2.2ubuntu3_amd64.deb ... 210s Unpacking libsofthsm2 (2.6.1-2.2ubuntu3) ... 210s Selecting previously unselected package softhsm2. 210s Preparing to unpack .../29-softhsm2_2.6.1-2.2ubuntu3_amd64.deb ... 210s Unpacking softhsm2 (2.6.1-2.2ubuntu3) ... 210s Selecting previously unselected package python3-sss. 210s Preparing to unpack .../30-python3-sss_2.9.4-1.1ubuntu6.1_amd64.deb ... 210s Unpacking python3-sss (2.9.4-1.1ubuntu6.1) ... 210s Selecting previously unselected package libsss-idmap0. 210s Preparing to unpack .../31-libsss-idmap0_2.9.4-1.1ubuntu6.1_amd64.deb ... 210s Unpacking libsss-idmap0 (2.9.4-1.1ubuntu6.1) ... 210s Selecting previously unselected package libnss-sss:amd64. 210s Preparing to unpack .../32-libnss-sss_2.9.4-1.1ubuntu6.1_amd64.deb ... 210s Unpacking libnss-sss:amd64 (2.9.4-1.1ubuntu6.1) ... 210s Selecting previously unselected package libpam-sss:amd64. 210s Preparing to unpack .../33-libpam-sss_2.9.4-1.1ubuntu6.1_amd64.deb ... 210s Unpacking libpam-sss:amd64 (2.9.4-1.1ubuntu6.1) ... 210s Selecting previously unselected package libsss-certmap0. 210s Preparing to unpack .../34-libsss-certmap0_2.9.4-1.1ubuntu6.1_amd64.deb ... 210s Unpacking libsss-certmap0 (2.9.4-1.1ubuntu6.1) ... 210s Selecting previously unselected package libsss-nss-idmap0. 210s Preparing to unpack .../35-libsss-nss-idmap0_2.9.4-1.1ubuntu6.1_amd64.deb ... 210s Unpacking libsss-nss-idmap0 (2.9.4-1.1ubuntu6.1) ... 210s Selecting previously unselected package sssd-common. 210s Preparing to unpack .../36-sssd-common_2.9.4-1.1ubuntu6.1_amd64.deb ... 210s Unpacking sssd-common (2.9.4-1.1ubuntu6.1) ... 210s Selecting previously unselected package sssd-ad-common. 210s Preparing to unpack .../37-sssd-ad-common_2.9.4-1.1ubuntu6.1_amd64.deb ... 210s Unpacking sssd-ad-common (2.9.4-1.1ubuntu6.1) ... 210s Selecting previously unselected package sssd-krb5-common. 210s Preparing to unpack .../38-sssd-krb5-common_2.9.4-1.1ubuntu6.1_amd64.deb ... 210s Unpacking sssd-krb5-common (2.9.4-1.1ubuntu6.1) ... 210s Selecting previously unselected package sssd-ad. 210s Preparing to unpack .../39-sssd-ad_2.9.4-1.1ubuntu6.1_amd64.deb ... 210s Unpacking sssd-ad (2.9.4-1.1ubuntu6.1) ... 210s Selecting previously unselected package sssd-ipa. 210s Preparing to unpack .../40-sssd-ipa_2.9.4-1.1ubuntu6.1_amd64.deb ... 210s Unpacking sssd-ipa (2.9.4-1.1ubuntu6.1) ... 210s Selecting previously unselected package sssd-krb5. 210s Preparing to unpack .../41-sssd-krb5_2.9.4-1.1ubuntu6.1_amd64.deb ... 210s Unpacking sssd-krb5 (2.9.4-1.1ubuntu6.1) ... 210s Selecting previously unselected package sssd-ldap. 210s Preparing to unpack .../42-sssd-ldap_2.9.4-1.1ubuntu6.1_amd64.deb ... 210s Unpacking sssd-ldap (2.9.4-1.1ubuntu6.1) ... 210s Selecting previously unselected package sssd-proxy. 210s Preparing to unpack .../43-sssd-proxy_2.9.4-1.1ubuntu6.1_amd64.deb ... 210s Unpacking sssd-proxy (2.9.4-1.1ubuntu6.1) ... 210s Selecting previously unselected package sssd. 210s Preparing to unpack .../44-sssd_2.9.4-1.1ubuntu6.1_amd64.deb ... 210s Unpacking sssd (2.9.4-1.1ubuntu6.1) ... 210s Selecting previously unselected package autopkgtest-satdep. 210s Preparing to unpack .../45-3-autopkgtest-satdep.deb ... 210s Unpacking autopkgtest-satdep (0) ... 210s Setting up libpwquality-common (1.4.5-3build1) ... 210s Setting up softhsm2-common (2.6.1-2.2ubuntu3) ... 211s 211s Creating config file /etc/softhsm/softhsm2.conf with new version 211s Setting up libnfsidmap1:amd64 (1:2.6.4-3ubuntu5) ... 211s Setting up libsss-idmap0 (2.9.4-1.1ubuntu6.1) ... 211s Setting up libbasicobjects0t64:amd64 (0.6.2-2.1build1) ... 211s Setting up libipa-hbac0t64 (2.9.4-1.1ubuntu6.1) ... 211s Setting up libref-array1t64:amd64 (0.6.2-2.1build1) ... 211s Setting up libtdb1:amd64 (1.4.10-1build1) ... 211s Setting up libcollection4t64:amd64 (0.6.2-2.1build1) ... 211s Setting up libevent-2.1-7t64:amd64 (2.1.12-stable-9ubuntu2) ... 211s Setting up libwbclient0:amd64 (2:4.19.5+dfsg-4ubuntu9) ... 211s Setting up libtalloc2:amd64 (2.4.2-1build2) ... 211s Setting up libpath-utils1t64:amd64 (0.6.2-2.1build1) ... 211s Setting up libunbound8:amd64 (1.19.2-1ubuntu3.3) ... 211s Setting up libgnutls-dane0t64:amd64 (3.8.3-1.1ubuntu3.2) ... 211s Setting up libavahi-common-data:amd64 (0.8-13ubuntu6) ... 211s Setting up libcares2:amd64 (1.27.0-1.0ubuntu1) ... 211s Setting up libdhash1t64:amd64 (0.6.2-2.1build1) ... 211s Setting up libcrack2:amd64 (2.9.6-5.1build2) ... 211s Setting up libsss-nss-idmap0 (2.9.4-1.1ubuntu6.1) ... 211s Setting up libini-config5t64:amd64 (0.6.2-2.1build1) ... 211s Setting up libtevent0t64:amd64 (0.16.1-2build1) ... 211s Setting up libnss-sss:amd64 (2.9.4-1.1ubuntu6.1) ... 211s Setting up gnutls-bin (3.8.3-1.1ubuntu3.2) ... 211s Setting up libsofthsm2 (2.6.1-2.2ubuntu3) ... 211s Setting up softhsm2 (2.6.1-2.2ubuntu3) ... 211s Setting up libavahi-common3:amd64 (0.8-13ubuntu6) ... 211s Setting up libsss-certmap0 (2.9.4-1.1ubuntu6.1) ... 211s Setting up libpwquality1:amd64 (1.4.5-3build1) ... 211s Setting up libldb2:amd64 (2:2.8.0+samba4.19.5+dfsg-4ubuntu9) ... 211s Setting up libavahi-client3:amd64 (0.8-13ubuntu6) ... 211s Setting up libpam-pwquality:amd64 (1.4.5-3build1) ... 211s Setting up samba-libs:amd64 (2:4.19.5+dfsg-4ubuntu9) ... 211s Setting up python3-sss (2.9.4-1.1ubuntu6.1) ... 211s Setting up libsmbclient0:amd64 (2:4.19.5+dfsg-4ubuntu9) ... 211s Setting up libpam-sss:amd64 (2.9.4-1.1ubuntu6.1) ... 211s Setting up sssd-common (2.9.4-1.1ubuntu6.1) ... 211s Creating SSSD system user & group... 211s warn: The home directory `/var/lib/sss' already exists. Not touching this directory. 211s warn: Warning: The home directory `/var/lib/sss' does not belong to the user you are currently creating. 211s Warning: found usr.sbin.sssd in /etc/apparmor.d/force-complain, forcing complain mode 211s Warning from /etc/apparmor.d/usr.sbin.sssd (/etc/apparmor.d/usr.sbin.sssd line 63): Caching disabled for: 'usr.sbin.sssd' due to force complain 212s Created symlink /etc/systemd/system/sssd.service.wants/sssd-autofs.socket → /usr/lib/systemd/system/sssd-autofs.socket. 212s Created symlink /etc/systemd/system/sssd.service.wants/sssd-nss.socket → /usr/lib/systemd/system/sssd-nss.socket. 212s Created symlink /etc/systemd/system/sssd.service.wants/sssd-pam-priv.socket → /usr/lib/systemd/system/sssd-pam-priv.socket. 212s Created symlink /etc/systemd/system/sssd.service.wants/sssd-pam.socket → /usr/lib/systemd/system/sssd-pam.socket. 213s Created symlink /etc/systemd/system/sssd.service.wants/sssd-ssh.socket → /usr/lib/systemd/system/sssd-ssh.socket. 213s Created symlink /etc/systemd/system/sssd.service.wants/sssd-sudo.socket → /usr/lib/systemd/system/sssd-sudo.socket. 213s Created symlink /etc/systemd/system/multi-user.target.wants/sssd.service → /usr/lib/systemd/system/sssd.service. 213s sssd-autofs.service is a disabled or a static unit, not starting it. 214s sssd-nss.service is a disabled or a static unit, not starting it. 214s sssd-pam.service is a disabled or a static unit, not starting it. 214s sssd-ssh.service is a disabled or a static unit, not starting it. 214s sssd-sudo.service is a disabled or a static unit, not starting it. 214s Could not execute systemctl: at /usr/bin/deb-systemd-invoke line 148. 214s Setting up sssd-proxy (2.9.4-1.1ubuntu6.1) ... 214s Setting up sssd-ad-common (2.9.4-1.1ubuntu6.1) ... 214s Created symlink /etc/systemd/system/sssd.service.wants/sssd-pac.socket → /usr/lib/systemd/system/sssd-pac.socket. 214s sssd-pac.service is a disabled or a static unit, not starting it. 214s Could not execute systemctl: at /usr/bin/deb-systemd-invoke line 148. 214s Setting up sssd-krb5-common (2.9.4-1.1ubuntu6.1) ... 214s Setting up sssd-krb5 (2.9.4-1.1ubuntu6.1) ... 214s Setting up sssd-ldap (2.9.4-1.1ubuntu6.1) ... 214s Setting up sssd-ad (2.9.4-1.1ubuntu6.1) ... 214s Setting up sssd-ipa (2.9.4-1.1ubuntu6.1) ... 214s Setting up sssd (2.9.4-1.1ubuntu6.1) ... 214s Setting up autopkgtest-satdep (0) ... 214s Processing triggers for man-db (2.12.0-4build2) ... 215s Processing triggers for libc-bin (2.39-0ubuntu8.3) ... 218s (Reading database ... 74733 files and directories currently installed.) 218s Removing autopkgtest-satdep (0) ... 219s autopkgtest [08:20:19]: test sssd-softhism2-certificates-tests.sh: [----------------------- 220s + '[' -z ubuntu ']' 220s + required_tools=(p11tool openssl softhsm2-util) 220s + for cmd in "${required_tools[@]}" 220s + command -v p11tool 220s + for cmd in "${required_tools[@]}" 220s + command -v openssl 220s + for cmd in "${required_tools[@]}" 220s + command -v softhsm2-util 220s + PIN=053350 220s +++ find /usr/lib/softhsm/libsofthsm2.so 220s +++ head -n 1 220s ++ realpath /usr/lib/softhsm/libsofthsm2.so 220s + SOFTHSM2_MODULE=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so 220s + SSSD_P11_CHILD=/usr/libexec/sssd/p11_child 220s + TOKEN_ID=00112233445566778899FFAABBCCDDEEFF012345 220s + '[' '!' -v NO_SSSD_TESTS ']' 220s + '[' '!' -x /usr/libexec/sssd/p11_child ']' 220s + ca_db_arg=ca_db 220s ++ /usr/libexec/sssd/p11_child --help 220s + p11_child_help='Usage: p11_child [OPTION...] 220s -d, --debug-level=INT Debug level 220s --debug-timestamps=INT Add debug timestamps 220s --debug-microseconds=INT Show timestamps with microseconds 220s --dumpable=INT Allow core dumps 220s --debug-fd=INT An open file descriptor for the debug 220s logs 220s --logger=stderr|files|journald Set logger 220s --auth Run in auth mode 220s --pre Run in pre-auth mode 220s --wait_for_card Wait until card is available 220s --verification Run in verification mode 220s --pin Expect PIN on stdin 220s --keypad Expect PIN on keypad 220s --verify=STRING Tune validation 220s --ca_db=STRING CA DB to use 220s --module_name=STRING Module name for authentication 220s --token_name=STRING Token name for authentication 220s --key_id=STRING Key ID for authentication 220s --label=STRING Label for authentication 220s --certificate=STRING certificate to verify, base64 encoded 220s --uri=STRING PKCS#11 URI to restrict selection 220s --chain-id=LONG Tevent chain ID used for logging 220s purposes 220s 220s Help options: 220s -?, --help Show this help message 220s --usage Display brief usage message' 220s + echo 'Usage: p11_child [OPTION...] 220s -d, --debug-level=INT Debug level 220s --debug-timestamps=INT Add debug timestamps 220s --debug-microseconds=INT Show timestamps with microseconds 220s --dumpable=INT Allow core dumps 220s --debug-fd=INT An open file descriptor for the debug 220s logs 220s --logger=stderr|files|journald Set logger 220s --auth Run in auth mode 220s --pre Run in pre-auth mode 220s --wait_for_card Wait until card is available 220s --verification Run in verification mode 220s --pin Expect PIN on stdin 220s --keypad Expect PIN on keypad 220s --verify=STRING Tune validation 220s --ca_db=STRING CA DB to use 220s --module_name=STRING Module name for authentication 220s --token_name=STRING Token name for authentication 220s --key_id=STRING Key ID for authentication 220s --label=STRING Label for authentication 220s --certificate=STRING certificate to verify, base64 encoded 220s --uri=STRING PKCS#11 URI to restrict selection 220s --chain-id=LONG Tevent chain ID used for logging 220s purposes 220s 220s Help options: 220s -?, --help Show this help message 220s --usage Display brief usage message' 220s + grep nssdb -qs 220s + echo 'Usage: p11_child [OPTION...] 220s -d, --debug-level=INT Debug level 220s --debug-timestamps=INT Add debug timestamps 220s --debug-microseconds=INT Show timestamps with microseconds 220s --dumpable=INT Allow core dumps 220s --debug-fd=INT An open file descriptor for the debug 220s logs 220s --logger=stderr|files|journald Set logger 220s --auth Run in auth mode 220s --pre Run in pre-auth mode 220s --wait_for_card Wait until card is available 220s --verification Run in verification mode 220s --pin Expect PIN on stdin 220s --keypad Expect PIN on keypad 220s --verify=STRING Tune validation 220s --ca_db=STRING CA DB to use 220s --module_name=STRING Module name for authentication 220s --token_name=STRING Token name for authentication 220s --key_id=STRING Key ID for authentication 220s --label=STRING Label for authentication 220s --certificate=STRING certificate to verify, base64 encoded 220s --uri=STRING PKCS#11 URI to restrict selection 220s --chain-id=LONG Tevent chain ID used for logging 220s purposes 220s 220s Help options: 220s -?, --help Show this help message 220s --usage Display brief usage message' 220s + grep -qs -- --ca_db 220s + '[' '!' -e /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so ']' 220s ++ mktemp -d -t sssd-softhsm2-XXXXXX 220s + tmpdir=/tmp/sssd-softhsm2-vGKIeX 220s + keys_size=1024 220s + [[ ! -v KEEP_TEMPORARY_FILES ]] 220s + trap 'rm -rf "$tmpdir"' EXIT 220s + trap 'set +x; echo -e "\nUnexpected failure!!!"' ERR 220s + echo -n 01 220s + touch /tmp/sssd-softhsm2-vGKIeX/index.txt 220s + mkdir -p /tmp/sssd-softhsm2-vGKIeX/new_certs 220s + cat 220s + root_ca_key_pass=pass:random-root-CA-password-7264 220s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-vGKIeX/test-root-CA-key.pem -passout pass:random-root-CA-password-7264 1024 220s + openssl req -passin pass:random-root-CA-password-7264 -batch -config /tmp/sssd-softhsm2-vGKIeX/test-root-CA.config -x509 -new -nodes -key /tmp/sssd-softhsm2-vGKIeX/test-root-CA-key.pem -sha256 -days 1024 -set_serial 0 -extensions v3_ca -out /tmp/sssd-softhsm2-vGKIeX/test-root-CA.pem 220s + openssl x509 -noout -in /tmp/sssd-softhsm2-vGKIeX/test-root-CA.pem 220s + cat 220s + intermediate_ca_key_pass=pass:random-intermediate-CA-password-24134 220s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-vGKIeX/test-intermediate-CA-key.pem -passout pass:random-intermediate-CA-password-24134 1024 220s + openssl req -batch -new -nodes -passin pass:random-intermediate-CA-password-24134 -config /tmp/sssd-softhsm2-vGKIeX/test-intermediate-CA.config -key /tmp/sssd-softhsm2-vGKIeX/test-intermediate-CA-key.pem -passout pass:random-root-CA-password-7264 -sha256 -extensions v3_ca -out /tmp/sssd-softhsm2-vGKIeX/test-intermediate-CA-certificate-request.pem 220s + openssl req -text -noout -in /tmp/sssd-softhsm2-vGKIeX/test-intermediate-CA-certificate-request.pem 220s Certificate Request: 220s Data: 220s Version: 1 (0x0) 220s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 220s Subject Public Key Info: 220s Public Key Algorithm: rsaEncryption 220s Public-Key: (1024 bit) 220s Modulus: 220s 00:b1:40:1d:f1:97:a7:4d:16:61:52:9d:a8:ab:4d: 220s 53:92:84:3b:9c:2c:d7:9f:c3:78:a7:4c:a6:13:9d: 220s 57:c6:fe:84:37:04:67:0f:42:16:c9:d3:ea:55:b2: 220s 2c:c8:72:f0:c1:38:e6:b1:4b:7d:83:a7:4c:71:c7: 220s 43:b6:14:e3:67:48:8d:e1:d5:8c:16:48:96:d3:17: 220s b5:25:ad:a5:c4:f2:a5:e0:3d:42:b7:12:8f:8b:17: 220s e2:ef:ce:4a:bc:58:5c:8f:f9:65:ec:d4:32:3d:b1: 220s 25:f2:6f:f3:af:37:18:a0:54:19:c2:ff:58:93:e7: 220s e6:4e:d7:d4:35:a4:1c:d3:db 220s Exponent: 65537 (0x10001) 220s Attributes: 220s (none) 220s Requested Extensions: 220s Signature Algorithm: sha256WithRSAEncryption 220s Signature Value: 220s 88:42:1e:d8:76:e1:e4:ec:c2:68:38:92:5c:c7:a3:08:2a:f3: 220s 9b:39:e5:f6:ec:75:95:11:c1:9c:15:91:72:6e:cc:56:af:33: 220s 5e:7c:1d:b2:6b:33:59:0c:fc:11:bf:06:e3:8a:45:15:c8:c3: 220s 2e:05:3e:18:a6:6c:e7:ed:a8:d5:24:6b:bd:cf:e9:d9:5b:6e: 220s ec:21:2d:40:65:3a:0d:d1:6b:51:57:49:df:6f:cf:ae:8d:2e: 220s 55:c2:79:7c:a3:4b:1f:6c:33:94:3b:a0:bf:ae:07:37:f3:8e: 220s f1:f1:32:c8:31:28:61:68:17:e1:1b:d5:92:2b:a3:d4:83:e6: 220s c6:15 220s + openssl ca -batch -notext -config /tmp/sssd-softhsm2-vGKIeX/test-root-CA.config -passin pass:random-root-CA-password-7264 -keyfile /tmp/sssd-softhsm2-vGKIeX/test-root-CA-key.pem -in /tmp/sssd-softhsm2-vGKIeX/test-intermediate-CA-certificate-request.pem -days 365 -extensions v3_intermediate_ca -out /tmp/sssd-softhsm2-vGKIeX/test-intermediate-CA.pem 220s Using configuration from /tmp/sssd-softhsm2-vGKIeX/test-root-CA.config 220s Check that the request matches the signature 220s Signature ok 220s Certificate Details: 220s Serial Number: 1 (0x1) 220s Validity 220s Not Before: Nov 16 08:20:19 2024 GMT 220s Not After : Nov 16 08:20:19 2025 GMT 220s Subject: 220s organizationName = Test Organization 220s organizationalUnitName = Test Organization Unit 220s commonName = Test Organization Intermediate CA 220s X509v3 extensions: 220s X509v3 Subject Key Identifier: 220s A5:BE:DF:55:00:65:6F:91:2E:96:46:7D:FB:7D:BA:50:20:2C:9C:37 220s X509v3 Authority Key Identifier: 220s keyid:41:F8:BE:A0:4A:BE:BE:C1:12:21:04:F8:FE:63:A9:02:CC:CB:A0:AC 220s DirName:/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root CA 220s serial:00 220s X509v3 Basic Constraints: 220s CA:TRUE 220s X509v3 Key Usage: critical 220s Digital Signature, Certificate Sign, CRL Sign 220s Certificate is to be certified until Nov 16 08:20:19 2025 GMT (365 days) 220s 220s Write out database with 1 new entries 220s Database updated 220s + openssl x509 -noout -in /tmp/sssd-softhsm2-vGKIeX/test-intermediate-CA.pem 220s + openssl verify -CAfile /tmp/sssd-softhsm2-vGKIeX/test-root-CA.pem /tmp/sssd-softhsm2-vGKIeX/test-intermediate-CA.pem 220s + cat 220s /tmp/sssd-softhsm2-vGKIeX/test-intermediate-CA.pem: OK 220s + sub_intermediate_ca_key_pass=pass:random-sub-intermediate-CA-password-5690 220s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-vGKIeX/test-sub-intermediate-CA-key.pem -passout pass:random-sub-intermediate-CA-password-5690 1024 220s + openssl req -batch -new -nodes -passin pass:random-sub-intermediate-CA-password-5690 -config /tmp/sssd-softhsm2-vGKIeX/test-sub-intermediate-CA.config -key /tmp/sssd-softhsm2-vGKIeX/test-sub-intermediate-CA-key.pem -passout pass:random-intermediate-CA-password-24134 -sha256 -extensions v3_ca -out /tmp/sssd-softhsm2-vGKIeX/test-sub-intermediate-CA-certificate-request.pem 220s + openssl req -text -noout -in /tmp/sssd-softhsm2-vGKIeX/test-sub-intermediate-CA-certificate-request.pem 220s Certificate Request: 220s Data: 220s Version: 1 (0x0) 220s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 220s Subject Public Key Info: 220s Public Key Algorithm: rsaEncryption 220s Public-Key: (1024 bit) 220s Modulus: 220s 00:e9:d7:7c:18:8c:63:b1:3c:6a:5c:9e:c2:81:8f: 220s b6:75:76:8a:5b:24:5e:2b:ec:b3:d1:ee:c3:a9:76: 220s d2:ad:e8:94:2d:ef:61:d7:5b:77:57:7f:a7:2f:cb: 220s db:ae:d6:f1:fc:f0:43:af:67:f7:20:1e:e2:aa:f4: 220s 21:ae:66:e7:75:82:19:8a:cb:b3:d0:2f:f4:fb:83: 220s bf:43:df:f1:df:59:39:f7:13:47:c9:e7:f3:aa:d4: 220s a6:72:20:85:41:d2:1c:d9:57:7c:20:c7:79:9b:ff: 220s d7:0c:39:14:f1:3c:3d:86:ae:c3:44:49:08:b6:f2: 220s 6b:23:0d:7e:52:66:ff:3e:85 220s Exponent: 65537 (0x10001) 220s Attributes: 220s (none) 220s Requested Extensions: 220s Signature Algorithm: sha256WithRSAEncryption 220s Signature Value: 220s 76:bf:2d:29:9e:26:12:42:91:89:0b:b4:5e:d5:8b:fe:25:c5: 220s 06:70:94:a4:d2:3c:1c:74:10:07:bd:8b:0b:95:1c:cd:51:ce: 220s ac:39:e1:1b:88:9b:a0:69:e9:cd:ab:52:3a:35:34:08:cc:a2: 220s 6c:4b:5d:1f:b8:27:1c:59:a7:b6:a5:78:36:2d:73:b8:df:f7: 220s 19:71:a7:af:1d:ca:60:07:2f:85:3d:b2:02:d2:ce:86:69:5f: 220s df:af:7c:57:61:2e:fa:0c:f0:e0:f1:4c:27:4f:55:fa:ff:53: 220s 48:9f:7c:cd:d1:3d:d3:ff:30:9e:c7:ea:43:66:9f:68:ce:70: 220s c4:68 220s + openssl ca -batch -notext -config /tmp/sssd-softhsm2-vGKIeX/test-intermediate-CA.config -passin pass:random-intermediate-CA-password-24134 -keyfile /tmp/sssd-softhsm2-vGKIeX/test-intermediate-CA-key.pem -in /tmp/sssd-softhsm2-vGKIeX/test-sub-intermediate-CA-certificate-request.pem -days 365 -extensions v3_intermediate_ca -out /tmp/sssd-softhsm2-vGKIeX/test-sub-intermediate-CA.pem 220s Using configuration from /tmp/sssd-softhsm2-vGKIeX/test-intermediate-CA.config 220s Check that the request matches the signature 220s Signature ok 220s Certificate Details: 220s Serial Number: 2 (0x2) 220s Validity 220s Not Before: Nov 16 08:20:19 2024 GMT 220s Not After : Nov 16 08:20:19 2025 GMT 220s Subject: 220s organizationName = Test Organization 220s organizationalUnitName = Test Organization Unit 220s commonName = Test Organization Sub Intermediate CA 220s X509v3 extensions: 220s X509v3 Subject Key Identifier: 220s CE:E4:D7:C9:62:F1:65:AA:C8:13:A2:88:4D:DA:19:76:0B:96:7C:FE 220s X509v3 Authority Key Identifier: 220s keyid:A5:BE:DF:55:00:65:6F:91:2E:96:46:7D:FB:7D:BA:50:20:2C:9C:37 220s DirName:/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root CA 220s serial:01 220s X509v3 Basic Constraints: 220s CA:TRUE 220s X509v3 Key Usage: critical 220s Digital Signature, Certificate Sign, CRL Sign 220s Certificate is to be certified until Nov 16 08:20:19 2025 GMT (365 days) 220s 220s Write out database with 1 new entries 220s Database updated 220s + openssl x509 -noout -in /tmp/sssd-softhsm2-vGKIeX/test-sub-intermediate-CA.pem 220s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-vGKIeX/test-intermediate-CA.pem /tmp/sssd-softhsm2-vGKIeX/test-sub-intermediate-CA.pem 220s /tmp/sssd-softhsm2-vGKIeX/test-sub-intermediate-CA.pem: OK 220s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-vGKIeX/test-root-CA.pem /tmp/sssd-softhsm2-vGKIeX/test-sub-intermediate-CA.pem 220s + local cmd=openssl 220s + shift 220s + openssl verify -CAfile /tmp/sssd-softhsm2-vGKIeX/test-root-CA.pem /tmp/sssd-softhsm2-vGKIeX/test-sub-intermediate-CA.pem 220s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 220s error 20 at 0 depth lookup: unable to get local issuer certificate 220s error /tmp/sssd-softhsm2-vGKIeX/test-sub-intermediate-CA.pem: verification failed 220s + cat 220s + root_ca_trusted_cert_0001_key_pass=pass:random-root-ca-trusted-cert-0001-13526 220s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-vGKIeX/test-root-CA-trusted-certificate-0001-key.pem -passout pass:random-root-ca-trusted-cert-0001-13526 1024 220s + openssl req -new -nodes -reqexts req_exts -passin pass:random-root-ca-trusted-cert-0001-13526 -key /tmp/sssd-softhsm2-vGKIeX/test-root-CA-trusted-certificate-0001-key.pem -config /tmp/sssd-softhsm2-vGKIeX/test-root-CA-trusted-certificate-0001.config -out /tmp/sssd-softhsm2-vGKIeX/test-root-CA-trusted-certificate-0001-request.pem 220s + openssl req -text -noout -in /tmp/sssd-softhsm2-vGKIeX/test-root-CA-trusted-certificate-0001-request.pem 220s Certificate Request: 220s Data: 220s Version: 1 (0x0) 220s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 220s Subject Public Key Info: 220s Public Key Algorithm: rsaEncryption 220s Public-Key: (1024 bit) 220s Modulus: 220s 00:be:da:b3:7a:21:b8:8c:90:ba:d9:a8:84:40:d6: 220s f9:4b:d0:8a:d0:a6:11:e6:7a:de:3d:1a:73:28:18: 220s f0:dd:4f:17:63:cf:69:e8:92:40:e3:de:2e:9c:a4: 220s bc:5d:9b:f8:a6:db:a2:f7:16:f3:72:bc:59:e1:3f: 220s 0b:48:f1:7b:4a:94:0f:a6:eb:6c:d9:a5:0f:f5:50: 220s bf:51:13:01:aa:6b:f7:33:a6:91:41:1c:a9:57:d3: 220s ea:f2:35:57:cc:b9:48:02:ba:69:0b:fc:18:b2:20: 220s 9f:0f:b5:7c:83:b9:c3:fc:7a:93:09:c7:61:22:db: 220s 7d:42:d7:7c:a8:a8:bf:93:41 220s Exponent: 65537 (0x10001) 220s Attributes: 220s Requested Extensions: 220s X509v3 Basic Constraints: 220s CA:FALSE 220s Netscape Cert Type: 220s SSL Client, S/MIME 220s Netscape Comment: 220s Test Organization Root CA trusted Certificate 220s X509v3 Subject Key Identifier: 220s 6E:1D:42:48:63:30:85:93:0F:22:DE:3D:15:92:4D:95:E8:9C:BB:22 220s X509v3 Key Usage: critical 220s Digital Signature, Non Repudiation, Key Encipherment 220s X509v3 Extended Key Usage: 220s TLS Web Client Authentication, E-mail Protection 220s X509v3 Subject Alternative Name: 220s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 220s Signature Algorithm: sha256WithRSAEncryption 220s Signature Value: 220s 79:19:21:c3:3a:a8:f3:d0:3a:7d:26:c1:af:c2:0e:8e:4a:69: 220s fc:27:f7:58:e4:50:c3:39:c4:89:23:4b:d0:57:2b:92:6d:f5: 220s 8f:d7:55:87:6c:df:d4:44:31:d5:09:60:85:72:25:97:06:60: 220s c0:d4:a2:fe:4a:e0:de:33:4e:f0:22:f3:03:3c:a3:57:a6:7a: 220s a0:b0:2f:76:f3:2a:6a:7a:bb:e4:36:54:85:d1:8d:f8:25:6a: 220s 65:f5:4c:1f:26:4d:c2:f7:81:0d:a6:83:64:df:c0:ed:d9:af: 220s 53:7e:4b:e5:42:be:68:06:9a:67:e6:fc:fd:de:ea:b5:24:b0: 220s 29:86 220s + openssl ca -batch -notext -config /tmp/sssd-softhsm2-vGKIeX/test-root-CA.config -passin pass:random-root-CA-password-7264 -keyfile /tmp/sssd-softhsm2-vGKIeX/test-root-CA-key.pem -in /tmp/sssd-softhsm2-vGKIeX/test-root-CA-trusted-certificate-0001-request.pem -days 365 -extensions usr_cert -out /tmp/sssd-softhsm2-vGKIeX/test-root-CA-trusted-certificate-0001.pem 220s Using configuration from /tmp/sssd-softhsm2-vGKIeX/test-root-CA.config 220s Check that the request matches the signature 220s Signature ok 220s Certificate Details: 220s Serial Number: 3 (0x3) 220s Validity 220s Not Before: Nov 16 08:20:19 2024 GMT 220s Not After : Nov 16 08:20:19 2025 GMT 220s Subject: 220s organizationName = Test Organization 220s organizationalUnitName = Test Organization Unit 220s commonName = Test Organization Root Trusted Certificate 0001 220s X509v3 extensions: 220s X509v3 Authority Key Identifier: 220s 41:F8:BE:A0:4A:BE:BE:C1:12:21:04:F8:FE:63:A9:02:CC:CB:A0:AC 220s X509v3 Basic Constraints: 220s CA:FALSE 220s Netscape Cert Type: 220s SSL Client, S/MIME 220s Netscape Comment: 220s Test Organization Root CA trusted Certificate 220s X509v3 Subject Key Identifier: 220s 6E:1D:42:48:63:30:85:93:0F:22:DE:3D:15:92:4D:95:E8:9C:BB:22 220s X509v3 Key Usage: critical 220s Digital Signature, Non Repudiation, Key Encipherment 220s X509v3 Extended Key Usage: 220s TLS Web Client Authentication, E-mail Protection 220s X509v3 Subject Alternative Name: 220s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 220s Certificate is to be certified until Nov 16 08:20:19 2025 GMT (365 days) 220s 220s Write out database with 1 new entries 220s Database updated 220s + openssl x509 -noout -in /tmp/sssd-softhsm2-vGKIeX/test-root-CA-trusted-certificate-0001.pem 220s + openssl verify -CAfile /tmp/sssd-softhsm2-vGKIeX/test-root-CA.pem /tmp/sssd-softhsm2-vGKIeX/test-root-CA-trusted-certificate-0001.pem 220s /tmp/sssd-softhsm2-vGKIeX/test-root-CA-trusted-certificate-0001.pem: OK 220s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-vGKIeX/test-intermediate-CA.pem /tmp/sssd-softhsm2-vGKIeX/test-root-CA-trusted-certificate-0001.pem 220s + local cmd=openssl 220s + shift 220s + openssl verify -CAfile /tmp/sssd-softhsm2-vGKIeX/test-intermediate-CA.pem /tmp/sssd-softhsm2-vGKIeX/test-root-CA-trusted-certificate-0001.pem 220s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 220s error 20 at 0 depth lookup: unable to get local issuer certificate 220s error /tmp/sssd-softhsm2-vGKIeX/test-root-CA-trusted-certificate-0001.pem: verification failed 220s + cat 220s + intermediate_ca_trusted_cert_0001_key_pass=pass:random-intermediate-ca-trusted-cert-0001-21192 220s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-vGKIeX/test-intermediate-CA-trusted-certificate-0001-key.pem -passout pass:random-intermediate-ca-trusted-cert-0001-21192 1024 220s + openssl req -new -nodes -reqexts req_exts -passin pass:random-intermediate-ca-trusted-cert-0001-21192 -key /tmp/sssd-softhsm2-vGKIeX/test-intermediate-CA-trusted-certificate-0001-key.pem -config /tmp/sssd-softhsm2-vGKIeX/test-intermediate-CA-trusted-certificate-0001.config -out /tmp/sssd-softhsm2-vGKIeX/test-intermediate-CA-trusted-certificate-0001-request.pem 220s + openssl req -text -noout -in /tmp/sssd-softhsm2-vGKIeX/test-intermediate-CA-trusted-certificate-0001-request.pem 220s Certificate Request: 220s Data: 220s Version: 1 (0x0) 220s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 220s Subject Public Key Info: 220s Public Key Algorithm: rsaEncryption 220s Public-Key: (1024 bit) 220s Modulus: 220s 00:b6:b8:aa:dc:ca:df:e1:e2:b2:1b:a2:1c:53:f9: 220s 36:1d:79:7b:c8:7e:c8:f9:f5:85:95:7f:63:18:4a: 220s e5:69:a9:ae:5c:b5:28:f4:7d:a5:f2:08:cb:da:d0: 220s 6a:6e:40:e2:b4:5c:0e:cc:f2:13:bd:27:76:a6:b2: 220s e0:73:81:aa:ab:86:5f:c1:03:5b:3f:bd:d4:66:6a: 220s 9b:de:e6:ea:47:33:2c:ee:a2:12:22:d0:45:d5:66: 220s 21:3c:9f:52:7a:15:59:03:31:e2:b2:60:63:28:1d: 220s 34:76:f6:c4:7a:67:a0:7d:33:94:2a:38:43:72:82: 220s d6:08:fb:b1:f7:d5:31:f6:5b 220s Exponent: 65537 (0x10001) 220s Attributes: 220s Requested Extensions: 220s X509v3 Basic Constraints: 220s CA:FALSE 220s Netscape Cert Type: 220s SSL Client, S/MIME 220s Netscape Comment: 220s Test Organization Intermediate CA trusted Certificate 220s X509v3 Subject Key Identifier: 220s F3:74:AE:FC:9B:75:4E:01:4F:B4:6E:95:DA:B7:A6:C8:8F:49:10:4A 220s X509v3 Key Usage: critical 220s Digital Signature, Non Repudiation, Key Encipherment 220s X509v3 Extended Key Usage: 220s TLS Web Client Authentication, E-mail Protection 220s X509v3 Subject Alternative Name: 220s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 220s Signature Algorithm: sha256WithRSAEncryption 220s Signature Value: 220s 76:12:64:2e:67:7d:23:94:3f:bc:56:6b:90:7d:62:ed:c5:aa: 220s 76:70:86:1e:75:2b:4b:e5:2f:f8:03:fa:5f:8a:34:10:4d:e1: 220s 30:6f:c5:92:a2:82:cc:53:02:4f:d3:21:7e:d9:2e:6f:ff:48: 220s 48:fc:d4:39:43:9e:62:54:3d:6b:0c:37:25:b0:86:e9:3c:ec: 220s d7:97:05:1a:c6:f2:79:35:83:06:5d:c6:c7:2f:d4:fc:7a:36: 220s 0c:78:18:9a:c8:58:c9:e7:23:4c:34:fa:51:04:9f:07:2e:00: 220s 1e:ab:df:fe:b9:89:19:71:c2:c6:59:6c:f8:b3:b6:d8:18:43: 220s b9:71 220s + openssl ca -passin pass:random-intermediate-CA-password-24134 -config /tmp/sssd-softhsm2-vGKIeX/test-intermediate-CA.config -batch -notext -keyfile /tmp/sssd-softhsm2-vGKIeX/test-intermediate-CA-key.pem -in /tmp/sssd-softhsm2-vGKIeX/test-intermediate-CA-trusted-certificate-0001-request.pem -days 365 -extensions usr_cert -out /tmp/sssd-softhsm2-vGKIeX/test-intermediate-CA-trusted-certificate-0001.pem 220s Using configuration from /tmp/sssd-softhsm2-vGKIeX/test-intermediate-CA.config 220s Check that the request matches the signature 220s Signature ok 220s Certificate Details: 220s Serial Number: 4 (0x4) 220s Validity 220s Not Before: Nov 16 08:20:19 2024 GMT 220s Not After : Nov 16 08:20:19 2025 GMT 220s Subject: 220s organizationName = Test Organization 220s organizationalUnitName = Test Organization Unit 220s commonName = Test Organization Intermediate Trusted Certificate 0001 220s X509v3 extensions: 220s X509v3 Authority Key Identifier: 220s A5:BE:DF:55:00:65:6F:91:2E:96:46:7D:FB:7D:BA:50:20:2C:9C:37 220s X509v3 Basic Constraints: 220s CA:FALSE 220s Netscape Cert Type: 220s SSL Client, S/MIME 220s Netscape Comment: 220s Test Organization Intermediate CA trusted Certificate 220s X509v3 Subject Key Identifier: 220s F3:74:AE:FC:9B:75:4E:01:4F:B4:6E:95:DA:B7:A6:C8:8F:49:10:4A 220s X509v3 Key Usage: critical 220s Digital Signature, Non Repudiation, Key Encipherment 220s X509v3 Extended Key Usage: 220s TLS Web Client Authentication, E-mail Protection 220s X509v3 Subject Alternative Name: 220s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 220s Certificate is to be certified until Nov 16 08:20:19 2025 GMT (365 days) 220s 220s Write out database with 1 new entries 220s Database updated 220s + openssl x509 -noout -in /tmp/sssd-softhsm2-vGKIeX/test-intermediate-CA-trusted-certificate-0001.pem 220s This certificate should not be trusted fully 220s + echo 'This certificate should not be trusted fully' 220s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-vGKIeX/test-intermediate-CA.pem /tmp/sssd-softhsm2-vGKIeX/test-intermediate-CA-trusted-certificate-0001.pem 220s + local cmd=openssl 220s + shift 220s + openssl verify -CAfile /tmp/sssd-softhsm2-vGKIeX/test-intermediate-CA.pem /tmp/sssd-softhsm2-vGKIeX/test-intermediate-CA-trusted-certificate-0001.pem 220s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 220s error 2 at 1 depth lookup: unable to get issuer certificate 220s error /tmp/sssd-softhsm2-vGKIeX/test-intermediate-CA-trusted-certificate-0001.pem: verification failed 220s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-vGKIeX/test-intermediate-CA.pem /tmp/sssd-softhsm2-vGKIeX/test-intermediate-CA-trusted-certificate-0001.pem 220s /tmp/sssd-softhsm2-vGKIeX/test-intermediate-CA-trusted-certificate-0001.pem: OK 220s + cat 220s + sub_intermediate_ca_trusted_cert_0001_key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-7510 220s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-vGKIeX/test-sub-intermediate-CA-trusted-certificate-0001-key.pem -passout pass:random-sub-intermediate-ca-trusted-cert-0001-7510 1024 220s + openssl req -new -nodes -reqexts req_exts -passin pass:random-sub-intermediate-ca-trusted-cert-0001-7510 -key /tmp/sssd-softhsm2-vGKIeX/test-sub-intermediate-CA-trusted-certificate-0001-key.pem -config /tmp/sssd-softhsm2-vGKIeX/test-sub-intermediate-CA-trusted-certificate-0001.config -out /tmp/sssd-softhsm2-vGKIeX/test-sub-intermediate-CA-trusted-certificate-0001-request.pem 220s + openssl req -text -noout -in /tmp/sssd-softhsm2-vGKIeX/test-sub-intermediate-CA-trusted-certificate-0001-request.pem 220s Certificate Request: 220s Data: 220s Version: 1 (0x0) 220s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 220s Subject Public Key Info: 220s Public Key Algorithm: rsaEncryption 220s Public-Key: (1024 bit) 220s Modulus: 220s 00:e8:3a:11:f8:a7:30:b4:35:09:76:93:23:91:88: 220s 9b:35:9f:16:a0:32:e0:74:b6:1a:17:0a:03:2d:4c: 220s 60:1b:20:0e:b0:22:df:7b:01:db:02:91:11:68:7c: 220s ce:35:58:c3:b8:c7:61:87:f2:2d:48:e1:5e:ec:a5: 220s 66:72:78:22:f2:84:ef:80:49:7a:95:8b:e9:44:ec: 220s 72:5c:4f:e4:db:c2:f8:c4:0d:18:88:ff:fb:d8:20: 220s 73:41:d8:e7:f4:99:0b:3b:4f:f5:36:2f:50:59:0b: 220s 07:d0:e8:cd:d6:e9:2f:8f:6b:85:5d:d2:6f:39:14: 220s ce:1f:08:5a:67:c6:71:73:bb 220s Exponent: 65537 (0x10001) 220s Attributes: 220s Requested Extensions: 220s X509v3 Basic Constraints: 220s CA:FALSE 220s Netscape Cert Type: 220s SSL Client, S/MIME 220s Netscape Comment: 220s Test Organization Sub Intermediate CA trusted Certificate 220s X509v3 Subject Key Identifier: 220s 7A:A6:DC:30:F9:06:79:24:AF:BF:1F:08:2E:CA:59:3B:4D:D9:7D:27 220s X509v3 Key Usage: critical 220s Digital Signature, Non Repudiation, Key Encipherment 220s X509v3 Extended Key Usage: 220s TLS Web Client Authentication, E-mail Protection 220s X509v3 Subject Alternative Name: 220s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 220s Signature Algorithm: sha256WithRSAEncryption 220s Signature Value: 220s e5:be:13:f9:c0:92:1f:d5:58:a1:b4:dd:6c:5a:60:39:07:62: 220s ff:75:bb:38:76:cf:8b:94:fa:20:98:bc:3e:f0:82:07:cc:c6: 220s 1d:bc:a0:ed:01:51:cc:6a:08:4a:2a:3f:1f:71:64:17:87:04: 220s e4:8b:7e:38:26:f7:e7:55:e1:96:ee:fc:75:b4:5f:5e:4c:bb: 220s 7d:aa:03:be:74:05:34:19:98:67:52:2f:6b:76:aa:d2:63:3a: 220s 31:5d:5a:63:d7:96:23:02:da:c9:5d:36:e2:c5:3e:24:1e:91: 220s a8:c5:26:82:74:29:05:e2:fa:02:2e:94:54:1a:39:91:6d:8b: 220s 2e:80 220s + openssl ca -passin pass:random-sub-intermediate-CA-password-5690 -config /tmp/sssd-softhsm2-vGKIeX/test-sub-intermediate-CA.config -batch -notext -keyfile /tmp/sssd-softhsm2-vGKIeX/test-sub-intermediate-CA-key.pem -in /tmp/sssd-softhsm2-vGKIeX/test-sub-intermediate-CA-trusted-certificate-0001-request.pem -days 365 -extensions usr_cert -out /tmp/sssd-softhsm2-vGKIeX/test-sub-intermediate-CA-trusted-certificate-0001.pem 220s Using configuration from /tmp/sssd-softhsm2-vGKIeX/test-sub-intermediate-CA.config 220s Check that the request matches the signature 220s Signature ok 220s Certificate Details: 220s Serial Number: 5 (0x5) 220s Validity 220s Not Before: Nov 16 08:20:19 2024 GMT 220s Not After : Nov 16 08:20:19 2025 GMT 220s Subject: 220s organizationName = Test Organization 220s organizationalUnitName = Test Organization Unit 220s commonName = Test Organization Sub Intermediate Trusted Certificate 0001 220s X509v3 extensions: 220s X509v3 Authority Key Identifier: 220s CE:E4:D7:C9:62:F1:65:AA:C8:13:A2:88:4D:DA:19:76:0B:96:7C:FE 220s X509v3 Basic Constraints: 220s CA:FALSE 220s Netscape Cert Type: 220s SSL Client, S/MIME 220s Netscape Comment: 220s Test Organization Sub Intermediate CA trusted Certificate 220s X509v3 Subject Key Identifier: 220s 7A:A6:DC:30:F9:06:79:24:AF:BF:1F:08:2E:CA:59:3B:4D:D9:7D:27 220s X509v3 Key Usage: critical 220s Digital Signature, Non Repudiation, Key Encipherment 220s X509v3 Extended Key Usage: 220s TLS Web Client Authentication, E-mail Protection 220s X509v3 Subject Alternative Name: 220s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 220s Certificate is to be certified until Nov 16 08:20:19 2025 GMT (365 days) 220s 220s Write out database with 1 new entries 220s Database updated 220s + openssl x509 -noout -in /tmp/sssd-softhsm2-vGKIeX/test-sub-intermediate-CA-trusted-certificate-0001.pem 220s This certificate should not be trusted fully 220s + echo 'This certificate should not be trusted fully' 220s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-vGKIeX/test-sub-intermediate-CA.pem /tmp/sssd-softhsm2-vGKIeX/test-sub-intermediate-CA-trusted-certificate-0001.pem 220s + local cmd=openssl 220s + shift 220s + openssl verify -CAfile /tmp/sssd-softhsm2-vGKIeX/test-sub-intermediate-CA.pem /tmp/sssd-softhsm2-vGKIeX/test-sub-intermediate-CA-trusted-certificate-0001.pem 220s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 220s error 2 at 1 depth lookup: unable to get issuer certificate 220s error /tmp/sssd-softhsm2-vGKIeX/test-sub-intermediate-CA-trusted-certificate-0001.pem: verification failed 220s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-vGKIeX/test-intermediate-CA.pem /tmp/sssd-softhsm2-vGKIeX/test-sub-intermediate-CA-trusted-certificate-0001.pem 220s + local cmd=openssl 220s + shift 220s + openssl verify -CAfile /tmp/sssd-softhsm2-vGKIeX/test-intermediate-CA.pem /tmp/sssd-softhsm2-vGKIeX/test-sub-intermediate-CA-trusted-certificate-0001.pem 220s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 220s error 20 at 0 depth lookup: unable to get local issuer certificate 220s error /tmp/sssd-softhsm2-vGKIeX/test-sub-intermediate-CA-trusted-certificate-0001.pem: verification failed 220s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-vGKIeX/test-sub-intermediate-CA.pem /tmp/sssd-softhsm2-vGKIeX/test-sub-intermediate-CA-trusted-certificate-0001.pem 220s /tmp/sssd-softhsm2-vGKIeX/test-sub-intermediate-CA-trusted-certificate-0001.pem: OK 220s + expect_fail openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-vGKIeX/test-intermediate-CA.pem /tmp/sssd-softhsm2-vGKIeX/test-sub-intermediate-CA-trusted-certificate-0001.pem 220s + local cmd=openssl 220s + shift 220s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-vGKIeX/test-intermediate-CA.pem /tmp/sssd-softhsm2-vGKIeX/test-sub-intermediate-CA-trusted-certificate-0001.pem 220s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 220s error 20 at 0 depth lookup: unable to get local issuer certificate 220s error /tmp/sssd-softhsm2-vGKIeX/test-sub-intermediate-CA-trusted-certificate-0001.pem: verification failed 220s Building a the full-chain CA file... 220s + echo 'Building a the full-chain CA file...' 220s + cat /tmp/sssd-softhsm2-vGKIeX/test-root-CA.pem /tmp/sssd-softhsm2-vGKIeX/test-intermediate-CA.pem /tmp/sssd-softhsm2-vGKIeX/test-sub-intermediate-CA.pem 220s + cat /tmp/sssd-softhsm2-vGKIeX/test-root-CA.pem /tmp/sssd-softhsm2-vGKIeX/test-intermediate-CA.pem 220s + cat /tmp/sssd-softhsm2-vGKIeX/test-intermediate-CA.pem /tmp/sssd-softhsm2-vGKIeX/test-sub-intermediate-CA.pem 220s + openssl crl2pkcs7 -nocrl -certfile /tmp/sssd-softhsm2-vGKIeX/test-full-chain-CA.pem 220s + openssl pkcs7 -print_certs -noout 220s subject=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 220s issuer=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 220s 220s subject=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 220s issuer=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 220s 220s subject=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 220s issuer=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 220s 220s + openssl verify -CAfile /tmp/sssd-softhsm2-vGKIeX/test-full-chain-CA.pem /tmp/sssd-softhsm2-vGKIeX/test-intermediate-CA.pem 220s /tmp/sssd-softhsm2-vGKIeX/test-intermediate-CA.pem: OK 220s + openssl verify -CAfile /tmp/sssd-softhsm2-vGKIeX/test-full-chain-CA.pem /tmp/sssd-softhsm2-vGKIeX/test-root-CA-trusted-certificate-0001.pem 220s /tmp/sssd-softhsm2-vGKIeX/test-root-CA-trusted-certificate-0001.pem: OK 220s + openssl verify -CAfile /tmp/sssd-softhsm2-vGKIeX/test-full-chain-CA.pem /tmp/sssd-softhsm2-vGKIeX/test-intermediate-CA-trusted-certificate-0001.pem 220s /tmp/sssd-softhsm2-vGKIeX/test-intermediate-CA-trusted-certificate-0001.pem: OK 220s + openssl verify -CAfile /tmp/sssd-softhsm2-vGKIeX/test-full-chain-CA.pem /tmp/sssd-softhsm2-vGKIeX/test-root-intermediate-chain-CA.pem 220s /tmp/sssd-softhsm2-vGKIeX/test-root-intermediate-chain-CA.pem: OK 220s + openssl verify -CAfile /tmp/sssd-softhsm2-vGKIeX/test-full-chain-CA.pem /tmp/sssd-softhsm2-vGKIeX/test-sub-intermediate-CA-trusted-certificate-0001.pem 220s /tmp/sssd-softhsm2-vGKIeX/test-sub-intermediate-CA-trusted-certificate-0001.pem: OK 220s + echo 'Certificates generation completed!' 220s Certificates generation completed! 220s + [[ -v NO_SSSD_TESTS ]] 220s + invalid_certificate /tmp/sssd-softhsm2-vGKIeX/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-13526 /dev/null 220s + check_certificate /tmp/sssd-softhsm2-vGKIeX/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-13526 /dev/null 220s + local certificate=/tmp/sssd-softhsm2-vGKIeX/test-root-CA-trusted-certificate-0001.pem 220s + local key_pass=pass:random-root-ca-trusted-cert-0001-13526 220s + local key_ring=/dev/null 220s + local verify_option= 220s + prepare_softhsm2_card /tmp/sssd-softhsm2-vGKIeX/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-13526 220s + local certificate=/tmp/sssd-softhsm2-vGKIeX/test-root-CA-trusted-certificate-0001.pem 220s + local key_pass=pass:random-root-ca-trusted-cert-0001-13526 220s + local key_cn 220s + local key_name 220s + local tokens_dir 220s + local output_cert_file 220s + token_name= 220s ++ basename /tmp/sssd-softhsm2-vGKIeX/test-root-CA-trusted-certificate-0001.pem .pem 220s + key_name=test-root-CA-trusted-certificate-0001 220s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-vGKIeX/test-root-CA-trusted-certificate-0001.pem 220s ++ sed -n 's/ *commonName *= //p' 220s + key_cn='Test Organization Root Trusted Certificate 0001' 220s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 220s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-vGKIeX/softhsm2-test-root-CA-trusted-certificate-0001.conf 220s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-vGKIeX/softhsm2-test-root-CA-trusted-certificate-0001.conf 220s ++ basename /tmp/sssd-softhsm2-vGKIeX/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 220s + tokens_dir=/tmp/sssd-softhsm2-vGKIeX/softhsm2-test-root-CA-trusted-certificate-0001 220s + token_name='Test Organization Root Tr Token' 220s + '[' '!' -e /tmp/sssd-softhsm2-vGKIeX/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 220s + local key_file 220s + local decrypted_key 220s + mkdir -p /tmp/sssd-softhsm2-vGKIeX/softhsm2-test-root-CA-trusted-certificate-0001 220s + key_file=/tmp/sssd-softhsm2-vGKIeX/test-root-CA-trusted-certificate-0001-key.pem 220s + decrypted_key=/tmp/sssd-softhsm2-vGKIeX/test-root-CA-trusted-certificate-0001-key-decrypted.pem 220s + cat 220s + softhsm2-util --init-token --label 'Test Organization Root Tr Token' --pin 053350 --so-pin 053350 --free 220s Slot 0 has a free/uninitialized token. 220s The token has been initialized and is reassigned to slot 806921902 220s Available slots: 220s Slot 806921902 220s Slot info: 220s Description: SoftHSM slot ID 0x3018a6ae 220s Manufacturer ID: SoftHSM project 220s Hardware version: 2.6 220s Firmware version: 2.6 220s Token present: yes 220s Token info: 220s Manufacturer ID: SoftHSM project 220s Model: SoftHSM v2 220s Hardware version: 2.6 220s Firmware version: 2.6 220s Serial number: d43292683018a6ae 220s Initialized: yes 220s User PIN init.: yes 220s Label: Test Organization Root Tr Token 220s Slot 1 220s Slot info: 220s Description: SoftHSM slot ID 0x1 220s Manufacturer ID: SoftHSM project 220s Hardware version: 2.6 220s Firmware version: 2.6 220s Token present: yes 220s Token info: 220s Manufacturer ID: SoftHSM project 220s Model: SoftHSM v2 220s Hardware version: 2.6 220s Firmware version: 2.6 220s Serial number: 220s Initialized: no 220s User PIN init.: no 220s Label: 220s + softhsm2-util --show-slots 220s + p11tool --provider=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=/tmp/sssd-softhsm2-vGKIeX/test-root-CA-trusted-certificate-0001.pem --login --set-pin=053350 --label 'Test Organization Root Trusted Certificate 0001' --id 00112233445566778899FFAABBCCDDEEFF012345 220s + openssl rsa -passin pass:random-root-ca-trusted-cert-0001-13526 -in /tmp/sssd-softhsm2-vGKIeX/test-root-CA-trusted-certificate-0001-key.pem -out /tmp/sssd-softhsm2-vGKIeX/test-root-CA-trusted-certificate-0001-key-decrypted.pem 220s writing RSA key 220s + p11tool --provider=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so --write --load-privkey=/tmp/sssd-softhsm2-vGKIeX/test-root-CA-trusted-certificate-0001-key-decrypted.pem --login --set-pin=053350 --label 'Test Organization Root Trusted Certificate 0001 Key' --id 00112233445566778899FFAABBCCDDEEFF012345 220s + rm /tmp/sssd-softhsm2-vGKIeX/test-root-CA-trusted-certificate-0001-key-decrypted.pem 220s + p11tool --provider=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so --list-all 220s Object 0: 220s URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=d43292683018a6ae;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert 220s Type: X.509 Certificate (RSA-1024) 220s Expires: Sun Nov 16 08:20:19 2025 220s Label: Test Organization Root Trusted Certificate 0001 220s ID: 00:11:22:33:44:55:66:77:88:99:ff:aa:bb:cc:dd:ee:ff:01:23:45 220s 220s Test Organization Root Tr Token 220s + echo 'Test Organization Root Tr Token' 220s + '[' -n '' ']' 220s + local output_base_name=SSSD-child-30985 220s + local output_file=/tmp/sssd-softhsm2-vGKIeX/SSSD-child-30985.output 220s + output_cert_file=/tmp/sssd-softhsm2-vGKIeX/SSSD-child-30985.pem 220s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/dev/null 220s [p11_child[2203]] [main] (0x0400): p11_child started. 220s [p11_child[2203]] [main] (0x2000): Running in [pre-auth] mode. 220s [p11_child[2203]] [main] (0x2000): Running with effective IDs: [0][0]. 220s [p11_child[2203]] [main] (0x2000): Running with real IDs [0][0]. 220s [p11_child[2203]] [init_verification] (0x0040): X509_LOOKUP_load_file [/dev/null] failed [92274824][error:05800088:x509 certificate routines::no certificate or crl found]. 220s [p11_child[2203]] [do_work] (0x0040): init_verification failed. 220s [p11_child[2203]] [main] (0x0020): p11_child failed (5) 220s + return 2 220s + valid_certificate /tmp/sssd-softhsm2-vGKIeX/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-13526 /dev/null no_verification 220s + check_certificate /tmp/sssd-softhsm2-vGKIeX/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-13526 /dev/null no_verification 220s + local certificate=/tmp/sssd-softhsm2-vGKIeX/test-root-CA-trusted-certificate-0001.pem 220s + local key_pass=pass:random-root-ca-trusted-cert-0001-13526 220s + local key_ring=/dev/null 220s + local verify_option=no_verification 220s + prepare_softhsm2_card /tmp/sssd-softhsm2-vGKIeX/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-13526 220s + local certificate=/tmp/sssd-softhsm2-vGKIeX/test-root-CA-trusted-certificate-0001.pem 220s + local key_pass=pass:random-root-ca-trusted-cert-0001-13526 220s + local key_cn 220s + local key_name 220s + local tokens_dir 220s + local output_cert_file 220s + token_name= 220s ++ basename /tmp/sssd-softhsm2-vGKIeX/test-root-CA-trusted-certificate-0001.pem .pem 220s + key_name=test-root-CA-trusted-certificate-0001 220s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-vGKIeX/test-root-CA-trusted-certificate-0001.pem 220s ++ sed -n 's/ *commonName *= //p' 220s + key_cn='Test Organization Root Trusted Certificate 0001' 220s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 220s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-vGKIeX/softhsm2-test-root-CA-trusted-certificate-0001.conf 220s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-vGKIeX/softhsm2-test-root-CA-trusted-certificate-0001.conf 220s ++ basename /tmp/sssd-softhsm2-vGKIeX/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 220s + tokens_dir=/tmp/sssd-softhsm2-vGKIeX/softhsm2-test-root-CA-trusted-certificate-0001 220s + token_name='Test Organization Root Tr Token' 220s + '[' '!' -e /tmp/sssd-softhsm2-vGKIeX/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 220s + '[' '!' -d /tmp/sssd-softhsm2-vGKIeX/softhsm2-test-root-CA-trusted-certificate-0001 ']' 220s + echo 'Test Organization Root Tr Token' 220s + '[' -n no_verification ']' 220s + local verify_arg=--verify=no_verification 220s + local output_base_name=SSSD-child-7679 220s + local output_file=/tmp/sssd-softhsm2-vGKIeX/SSSD-child-7679.output 220s + output_cert_file=/tmp/sssd-softhsm2-vGKIeX/SSSD-child-7679.pem 220s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so --verify=no_verification --ca_db=/dev/null 220s Test Organization Root Tr Token 220s [p11_child[2209]] [main] (0x0400): p11_child started. 220s [p11_child[2209]] [main] (0x2000): Running in [pre-auth] mode. 220s [p11_child[2209]] [main] (0x2000): Running with effective IDs: [0][0]. 220s [p11_child[2209]] [main] (0x2000): Running with real IDs [0][0]. 220s [p11_child[2209]] [parse_cert_verify_opts] (0x0020): Found 'no_verification' option, disabling verification completely. This should not be used in production. 220s [p11_child[2209]] [do_card] (0x4000): Module List: 220s [p11_child[2209]] [do_card] (0x4000): common name: [softhsm2]. 220s [p11_child[2209]] [do_card] (0x4000): dll name: [/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 220s [p11_child[2209]] [do_card] (0x4000): Description [SoftHSM slot ID 0x3018a6ae] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 220s [p11_child[2209]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 220s [p11_child[2209]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x3018a6ae][806921902] of module [0][/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 220s [p11_child[2209]] [do_card] (0x4000): Login NOT required. 220s [p11_child[2209]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 220s [p11_child[2209]] [do_card] (0x4000): /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Root Tr Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 220s [p11_child[2209]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x3018a6ae;slot-manufacturer=SoftHSM%20project;slot-id=806921902;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=d43292683018a6ae;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 220s [p11_child[2209]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 220s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-vGKIeX/SSSD-child-7679.output 220s + echo '-----BEGIN CERTIFICATE-----' 220s + tail -n1 /tmp/sssd-softhsm2-vGKIeX/SSSD-child-7679.output 220s + echo '-----END CERTIFICATE-----' 220s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-vGKIeX/SSSD-child-7679.pem 220s Certificate: 220s Data: 220s Version: 3 (0x2) 220s Serial Number: 3 (0x3) 220s Signature Algorithm: sha256WithRSAEncryption 220s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 220s Validity 220s Not Before: Nov 16 08:20:19 2024 GMT 220s Not After : Nov 16 08:20:19 2025 GMT 220s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 220s Subject Public Key Info: 220s Public Key Algorithm: rsaEncryption 220s Public-Key: (1024 bit) 220s Modulus: 220s 00:be:da:b3:7a:21:b8:8c:90:ba:d9:a8:84:40:d6: 220s f9:4b:d0:8a:d0:a6:11:e6:7a:de:3d:1a:73:28:18: 220s f0:dd:4f:17:63:cf:69:e8:92:40:e3:de:2e:9c:a4: 220s bc:5d:9b:f8:a6:db:a2:f7:16:f3:72:bc:59:e1:3f: 220s 0b:48:f1:7b:4a:94:0f:a6:eb:6c:d9:a5:0f:f5:50: 220s bf:51:13:01:aa:6b:f7:33:a6:91:41:1c:a9:57:d3: 220s ea:f2:35:57:cc:b9:48:02:ba:69:0b:fc:18:b2:20: 220s 9f:0f:b5:7c:83:b9:c3:fc:7a:93:09:c7:61:22:db: 220s 7d:42:d7:7c:a8:a8:bf:93:41 220s Exponent: 65537 (0x10001) 220s X509v3 extensions: 220s X509v3 Authority Key Identifier: 220s 41:F8:BE:A0:4A:BE:BE:C1:12:21:04:F8:FE:63:A9:02:CC:CB:A0:AC 220s X509v3 Basic Constraints: 220s CA:FALSE 220s Netscape Cert Type: 220s SSL Client, S/MIME 220s Netscape Comment: 220s Test Organization Root CA trusted Certificate 220s X509v3 Subject Key Identifier: 220s 6E:1D:42:48:63:30:85:93:0F:22:DE:3D:15:92:4D:95:E8:9C:BB:22 220s X509v3 Key Usage: critical 220s Digital Signature, Non Repudiation, Key Encipherment 220s X509v3 Extended Key Usage: 220s TLS Web Client Authentication, E-mail Protection 220s X509v3 Subject Alternative Name: 220s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 220s Signature Algorithm: sha256WithRSAEncryption 220s Signature Value: 220s 13:7d:92:05:7b:0d:a8:8b:cd:34:48:bc:7a:4d:55:d0:12:02: 220s f9:74:1b:ba:b9:87:a7:21:b0:3f:29:da:e1:59:56:63:dd:ed: 220s 70:c0:74:d2:97:66:9c:42:e0:b0:62:f2:3b:81:ac:39:6a:87: 220s ff:10:03:ef:99:ce:e2:f7:f4:9c:27:fb:58:15:40:7a:a1:91: 220s cf:06:81:da:bf:40:5c:f0:9f:2c:18:6b:d7:77:39:c8:ac:7d: 220s 29:fb:2c:b6:b9:e1:21:de:3a:fc:c1:af:c3:e9:82:3f:36:5f: 220s 6a:e2:fb:62:03:1d:dc:be:83:ca:7f:b1:48:df:6e:89:e4:25: 220s af:31 220s + local found_md5 expected_md5 220s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-vGKIeX/test-root-CA-trusted-certificate-0001.pem 220s + expected_md5=Modulus=BEDAB37A21B88C90BAD9A88440D6F94BD08AD0A611E67ADE3D1A732818F0DD4F1763CF69E89240E3DE2E9CA4BC5D9BF8A6DBA2F716F372BC59E13F0B48F17B4A940FA6EB6CD9A50FF550BF511301AA6BF733A691411CA957D3EAF23557CCB94802BA690BFC18B2209F0FB57C83B9C3FC7A9309C76122DB7D42D77CA8A8BF9341 220s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-vGKIeX/SSSD-child-7679.pem 220s + found_md5=Modulus=BEDAB37A21B88C90BAD9A88440D6F94BD08AD0A611E67ADE3D1A732818F0DD4F1763CF69E89240E3DE2E9CA4BC5D9BF8A6DBA2F716F372BC59E13F0B48F17B4A940FA6EB6CD9A50FF550BF511301AA6BF733A691411CA957D3EAF23557CCB94802BA690BFC18B2209F0FB57C83B9C3FC7A9309C76122DB7D42D77CA8A8BF9341 220s + '[' Modulus=BEDAB37A21B88C90BAD9A88440D6F94BD08AD0A611E67ADE3D1A732818F0DD4F1763CF69E89240E3DE2E9CA4BC5D9BF8A6DBA2F716F372BC59E13F0B48F17B4A940FA6EB6CD9A50FF550BF511301AA6BF733A691411CA957D3EAF23557CCB94802BA690BFC18B2209F0FB57C83B9C3FC7A9309C76122DB7D42D77CA8A8BF9341 '!=' Modulus=BEDAB37A21B88C90BAD9A88440D6F94BD08AD0A611E67ADE3D1A732818F0DD4F1763CF69E89240E3DE2E9CA4BC5D9BF8A6DBA2F716F372BC59E13F0B48F17B4A940FA6EB6CD9A50FF550BF511301AA6BF733A691411CA957D3EAF23557CCB94802BA690BFC18B2209F0FB57C83B9C3FC7A9309C76122DB7D42D77CA8A8BF9341 ']' 220s + output_file=/tmp/sssd-softhsm2-vGKIeX/SSSD-child-7679-auth.output 220s ++ basename /tmp/sssd-softhsm2-vGKIeX/SSSD-child-7679-auth.output .output 220s + output_cert_file=/tmp/sssd-softhsm2-vGKIeX/SSSD-child-7679-auth.pem 220s + echo -n 053350 220s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/dev/null --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=no_verification --token_name 'Test Organization Root Tr Token' --module_name /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so 220s [p11_child[2217]] [main] (0x0400): p11_child started. 220s [p11_child[2217]] [main] (0x2000): Running in [auth] mode. 220s [p11_child[2217]] [main] (0x2000): Running with effective IDs: [0][0]. 220s [p11_child[2217]] [main] (0x2000): Running with real IDs [0][0]. 220s [p11_child[2217]] [parse_cert_verify_opts] (0x0020): Found 'no_verification' option, disabling verification completely. This should not be used in production. 220s [p11_child[2217]] [do_card] (0x4000): Module List: 220s [p11_child[2217]] [do_card] (0x4000): common name: [softhsm2]. 220s [p11_child[2217]] [do_card] (0x4000): dll name: [/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 220s [p11_child[2217]] [do_card] (0x4000): Description [SoftHSM slot ID 0x3018a6ae] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 220s [p11_child[2217]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 220s [p11_child[2217]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x3018a6ae][806921902] of module [0][/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 220s [p11_child[2217]] [do_card] (0x4000): Login required. 220s [p11_child[2217]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 220s [p11_child[2217]] [do_card] (0x4000): /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so Test Organization Root Tr Token Test Organization Root Tr Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 220s [p11_child[2217]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x3018a6ae;slot-manufacturer=SoftHSM%20project;slot-id=806921902;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=d43292683018a6ae;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 220s [p11_child[2217]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 220s [p11_child[2217]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 220s [p11_child[2217]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 220s [p11_child[2217]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 220s [p11_child[2217]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 220s [p11_child[2217]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 220s [p11_child[2217]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 220s [p11_child[2217]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 220s [p11_child[2217]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 220s [p11_child[2217]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 220s [p11_child[2217]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 220s [p11_child[2217]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 220s [p11_child[2217]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 220s [p11_child[2217]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 220s [p11_child[2217]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 220s [p11_child[2217]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 220s [p11_child[2217]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 220s [p11_child[2217]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 220s [p11_child[2217]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 220s [p11_child[2217]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 220s [p11_child[2217]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 220s [p11_child[2217]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 220s [p11_child[2217]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 220s [p11_child[2217]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 220s [p11_child[2217]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 220s [p11_child[2217]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 220s [p11_child[2217]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 220s [p11_child[2217]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 220s [p11_child[2217]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 220s [p11_child[2217]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 220s [p11_child[2217]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 220s [p11_child[2217]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 220s [p11_child[2217]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 220s [p11_child[2217]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 220s [p11_child[2217]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 220s [p11_child[2217]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 220s [p11_child[2217]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 220s [p11_child[2217]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 220s [p11_child[2217]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 220s [p11_child[2217]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 220s [p11_child[2217]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 220s [p11_child[2217]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 220s [p11_child[2217]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 220s [p11_child[2217]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 220s [p11_child[2217]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 220s [p11_child[2217]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 220s [p11_child[2217]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 220s [p11_child[2217]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 220s [p11_child[2217]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 220s [p11_child[2217]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 220s [p11_child[2217]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 220s [p11_child[2217]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 220s [p11_child[2217]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 220s [p11_child[2217]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 220s [p11_child[2217]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 220s [p11_child[2217]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 220s [p11_child[2217]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 220s [p11_child[2217]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 220s [p11_child[2217]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 220s [p11_child[2217]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 220s [p11_child[2217]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 220s [p11_child[2217]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 220s [p11_child[2217]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 220s [p11_child[2217]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 220s [p11_child[2217]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 220s [p11_child[2217]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 220s [p11_child[2217]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 220s [p11_child[2217]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 220s [p11_child[2217]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 220s [p11_child[2217]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 220s [p11_child[2217]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 220s [p11_child[2217]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 220s [p11_child[2217]] [do_card] (0x4000): Certificate verified and validated. 220s [p11_child[2217]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 220s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-vGKIeX/SSSD-child-7679-auth.output 220s + echo '-----BEGIN CERTIFICATE-----' 220s + tail -n1 /tmp/sssd-softhsm2-vGKIeX/SSSD-child-7679-auth.output 220s + echo '-----END CERTIFICATE-----' 220s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-vGKIeX/SSSD-child-7679-auth.pem 220s Certificate: 220s Data: 220s Version: 3 (0x2) 220s Serial Number: 3 (0x3) 220s Signature Algorithm: sha256WithRSAEncryption 220s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 220s Validity 220s Not Before: Nov 16 08:20:19 2024 GMT 220s Not After : Nov 16 08:20:19 2025 GMT 220s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 220s Subject Public Key Info: 220s Public Key Algorithm: rsaEncryption 220s Public-Key: (1024 bit) 220s Modulus: 220s 00:be:da:b3:7a:21:b8:8c:90:ba:d9:a8:84:40:d6: 220s f9:4b:d0:8a:d0:a6:11:e6:7a:de:3d:1a:73:28:18: 220s f0:dd:4f:17:63:cf:69:e8:92:40:e3:de:2e:9c:a4: 220s bc:5d:9b:f8:a6:db:a2:f7:16:f3:72:bc:59:e1:3f: 220s 0b:48:f1:7b:4a:94:0f:a6:eb:6c:d9:a5:0f:f5:50: 220s bf:51:13:01:aa:6b:f7:33:a6:91:41:1c:a9:57:d3: 220s ea:f2:35:57:cc:b9:48:02:ba:69:0b:fc:18:b2:20: 220s 9f:0f:b5:7c:83:b9:c3:fc:7a:93:09:c7:61:22:db: 220s 7d:42:d7:7c:a8:a8:bf:93:41 220s Exponent: 65537 (0x10001) 220s X509v3 extensions: 220s X509v3 Authority Key Identifier: 220s 41:F8:BE:A0:4A:BE:BE:C1:12:21:04:F8:FE:63:A9:02:CC:CB:A0:AC 220s X509v3 Basic Constraints: 220s CA:FALSE 220s Netscape Cert Type: 220s SSL Client, S/MIME 220s Netscape Comment: 220s Test Organization Root CA trusted Certificate 220s X509v3 Subject Key Identifier: 220s 6E:1D:42:48:63:30:85:93:0F:22:DE:3D:15:92:4D:95:E8:9C:BB:22 220s X509v3 Key Usage: critical 220s Digital Signature, Non Repudiation, Key Encipherment 220s X509v3 Extended Key Usage: 220s TLS Web Client Authentication, E-mail Protection 220s X509v3 Subject Alternative Name: 220s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 220s Signature Algorithm: sha256WithRSAEncryption 220s Signature Value: 220s 13:7d:92:05:7b:0d:a8:8b:cd:34:48:bc:7a:4d:55:d0:12:02: 220s f9:74:1b:ba:b9:87:a7:21:b0:3f:29:da:e1:59:56:63:dd:ed: 220s 70:c0:74:d2:97:66:9c:42:e0:b0:62:f2:3b:81:ac:39:6a:87: 220s ff:10:03:ef:99:ce:e2:f7:f4:9c:27:fb:58:15:40:7a:a1:91: 220s cf:06:81:da:bf:40:5c:f0:9f:2c:18:6b:d7:77:39:c8:ac:7d: 220s 29:fb:2c:b6:b9:e1:21:de:3a:fc:c1:af:c3:e9:82:3f:36:5f: 220s 6a:e2:fb:62:03:1d:dc:be:83:ca:7f:b1:48:df:6e:89:e4:25: 220s af:31 220s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-vGKIeX/SSSD-child-7679-auth.pem 220s + found_md5=Modulus=BEDAB37A21B88C90BAD9A88440D6F94BD08AD0A611E67ADE3D1A732818F0DD4F1763CF69E89240E3DE2E9CA4BC5D9BF8A6DBA2F716F372BC59E13F0B48F17B4A940FA6EB6CD9A50FF550BF511301AA6BF733A691411CA957D3EAF23557CCB94802BA690BFC18B2209F0FB57C83B9C3FC7A9309C76122DB7D42D77CA8A8BF9341 220s + '[' Modulus=BEDAB37A21B88C90BAD9A88440D6F94BD08AD0A611E67ADE3D1A732818F0DD4F1763CF69E89240E3DE2E9CA4BC5D9BF8A6DBA2F716F372BC59E13F0B48F17B4A940FA6EB6CD9A50FF550BF511301AA6BF733A691411CA957D3EAF23557CCB94802BA690BFC18B2209F0FB57C83B9C3FC7A9309C76122DB7D42D77CA8A8BF9341 '!=' Modulus=BEDAB37A21B88C90BAD9A88440D6F94BD08AD0A611E67ADE3D1A732818F0DD4F1763CF69E89240E3DE2E9CA4BC5D9BF8A6DBA2F716F372BC59E13F0B48F17B4A940FA6EB6CD9A50FF550BF511301AA6BF733A691411CA957D3EAF23557CCB94802BA690BFC18B2209F0FB57C83B9C3FC7A9309C76122DB7D42D77CA8A8BF9341 ']' 220s + valid_certificate /tmp/sssd-softhsm2-vGKIeX/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-13526 /tmp/sssd-softhsm2-vGKIeX/test-root-CA.pem 220s + check_certificate /tmp/sssd-softhsm2-vGKIeX/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-13526 /tmp/sssd-softhsm2-vGKIeX/test-root-CA.pem 220s + local certificate=/tmp/sssd-softhsm2-vGKIeX/test-root-CA-trusted-certificate-0001.pem 220s + local key_pass=pass:random-root-ca-trusted-cert-0001-13526 220s + local key_ring=/tmp/sssd-softhsm2-vGKIeX/test-root-CA.pem 220s + local verify_option= 220s + prepare_softhsm2_card /tmp/sssd-softhsm2-vGKIeX/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-13526 220s + local certificate=/tmp/sssd-softhsm2-vGKIeX/test-root-CA-trusted-certificate-0001.pem 220s + local key_pass=pass:random-root-ca-trusted-cert-0001-13526 220s + local key_cn 220s + local key_name 220s + local tokens_dir 220s + local output_cert_file 220s + token_name= 220s ++ basename /tmp/sssd-softhsm2-vGKIeX/test-root-CA-trusted-certificate-0001.pem .pem 220s + key_name=test-root-CA-trusted-certificate-0001 220s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-vGKIeX/test-root-CA-trusted-certificate-0001.pem 220s ++ sed -n 's/ *commonName *= //p' 220s + key_cn='Test Organization Root Trusted Certificate 0001' 220s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 220s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-vGKIeX/softhsm2-test-root-CA-trusted-certificate-0001.conf 220s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-vGKIeX/softhsm2-test-root-CA-trusted-certificate-0001.conf 220s ++ basename /tmp/sssd-softhsm2-vGKIeX/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 220s Test Organization Root Tr Token 220s + tokens_dir=/tmp/sssd-softhsm2-vGKIeX/softhsm2-test-root-CA-trusted-certificate-0001 220s + token_name='Test Organization Root Tr Token' 220s + '[' '!' -e /tmp/sssd-softhsm2-vGKIeX/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 220s + '[' '!' -d /tmp/sssd-softhsm2-vGKIeX/softhsm2-test-root-CA-trusted-certificate-0001 ']' 220s + echo 'Test Organization Root Tr Token' 220s + '[' -n '' ']' 220s + local output_base_name=SSSD-child-6521 220s + local output_file=/tmp/sssd-softhsm2-vGKIeX/SSSD-child-6521.output 220s + output_cert_file=/tmp/sssd-softhsm2-vGKIeX/SSSD-child-6521.pem 220s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-vGKIeX/test-root-CA.pem 220s [p11_child[2227]] [main] (0x0400): p11_child started. 220s [p11_child[2227]] [main] (0x2000): Running in [pre-auth] mode. 220s [p11_child[2227]] [main] (0x2000): Running with effective IDs: [0][0]. 220s [p11_child[2227]] [main] (0x2000): Running with real IDs [0][0]. 220s [p11_child[2227]] [do_card] (0x4000): Module List: 220s [p11_child[2227]] [do_card] (0x4000): common name: [softhsm2]. 220s [p11_child[2227]] [do_card] (0x4000): dll name: [/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 220s [p11_child[2227]] [do_card] (0x4000): Description [SoftHSM slot ID 0x3018a6ae] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 220s [p11_child[2227]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 220s [p11_child[2227]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x3018a6ae][806921902] of module [0][/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 220s [p11_child[2227]] [do_card] (0x4000): Login NOT required. 220s [p11_child[2227]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 220s [p11_child[2227]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 220s [p11_child[2227]] [do_card] (0x4000): /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Root Tr Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 220s [p11_child[2227]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x3018a6ae;slot-manufacturer=SoftHSM%20project;slot-id=806921902;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=d43292683018a6ae;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 220s [p11_child[2227]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 220s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-vGKIeX/SSSD-child-6521.output 220s + echo '-----BEGIN CERTIFICATE-----' 220s + tail -n1 /tmp/sssd-softhsm2-vGKIeX/SSSD-child-6521.output 220s + echo '-----END CERTIFICATE-----' 220s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-vGKIeX/SSSD-child-6521.pem 220s Certificate: 220s Data: 220s Version: 3 (0x2) 220s Serial Number: 3 (0x3) 220s Signature Algorithm: sha256WithRSAEncryption 220s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 220s Validity 220s Not Before: Nov 16 08:20:19 2024 GMT 220s Not After : Nov 16 08:20:19 2025 GMT 220s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 220s Subject Public Key Info: 220s Public Key Algorithm: rsaEncryption 220s Public-Key: (1024 bit) 220s Modulus: 220s 00:be:da:b3:7a:21:b8:8c:90:ba:d9:a8:84:40:d6: 220s f9:4b:d0:8a:d0:a6:11:e6:7a:de:3d:1a:73:28:18: 220s f0:dd:4f:17:63:cf:69:e8:92:40:e3:de:2e:9c:a4: 220s bc:5d:9b:f8:a6:db:a2:f7:16:f3:72:bc:59:e1:3f: 220s 0b:48:f1:7b:4a:94:0f:a6:eb:6c:d9:a5:0f:f5:50: 220s bf:51:13:01:aa:6b:f7:33:a6:91:41:1c:a9:57:d3: 220s ea:f2:35:57:cc:b9:48:02:ba:69:0b:fc:18:b2:20: 220s 9f:0f:b5:7c:83:b9:c3:fc:7a:93:09:c7:61:22:db: 220s 7d:42:d7:7c:a8:a8:bf:93:41 220s Exponent: 65537 (0x10001) 220s X509v3 extensions: 220s X509v3 Authority Key Identifier: 220s 41:F8:BE:A0:4A:BE:BE:C1:12:21:04:F8:FE:63:A9:02:CC:CB:A0:AC 220s X509v3 Basic Constraints: 220s CA:FALSE 220s Netscape Cert Type: 220s SSL Client, S/MIME 220s Netscape Comment: 220s Test Organization Root CA trusted Certificate 220s X509v3 Subject Key Identifier: 220s 6E:1D:42:48:63:30:85:93:0F:22:DE:3D:15:92:4D:95:E8:9C:BB:22 220s X509v3 Key Usage: critical 220s Digital Signature, Non Repudiation, Key Encipherment 220s X509v3 Extended Key Usage: 220s TLS Web Client Authentication, E-mail Protection 220s X509v3 Subject Alternative Name: 220s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 220s Signature Algorithm: sha256WithRSAEncryption 220s Signature Value: 220s 13:7d:92:05:7b:0d:a8:8b:cd:34:48:bc:7a:4d:55:d0:12:02: 220s f9:74:1b:ba:b9:87:a7:21:b0:3f:29:da:e1:59:56:63:dd:ed: 220s 70:c0:74:d2:97:66:9c:42:e0:b0:62:f2:3b:81:ac:39:6a:87: 220s ff:10:03:ef:99:ce:e2:f7:f4:9c:27:fb:58:15:40:7a:a1:91: 220s cf:06:81:da:bf:40:5c:f0:9f:2c:18:6b:d7:77:39:c8:ac:7d: 220s 29:fb:2c:b6:b9:e1:21:de:3a:fc:c1:af:c3:e9:82:3f:36:5f: 220s 6a:e2:fb:62:03:1d:dc:be:83:ca:7f:b1:48:df:6e:89:e4:25: 220s af:31 220s + local found_md5 expected_md5 220s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-vGKIeX/test-root-CA-trusted-certificate-0001.pem 221s + expected_md5=Modulus=BEDAB37A21B88C90BAD9A88440D6F94BD08AD0A611E67ADE3D1A732818F0DD4F1763CF69E89240E3DE2E9CA4BC5D9BF8A6DBA2F716F372BC59E13F0B48F17B4A940FA6EB6CD9A50FF550BF511301AA6BF733A691411CA957D3EAF23557CCB94802BA690BFC18B2209F0FB57C83B9C3FC7A9309C76122DB7D42D77CA8A8BF9341 221s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-vGKIeX/SSSD-child-6521.pem 221s + found_md5=Modulus=BEDAB37A21B88C90BAD9A88440D6F94BD08AD0A611E67ADE3D1A732818F0DD4F1763CF69E89240E3DE2E9CA4BC5D9BF8A6DBA2F716F372BC59E13F0B48F17B4A940FA6EB6CD9A50FF550BF511301AA6BF733A691411CA957D3EAF23557CCB94802BA690BFC18B2209F0FB57C83B9C3FC7A9309C76122DB7D42D77CA8A8BF9341 221s + '[' Modulus=BEDAB37A21B88C90BAD9A88440D6F94BD08AD0A611E67ADE3D1A732818F0DD4F1763CF69E89240E3DE2E9CA4BC5D9BF8A6DBA2F716F372BC59E13F0B48F17B4A940FA6EB6CD9A50FF550BF511301AA6BF733A691411CA957D3EAF23557CCB94802BA690BFC18B2209F0FB57C83B9C3FC7A9309C76122DB7D42D77CA8A8BF9341 '!=' Modulus=BEDAB37A21B88C90BAD9A88440D6F94BD08AD0A611E67ADE3D1A732818F0DD4F1763CF69E89240E3DE2E9CA4BC5D9BF8A6DBA2F716F372BC59E13F0B48F17B4A940FA6EB6CD9A50FF550BF511301AA6BF733A691411CA957D3EAF23557CCB94802BA690BFC18B2209F0FB57C83B9C3FC7A9309C76122DB7D42D77CA8A8BF9341 ']' 221s + output_file=/tmp/sssd-softhsm2-vGKIeX/SSSD-child-6521-auth.output 221s ++ basename /tmp/sssd-softhsm2-vGKIeX/SSSD-child-6521-auth.output .output 221s + output_cert_file=/tmp/sssd-softhsm2-vGKIeX/SSSD-child-6521-auth.pem 221s + echo -n 053350 221s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-vGKIeX/test-root-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 '' --token_name 'Test Organization Root Tr Token' --module_name /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so 221s [p11_child[2235]] [main] (0x0400): p11_child started. 221s [p11_child[2235]] [main] (0x2000): Running in [auth] mode. 221s [p11_child[2235]] [main] (0x2000): Running with effective IDs: [0][0]. 221s [p11_child[2235]] [main] (0x2000): Running with real IDs [0][0]. 221s [p11_child[2235]] [do_card] (0x4000): Module List: 221s [p11_child[2235]] [do_card] (0x4000): common name: [softhsm2]. 221s [p11_child[2235]] [do_card] (0x4000): dll name: [/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 221s [p11_child[2235]] [do_card] (0x4000): Description [SoftHSM slot ID 0x3018a6ae] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 221s [p11_child[2235]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 221s [p11_child[2235]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x3018a6ae][806921902] of module [0][/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 221s [p11_child[2235]] [do_card] (0x4000): Login required. 221s [p11_child[2235]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 221s [p11_child[2235]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 221s [p11_child[2235]] [do_card] (0x4000): /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so Test Organization Root Tr Token Test Organization Root Tr Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 221s [p11_child[2235]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x3018a6ae;slot-manufacturer=SoftHSM%20project;slot-id=806921902;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=d43292683018a6ae;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 221s [p11_child[2235]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 221s [p11_child[2235]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 221s [p11_child[2235]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 221s [p11_child[2235]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 221s [p11_child[2235]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 221s [p11_child[2235]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 221s [p11_child[2235]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 221s [p11_child[2235]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 221s [p11_child[2235]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 221s [p11_child[2235]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 221s [p11_child[2235]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 221s [p11_child[2235]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 221s [p11_child[2235]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 221s [p11_child[2235]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 221s [p11_child[2235]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 221s [p11_child[2235]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 221s [p11_child[2235]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 221s [p11_child[2235]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 221s [p11_child[2235]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 221s [p11_child[2235]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 221s [p11_child[2235]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 221s [p11_child[2235]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 221s [p11_child[2235]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 221s [p11_child[2235]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 221s [p11_child[2235]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 221s [p11_child[2235]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 221s [p11_child[2235]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 221s [p11_child[2235]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 221s [p11_child[2235]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 221s [p11_child[2235]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 221s [p11_child[2235]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 221s [p11_child[2235]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 221s [p11_child[2235]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 221s [p11_child[2235]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 221s [p11_child[2235]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 221s [p11_child[2235]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 221s [p11_child[2235]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 221s [p11_child[2235]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 221s [p11_child[2235]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 221s [p11_child[2235]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 221s [p11_child[2235]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 221s [p11_child[2235]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 221s [p11_child[2235]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 221s [p11_child[2235]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 221s [p11_child[2235]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 221s [p11_child[2235]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 221s [p11_child[2235]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 221s [p11_child[2235]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 221s [p11_child[2235]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 221s [p11_child[2235]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 221s [p11_child[2235]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 221s [p11_child[2235]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 221s [p11_child[2235]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 221s [p11_child[2235]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 221s [p11_child[2235]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 221s [p11_child[2235]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 221s [p11_child[2235]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 221s [p11_child[2235]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 221s [p11_child[2235]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 221s [p11_child[2235]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 221s [p11_child[2235]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 221s [p11_child[2235]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 221s [p11_child[2235]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 221s [p11_child[2235]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 221s [p11_child[2235]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 221s [p11_child[2235]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 221s [p11_child[2235]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 221s [p11_child[2235]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 221s [p11_child[2235]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 221s [p11_child[2235]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 221s [p11_child[2235]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 221s [p11_child[2235]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 221s [p11_child[2235]] [do_card] (0x4000): Certificate verified and validated. 221s [p11_child[2235]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 221s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-vGKIeX/SSSD-child-6521-auth.output 221s + echo '-----BEGIN CERTIFICATE-----' 221s + tail -n1 /tmp/sssd-softhsm2-vGKIeX/SSSD-child-6521-auth.output 221s + echo '-----END CERTIFICATE-----' 221s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-vGKIeX/SSSD-child-6521-auth.pem 221s Certificate: 221s Data: 221s Version: 3 (0x2) 221s Serial Number: 3 (0x3) 221s Signature Algorithm: sha256WithRSAEncryption 221s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 221s Validity 221s Not Before: Nov 16 08:20:19 2024 GMT 221s Not After : Nov 16 08:20:19 2025 GMT 221s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 221s Subject Public Key Info: 221s Public Key Algorithm: rsaEncryption 221s Public-Key: (1024 bit) 221s Modulus: 221s 00:be:da:b3:7a:21:b8:8c:90:ba:d9:a8:84:40:d6: 221s f9:4b:d0:8a:d0:a6:11:e6:7a:de:3d:1a:73:28:18: 221s f0:dd:4f:17:63:cf:69:e8:92:40:e3:de:2e:9c:a4: 221s bc:5d:9b:f8:a6:db:a2:f7:16:f3:72:bc:59:e1:3f: 221s 0b:48:f1:7b:4a:94:0f:a6:eb:6c:d9:a5:0f:f5:50: 221s bf:51:13:01:aa:6b:f7:33:a6:91:41:1c:a9:57:d3: 221s ea:f2:35:57:cc:b9:48:02:ba:69:0b:fc:18:b2:20: 221s 9f:0f:b5:7c:83:b9:c3:fc:7a:93:09:c7:61:22:db: 221s 7d:42:d7:7c:a8:a8:bf:93:41 221s Exponent: 65537 (0x10001) 221s X509v3 extensions: 221s X509v3 Authority Key Identifier: 221s 41:F8:BE:A0:4A:BE:BE:C1:12:21:04:F8:FE:63:A9:02:CC:CB:A0:AC 221s X509v3 Basic Constraints: 221s CA:FALSE 221s Netscape Cert Type: 221s SSL Client, S/MIME 221s Netscape Comment: 221s Test Organization Root CA trusted Certificate 221s X509v3 Subject Key Identifier: 221s 6E:1D:42:48:63:30:85:93:0F:22:DE:3D:15:92:4D:95:E8:9C:BB:22 221s X509v3 Key Usage: critical 221s Digital Signature, Non Repudiation, Key Encipherment 221s X509v3 Extended Key Usage: 221s TLS Web Client Authentication, E-mail Protection 221s X509v3 Subject Alternative Name: 221s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 221s Signature Algorithm: sha256WithRSAEncryption 221s Signature Value: 221s 13:7d:92:05:7b:0d:a8:8b:cd:34:48:bc:7a:4d:55:d0:12:02: 221s f9:74:1b:ba:b9:87:a7:21:b0:3f:29:da:e1:59:56:63:dd:ed: 221s 70:c0:74:d2:97:66:9c:42:e0:b0:62:f2:3b:81:ac:39:6a:87: 221s ff:10:03:ef:99:ce:e2:f7:f4:9c:27:fb:58:15:40:7a:a1:91: 221s cf:06:81:da:bf:40:5c:f0:9f:2c:18:6b:d7:77:39:c8:ac:7d: 221s 29:fb:2c:b6:b9:e1:21:de:3a:fc:c1:af:c3:e9:82:3f:36:5f: 221s 6a:e2:fb:62:03:1d:dc:be:83:ca:7f:b1:48:df:6e:89:e4:25: 221s af:31 221s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-vGKIeX/SSSD-child-6521-auth.pem 221s + found_md5=Modulus=BEDAB37A21B88C90BAD9A88440D6F94BD08AD0A611E67ADE3D1A732818F0DD4F1763CF69E89240E3DE2E9CA4BC5D9BF8A6DBA2F716F372BC59E13F0B48F17B4A940FA6EB6CD9A50FF550BF511301AA6BF733A691411CA957D3EAF23557CCB94802BA690BFC18B2209F0FB57C83B9C3FC7A9309C76122DB7D42D77CA8A8BF9341 221s + '[' Modulus=BEDAB37A21B88C90BAD9A88440D6F94BD08AD0A611E67ADE3D1A732818F0DD4F1763CF69E89240E3DE2E9CA4BC5D9BF8A6DBA2F716F372BC59E13F0B48F17B4A940FA6EB6CD9A50FF550BF511301AA6BF733A691411CA957D3EAF23557CCB94802BA690BFC18B2209F0FB57C83B9C3FC7A9309C76122DB7D42D77CA8A8BF9341 '!=' Modulus=BEDAB37A21B88C90BAD9A88440D6F94BD08AD0A611E67ADE3D1A732818F0DD4F1763CF69E89240E3DE2E9CA4BC5D9BF8A6DBA2F716F372BC59E13F0B48F17B4A940FA6EB6CD9A50FF550BF511301AA6BF733A691411CA957D3EAF23557CCB94802BA690BFC18B2209F0FB57C83B9C3FC7A9309C76122DB7D42D77CA8A8BF9341 ']' 221s + valid_certificate /tmp/sssd-softhsm2-vGKIeX/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-13526 /tmp/sssd-softhsm2-vGKIeX/test-root-CA.pem partial_chain 221s + check_certificate /tmp/sssd-softhsm2-vGKIeX/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-13526 /tmp/sssd-softhsm2-vGKIeX/test-root-CA.pem partial_chain 221s + local certificate=/tmp/sssd-softhsm2-vGKIeX/test-root-CA-trusted-certificate-0001.pem 221s + local key_pass=pass:random-root-ca-trusted-cert-0001-13526 221s + local key_ring=/tmp/sssd-softhsm2-vGKIeX/test-root-CA.pem 221s + local verify_option=partial_chain 221s + prepare_softhsm2_card /tmp/sssd-softhsm2-vGKIeX/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-13526 221s + local certificate=/tmp/sssd-softhsm2-vGKIeX/test-root-CA-trusted-certificate-0001.pem 221s + local key_pass=pass:random-root-ca-trusted-cert-0001-13526 221s + local key_cn 221s + local key_name 221s + local tokens_dir 221s + local output_cert_file 221s + token_name= 221s ++ basename /tmp/sssd-softhsm2-vGKIeX/test-root-CA-trusted-certificate-0001.pem .pem 221s + key_name=test-root-CA-trusted-certificate-0001 221s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-vGKIeX/test-root-CA-trusted-certificate-0001.pem 221s ++ sed -n 's/ *commonName *= //p' 221s + key_cn='Test Organization Root Trusted Certificate 0001' 221s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 221s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-vGKIeX/softhsm2-test-root-CA-trusted-certificate-0001.conf 221s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-vGKIeX/softhsm2-test-root-CA-trusted-certificate-0001.conf 221s ++ basename /tmp/sssd-softhsm2-vGKIeX/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 221s Test Organization Root Tr Token 221s + tokens_dir=/tmp/sssd-softhsm2-vGKIeX/softhsm2-test-root-CA-trusted-certificate-0001 221s + token_name='Test Organization Root Tr Token' 221s + '[' '!' -e /tmp/sssd-softhsm2-vGKIeX/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 221s + '[' '!' -d /tmp/sssd-softhsm2-vGKIeX/softhsm2-test-root-CA-trusted-certificate-0001 ']' 221s + echo 'Test Organization Root Tr Token' 221s + '[' -n partial_chain ']' 221s + local verify_arg=--verify=partial_chain 221s + local output_base_name=SSSD-child-30939 221s + local output_file=/tmp/sssd-softhsm2-vGKIeX/SSSD-child-30939.output 221s + output_cert_file=/tmp/sssd-softhsm2-vGKIeX/SSSD-child-30939.pem 221s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-vGKIeX/test-root-CA.pem 221s [p11_child[2245]] [main] (0x0400): p11_child started. 221s [p11_child[2245]] [main] (0x2000): Running in [pre-auth] mode. 221s [p11_child[2245]] [main] (0x2000): Running with effective IDs: [0][0]. 221s [p11_child[2245]] [main] (0x2000): Running with real IDs [0][0]. 221s [p11_child[2245]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 221s [p11_child[2245]] [do_card] (0x4000): Module List: 221s [p11_child[2245]] [do_card] (0x4000): common name: [softhsm2]. 221s [p11_child[2245]] [do_card] (0x4000): dll name: [/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 221s [p11_child[2245]] [do_card] (0x4000): Description [SoftHSM slot ID 0x3018a6ae] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 221s [p11_child[2245]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 221s [p11_child[2245]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x3018a6ae][806921902] of module [0][/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 221s [p11_child[2245]] [do_card] (0x4000): Login NOT required. 221s [p11_child[2245]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 221s [p11_child[2245]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 221s [p11_child[2245]] [do_card] (0x4000): /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Root Tr Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 221s [p11_child[2245]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x3018a6ae;slot-manufacturer=SoftHSM%20project;slot-id=806921902;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=d43292683018a6ae;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 221s [p11_child[2245]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 221s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-vGKIeX/SSSD-child-30939.output 221s + echo '-----BEGIN CERTIFICATE-----' 221s + tail -n1 /tmp/sssd-softhsm2-vGKIeX/SSSD-child-30939.output 221s + echo '-----END CERTIFICATE-----' 221s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-vGKIeX/SSSD-child-30939.pem 221s Certificate: 221s Data: 221s Version: 3 (0x2) 221s Serial Number: 3 (0x3) 221s Signature Algorithm: sha256WithRSAEncryption 221s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 221s Validity 221s Not Before: Nov 16 08:20:19 2024 GMT 221s Not After : Nov 16 08:20:19 2025 GMT 221s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 221s Subject Public Key Info: 221s Public Key Algorithm: rsaEncryption 221s Public-Key: (1024 bit) 221s Modulus: 221s 00:be:da:b3:7a:21:b8:8c:90:ba:d9:a8:84:40:d6: 221s f9:4b:d0:8a:d0:a6:11:e6:7a:de:3d:1a:73:28:18: 221s f0:dd:4f:17:63:cf:69:e8:92:40:e3:de:2e:9c:a4: 221s bc:5d:9b:f8:a6:db:a2:f7:16:f3:72:bc:59:e1:3f: 221s 0b:48:f1:7b:4a:94:0f:a6:eb:6c:d9:a5:0f:f5:50: 221s bf:51:13:01:aa:6b:f7:33:a6:91:41:1c:a9:57:d3: 221s ea:f2:35:57:cc:b9:48:02:ba:69:0b:fc:18:b2:20: 221s 9f:0f:b5:7c:83:b9:c3:fc:7a:93:09:c7:61:22:db: 221s 7d:42:d7:7c:a8:a8:bf:93:41 221s Exponent: 65537 (0x10001) 221s X509v3 extensions: 221s X509v3 Authority Key Identifier: 221s 41:F8:BE:A0:4A:BE:BE:C1:12:21:04:F8:FE:63:A9:02:CC:CB:A0:AC 221s X509v3 Basic Constraints: 221s CA:FALSE 221s Netscape Cert Type: 221s SSL Client, S/MIME 221s Netscape Comment: 221s Test Organization Root CA trusted Certificate 221s X509v3 Subject Key Identifier: 221s 6E:1D:42:48:63:30:85:93:0F:22:DE:3D:15:92:4D:95:E8:9C:BB:22 221s X509v3 Key Usage: critical 221s Digital Signature, Non Repudiation, Key Encipherment 221s X509v3 Extended Key Usage: 221s TLS Web Client Authentication, E-mail Protection 221s X509v3 Subject Alternative Name: 221s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 221s Signature Algorithm: sha256WithRSAEncryption 221s Signature Value: 221s 13:7d:92:05:7b:0d:a8:8b:cd:34:48:bc:7a:4d:55:d0:12:02: 221s f9:74:1b:ba:b9:87:a7:21:b0:3f:29:da:e1:59:56:63:dd:ed: 221s 70:c0:74:d2:97:66:9c:42:e0:b0:62:f2:3b:81:ac:39:6a:87: 221s ff:10:03:ef:99:ce:e2:f7:f4:9c:27:fb:58:15:40:7a:a1:91: 221s cf:06:81:da:bf:40:5c:f0:9f:2c:18:6b:d7:77:39:c8:ac:7d: 221s 29:fb:2c:b6:b9:e1:21:de:3a:fc:c1:af:c3:e9:82:3f:36:5f: 221s 6a:e2:fb:62:03:1d:dc:be:83:ca:7f:b1:48:df:6e:89:e4:25: 221s af:31 221s + local found_md5 expected_md5 221s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-vGKIeX/test-root-CA-trusted-certificate-0001.pem 221s + expected_md5=Modulus=BEDAB37A21B88C90BAD9A88440D6F94BD08AD0A611E67ADE3D1A732818F0DD4F1763CF69E89240E3DE2E9CA4BC5D9BF8A6DBA2F716F372BC59E13F0B48F17B4A940FA6EB6CD9A50FF550BF511301AA6BF733A691411CA957D3EAF23557CCB94802BA690BFC18B2209F0FB57C83B9C3FC7A9309C76122DB7D42D77CA8A8BF9341 221s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-vGKIeX/SSSD-child-30939.pem 221s + found_md5=Modulus=BEDAB37A21B88C90BAD9A88440D6F94BD08AD0A611E67ADE3D1A732818F0DD4F1763CF69E89240E3DE2E9CA4BC5D9BF8A6DBA2F716F372BC59E13F0B48F17B4A940FA6EB6CD9A50FF550BF511301AA6BF733A691411CA957D3EAF23557CCB94802BA690BFC18B2209F0FB57C83B9C3FC7A9309C76122DB7D42D77CA8A8BF9341 221s + '[' Modulus=BEDAB37A21B88C90BAD9A88440D6F94BD08AD0A611E67ADE3D1A732818F0DD4F1763CF69E89240E3DE2E9CA4BC5D9BF8A6DBA2F716F372BC59E13F0B48F17B4A940FA6EB6CD9A50FF550BF511301AA6BF733A691411CA957D3EAF23557CCB94802BA690BFC18B2209F0FB57C83B9C3FC7A9309C76122DB7D42D77CA8A8BF9341 '!=' Modulus=BEDAB37A21B88C90BAD9A88440D6F94BD08AD0A611E67ADE3D1A732818F0DD4F1763CF69E89240E3DE2E9CA4BC5D9BF8A6DBA2F716F372BC59E13F0B48F17B4A940FA6EB6CD9A50FF550BF511301AA6BF733A691411CA957D3EAF23557CCB94802BA690BFC18B2209F0FB57C83B9C3FC7A9309C76122DB7D42D77CA8A8BF9341 ']' 221s + output_file=/tmp/sssd-softhsm2-vGKIeX/SSSD-child-30939-auth.output 221s ++ basename /tmp/sssd-softhsm2-vGKIeX/SSSD-child-30939-auth.output .output 221s + output_cert_file=/tmp/sssd-softhsm2-vGKIeX/SSSD-child-30939-auth.pem 221s + echo -n 053350 221s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-vGKIeX/test-root-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Root Tr Token' --module_name /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so 221s [p11_child[2253]] [main] (0x0400): p11_child started. 221s [p11_child[2253]] [main] (0x2000): Running in [auth] mode. 221s [p11_child[2253]] [main] (0x2000): Running with effective IDs: [0][0]. 221s [p11_child[2253]] [main] (0x2000): Running with real IDs [0][0]. 221s [p11_child[2253]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 221s [p11_child[2253]] [do_card] (0x4000): Module List: 221s [p11_child[2253]] [do_card] (0x4000): common name: [softhsm2]. 221s [p11_child[2253]] [do_card] (0x4000): dll name: [/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 221s [p11_child[2253]] [do_card] (0x4000): Description [SoftHSM slot ID 0x3018a6ae] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 221s [p11_child[2253]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 221s [p11_child[2253]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x3018a6ae][806921902] of module [0][/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 221s [p11_child[2253]] [do_card] (0x4000): Login required. 221s [p11_child[2253]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 221s [p11_child[2253]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 221s [p11_child[2253]] [do_card] (0x4000): /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so Test Organization Root Tr Token Test Organization Root Tr Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 221s [p11_child[2253]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x3018a6ae;slot-manufacturer=SoftHSM%20project;slot-id=806921902;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=d43292683018a6ae;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 221s [p11_child[2253]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 221s [p11_child[2253]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 221s [p11_child[2253]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 221s [p11_child[2253]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 221s [p11_child[2253]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 221s [p11_child[2253]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 221s [p11_child[2253]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 221s [p11_child[2253]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 221s [p11_child[2253]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 221s [p11_child[2253]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 221s [p11_child[2253]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 221s [p11_child[2253]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 221s [p11_child[2253]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 221s [p11_child[2253]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 221s [p11_child[2253]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 221s [p11_child[2253]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 221s [p11_child[2253]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 221s [p11_child[2253]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 221s [p11_child[2253]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 221s [p11_child[2253]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 221s [p11_child[2253]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 221s [p11_child[2253]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 221s [p11_child[2253]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 221s [p11_child[2253]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 221s [p11_child[2253]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 221s [p11_child[2253]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 221s [p11_child[2253]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 221s [p11_child[2253]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 221s [p11_child[2253]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 221s [p11_child[2253]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 221s [p11_child[2253]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 221s [p11_child[2253]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 221s [p11_child[2253]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 221s [p11_child[2253]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 221s [p11_child[2253]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 221s [p11_child[2253]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 221s [p11_child[2253]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 221s [p11_child[2253]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 221s [p11_child[2253]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 221s [p11_child[2253]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 221s [p11_child[2253]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 221s [p11_child[2253]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 221s [p11_child[2253]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 221s [p11_child[2253]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 221s [p11_child[2253]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 221s [p11_child[2253]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 221s [p11_child[2253]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 221s [p11_child[2253]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 221s [p11_child[2253]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 221s [p11_child[2253]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 221s [p11_child[2253]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 221s [p11_child[2253]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 221s [p11_child[2253]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 221s [p11_child[2253]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 221s [p11_child[2253]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 221s [p11_child[2253]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 221s [p11_child[2253]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 221s [p11_child[2253]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 221s [p11_child[2253]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 221s [p11_child[2253]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 221s [p11_child[2253]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 221s [p11_child[2253]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 221s [p11_child[2253]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 221s [p11_child[2253]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 221s [p11_child[2253]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 221s [p11_child[2253]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 221s [p11_child[2253]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 221s [p11_child[2253]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 221s [p11_child[2253]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 221s [p11_child[2253]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 221s [p11_child[2253]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 221s [p11_child[2253]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 221s [p11_child[2253]] [do_card] (0x4000): Certificate verified and validated. 221s [p11_child[2253]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 221s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-vGKIeX/SSSD-child-30939-auth.output 221s + echo '-----BEGIN CERTIFICATE-----' 221s + tail -n1 /tmp/sssd-softhsm2-vGKIeX/SSSD-child-30939-auth.output 221s + echo '-----END CERTIFICATE-----' 221s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-vGKIeX/SSSD-child-30939-auth.pem 221s Certificate: 221s Data: 221s Version: 3 (0x2) 221s Serial Number: 3 (0x3) 221s Signature Algorithm: sha256WithRSAEncryption 221s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 221s Validity 221s Not Before: Nov 16 08:20:19 2024 GMT 221s Not After : Nov 16 08:20:19 2025 GMT 221s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 221s Subject Public Key Info: 221s Public Key Algorithm: rsaEncryption 221s Public-Key: (1024 bit) 221s Modulus: 221s 00:be:da:b3:7a:21:b8:8c:90:ba:d9:a8:84:40:d6: 221s f9:4b:d0:8a:d0:a6:11:e6:7a:de:3d:1a:73:28:18: 221s f0:dd:4f:17:63:cf:69:e8:92:40:e3:de:2e:9c:a4: 221s bc:5d:9b:f8:a6:db:a2:f7:16:f3:72:bc:59:e1:3f: 221s 0b:48:f1:7b:4a:94:0f:a6:eb:6c:d9:a5:0f:f5:50: 221s bf:51:13:01:aa:6b:f7:33:a6:91:41:1c:a9:57:d3: 221s ea:f2:35:57:cc:b9:48:02:ba:69:0b:fc:18:b2:20: 221s 9f:0f:b5:7c:83:b9:c3:fc:7a:93:09:c7:61:22:db: 221s 7d:42:d7:7c:a8:a8:bf:93:41 221s Exponent: 65537 (0x10001) 221s X509v3 extensions: 221s X509v3 Authority Key Identifier: 221s 41:F8:BE:A0:4A:BE:BE:C1:12:21:04:F8:FE:63:A9:02:CC:CB:A0:AC 221s X509v3 Basic Constraints: 221s CA:FALSE 221s Netscape Cert Type: 221s SSL Client, S/MIME 221s Netscape Comment: 221s Test Organization Root CA trusted Certificate 221s X509v3 Subject Key Identifier: 221s 6E:1D:42:48:63:30:85:93:0F:22:DE:3D:15:92:4D:95:E8:9C:BB:22 221s X509v3 Key Usage: critical 221s Digital Signature, Non Repudiation, Key Encipherment 221s X509v3 Extended Key Usage: 221s TLS Web Client Authentication, E-mail Protection 221s X509v3 Subject Alternative Name: 221s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 221s Signature Algorithm: sha256WithRSAEncryption 221s Signature Value: 221s 13:7d:92:05:7b:0d:a8:8b:cd:34:48:bc:7a:4d:55:d0:12:02: 221s f9:74:1b:ba:b9:87:a7:21:b0:3f:29:da:e1:59:56:63:dd:ed: 221s 70:c0:74:d2:97:66:9c:42:e0:b0:62:f2:3b:81:ac:39:6a:87: 221s ff:10:03:ef:99:ce:e2:f7:f4:9c:27:fb:58:15:40:7a:a1:91: 221s cf:06:81:da:bf:40:5c:f0:9f:2c:18:6b:d7:77:39:c8:ac:7d: 221s 29:fb:2c:b6:b9:e1:21:de:3a:fc:c1:af:c3:e9:82:3f:36:5f: 221s 6a:e2:fb:62:03:1d:dc:be:83:ca:7f:b1:48:df:6e:89:e4:25: 221s af:31 221s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-vGKIeX/SSSD-child-30939-auth.pem 221s + found_md5=Modulus=BEDAB37A21B88C90BAD9A88440D6F94BD08AD0A611E67ADE3D1A732818F0DD4F1763CF69E89240E3DE2E9CA4BC5D9BF8A6DBA2F716F372BC59E13F0B48F17B4A940FA6EB6CD9A50FF550BF511301AA6BF733A691411CA957D3EAF23557CCB94802BA690BFC18B2209F0FB57C83B9C3FC7A9309C76122DB7D42D77CA8A8BF9341 221s + '[' Modulus=BEDAB37A21B88C90BAD9A88440D6F94BD08AD0A611E67ADE3D1A732818F0DD4F1763CF69E89240E3DE2E9CA4BC5D9BF8A6DBA2F716F372BC59E13F0B48F17B4A940FA6EB6CD9A50FF550BF511301AA6BF733A691411CA957D3EAF23557CCB94802BA690BFC18B2209F0FB57C83B9C3FC7A9309C76122DB7D42D77CA8A8BF9341 '!=' Modulus=BEDAB37A21B88C90BAD9A88440D6F94BD08AD0A611E67ADE3D1A732818F0DD4F1763CF69E89240E3DE2E9CA4BC5D9BF8A6DBA2F716F372BC59E13F0B48F17B4A940FA6EB6CD9A50FF550BF511301AA6BF733A691411CA957D3EAF23557CCB94802BA690BFC18B2209F0FB57C83B9C3FC7A9309C76122DB7D42D77CA8A8BF9341 ']' 221s + valid_certificate /tmp/sssd-softhsm2-vGKIeX/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-13526 /tmp/sssd-softhsm2-vGKIeX/test-full-chain-CA.pem 221s + check_certificate /tmp/sssd-softhsm2-vGKIeX/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-13526 /tmp/sssd-softhsm2-vGKIeX/test-full-chain-CA.pem 221s + local certificate=/tmp/sssd-softhsm2-vGKIeX/test-root-CA-trusted-certificate-0001.pem 221s + local key_pass=pass:random-root-ca-trusted-cert-0001-13526 221s + local key_ring=/tmp/sssd-softhsm2-vGKIeX/test-full-chain-CA.pem 221s + local verify_option= 221s + prepare_softhsm2_card /tmp/sssd-softhsm2-vGKIeX/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-13526 221s + local certificate=/tmp/sssd-softhsm2-vGKIeX/test-root-CA-trusted-certificate-0001.pem 221s + local key_pass=pass:random-root-ca-trusted-cert-0001-13526 221s + local key_cn 221s + local key_name 221s + local tokens_dir 221s + local output_cert_file 221s + token_name= 221s ++ basename /tmp/sssd-softhsm2-vGKIeX/test-root-CA-trusted-certificate-0001.pem .pem 221s + key_name=test-root-CA-trusted-certificate-0001 221s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-vGKIeX/test-root-CA-trusted-certificate-0001.pem 221s ++ sed -n 's/ *commonName *= //p' 221s + key_cn='Test Organization Root Trusted Certificate 0001' 221s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 221s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-vGKIeX/softhsm2-test-root-CA-trusted-certificate-0001.conf 221s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-vGKIeX/softhsm2-test-root-CA-trusted-certificate-0001.conf 221s ++ basename /tmp/sssd-softhsm2-vGKIeX/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 221s Test Organization Root Tr Token 221s + tokens_dir=/tmp/sssd-softhsm2-vGKIeX/softhsm2-test-root-CA-trusted-certificate-0001 221s + token_name='Test Organization Root Tr Token' 221s + '[' '!' -e /tmp/sssd-softhsm2-vGKIeX/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 221s + '[' '!' -d /tmp/sssd-softhsm2-vGKIeX/softhsm2-test-root-CA-trusted-certificate-0001 ']' 221s + echo 'Test Organization Root Tr Token' 221s + '[' -n '' ']' 221s + local output_base_name=SSSD-child-31203 221s + local output_file=/tmp/sssd-softhsm2-vGKIeX/SSSD-child-31203.output 221s + output_cert_file=/tmp/sssd-softhsm2-vGKIeX/SSSD-child-31203.pem 221s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-vGKIeX/test-full-chain-CA.pem 221s [p11_child[2263]] [main] (0x0400): p11_child started. 221s [p11_child[2263]] [main] (0x2000): Running in [pre-auth] mode. 221s [p11_child[2263]] [main] (0x2000): Running with effective IDs: [0][0]. 221s [p11_child[2263]] [main] (0x2000): Running with real IDs [0][0]. 221s [p11_child[2263]] [do_card] (0x4000): Module List: 221s [p11_child[2263]] [do_card] (0x4000): common name: [softhsm2]. 221s [p11_child[2263]] [do_card] (0x4000): dll name: [/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 221s [p11_child[2263]] [do_card] (0x4000): Description [SoftHSM slot ID 0x3018a6ae] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 221s [p11_child[2263]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 221s [p11_child[2263]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x3018a6ae][806921902] of module [0][/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 221s [p11_child[2263]] [do_card] (0x4000): Login NOT required. 221s [p11_child[2263]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 221s [p11_child[2263]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 221s [p11_child[2263]] [do_card] (0x4000): /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Root Tr Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 221s [p11_child[2263]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x3018a6ae;slot-manufacturer=SoftHSM%20project;slot-id=806921902;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=d43292683018a6ae;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 221s [p11_child[2263]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 221s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-vGKIeX/SSSD-child-31203.output 221s + echo '-----BEGIN CERTIFICATE-----' 221s + tail -n1 /tmp/sssd-softhsm2-vGKIeX/SSSD-child-31203.output 221s + echo '-----END CERTIFICATE-----' 221s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-vGKIeX/SSSD-child-31203.pem 221s Certificate: 221s Data: 221s Version: 3 (0x2) 221s Serial Number: 3 (0x3) 221s Signature Algorithm: sha256WithRSAEncryption 221s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 221s Validity 221s Not Before: Nov 16 08:20:19 2024 GMT 221s Not After : Nov 16 08:20:19 2025 GMT 221s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 221s Subject Public Key Info: 221s Public Key Algorithm: rsaEncryption 221s Public-Key: (1024 bit) 221s Modulus: 221s 00:be:da:b3:7a:21:b8:8c:90:ba:d9:a8:84:40:d6: 221s f9:4b:d0:8a:d0:a6:11:e6:7a:de:3d:1a:73:28:18: 221s f0:dd:4f:17:63:cf:69:e8:92:40:e3:de:2e:9c:a4: 221s bc:5d:9b:f8:a6:db:a2:f7:16:f3:72:bc:59:e1:3f: 221s 0b:48:f1:7b:4a:94:0f:a6:eb:6c:d9:a5:0f:f5:50: 221s bf:51:13:01:aa:6b:f7:33:a6:91:41:1c:a9:57:d3: 221s ea:f2:35:57:cc:b9:48:02:ba:69:0b:fc:18:b2:20: 221s 9f:0f:b5:7c:83:b9:c3:fc:7a:93:09:c7:61:22:db: 221s 7d:42:d7:7c:a8:a8:bf:93:41 221s Exponent: 65537 (0x10001) 221s X509v3 extensions: 221s X509v3 Authority Key Identifier: 221s 41:F8:BE:A0:4A:BE:BE:C1:12:21:04:F8:FE:63:A9:02:CC:CB:A0:AC 221s X509v3 Basic Constraints: 221s CA:FALSE 221s Netscape Cert Type: 221s SSL Client, S/MIME 221s Netscape Comment: 221s Test Organization Root CA trusted Certificate 221s X509v3 Subject Key Identifier: 221s 6E:1D:42:48:63:30:85:93:0F:22:DE:3D:15:92:4D:95:E8:9C:BB:22 221s X509v3 Key Usage: critical 221s Digital Signature, Non Repudiation, Key Encipherment 221s X509v3 Extended Key Usage: 221s TLS Web Client Authentication, E-mail Protection 221s X509v3 Subject Alternative Name: 221s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 221s Signature Algorithm: sha256WithRSAEncryption 221s Signature Value: 221s 13:7d:92:05:7b:0d:a8:8b:cd:34:48:bc:7a:4d:55:d0:12:02: 221s f9:74:1b:ba:b9:87:a7:21:b0:3f:29:da:e1:59:56:63:dd:ed: 221s 70:c0:74:d2:97:66:9c:42:e0:b0:62:f2:3b:81:ac:39:6a:87: 221s ff:10:03:ef:99:ce:e2:f7:f4:9c:27:fb:58:15:40:7a:a1:91: 221s cf:06:81:da:bf:40:5c:f0:9f:2c:18:6b:d7:77:39:c8:ac:7d: 221s 29:fb:2c:b6:b9:e1:21:de:3a:fc:c1:af:c3:e9:82:3f:36:5f: 221s 6a:e2:fb:62:03:1d:dc:be:83:ca:7f:b1:48:df:6e:89:e4:25: 221s af:31 221s + local found_md5 expected_md5 221s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-vGKIeX/test-root-CA-trusted-certificate-0001.pem 221s + expected_md5=Modulus=BEDAB37A21B88C90BAD9A88440D6F94BD08AD0A611E67ADE3D1A732818F0DD4F1763CF69E89240E3DE2E9CA4BC5D9BF8A6DBA2F716F372BC59E13F0B48F17B4A940FA6EB6CD9A50FF550BF511301AA6BF733A691411CA957D3EAF23557CCB94802BA690BFC18B2209F0FB57C83B9C3FC7A9309C76122DB7D42D77CA8A8BF9341 221s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-vGKIeX/SSSD-child-31203.pem 221s + found_md5=Modulus=BEDAB37A21B88C90BAD9A88440D6F94BD08AD0A611E67ADE3D1A732818F0DD4F1763CF69E89240E3DE2E9CA4BC5D9BF8A6DBA2F716F372BC59E13F0B48F17B4A940FA6EB6CD9A50FF550BF511301AA6BF733A691411CA957D3EAF23557CCB94802BA690BFC18B2209F0FB57C83B9C3FC7A9309C76122DB7D42D77CA8A8BF9341 221s + '[' Modulus=BEDAB37A21B88C90BAD9A88440D6F94BD08AD0A611E67ADE3D1A732818F0DD4F1763CF69E89240E3DE2E9CA4BC5D9BF8A6DBA2F716F372BC59E13F0B48F17B4A940FA6EB6CD9A50FF550BF511301AA6BF733A691411CA957D3EAF23557CCB94802BA690BFC18B2209F0FB57C83B9C3FC7A9309C76122DB7D42D77CA8A8BF9341 '!=' Modulus=BEDAB37A21B88C90BAD9A88440D6F94BD08AD0A611E67ADE3D1A732818F0DD4F1763CF69E89240E3DE2E9CA4BC5D9BF8A6DBA2F716F372BC59E13F0B48F17B4A940FA6EB6CD9A50FF550BF511301AA6BF733A691411CA957D3EAF23557CCB94802BA690BFC18B2209F0FB57C83B9C3FC7A9309C76122DB7D42D77CA8A8BF9341 ']' 221s + output_file=/tmp/sssd-softhsm2-vGKIeX/SSSD-child-31203-auth.output 221s ++ basename /tmp/sssd-softhsm2-vGKIeX/SSSD-child-31203-auth.output .output 221s + output_cert_file=/tmp/sssd-softhsm2-vGKIeX/SSSD-child-31203-auth.pem 221s + echo -n 053350 221s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-vGKIeX/test-full-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 '' --token_name 'Test Organization Root Tr Token' --module_name /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so 221s [p11_child[2271]] [main] (0x0400): p11_child started. 221s [p11_child[2271]] [main] (0x2000): Running in [auth] mode. 221s [p11_child[2271]] [main] (0x2000): Running with effective IDs: [0][0]. 221s [p11_child[2271]] [main] (0x2000): Running with real IDs [0][0]. 221s [p11_child[2271]] [do_card] (0x4000): Module List: 221s [p11_child[2271]] [do_card] (0x4000): common name: [softhsm2]. 221s [p11_child[2271]] [do_card] (0x4000): dll name: [/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 221s [p11_child[2271]] [do_card] (0x4000): Description [SoftHSM slot ID 0x3018a6ae] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 221s [p11_child[2271]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 221s [p11_child[2271]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x3018a6ae][806921902] of module [0][/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 221s [p11_child[2271]] [do_card] (0x4000): Login required. 221s [p11_child[2271]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 221s [p11_child[2271]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 221s [p11_child[2271]] [do_card] (0x4000): /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so Test Organization Root Tr Token Test Organization Root Tr Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 221s [p11_child[2271]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x3018a6ae;slot-manufacturer=SoftHSM%20project;slot-id=806921902;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=d43292683018a6ae;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 221s [p11_child[2271]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 221s [p11_child[2271]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 221s [p11_child[2271]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 221s [p11_child[2271]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 221s [p11_child[2271]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 221s [p11_child[2271]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 221s [p11_child[2271]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 221s [p11_child[2271]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 221s [p11_child[2271]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 221s [p11_child[2271]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 221s [p11_child[2271]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 221s [p11_child[2271]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 221s [p11_child[2271]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 221s [p11_child[2271]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 221s [p11_child[2271]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 221s [p11_child[2271]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 221s [p11_child[2271]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 221s [p11_child[2271]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 221s [p11_child[2271]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 221s [p11_child[2271]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 221s [p11_child[2271]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 221s [p11_child[2271]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 221s [p11_child[2271]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 221s [p11_child[2271]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 221s [p11_child[2271]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 221s [p11_child[2271]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 221s [p11_child[2271]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 221s [p11_child[2271]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 221s [p11_child[2271]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 221s [p11_child[2271]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 221s [p11_child[2271]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 221s [p11_child[2271]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 221s [p11_child[2271]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 221s [p11_child[2271]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 221s [p11_child[2271]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 221s [p11_child[2271]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 221s [p11_child[2271]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 221s [p11_child[2271]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 221s [p11_child[2271]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 221s [p11_child[2271]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 221s [p11_child[2271]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 221s [p11_child[2271]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 221s [p11_child[2271]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 221s [p11_child[2271]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 221s [p11_child[2271]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 221s [p11_child[2271]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 221s [p11_child[2271]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 221s [p11_child[2271]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 221s [p11_child[2271]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 221s [p11_child[2271]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 221s [p11_child[2271]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 221s [p11_child[2271]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 221s [p11_child[2271]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 221s [p11_child[2271]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 221s [p11_child[2271]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 221s [p11_child[2271]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 221s [p11_child[2271]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 221s [p11_child[2271]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 221s [p11_child[2271]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 221s [p11_child[2271]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 221s [p11_child[2271]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 221s [p11_child[2271]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 221s [p11_child[2271]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 221s [p11_child[2271]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 221s [p11_child[2271]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 221s [p11_child[2271]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 221s [p11_child[2271]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 221s [p11_child[2271]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 221s [p11_child[2271]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 221s [p11_child[2271]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 221s [p11_child[2271]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 221s [p11_child[2271]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 221s [p11_child[2271]] [do_card] (0x4000): Certificate verified and validated. 221s [p11_child[2271]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 221s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-vGKIeX/SSSD-child-31203-auth.output 221s + echo '-----BEGIN CERTIFICATE-----' 221s + tail -n1 /tmp/sssd-softhsm2-vGKIeX/SSSD-child-31203-auth.output 221s + echo '-----END CERTIFICATE-----' 221s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-vGKIeX/SSSD-child-31203-auth.pem 221s Certificate: 221s Data: 221s Version: 3 (0x2) 221s Serial Number: 3 (0x3) 221s Signature Algorithm: sha256WithRSAEncryption 221s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 221s Validity 221s Not Before: Nov 16 08:20:19 2024 GMT 221s Not After : Nov 16 08:20:19 2025 GMT 221s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 221s Subject Public Key Info: 221s Public Key Algorithm: rsaEncryption 221s Public-Key: (1024 bit) 221s Modulus: 221s 00:be:da:b3:7a:21:b8:8c:90:ba:d9:a8:84:40:d6: 221s f9:4b:d0:8a:d0:a6:11:e6:7a:de:3d:1a:73:28:18: 221s f0:dd:4f:17:63:cf:69:e8:92:40:e3:de:2e:9c:a4: 221s bc:5d:9b:f8:a6:db:a2:f7:16:f3:72:bc:59:e1:3f: 221s 0b:48:f1:7b:4a:94:0f:a6:eb:6c:d9:a5:0f:f5:50: 221s bf:51:13:01:aa:6b:f7:33:a6:91:41:1c:a9:57:d3: 221s ea:f2:35:57:cc:b9:48:02:ba:69:0b:fc:18:b2:20: 221s 9f:0f:b5:7c:83:b9:c3:fc:7a:93:09:c7:61:22:db: 221s 7d:42:d7:7c:a8:a8:bf:93:41 221s Exponent: 65537 (0x10001) 221s X509v3 extensions: 221s X509v3 Authority Key Identifier: 221s 41:F8:BE:A0:4A:BE:BE:C1:12:21:04:F8:FE:63:A9:02:CC:CB:A0:AC 221s X509v3 Basic Constraints: 221s CA:FALSE 221s Netscape Cert Type: 221s SSL Client, S/MIME 221s Netscape Comment: 221s Test Organization Root CA trusted Certificate 221s X509v3 Subject Key Identifier: 221s 6E:1D:42:48:63:30:85:93:0F:22:DE:3D:15:92:4D:95:E8:9C:BB:22 221s X509v3 Key Usage: critical 221s Digital Signature, Non Repudiation, Key Encipherment 221s X509v3 Extended Key Usage: 221s TLS Web Client Authentication, E-mail Protection 221s X509v3 Subject Alternative Name: 221s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 221s Signature Algorithm: sha256WithRSAEncryption 221s Signature Value: 221s 13:7d:92:05:7b:0d:a8:8b:cd:34:48:bc:7a:4d:55:d0:12:02: 221s f9:74:1b:ba:b9:87:a7:21:b0:3f:29:da:e1:59:56:63:dd:ed: 221s 70:c0:74:d2:97:66:9c:42:e0:b0:62:f2:3b:81:ac:39:6a:87: 221s ff:10:03:ef:99:ce:e2:f7:f4:9c:27:fb:58:15:40:7a:a1:91: 221s cf:06:81:da:bf:40:5c:f0:9f:2c:18:6b:d7:77:39:c8:ac:7d: 221s 29:fb:2c:b6:b9:e1:21:de:3a:fc:c1:af:c3:e9:82:3f:36:5f: 221s 6a:e2:fb:62:03:1d:dc:be:83:ca:7f:b1:48:df:6e:89:e4:25: 221s af:31 221s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-vGKIeX/SSSD-child-31203-auth.pem 221s + found_md5=Modulus=BEDAB37A21B88C90BAD9A88440D6F94BD08AD0A611E67ADE3D1A732818F0DD4F1763CF69E89240E3DE2E9CA4BC5D9BF8A6DBA2F716F372BC59E13F0B48F17B4A940FA6EB6CD9A50FF550BF511301AA6BF733A691411CA957D3EAF23557CCB94802BA690BFC18B2209F0FB57C83B9C3FC7A9309C76122DB7D42D77CA8A8BF9341 221s + '[' Modulus=BEDAB37A21B88C90BAD9A88440D6F94BD08AD0A611E67ADE3D1A732818F0DD4F1763CF69E89240E3DE2E9CA4BC5D9BF8A6DBA2F716F372BC59E13F0B48F17B4A940FA6EB6CD9A50FF550BF511301AA6BF733A691411CA957D3EAF23557CCB94802BA690BFC18B2209F0FB57C83B9C3FC7A9309C76122DB7D42D77CA8A8BF9341 '!=' Modulus=BEDAB37A21B88C90BAD9A88440D6F94BD08AD0A611E67ADE3D1A732818F0DD4F1763CF69E89240E3DE2E9CA4BC5D9BF8A6DBA2F716F372BC59E13F0B48F17B4A940FA6EB6CD9A50FF550BF511301AA6BF733A691411CA957D3EAF23557CCB94802BA690BFC18B2209F0FB57C83B9C3FC7A9309C76122DB7D42D77CA8A8BF9341 ']' 221s + valid_certificate /tmp/sssd-softhsm2-vGKIeX/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-13526 /tmp/sssd-softhsm2-vGKIeX/test-full-chain-CA.pem partial_chain 221s + check_certificate /tmp/sssd-softhsm2-vGKIeX/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-13526 /tmp/sssd-softhsm2-vGKIeX/test-full-chain-CA.pem partial_chain 221s + local certificate=/tmp/sssd-softhsm2-vGKIeX/test-root-CA-trusted-certificate-0001.pem 221s + local key_pass=pass:random-root-ca-trusted-cert-0001-13526 221s + local key_ring=/tmp/sssd-softhsm2-vGKIeX/test-full-chain-CA.pem 221s + local verify_option=partial_chain 221s + prepare_softhsm2_card /tmp/sssd-softhsm2-vGKIeX/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-13526 221s + local certificate=/tmp/sssd-softhsm2-vGKIeX/test-root-CA-trusted-certificate-0001.pem 221s + local key_pass=pass:random-root-ca-trusted-cert-0001-13526 221s + local key_cn 221s + local key_name 221s + local tokens_dir 221s + local output_cert_file 221s + token_name= 221s ++ basename /tmp/sssd-softhsm2-vGKIeX/test-root-CA-trusted-certificate-0001.pem .pem 221s + key_name=test-root-CA-trusted-certificate-0001 221s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-vGKIeX/test-root-CA-trusted-certificate-0001.pem 221s ++ sed -n 's/ *commonName *= //p' 221s Test Organization Root Tr Token 221s + key_cn='Test Organization Root Trusted Certificate 0001' 221s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 221s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-vGKIeX/softhsm2-test-root-CA-trusted-certificate-0001.conf 221s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-vGKIeX/softhsm2-test-root-CA-trusted-certificate-0001.conf 221s ++ basename /tmp/sssd-softhsm2-vGKIeX/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 221s + tokens_dir=/tmp/sssd-softhsm2-vGKIeX/softhsm2-test-root-CA-trusted-certificate-0001 221s + token_name='Test Organization Root Tr Token' 221s + '[' '!' -e /tmp/sssd-softhsm2-vGKIeX/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 221s + '[' '!' -d /tmp/sssd-softhsm2-vGKIeX/softhsm2-test-root-CA-trusted-certificate-0001 ']' 221s + echo 'Test Organization Root Tr Token' 221s + '[' -n partial_chain ']' 221s + local verify_arg=--verify=partial_chain 221s + local output_base_name=SSSD-child-22210 221s + local output_file=/tmp/sssd-softhsm2-vGKIeX/SSSD-child-22210.output 221s + output_cert_file=/tmp/sssd-softhsm2-vGKIeX/SSSD-child-22210.pem 221s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-vGKIeX/test-full-chain-CA.pem 221s [p11_child[2281]] [main] (0x0400): p11_child started. 221s [p11_child[2281]] [main] (0x2000): Running in [pre-auth] mode. 221s [p11_child[2281]] [main] (0x2000): Running with effective IDs: [0][0]. 221s [p11_child[2281]] [main] (0x2000): Running with real IDs [0][0]. 221s [p11_child[2281]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 221s [p11_child[2281]] [do_card] (0x4000): Module List: 221s [p11_child[2281]] [do_card] (0x4000): common name: [softhsm2]. 221s [p11_child[2281]] [do_card] (0x4000): dll name: [/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 221s [p11_child[2281]] [do_card] (0x4000): Description [SoftHSM slot ID 0x3018a6ae] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 221s [p11_child[2281]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 221s [p11_child[2281]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x3018a6ae][806921902] of module [0][/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 221s [p11_child[2281]] [do_card] (0x4000): Login NOT required. 221s [p11_child[2281]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 221s [p11_child[2281]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 221s [p11_child[2281]] [do_card] (0x4000): /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Root Tr Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 221s [p11_child[2281]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x3018a6ae;slot-manufacturer=SoftHSM%20project;slot-id=806921902;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=d43292683018a6ae;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 221s [p11_child[2281]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 221s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-vGKIeX/SSSD-child-22210.output 221s + echo '-----BEGIN CERTIFICATE-----' 221s + tail -n1 /tmp/sssd-softhsm2-vGKIeX/SSSD-child-22210.output 221s + echo '-----END CERTIFICATE-----' 221s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-vGKIeX/SSSD-child-22210.pem 221s Certificate: 221s Data: 221s Version: 3 (0x2) 221s Serial Number: 3 (0x3) 221s Signature Algorithm: sha256WithRSAEncryption 221s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 221s Validity 221s Not Before: Nov 16 08:20:19 2024 GMT 221s Not After : Nov 16 08:20:19 2025 GMT 221s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 221s Subject Public Key Info: 221s Public Key Algorithm: rsaEncryption 221s Public-Key: (1024 bit) 221s Modulus: 221s 00:be:da:b3:7a:21:b8:8c:90:ba:d9:a8:84:40:d6: 221s f9:4b:d0:8a:d0:a6:11:e6:7a:de:3d:1a:73:28:18: 221s f0:dd:4f:17:63:cf:69:e8:92:40:e3:de:2e:9c:a4: 221s bc:5d:9b:f8:a6:db:a2:f7:16:f3:72:bc:59:e1:3f: 221s 0b:48:f1:7b:4a:94:0f:a6:eb:6c:d9:a5:0f:f5:50: 221s bf:51:13:01:aa:6b:f7:33:a6:91:41:1c:a9:57:d3: 221s ea:f2:35:57:cc:b9:48:02:ba:69:0b:fc:18:b2:20: 221s 9f:0f:b5:7c:83:b9:c3:fc:7a:93:09:c7:61:22:db: 221s 7d:42:d7:7c:a8:a8:bf:93:41 221s Exponent: 65537 (0x10001) 221s X509v3 extensions: 221s X509v3 Authority Key Identifier: 221s 41:F8:BE:A0:4A:BE:BE:C1:12:21:04:F8:FE:63:A9:02:CC:CB:A0:AC 221s X509v3 Basic Constraints: 221s CA:FALSE 221s Netscape Cert Type: 221s SSL Client, S/MIME 221s Netscape Comment: 221s Test Organization Root CA trusted Certificate 221s X509v3 Subject Key Identifier: 221s 6E:1D:42:48:63:30:85:93:0F:22:DE:3D:15:92:4D:95:E8:9C:BB:22 221s X509v3 Key Usage: critical 221s Digital Signature, Non Repudiation, Key Encipherment 221s X509v3 Extended Key Usage: 221s TLS Web Client Authentication, E-mail Protection 221s X509v3 Subject Alternative Name: 221s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 221s Signature Algorithm: sha256WithRSAEncryption 221s Signature Value: 221s 13:7d:92:05:7b:0d:a8:8b:cd:34:48:bc:7a:4d:55:d0:12:02: 221s f9:74:1b:ba:b9:87:a7:21:b0:3f:29:da:e1:59:56:63:dd:ed: 221s 70:c0:74:d2:97:66:9c:42:e0:b0:62:f2:3b:81:ac:39:6a:87: 221s ff:10:03:ef:99:ce:e2:f7:f4:9c:27:fb:58:15:40:7a:a1:91: 221s cf:06:81:da:bf:40:5c:f0:9f:2c:18:6b:d7:77:39:c8:ac:7d: 221s 29:fb:2c:b6:b9:e1:21:de:3a:fc:c1:af:c3:e9:82:3f:36:5f: 221s 6a:e2:fb:62:03:1d:dc:be:83:ca:7f:b1:48:df:6e:89:e4:25: 221s af:31 221s + local found_md5 expected_md5 221s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-vGKIeX/test-root-CA-trusted-certificate-0001.pem 221s + expected_md5=Modulus=BEDAB37A21B88C90BAD9A88440D6F94BD08AD0A611E67ADE3D1A732818F0DD4F1763CF69E89240E3DE2E9CA4BC5D9BF8A6DBA2F716F372BC59E13F0B48F17B4A940FA6EB6CD9A50FF550BF511301AA6BF733A691411CA957D3EAF23557CCB94802BA690BFC18B2209F0FB57C83B9C3FC7A9309C76122DB7D42D77CA8A8BF9341 221s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-vGKIeX/SSSD-child-22210.pem 221s + found_md5=Modulus=BEDAB37A21B88C90BAD9A88440D6F94BD08AD0A611E67ADE3D1A732818F0DD4F1763CF69E89240E3DE2E9CA4BC5D9BF8A6DBA2F716F372BC59E13F0B48F17B4A940FA6EB6CD9A50FF550BF511301AA6BF733A691411CA957D3EAF23557CCB94802BA690BFC18B2209F0FB57C83B9C3FC7A9309C76122DB7D42D77CA8A8BF9341 221s + '[' Modulus=BEDAB37A21B88C90BAD9A88440D6F94BD08AD0A611E67ADE3D1A732818F0DD4F1763CF69E89240E3DE2E9CA4BC5D9BF8A6DBA2F716F372BC59E13F0B48F17B4A940FA6EB6CD9A50FF550BF511301AA6BF733A691411CA957D3EAF23557CCB94802BA690BFC18B2209F0FB57C83B9C3FC7A9309C76122DB7D42D77CA8A8BF9341 '!=' Modulus=BEDAB37A21B88C90BAD9A88440D6F94BD08AD0A611E67ADE3D1A732818F0DD4F1763CF69E89240E3DE2E9CA4BC5D9BF8A6DBA2F716F372BC59E13F0B48F17B4A940FA6EB6CD9A50FF550BF511301AA6BF733A691411CA957D3EAF23557CCB94802BA690BFC18B2209F0FB57C83B9C3FC7A9309C76122DB7D42D77CA8A8BF9341 ']' 221s + output_file=/tmp/sssd-softhsm2-vGKIeX/SSSD-child-22210-auth.output 221s ++ basename /tmp/sssd-softhsm2-vGKIeX/SSSD-child-22210-auth.output .output 221s + output_cert_file=/tmp/sssd-softhsm2-vGKIeX/SSSD-child-22210-auth.pem 221s + echo -n 053350 221s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-vGKIeX/test-full-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Root Tr Token' --module_name /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so 221s [p11_child[2289]] [main] (0x0400): p11_child started. 221s [p11_child[2289]] [main] (0x2000): Running in [auth] mode. 221s [p11_child[2289]] [main] (0x2000): Running with effective IDs: [0][0]. 221s [p11_child[2289]] [main] (0x2000): Running with real IDs [0][0]. 221s [p11_child[2289]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 221s [p11_child[2289]] [do_card] (0x4000): Module List: 221s [p11_child[2289]] [do_card] (0x4000): common name: [softhsm2]. 221s [p11_child[2289]] [do_card] (0x4000): dll name: [/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 221s [p11_child[2289]] [do_card] (0x4000): Description [SoftHSM slot ID 0x3018a6ae] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 221s [p11_child[2289]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 221s [p11_child[2289]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x3018a6ae][806921902] of module [0][/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 221s [p11_child[2289]] [do_card] (0x4000): Login required. 221s [p11_child[2289]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 221s [p11_child[2289]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 221s [p11_child[2289]] [do_card] (0x4000): /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so Test Organization Root Tr Token Test Organization Root Tr Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 221s [p11_child[2289]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x3018a6ae;slot-manufacturer=SoftHSM%20project;slot-id=806921902;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=d43292683018a6ae;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 221s [p11_child[2289]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 221s [p11_child[2289]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 221s [p11_child[2289]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 221s [p11_child[2289]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 221s [p11_child[2289]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 221s [p11_child[2289]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 221s [p11_child[2289]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 221s [p11_child[2289]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 221s [p11_child[2289]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 221s [p11_child[2289]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 221s [p11_child[2289]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 221s [p11_child[2289]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 221s [p11_child[2289]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 221s [p11_child[2289]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 221s [p11_child[2289]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 221s [p11_child[2289]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 221s [p11_child[2289]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 221s [p11_child[2289]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 221s [p11_child[2289]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 221s [p11_child[2289]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 221s [p11_child[2289]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 221s [p11_child[2289]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 221s [p11_child[2289]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 221s [p11_child[2289]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 221s [p11_child[2289]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 221s [p11_child[2289]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 221s [p11_child[2289]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 221s [p11_child[2289]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 221s [p11_child[2289]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 221s [p11_child[2289]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 221s [p11_child[2289]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 221s [p11_child[2289]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 221s [p11_child[2289]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 221s [p11_child[2289]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 221s [p11_child[2289]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 221s [p11_child[2289]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 221s [p11_child[2289]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 221s [p11_child[2289]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 221s [p11_child[2289]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 221s [p11_child[2289]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 221s [p11_child[2289]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 221s [p11_child[2289]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 221s [p11_child[2289]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 221s [p11_child[2289]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 221s [p11_child[2289]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 221s [p11_child[2289]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 221s [p11_child[2289]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 221s [p11_child[2289]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 221s [p11_child[2289]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 221s [p11_child[2289]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 221s [p11_child[2289]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 221s [p11_child[2289]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 221s [p11_child[2289]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 221s [p11_child[2289]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 221s [p11_child[2289]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 221s [p11_child[2289]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 221s [p11_child[2289]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 221s [p11_child[2289]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 221s [p11_child[2289]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 221s [p11_child[2289]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 221s [p11_child[2289]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 221s [p11_child[2289]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 221s [p11_child[2289]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 221s [p11_child[2289]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 221s [p11_child[2289]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 221s [p11_child[2289]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 221s [p11_child[2289]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 221s [p11_child[2289]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 221s [p11_child[2289]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 221s [p11_child[2289]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 221s [p11_child[2289]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 221s [p11_child[2289]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 221s [p11_child[2289]] [do_card] (0x4000): Certificate verified and validated. 221s [p11_child[2289]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 221s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-vGKIeX/SSSD-child-22210-auth.output 221s + echo '-----BEGIN CERTIFICATE-----' 221s + tail -n1 /tmp/sssd-softhsm2-vGKIeX/SSSD-child-22210-auth.output 221s + echo '-----END CERTIFICATE-----' 221s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-vGKIeX/SSSD-child-22210-auth.pem 221s Certificate: 221s Data: 221s Version: 3 (0x2) 221s Serial Number: 3 (0x3) 221s Signature Algorithm: sha256WithRSAEncryption 221s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 221s Validity 221s Not Before: Nov 16 08:20:19 2024 GMT 221s Not After : Nov 16 08:20:19 2025 GMT 221s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 221s Subject Public Key Info: 221s Public Key Algorithm: rsaEncryption 221s Public-Key: (1024 bit) 221s Modulus: 221s 00:be:da:b3:7a:21:b8:8c:90:ba:d9:a8:84:40:d6: 221s f9:4b:d0:8a:d0:a6:11:e6:7a:de:3d:1a:73:28:18: 221s f0:dd:4f:17:63:cf:69:e8:92:40:e3:de:2e:9c:a4: 221s bc:5d:9b:f8:a6:db:a2:f7:16:f3:72:bc:59:e1:3f: 221s 0b:48:f1:7b:4a:94:0f:a6:eb:6c:d9:a5:0f:f5:50: 221s bf:51:13:01:aa:6b:f7:33:a6:91:41:1c:a9:57:d3: 221s ea:f2:35:57:cc:b9:48:02:ba:69:0b:fc:18:b2:20: 221s 9f:0f:b5:7c:83:b9:c3:fc:7a:93:09:c7:61:22:db: 221s 7d:42:d7:7c:a8:a8:bf:93:41 221s Exponent: 65537 (0x10001) 221s X509v3 extensions: 221s X509v3 Authority Key Identifier: 221s 41:F8:BE:A0:4A:BE:BE:C1:12:21:04:F8:FE:63:A9:02:CC:CB:A0:AC 221s X509v3 Basic Constraints: 221s CA:FALSE 221s Netscape Cert Type: 221s SSL Client, S/MIME 221s Netscape Comment: 221s Test Organization Root CA trusted Certificate 221s X509v3 Subject Key Identifier: 221s 6E:1D:42:48:63:30:85:93:0F:22:DE:3D:15:92:4D:95:E8:9C:BB:22 221s X509v3 Key Usage: critical 221s Digital Signature, Non Repudiation, Key Encipherment 221s X509v3 Extended Key Usage: 221s TLS Web Client Authentication, E-mail Protection 221s X509v3 Subject Alternative Name: 221s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 221s Signature Algorithm: sha256WithRSAEncryption 221s Signature Value: 221s 13:7d:92:05:7b:0d:a8:8b:cd:34:48:bc:7a:4d:55:d0:12:02: 221s f9:74:1b:ba:b9:87:a7:21:b0:3f:29:da:e1:59:56:63:dd:ed: 221s 70:c0:74:d2:97:66:9c:42:e0:b0:62:f2:3b:81:ac:39:6a:87: 221s ff:10:03:ef:99:ce:e2:f7:f4:9c:27:fb:58:15:40:7a:a1:91: 221s cf:06:81:da:bf:40:5c:f0:9f:2c:18:6b:d7:77:39:c8:ac:7d: 221s 29:fb:2c:b6:b9:e1:21:de:3a:fc:c1:af:c3:e9:82:3f:36:5f: 221s 6a:e2:fb:62:03:1d:dc:be:83:ca:7f:b1:48:df:6e:89:e4:25: 221s af:31 221s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-vGKIeX/SSSD-child-22210-auth.pem 221s + found_md5=Modulus=BEDAB37A21B88C90BAD9A88440D6F94BD08AD0A611E67ADE3D1A732818F0DD4F1763CF69E89240E3DE2E9CA4BC5D9BF8A6DBA2F716F372BC59E13F0B48F17B4A940FA6EB6CD9A50FF550BF511301AA6BF733A691411CA957D3EAF23557CCB94802BA690BFC18B2209F0FB57C83B9C3FC7A9309C76122DB7D42D77CA8A8BF9341 221s + '[' Modulus=BEDAB37A21B88C90BAD9A88440D6F94BD08AD0A611E67ADE3D1A732818F0DD4F1763CF69E89240E3DE2E9CA4BC5D9BF8A6DBA2F716F372BC59E13F0B48F17B4A940FA6EB6CD9A50FF550BF511301AA6BF733A691411CA957D3EAF23557CCB94802BA690BFC18B2209F0FB57C83B9C3FC7A9309C76122DB7D42D77CA8A8BF9341 '!=' Modulus=BEDAB37A21B88C90BAD9A88440D6F94BD08AD0A611E67ADE3D1A732818F0DD4F1763CF69E89240E3DE2E9CA4BC5D9BF8A6DBA2F716F372BC59E13F0B48F17B4A940FA6EB6CD9A50FF550BF511301AA6BF733A691411CA957D3EAF23557CCB94802BA690BFC18B2209F0FB57C83B9C3FC7A9309C76122DB7D42D77CA8A8BF9341 ']' 221s + invalid_certificate /tmp/sssd-softhsm2-vGKIeX/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-13526 /tmp/sssd-softhsm2-vGKIeX/test-intermediate-CA.pem 221s + check_certificate /tmp/sssd-softhsm2-vGKIeX/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-13526 /tmp/sssd-softhsm2-vGKIeX/test-intermediate-CA.pem 221s + local certificate=/tmp/sssd-softhsm2-vGKIeX/test-root-CA-trusted-certificate-0001.pem 221s + local key_pass=pass:random-root-ca-trusted-cert-0001-13526 221s + local key_ring=/tmp/sssd-softhsm2-vGKIeX/test-intermediate-CA.pem 221s + local verify_option= 221s + prepare_softhsm2_card /tmp/sssd-softhsm2-vGKIeX/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-13526 221s + local certificate=/tmp/sssd-softhsm2-vGKIeX/test-root-CA-trusted-certificate-0001.pem 221s + local key_pass=pass:random-root-ca-trusted-cert-0001-13526 221s + local key_cn 221s + local key_name 221s + local tokens_dir 221s + local output_cert_file 221s + token_name= 221s ++ basename /tmp/sssd-softhsm2-vGKIeX/test-root-CA-trusted-certificate-0001.pem .pem 221s + key_name=test-root-CA-trusted-certificate-0001 221s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-vGKIeX/test-root-CA-trusted-certificate-0001.pem 221s ++ sed -n 's/ *commonName *= //p' 221s + key_cn='Test Organization Root Trusted Certificate 0001' 221s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 221s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-vGKIeX/softhsm2-test-root-CA-trusted-certificate-0001.conf 221s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-vGKIeX/softhsm2-test-root-CA-trusted-certificate-0001.conf 221s ++ basename /tmp/sssd-softhsm2-vGKIeX/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 221s + tokens_dir=/tmp/sssd-softhsm2-vGKIeX/softhsm2-test-root-CA-trusted-certificate-0001 221s + token_name='Test Organization Root Tr Token' 221s + '[' '!' -e /tmp/sssd-softhsm2-vGKIeX/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 221s + '[' '!' -d /tmp/sssd-softhsm2-vGKIeX/softhsm2-test-root-CA-trusted-certificate-0001 ']' 221s + echo 'Test Organization Root Tr Token' 221s + '[' -n '' ']' 221s + local output_base_name=SSSD-child-2584 221s + local output_file=/tmp/sssd-softhsm2-vGKIeX/SSSD-child-2584.output 221s + output_cert_file=/tmp/sssd-softhsm2-vGKIeX/SSSD-child-2584.pem 221s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-vGKIeX/test-intermediate-CA.pem 221s Test Organization Root Tr Token 221s [p11_child[2299]] [main] (0x0400): p11_child started. 221s [p11_child[2299]] [main] (0x2000): Running in [pre-auth] mode. 221s [p11_child[2299]] [main] (0x2000): Running with effective IDs: [0][0]. 221s [p11_child[2299]] [main] (0x2000): Running with real IDs [0][0]. 221s [p11_child[2299]] [do_card] (0x4000): Module List: 221s [p11_child[2299]] [do_card] (0x4000): common name: [softhsm2]. 221s [p11_child[2299]] [do_card] (0x4000): dll name: [/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 221s [p11_child[2299]] [do_card] (0x4000): Description [SoftHSM slot ID 0x3018a6ae] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 221s [p11_child[2299]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 221s [p11_child[2299]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x3018a6ae][806921902] of module [0][/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 221s [p11_child[2299]] [do_card] (0x4000): Login NOT required. 221s [p11_child[2299]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 221s [p11_child[2299]] [do_verification] (0x0040): X509_verify_cert failed [0]. 221s [p11_child[2299]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 221s [p11_child[2299]] [read_certs] (0x0040): Certificate [Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] not valid, skipping. 221s [p11_child[2299]] [do_card] (0x4000): No certificate found. 221s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-vGKIeX/SSSD-child-2584.output 221s + return 2 221s + invalid_certificate /tmp/sssd-softhsm2-vGKIeX/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-13526 /tmp/sssd-softhsm2-vGKIeX/test-intermediate-CA.pem partial_chain 221s + check_certificate /tmp/sssd-softhsm2-vGKIeX/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-13526 /tmp/sssd-softhsm2-vGKIeX/test-intermediate-CA.pem partial_chain 221s + local certificate=/tmp/sssd-softhsm2-vGKIeX/test-root-CA-trusted-certificate-0001.pem 221s + local key_pass=pass:random-root-ca-trusted-cert-0001-13526 221s + local key_ring=/tmp/sssd-softhsm2-vGKIeX/test-intermediate-CA.pem 221s + local verify_option=partial_chain 221s + prepare_softhsm2_card /tmp/sssd-softhsm2-vGKIeX/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-13526 221s + local certificate=/tmp/sssd-softhsm2-vGKIeX/test-root-CA-trusted-certificate-0001.pem 221s + local key_pass=pass:random-root-ca-trusted-cert-0001-13526 221s + local key_cn 221s + local key_name 221s + local tokens_dir 221s + local output_cert_file 221s + token_name= 221s ++ basename /tmp/sssd-softhsm2-vGKIeX/test-root-CA-trusted-certificate-0001.pem .pem 221s + key_name=test-root-CA-trusted-certificate-0001 221s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-vGKIeX/test-root-CA-trusted-certificate-0001.pem 221s ++ sed -n 's/ *commonName *= //p' 221s + key_cn='Test Organization Root Trusted Certificate 0001' 221s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 221s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-vGKIeX/softhsm2-test-root-CA-trusted-certificate-0001.conf 221s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-vGKIeX/softhsm2-test-root-CA-trusted-certificate-0001.conf 221s Test Organization Root Tr Token 221s ++ basename /tmp/sssd-softhsm2-vGKIeX/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 221s + tokens_dir=/tmp/sssd-softhsm2-vGKIeX/softhsm2-test-root-CA-trusted-certificate-0001 221s + token_name='Test Organization Root Tr Token' 221s + '[' '!' -e /tmp/sssd-softhsm2-vGKIeX/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 221s + '[' '!' -d /tmp/sssd-softhsm2-vGKIeX/softhsm2-test-root-CA-trusted-certificate-0001 ']' 221s + echo 'Test Organization Root Tr Token' 221s + '[' -n partial_chain ']' 221s + local verify_arg=--verify=partial_chain 221s + local output_base_name=SSSD-child-26338 221s + local output_file=/tmp/sssd-softhsm2-vGKIeX/SSSD-child-26338.output 221s + output_cert_file=/tmp/sssd-softhsm2-vGKIeX/SSSD-child-26338.pem 221s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-vGKIeX/test-intermediate-CA.pem 221s [p11_child[2306]] [main] (0x0400): p11_child started. 221s [p11_child[2306]] [main] (0x2000): Running in [pre-auth] mode. 221s [p11_child[2306]] [main] (0x2000): Running with effective IDs: [0][0]. 221s [p11_child[2306]] [main] (0x2000): Running with real IDs [0][0]. 221s [p11_child[2306]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 221s [p11_child[2306]] [do_card] (0x4000): Module List: 221s [p11_child[2306]] [do_card] (0x4000): common name: [softhsm2]. 221s [p11_child[2306]] [do_card] (0x4000): dll name: [/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 221s [p11_child[2306]] [do_card] (0x4000): Description [SoftHSM slot ID 0x3018a6ae] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 221s [p11_child[2306]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 221s [p11_child[2306]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x3018a6ae][806921902] of module [0][/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 221s [p11_child[2306]] [do_card] (0x4000): Login NOT required. 221s [p11_child[2306]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 221s [p11_child[2306]] [do_verification] (0x0040): X509_verify_cert failed [0]. 221s [p11_child[2306]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 221s [p11_child[2306]] [read_certs] (0x0040): Certificate [Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] not valid, skipping. 221s [p11_child[2306]] [do_card] (0x4000): No certificate found. 221s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-vGKIeX/SSSD-child-26338.output 221s + return 2 221s + invalid_certificate /tmp/sssd-softhsm2-vGKIeX/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-21192 /dev/null 221s + check_certificate /tmp/sssd-softhsm2-vGKIeX/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-21192 /dev/null 221s + local certificate=/tmp/sssd-softhsm2-vGKIeX/test-intermediate-CA-trusted-certificate-0001.pem 221s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-21192 221s + local key_ring=/dev/null 221s + local verify_option= 221s + prepare_softhsm2_card /tmp/sssd-softhsm2-vGKIeX/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-21192 221s + local certificate=/tmp/sssd-softhsm2-vGKIeX/test-intermediate-CA-trusted-certificate-0001.pem 221s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-21192 221s + local key_cn 221s + local key_name 221s + local tokens_dir 221s + local output_cert_file 221s + token_name= 221s ++ basename /tmp/sssd-softhsm2-vGKIeX/test-intermediate-CA-trusted-certificate-0001.pem .pem 221s + key_name=test-intermediate-CA-trusted-certificate-0001 221s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-vGKIeX/test-intermediate-CA-trusted-certificate-0001.pem 221s ++ sed -n 's/ *commonName *= //p' 221s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 221s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 221s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-vGKIeX/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 221s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-vGKIeX/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 221s ++ basename /tmp/sssd-softhsm2-vGKIeX/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 221s + tokens_dir=/tmp/sssd-softhsm2-vGKIeX/softhsm2-test-intermediate-CA-trusted-certificate-0001 221s + token_name='Test Organization Interme Token' 221s + '[' '!' -e /tmp/sssd-softhsm2-vGKIeX/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 221s + local key_file 221s + local decrypted_key 221s + mkdir -p /tmp/sssd-softhsm2-vGKIeX/softhsm2-test-intermediate-CA-trusted-certificate-0001 221s + key_file=/tmp/sssd-softhsm2-vGKIeX/test-intermediate-CA-trusted-certificate-0001-key.pem 221s + decrypted_key=/tmp/sssd-softhsm2-vGKIeX/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 221s + cat 221s + softhsm2-util --init-token --label 'Test Organization Interme Token' --pin 053350 --so-pin 053350 --free 221s Slot 0 has a free/uninitialized token. 221s The token has been initialized and is reassigned to slot 1216403801 221s + softhsm2-util --show-slots 221s Available slots: 221s Slot 1216403801 221s Slot info: 221s Description: SoftHSM slot ID 0x4880d959 221s Manufacturer ID: SoftHSM project 221s Hardware version: 2.6 221s Firmware version: 2.6 221s Token present: yes 221s Token info: 221s Manufacturer ID: SoftHSM project 221s Model: SoftHSM v2 221s Hardware version: 2.6 221s Firmware version: 2.6 221s Serial number: 101d9546c880d959 221s Initialized: yes 221s User PIN init.: yes 221s Label: Test Organization Interme Token 221s Slot 1 221s Slot info: 221s Description: SoftHSM slot ID 0x1 221s Manufacturer ID: SoftHSM project 221s Hardware version: 2.6 221s Firmware version: 2.6 221s Token present: yes 221s Token info: 221s Manufacturer ID: SoftHSM project 221s Model: SoftHSM v2 221s Hardware version: 2.6 221s Firmware version: 2.6 221s Serial number: 221s Initialized: no 221s User PIN init.: no 221s Label: 221s + p11tool --provider=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=/tmp/sssd-softhsm2-vGKIeX/test-intermediate-CA-trusted-certificate-0001.pem --login --set-pin=053350 --label 'Test Organization Intermediate Trusted Certificate 0001' --id 00112233445566778899FFAABBCCDDEEFF012345 221s + openssl rsa -passin pass:random-intermediate-ca-trusted-cert-0001-21192 -in /tmp/sssd-softhsm2-vGKIeX/test-intermediate-CA-trusted-certificate-0001-key.pem -out /tmp/sssd-softhsm2-vGKIeX/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 221s writing RSA key 221s + p11tool --provider=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so --write --load-privkey=/tmp/sssd-softhsm2-vGKIeX/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem --login --set-pin=053350 --label 'Test Organization Intermediate Trusted Certificate 0001 Key' --id 00112233445566778899FFAABBCCDDEEFF012345 221s + rm /tmp/sssd-softhsm2-vGKIeX/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 221s + p11tool --provider=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so --list-all 221s Object 0: 221s URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=101d9546c880d959;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert 221s Type: X.509 Certificate (RSA-1024) 221s Expires: Sun Nov 16 08:20:19 2025 221s Label: Test Organization Intermediate Trusted Certificate 0001 221s ID: 00:11:22:33:44:55:66:77:88:99:ff:aa:bb:cc:dd:ee:ff:01:23:45 221s 221s + echo 'Test Organization Interme Token' 221s + '[' -n '' ']' 221s Test Organization Interme Token 221s + local output_base_name=SSSD-child-4463 221s + local output_file=/tmp/sssd-softhsm2-vGKIeX/SSSD-child-4463.output 221s + output_cert_file=/tmp/sssd-softhsm2-vGKIeX/SSSD-child-4463.pem 221s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/dev/null 221s [p11_child[2322]] [main] (0x0400): p11_child started. 221s [p11_child[2322]] [main] (0x2000): Running in [pre-auth] mode. 221s [p11_child[2322]] [main] (0x2000): Running with effective IDs: [0][0]. 221s [p11_child[2322]] [main] (0x2000): Running with real IDs [0][0]. 221s [p11_child[2322]] [init_verification] (0x0040): X509_LOOKUP_load_file [/dev/null] failed [92274824][error:05800088:x509 certificate routines::no certificate or crl found]. 221s [p11_child[2322]] [do_work] (0x0040): init_verification failed. 221s [p11_child[2322]] [main] (0x0020): p11_child failed (5) 221s + return 2 221s + valid_certificate /tmp/sssd-softhsm2-vGKIeX/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-21192 /dev/null no_verification 221s + check_certificate /tmp/sssd-softhsm2-vGKIeX/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-21192 /dev/null no_verification 221s + local certificate=/tmp/sssd-softhsm2-vGKIeX/test-intermediate-CA-trusted-certificate-0001.pem 221s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-21192 221s + local key_ring=/dev/null 221s + local verify_option=no_verification 221s + prepare_softhsm2_card /tmp/sssd-softhsm2-vGKIeX/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-21192 221s + local certificate=/tmp/sssd-softhsm2-vGKIeX/test-intermediate-CA-trusted-certificate-0001.pem 221s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-21192 221s + local key_cn 221s + local key_name 221s + local tokens_dir 221s + local output_cert_file 221s + token_name= 221s ++ basename /tmp/sssd-softhsm2-vGKIeX/test-intermediate-CA-trusted-certificate-0001.pem .pem 221s + key_name=test-intermediate-CA-trusted-certificate-0001 221s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-vGKIeX/test-intermediate-CA-trusted-certificate-0001.pem 221s ++ sed -n 's/ *commonName *= //p' 222s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 222s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 222s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-vGKIeX/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 222s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-vGKIeX/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 222s ++ basename /tmp/sssd-softhsm2-vGKIeX/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 222s + tokens_dir=/tmp/sssd-softhsm2-vGKIeX/softhsm2-test-intermediate-CA-trusted-certificate-0001 222s + token_name='Test Organization Interme Token' 222s + '[' '!' -e /tmp/sssd-softhsm2-vGKIeX/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 222s + '[' '!' -d /tmp/sssd-softhsm2-vGKIeX/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 222s + echo 'Test Organization Interme Token' 222s + '[' -n no_verification ']' 222s + local verify_arg=--verify=no_verification 222s Test Organization Interme Token 222s + local output_base_name=SSSD-child-32611 222s + local output_file=/tmp/sssd-softhsm2-vGKIeX/SSSD-child-32611.output 222s + output_cert_file=/tmp/sssd-softhsm2-vGKIeX/SSSD-child-32611.pem 222s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so --verify=no_verification --ca_db=/dev/null 222s [p11_child[2328]] [main] (0x0400): p11_child started. 222s [p11_child[2328]] [main] (0x2000): Running in [pre-auth] mode. 222s [p11_child[2328]] [main] (0x2000): Running with effective IDs: [0][0]. 222s [p11_child[2328]] [main] (0x2000): Running with real IDs [0][0]. 222s [p11_child[2328]] [parse_cert_verify_opts] (0x0020): Found 'no_verification' option, disabling verification completely. This should not be used in production. 222s [p11_child[2328]] [do_card] (0x4000): Module List: 222s [p11_child[2328]] [do_card] (0x4000): common name: [softhsm2]. 222s [p11_child[2328]] [do_card] (0x4000): dll name: [/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 222s [p11_child[2328]] [do_card] (0x4000): Description [SoftHSM slot ID 0x4880d959] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 222s [p11_child[2328]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 222s [p11_child[2328]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x4880d959][1216403801] of module [0][/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 222s [p11_child[2328]] [do_card] (0x4000): Login NOT required. 222s [p11_child[2328]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 222s [p11_child[2328]] [do_card] (0x4000): /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Interme Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 222s [p11_child[2328]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x4880d959;slot-manufacturer=SoftHSM%20project;slot-id=1216403801;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=101d9546c880d959;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 222s [p11_child[2328]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 222s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-vGKIeX/SSSD-child-32611.output 222s + echo '-----BEGIN CERTIFICATE-----' 222s + tail -n1 /tmp/sssd-softhsm2-vGKIeX/SSSD-child-32611.output 222s + echo '-----END CERTIFICATE-----' 222s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-vGKIeX/SSSD-child-32611.pem 222s Certificate: 222s Data: 222s Version: 3 (0x2) 222s Serial Number: 4 (0x4) 222s Signature Algorithm: sha256WithRSAEncryption 222s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 222s Validity 222s Not Before: Nov 16 08:20:19 2024 GMT 222s Not After : Nov 16 08:20:19 2025 GMT 222s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 222s Subject Public Key Info: 222s Public Key Algorithm: rsaEncryption 222s Public-Key: (1024 bit) 222s Modulus: 222s 00:b6:b8:aa:dc:ca:df:e1:e2:b2:1b:a2:1c:53:f9: 222s 36:1d:79:7b:c8:7e:c8:f9:f5:85:95:7f:63:18:4a: 222s e5:69:a9:ae:5c:b5:28:f4:7d:a5:f2:08:cb:da:d0: 222s 6a:6e:40:e2:b4:5c:0e:cc:f2:13:bd:27:76:a6:b2: 222s e0:73:81:aa:ab:86:5f:c1:03:5b:3f:bd:d4:66:6a: 222s 9b:de:e6:ea:47:33:2c:ee:a2:12:22:d0:45:d5:66: 222s 21:3c:9f:52:7a:15:59:03:31:e2:b2:60:63:28:1d: 222s 34:76:f6:c4:7a:67:a0:7d:33:94:2a:38:43:72:82: 222s d6:08:fb:b1:f7:d5:31:f6:5b 222s Exponent: 65537 (0x10001) 222s X509v3 extensions: 222s X509v3 Authority Key Identifier: 222s A5:BE:DF:55:00:65:6F:91:2E:96:46:7D:FB:7D:BA:50:20:2C:9C:37 222s X509v3 Basic Constraints: 222s CA:FALSE 222s Netscape Cert Type: 222s SSL Client, S/MIME 222s Netscape Comment: 222s Test Organization Intermediate CA trusted Certificate 222s X509v3 Subject Key Identifier: 222s F3:74:AE:FC:9B:75:4E:01:4F:B4:6E:95:DA:B7:A6:C8:8F:49:10:4A 222s X509v3 Key Usage: critical 222s Digital Signature, Non Repudiation, Key Encipherment 222s X509v3 Extended Key Usage: 222s TLS Web Client Authentication, E-mail Protection 222s X509v3 Subject Alternative Name: 222s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 222s Signature Algorithm: sha256WithRSAEncryption 222s Signature Value: 222s 4e:6f:97:e6:bf:44:f6:51:bb:1e:7f:b3:fe:c5:6b:7b:64:54: 222s 7f:b7:9c:c2:9d:73:2c:88:8a:1a:57:53:b1:58:42:87:67:f1: 222s d2:9a:53:de:92:ab:43:b1:a2:71:e7:2c:ff:2d:79:f9:4c:78: 222s 21:ef:3f:f8:e7:ba:90:84:4d:04:f0:1f:4c:fc:62:04:46:41: 222s c0:55:ec:11:66:1e:99:e3:73:92:7f:6f:43:fd:97:33:0d:e6: 222s 45:f2:c2:b2:25:c2:6a:00:a3:fa:85:bd:85:8d:2d:e1:62:32: 222s 8b:86:15:57:2a:61:e2:06:d7:8a:41:68:5f:c6:ff:85:42:0d: 222s c0:62 222s + local found_md5 expected_md5 222s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-vGKIeX/test-intermediate-CA-trusted-certificate-0001.pem 222s + expected_md5=Modulus=B6B8AADCCADFE1E2B21BA21C53F9361D797BC87EC8F9F585957F63184AE569A9AE5CB528F47DA5F208CBDAD06A6E40E2B45C0ECCF213BD2776A6B2E07381AAAB865FC1035B3FBDD4666A9BDEE6EA47332CEEA21222D045D566213C9F527A15590331E2B26063281D3476F6C47A67A07D33942A38437282D608FBB1F7D531F65B 222s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-vGKIeX/SSSD-child-32611.pem 222s + found_md5=Modulus=B6B8AADCCADFE1E2B21BA21C53F9361D797BC87EC8F9F585957F63184AE569A9AE5CB528F47DA5F208CBDAD06A6E40E2B45C0ECCF213BD2776A6B2E07381AAAB865FC1035B3FBDD4666A9BDEE6EA47332CEEA21222D045D566213C9F527A15590331E2B26063281D3476F6C47A67A07D33942A38437282D608FBB1F7D531F65B 222s + '[' Modulus=B6B8AADCCADFE1E2B21BA21C53F9361D797BC87EC8F9F585957F63184AE569A9AE5CB528F47DA5F208CBDAD06A6E40E2B45C0ECCF213BD2776A6B2E07381AAAB865FC1035B3FBDD4666A9BDEE6EA47332CEEA21222D045D566213C9F527A15590331E2B26063281D3476F6C47A67A07D33942A38437282D608FBB1F7D531F65B '!=' Modulus=B6B8AADCCADFE1E2B21BA21C53F9361D797BC87EC8F9F585957F63184AE569A9AE5CB528F47DA5F208CBDAD06A6E40E2B45C0ECCF213BD2776A6B2E07381AAAB865FC1035B3FBDD4666A9BDEE6EA47332CEEA21222D045D566213C9F527A15590331E2B26063281D3476F6C47A67A07D33942A38437282D608FBB1F7D531F65B ']' 222s + output_file=/tmp/sssd-softhsm2-vGKIeX/SSSD-child-32611-auth.output 222s ++ basename /tmp/sssd-softhsm2-vGKIeX/SSSD-child-32611-auth.output .output 222s + output_cert_file=/tmp/sssd-softhsm2-vGKIeX/SSSD-child-32611-auth.pem 222s + echo -n 053350 222s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/dev/null --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=no_verification --token_name 'Test Organization Interme Token' --module_name /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so 222s [p11_child[2336]] [main] (0x0400): p11_child started. 222s [p11_child[2336]] [main] (0x2000): Running in [auth] mode. 222s [p11_child[2336]] [main] (0x2000): Running with effective IDs: [0][0]. 222s [p11_child[2336]] [main] (0x2000): Running with real IDs [0][0]. 222s [p11_child[2336]] [parse_cert_verify_opts] (0x0020): Found 'no_verification' option, disabling verification completely. This should not be used in production. 222s [p11_child[2336]] [do_card] (0x4000): Module List: 222s [p11_child[2336]] [do_card] (0x4000): common name: [softhsm2]. 222s [p11_child[2336]] [do_card] (0x4000): dll name: [/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 222s [p11_child[2336]] [do_card] (0x4000): Description [SoftHSM slot ID 0x4880d959] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 222s [p11_child[2336]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 222s [p11_child[2336]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x4880d959][1216403801] of module [0][/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 222s [p11_child[2336]] [do_card] (0x4000): Login required. 222s [p11_child[2336]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 222s [p11_child[2336]] [do_card] (0x4000): /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so Test Organization Interme Token Test Organization Interme Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 222s [p11_child[2336]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x4880d959;slot-manufacturer=SoftHSM%20project;slot-id=1216403801;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=101d9546c880d959;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 222s [p11_child[2336]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 222s [p11_child[2336]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 222s [p11_child[2336]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 222s [p11_child[2336]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 222s [p11_child[2336]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 222s [p11_child[2336]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 222s [p11_child[2336]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 222s [p11_child[2336]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 222s [p11_child[2336]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 222s [p11_child[2336]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 222s [p11_child[2336]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 222s [p11_child[2336]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 222s [p11_child[2336]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 222s [p11_child[2336]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 222s [p11_child[2336]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 222s [p11_child[2336]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 222s [p11_child[2336]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 222s [p11_child[2336]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 222s [p11_child[2336]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 222s [p11_child[2336]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 222s [p11_child[2336]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 222s [p11_child[2336]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 222s [p11_child[2336]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 222s [p11_child[2336]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 222s [p11_child[2336]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 222s [p11_child[2336]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 222s [p11_child[2336]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 222s [p11_child[2336]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 222s [p11_child[2336]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 222s [p11_child[2336]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 222s [p11_child[2336]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 222s [p11_child[2336]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 222s [p11_child[2336]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 222s [p11_child[2336]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 222s [p11_child[2336]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 222s [p11_child[2336]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 222s [p11_child[2336]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 222s [p11_child[2336]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 222s [p11_child[2336]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 222s [p11_child[2336]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 222s [p11_child[2336]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 222s [p11_child[2336]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 222s [p11_child[2336]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 222s [p11_child[2336]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 222s [p11_child[2336]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 222s [p11_child[2336]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 222s [p11_child[2336]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 222s [p11_child[2336]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 222s [p11_child[2336]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 222s [p11_child[2336]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 222s [p11_child[2336]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 222s [p11_child[2336]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 222s [p11_child[2336]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 222s [p11_child[2336]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 222s [p11_child[2336]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 222s [p11_child[2336]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 222s [p11_child[2336]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 222s [p11_child[2336]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 222s [p11_child[2336]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 222s [p11_child[2336]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 222s [p11_child[2336]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 222s [p11_child[2336]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 222s [p11_child[2336]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 222s [p11_child[2336]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 222s [p11_child[2336]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 222s [p11_child[2336]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 222s [p11_child[2336]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 222s [p11_child[2336]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 222s [p11_child[2336]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 222s [p11_child[2336]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 222s [p11_child[2336]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 222s [p11_child[2336]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 222s [p11_child[2336]] [do_card] (0x4000): Certificate verified and validated. 222s [p11_child[2336]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 222s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-vGKIeX/SSSD-child-32611-auth.output 222s + echo '-----BEGIN CERTIFICATE-----' 222s + tail -n1 /tmp/sssd-softhsm2-vGKIeX/SSSD-child-32611-auth.output 222s + echo '-----END CERTIFICATE-----' 222s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-vGKIeX/SSSD-child-32611-auth.pem 222s Certificate: 222s Data: 222s Version: 3 (0x2) 222s Serial Number: 4 (0x4) 222s Signature Algorithm: sha256WithRSAEncryption 222s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 222s Validity 222s Not Before: Nov 16 08:20:19 2024 GMT 222s Not After : Nov 16 08:20:19 2025 GMT 222s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 222s Subject Public Key Info: 222s Public Key Algorithm: rsaEncryption 222s Public-Key: (1024 bit) 222s Modulus: 222s 00:b6:b8:aa:dc:ca:df:e1:e2:b2:1b:a2:1c:53:f9: 222s 36:1d:79:7b:c8:7e:c8:f9:f5:85:95:7f:63:18:4a: 222s e5:69:a9:ae:5c:b5:28:f4:7d:a5:f2:08:cb:da:d0: 222s 6a:6e:40:e2:b4:5c:0e:cc:f2:13:bd:27:76:a6:b2: 222s e0:73:81:aa:ab:86:5f:c1:03:5b:3f:bd:d4:66:6a: 222s 9b:de:e6:ea:47:33:2c:ee:a2:12:22:d0:45:d5:66: 222s 21:3c:9f:52:7a:15:59:03:31:e2:b2:60:63:28:1d: 222s 34:76:f6:c4:7a:67:a0:7d:33:94:2a:38:43:72:82: 222s d6:08:fb:b1:f7:d5:31:f6:5b 222s Exponent: 65537 (0x10001) 222s X509v3 extensions: 222s X509v3 Authority Key Identifier: 222s A5:BE:DF:55:00:65:6F:91:2E:96:46:7D:FB:7D:BA:50:20:2C:9C:37 222s X509v3 Basic Constraints: 222s CA:FALSE 222s Netscape Cert Type: 222s SSL Client, S/MIME 222s Netscape Comment: 222s Test Organization Intermediate CA trusted Certificate 222s X509v3 Subject Key Identifier: 222s F3:74:AE:FC:9B:75:4E:01:4F:B4:6E:95:DA:B7:A6:C8:8F:49:10:4A 222s X509v3 Key Usage: critical 222s Digital Signature, Non Repudiation, Key Encipherment 222s X509v3 Extended Key Usage: 222s TLS Web Client Authentication, E-mail Protection 222s X509v3 Subject Alternative Name: 222s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 222s Signature Algorithm: sha256WithRSAEncryption 222s Signature Value: 222s 4e:6f:97:e6:bf:44:f6:51:bb:1e:7f:b3:fe:c5:6b:7b:64:54: 222s 7f:b7:9c:c2:9d:73:2c:88:8a:1a:57:53:b1:58:42:87:67:f1: 222s d2:9a:53:de:92:ab:43:b1:a2:71:e7:2c:ff:2d:79:f9:4c:78: 222s 21:ef:3f:f8:e7:ba:90:84:4d:04:f0:1f:4c:fc:62:04:46:41: 222s c0:55:ec:11:66:1e:99:e3:73:92:7f:6f:43:fd:97:33:0d:e6: 222s 45:f2:c2:b2:25:c2:6a:00:a3:fa:85:bd:85:8d:2d:e1:62:32: 222s 8b:86:15:57:2a:61:e2:06:d7:8a:41:68:5f:c6:ff:85:42:0d: 222s c0:62 222s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-vGKIeX/SSSD-child-32611-auth.pem 222s + found_md5=Modulus=B6B8AADCCADFE1E2B21BA21C53F9361D797BC87EC8F9F585957F63184AE569A9AE5CB528F47DA5F208CBDAD06A6E40E2B45C0ECCF213BD2776A6B2E07381AAAB865FC1035B3FBDD4666A9BDEE6EA47332CEEA21222D045D566213C9F527A15590331E2B26063281D3476F6C47A67A07D33942A38437282D608FBB1F7D531F65B 222s + '[' Modulus=B6B8AADCCADFE1E2B21BA21C53F9361D797BC87EC8F9F585957F63184AE569A9AE5CB528F47DA5F208CBDAD06A6E40E2B45C0ECCF213BD2776A6B2E07381AAAB865FC1035B3FBDD4666A9BDEE6EA47332CEEA21222D045D566213C9F527A15590331E2B26063281D3476F6C47A67A07D33942A38437282D608FBB1F7D531F65B '!=' Modulus=B6B8AADCCADFE1E2B21BA21C53F9361D797BC87EC8F9F585957F63184AE569A9AE5CB528F47DA5F208CBDAD06A6E40E2B45C0ECCF213BD2776A6B2E07381AAAB865FC1035B3FBDD4666A9BDEE6EA47332CEEA21222D045D566213C9F527A15590331E2B26063281D3476F6C47A67A07D33942A38437282D608FBB1F7D531F65B ']' 222s + invalid_certificate /tmp/sssd-softhsm2-vGKIeX/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-21192 /tmp/sssd-softhsm2-vGKIeX/test-root-CA.pem 222s + check_certificate /tmp/sssd-softhsm2-vGKIeX/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-21192 /tmp/sssd-softhsm2-vGKIeX/test-root-CA.pem 222s + local certificate=/tmp/sssd-softhsm2-vGKIeX/test-intermediate-CA-trusted-certificate-0001.pem 222s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-21192 222s + local key_ring=/tmp/sssd-softhsm2-vGKIeX/test-root-CA.pem 222s + local verify_option= 222s + prepare_softhsm2_card /tmp/sssd-softhsm2-vGKIeX/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-21192 222s + local certificate=/tmp/sssd-softhsm2-vGKIeX/test-intermediate-CA-trusted-certificate-0001.pem 222s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-21192 222s + local key_cn 222s + local key_name 222s + local tokens_dir 222s + local output_cert_file 222s + token_name= 222s ++ basename /tmp/sssd-softhsm2-vGKIeX/test-intermediate-CA-trusted-certificate-0001.pem .pem 222s + key_name=test-intermediate-CA-trusted-certificate-0001 222s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-vGKIeX/test-intermediate-CA-trusted-certificate-0001.pem 222s ++ sed -n 's/ *commonName *= //p' 222s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 222s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 222s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-vGKIeX/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 222s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-vGKIeX/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 222s ++ basename /tmp/sssd-softhsm2-vGKIeX/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 222s + tokens_dir=/tmp/sssd-softhsm2-vGKIeX/softhsm2-test-intermediate-CA-trusted-certificate-0001 222s + token_name='Test Organization Interme Token' 222s + '[' '!' -e /tmp/sssd-softhsm2-vGKIeX/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 222s + '[' '!' -d /tmp/sssd-softhsm2-vGKIeX/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 222s + echo 'Test Organization Interme Token' 222s + '[' -n '' ']' 222s + local output_base_name=SSSD-child-14902 222s + local output_file=/tmp/sssd-softhsm2-vGKIeX/SSSD-child-14902.output 222s + output_cert_file=/tmp/sssd-softhsm2-vGKIeX/SSSD-child-14902.pem 222s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-vGKIeX/test-root-CA.pem 222s Test Organization Interme Token 222s [p11_child[2346]] [main] (0x0400): p11_child started. 222s [p11_child[2346]] [main] (0x2000): Running in [pre-auth] mode. 222s [p11_child[2346]] [main] (0x2000): Running with effective IDs: [0][0]. 222s [p11_child[2346]] [main] (0x2000): Running with real IDs [0][0]. 222s [p11_child[2346]] [do_card] (0x4000): Module List: 222s [p11_child[2346]] [do_card] (0x4000): common name: [softhsm2]. 222s [p11_child[2346]] [do_card] (0x4000): dll name: [/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 222s [p11_child[2346]] [do_card] (0x4000): Description [SoftHSM slot ID 0x4880d959] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 222s [p11_child[2346]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 222s [p11_child[2346]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x4880d959][1216403801] of module [0][/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 222s [p11_child[2346]] [do_card] (0x4000): Login NOT required. 222s [p11_child[2346]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 222s [p11_child[2346]] [do_verification] (0x0040): X509_verify_cert failed [0]. 222s [p11_child[2346]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 222s [p11_child[2346]] [read_certs] (0x0040): Certificate [Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] not valid, skipping. 222s [p11_child[2346]] [do_card] (0x4000): No certificate found. 222s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-vGKIeX/SSSD-child-14902.output 222s + return 2 222s + invalid_certificate /tmp/sssd-softhsm2-vGKIeX/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-21192 /tmp/sssd-softhsm2-vGKIeX/test-root-CA.pem partial_chain 222s + check_certificate /tmp/sssd-softhsm2-vGKIeX/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-21192 /tmp/sssd-softhsm2-vGKIeX/test-root-CA.pem partial_chain 222s + local certificate=/tmp/sssd-softhsm2-vGKIeX/test-intermediate-CA-trusted-certificate-0001.pem 222s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-21192 222s + local key_ring=/tmp/sssd-softhsm2-vGKIeX/test-root-CA.pem 222s + local verify_option=partial_chain 222s + prepare_softhsm2_card /tmp/sssd-softhsm2-vGKIeX/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-21192 222s + local certificate=/tmp/sssd-softhsm2-vGKIeX/test-intermediate-CA-trusted-certificate-0001.pem 222s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-21192 222s + local key_cn 222s + local key_name 222s + local tokens_dir 222s + local output_cert_file 222s + token_name= 222s ++ basename /tmp/sssd-softhsm2-vGKIeX/test-intermediate-CA-trusted-certificate-0001.pem .pem 222s + key_name=test-intermediate-CA-trusted-certificate-0001 222s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-vGKIeX/test-intermediate-CA-trusted-certificate-0001.pem 222s ++ sed -n 's/ *commonName *= //p' 222s Test Organization Interme Token 222s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 222s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 222s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-vGKIeX/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 222s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-vGKIeX/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 222s ++ basename /tmp/sssd-softhsm2-vGKIeX/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 222s + tokens_dir=/tmp/sssd-softhsm2-vGKIeX/softhsm2-test-intermediate-CA-trusted-certificate-0001 222s + token_name='Test Organization Interme Token' 222s + '[' '!' -e /tmp/sssd-softhsm2-vGKIeX/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 222s + '[' '!' -d /tmp/sssd-softhsm2-vGKIeX/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 222s + echo 'Test Organization Interme Token' 222s + '[' -n partial_chain ']' 222s + local verify_arg=--verify=partial_chain 222s + local output_base_name=SSSD-child-17080 222s + local output_file=/tmp/sssd-softhsm2-vGKIeX/SSSD-child-17080.output 222s + output_cert_file=/tmp/sssd-softhsm2-vGKIeX/SSSD-child-17080.pem 222s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-vGKIeX/test-root-CA.pem 222s [p11_child[2353]] [main] (0x0400): p11_child started. 222s [p11_child[2353]] [main] (0x2000): Running in [pre-auth] mode. 222s [p11_child[2353]] [main] (0x2000): Running with effective IDs: [0][0]. 222s [p11_child[2353]] [main] (0x2000): Running with real IDs [0][0]. 222s [p11_child[2353]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 222s [p11_child[2353]] [do_card] (0x4000): Module List: 222s [p11_child[2353]] [do_card] (0x4000): common name: [softhsm2]. 222s [p11_child[2353]] [do_card] (0x4000): dll name: [/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 222s [p11_child[2353]] [do_card] (0x4000): Description [SoftHSM slot ID 0x4880d959] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 222s [p11_child[2353]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 222s [p11_child[2353]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x4880d959][1216403801] of module [0][/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 222s [p11_child[2353]] [do_card] (0x4000): Login NOT required. 222s [p11_child[2353]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 222s [p11_child[2353]] [do_verification] (0x0040): X509_verify_cert failed [0]. 222s [p11_child[2353]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 222s [p11_child[2353]] [read_certs] (0x0040): Certificate [Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] not valid, skipping. 222s [p11_child[2353]] [do_card] (0x4000): No certificate found. 222s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-vGKIeX/SSSD-child-17080.output 222s + return 2 222s + valid_certificate /tmp/sssd-softhsm2-vGKIeX/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-21192 /tmp/sssd-softhsm2-vGKIeX/test-full-chain-CA.pem 222s + check_certificate /tmp/sssd-softhsm2-vGKIeX/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-21192 /tmp/sssd-softhsm2-vGKIeX/test-full-chain-CA.pem 222s + local certificate=/tmp/sssd-softhsm2-vGKIeX/test-intermediate-CA-trusted-certificate-0001.pem 222s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-21192 222s + local key_ring=/tmp/sssd-softhsm2-vGKIeX/test-full-chain-CA.pem 222s + local verify_option= 222s + prepare_softhsm2_card /tmp/sssd-softhsm2-vGKIeX/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-21192 222s + local certificate=/tmp/sssd-softhsm2-vGKIeX/test-intermediate-CA-trusted-certificate-0001.pem 222s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-21192 222s + local key_cn 222s + local key_name 222s + local tokens_dir 222s + local output_cert_file 222s + token_name= 222s ++ basename /tmp/sssd-softhsm2-vGKIeX/test-intermediate-CA-trusted-certificate-0001.pem .pem 222s + key_name=test-intermediate-CA-trusted-certificate-0001 222s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-vGKIeX/test-intermediate-CA-trusted-certificate-0001.pem 222s ++ sed -n 's/ *commonName *= //p' 222s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 222s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 222s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-vGKIeX/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 222s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-vGKIeX/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 222s ++ basename /tmp/sssd-softhsm2-vGKIeX/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 222s + tokens_dir=/tmp/sssd-softhsm2-vGKIeX/softhsm2-test-intermediate-CA-trusted-certificate-0001 222s + token_name='Test Organization Interme Token' 222s + '[' '!' -e /tmp/sssd-softhsm2-vGKIeX/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 222s + '[' '!' -d /tmp/sssd-softhsm2-vGKIeX/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 222s + echo 'Test Organization Interme Token' 222s + '[' -n '' ']' 222s + local output_base_name=SSSD-child-14731 222s + local output_file=/tmp/sssd-softhsm2-vGKIeX/SSSD-child-14731.output 222s + output_cert_file=/tmp/sssd-softhsm2-vGKIeX/SSSD-child-14731.pem 222s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-vGKIeX/test-full-chain-CA.pem 222s Test Organization Interme Token 222s [p11_child[2360]] [main] (0x0400): p11_child started. 222s [p11_child[2360]] [main] (0x2000): Running in [pre-auth] mode. 222s [p11_child[2360]] [main] (0x2000): Running with effective IDs: [0][0]. 222s [p11_child[2360]] [main] (0x2000): Running with real IDs [0][0]. 222s [p11_child[2360]] [do_card] (0x4000): Module List: 222s [p11_child[2360]] [do_card] (0x4000): common name: [softhsm2]. 222s [p11_child[2360]] [do_card] (0x4000): dll name: [/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 222s [p11_child[2360]] [do_card] (0x4000): Description [SoftHSM slot ID 0x4880d959] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 222s [p11_child[2360]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 222s [p11_child[2360]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x4880d959][1216403801] of module [0][/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 222s [p11_child[2360]] [do_card] (0x4000): Login NOT required. 222s [p11_child[2360]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 222s [p11_child[2360]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 222s [p11_child[2360]] [do_card] (0x4000): /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Interme Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 222s [p11_child[2360]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x4880d959;slot-manufacturer=SoftHSM%20project;slot-id=1216403801;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=101d9546c880d959;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 222s [p11_child[2360]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 222s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-vGKIeX/SSSD-child-14731.output 222s + echo '-----BEGIN CERTIFICATE-----' 222s + tail -n1 /tmp/sssd-softhsm2-vGKIeX/SSSD-child-14731.output 222s + echo '-----END CERTIFICATE-----' 222s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-vGKIeX/SSSD-child-14731.pem 222s Certificate: 222s Data: 222s Version: 3 (0x2) 222s Serial Number: 4 (0x4) 222s Signature Algorithm: sha256WithRSAEncryption 222s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 222s Validity 222s Not Before: Nov 16 08:20:19 2024 GMT 222s Not After : Nov 16 08:20:19 2025 GMT 222s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 222s Subject Public Key Info: 222s Public Key Algorithm: rsaEncryption 222s Public-Key: (1024 bit) 222s Modulus: 222s 00:b6:b8:aa:dc:ca:df:e1:e2:b2:1b:a2:1c:53:f9: 222s 36:1d:79:7b:c8:7e:c8:f9:f5:85:95:7f:63:18:4a: 222s e5:69:a9:ae:5c:b5:28:f4:7d:a5:f2:08:cb:da:d0: 222s 6a:6e:40:e2:b4:5c:0e:cc:f2:13:bd:27:76:a6:b2: 222s e0:73:81:aa:ab:86:5f:c1:03:5b:3f:bd:d4:66:6a: 222s 9b:de:e6:ea:47:33:2c:ee:a2:12:22:d0:45:d5:66: 222s 21:3c:9f:52:7a:15:59:03:31:e2:b2:60:63:28:1d: 222s 34:76:f6:c4:7a:67:a0:7d:33:94:2a:38:43:72:82: 222s d6:08:fb:b1:f7:d5:31:f6:5b 222s Exponent: 65537 (0x10001) 222s X509v3 extensions: 222s X509v3 Authority Key Identifier: 222s A5:BE:DF:55:00:65:6F:91:2E:96:46:7D:FB:7D:BA:50:20:2C:9C:37 222s X509v3 Basic Constraints: 222s CA:FALSE 222s Netscape Cert Type: 222s SSL Client, S/MIME 222s Netscape Comment: 222s Test Organization Intermediate CA trusted Certificate 222s X509v3 Subject Key Identifier: 222s F3:74:AE:FC:9B:75:4E:01:4F:B4:6E:95:DA:B7:A6:C8:8F:49:10:4A 222s X509v3 Key Usage: critical 222s Digital Signature, Non Repudiation, Key Encipherment 222s X509v3 Extended Key Usage: 222s TLS Web Client Authentication, E-mail Protection 222s X509v3 Subject Alternative Name: 222s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 222s Signature Algorithm: sha256WithRSAEncryption 222s Signature Value: 222s 4e:6f:97:e6:bf:44:f6:51:bb:1e:7f:b3:fe:c5:6b:7b:64:54: 222s 7f:b7:9c:c2:9d:73:2c:88:8a:1a:57:53:b1:58:42:87:67:f1: 222s d2:9a:53:de:92:ab:43:b1:a2:71:e7:2c:ff:2d:79:f9:4c:78: 222s 21:ef:3f:f8:e7:ba:90:84:4d:04:f0:1f:4c:fc:62:04:46:41: 222s c0:55:ec:11:66:1e:99:e3:73:92:7f:6f:43:fd:97:33:0d:e6: 222s 45:f2:c2:b2:25:c2:6a:00:a3:fa:85:bd:85:8d:2d:e1:62:32: 222s 8b:86:15:57:2a:61:e2:06:d7:8a:41:68:5f:c6:ff:85:42:0d: 222s c0:62 222s + local found_md5 expected_md5 222s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-vGKIeX/test-intermediate-CA-trusted-certificate-0001.pem 222s + expected_md5=Modulus=B6B8AADCCADFE1E2B21BA21C53F9361D797BC87EC8F9F585957F63184AE569A9AE5CB528F47DA5F208CBDAD06A6E40E2B45C0ECCF213BD2776A6B2E07381AAAB865FC1035B3FBDD4666A9BDEE6EA47332CEEA21222D045D566213C9F527A15590331E2B26063281D3476F6C47A67A07D33942A38437282D608FBB1F7D531F65B 222s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-vGKIeX/SSSD-child-14731.pem 222s + found_md5=Modulus=B6B8AADCCADFE1E2B21BA21C53F9361D797BC87EC8F9F585957F63184AE569A9AE5CB528F47DA5F208CBDAD06A6E40E2B45C0ECCF213BD2776A6B2E07381AAAB865FC1035B3FBDD4666A9BDEE6EA47332CEEA21222D045D566213C9F527A15590331E2B26063281D3476F6C47A67A07D33942A38437282D608FBB1F7D531F65B 222s + '[' Modulus=B6B8AADCCADFE1E2B21BA21C53F9361D797BC87EC8F9F585957F63184AE569A9AE5CB528F47DA5F208CBDAD06A6E40E2B45C0ECCF213BD2776A6B2E07381AAAB865FC1035B3FBDD4666A9BDEE6EA47332CEEA21222D045D566213C9F527A15590331E2B26063281D3476F6C47A67A07D33942A38437282D608FBB1F7D531F65B '!=' Modulus=B6B8AADCCADFE1E2B21BA21C53F9361D797BC87EC8F9F585957F63184AE569A9AE5CB528F47DA5F208CBDAD06A6E40E2B45C0ECCF213BD2776A6B2E07381AAAB865FC1035B3FBDD4666A9BDEE6EA47332CEEA21222D045D566213C9F527A15590331E2B26063281D3476F6C47A67A07D33942A38437282D608FBB1F7D531F65B ']' 222s + output_file=/tmp/sssd-softhsm2-vGKIeX/SSSD-child-14731-auth.output 222s ++ basename /tmp/sssd-softhsm2-vGKIeX/SSSD-child-14731-auth.output .output 222s + output_cert_file=/tmp/sssd-softhsm2-vGKIeX/SSSD-child-14731-auth.pem 222s + echo -n 053350 222s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-vGKIeX/test-full-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 '' --token_name 'Test Organization Interme Token' --module_name /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so 222s [p11_child[2368]] [main] (0x0400): p11_child started. 222s [p11_child[2368]] [main] (0x2000): Running in [auth] mode. 222s [p11_child[2368]] [main] (0x2000): Running with effective IDs: [0][0]. 222s [p11_child[2368]] [main] (0x2000): Running with real IDs [0][0]. 222s [p11_child[2368]] [do_card] (0x4000): Module List: 222s [p11_child[2368]] [do_card] (0x4000): common name: [softhsm2]. 222s [p11_child[2368]] [do_card] (0x4000): dll name: [/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 222s [p11_child[2368]] [do_card] (0x4000): Description [SoftHSM slot ID 0x4880d959] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 222s [p11_child[2368]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 222s [p11_child[2368]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x4880d959][1216403801] of module [0][/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 222s [p11_child[2368]] [do_card] (0x4000): Login required. 222s [p11_child[2368]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 222s [p11_child[2368]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 222s [p11_child[2368]] [do_card] (0x4000): /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so Test Organization Interme Token Test Organization Interme Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 222s [p11_child[2368]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x4880d959;slot-manufacturer=SoftHSM%20project;slot-id=1216403801;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=101d9546c880d959;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 222s [p11_child[2368]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 222s [p11_child[2368]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 222s [p11_child[2368]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 222s [p11_child[2368]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 222s [p11_child[2368]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 222s [p11_child[2368]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 222s [p11_child[2368]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 222s [p11_child[2368]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 222s [p11_child[2368]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 222s [p11_child[2368]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 222s [p11_child[2368]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 222s [p11_child[2368]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 222s [p11_child[2368]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 222s [p11_child[2368]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 222s [p11_child[2368]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 222s [p11_child[2368]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 222s [p11_child[2368]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 222s [p11_child[2368]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 222s [p11_child[2368]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 222s [p11_child[2368]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 222s [p11_child[2368]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 222s [p11_child[2368]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 222s [p11_child[2368]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 222s [p11_child[2368]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 222s [p11_child[2368]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 222s [p11_child[2368]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 222s [p11_child[2368]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 222s [p11_child[2368]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 222s [p11_child[2368]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 222s [p11_child[2368]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 222s [p11_child[2368]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 222s [p11_child[2368]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 222s [p11_child[2368]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 222s [p11_child[2368]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 222s [p11_child[2368]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 222s [p11_child[2368]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 222s [p11_child[2368]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 222s [p11_child[2368]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 222s [p11_child[2368]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 222s [p11_child[2368]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 222s [p11_child[2368]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 222s [p11_child[2368]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 222s [p11_child[2368]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 222s [p11_child[2368]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 222s [p11_child[2368]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 222s [p11_child[2368]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 222s [p11_child[2368]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 222s [p11_child[2368]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 222s [p11_child[2368]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 222s [p11_child[2368]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 222s [p11_child[2368]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 222s [p11_child[2368]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 222s [p11_child[2368]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 222s [p11_child[2368]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 222s [p11_child[2368]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 222s [p11_child[2368]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 222s [p11_child[2368]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 222s [p11_child[2368]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 222s [p11_child[2368]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 222s [p11_child[2368]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 222s [p11_child[2368]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 222s [p11_child[2368]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 222s [p11_child[2368]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 222s [p11_child[2368]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 222s [p11_child[2368]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 222s [p11_child[2368]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 222s [p11_child[2368]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 222s [p11_child[2368]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 222s [p11_child[2368]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 222s [p11_child[2368]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 222s [p11_child[2368]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 222s [p11_child[2368]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 222s [p11_child[2368]] [do_card] (0x4000): Certificate verified and validated. 222s [p11_child[2368]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 222s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-vGKIeX/SSSD-child-14731-auth.output 222s + echo '-----BEGIN CERTIFICATE-----' 222s + tail -n1 /tmp/sssd-softhsm2-vGKIeX/SSSD-child-14731-auth.output 222s + echo '-----END CERTIFICATE-----' 222s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-vGKIeX/SSSD-child-14731-auth.pem 222s Certificate: 222s Data: 222s Version: 3 (0x2) 222s Serial Number: 4 (0x4) 222s Signature Algorithm: sha256WithRSAEncryption 222s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 222s Validity 222s Not Before: Nov 16 08:20:19 2024 GMT 222s Not After : Nov 16 08:20:19 2025 GMT 222s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 222s Subject Public Key Info: 222s Public Key Algorithm: rsaEncryption 222s Public-Key: (1024 bit) 222s Modulus: 222s 00:b6:b8:aa:dc:ca:df:e1:e2:b2:1b:a2:1c:53:f9: 222s 36:1d:79:7b:c8:7e:c8:f9:f5:85:95:7f:63:18:4a: 222s e5:69:a9:ae:5c:b5:28:f4:7d:a5:f2:08:cb:da:d0: 222s 6a:6e:40:e2:b4:5c:0e:cc:f2:13:bd:27:76:a6:b2: 222s e0:73:81:aa:ab:86:5f:c1:03:5b:3f:bd:d4:66:6a: 222s 9b:de:e6:ea:47:33:2c:ee:a2:12:22:d0:45:d5:66: 222s 21:3c:9f:52:7a:15:59:03:31:e2:b2:60:63:28:1d: 222s 34:76:f6:c4:7a:67:a0:7d:33:94:2a:38:43:72:82: 222s d6:08:fb:b1:f7:d5:31:f6:5b 222s Exponent: 65537 (0x10001) 222s X509v3 extensions: 222s X509v3 Authority Key Identifier: 222s A5:BE:DF:55:00:65:6F:91:2E:96:46:7D:FB:7D:BA:50:20:2C:9C:37 222s X509v3 Basic Constraints: 222s CA:FALSE 222s Netscape Cert Type: 222s SSL Client, S/MIME 222s Netscape Comment: 222s Test Organization Intermediate CA trusted Certificate 222s X509v3 Subject Key Identifier: 222s F3:74:AE:FC:9B:75:4E:01:4F:B4:6E:95:DA:B7:A6:C8:8F:49:10:4A 222s X509v3 Key Usage: critical 222s Digital Signature, Non Repudiation, Key Encipherment 222s X509v3 Extended Key Usage: 222s TLS Web Client Authentication, E-mail Protection 222s X509v3 Subject Alternative Name: 222s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 222s Signature Algorithm: sha256WithRSAEncryption 222s Signature Value: 222s 4e:6f:97:e6:bf:44:f6:51:bb:1e:7f:b3:fe:c5:6b:7b:64:54: 222s 7f:b7:9c:c2:9d:73:2c:88:8a:1a:57:53:b1:58:42:87:67:f1: 222s d2:9a:53:de:92:ab:43:b1:a2:71:e7:2c:ff:2d:79:f9:4c:78: 222s 21:ef:3f:f8:e7:ba:90:84:4d:04:f0:1f:4c:fc:62:04:46:41: 222s c0:55:ec:11:66:1e:99:e3:73:92:7f:6f:43:fd:97:33:0d:e6: 222s 45:f2:c2:b2:25:c2:6a:00:a3:fa:85:bd:85:8d:2d:e1:62:32: 222s 8b:86:15:57:2a:61:e2:06:d7:8a:41:68:5f:c6:ff:85:42:0d: 222s c0:62 222s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-vGKIeX/SSSD-child-14731-auth.pem 222s + found_md5=Modulus=B6B8AADCCADFE1E2B21BA21C53F9361D797BC87EC8F9F585957F63184AE569A9AE5CB528F47DA5F208CBDAD06A6E40E2B45C0ECCF213BD2776A6B2E07381AAAB865FC1035B3FBDD4666A9BDEE6EA47332CEEA21222D045D566213C9F527A15590331E2B26063281D3476F6C47A67A07D33942A38437282D608FBB1F7D531F65B 222s + '[' Modulus=B6B8AADCCADFE1E2B21BA21C53F9361D797BC87EC8F9F585957F63184AE569A9AE5CB528F47DA5F208CBDAD06A6E40E2B45C0ECCF213BD2776A6B2E07381AAAB865FC1035B3FBDD4666A9BDEE6EA47332CEEA21222D045D566213C9F527A15590331E2B26063281D3476F6C47A67A07D33942A38437282D608FBB1F7D531F65B '!=' Modulus=B6B8AADCCADFE1E2B21BA21C53F9361D797BC87EC8F9F585957F63184AE569A9AE5CB528F47DA5F208CBDAD06A6E40E2B45C0ECCF213BD2776A6B2E07381AAAB865FC1035B3FBDD4666A9BDEE6EA47332CEEA21222D045D566213C9F527A15590331E2B26063281D3476F6C47A67A07D33942A38437282D608FBB1F7D531F65B ']' 222s + valid_certificate /tmp/sssd-softhsm2-vGKIeX/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-21192 /tmp/sssd-softhsm2-vGKIeX/test-full-chain-CA.pem partial_chain 222s + check_certificate /tmp/sssd-softhsm2-vGKIeX/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-21192 /tmp/sssd-softhsm2-vGKIeX/test-full-chain-CA.pem partial_chain 222s + local certificate=/tmp/sssd-softhsm2-vGKIeX/test-intermediate-CA-trusted-certificate-0001.pem 222s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-21192 222s + local key_ring=/tmp/sssd-softhsm2-vGKIeX/test-full-chain-CA.pem 222s + local verify_option=partial_chain 222s + prepare_softhsm2_card /tmp/sssd-softhsm2-vGKIeX/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-21192 222s + local certificate=/tmp/sssd-softhsm2-vGKIeX/test-intermediate-CA-trusted-certificate-0001.pem 222s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-21192 222s + local key_cn 222s + local key_name 222s + local tokens_dir 222s + local output_cert_file 222s + token_name= 222s ++ basename /tmp/sssd-softhsm2-vGKIeX/test-intermediate-CA-trusted-certificate-0001.pem .pem 222s + key_name=test-intermediate-CA-trusted-certificate-0001 222s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-vGKIeX/test-intermediate-CA-trusted-certificate-0001.pem 222s ++ sed -n 's/ *commonName *= //p' 222s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 222s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 222s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-vGKIeX/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 222s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-vGKIeX/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 222s ++ basename /tmp/sssd-softhsm2-vGKIeX/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 222s + tokens_dir=/tmp/sssd-softhsm2-vGKIeX/softhsm2-test-intermediate-CA-trusted-certificate-0001 222s + token_name='Test Organization Interme Token' 222s + '[' '!' -e /tmp/sssd-softhsm2-vGKIeX/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 222s + '[' '!' -d /tmp/sssd-softhsm2-vGKIeX/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 222s + echo 'Test Organization Interme Token' 222s + '[' -n partial_chain ']' 222s + local verify_arg=--verify=partial_chain 222s + local output_base_name=SSSD-child-26831 222s + local output_file=/tmp/sssd-softhsm2-vGKIeX/SSSD-child-26831.output 222s + output_cert_file=/tmp/sssd-softhsm2-vGKIeX/SSSD-child-26831.pem 222s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-vGKIeX/test-full-chain-CA.pem 222s Test Organization Interme Token 222s [p11_child[2378]] [main] (0x0400): p11_child started. 222s [p11_child[2378]] [main] (0x2000): Running in [pre-auth] mode. 222s [p11_child[2378]] [main] (0x2000): Running with effective IDs: [0][0]. 222s [p11_child[2378]] [main] (0x2000): Running with real IDs [0][0]. 222s [p11_child[2378]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 222s [p11_child[2378]] [do_card] (0x4000): Module List: 222s [p11_child[2378]] [do_card] (0x4000): common name: [softhsm2]. 222s [p11_child[2378]] [do_card] (0x4000): dll name: [/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 222s [p11_child[2378]] [do_card] (0x4000): Description [SoftHSM slot ID 0x4880d959] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 222s [p11_child[2378]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 222s [p11_child[2378]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x4880d959][1216403801] of module [0][/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 222s [p11_child[2378]] [do_card] (0x4000): Login NOT required. 222s [p11_child[2378]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 222s [p11_child[2378]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 222s [p11_child[2378]] [do_card] (0x4000): /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Interme Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 222s [p11_child[2378]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x4880d959;slot-manufacturer=SoftHSM%20project;slot-id=1216403801;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=101d9546c880d959;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 222s [p11_child[2378]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 222s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-vGKIeX/SSSD-child-26831.output 222s + echo '-----BEGIN CERTIFICATE-----' 222s + tail -n1 /tmp/sssd-softhsm2-vGKIeX/SSSD-child-26831.output 222s + echo '-----END CERTIFICATE-----' 222s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-vGKIeX/SSSD-child-26831.pem 222s Certificate: 222s Data: 222s Version: 3 (0x2) 222s Serial Number: 4 (0x4) 222s Signature Algorithm: sha256WithRSAEncryption 222s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 222s Validity 222s Not Before: Nov 16 08:20:19 2024 GMT 222s Not After : Nov 16 08:20:19 2025 GMT 222s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 222s Subject Public Key Info: 222s Public Key Algorithm: rsaEncryption 222s Public-Key: (1024 bit) 222s Modulus: 222s 00:b6:b8:aa:dc:ca:df:e1:e2:b2:1b:a2:1c:53:f9: 222s 36:1d:79:7b:c8:7e:c8:f9:f5:85:95:7f:63:18:4a: 222s e5:69:a9:ae:5c:b5:28:f4:7d:a5:f2:08:cb:da:d0: 222s 6a:6e:40:e2:b4:5c:0e:cc:f2:13:bd:27:76:a6:b2: 222s e0:73:81:aa:ab:86:5f:c1:03:5b:3f:bd:d4:66:6a: 222s 9b:de:e6:ea:47:33:2c:ee:a2:12:22:d0:45:d5:66: 222s 21:3c:9f:52:7a:15:59:03:31:e2:b2:60:63:28:1d: 222s 34:76:f6:c4:7a:67:a0:7d:33:94:2a:38:43:72:82: 222s d6:08:fb:b1:f7:d5:31:f6:5b 222s Exponent: 65537 (0x10001) 222s X509v3 extensions: 222s X509v3 Authority Key Identifier: 222s A5:BE:DF:55:00:65:6F:91:2E:96:46:7D:FB:7D:BA:50:20:2C:9C:37 222s X509v3 Basic Constraints: 222s CA:FALSE 222s Netscape Cert Type: 222s SSL Client, S/MIME 222s Netscape Comment: 222s Test Organization Intermediate CA trusted Certificate 222s X509v3 Subject Key Identifier: 222s F3:74:AE:FC:9B:75:4E:01:4F:B4:6E:95:DA:B7:A6:C8:8F:49:10:4A 222s X509v3 Key Usage: critical 222s Digital Signature, Non Repudiation, Key Encipherment 222s X509v3 Extended Key Usage: 222s TLS Web Client Authentication, E-mail Protection 222s X509v3 Subject Alternative Name: 222s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 222s Signature Algorithm: sha256WithRSAEncryption 222s Signature Value: 222s 4e:6f:97:e6:bf:44:f6:51:bb:1e:7f:b3:fe:c5:6b:7b:64:54: 222s 7f:b7:9c:c2:9d:73:2c:88:8a:1a:57:53:b1:58:42:87:67:f1: 222s d2:9a:53:de:92:ab:43:b1:a2:71:e7:2c:ff:2d:79:f9:4c:78: 222s 21:ef:3f:f8:e7:ba:90:84:4d:04:f0:1f:4c:fc:62:04:46:41: 222s c0:55:ec:11:66:1e:99:e3:73:92:7f:6f:43:fd:97:33:0d:e6: 222s 45:f2:c2:b2:25:c2:6a:00:a3:fa:85:bd:85:8d:2d:e1:62:32: 222s 8b:86:15:57:2a:61:e2:06:d7:8a:41:68:5f:c6:ff:85:42:0d: 222s c0:62 222s + local found_md5 expected_md5 222s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-vGKIeX/test-intermediate-CA-trusted-certificate-0001.pem 222s + expected_md5=Modulus=B6B8AADCCADFE1E2B21BA21C53F9361D797BC87EC8F9F585957F63184AE569A9AE5CB528F47DA5F208CBDAD06A6E40E2B45C0ECCF213BD2776A6B2E07381AAAB865FC1035B3FBDD4666A9BDEE6EA47332CEEA21222D045D566213C9F527A15590331E2B26063281D3476F6C47A67A07D33942A38437282D608FBB1F7D531F65B 222s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-vGKIeX/SSSD-child-26831.pem 222s + found_md5=Modulus=B6B8AADCCADFE1E2B21BA21C53F9361D797BC87EC8F9F585957F63184AE569A9AE5CB528F47DA5F208CBDAD06A6E40E2B45C0ECCF213BD2776A6B2E07381AAAB865FC1035B3FBDD4666A9BDEE6EA47332CEEA21222D045D566213C9F527A15590331E2B26063281D3476F6C47A67A07D33942A38437282D608FBB1F7D531F65B 222s + '[' Modulus=B6B8AADCCADFE1E2B21BA21C53F9361D797BC87EC8F9F585957F63184AE569A9AE5CB528F47DA5F208CBDAD06A6E40E2B45C0ECCF213BD2776A6B2E07381AAAB865FC1035B3FBDD4666A9BDEE6EA47332CEEA21222D045D566213C9F527A15590331E2B26063281D3476F6C47A67A07D33942A38437282D608FBB1F7D531F65B '!=' Modulus=B6B8AADCCADFE1E2B21BA21C53F9361D797BC87EC8F9F585957F63184AE569A9AE5CB528F47DA5F208CBDAD06A6E40E2B45C0ECCF213BD2776A6B2E07381AAAB865FC1035B3FBDD4666A9BDEE6EA47332CEEA21222D045D566213C9F527A15590331E2B26063281D3476F6C47A67A07D33942A38437282D608FBB1F7D531F65B ']' 222s + output_file=/tmp/sssd-softhsm2-vGKIeX/SSSD-child-26831-auth.output 222s ++ basename /tmp/sssd-softhsm2-vGKIeX/SSSD-child-26831-auth.output .output 222s + output_cert_file=/tmp/sssd-softhsm2-vGKIeX/SSSD-child-26831-auth.pem 222s + echo -n 053350 222s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-vGKIeX/test-full-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Interme Token' --module_name /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so 222s [p11_child[2386]] [main] (0x0400): p11_child started. 222s [p11_child[2386]] [main] (0x2000): Running in [auth] mode. 222s [p11_child[2386]] [main] (0x2000): Running with effective IDs: [0][0]. 222s [p11_child[2386]] [main] (0x2000): Running with real IDs [0][0]. 222s [p11_child[2386]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 222s [p11_child[2386]] [do_card] (0x4000): Module List: 222s [p11_child[2386]] [do_card] (0x4000): common name: [softhsm2]. 222s [p11_child[2386]] [do_card] (0x4000): dll name: [/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 222s [p11_child[2386]] [do_card] (0x4000): Description [SoftHSM slot ID 0x4880d959] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 222s [p11_child[2386]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 222s [p11_child[2386]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x4880d959][1216403801] of module [0][/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 222s [p11_child[2386]] [do_card] (0x4000): Login required. 222s [p11_child[2386]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 222s [p11_child[2386]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 222s [p11_child[2386]] [do_card] (0x4000): /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so Test Organization Interme Token Test Organization Interme Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 222s [p11_child[2386]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x4880d959;slot-manufacturer=SoftHSM%20project;slot-id=1216403801;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=101d9546c880d959;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 222s [p11_child[2386]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 222s [p11_child[2386]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 222s [p11_child[2386]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 222s [p11_child[2386]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 222s [p11_child[2386]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 222s [p11_child[2386]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 222s [p11_child[2386]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 222s [p11_child[2386]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 222s [p11_child[2386]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 222s [p11_child[2386]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 222s [p11_child[2386]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 222s [p11_child[2386]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 222s [p11_child[2386]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 222s [p11_child[2386]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 222s [p11_child[2386]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 222s [p11_child[2386]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 222s [p11_child[2386]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 222s [p11_child[2386]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 222s [p11_child[2386]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 222s [p11_child[2386]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 222s [p11_child[2386]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 222s [p11_child[2386]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 222s [p11_child[2386]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 222s [p11_child[2386]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 222s [p11_child[2386]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 222s [p11_child[2386]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 222s [p11_child[2386]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 222s [p11_child[2386]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 222s [p11_child[2386]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 222s [p11_child[2386]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 222s [p11_child[2386]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 222s [p11_child[2386]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 222s [p11_child[2386]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 222s [p11_child[2386]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 222s [p11_child[2386]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 222s [p11_child[2386]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 222s [p11_child[2386]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 222s [p11_child[2386]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 222s [p11_child[2386]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 222s [p11_child[2386]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 222s [p11_child[2386]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 222s [p11_child[2386]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 222s [p11_child[2386]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 222s [p11_child[2386]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 222s [p11_child[2386]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 222s [p11_child[2386]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 222s [p11_child[2386]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 222s [p11_child[2386]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 222s [p11_child[2386]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 222s [p11_child[2386]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 222s [p11_child[2386]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 222s [p11_child[2386]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 222s [p11_child[2386]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 222s [p11_child[2386]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 222s [p11_child[2386]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 222s [p11_child[2386]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 222s [p11_child[2386]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 222s [p11_child[2386]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 222s [p11_child[2386]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 222s [p11_child[2386]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 222s [p11_child[2386]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 222s [p11_child[2386]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 222s [p11_child[2386]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 222s [p11_child[2386]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 222s [p11_child[2386]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 222s [p11_child[2386]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 222s [p11_child[2386]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 222s [p11_child[2386]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 222s [p11_child[2386]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 222s [p11_child[2386]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 222s [p11_child[2386]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 222s [p11_child[2386]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 222s [p11_child[2386]] [do_card] (0x4000): Certificate verified and validated. 222s [p11_child[2386]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 222s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-vGKIeX/SSSD-child-26831-auth.output 222s + echo '-----BEGIN CERTIFICATE-----' 222s + tail -n1 /tmp/sssd-softhsm2-vGKIeX/SSSD-child-26831-auth.output 222s + echo '-----END CERTIFICATE-----' 222s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-vGKIeX/SSSD-child-26831-auth.pem 222s Certificate: 222s Data: 222s Version: 3 (0x2) 222s Serial Number: 4 (0x4) 222s Signature Algorithm: sha256WithRSAEncryption 222s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 222s Validity 222s Not Before: Nov 16 08:20:19 2024 GMT 222s Not After : Nov 16 08:20:19 2025 GMT 222s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 222s Subject Public Key Info: 222s Public Key Algorithm: rsaEncryption 222s Public-Key: (1024 bit) 222s Modulus: 222s 00:b6:b8:aa:dc:ca:df:e1:e2:b2:1b:a2:1c:53:f9: 222s 36:1d:79:7b:c8:7e:c8:f9:f5:85:95:7f:63:18:4a: 222s e5:69:a9:ae:5c:b5:28:f4:7d:a5:f2:08:cb:da:d0: 222s 6a:6e:40:e2:b4:5c:0e:cc:f2:13:bd:27:76:a6:b2: 222s e0:73:81:aa:ab:86:5f:c1:03:5b:3f:bd:d4:66:6a: 222s 9b:de:e6:ea:47:33:2c:ee:a2:12:22:d0:45:d5:66: 222s 21:3c:9f:52:7a:15:59:03:31:e2:b2:60:63:28:1d: 222s 34:76:f6:c4:7a:67:a0:7d:33:94:2a:38:43:72:82: 222s d6:08:fb:b1:f7:d5:31:f6:5b 222s Exponent: 65537 (0x10001) 222s X509v3 extensions: 222s X509v3 Authority Key Identifier: 222s A5:BE:DF:55:00:65:6F:91:2E:96:46:7D:FB:7D:BA:50:20:2C:9C:37 222s X509v3 Basic Constraints: 222s CA:FALSE 222s Netscape Cert Type: 222s SSL Client, S/MIME 222s Netscape Comment: 222s Test Organization Intermediate CA trusted Certificate 222s X509v3 Subject Key Identifier: 222s F3:74:AE:FC:9B:75:4E:01:4F:B4:6E:95:DA:B7:A6:C8:8F:49:10:4A 222s X509v3 Key Usage: critical 222s Digital Signature, Non Repudiation, Key Encipherment 222s X509v3 Extended Key Usage: 222s TLS Web Client Authentication, E-mail Protection 222s X509v3 Subject Alternative Name: 222s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 222s Signature Algorithm: sha256WithRSAEncryption 222s Signature Value: 222s 4e:6f:97:e6:bf:44:f6:51:bb:1e:7f:b3:fe:c5:6b:7b:64:54: 222s 7f:b7:9c:c2:9d:73:2c:88:8a:1a:57:53:b1:58:42:87:67:f1: 222s d2:9a:53:de:92:ab:43:b1:a2:71:e7:2c:ff:2d:79:f9:4c:78: 222s 21:ef:3f:f8:e7:ba:90:84:4d:04:f0:1f:4c:fc:62:04:46:41: 222s c0:55:ec:11:66:1e:99:e3:73:92:7f:6f:43:fd:97:33:0d:e6: 222s 45:f2:c2:b2:25:c2:6a:00:a3:fa:85:bd:85:8d:2d:e1:62:32: 222s 8b:86:15:57:2a:61:e2:06:d7:8a:41:68:5f:c6:ff:85:42:0d: 222s c0:62 222s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-vGKIeX/SSSD-child-26831-auth.pem 222s + found_md5=Modulus=B6B8AADCCADFE1E2B21BA21C53F9361D797BC87EC8F9F585957F63184AE569A9AE5CB528F47DA5F208CBDAD06A6E40E2B45C0ECCF213BD2776A6B2E07381AAAB865FC1035B3FBDD4666A9BDEE6EA47332CEEA21222D045D566213C9F527A15590331E2B26063281D3476F6C47A67A07D33942A38437282D608FBB1F7D531F65B 222s + '[' Modulus=B6B8AADCCADFE1E2B21BA21C53F9361D797BC87EC8F9F585957F63184AE569A9AE5CB528F47DA5F208CBDAD06A6E40E2B45C0ECCF213BD2776A6B2E07381AAAB865FC1035B3FBDD4666A9BDEE6EA47332CEEA21222D045D566213C9F527A15590331E2B26063281D3476F6C47A67A07D33942A38437282D608FBB1F7D531F65B '!=' Modulus=B6B8AADCCADFE1E2B21BA21C53F9361D797BC87EC8F9F585957F63184AE569A9AE5CB528F47DA5F208CBDAD06A6E40E2B45C0ECCF213BD2776A6B2E07381AAAB865FC1035B3FBDD4666A9BDEE6EA47332CEEA21222D045D566213C9F527A15590331E2B26063281D3476F6C47A67A07D33942A38437282D608FBB1F7D531F65B ']' 222s + invalid_certificate /tmp/sssd-softhsm2-vGKIeX/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-21192 /tmp/sssd-softhsm2-vGKIeX/test-intermediate-CA.pem 222s + check_certificate /tmp/sssd-softhsm2-vGKIeX/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-21192 /tmp/sssd-softhsm2-vGKIeX/test-intermediate-CA.pem 222s + local certificate=/tmp/sssd-softhsm2-vGKIeX/test-intermediate-CA-trusted-certificate-0001.pem 222s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-21192 222s + local key_ring=/tmp/sssd-softhsm2-vGKIeX/test-intermediate-CA.pem 222s + local verify_option= 222s + prepare_softhsm2_card /tmp/sssd-softhsm2-vGKIeX/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-21192 222s + local certificate=/tmp/sssd-softhsm2-vGKIeX/test-intermediate-CA-trusted-certificate-0001.pem 222s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-21192 222s + local key_cn 222s + local key_name 222s + local tokens_dir 222s + local output_cert_file 222s + token_name= 222s ++ basename /tmp/sssd-softhsm2-vGKIeX/test-intermediate-CA-trusted-certificate-0001.pem .pem 222s + key_name=test-intermediate-CA-trusted-certificate-0001 222s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-vGKIeX/test-intermediate-CA-trusted-certificate-0001.pem 222s ++ sed -n 's/ *commonName *= //p' 222s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 222s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 222s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-vGKIeX/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 222s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-vGKIeX/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 222s ++ basename /tmp/sssd-softhsm2-vGKIeX/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 222s + tokens_dir=/tmp/sssd-softhsm2-vGKIeX/softhsm2-test-intermediate-CA-trusted-certificate-0001 222s + token_name='Test Organization Interme Token' 222s + '[' '!' -e /tmp/sssd-softhsm2-vGKIeX/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 222s + '[' '!' -d /tmp/sssd-softhsm2-vGKIeX/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 222s + echo 'Test Organization Interme Token' 222s + '[' -n '' ']' 222s + local output_base_name=SSSD-child-28842 222s + local output_file=/tmp/sssd-softhsm2-vGKIeX/SSSD-child-28842.output 222s + output_cert_file=/tmp/sssd-softhsm2-vGKIeX/SSSD-child-28842.pem 222s Test Organization Interme Token 222s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-vGKIeX/test-intermediate-CA.pem 222s [p11_child[2396]] [main] (0x0400): p11_child started. 222s [p11_child[2396]] [main] (0x2000): Running in [pre-auth] mode. 222s [p11_child[2396]] [main] (0x2000): Running with effective IDs: [0][0]. 222s [p11_child[2396]] [main] (0x2000): Running with real IDs [0][0]. 222s [p11_child[2396]] [do_card] (0x4000): Module List: 222s [p11_child[2396]] [do_card] (0x4000): common name: [softhsm2]. 222s [p11_child[2396]] [do_card] (0x4000): dll name: [/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 222s [p11_child[2396]] [do_card] (0x4000): Description [SoftHSM slot ID 0x4880d959] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 222s [p11_child[2396]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 222s [p11_child[2396]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x4880d959][1216403801] of module [0][/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 222s [p11_child[2396]] [do_card] (0x4000): Login NOT required. 222s [p11_child[2396]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 222s [p11_child[2396]] [do_verification] (0x0040): X509_verify_cert failed [0]. 222s [p11_child[2396]] [do_verification] (0x0040): X509_verify_cert failed [2][unable to get issuer certificate]. 222s [p11_child[2396]] [read_certs] (0x0040): Certificate [Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] not valid, skipping. 222s [p11_child[2396]] [do_card] (0x4000): No certificate found. 222s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-vGKIeX/SSSD-child-28842.output 222s + return 2 222s + valid_certificate /tmp/sssd-softhsm2-vGKIeX/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-21192 /tmp/sssd-softhsm2-vGKIeX/test-intermediate-CA.pem partial_chain 222s + check_certificate /tmp/sssd-softhsm2-vGKIeX/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-21192 /tmp/sssd-softhsm2-vGKIeX/test-intermediate-CA.pem partial_chain 222s + local certificate=/tmp/sssd-softhsm2-vGKIeX/test-intermediate-CA-trusted-certificate-0001.pem 222s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-21192 222s + local key_ring=/tmp/sssd-softhsm2-vGKIeX/test-intermediate-CA.pem 222s + local verify_option=partial_chain 222s + prepare_softhsm2_card /tmp/sssd-softhsm2-vGKIeX/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-21192 222s + local certificate=/tmp/sssd-softhsm2-vGKIeX/test-intermediate-CA-trusted-certificate-0001.pem 222s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-21192 222s + local key_cn 222s + local key_name 222s + local tokens_dir 222s + local output_cert_file 222s + token_name= 222s ++ basename /tmp/sssd-softhsm2-vGKIeX/test-intermediate-CA-trusted-certificate-0001.pem .pem 222s + key_name=test-intermediate-CA-trusted-certificate-0001 222s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-vGKIeX/test-intermediate-CA-trusted-certificate-0001.pem 222s ++ sed -n 's/ *commonName *= //p' 222s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 222s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 222s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-vGKIeX/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 222s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-vGKIeX/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 222s ++ basename /tmp/sssd-softhsm2-vGKIeX/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 222s + tokens_dir=/tmp/sssd-softhsm2-vGKIeX/softhsm2-test-intermediate-CA-trusted-certificate-0001 222s + token_name='Test Organization Interme Token' 222s + '[' '!' -e /tmp/sssd-softhsm2-vGKIeX/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 222s + '[' '!' -d /tmp/sssd-softhsm2-vGKIeX/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 222s + echo 'Test Organization Interme Token' 222s Test Organization Interme Token 222s + '[' -n partial_chain ']' 222s + local verify_arg=--verify=partial_chain 222s + local output_base_name=SSSD-child-27750 222s + local output_file=/tmp/sssd-softhsm2-vGKIeX/SSSD-child-27750.output 222s + output_cert_file=/tmp/sssd-softhsm2-vGKIeX/SSSD-child-27750.pem 222s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-vGKIeX/test-intermediate-CA.pem 222s [p11_child[2403]] [main] (0x0400): p11_child started. 222s [p11_child[2403]] [main] (0x2000): Running in [pre-auth] mode. 222s [p11_child[2403]] [main] (0x2000): Running with effective IDs: [0][0]. 222s [p11_child[2403]] [main] (0x2000): Running with real IDs [0][0]. 222s [p11_child[2403]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 222s [p11_child[2403]] [do_card] (0x4000): Module List: 222s [p11_child[2403]] [do_card] (0x4000): common name: [softhsm2]. 222s [p11_child[2403]] [do_card] (0x4000): dll name: [/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 222s [p11_child[2403]] [do_card] (0x4000): Description [SoftHSM slot ID 0x4880d959] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 222s [p11_child[2403]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 222s [p11_child[2403]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x4880d959][1216403801] of module [0][/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 222s [p11_child[2403]] [do_card] (0x4000): Login NOT required. 222s [p11_child[2403]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 222s [p11_child[2403]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 222s [p11_child[2403]] [do_card] (0x4000): /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Interme Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 222s [p11_child[2403]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x4880d959;slot-manufacturer=SoftHSM%20project;slot-id=1216403801;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=101d9546c880d959;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 222s [p11_child[2403]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 222s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-vGKIeX/SSSD-child-27750.output 222s + echo '-----BEGIN CERTIFICATE-----' 222s + tail -n1 /tmp/sssd-softhsm2-vGKIeX/SSSD-child-27750.output 222s + echo '-----END CERTIFICATE-----' 222s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-vGKIeX/SSSD-child-27750.pem 222s Certificate: 222s Data: 222s Version: 3 (0x2) 222s Serial Number: 4 (0x4) 222s Signature Algorithm: sha256WithRSAEncryption 222s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 222s Validity 222s Not Before: Nov 16 08:20:19 2024 GMT 222s Not After : Nov 16 08:20:19 2025 GMT 222s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 222s Subject Public Key Info: 222s Public Key Algorithm: rsaEncryption 222s Public-Key: (1024 bit) 222s Modulus: 222s 00:b6:b8:aa:dc:ca:df:e1:e2:b2:1b:a2:1c:53:f9: 222s 36:1d:79:7b:c8:7e:c8:f9:f5:85:95:7f:63:18:4a: 222s e5:69:a9:ae:5c:b5:28:f4:7d:a5:f2:08:cb:da:d0: 222s 6a:6e:40:e2:b4:5c:0e:cc:f2:13:bd:27:76:a6:b2: 222s e0:73:81:aa:ab:86:5f:c1:03:5b:3f:bd:d4:66:6a: 222s 9b:de:e6:ea:47:33:2c:ee:a2:12:22:d0:45:d5:66: 222s 21:3c:9f:52:7a:15:59:03:31:e2:b2:60:63:28:1d: 222s 34:76:f6:c4:7a:67:a0:7d:33:94:2a:38:43:72:82: 222s d6:08:fb:b1:f7:d5:31:f6:5b 222s Exponent: 65537 (0x10001) 222s X509v3 extensions: 222s X509v3 Authority Key Identifier: 222s A5:BE:DF:55:00:65:6F:91:2E:96:46:7D:FB:7D:BA:50:20:2C:9C:37 222s X509v3 Basic Constraints: 222s CA:FALSE 222s Netscape Cert Type: 222s SSL Client, S/MIME 222s Netscape Comment: 222s Test Organization Intermediate CA trusted Certificate 222s X509v3 Subject Key Identifier: 222s F3:74:AE:FC:9B:75:4E:01:4F:B4:6E:95:DA:B7:A6:C8:8F:49:10:4A 222s X509v3 Key Usage: critical 222s Digital Signature, Non Repudiation, Key Encipherment 222s X509v3 Extended Key Usage: 222s TLS Web Client Authentication, E-mail Protection 222s X509v3 Subject Alternative Name: 222s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 222s Signature Algorithm: sha256WithRSAEncryption 222s Signature Value: 222s 4e:6f:97:e6:bf:44:f6:51:bb:1e:7f:b3:fe:c5:6b:7b:64:54: 222s 7f:b7:9c:c2:9d:73:2c:88:8a:1a:57:53:b1:58:42:87:67:f1: 222s d2:9a:53:de:92:ab:43:b1:a2:71:e7:2c:ff:2d:79:f9:4c:78: 222s 21:ef:3f:f8:e7:ba:90:84:4d:04:f0:1f:4c:fc:62:04:46:41: 222s c0:55:ec:11:66:1e:99:e3:73:92:7f:6f:43:fd:97:33:0d:e6: 222s 45:f2:c2:b2:25:c2:6a:00:a3:fa:85:bd:85:8d:2d:e1:62:32: 222s 8b:86:15:57:2a:61:e2:06:d7:8a:41:68:5f:c6:ff:85:42:0d: 222s c0:62 222s + local found_md5 expected_md5 222s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-vGKIeX/test-intermediate-CA-trusted-certificate-0001.pem 222s + expected_md5=Modulus=B6B8AADCCADFE1E2B21BA21C53F9361D797BC87EC8F9F585957F63184AE569A9AE5CB528F47DA5F208CBDAD06A6E40E2B45C0ECCF213BD2776A6B2E07381AAAB865FC1035B3FBDD4666A9BDEE6EA47332CEEA21222D045D566213C9F527A15590331E2B26063281D3476F6C47A67A07D33942A38437282D608FBB1F7D531F65B 222s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-vGKIeX/SSSD-child-27750.pem 222s + found_md5=Modulus=B6B8AADCCADFE1E2B21BA21C53F9361D797BC87EC8F9F585957F63184AE569A9AE5CB528F47DA5F208CBDAD06A6E40E2B45C0ECCF213BD2776A6B2E07381AAAB865FC1035B3FBDD4666A9BDEE6EA47332CEEA21222D045D566213C9F527A15590331E2B26063281D3476F6C47A67A07D33942A38437282D608FBB1F7D531F65B 222s + '[' Modulus=B6B8AADCCADFE1E2B21BA21C53F9361D797BC87EC8F9F585957F63184AE569A9AE5CB528F47DA5F208CBDAD06A6E40E2B45C0ECCF213BD2776A6B2E07381AAAB865FC1035B3FBDD4666A9BDEE6EA47332CEEA21222D045D566213C9F527A15590331E2B26063281D3476F6C47A67A07D33942A38437282D608FBB1F7D531F65B '!=' Modulus=B6B8AADCCADFE1E2B21BA21C53F9361D797BC87EC8F9F585957F63184AE569A9AE5CB528F47DA5F208CBDAD06A6E40E2B45C0ECCF213BD2776A6B2E07381AAAB865FC1035B3FBDD4666A9BDEE6EA47332CEEA21222D045D566213C9F527A15590331E2B26063281D3476F6C47A67A07D33942A38437282D608FBB1F7D531F65B ']' 222s + output_file=/tmp/sssd-softhsm2-vGKIeX/SSSD-child-27750-auth.output 222s ++ basename /tmp/sssd-softhsm2-vGKIeX/SSSD-child-27750-auth.output .output 222s + output_cert_file=/tmp/sssd-softhsm2-vGKIeX/SSSD-child-27750-auth.pem 222s + echo -n 053350 222s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-vGKIeX/test-intermediate-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Interme Token' --module_name /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so 222s [p11_child[2411]] [main] (0x0400): p11_child started. 222s [p11_child[2411]] [main] (0x2000): Running in [auth] mode. 222s [p11_child[2411]] [main] (0x2000): Running with effective IDs: [0][0]. 222s [p11_child[2411]] [main] (0x2000): Running with real IDs [0][0]. 222s [p11_child[2411]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 222s [p11_child[2411]] [do_card] (0x4000): Module List: 222s [p11_child[2411]] [do_card] (0x4000): common name: [softhsm2]. 222s [p11_child[2411]] [do_card] (0x4000): dll name: [/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 222s [p11_child[2411]] [do_card] (0x4000): Description [SoftHSM slot ID 0x4880d959] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 222s [p11_child[2411]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 222s [p11_child[2411]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x4880d959][1216403801] of module [0][/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 222s [p11_child[2411]] [do_card] (0x4000): Login required. 222s [p11_child[2411]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 222s [p11_child[2411]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 222s [p11_child[2411]] [do_card] (0x4000): /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so Test Organization Interme Token Test Organization Interme Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 222s [p11_child[2411]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x4880d959;slot-manufacturer=SoftHSM%20project;slot-id=1216403801;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=101d9546c880d959;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 222s [p11_child[2411]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 222s [p11_child[2411]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 222s [p11_child[2411]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 222s [p11_child[2411]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 222s [p11_child[2411]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 222s [p11_child[2411]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 222s [p11_child[2411]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 222s [p11_child[2411]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 222s [p11_child[2411]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 222s [p11_child[2411]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 222s [p11_child[2411]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 222s [p11_child[2411]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 222s [p11_child[2411]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 222s [p11_child[2411]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 222s [p11_child[2411]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 222s [p11_child[2411]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 222s [p11_child[2411]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 222s [p11_child[2411]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 222s [p11_child[2411]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 222s [p11_child[2411]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 222s [p11_child[2411]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 222s [p11_child[2411]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 222s [p11_child[2411]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 222s [p11_child[2411]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 222s [p11_child[2411]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 222s [p11_child[2411]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 222s [p11_child[2411]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 222s [p11_child[2411]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 222s [p11_child[2411]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 222s [p11_child[2411]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 222s [p11_child[2411]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 222s [p11_child[2411]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 222s [p11_child[2411]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 222s [p11_child[2411]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 222s [p11_child[2411]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 222s [p11_child[2411]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 222s [p11_child[2411]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 222s [p11_child[2411]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 222s [p11_child[2411]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 222s [p11_child[2411]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 222s [p11_child[2411]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 222s [p11_child[2411]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 222s [p11_child[2411]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 222s [p11_child[2411]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 222s [p11_child[2411]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 222s [p11_child[2411]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 222s [p11_child[2411]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 222s [p11_child[2411]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 222s [p11_child[2411]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 222s [p11_child[2411]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 222s [p11_child[2411]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 222s [p11_child[2411]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 222s [p11_child[2411]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 222s [p11_child[2411]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 222s [p11_child[2411]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 222s [p11_child[2411]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 222s [p11_child[2411]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 222s [p11_child[2411]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 222s [p11_child[2411]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 222s [p11_child[2411]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 222s [p11_child[2411]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 222s [p11_child[2411]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 222s [p11_child[2411]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 222s [p11_child[2411]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 222s [p11_child[2411]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 222s [p11_child[2411]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 222s [p11_child[2411]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 222s [p11_child[2411]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 222s [p11_child[2411]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 222s [p11_child[2411]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 222s [p11_child[2411]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 222s [p11_child[2411]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 222s [p11_child[2411]] [do_card] (0x4000): Certificate verified and validated. 222s [p11_child[2411]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 222s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-vGKIeX/SSSD-child-27750-auth.output 222s + echo '-----BEGIN CERTIFICATE-----' 222s + tail -n1 /tmp/sssd-softhsm2-vGKIeX/SSSD-child-27750-auth.output 222s + echo '-----END CERTIFICATE-----' 222s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-vGKIeX/SSSD-child-27750-auth.pem 222s Certificate: 222s Data: 222s Version: 3 (0x2) 222s Serial Number: 4 (0x4) 222s Signature Algorithm: sha256WithRSAEncryption 222s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 222s Validity 222s Not Before: Nov 16 08:20:19 2024 GMT 222s Not After : Nov 16 08:20:19 2025 GMT 222s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 222s Subject Public Key Info: 222s Public Key Algorithm: rsaEncryption 222s Public-Key: (1024 bit) 222s Modulus: 222s 00:b6:b8:aa:dc:ca:df:e1:e2:b2:1b:a2:1c:53:f9: 222s 36:1d:79:7b:c8:7e:c8:f9:f5:85:95:7f:63:18:4a: 222s e5:69:a9:ae:5c:b5:28:f4:7d:a5:f2:08:cb:da:d0: 222s 6a:6e:40:e2:b4:5c:0e:cc:f2:13:bd:27:76:a6:b2: 222s e0:73:81:aa:ab:86:5f:c1:03:5b:3f:bd:d4:66:6a: 222s 9b:de:e6:ea:47:33:2c:ee:a2:12:22:d0:45:d5:66: 222s 21:3c:9f:52:7a:15:59:03:31:e2:b2:60:63:28:1d: 222s 34:76:f6:c4:7a:67:a0:7d:33:94:2a:38:43:72:82: 222s d6:08:fb:b1:f7:d5:31:f6:5b 222s Exponent: 65537 (0x10001) 222s X509v3 extensions: 222s X509v3 Authority Key Identifier: 222s A5:BE:DF:55:00:65:6F:91:2E:96:46:7D:FB:7D:BA:50:20:2C:9C:37 222s X509v3 Basic Constraints: 222s CA:FALSE 222s Netscape Cert Type: 222s SSL Client, S/MIME 222s Netscape Comment: 222s Test Organization Intermediate CA trusted Certificate 222s X509v3 Subject Key Identifier: 222s F3:74:AE:FC:9B:75:4E:01:4F:B4:6E:95:DA:B7:A6:C8:8F:49:10:4A 222s X509v3 Key Usage: critical 222s Digital Signature, Non Repudiation, Key Encipherment 222s X509v3 Extended Key Usage: 222s TLS Web Client Authentication, E-mail Protection 222s X509v3 Subject Alternative Name: 222s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 222s Signature Algorithm: sha256WithRSAEncryption 222s Signature Value: 222s 4e:6f:97:e6:bf:44:f6:51:bb:1e:7f:b3:fe:c5:6b:7b:64:54: 222s 7f:b7:9c:c2:9d:73:2c:88:8a:1a:57:53:b1:58:42:87:67:f1: 222s d2:9a:53:de:92:ab:43:b1:a2:71:e7:2c:ff:2d:79:f9:4c:78: 222s 21:ef:3f:f8:e7:ba:90:84:4d:04:f0:1f:4c:fc:62:04:46:41: 222s c0:55:ec:11:66:1e:99:e3:73:92:7f:6f:43:fd:97:33:0d:e6: 222s 45:f2:c2:b2:25:c2:6a:00:a3:fa:85:bd:85:8d:2d:e1:62:32: 222s 8b:86:15:57:2a:61:e2:06:d7:8a:41:68:5f:c6:ff:85:42:0d: 222s c0:62 222s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-vGKIeX/SSSD-child-27750-auth.pem 223s + found_md5=Modulus=B6B8AADCCADFE1E2B21BA21C53F9361D797BC87EC8F9F585957F63184AE569A9AE5CB528F47DA5F208CBDAD06A6E40E2B45C0ECCF213BD2776A6B2E07381AAAB865FC1035B3FBDD4666A9BDEE6EA47332CEEA21222D045D566213C9F527A15590331E2B26063281D3476F6C47A67A07D33942A38437282D608FBB1F7D531F65B 223s + '[' Modulus=B6B8AADCCADFE1E2B21BA21C53F9361D797BC87EC8F9F585957F63184AE569A9AE5CB528F47DA5F208CBDAD06A6E40E2B45C0ECCF213BD2776A6B2E07381AAAB865FC1035B3FBDD4666A9BDEE6EA47332CEEA21222D045D566213C9F527A15590331E2B26063281D3476F6C47A67A07D33942A38437282D608FBB1F7D531F65B '!=' Modulus=B6B8AADCCADFE1E2B21BA21C53F9361D797BC87EC8F9F585957F63184AE569A9AE5CB528F47DA5F208CBDAD06A6E40E2B45C0ECCF213BD2776A6B2E07381AAAB865FC1035B3FBDD4666A9BDEE6EA47332CEEA21222D045D566213C9F527A15590331E2B26063281D3476F6C47A67A07D33942A38437282D608FBB1F7D531F65B ']' 223s + invalid_certificate /tmp/sssd-softhsm2-vGKIeX/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-7510 /tmp/sssd-softhsm2-vGKIeX/test-root-CA.pem 223s + check_certificate /tmp/sssd-softhsm2-vGKIeX/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-7510 /tmp/sssd-softhsm2-vGKIeX/test-root-CA.pem 223s + local certificate=/tmp/sssd-softhsm2-vGKIeX/test-sub-intermediate-CA-trusted-certificate-0001.pem 223s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-7510 223s + local key_ring=/tmp/sssd-softhsm2-vGKIeX/test-root-CA.pem 223s + local verify_option= 223s + prepare_softhsm2_card /tmp/sssd-softhsm2-vGKIeX/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-7510 223s + local certificate=/tmp/sssd-softhsm2-vGKIeX/test-sub-intermediate-CA-trusted-certificate-0001.pem 223s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-7510 223s + local key_cn 223s + local key_name 223s + local tokens_dir 223s + local output_cert_file 223s + token_name= 223s ++ basename /tmp/sssd-softhsm2-vGKIeX/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 223s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 223s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-vGKIeX/test-sub-intermediate-CA-trusted-certificate-0001.pem 223s ++ sed -n 's/ *commonName *= //p' 223s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 223s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 223s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-vGKIeX/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 223s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-vGKIeX/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 223s ++ basename /tmp/sssd-softhsm2-vGKIeX/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 223s + tokens_dir=/tmp/sssd-softhsm2-vGKIeX/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 223s + token_name='Test Organization Sub Int Token' 223s + '[' '!' -e /tmp/sssd-softhsm2-vGKIeX/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 223s + local key_file 223s + local decrypted_key 223s + mkdir -p /tmp/sssd-softhsm2-vGKIeX/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 223s + key_file=/tmp/sssd-softhsm2-vGKIeX/test-sub-intermediate-CA-trusted-certificate-0001-key.pem 223s + decrypted_key=/tmp/sssd-softhsm2-vGKIeX/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 223s + cat 223s + softhsm2-util --init-token --label 'Test Organization Sub Int Token' --pin 053350 --so-pin 053350 --free 223s Slot 0 has a free/uninitialized token. 223s The token has been initialized and is reassigned to slot 1785059320 223s + softhsm2-util --show-slots 223s Available slots: 223s Slot 1785059320 223s Slot info: 223s Description: SoftHSM slot ID 0x6a65d7f8 223s Manufacturer ID: SoftHSM project 223s Hardware version: 2.6 223s Firmware version: 2.6 223s Token present: yes 223s Token info: 223s Manufacturer ID: SoftHSM project 223s Model: SoftHSM v2 223s Hardware version: 2.6 223s Firmware version: 2.6 223s Serial number: 0a8d3f0eea65d7f8 223s Initialized: yes 223s User PIN init.: yes 223s Label: Test Organization Sub Int Token 223s Slot 1 223s Slot info: 223s Description: SoftHSM slot ID 0x1 223s Manufacturer ID: SoftHSM project 223s Hardware version: 2.6 223s Firmware version: 2.6 223s Token present: yes 223s Token info: 223s Manufacturer ID: SoftHSM project 223s Model: SoftHSM v2 223s Hardware version: 2.6 223s Firmware version: 2.6 223s Serial number: 223s Initialized: no 223s User PIN init.: no 223s Label: 223s + p11tool --provider=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=/tmp/sssd-softhsm2-vGKIeX/test-sub-intermediate-CA-trusted-certificate-0001.pem --login --set-pin=053350 --label 'Test Organization Sub Intermediate Trusted Certificate 0001' --id 00112233445566778899FFAABBCCDDEEFF012345 223s + openssl rsa -passin pass:random-sub-intermediate-ca-trusted-cert-0001-7510 -in /tmp/sssd-softhsm2-vGKIeX/test-sub-intermediate-CA-trusted-certificate-0001-key.pem -out /tmp/sssd-softhsm2-vGKIeX/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 223s writing RSA key 223s + p11tool --provider=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so --write --load-privkey=/tmp/sssd-softhsm2-vGKIeX/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem --login --set-pin=053350 --label 'Test Organization Sub Intermediate Trusted Certificate 0001 Key' --id 00112233445566778899FFAABBCCDDEEFF012345 223s + rm /tmp/sssd-softhsm2-vGKIeX/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 223s + p11tool --provider=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so --list-all 223s Object 0: 223s URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=0a8d3f0eea65d7f8;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert 223s Type: X.509 Certificate (RSA-1024) 223s Expires: Sun Nov 16 08:20:19 2025 223s Label: Test Organization Sub Intermediate Trusted Certificate 0001 223s ID: 00:11:22:33:44:55:66:77:88:99:ff:aa:bb:cc:dd:ee:ff:01:23:45 223s 223s Test Organization Sub Int Token 223s + echo 'Test Organization Sub Int Token' 223s + '[' -n '' ']' 223s + local output_base_name=SSSD-child-17035 223s + local output_file=/tmp/sssd-softhsm2-vGKIeX/SSSD-child-17035.output 223s + output_cert_file=/tmp/sssd-softhsm2-vGKIeX/SSSD-child-17035.pem 223s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-vGKIeX/test-root-CA.pem 223s [p11_child[2430]] [main] (0x0400): p11_child started. 223s [p11_child[2430]] [main] (0x2000): Running in [pre-auth] mode. 223s [p11_child[2430]] [main] (0x2000): Running with effective IDs: [0][0]. 223s [p11_child[2430]] [main] (0x2000): Running with real IDs [0][0]. 223s [p11_child[2430]] [do_card] (0x4000): Module List: 223s [p11_child[2430]] [do_card] (0x4000): common name: [softhsm2]. 223s [p11_child[2430]] [do_card] (0x4000): dll name: [/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 223s [p11_child[2430]] [do_card] (0x4000): Description [SoftHSM slot ID 0x6a65d7f8] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 223s [p11_child[2430]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 223s [p11_child[2430]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x6a65d7f8][1785059320] of module [0][/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 223s [p11_child[2430]] [do_card] (0x4000): Login NOT required. 223s [p11_child[2430]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 223s [p11_child[2430]] [do_verification] (0x0040): X509_verify_cert failed [0]. 223s [p11_child[2430]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 223s [p11_child[2430]] [read_certs] (0x0040): Certificate [Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] not valid, skipping. 223s [p11_child[2430]] [do_card] (0x4000): No certificate found. 223s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-vGKIeX/SSSD-child-17035.output 223s + return 2 223s + invalid_certificate /tmp/sssd-softhsm2-vGKIeX/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-7510 /tmp/sssd-softhsm2-vGKIeX/test-root-CA.pem partial_chain 223s + check_certificate /tmp/sssd-softhsm2-vGKIeX/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-7510 /tmp/sssd-softhsm2-vGKIeX/test-root-CA.pem partial_chain 223s + local certificate=/tmp/sssd-softhsm2-vGKIeX/test-sub-intermediate-CA-trusted-certificate-0001.pem 223s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-7510 223s + local key_ring=/tmp/sssd-softhsm2-vGKIeX/test-root-CA.pem 223s + local verify_option=partial_chain 223s + prepare_softhsm2_card /tmp/sssd-softhsm2-vGKIeX/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-7510 223s + local certificate=/tmp/sssd-softhsm2-vGKIeX/test-sub-intermediate-CA-trusted-certificate-0001.pem 223s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-7510 223s + local key_cn 223s + local key_name 223s + local tokens_dir 223s + local output_cert_file 223s + token_name= 223s ++ basename /tmp/sssd-softhsm2-vGKIeX/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 223s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 223s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-vGKIeX/test-sub-intermediate-CA-trusted-certificate-0001.pem 223s ++ sed -n 's/ *commonName *= //p' 223s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 223s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 223s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-vGKIeX/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 223s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-vGKIeX/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 223s ++ basename /tmp/sssd-softhsm2-vGKIeX/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 223s + tokens_dir=/tmp/sssd-softhsm2-vGKIeX/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 223s + token_name='Test Organization Sub Int Token' 223s + '[' '!' -e /tmp/sssd-softhsm2-vGKIeX/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 223s + '[' '!' -d /tmp/sssd-softhsm2-vGKIeX/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 223s + echo 'Test Organization Sub Int Token' 223s Test Organization Sub Int Token 223s + '[' -n partial_chain ']' 223s + local verify_arg=--verify=partial_chain 223s + local output_base_name=SSSD-child-14882 223s + local output_file=/tmp/sssd-softhsm2-vGKIeX/SSSD-child-14882.output 223s + output_cert_file=/tmp/sssd-softhsm2-vGKIeX/SSSD-child-14882.pem 223s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-vGKIeX/test-root-CA.pem 223s [p11_child[2437]] [main] (0x0400): p11_child started. 223s [p11_child[2437]] [main] (0x2000): Running in [pre-auth] mode. 223s [p11_child[2437]] [main] (0x2000): Running with effective IDs: [0][0]. 223s [p11_child[2437]] [main] (0x2000): Running with real IDs [0][0]. 223s [p11_child[2437]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 223s [p11_child[2437]] [do_card] (0x4000): Module List: 223s [p11_child[2437]] [do_card] (0x4000): common name: [softhsm2]. 223s [p11_child[2437]] [do_card] (0x4000): dll name: [/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 223s [p11_child[2437]] [do_card] (0x4000): Description [SoftHSM slot ID 0x6a65d7f8] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 223s [p11_child[2437]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 223s [p11_child[2437]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x6a65d7f8][1785059320] of module [0][/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 223s [p11_child[2437]] [do_card] (0x4000): Login NOT required. 223s [p11_child[2437]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 223s [p11_child[2437]] [do_verification] (0x0040): X509_verify_cert failed [0]. 223s [p11_child[2437]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 223s [p11_child[2437]] [read_certs] (0x0040): Certificate [Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] not valid, skipping. 223s [p11_child[2437]] [do_card] (0x4000): No certificate found. 223s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-vGKIeX/SSSD-child-14882.output 223s + return 2 223s + valid_certificate /tmp/sssd-softhsm2-vGKIeX/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-7510 /tmp/sssd-softhsm2-vGKIeX/test-full-chain-CA.pem 223s + check_certificate /tmp/sssd-softhsm2-vGKIeX/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-7510 /tmp/sssd-softhsm2-vGKIeX/test-full-chain-CA.pem 223s + local certificate=/tmp/sssd-softhsm2-vGKIeX/test-sub-intermediate-CA-trusted-certificate-0001.pem 223s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-7510 223s + local key_ring=/tmp/sssd-softhsm2-vGKIeX/test-full-chain-CA.pem 223s + local verify_option= 223s + prepare_softhsm2_card /tmp/sssd-softhsm2-vGKIeX/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-7510 223s + local certificate=/tmp/sssd-softhsm2-vGKIeX/test-sub-intermediate-CA-trusted-certificate-0001.pem 223s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-7510 223s + local key_cn 223s + local key_name 223s + local tokens_dir 223s + local output_cert_file 223s + token_name= 223s ++ basename /tmp/sssd-softhsm2-vGKIeX/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 223s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 223s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-vGKIeX/test-sub-intermediate-CA-trusted-certificate-0001.pem 223s ++ sed -n 's/ *commonName *= //p' 223s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 223s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 223s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-vGKIeX/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 223s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-vGKIeX/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 223s ++ basename /tmp/sssd-softhsm2-vGKIeX/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 223s Test Organization Sub Int Token 223s + tokens_dir=/tmp/sssd-softhsm2-vGKIeX/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 223s + token_name='Test Organization Sub Int Token' 223s + '[' '!' -e /tmp/sssd-softhsm2-vGKIeX/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 223s + '[' '!' -d /tmp/sssd-softhsm2-vGKIeX/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 223s + echo 'Test Organization Sub Int Token' 223s + '[' -n '' ']' 223s + local output_base_name=SSSD-child-8094 223s + local output_file=/tmp/sssd-softhsm2-vGKIeX/SSSD-child-8094.output 223s + output_cert_file=/tmp/sssd-softhsm2-vGKIeX/SSSD-child-8094.pem 223s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-vGKIeX/test-full-chain-CA.pem 223s [p11_child[2444]] [main] (0x0400): p11_child started. 223s [p11_child[2444]] [main] (0x2000): Running in [pre-auth] mode. 223s [p11_child[2444]] [main] (0x2000): Running with effective IDs: [0][0]. 223s [p11_child[2444]] [main] (0x2000): Running with real IDs [0][0]. 223s [p11_child[2444]] [do_card] (0x4000): Module List: 223s [p11_child[2444]] [do_card] (0x4000): common name: [softhsm2]. 223s [p11_child[2444]] [do_card] (0x4000): dll name: [/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 223s [p11_child[2444]] [do_card] (0x4000): Description [SoftHSM slot ID 0x6a65d7f8] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 223s [p11_child[2444]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 223s [p11_child[2444]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x6a65d7f8][1785059320] of module [0][/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 223s [p11_child[2444]] [do_card] (0x4000): Login NOT required. 223s [p11_child[2444]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 223s [p11_child[2444]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 223s [p11_child[2444]] [do_card] (0x4000): /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Sub Int Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 223s [p11_child[2444]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x6a65d7f8;slot-manufacturer=SoftHSM%20project;slot-id=1785059320;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=0a8d3f0eea65d7f8;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 223s [p11_child[2444]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 223s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-vGKIeX/SSSD-child-8094.output 223s + echo '-----BEGIN CERTIFICATE-----' 223s + tail -n1 /tmp/sssd-softhsm2-vGKIeX/SSSD-child-8094.output 223s + echo '-----END CERTIFICATE-----' 223s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-vGKIeX/SSSD-child-8094.pem 223s Certificate: 223s Data: 223s Version: 3 (0x2) 223s Serial Number: 5 (0x5) 223s Signature Algorithm: sha256WithRSAEncryption 223s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 223s Validity 223s Not Before: Nov 16 08:20:19 2024 GMT 223s Not After : Nov 16 08:20:19 2025 GMT 223s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 223s Subject Public Key Info: 223s Public Key Algorithm: rsaEncryption 223s Public-Key: (1024 bit) 223s Modulus: 223s 00:e8:3a:11:f8:a7:30:b4:35:09:76:93:23:91:88: 223s 9b:35:9f:16:a0:32:e0:74:b6:1a:17:0a:03:2d:4c: 223s 60:1b:20:0e:b0:22:df:7b:01:db:02:91:11:68:7c: 223s ce:35:58:c3:b8:c7:61:87:f2:2d:48:e1:5e:ec:a5: 223s 66:72:78:22:f2:84:ef:80:49:7a:95:8b:e9:44:ec: 223s 72:5c:4f:e4:db:c2:f8:c4:0d:18:88:ff:fb:d8:20: 223s 73:41:d8:e7:f4:99:0b:3b:4f:f5:36:2f:50:59:0b: 223s 07:d0:e8:cd:d6:e9:2f:8f:6b:85:5d:d2:6f:39:14: 223s ce:1f:08:5a:67:c6:71:73:bb 223s Exponent: 65537 (0x10001) 223s X509v3 extensions: 223s X509v3 Authority Key Identifier: 223s CE:E4:D7:C9:62:F1:65:AA:C8:13:A2:88:4D:DA:19:76:0B:96:7C:FE 223s X509v3 Basic Constraints: 223s CA:FALSE 223s Netscape Cert Type: 223s SSL Client, S/MIME 223s Netscape Comment: 223s Test Organization Sub Intermediate CA trusted Certificate 223s X509v3 Subject Key Identifier: 223s 7A:A6:DC:30:F9:06:79:24:AF:BF:1F:08:2E:CA:59:3B:4D:D9:7D:27 223s X509v3 Key Usage: critical 223s Digital Signature, Non Repudiation, Key Encipherment 223s X509v3 Extended Key Usage: 223s TLS Web Client Authentication, E-mail Protection 223s X509v3 Subject Alternative Name: 223s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 223s Signature Algorithm: sha256WithRSAEncryption 223s Signature Value: 223s 0d:9c:af:81:b2:ac:6a:59:85:da:f6:c2:2d:1d:1a:8c:51:3a: 223s 75:f5:b3:f5:b1:e1:ad:2a:9c:0a:a3:3f:43:48:e9:97:c8:fa: 223s 76:d3:5a:05:56:d4:b6:b3:a9:b6:93:2e:bf:89:84:c2:e2:89: 223s 30:4c:7b:f1:02:24:16:dc:0d:20:bc:99:8b:f8:41:fd:a6:4e: 223s 14:9b:10:1a:8e:47:7d:1a:0a:d7:e5:cf:ab:e5:57:20:9a:ea: 223s 83:2e:49:06:f0:d5:d8:10:18:8e:0f:de:1a:5a:00:b7:43:7d: 223s 9a:b4:81:c3:74:2e:28:89:a7:f8:d1:05:d2:7e:94:88:4c:ca: 223s 3d:d0 223s + local found_md5 expected_md5 223s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-vGKIeX/test-sub-intermediate-CA-trusted-certificate-0001.pem 223s + expected_md5=Modulus=E83A11F8A730B4350976932391889B359F16A032E074B61A170A032D4C601B200EB022DF7B01DB029111687CCE3558C3B8C76187F22D48E15EECA566727822F284EF80497A958BE944EC725C4FE4DBC2F8C40D1888FFFBD8207341D8E7F4990B3B4FF5362F50590B07D0E8CDD6E92F8F6B855DD26F3914CE1F085A67C67173BB 223s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-vGKIeX/SSSD-child-8094.pem 223s + found_md5=Modulus=E83A11F8A730B4350976932391889B359F16A032E074B61A170A032D4C601B200EB022DF7B01DB029111687CCE3558C3B8C76187F22D48E15EECA566727822F284EF80497A958BE944EC725C4FE4DBC2F8C40D1888FFFBD8207341D8E7F4990B3B4FF5362F50590B07D0E8CDD6E92F8F6B855DD26F3914CE1F085A67C67173BB 223s + '[' Modulus=E83A11F8A730B4350976932391889B359F16A032E074B61A170A032D4C601B200EB022DF7B01DB029111687CCE3558C3B8C76187F22D48E15EECA566727822F284EF80497A958BE944EC725C4FE4DBC2F8C40D1888FFFBD8207341D8E7F4990B3B4FF5362F50590B07D0E8CDD6E92F8F6B855DD26F3914CE1F085A67C67173BB '!=' Modulus=E83A11F8A730B4350976932391889B359F16A032E074B61A170A032D4C601B200EB022DF7B01DB029111687CCE3558C3B8C76187F22D48E15EECA566727822F284EF80497A958BE944EC725C4FE4DBC2F8C40D1888FFFBD8207341D8E7F4990B3B4FF5362F50590B07D0E8CDD6E92F8F6B855DD26F3914CE1F085A67C67173BB ']' 223s + output_file=/tmp/sssd-softhsm2-vGKIeX/SSSD-child-8094-auth.output 223s ++ basename /tmp/sssd-softhsm2-vGKIeX/SSSD-child-8094-auth.output .output 223s + output_cert_file=/tmp/sssd-softhsm2-vGKIeX/SSSD-child-8094-auth.pem 223s + echo -n 053350 223s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-vGKIeX/test-full-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 '' --token_name 'Test Organization Sub Int Token' --module_name /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so 223s [p11_child[2452]] [main] (0x0400): p11_child started. 223s [p11_child[2452]] [main] (0x2000): Running in [auth] mode. 223s [p11_child[2452]] [main] (0x2000): Running with effective IDs: [0][0]. 223s [p11_child[2452]] [main] (0x2000): Running with real IDs [0][0]. 223s [p11_child[2452]] [do_card] (0x4000): Module List: 223s [p11_child[2452]] [do_card] (0x4000): common name: [softhsm2]. 223s [p11_child[2452]] [do_card] (0x4000): dll name: [/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 223s [p11_child[2452]] [do_card] (0x4000): Description [SoftHSM slot ID 0x6a65d7f8] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 223s [p11_child[2452]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 223s [p11_child[2452]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x6a65d7f8][1785059320] of module [0][/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 223s [p11_child[2452]] [do_card] (0x4000): Login required. 223s [p11_child[2452]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 223s [p11_child[2452]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 223s [p11_child[2452]] [do_card] (0x4000): /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so Test Organization Sub Int Token Test Organization Sub Int Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 223s [p11_child[2452]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x6a65d7f8;slot-manufacturer=SoftHSM%20project;slot-id=1785059320;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=0a8d3f0eea65d7f8;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 223s [p11_child[2452]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 223s [p11_child[2452]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 223s [p11_child[2452]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 223s [p11_child[2452]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 223s [p11_child[2452]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 223s [p11_child[2452]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 223s [p11_child[2452]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 223s [p11_child[2452]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 223s [p11_child[2452]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 223s [p11_child[2452]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 223s [p11_child[2452]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 223s [p11_child[2452]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 223s [p11_child[2452]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 223s [p11_child[2452]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 223s [p11_child[2452]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 223s [p11_child[2452]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 223s [p11_child[2452]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 223s [p11_child[2452]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 223s [p11_child[2452]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 223s [p11_child[2452]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 223s [p11_child[2452]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 223s [p11_child[2452]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 223s [p11_child[2452]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 223s [p11_child[2452]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 223s [p11_child[2452]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 223s [p11_child[2452]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 223s [p11_child[2452]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 223s [p11_child[2452]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 223s [p11_child[2452]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 223s [p11_child[2452]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 223s [p11_child[2452]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 223s [p11_child[2452]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 223s [p11_child[2452]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 223s [p11_child[2452]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 223s [p11_child[2452]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 223s [p11_child[2452]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 223s [p11_child[2452]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 223s [p11_child[2452]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 223s [p11_child[2452]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 223s [p11_child[2452]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 223s [p11_child[2452]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 223s [p11_child[2452]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 223s [p11_child[2452]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 223s [p11_child[2452]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 223s [p11_child[2452]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 223s [p11_child[2452]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 223s [p11_child[2452]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 223s [p11_child[2452]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 223s [p11_child[2452]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 223s [p11_child[2452]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 223s [p11_child[2452]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 223s [p11_child[2452]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 223s [p11_child[2452]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 223s [p11_child[2452]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 223s [p11_child[2452]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 223s [p11_child[2452]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 223s [p11_child[2452]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 223s [p11_child[2452]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 223s [p11_child[2452]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 223s [p11_child[2452]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 223s [p11_child[2452]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 223s [p11_child[2452]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 223s [p11_child[2452]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 223s [p11_child[2452]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 223s [p11_child[2452]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 223s [p11_child[2452]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 223s [p11_child[2452]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 223s [p11_child[2452]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 223s [p11_child[2452]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 223s [p11_child[2452]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 223s [p11_child[2452]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 223s [p11_child[2452]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 223s [p11_child[2452]] [do_card] (0x4000): Certificate verified and validated. 223s [p11_child[2452]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 223s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-vGKIeX/SSSD-child-8094-auth.output 223s + echo '-----BEGIN CERTIFICATE-----' 223s + tail -n1 /tmp/sssd-softhsm2-vGKIeX/SSSD-child-8094-auth.output 223s + echo '-----END CERTIFICATE-----' 223s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-vGKIeX/SSSD-child-8094-auth.pem 223s Certificate: 223s Data: 223s Version: 3 (0x2) 223s Serial Number: 5 (0x5) 223s Signature Algorithm: sha256WithRSAEncryption 223s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 223s Validity 223s Not Before: Nov 16 08:20:19 2024 GMT 223s Not After : Nov 16 08:20:19 2025 GMT 223s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 223s Subject Public Key Info: 223s Public Key Algorithm: rsaEncryption 223s Public-Key: (1024 bit) 223s Modulus: 223s 00:e8:3a:11:f8:a7:30:b4:35:09:76:93:23:91:88: 223s 9b:35:9f:16:a0:32:e0:74:b6:1a:17:0a:03:2d:4c: 223s 60:1b:20:0e:b0:22:df:7b:01:db:02:91:11:68:7c: 223s ce:35:58:c3:b8:c7:61:87:f2:2d:48:e1:5e:ec:a5: 223s 66:72:78:22:f2:84:ef:80:49:7a:95:8b:e9:44:ec: 223s 72:5c:4f:e4:db:c2:f8:c4:0d:18:88:ff:fb:d8:20: 223s 73:41:d8:e7:f4:99:0b:3b:4f:f5:36:2f:50:59:0b: 223s 07:d0:e8:cd:d6:e9:2f:8f:6b:85:5d:d2:6f:39:14: 223s ce:1f:08:5a:67:c6:71:73:bb 223s Exponent: 65537 (0x10001) 223s X509v3 extensions: 223s X509v3 Authority Key Identifier: 223s CE:E4:D7:C9:62:F1:65:AA:C8:13:A2:88:4D:DA:19:76:0B:96:7C:FE 223s X509v3 Basic Constraints: 223s CA:FALSE 223s Netscape Cert Type: 223s SSL Client, S/MIME 223s Netscape Comment: 223s Test Organization Sub Intermediate CA trusted Certificate 223s X509v3 Subject Key Identifier: 223s 7A:A6:DC:30:F9:06:79:24:AF:BF:1F:08:2E:CA:59:3B:4D:D9:7D:27 223s X509v3 Key Usage: critical 223s Digital Signature, Non Repudiation, Key Encipherment 223s X509v3 Extended Key Usage: 223s TLS Web Client Authentication, E-mail Protection 223s X509v3 Subject Alternative Name: 223s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 223s Signature Algorithm: sha256WithRSAEncryption 223s Signature Value: 223s 0d:9c:af:81:b2:ac:6a:59:85:da:f6:c2:2d:1d:1a:8c:51:3a: 223s 75:f5:b3:f5:b1:e1:ad:2a:9c:0a:a3:3f:43:48:e9:97:c8:fa: 223s 76:d3:5a:05:56:d4:b6:b3:a9:b6:93:2e:bf:89:84:c2:e2:89: 223s 30:4c:7b:f1:02:24:16:dc:0d:20:bc:99:8b:f8:41:fd:a6:4e: 223s 14:9b:10:1a:8e:47:7d:1a:0a:d7:e5:cf:ab:e5:57:20:9a:ea: 223s 83:2e:49:06:f0:d5:d8:10:18:8e:0f:de:1a:5a:00:b7:43:7d: 223s 9a:b4:81:c3:74:2e:28:89:a7:f8:d1:05:d2:7e:94:88:4c:ca: 223s 3d:d0 223s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-vGKIeX/SSSD-child-8094-auth.pem 223s + found_md5=Modulus=E83A11F8A730B4350976932391889B359F16A032E074B61A170A032D4C601B200EB022DF7B01DB029111687CCE3558C3B8C76187F22D48E15EECA566727822F284EF80497A958BE944EC725C4FE4DBC2F8C40D1888FFFBD8207341D8E7F4990B3B4FF5362F50590B07D0E8CDD6E92F8F6B855DD26F3914CE1F085A67C67173BB 223s + '[' Modulus=E83A11F8A730B4350976932391889B359F16A032E074B61A170A032D4C601B200EB022DF7B01DB029111687CCE3558C3B8C76187F22D48E15EECA566727822F284EF80497A958BE944EC725C4FE4DBC2F8C40D1888FFFBD8207341D8E7F4990B3B4FF5362F50590B07D0E8CDD6E92F8F6B855DD26F3914CE1F085A67C67173BB '!=' Modulus=E83A11F8A730B4350976932391889B359F16A032E074B61A170A032D4C601B200EB022DF7B01DB029111687CCE3558C3B8C76187F22D48E15EECA566727822F284EF80497A958BE944EC725C4FE4DBC2F8C40D1888FFFBD8207341D8E7F4990B3B4FF5362F50590B07D0E8CDD6E92F8F6B855DD26F3914CE1F085A67C67173BB ']' 223s + valid_certificate /tmp/sssd-softhsm2-vGKIeX/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-7510 /tmp/sssd-softhsm2-vGKIeX/test-full-chain-CA.pem partial_chain 223s + check_certificate /tmp/sssd-softhsm2-vGKIeX/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-7510 /tmp/sssd-softhsm2-vGKIeX/test-full-chain-CA.pem partial_chain 223s + local certificate=/tmp/sssd-softhsm2-vGKIeX/test-sub-intermediate-CA-trusted-certificate-0001.pem 223s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-7510 223s + local key_ring=/tmp/sssd-softhsm2-vGKIeX/test-full-chain-CA.pem 223s + local verify_option=partial_chain 223s + prepare_softhsm2_card /tmp/sssd-softhsm2-vGKIeX/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-7510 223s + local certificate=/tmp/sssd-softhsm2-vGKIeX/test-sub-intermediate-CA-trusted-certificate-0001.pem 223s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-7510 223s + local key_cn 223s + local key_name 223s + local tokens_dir 223s + local output_cert_file 223s + token_name= 223s ++ basename /tmp/sssd-softhsm2-vGKIeX/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 223s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 223s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-vGKIeX/test-sub-intermediate-CA-trusted-certificate-0001.pem 223s ++ sed -n 's/ *commonName *= //p' 223s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 223s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 223s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-vGKIeX/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 223s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-vGKIeX/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 223s ++ basename /tmp/sssd-softhsm2-vGKIeX/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 223s + tokens_dir=/tmp/sssd-softhsm2-vGKIeX/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 223s + token_name='Test Organization Sub Int Token' 223s + '[' '!' -e /tmp/sssd-softhsm2-vGKIeX/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 223s + '[' '!' -d /tmp/sssd-softhsm2-vGKIeX/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 223s + echo 'Test Organization Sub Int Token' 223s + '[' -n partial_chain ']' 223s + local verify_arg=--verify=partial_chain 223s + local output_base_name=SSSD-child-12684 223s + local output_file=/tmp/sssd-softhsm2-vGKIeX/SSSD-child-12684.output 223s + output_cert_file=/tmp/sssd-softhsm2-vGKIeX/SSSD-child-12684.pem 223s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-vGKIeX/test-full-chain-CA.pem 223s Test Organization Sub Int Token 223s [p11_child[2462]] [main] (0x0400): p11_child started. 223s [p11_child[2462]] [main] (0x2000): Running in [pre-auth] mode. 223s [p11_child[2462]] [main] (0x2000): Running with effective IDs: [0][0]. 223s [p11_child[2462]] [main] (0x2000): Running with real IDs [0][0]. 223s [p11_child[2462]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 223s [p11_child[2462]] [do_card] (0x4000): Module List: 223s [p11_child[2462]] [do_card] (0x4000): common name: [softhsm2]. 223s [p11_child[2462]] [do_card] (0x4000): dll name: [/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 223s [p11_child[2462]] [do_card] (0x4000): Description [SoftHSM slot ID 0x6a65d7f8] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 223s [p11_child[2462]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 223s [p11_child[2462]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x6a65d7f8][1785059320] of module [0][/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 223s [p11_child[2462]] [do_card] (0x4000): Login NOT required. 223s [p11_child[2462]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 223s [p11_child[2462]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 223s [p11_child[2462]] [do_card] (0x4000): /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Sub Int Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 223s [p11_child[2462]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x6a65d7f8;slot-manufacturer=SoftHSM%20project;slot-id=1785059320;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=0a8d3f0eea65d7f8;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 223s [p11_child[2462]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 223s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-vGKIeX/SSSD-child-12684.output 223s + echo '-----BEGIN CERTIFICATE-----' 223s + tail -n1 /tmp/sssd-softhsm2-vGKIeX/SSSD-child-12684.output 223s + echo '-----END CERTIFICATE-----' 223s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-vGKIeX/SSSD-child-12684.pem 223s Certificate: 223s Data: 223s Version: 3 (0x2) 223s Serial Number: 5 (0x5) 223s Signature Algorithm: sha256WithRSAEncryption 223s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 223s Validity 223s Not Before: Nov 16 08:20:19 2024 GMT 223s Not After : Nov 16 08:20:19 2025 GMT 223s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 223s Subject Public Key Info: 223s Public Key Algorithm: rsaEncryption 223s Public-Key: (1024 bit) 223s Modulus: 223s 00:e8:3a:11:f8:a7:30:b4:35:09:76:93:23:91:88: 223s 9b:35:9f:16:a0:32:e0:74:b6:1a:17:0a:03:2d:4c: 223s 60:1b:20:0e:b0:22:df:7b:01:db:02:91:11:68:7c: 223s ce:35:58:c3:b8:c7:61:87:f2:2d:48:e1:5e:ec:a5: 223s 66:72:78:22:f2:84:ef:80:49:7a:95:8b:e9:44:ec: 223s 72:5c:4f:e4:db:c2:f8:c4:0d:18:88:ff:fb:d8:20: 223s 73:41:d8:e7:f4:99:0b:3b:4f:f5:36:2f:50:59:0b: 223s 07:d0:e8:cd:d6:e9:2f:8f:6b:85:5d:d2:6f:39:14: 223s ce:1f:08:5a:67:c6:71:73:bb 223s Exponent: 65537 (0x10001) 223s X509v3 extensions: 223s X509v3 Authority Key Identifier: 223s CE:E4:D7:C9:62:F1:65:AA:C8:13:A2:88:4D:DA:19:76:0B:96:7C:FE 223s X509v3 Basic Constraints: 223s CA:FALSE 223s Netscape Cert Type: 223s SSL Client, S/MIME 223s Netscape Comment: 223s Test Organization Sub Intermediate CA trusted Certificate 223s X509v3 Subject Key Identifier: 223s 7A:A6:DC:30:F9:06:79:24:AF:BF:1F:08:2E:CA:59:3B:4D:D9:7D:27 223s X509v3 Key Usage: critical 223s Digital Signature, Non Repudiation, Key Encipherment 223s X509v3 Extended Key Usage: 223s TLS Web Client Authentication, E-mail Protection 223s X509v3 Subject Alternative Name: 223s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 223s Signature Algorithm: sha256WithRSAEncryption 223s Signature Value: 223s 0d:9c:af:81:b2:ac:6a:59:85:da:f6:c2:2d:1d:1a:8c:51:3a: 223s 75:f5:b3:f5:b1:e1:ad:2a:9c:0a:a3:3f:43:48:e9:97:c8:fa: 223s 76:d3:5a:05:56:d4:b6:b3:a9:b6:93:2e:bf:89:84:c2:e2:89: 223s 30:4c:7b:f1:02:24:16:dc:0d:20:bc:99:8b:f8:41:fd:a6:4e: 223s 14:9b:10:1a:8e:47:7d:1a:0a:d7:e5:cf:ab:e5:57:20:9a:ea: 223s 83:2e:49:06:f0:d5:d8:10:18:8e:0f:de:1a:5a:00:b7:43:7d: 223s 9a:b4:81:c3:74:2e:28:89:a7:f8:d1:05:d2:7e:94:88:4c:ca: 223s 3d:d0 223s + local found_md5 expected_md5 223s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-vGKIeX/test-sub-intermediate-CA-trusted-certificate-0001.pem 223s + expected_md5=Modulus=E83A11F8A730B4350976932391889B359F16A032E074B61A170A032D4C601B200EB022DF7B01DB029111687CCE3558C3B8C76187F22D48E15EECA566727822F284EF80497A958BE944EC725C4FE4DBC2F8C40D1888FFFBD8207341D8E7F4990B3B4FF5362F50590B07D0E8CDD6E92F8F6B855DD26F3914CE1F085A67C67173BB 223s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-vGKIeX/SSSD-child-12684.pem 223s + found_md5=Modulus=E83A11F8A730B4350976932391889B359F16A032E074B61A170A032D4C601B200EB022DF7B01DB029111687CCE3558C3B8C76187F22D48E15EECA566727822F284EF80497A958BE944EC725C4FE4DBC2F8C40D1888FFFBD8207341D8E7F4990B3B4FF5362F50590B07D0E8CDD6E92F8F6B855DD26F3914CE1F085A67C67173BB 223s + '[' Modulus=E83A11F8A730B4350976932391889B359F16A032E074B61A170A032D4C601B200EB022DF7B01DB029111687CCE3558C3B8C76187F22D48E15EECA566727822F284EF80497A958BE944EC725C4FE4DBC2F8C40D1888FFFBD8207341D8E7F4990B3B4FF5362F50590B07D0E8CDD6E92F8F6B855DD26F3914CE1F085A67C67173BB '!=' Modulus=E83A11F8A730B4350976932391889B359F16A032E074B61A170A032D4C601B200EB022DF7B01DB029111687CCE3558C3B8C76187F22D48E15EECA566727822F284EF80497A958BE944EC725C4FE4DBC2F8C40D1888FFFBD8207341D8E7F4990B3B4FF5362F50590B07D0E8CDD6E92F8F6B855DD26F3914CE1F085A67C67173BB ']' 223s + output_file=/tmp/sssd-softhsm2-vGKIeX/SSSD-child-12684-auth.output 223s ++ basename /tmp/sssd-softhsm2-vGKIeX/SSSD-child-12684-auth.output .output 223s + output_cert_file=/tmp/sssd-softhsm2-vGKIeX/SSSD-child-12684-auth.pem 223s + echo -n 053350 223s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-vGKIeX/test-full-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Sub Int Token' --module_name /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so 223s [p11_child[2470]] [main] (0x0400): p11_child started. 223s [p11_child[2470]] [main] (0x2000): Running in [auth] mode. 223s [p11_child[2470]] [main] (0x2000): Running with effective IDs: [0][0]. 223s [p11_child[2470]] [main] (0x2000): Running with real IDs [0][0]. 223s [p11_child[2470]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 223s [p11_child[2470]] [do_card] (0x4000): Module List: 223s [p11_child[2470]] [do_card] (0x4000): common name: [softhsm2]. 223s [p11_child[2470]] [do_card] (0x4000): dll name: [/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 223s [p11_child[2470]] [do_card] (0x4000): Description [SoftHSM slot ID 0x6a65d7f8] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 223s [p11_child[2470]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 223s [p11_child[2470]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x6a65d7f8][1785059320] of module [0][/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 223s [p11_child[2470]] [do_card] (0x4000): Login required. 223s [p11_child[2470]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 223s [p11_child[2470]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 223s [p11_child[2470]] [do_card] (0x4000): /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so Test Organization Sub Int Token Test Organization Sub Int Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 223s [p11_child[2470]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x6a65d7f8;slot-manufacturer=SoftHSM%20project;slot-id=1785059320;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=0a8d3f0eea65d7f8;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 223s [p11_child[2470]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 223s [p11_child[2470]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 223s [p11_child[2470]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 223s [p11_child[2470]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 223s [p11_child[2470]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 223s [p11_child[2470]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 223s [p11_child[2470]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 223s [p11_child[2470]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 223s [p11_child[2470]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 223s [p11_child[2470]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 223s [p11_child[2470]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 223s [p11_child[2470]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 223s [p11_child[2470]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 223s [p11_child[2470]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 223s [p11_child[2470]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 223s [p11_child[2470]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 223s [p11_child[2470]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 223s [p11_child[2470]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 223s [p11_child[2470]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 223s [p11_child[2470]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 223s [p11_child[2470]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 223s [p11_child[2470]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 223s [p11_child[2470]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 223s [p11_child[2470]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 223s [p11_child[2470]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 223s [p11_child[2470]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 223s [p11_child[2470]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 223s [p11_child[2470]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 223s [p11_child[2470]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 223s [p11_child[2470]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 223s [p11_child[2470]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 223s [p11_child[2470]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 223s [p11_child[2470]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 223s [p11_child[2470]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 223s [p11_child[2470]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 223s [p11_child[2470]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 223s [p11_child[2470]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 223s [p11_child[2470]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 223s [p11_child[2470]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 223s [p11_child[2470]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 223s [p11_child[2470]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 223s [p11_child[2470]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 223s [p11_child[2470]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 223s [p11_child[2470]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 223s [p11_child[2470]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 223s [p11_child[2470]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 223s [p11_child[2470]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 223s [p11_child[2470]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 223s [p11_child[2470]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 223s [p11_child[2470]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 223s [p11_child[2470]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 223s [p11_child[2470]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 223s [p11_child[2470]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 223s [p11_child[2470]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 223s [p11_child[2470]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 223s [p11_child[2470]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 223s [p11_child[2470]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 223s [p11_child[2470]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 223s [p11_child[2470]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 223s [p11_child[2470]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 223s [p11_child[2470]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 223s [p11_child[2470]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 223s [p11_child[2470]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 223s [p11_child[2470]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 223s [p11_child[2470]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 223s [p11_child[2470]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 223s [p11_child[2470]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 223s [p11_child[2470]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 223s [p11_child[2470]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 223s [p11_child[2470]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 223s [p11_child[2470]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 223s [p11_child[2470]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 223s [p11_child[2470]] [do_card] (0x4000): Certificate verified and validated. 223s [p11_child[2470]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 223s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-vGKIeX/SSSD-child-12684-auth.output 223s + echo '-----BEGIN CERTIFICATE-----' 223s + tail -n1 /tmp/sssd-softhsm2-vGKIeX/SSSD-child-12684-auth.output 223s + echo '-----END CERTIFICATE-----' 223s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-vGKIeX/SSSD-child-12684-auth.pem 223s Certificate: 223s Data: 223s Version: 3 (0x2) 223s Serial Number: 5 (0x5) 223s Signature Algorithm: sha256WithRSAEncryption 223s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 223s Validity 223s Not Before: Nov 16 08:20:19 2024 GMT 223s Not After : Nov 16 08:20:19 2025 GMT 223s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 223s Subject Public Key Info: 223s Public Key Algorithm: rsaEncryption 223s Public-Key: (1024 bit) 223s Modulus: 223s 00:e8:3a:11:f8:a7:30:b4:35:09:76:93:23:91:88: 223s 9b:35:9f:16:a0:32:e0:74:b6:1a:17:0a:03:2d:4c: 223s 60:1b:20:0e:b0:22:df:7b:01:db:02:91:11:68:7c: 223s ce:35:58:c3:b8:c7:61:87:f2:2d:48:e1:5e:ec:a5: 223s 66:72:78:22:f2:84:ef:80:49:7a:95:8b:e9:44:ec: 223s 72:5c:4f:e4:db:c2:f8:c4:0d:18:88:ff:fb:d8:20: 223s 73:41:d8:e7:f4:99:0b:3b:4f:f5:36:2f:50:59:0b: 223s 07:d0:e8:cd:d6:e9:2f:8f:6b:85:5d:d2:6f:39:14: 223s ce:1f:08:5a:67:c6:71:73:bb 223s Exponent: 65537 (0x10001) 223s X509v3 extensions: 223s X509v3 Authority Key Identifier: 223s CE:E4:D7:C9:62:F1:65:AA:C8:13:A2:88:4D:DA:19:76:0B:96:7C:FE 223s X509v3 Basic Constraints: 223s CA:FALSE 223s Netscape Cert Type: 223s SSL Client, S/MIME 223s Netscape Comment: 223s Test Organization Sub Intermediate CA trusted Certificate 223s X509v3 Subject Key Identifier: 223s 7A:A6:DC:30:F9:06:79:24:AF:BF:1F:08:2E:CA:59:3B:4D:D9:7D:27 223s X509v3 Key Usage: critical 223s Digital Signature, Non Repudiation, Key Encipherment 223s X509v3 Extended Key Usage: 223s TLS Web Client Authentication, E-mail Protection 223s X509v3 Subject Alternative Name: 223s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 223s Signature Algorithm: sha256WithRSAEncryption 223s Signature Value: 223s 0d:9c:af:81:b2:ac:6a:59:85:da:f6:c2:2d:1d:1a:8c:51:3a: 223s 75:f5:b3:f5:b1:e1:ad:2a:9c:0a:a3:3f:43:48:e9:97:c8:fa: 223s 76:d3:5a:05:56:d4:b6:b3:a9:b6:93:2e:bf:89:84:c2:e2:89: 223s 30:4c:7b:f1:02:24:16:dc:0d:20:bc:99:8b:f8:41:fd:a6:4e: 223s 14:9b:10:1a:8e:47:7d:1a:0a:d7:e5:cf:ab:e5:57:20:9a:ea: 223s 83:2e:49:06:f0:d5:d8:10:18:8e:0f:de:1a:5a:00:b7:43:7d: 223s 9a:b4:81:c3:74:2e:28:89:a7:f8:d1:05:d2:7e:94:88:4c:ca: 223s 3d:d0 223s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-vGKIeX/SSSD-child-12684-auth.pem 223s + found_md5=Modulus=E83A11F8A730B4350976932391889B359F16A032E074B61A170A032D4C601B200EB022DF7B01DB029111687CCE3558C3B8C76187F22D48E15EECA566727822F284EF80497A958BE944EC725C4FE4DBC2F8C40D1888FFFBD8207341D8E7F4990B3B4FF5362F50590B07D0E8CDD6E92F8F6B855DD26F3914CE1F085A67C67173BB 223s + '[' Modulus=E83A11F8A730B4350976932391889B359F16A032E074B61A170A032D4C601B200EB022DF7B01DB029111687CCE3558C3B8C76187F22D48E15EECA566727822F284EF80497A958BE944EC725C4FE4DBC2F8C40D1888FFFBD8207341D8E7F4990B3B4FF5362F50590B07D0E8CDD6E92F8F6B855DD26F3914CE1F085A67C67173BB '!=' Modulus=E83A11F8A730B4350976932391889B359F16A032E074B61A170A032D4C601B200EB022DF7B01DB029111687CCE3558C3B8C76187F22D48E15EECA566727822F284EF80497A958BE944EC725C4FE4DBC2F8C40D1888FFFBD8207341D8E7F4990B3B4FF5362F50590B07D0E8CDD6E92F8F6B855DD26F3914CE1F085A67C67173BB ']' 223s + invalid_certificate /tmp/sssd-softhsm2-vGKIeX/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-7510 /tmp/sssd-softhsm2-vGKIeX/test-sub-intermediate-CA.pem 223s + check_certificate /tmp/sssd-softhsm2-vGKIeX/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-7510 /tmp/sssd-softhsm2-vGKIeX/test-sub-intermediate-CA.pem 223s + local certificate=/tmp/sssd-softhsm2-vGKIeX/test-sub-intermediate-CA-trusted-certificate-0001.pem 223s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-7510 223s + local key_ring=/tmp/sssd-softhsm2-vGKIeX/test-sub-intermediate-CA.pem 223s + local verify_option= 223s + prepare_softhsm2_card /tmp/sssd-softhsm2-vGKIeX/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-7510 223s + local certificate=/tmp/sssd-softhsm2-vGKIeX/test-sub-intermediate-CA-trusted-certificate-0001.pem 223s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-7510 223s + local key_cn 223s + local key_name 223s + local tokens_dir 223s + local output_cert_file 223s + token_name= 223s ++ basename /tmp/sssd-softhsm2-vGKIeX/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 223s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 223s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-vGKIeX/test-sub-intermediate-CA-trusted-certificate-0001.pem 223s ++ sed -n 's/ *commonName *= //p' 223s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 223s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 223s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-vGKIeX/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 223s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-vGKIeX/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 223s ++ basename /tmp/sssd-softhsm2-vGKIeX/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 223s + tokens_dir=/tmp/sssd-softhsm2-vGKIeX/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 223s + token_name='Test Organization Sub Int Token' 223s + '[' '!' -e /tmp/sssd-softhsm2-vGKIeX/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 223s + '[' '!' -d /tmp/sssd-softhsm2-vGKIeX/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 223s + echo 'Test Organization Sub Int Token' 223s Test Organization Sub Int Token 223s + '[' -n '' ']' 223s + local output_base_name=SSSD-child-29139 223s + local output_file=/tmp/sssd-softhsm2-vGKIeX/SSSD-child-29139.output 223s + output_cert_file=/tmp/sssd-softhsm2-vGKIeX/SSSD-child-29139.pem 223s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-vGKIeX/test-sub-intermediate-CA.pem 223s [p11_child[2480]] [main] (0x0400): p11_child started. 223s [p11_child[2480]] [main] (0x2000): Running in [pre-auth] mode. 223s [p11_child[2480]] [main] (0x2000): Running with effective IDs: [0][0]. 223s [p11_child[2480]] [main] (0x2000): Running with real IDs [0][0]. 223s [p11_child[2480]] [do_card] (0x4000): Module List: 223s [p11_child[2480]] [do_card] (0x4000): common name: [softhsm2]. 223s [p11_child[2480]] [do_card] (0x4000): dll name: [/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 223s [p11_child[2480]] [do_card] (0x4000): Description [SoftHSM slot ID 0x6a65d7f8] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 223s [p11_child[2480]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 223s [p11_child[2480]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x6a65d7f8][1785059320] of module [0][/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 223s [p11_child[2480]] [do_card] (0x4000): Login NOT required. 223s [p11_child[2480]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 223s [p11_child[2480]] [do_verification] (0x0040): X509_verify_cert failed [0]. 223s [p11_child[2480]] [do_verification] (0x0040): X509_verify_cert failed [2][unable to get issuer certificate]. 223s [p11_child[2480]] [read_certs] (0x0040): Certificate [Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] not valid, skipping. 223s [p11_child[2480]] [do_card] (0x4000): No certificate found. 223s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-vGKIeX/SSSD-child-29139.output 223s + return 2 223s + invalid_certificate /tmp/sssd-softhsm2-vGKIeX/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-7510 /tmp/sssd-softhsm2-vGKIeX/test-root-intermediate-chain-CA.pem partial_chain 223s + check_certificate /tmp/sssd-softhsm2-vGKIeX/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-7510 /tmp/sssd-softhsm2-vGKIeX/test-root-intermediate-chain-CA.pem partial_chain 223s + local certificate=/tmp/sssd-softhsm2-vGKIeX/test-sub-intermediate-CA-trusted-certificate-0001.pem 223s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-7510 223s + local key_ring=/tmp/sssd-softhsm2-vGKIeX/test-root-intermediate-chain-CA.pem 223s + local verify_option=partial_chain 223s + prepare_softhsm2_card /tmp/sssd-softhsm2-vGKIeX/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-7510 223s + local certificate=/tmp/sssd-softhsm2-vGKIeX/test-sub-intermediate-CA-trusted-certificate-0001.pem 223s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-7510 223s + local key_cn 223s + local key_name 223s + local tokens_dir 223s + local output_cert_file 223s + token_name= 223s ++ basename /tmp/sssd-softhsm2-vGKIeX/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 223s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 223s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-vGKIeX/test-sub-intermediate-CA-trusted-certificate-0001.pem 223s ++ sed -n 's/ *commonName *= //p' 223s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 223s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 223s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-vGKIeX/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 223s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-vGKIeX/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 223s Test Organization Sub Int Token 223s ++ basename /tmp/sssd-softhsm2-vGKIeX/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 223s + tokens_dir=/tmp/sssd-softhsm2-vGKIeX/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 223s + token_name='Test Organization Sub Int Token' 223s + '[' '!' -e /tmp/sssd-softhsm2-vGKIeX/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 223s + '[' '!' -d /tmp/sssd-softhsm2-vGKIeX/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 223s + echo 'Test Organization Sub Int Token' 223s + '[' -n partial_chain ']' 223s + local verify_arg=--verify=partial_chain 223s + local output_base_name=SSSD-child-5269 223s + local output_file=/tmp/sssd-softhsm2-vGKIeX/SSSD-child-5269.output 223s + output_cert_file=/tmp/sssd-softhsm2-vGKIeX/SSSD-child-5269.pem 223s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-vGKIeX/test-root-intermediate-chain-CA.pem 223s [p11_child[2487]] [main] (0x0400): p11_child started. 223s [p11_child[2487]] [main] (0x2000): Running in [pre-auth] mode. 223s [p11_child[2487]] [main] (0x2000): Running with effective IDs: [0][0]. 223s [p11_child[2487]] [main] (0x2000): Running with real IDs [0][0]. 223s [p11_child[2487]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 223s [p11_child[2487]] [do_card] (0x4000): Module List: 223s [p11_child[2487]] [do_card] (0x4000): common name: [softhsm2]. 223s [p11_child[2487]] [do_card] (0x4000): dll name: [/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 223s [p11_child[2487]] [do_card] (0x4000): Description [SoftHSM slot ID 0x6a65d7f8] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 223s [p11_child[2487]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 223s [p11_child[2487]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x6a65d7f8][1785059320] of module [0][/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 223s [p11_child[2487]] [do_card] (0x4000): Login NOT required. 223s [p11_child[2487]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 223s [p11_child[2487]] [do_verification] (0x0040): X509_verify_cert failed [0]. 223s [p11_child[2487]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 223s [p11_child[2487]] [read_certs] (0x0040): Certificate [Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] not valid, skipping. 223s [p11_child[2487]] [do_card] (0x4000): No certificate found. 223s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-vGKIeX/SSSD-child-5269.output 223s + return 2 223s + valid_certificate /tmp/sssd-softhsm2-vGKIeX/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-7510 /tmp/sssd-softhsm2-vGKIeX/test-sub-intermediate-CA.pem partial_chain 223s + check_certificate /tmp/sssd-softhsm2-vGKIeX/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-7510 /tmp/sssd-softhsm2-vGKIeX/test-sub-intermediate-CA.pem partial_chain 223s + local certificate=/tmp/sssd-softhsm2-vGKIeX/test-sub-intermediate-CA-trusted-certificate-0001.pem 223s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-7510 223s + local key_ring=/tmp/sssd-softhsm2-vGKIeX/test-sub-intermediate-CA.pem 223s + local verify_option=partial_chain 223s + prepare_softhsm2_card /tmp/sssd-softhsm2-vGKIeX/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-7510 223s + local certificate=/tmp/sssd-softhsm2-vGKIeX/test-sub-intermediate-CA-trusted-certificate-0001.pem 223s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-7510 223s + local key_cn 223s + local key_name 223s + local tokens_dir 223s + local output_cert_file 223s + token_name= 223s ++ basename /tmp/sssd-softhsm2-vGKIeX/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 223s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 223s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-vGKIeX/test-sub-intermediate-CA-trusted-certificate-0001.pem 223s ++ sed -n 's/ *commonName *= //p' 223s Test Organization Sub Int Token 223s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 223s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 223s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-vGKIeX/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 223s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-vGKIeX/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 223s ++ basename /tmp/sssd-softhsm2-vGKIeX/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 223s + tokens_dir=/tmp/sssd-softhsm2-vGKIeX/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 223s + token_name='Test Organization Sub Int Token' 223s + '[' '!' -e /tmp/sssd-softhsm2-vGKIeX/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 223s + '[' '!' -d /tmp/sssd-softhsm2-vGKIeX/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 223s + echo 'Test Organization Sub Int Token' 223s + '[' -n partial_chain ']' 223s + local verify_arg=--verify=partial_chain 223s + local output_base_name=SSSD-child-18565 223s + local output_file=/tmp/sssd-softhsm2-vGKIeX/SSSD-child-18565.output 223s + output_cert_file=/tmp/sssd-softhsm2-vGKIeX/SSSD-child-18565.pem 223s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-vGKIeX/test-sub-intermediate-CA.pem 223s [p11_child[2494]] [main] (0x0400): p11_child started. 223s [p11_child[2494]] [main] (0x2000): Running in [pre-auth] mode. 223s [p11_child[2494]] [main] (0x2000): Running with effective IDs: [0][0]. 223s [p11_child[2494]] [main] (0x2000): Running with real IDs [0][0]. 223s [p11_child[2494]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 223s [p11_child[2494]] [do_card] (0x4000): Module List: 223s [p11_child[2494]] [do_card] (0x4000): common name: [softhsm2]. 223s [p11_child[2494]] [do_card] (0x4000): dll name: [/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 223s [p11_child[2494]] [do_card] (0x4000): Description [SoftHSM slot ID 0x6a65d7f8] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 223s [p11_child[2494]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 223s [p11_child[2494]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x6a65d7f8][1785059320] of module [0][/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 223s [p11_child[2494]] [do_card] (0x4000): Login NOT required. 223s [p11_child[2494]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 223s [p11_child[2494]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 223s [p11_child[2494]] [do_card] (0x4000): /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Sub Int Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 223s [p11_child[2494]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x6a65d7f8;slot-manufacturer=SoftHSM%20project;slot-id=1785059320;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=0a8d3f0eea65d7f8;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 223s [p11_child[2494]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 223s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-vGKIeX/SSSD-child-18565.output 223s + echo '-----BEGIN CERTIFICATE-----' 223s + tail -n1 /tmp/sssd-softhsm2-vGKIeX/SSSD-child-18565.output 223s + echo '-----END CERTIFICATE-----' 223s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-vGKIeX/SSSD-child-18565.pem 223s Certificate: 223s Data: 223s Version: 3 (0x2) 223s Serial Number: 5 (0x5) 223s Signature Algorithm: sha256WithRSAEncryption 223s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 223s Validity 223s Not Before: Nov 16 08:20:19 2024 GMT 223s Not After : Nov 16 08:20:19 2025 GMT 223s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 223s Subject Public Key Info: 223s Public Key Algorithm: rsaEncryption 223s Public-Key: (1024 bit) 223s Modulus: 223s 00:e8:3a:11:f8:a7:30:b4:35:09:76:93:23:91:88: 223s 9b:35:9f:16:a0:32:e0:74:b6:1a:17:0a:03:2d:4c: 223s 60:1b:20:0e:b0:22:df:7b:01:db:02:91:11:68:7c: 223s ce:35:58:c3:b8:c7:61:87:f2:2d:48:e1:5e:ec:a5: 223s 66:72:78:22:f2:84:ef:80:49:7a:95:8b:e9:44:ec: 223s 72:5c:4f:e4:db:c2:f8:c4:0d:18:88:ff:fb:d8:20: 223s 73:41:d8:e7:f4:99:0b:3b:4f:f5:36:2f:50:59:0b: 223s 07:d0:e8:cd:d6:e9:2f:8f:6b:85:5d:d2:6f:39:14: 223s ce:1f:08:5a:67:c6:71:73:bb 223s Exponent: 65537 (0x10001) 223s X509v3 extensions: 223s X509v3 Authority Key Identifier: 223s CE:E4:D7:C9:62:F1:65:AA:C8:13:A2:88:4D:DA:19:76:0B:96:7C:FE 223s X509v3 Basic Constraints: 223s CA:FALSE 223s Netscape Cert Type: 223s SSL Client, S/MIME 223s Netscape Comment: 223s Test Organization Sub Intermediate CA trusted Certificate 223s X509v3 Subject Key Identifier: 223s 7A:A6:DC:30:F9:06:79:24:AF:BF:1F:08:2E:CA:59:3B:4D:D9:7D:27 223s X509v3 Key Usage: critical 223s Digital Signature, Non Repudiation, Key Encipherment 223s X509v3 Extended Key Usage: 223s TLS Web Client Authentication, E-mail Protection 223s X509v3 Subject Alternative Name: 223s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 223s Signature Algorithm: sha256WithRSAEncryption 223s Signature Value: 223s 0d:9c:af:81:b2:ac:6a:59:85:da:f6:c2:2d:1d:1a:8c:51:3a: 223s 75:f5:b3:f5:b1:e1:ad:2a:9c:0a:a3:3f:43:48:e9:97:c8:fa: 223s 76:d3:5a:05:56:d4:b6:b3:a9:b6:93:2e:bf:89:84:c2:e2:89: 223s 30:4c:7b:f1:02:24:16:dc:0d:20:bc:99:8b:f8:41:fd:a6:4e: 223s 14:9b:10:1a:8e:47:7d:1a:0a:d7:e5:cf:ab:e5:57:20:9a:ea: 223s 83:2e:49:06:f0:d5:d8:10:18:8e:0f:de:1a:5a:00:b7:43:7d: 223s 9a:b4:81:c3:74:2e:28:89:a7:f8:d1:05:d2:7e:94:88:4c:ca: 223s 3d:d0 223s + local found_md5 expected_md5 223s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-vGKIeX/test-sub-intermediate-CA-trusted-certificate-0001.pem 223s + expected_md5=Modulus=E83A11F8A730B4350976932391889B359F16A032E074B61A170A032D4C601B200EB022DF7B01DB029111687CCE3558C3B8C76187F22D48E15EECA566727822F284EF80497A958BE944EC725C4FE4DBC2F8C40D1888FFFBD8207341D8E7F4990B3B4FF5362F50590B07D0E8CDD6E92F8F6B855DD26F3914CE1F085A67C67173BB 223s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-vGKIeX/SSSD-child-18565.pem 223s + found_md5=Modulus=E83A11F8A730B4350976932391889B359F16A032E074B61A170A032D4C601B200EB022DF7B01DB029111687CCE3558C3B8C76187F22D48E15EECA566727822F284EF80497A958BE944EC725C4FE4DBC2F8C40D1888FFFBD8207341D8E7F4990B3B4FF5362F50590B07D0E8CDD6E92F8F6B855DD26F3914CE1F085A67C67173BB 223s + '[' Modulus=E83A11F8A730B4350976932391889B359F16A032E074B61A170A032D4C601B200EB022DF7B01DB029111687CCE3558C3B8C76187F22D48E15EECA566727822F284EF80497A958BE944EC725C4FE4DBC2F8C40D1888FFFBD8207341D8E7F4990B3B4FF5362F50590B07D0E8CDD6E92F8F6B855DD26F3914CE1F085A67C67173BB '!=' Modulus=E83A11F8A730B4350976932391889B359F16A032E074B61A170A032D4C601B200EB022DF7B01DB029111687CCE3558C3B8C76187F22D48E15EECA566727822F284EF80497A958BE944EC725C4FE4DBC2F8C40D1888FFFBD8207341D8E7F4990B3B4FF5362F50590B07D0E8CDD6E92F8F6B855DD26F3914CE1F085A67C67173BB ']' 223s + output_file=/tmp/sssd-softhsm2-vGKIeX/SSSD-child-18565-auth.output 223s ++ basename /tmp/sssd-softhsm2-vGKIeX/SSSD-child-18565-auth.output .output 223s + output_cert_file=/tmp/sssd-softhsm2-vGKIeX/SSSD-child-18565-auth.pem 223s + echo -n 053350 223s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-vGKIeX/test-sub-intermediate-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Sub Int Token' --module_name /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so 223s [p11_child[2503]] [main] (0x0400): p11_child started. 223s [p11_child[2503]] [main] (0x2000): Running in [auth] mode. 223s [p11_child[2503]] [main] (0x2000): Running with effective IDs: [0][0]. 223s [p11_child[2503]] [main] (0x2000): Running with real IDs [0][0]. 223s [p11_child[2503]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 223s [p11_child[2503]] [do_card] (0x4000): Module List: 223s [p11_child[2503]] [do_card] (0x4000): common name: [softhsm2]. 223s [p11_child[2503]] [do_card] (0x4000): dll name: [/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 223s [p11_child[2503]] [do_card] (0x4000): Description [SoftHSM slot ID 0x6a65d7f8] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 223s [p11_child[2503]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 223s [p11_child[2503]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x6a65d7f8][1785059320] of module [0][/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 223s [p11_child[2503]] [do_card] (0x4000): Login required. 223s [p11_child[2503]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 223s [p11_child[2503]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 223s [p11_child[2503]] [do_card] (0x4000): /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so Test Organization Sub Int Token Test Organization Sub Int Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 223s [p11_child[2503]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x6a65d7f8;slot-manufacturer=SoftHSM%20project;slot-id=1785059320;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=0a8d3f0eea65d7f8;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 223s [p11_child[2503]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 223s [p11_child[2503]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 223s [p11_child[2503]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 223s [p11_child[2503]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 223s [p11_child[2503]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 223s [p11_child[2503]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 223s [p11_child[2503]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 223s [p11_child[2503]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 223s [p11_child[2503]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 223s [p11_child[2503]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 223s [p11_child[2503]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 223s [p11_child[2503]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 223s [p11_child[2503]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 223s [p11_child[2503]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 223s [p11_child[2503]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 223s [p11_child[2503]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 223s [p11_child[2503]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 223s [p11_child[2503]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 223s [p11_child[2503]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 223s [p11_child[2503]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 223s [p11_child[2503]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 223s [p11_child[2503]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 223s [p11_child[2503]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 223s [p11_child[2503]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 223s [p11_child[2503]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 223s [p11_child[2503]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 223s [p11_child[2503]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 223s [p11_child[2503]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 223s [p11_child[2503]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 223s [p11_child[2503]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 223s [p11_child[2503]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 223s [p11_child[2503]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 223s [p11_child[2503]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 223s [p11_child[2503]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 223s [p11_child[2503]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 223s [p11_child[2503]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 223s [p11_child[2503]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 223s [p11_child[2503]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 223s [p11_child[2503]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 223s [p11_child[2503]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 223s [p11_child[2503]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 223s [p11_child[2503]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 223s [p11_child[2503]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 223s [p11_child[2503]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 223s [p11_child[2503]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 223s [p11_child[2503]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 223s [p11_child[2503]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 223s [p11_child[2503]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 223s [p11_child[2503]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 223s [p11_child[2503]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 223s [p11_child[2503]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 223s [p11_child[2503]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 223s [p11_child[2503]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 223s [p11_child[2503]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 223s [p11_child[2503]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 223s [p11_child[2503]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 223s [p11_child[2503]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 223s [p11_child[2503]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 223s [p11_child[2503]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 223s [p11_child[2503]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 223s [p11_child[2503]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 223s [p11_child[2503]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 223s [p11_child[2503]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 223s [p11_child[2503]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 223s [p11_child[2503]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 223s [p11_child[2503]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 223s [p11_child[2503]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 223s [p11_child[2503]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 223s [p11_child[2503]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 223s [p11_child[2503]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 223s [p11_child[2503]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 223s [p11_child[2503]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 223s [p11_child[2503]] [do_card] (0x4000): Certificate verified and validated. 223s [p11_child[2503]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 223s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-vGKIeX/SSSD-child-18565-auth.output 223s + echo '-----BEGIN CERTIFICATE-----' 223s + tail -n1 /tmp/sssd-softhsm2-vGKIeX/SSSD-child-18565-auth.output 223s + echo '-----END CERTIFICATE-----' 223s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-vGKIeX/SSSD-child-18565-auth.pem 223s Certificate: 223s Data: 223s Version: 3 (0x2) 223s Serial Number: 5 (0x5) 223s Signature Algorithm: sha256WithRSAEncryption 223s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 223s Validity 223s Not Before: Nov 16 08:20:19 2024 GMT 223s Not After : Nov 16 08:20:19 2025 GMT 223s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 223s Subject Public Key Info: 223s Public Key Algorithm: rsaEncryption 223s Public-Key: (1024 bit) 223s Modulus: 223s 00:e8:3a:11:f8:a7:30:b4:35:09:76:93:23:91:88: 223s 9b:35:9f:16:a0:32:e0:74:b6:1a:17:0a:03:2d:4c: 223s 60:1b:20:0e:b0:22:df:7b:01:db:02:91:11:68:7c: 223s ce:35:58:c3:b8:c7:61:87:f2:2d:48:e1:5e:ec:a5: 223s 66:72:78:22:f2:84:ef:80:49:7a:95:8b:e9:44:ec: 223s 72:5c:4f:e4:db:c2:f8:c4:0d:18:88:ff:fb:d8:20: 223s 73:41:d8:e7:f4:99:0b:3b:4f:f5:36:2f:50:59:0b: 223s 07:d0:e8:cd:d6:e9:2f:8f:6b:85:5d:d2:6f:39:14: 223s ce:1f:08:5a:67:c6:71:73:bb 223s Exponent: 65537 (0x10001) 223s X509v3 extensions: 223s X509v3 Authority Key Identifier: 223s CE:E4:D7:C9:62:F1:65:AA:C8:13:A2:88:4D:DA:19:76:0B:96:7C:FE 223s X509v3 Basic Constraints: 223s CA:FALSE 223s Netscape Cert Type: 223s SSL Client, S/MIME 223s Netscape Comment: 223s Test Organization Sub Intermediate CA trusted Certificate 223s X509v3 Subject Key Identifier: 223s 7A:A6:DC:30:F9:06:79:24:AF:BF:1F:08:2E:CA:59:3B:4D:D9:7D:27 223s X509v3 Key Usage: critical 223s Digital Signature, Non Repudiation, Key Encipherment 223s X509v3 Extended Key Usage: 223s TLS Web Client Authentication, E-mail Protection 223s X509v3 Subject Alternative Name: 223s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 223s Signature Algorithm: sha256WithRSAEncryption 223s Signature Value: 223s 0d:9c:af:81:b2:ac:6a:59:85:da:f6:c2:2d:1d:1a:8c:51:3a: 223s 75:f5:b3:f5:b1:e1:ad:2a:9c:0a:a3:3f:43:48:e9:97:c8:fa: 223s 76:d3:5a:05:56:d4:b6:b3:a9:b6:93:2e:bf:89:84:c2:e2:89: 223s 30:4c:7b:f1:02:24:16:dc:0d:20:bc:99:8b:f8:41:fd:a6:4e: 223s 14:9b:10:1a:8e:47:7d:1a:0a:d7:e5:cf:ab:e5:57:20:9a:ea: 223s 83:2e:49:06:f0:d5:d8:10:18:8e:0f:de:1a:5a:00:b7:43:7d: 223s 9a:b4:81:c3:74:2e:28:89:a7:f8:d1:05:d2:7e:94:88:4c:ca: 223s 3d:d0 223s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-vGKIeX/SSSD-child-18565-auth.pem 224s + found_md5=Modulus=E83A11F8A730B4350976932391889B359F16A032E074B61A170A032D4C601B200EB022DF7B01DB029111687CCE3558C3B8C76187F22D48E15EECA566727822F284EF80497A958BE944EC725C4FE4DBC2F8C40D1888FFFBD8207341D8E7F4990B3B4FF5362F50590B07D0E8CDD6E92F8F6B855DD26F3914CE1F085A67C67173BB 224s + '[' Modulus=E83A11F8A730B4350976932391889B359F16A032E074B61A170A032D4C601B200EB022DF7B01DB029111687CCE3558C3B8C76187F22D48E15EECA566727822F284EF80497A958BE944EC725C4FE4DBC2F8C40D1888FFFBD8207341D8E7F4990B3B4FF5362F50590B07D0E8CDD6E92F8F6B855DD26F3914CE1F085A67C67173BB '!=' Modulus=E83A11F8A730B4350976932391889B359F16A032E074B61A170A032D4C601B200EB022DF7B01DB029111687CCE3558C3B8C76187F22D48E15EECA566727822F284EF80497A958BE944EC725C4FE4DBC2F8C40D1888FFFBD8207341D8E7F4990B3B4FF5362F50590B07D0E8CDD6E92F8F6B855DD26F3914CE1F085A67C67173BB ']' 224s + valid_certificate /tmp/sssd-softhsm2-vGKIeX/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-7510 /tmp/sssd-softhsm2-vGKIeX/test-intermediate-sub-chain-CA.pem partial_chain 224s + check_certificate /tmp/sssd-softhsm2-vGKIeX/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-7510 /tmp/sssd-softhsm2-vGKIeX/test-intermediate-sub-chain-CA.pem partial_chain 224s + local certificate=/tmp/sssd-softhsm2-vGKIeX/test-sub-intermediate-CA-trusted-certificate-0001.pem 224s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-7510 224s + local key_ring=/tmp/sssd-softhsm2-vGKIeX/test-intermediate-sub-chain-CA.pem 224s + local verify_option=partial_chain 224s + prepare_softhsm2_card /tmp/sssd-softhsm2-vGKIeX/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-7510 224s + local certificate=/tmp/sssd-softhsm2-vGKIeX/test-sub-intermediate-CA-trusted-certificate-0001.pem 224s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-7510 224s + local key_cn 224s + local key_name 224s + local tokens_dir 224s + local output_cert_file 224s + token_name= 224s ++ basename /tmp/sssd-softhsm2-vGKIeX/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 224s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 224s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-vGKIeX/test-sub-intermediate-CA-trusted-certificate-0001.pem 224s ++ sed -n 's/ *commonName *= //p' 224s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 224s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 224s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-vGKIeX/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 224s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-vGKIeX/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 224s ++ basename /tmp/sssd-softhsm2-vGKIeX/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 224s + tokens_dir=/tmp/sssd-softhsm2-vGKIeX/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 224s + token_name='Test Organization Sub Int Token' 224s + '[' '!' -e /tmp/sssd-softhsm2-vGKIeX/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 224s + '[' '!' -d /tmp/sssd-softhsm2-vGKIeX/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 224s Test Organization Sub Int Token 224s + echo 'Test Organization Sub Int Token' 224s + '[' -n partial_chain ']' 224s + local verify_arg=--verify=partial_chain 224s + local output_base_name=SSSD-child-29167 224s + local output_file=/tmp/sssd-softhsm2-vGKIeX/SSSD-child-29167.output 224s + output_cert_file=/tmp/sssd-softhsm2-vGKIeX/SSSD-child-29167.pem 224s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-vGKIeX/test-intermediate-sub-chain-CA.pem 224s [p11_child[2513]] [main] (0x0400): p11_child started. 224s [p11_child[2513]] [main] (0x2000): Running in [pre-auth] mode. 224s [p11_child[2513]] [main] (0x2000): Running with effective IDs: [0][0]. 224s [p11_child[2513]] [main] (0x2000): Running with real IDs [0][0]. 224s [p11_child[2513]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 224s [p11_child[2513]] [do_card] (0x4000): Module List: 224s [p11_child[2513]] [do_card] (0x4000): common name: [softhsm2]. 224s [p11_child[2513]] [do_card] (0x4000): dll name: [/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 224s [p11_child[2513]] [do_card] (0x4000): Description [SoftHSM slot ID 0x6a65d7f8] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 224s [p11_child[2513]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 224s [p11_child[2513]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x6a65d7f8][1785059320] of module [0][/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 224s [p11_child[2513]] [do_card] (0x4000): Login NOT required. 224s [p11_child[2513]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 224s [p11_child[2513]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 224s [p11_child[2513]] [do_card] (0x4000): /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Sub Int Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 224s [p11_child[2513]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x6a65d7f8;slot-manufacturer=SoftHSM%20project;slot-id=1785059320;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=0a8d3f0eea65d7f8;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 224s [p11_child[2513]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 224s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-vGKIeX/SSSD-child-29167.output 224s + echo '-----BEGIN CERTIFICATE-----' 224s + tail -n1 /tmp/sssd-softhsm2-vGKIeX/SSSD-child-29167.output 224s + echo '-----END CERTIFICATE-----' 224s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-vGKIeX/SSSD-child-29167.pem 224s Certificate: 224s Data: 224s Version: 3 (0x2) 224s Serial Number: 5 (0x5) 224s Signature Algorithm: sha256WithRSAEncryption 224s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 224s Validity 224s Not Before: Nov 16 08:20:19 2024 GMT 224s Not After : Nov 16 08:20:19 2025 GMT 224s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 224s Subject Public Key Info: 224s Public Key Algorithm: rsaEncryption 224s Public-Key: (1024 bit) 224s Modulus: 224s 00:e8:3a:11:f8:a7:30:b4:35:09:76:93:23:91:88: 224s 9b:35:9f:16:a0:32:e0:74:b6:1a:17:0a:03:2d:4c: 224s 60:1b:20:0e:b0:22:df:7b:01:db:02:91:11:68:7c: 224s ce:35:58:c3:b8:c7:61:87:f2:2d:48:e1:5e:ec:a5: 224s 66:72:78:22:f2:84:ef:80:49:7a:95:8b:e9:44:ec: 224s 72:5c:4f:e4:db:c2:f8:c4:0d:18:88:ff:fb:d8:20: 224s 73:41:d8:e7:f4:99:0b:3b:4f:f5:36:2f:50:59:0b: 224s 07:d0:e8:cd:d6:e9:2f:8f:6b:85:5d:d2:6f:39:14: 224s ce:1f:08:5a:67:c6:71:73:bb 224s Exponent: 65537 (0x10001) 224s X509v3 extensions: 224s X509v3 Authority Key Identifier: 224s CE:E4:D7:C9:62:F1:65:AA:C8:13:A2:88:4D:DA:19:76:0B:96:7C:FE 224s X509v3 Basic Constraints: 224s CA:FALSE 224s Netscape Cert Type: 224s SSL Client, S/MIME 224s Netscape Comment: 224s Test Organization Sub Intermediate CA trusted Certificate 224s X509v3 Subject Key Identifier: 224s 7A:A6:DC:30:F9:06:79:24:AF:BF:1F:08:2E:CA:59:3B:4D:D9:7D:27 224s X509v3 Key Usage: critical 224s Digital Signature, Non Repudiation, Key Encipherment 224s X509v3 Extended Key Usage: 224s TLS Web Client Authentication, E-mail Protection 224s X509v3 Subject Alternative Name: 224s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 224s Signature Algorithm: sha256WithRSAEncryption 224s Signature Value: 224s 0d:9c:af:81:b2:ac:6a:59:85:da:f6:c2:2d:1d:1a:8c:51:3a: 224s 75:f5:b3:f5:b1:e1:ad:2a:9c:0a:a3:3f:43:48:e9:97:c8:fa: 224s 76:d3:5a:05:56:d4:b6:b3:a9:b6:93:2e:bf:89:84:c2:e2:89: 224s 30:4c:7b:f1:02:24:16:dc:0d:20:bc:99:8b:f8:41:fd:a6:4e: 224s 14:9b:10:1a:8e:47:7d:1a:0a:d7:e5:cf:ab:e5:57:20:9a:ea: 224s 83:2e:49:06:f0:d5:d8:10:18:8e:0f:de:1a:5a:00:b7:43:7d: 224s 9a:b4:81:c3:74:2e:28:89:a7:f8:d1:05:d2:7e:94:88:4c:ca: 224s 3d:d0 224s + local found_md5 expected_md5 224s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-vGKIeX/test-sub-intermediate-CA-trusted-certificate-0001.pem 224s + expected_md5=Modulus=E83A11F8A730B4350976932391889B359F16A032E074B61A170A032D4C601B200EB022DF7B01DB029111687CCE3558C3B8C76187F22D48E15EECA566727822F284EF80497A958BE944EC725C4FE4DBC2F8C40D1888FFFBD8207341D8E7F4990B3B4FF5362F50590B07D0E8CDD6E92F8F6B855DD26F3914CE1F085A67C67173BB 224s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-vGKIeX/SSSD-child-29167.pem 224s + found_md5=Modulus=E83A11F8A730B4350976932391889B359F16A032E074B61A170A032D4C601B200EB022DF7B01DB029111687CCE3558C3B8C76187F22D48E15EECA566727822F284EF80497A958BE944EC725C4FE4DBC2F8C40D1888FFFBD8207341D8E7F4990B3B4FF5362F50590B07D0E8CDD6E92F8F6B855DD26F3914CE1F085A67C67173BB 224s + '[' Modulus=E83A11F8A730B4350976932391889B359F16A032E074B61A170A032D4C601B200EB022DF7B01DB029111687CCE3558C3B8C76187F22D48E15EECA566727822F284EF80497A958BE944EC725C4FE4DBC2F8C40D1888FFFBD8207341D8E7F4990B3B4FF5362F50590B07D0E8CDD6E92F8F6B855DD26F3914CE1F085A67C67173BB '!=' Modulus=E83A11F8A730B4350976932391889B359F16A032E074B61A170A032D4C601B200EB022DF7B01DB029111687CCE3558C3B8C76187F22D48E15EECA566727822F284EF80497A958BE944EC725C4FE4DBC2F8C40D1888FFFBD8207341D8E7F4990B3B4FF5362F50590B07D0E8CDD6E92F8F6B855DD26F3914CE1F085A67C67173BB ']' 224s + output_file=/tmp/sssd-softhsm2-vGKIeX/SSSD-child-29167-auth.output 224s ++ basename /tmp/sssd-softhsm2-vGKIeX/SSSD-child-29167-auth.output .output 224s + output_cert_file=/tmp/sssd-softhsm2-vGKIeX/SSSD-child-29167-auth.pem 224s + echo -n 053350 224s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-vGKIeX/test-intermediate-sub-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Sub Int Token' --module_name /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so 224s [p11_child[2521]] [main] (0x0400): p11_child started. 224s [p11_child[2521]] [main] (0x2000): Running in [auth] mode. 224s [p11_child[2521]] [main] (0x2000): Running with effective IDs: [0][0]. 224s [p11_child[2521]] [main] (0x2000): Running with real IDs [0][0]. 224s [p11_child[2521]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 224s [p11_child[2521]] [do_card] (0x4000): Module List: 224s [p11_child[2521]] [do_card] (0x4000): common name: [softhsm2]. 224s [p11_child[2521]] [do_card] (0x4000): dll name: [/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 224s [p11_child[2521]] [do_card] (0x4000): Description [SoftHSM slot ID 0x6a65d7f8] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 224s [p11_child[2521]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 224s [p11_child[2521]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x6a65d7f8][1785059320] of module [0][/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 224s [p11_child[2521]] [do_card] (0x4000): Login required. 224s [p11_child[2521]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 224s [p11_child[2521]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 224s [p11_child[2521]] [do_card] (0x4000): /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so Test Organization Sub Int Token Test Organization Sub Int Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 224s [p11_child[2521]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x6a65d7f8;slot-manufacturer=SoftHSM%20project;slot-id=1785059320;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=0a8d3f0eea65d7f8;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 224s [p11_child[2521]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 224s [p11_child[2521]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 224s [p11_child[2521]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 224s [p11_child[2521]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 224s [p11_child[2521]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 224s [p11_child[2521]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 224s [p11_child[2521]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 224s [p11_child[2521]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 224s [p11_child[2521]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 224s [p11_child[2521]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 224s [p11_child[2521]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 224s [p11_child[2521]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 224s [p11_child[2521]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 224s [p11_child[2521]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 224s [p11_child[2521]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 224s [p11_child[2521]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 224s [p11_child[2521]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 224s [p11_child[2521]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 224s [p11_child[2521]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 224s [p11_child[2521]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 224s [p11_child[2521]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 224s [p11_child[2521]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 224s [p11_child[2521]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 224s [p11_child[2521]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 224s [p11_child[2521]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 224s [p11_child[2521]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 224s [p11_child[2521]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 224s [p11_child[2521]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 224s [p11_child[2521]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 224s [p11_child[2521]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 224s [p11_child[2521]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 224s [p11_child[2521]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 224s [p11_child[2521]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 224s [p11_child[2521]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 224s [p11_child[2521]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 224s [p11_child[2521]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 224s [p11_child[2521]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 224s [p11_child[2521]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 224s [p11_child[2521]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 224s [p11_child[2521]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 224s [p11_child[2521]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 224s [p11_child[2521]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 224s [p11_child[2521]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 224s [p11_child[2521]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 224s [p11_child[2521]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 224s [p11_child[2521]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 224s [p11_child[2521]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 224s [p11_child[2521]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 224s [p11_child[2521]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 224s [p11_child[2521]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 224s [p11_child[2521]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 224s [p11_child[2521]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 224s [p11_child[2521]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 224s [p11_child[2521]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 224s [p11_child[2521]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 224s [p11_child[2521]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 224s [p11_child[2521]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 224s [p11_child[2521]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 224s [p11_child[2521]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 224s [p11_child[2521]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 224s [p11_child[2521]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 224s [p11_child[2521]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 224s [p11_child[2521]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 224s [p11_child[2521]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 224s [p11_child[2521]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 224s [p11_child[2521]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 224s [p11_child[2521]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 224s [p11_child[2521]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 224s [p11_child[2521]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 224s [p11_child[2521]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 224s [p11_child[2521]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 224s [p11_child[2521]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 224s [p11_child[2521]] [do_card] (0x4000): Certificate verified and validated. 224s [p11_child[2521]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 224s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-vGKIeX/SSSD-child-29167-auth.output 224s + echo '-----BEGIN CERTIFICATE-----' 224s + tail -n1 /tmp/sssd-softhsm2-vGKIeX/SSSD-child-29167-auth.output 224s + echo '-----END CERTIFICATE-----' 224s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-vGKIeX/SSSD-child-29167-auth.pem 224s Certificate: 224s Data: 224s Version: 3 (0x2) 224s Serial Number: 5 (0x5) 224s Signature Algorithm: sha256WithRSAEncryption 224s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 224s Validity 224s Not Before: Nov 16 08:20:19 2024 GMT 224s Not After : Nov 16 08:20:19 2025 GMT 224s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 224s Subject Public Key Info: 224s Public Key Algorithm: rsaEncryption 224s Public-Key: (1024 bit) 224s Modulus: 224s 00:e8:3a:11:f8:a7:30:b4:35:09:76:93:23:91:88: 224s 9b:35:9f:16:a0:32:e0:74:b6:1a:17:0a:03:2d:4c: 224s 60:1b:20:0e:b0:22:df:7b:01:db:02:91:11:68:7c: 224s ce:35:58:c3:b8:c7:61:87:f2:2d:48:e1:5e:ec:a5: 224s 66:72:78:22:f2:84:ef:80:49:7a:95:8b:e9:44:ec: 224s 72:5c:4f:e4:db:c2:f8:c4:0d:18:88:ff:fb:d8:20: 224s 73:41:d8:e7:f4:99:0b:3b:4f:f5:36:2f:50:59:0b: 224s 07:d0:e8:cd:d6:e9:2f:8f:6b:85:5d:d2:6f:39:14: 224s ce:1f:08:5a:67:c6:71:73:bb 224s Exponent: 65537 (0x10001) 224s X509v3 extensions: 224s X509v3 Authority Key Identifier: 224s CE:E4:D7:C9:62:F1:65:AA:C8:13:A2:88:4D:DA:19:76:0B:96:7C:FE 224s X509v3 Basic Constraints: 224s CA:FALSE 224s Netscape Cert Type: 224s SSL Client, S/MIME 224s Netscape Comment: 224s Test Organization Sub Intermediate CA trusted Certificate 224s X509v3 Subject Key Identifier: 224s 7A:A6:DC:30:F9:06:79:24:AF:BF:1F:08:2E:CA:59:3B:4D:D9:7D:27 224s X509v3 Key Usage: critical 224s Digital Signature, Non Repudiation, Key Encipherment 224s X509v3 Extended Key Usage: 224s TLS Web Client Authentication, E-mail Protection 224s X509v3 Subject Alternative Name: 224s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 224s Signature Algorithm: sha256WithRSAEncryption 224s Signature Value: 224s 0d:9c:af:81:b2:ac:6a:59:85:da:f6:c2:2d:1d:1a:8c:51:3a: 224s 75:f5:b3:f5:b1:e1:ad:2a:9c:0a:a3:3f:43:48:e9:97:c8:fa: 224s 76:d3:5a:05:56:d4:b6:b3:a9:b6:93:2e:bf:89:84:c2:e2:89: 224s 30:4c:7b:f1:02:24:16:dc:0d:20:bc:99:8b:f8:41:fd:a6:4e: 224s 14:9b:10:1a:8e:47:7d:1a:0a:d7:e5:cf:ab:e5:57:20:9a:ea: 224s 83:2e:49:06:f0:d5:d8:10:18:8e:0f:de:1a:5a:00:b7:43:7d: 224s 9a:b4:81:c3:74:2e:28:89:a7:f8:d1:05:d2:7e:94:88:4c:ca: 224s 3d:d0 224s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-vGKIeX/SSSD-child-29167-auth.pem 224s 224s + found_md5=Modulus=E83A11F8A730B4350976932391889B359F16A032E074B61A170A032D4C601B200EB022DF7B01DB029111687CCE3558C3B8C76187F22D48E15EECA566727822F284EF80497A958BE944EC725C4FE4DBC2F8C40D1888FFFBD8207341D8E7F4990B3B4FF5362F50590B07D0E8CDD6E92F8F6B855DD26F3914CE1F085A67C67173BB 224s + '[' Modulus=E83A11F8A730B4350976932391889B359F16A032E074B61A170A032D4C601B200EB022DF7B01DB029111687CCE3558C3B8C76187F22D48E15EECA566727822F284EF80497A958BE944EC725C4FE4DBC2F8C40D1888FFFBD8207341D8E7F4990B3B4FF5362F50590B07D0E8CDD6E92F8F6B855DD26F3914CE1F085A67C67173BB '!=' Modulus=E83A11F8A730B4350976932391889B359F16A032E074B61A170A032D4C601B200EB022DF7B01DB029111687CCE3558C3B8C76187F22D48E15EECA566727822F284EF80497A958BE944EC725C4FE4DBC2F8C40D1888FFFBD8207341D8E7F4990B3B4FF5362F50590B07D0E8CDD6E92F8F6B855DD26F3914CE1F085A67C67173BB ']' 224s + set +x 224s Test completed, Root CA and intermediate issued certificates verified! 224s autopkgtest [08:20:24]: test sssd-softhism2-certificates-tests.sh: -----------------------] 224s autopkgtest [08:20:24]: test sssd-softhism2-certificates-tests.sh: - - - - - - - - - - results - - - - - - - - - - 224s sssd-softhism2-certificates-tests.sh PASS 224s autopkgtest [08:20:24]: test sssd-smart-card-pam-auth-configs: preparing testbed 225s Reading package lists... 225s Building dependency tree... 225s Reading state information... 225s Starting pkgProblemResolver with broken count: 0 225s Starting 2 pkgProblemResolver with broken count: 0 226s Done 226s The following additional packages will be installed: 226s pamtester 226s The following NEW packages will be installed: 226s autopkgtest-satdep pamtester 226s 0 upgraded, 2 newly installed, 0 to remove and 0 not upgraded. 226s Need to get 12.7 kB/13.5 kB of archives. 226s After this operation, 36.9 kB of additional disk space will be used. 226s Get:1 /tmp/autopkgtest.sqpKAL/4-autopkgtest-satdep.deb autopkgtest-satdep amd64 0 [760 B] 226s Get:2 http://ftpmaster.internal/ubuntu noble/universe amd64 pamtester amd64 0.1.2-4 [12.7 kB] 226s Fetched 12.7 kB in 0s (435 kB/s) 226s Selecting previously unselected package pamtester. 226s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 74734 files and directories currently installed.) 226s Preparing to unpack .../pamtester_0.1.2-4_amd64.deb ... 226s Unpacking pamtester (0.1.2-4) ... 226s Selecting previously unselected package autopkgtest-satdep. 226s Preparing to unpack .../4-autopkgtest-satdep.deb ... 226s Unpacking autopkgtest-satdep (0) ... 226s Setting up pamtester (0.1.2-4) ... 226s Setting up autopkgtest-satdep (0) ... 226s Processing triggers for man-db (2.12.0-4build2) ... 228s (Reading database ... 74740 files and directories currently installed.) 228s Removing autopkgtest-satdep (0) ... 229s autopkgtest [08:20:29]: test sssd-smart-card-pam-auth-configs: env OFFLINE_MODE=1 bash debian/tests/sssd-smart-card-pam-auth-configs-tester.sh 229s autopkgtest [08:20:29]: test sssd-smart-card-pam-auth-configs: [----------------------- 229s + '[' -z ubuntu ']' 229s + export DEBIAN_FRONTEND=noninteractive 229s + DEBIAN_FRONTEND=noninteractive 229s + required_tools=(pamtester softhsm2-util sssd) 229s + [[ ! -v OFFLINE_MODE ]] 229s + for cmd in "${required_tools[@]}" 229s + command -v pamtester 229s + for cmd in "${required_tools[@]}" 229s + command -v softhsm2-util 229s + for cmd in "${required_tools[@]}" 229s + command -v sssd 229s + PIN=123456 229s ++ mktemp -d -t sssd-softhsm2-certs-XXXXXX 229s + tmpdir=/tmp/sssd-softhsm2-certs-aNtZIl 229s + backupsdir= 229s + alternative_pam_configs=(sss-smart-card-optional sss-smart-card-required) 229s + declare -a restore_paths 229s + declare -a delete_paths 229s + trap handle_exit EXIT 229s ++ dirname debian/tests/sssd-smart-card-pam-auth-configs-tester.sh 229s + tester=debian/tests/sssd-softhism2-certificates-tests.sh 229s + '[' '!' -e debian/tests/sssd-softhism2-certificates-tests.sh ']' 229s + '[' '!' -e debian/tests/sssd-softhism2-certificates-tests.sh ']' 229s + export PIN TEST_TMPDIR=/tmp/sssd-softhsm2-certs-aNtZIl GENERATE_SMART_CARDS=1 KEEP_TEMPORARY_FILES=1 NO_SSSD_TESTS=1 229s + TEST_TMPDIR=/tmp/sssd-softhsm2-certs-aNtZIl 229s + GENERATE_SMART_CARDS=1 229s + KEEP_TEMPORARY_FILES=1 229s + NO_SSSD_TESTS=1 229s + bash debian/tests/sssd-softhism2-certificates-tests.sh 229s + '[' -z ubuntu ']' 229s + required_tools=(p11tool openssl softhsm2-util) 229s + for cmd in "${required_tools[@]}" 229s + command -v p11tool 229s + for cmd in "${required_tools[@]}" 229s + command -v openssl 229s + for cmd in "${required_tools[@]}" 229s + command -v softhsm2-util 229s + PIN=123456 229s +++ find /usr/lib/softhsm/libsofthsm2.so 229s +++ head -n 1 229s ++ realpath /usr/lib/softhsm/libsofthsm2.so 229s + SOFTHSM2_MODULE=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so 229s + SSSD_P11_CHILD=/usr/libexec/sssd/p11_child 229s + TOKEN_ID=00112233445566778899FFAABBCCDDEEFF012345 229s + '[' '!' -v NO_SSSD_TESTS ']' 229s + '[' '!' -e /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so ']' 229s + tmpdir=/tmp/sssd-softhsm2-certs-aNtZIl 229s + keys_size=1024 229s + [[ ! -v KEEP_TEMPORARY_FILES ]] 229s + trap 'set +x; echo -e "\nUnexpected failure!!!"' ERR 229s + echo -n 01 229s + touch /tmp/sssd-softhsm2-certs-aNtZIl/index.txt 229s + mkdir -p /tmp/sssd-softhsm2-certs-aNtZIl/new_certs 229s + cat 229s + root_ca_key_pass=pass:random-root-CA-password-22105 229s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-certs-aNtZIl/test-root-CA-key.pem -passout pass:random-root-CA-password-22105 1024 229s + openssl req -passin pass:random-root-CA-password-22105 -batch -config /tmp/sssd-softhsm2-certs-aNtZIl/test-root-CA.config -x509 -new -nodes -key /tmp/sssd-softhsm2-certs-aNtZIl/test-root-CA-key.pem -sha256 -days 1024 -set_serial 0 -extensions v3_ca -out /tmp/sssd-softhsm2-certs-aNtZIl/test-root-CA.pem 229s + openssl x509 -noout -in /tmp/sssd-softhsm2-certs-aNtZIl/test-root-CA.pem 229s + cat 229s + intermediate_ca_key_pass=pass:random-intermediate-CA-password-9647 229s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-certs-aNtZIl/test-intermediate-CA-key.pem -passout pass:random-intermediate-CA-password-9647 1024 229s + openssl req -batch -new -nodes -passin pass:random-intermediate-CA-password-9647 -config /tmp/sssd-softhsm2-certs-aNtZIl/test-intermediate-CA.config -key /tmp/sssd-softhsm2-certs-aNtZIl/test-intermediate-CA-key.pem -passout pass:random-root-CA-password-22105 -sha256 -extensions v3_ca -out /tmp/sssd-softhsm2-certs-aNtZIl/test-intermediate-CA-certificate-request.pem 229s + openssl req -text -noout -in /tmp/sssd-softhsm2-certs-aNtZIl/test-intermediate-CA-certificate-request.pem 229s + openssl ca -batch -notext -config /tmp/sssd-softhsm2-certs-aNtZIl/test-root-CA.config -passin pass:random-root-CA-password-22105 -keyfile /tmp/sssd-softhsm2-certs-aNtZIl/test-root-CA-key.pem -in /tmp/sssd-softhsm2-certs-aNtZIl/test-intermediate-CA-certificate-request.pem -days 365 -extensions v3_intermediate_ca -out /tmp/sssd-softhsm2-certs-aNtZIl/test-intermediate-CA.pem 229s Certificate Request: 229s Data: 229s Version: 1 (0x0) 229s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 229s Subject Public Key Info: 229s Public Key Algorithm: rsaEncryption 229s Public-Key: (1024 bit) 229s Modulus: 229s 00:a2:62:81:24:e3:e2:a7:03:67:c3:e0:2d:f7:ea: 229s 79:d2:16:43:24:c2:96:92:7a:c5:fa:8b:ee:ad:5c: 229s 07:50:1a:2b:dd:25:1e:f3:30:d7:1e:d8:d6:aa:18: 229s c5:64:22:ac:bf:27:2e:fb:d2:cc:a6:5e:00:f5:75: 229s 8b:e2:92:66:4c:cc:ce:4f:cb:b0:f1:b7:38:e6:e2: 229s e4:a8:bf:c0:b4:8a:7a:d9:90:02:62:f6:77:2f:f4: 229s 5d:51:b3:c2:d2:7e:95:8d:ad:b5:f0:1a:6f:e1:96: 229s 26:4c:51:65:80:a0:03:49:96:33:68:f0:62:d9:27: 229s 19:99:87:e7:d3:dc:26:59:75 229s Exponent: 65537 (0x10001) 229s Attributes: 229s (none) 229s Requested Extensions: 229s Signature Algorithm: sha256WithRSAEncryption 229s Signature Value: 229s 7f:cc:b8:78:40:b5:5f:13:5d:a5:29:9d:f2:bf:49:bb:b6:bf: 229s 39:cb:f0:3f:c4:18:4f:ad:16:3d:40:a4:53:8b:8b:2e:09:0f: 229s 60:8f:ec:a8:3e:49:ff:6a:44:43:5d:0f:e4:5f:63:5e:89:4b: 229s d1:7c:4a:db:60:b8:b2:bf:c5:09:37:16:67:3e:ab:1e:10:62: 229s 5a:2c:59:02:6e:21:eb:9f:e9:df:d2:07:1e:0e:c8:f3:24:71: 229s a6:37:20:96:60:13:b7:68:71:71:37:66:9d:ba:49:3a:d8:da: 229s 5d:cc:cc:66:e6:da:bf:da:03:e4:d3:a8:2a:13:7f:d9:66:ff: 229s 6b:3f 229s Using configuration from /tmp/sssd-softhsm2-certs-aNtZIl/test-root-CA.config 229s Check that the request matches the signature 229s Signature ok 229s Certificate Details: 229s Serial Number: 1 (0x1) 229s Validity 229s Not Before: Nov 16 08:20:28 2024 GMT 229s Not After : Nov 16 08:20:28 2025 GMT 229s Subject: 229s organizationName = Test Organization 229s organizationalUnitName = Test Organization Unit 229s commonName = Test Organization Intermediate CA 229s X509v3 extensions: 229s X509v3 Subject Key Identifier: 229s 1C:A2:E8:9B:E6:4E:04:07:66:35:9A:EC:7E:8F:A9:FD:3A:4E:D7:EB 229s X509v3 Authority Key Identifier: 229s keyid:C4:67:B6:C5:82:BD:24:00:66:67:47:DE:1F:43:D5:03:78:BA:75:23 229s DirName:/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root CA 229s serial:00 229s X509v3 Basic Constraints: 229s CA:TRUE 229s X509v3 Key Usage: critical 229s Digital Signature, Certificate Sign, CRL Sign 229s Certificate is to be certified until Nov 16 08:20:28 2025 GMT (365 days) 229s 229s Write out database with 1 new entries 229s Database updated 229s + openssl x509 -noout -in /tmp/sssd-softhsm2-certs-aNtZIl/test-intermediate-CA.pem 229s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-aNtZIl/test-root-CA.pem /tmp/sssd-softhsm2-certs-aNtZIl/test-intermediate-CA.pem 229s /tmp/sssd-softhsm2-certs-aNtZIl/test-intermediate-CA.pem: OK 229s + cat 229s + sub_intermediate_ca_key_pass=pass:random-sub-intermediate-CA-password-7614 229s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-certs-aNtZIl/test-sub-intermediate-CA-key.pem -passout pass:random-sub-intermediate-CA-password-7614 1024 229s + openssl req -batch -new -nodes -passin pass:random-sub-intermediate-CA-password-7614 -config /tmp/sssd-softhsm2-certs-aNtZIl/test-sub-intermediate-CA.config -key /tmp/sssd-softhsm2-certs-aNtZIl/test-sub-intermediate-CA-key.pem -passout pass:random-intermediate-CA-password-9647 -sha256 -extensions v3_ca -out /tmp/sssd-softhsm2-certs-aNtZIl/test-sub-intermediate-CA-certificate-request.pem 229s + openssl req -text -noout -in /tmp/sssd-softhsm2-certs-aNtZIl/test-sub-intermediate-CA-certificate-request.pem 229s + openssl ca -batch -notext -config /tmp/sssd-softhsm2-certs-aNtZIl/test-intermediate-CA.config -passin pass:random-intermediate-CA-password-9647 -keyfile /tmp/sssd-softhsm2-certs-aNtZIl/test-intermediate-CA-key.pem -in /tmp/sssd-softhsm2-certs-aNtZIl/test-sub-intermediate-CA-certificate-request.pem -days 365 -extensions v3_intermediate_ca -out /tmp/sssd-softhsm2-certs-aNtZIl/test-sub-intermediate-CA.pem 229s Certificate Request: 229s Data: 229s Version: 1 (0x0) 229s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 229s Subject Public Key Info: 229s Public Key Algorithm: rsaEncryption 229s Public-Key: (1024 bit) 229s Modulus: 229s 00:c4:95:e7:ef:68:91:cc:53:d8:cc:02:02:80:b2: 229s 90:77:52:7d:59:46:da:9f:d2:a1:0e:51:dd:4a:07: 229s 1f:4e:92:a1:b2:4b:7d:16:16:d3:3e:b8:05:bf:53: 229s ed:5a:fe:44:31:47:6a:e3:4b:fb:3d:5f:2b:cb:6d: 229s 97:94:61:37:eb:94:c8:cc:0c:47:04:ef:09:1a:bd: 229s fb:3e:94:9f:d9:12:58:be:46:4c:1b:ce:06:99:60: 229s ac:22:a6:4c:65:f5:8c:24:1f:5a:e4:53:6e:4e:5a: 229s 61:5c:43:d9:7a:bb:4c:2b:bd:fe:4d:79:35:74:eb: 229s c6:42:42:7a:6a:52:c3:ed:a7 229s Exponent: 65537 (0x10001) 229s Attributes: 229s (none) 229s Requested Extensions: 229s Signature Algorithm: sha256WithRSAEncryption 229s Signature Value: 229s 51:dc:9e:6b:f7:b9:88:d3:d8:35:ba:de:ca:73:cf:01:2a:57: 229s 63:79:37:2f:e8:0b:02:aa:fb:69:18:19:1c:c4:e0:fa:4f:88: 229s 30:fb:36:fb:7e:ad:a8:b7:eb:4f:d8:41:63:21:ab:6b:4a:83: 229s 62:23:2e:7e:8d:20:43:ab:89:36:34:c3:cb:09:f2:f9:73:39: 229s d2:18:7c:4c:fd:4d:ab:ad:89:80:6e:c1:16:ee:de:b2:d5:9c: 229s b3:1a:c7:1d:97:27:c3:4a:d0:8d:78:3e:73:37:cf:22:ca:ec: 229s 40:f3:ae:fd:79:ed:2a:11:65:34:94:58:aa:39:48:70:b4:7f: 229s 53:4d 229s Using configuration from /tmp/sssd-softhsm2-certs-aNtZIl/test-intermediate-CA.config 229s Check that the request matches the signature 229s Signature ok 229s Certificate Details: 229s Serial Number: 2 (0x2) 229s Validity 229s Not Before: Nov 16 08:20:28 2024 GMT 229s Not After : Nov 16 08:20:28 2025 GMT 229s Subject: 229s organizationName = Test Organization 229s organizationalUnitName = Test Organization Unit 229s commonName = Test Organization Sub Intermediate CA 229s X509v3 extensions: 229s X509v3 Subject Key Identifier: 229s 91:AD:19:DF:9B:C3:BE:71:F8:E7:27:F3:D1:7F:B3:8B:62:0B:FF:69 229s X509v3 Authority Key Identifier: 229s keyid:1C:A2:E8:9B:E6:4E:04:07:66:35:9A:EC:7E:8F:A9:FD:3A:4E:D7:EB 229s DirName:/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root CA 229s serial:01 229s X509v3 Basic Constraints: 229s CA:TRUE 229s X509v3 Key Usage: critical 229s Digital Signature, Certificate Sign, CRL Sign 229s Certificate is to be certified until Nov 16 08:20:28 2025 GMT (365 days) 229s 229s Write out database with 1 new entries 229s Database updated 229s + openssl x509 -noout -in /tmp/sssd-softhsm2-certs-aNtZIl/test-sub-intermediate-CA.pem 229s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-certs-aNtZIl/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-aNtZIl/test-sub-intermediate-CA.pem 229s /tmp/sssd-softhsm2-certs-aNtZIl/test-sub-intermediate-CA.pem: OK 229s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-certs-aNtZIl/test-root-CA.pem /tmp/sssd-softhsm2-certs-aNtZIl/test-sub-intermediate-CA.pem 229s + local cmd=openssl 229s + shift 229s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-aNtZIl/test-root-CA.pem /tmp/sssd-softhsm2-certs-aNtZIl/test-sub-intermediate-CA.pem 229s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 229s error 20 at 0 depth lookup: unable to get local issuer certificate 229s error /tmp/sssd-softhsm2-certs-aNtZIl/test-sub-intermediate-CA.pem: verification failed 229s + cat 229s + root_ca_trusted_cert_0001_key_pass=pass:random-root-ca-trusted-cert-0001-23215 229s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-certs-aNtZIl/test-root-CA-trusted-certificate-0001-key.pem -passout pass:random-root-ca-trusted-cert-0001-23215 1024 229s + openssl req -new -nodes -reqexts req_exts -passin pass:random-root-ca-trusted-cert-0001-23215 -key /tmp/sssd-softhsm2-certs-aNtZIl/test-root-CA-trusted-certificate-0001-key.pem -config /tmp/sssd-softhsm2-certs-aNtZIl/test-root-CA-trusted-certificate-0001.config -out /tmp/sssd-softhsm2-certs-aNtZIl/test-root-CA-trusted-certificate-0001-request.pem 229s + openssl req -text -noout -in /tmp/sssd-softhsm2-certs-aNtZIl/test-root-CA-trusted-certificate-0001-request.pem 229s Certificate Request: 229s Data: 229s Version: 1 (0x0) 229s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 229s Subject Public Key Info: 229s Public Key Algorithm: rsaEncryption 229s Public-Key: (1024 bit) 229s Modulus: 229s 00:b1:2d:11:9b:aa:df:fb:75:4b:63:58:db:ef:fe: 229s 47:0f:04:85:49:96:09:17:6c:da:80:a9:bf:82:f4: 229s 2e:77:90:54:b7:d9:33:67:5a:60:c9:62:a6:1f:cd: 229s f1:0b:09:17:ae:2a:ca:83:ff:0f:fe:0a:d6:d0:8b: 229s ad:d1:75:90:c7:2e:ff:b7:aa:0a:12:6d:6f:6a:4e: 229s 66:4a:dd:17:34:45:0e:77:27:8f:ef:01:f0:f9:1b: 229s be:93:d7:75:31:d8:37:5f:34:28:bc:53:3a:1a:af: 229s 66:2c:1d:17:53:62:1c:02:a8:a0:88:87:d8:88:27: 229s 5e:ff:e5:e6:0f:e9:cb:d9:23 229s Exponent: 65537 (0x10001) 229s Attributes: 229s Requested Extensions: 229s X509v3 Basic Constraints: 229s CA:FALSE 229s Netscape Cert Type: 229s SSL Client, S/MIME 229s Netscape Comment: 229s Test Organization Root CA trusted Certificate 229s X509v3 Subject Key Identifier: 229s 93:2E:B7:B3:B5:A2:1E:93:D1:11:38:23:19:59:BC:FB:CB:C6:17:C0 229s X509v3 Key Usage: critical 229s Digital Signature, Non Repudiation, Key Encipherment 229s X509v3 Extended Key Usage: 229s TLS Web Client Authentication, E-mail Protection 229s X509v3 Subject Alternative Name: 229s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 229s Signature Algorithm: sha256WithRSAEncryption 229s Signature Value: 229s 71:c7:a6:c8:1d:cf:8a:e9:1e:79:e3:7c:02:44:b8:1d:67:b0: 229s 41:95:a4:87:cc:de:69:8a:1e:cc:af:1e:30:31:b0:14:3b:b3: 229s b6:17:1a:58:fa:34:24:44:19:9a:f5:31:b6:1a:44:08:1b:22: 229s ed:86:3d:02:8f:ed:47:cd:36:e0:78:45:56:09:77:49:80:02: 229s 07:f4:f5:24:e2:5b:c2:0c:bc:f0:cb:bc:ae:63:42:94:21:ef: 229s d8:49:ab:ab:99:cb:0a:cf:e9:5f:70:d0:20:aa:3c:58:55:2e: 229s 98:64:3d:81:5e:3c:d4:9b:b8:40:cb:65:10:d2:66:9f:94:fd: 229s 1b:8f 229s + openssl ca -batch -notext -config /tmp/sssd-softhsm2-certs-aNtZIl/test-root-CA.config -passin pass:random-root-CA-password-22105 -keyfile /tmp/sssd-softhsm2-certs-aNtZIl/test-root-CA-key.pem -in /tmp/sssd-softhsm2-certs-aNtZIl/test-root-CA-trusted-certificate-0001-request.pem -days 365 -extensions usr_cert -out /tmp/sssd-softhsm2-certs-aNtZIl/test-root-CA-trusted-certificate-0001.pem 229s Using configuration from /tmp/sssd-softhsm2-certs-aNtZIl/test-root-CA.config 229s Check that the request matches the signature 229s Signature ok 229s Certificate Details: 229s Serial Number: 3 (0x3) 229s Validity 229s Not Before: Nov 16 08:20:28 2024 GMT 229s Not After : Nov 16 08:20:28 2025 GMT 229s Subject: 229s organizationName = Test Organization 229s organizationalUnitName = Test Organization Unit 229s commonName = Test Organization Root Trusted Certificate 0001 229s X509v3 extensions: 229s X509v3 Authority Key Identifier: 229s C4:67:B6:C5:82:BD:24:00:66:67:47:DE:1F:43:D5:03:78:BA:75:23 229s X509v3 Basic Constraints: 229s CA:FALSE 229s Netscape Cert Type: 229s SSL Client, S/MIME 229s Netscape Comment: 229s Test Organization Root CA trusted Certificate 229s X509v3 Subject Key Identifier: 229s 93:2E:B7:B3:B5:A2:1E:93:D1:11:38:23:19:59:BC:FB:CB:C6:17:C0 229s X509v3 Key Usage: critical 229s Digital Signature, Non Repudiation, Key Encipherment 229s X509v3 Extended Key Usage: 229s TLS Web Client Authentication, E-mail Protection 229s X509v3 Subject Alternative Name: 229s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 229s Certificate is to be certified until Nov 16 08:20:28 2025 GMT (365 days) 229s 229s Write out database with 1 new entries 229s Database updated 229s + openssl x509 -noout -in /tmp/sssd-softhsm2-certs-aNtZIl/test-root-CA-trusted-certificate-0001.pem 229s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-aNtZIl/test-root-CA.pem /tmp/sssd-softhsm2-certs-aNtZIl/test-root-CA-trusted-certificate-0001.pem 229s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-certs-aNtZIl/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-aNtZIl/test-root-CA-trusted-certificate-0001.pem 229s + local cmd=openssl 229s + shift 229s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-aNtZIl/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-aNtZIl/test-root-CA-trusted-certificate-0001.pem 229s /tmp/sssd-softhsm2-certs-aNtZIl/test-root-CA-trusted-certificate-0001.pem: OK 229s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 229s error 20 at 0 depth lookup: unable to get local issuer certificate 229s error /tmp/sssd-softhsm2-certs-aNtZIl/test-root-CA-trusted-certificate-0001.pem: verification failed 229s + cat 229s + intermediate_ca_trusted_cert_0001_key_pass=pass:random-intermediate-ca-trusted-cert-0001-29142 229s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-certs-aNtZIl/test-intermediate-CA-trusted-certificate-0001-key.pem -passout pass:random-intermediate-ca-trusted-cert-0001-29142 1024 229s + openssl req -new -nodes -reqexts req_exts -passin pass:random-intermediate-ca-trusted-cert-0001-29142 -key /tmp/sssd-softhsm2-certs-aNtZIl/test-intermediate-CA-trusted-certificate-0001-key.pem -config /tmp/sssd-softhsm2-certs-aNtZIl/test-intermediate-CA-trusted-certificate-0001.config -out /tmp/sssd-softhsm2-certs-aNtZIl/test-intermediate-CA-trusted-certificate-0001-request.pem 229s + openssl req -text -noout -in /tmp/sssd-softhsm2-certs-aNtZIl/test-intermediate-CA-trusted-certificate-0001-request.pem 229s + openssl ca -passin pass:random-intermediate-CA-password-9647 -config /tmp/sssd-softhsm2-certs-aNtZIl/test-intermediate-CA.config -batch -notext -keyfile /tmp/sssd-softhsm2-certs-aNtZIl/test-intermediate-CA-key.pem -in /tmp/sssd-softhsm2-certs-aNtZIl/test-intermediate-CA-trusted-certificate-0001-request.pem -days 365 -extensions usr_cert -out /tmp/sssd-softhsm2-certs-aNtZIl/test-intermediate-CA-trusted-certificate-0001.pem 229s Certificate Request: 229s Data: 229s Version: 1 (0x0) 229s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 229s Subject Public Key Info: 229s Public Key Algorithm: rsaEncryption 229s Public-Key: (1024 bit) 229s Modulus: 229s 00:be:33:1a:27:d8:2c:e8:68:f7:79:cd:2a:75:7a: 229s 19:03:56:c2:ee:3f:30:14:02:ca:2e:db:97:c5:b1: 229s 66:bb:34:c3:8a:d6:60:ae:ee:e8:bb:2f:a6:3d:f1: 229s 9b:58:e8:82:25:18:56:60:13:77:74:ba:da:87:44: 229s 05:07:18:c2:a3:d9:f2:77:13:d8:7d:5f:c8:07:ad: 229s 6d:9c:72:e1:c6:bd:89:db:ac:fe:49:36:41:3c:80: 229s 0d:ce:d1:40:1d:33:4e:0d:a6:0a:c2:94:8b:0e:83: 229s 09:1b:99:bb:c4:1a:47:58:70:48:5d:92:f4:73:38: 229s d7:1b:6f:e2:29:2c:57:19:19 229s Exponent: 65537 (0x10001) 229s Attributes: 229s Requested Extensions: 229s X509v3 Basic Constraints: 229s CA:FALSE 229s Netscape Cert Type: 229s SSL Client, S/MIME 229s Netscape Comment: 229s Test Organization Intermediate CA trusted Certificate 229s X509v3 Subject Key Identifier: 229s D6:28:C9:B1:96:0B:35:FB:6E:F4:13:F0:53:C4:CA:D2:F6:B0:10:13 229s X509v3 Key Usage: critical 229s Digital Signature, Non Repudiation, Key Encipherment 229s X509v3 Extended Key Usage: 229s TLS Web Client Authentication, E-mail Protection 229s X509v3 Subject Alternative Name: 229s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 229s Signature Algorithm: sha256WithRSAEncryption 229s Signature Value: 229s 4a:1b:30:cc:ca:fa:2d:b8:56:f1:6a:fe:00:4a:90:f1:2f:27: 229s 0d:5d:5c:53:e6:54:da:95:62:5e:88:ba:f8:f9:f6:9a:3a:72: 229s 5d:28:4c:49:26:ec:4b:26:d7:70:61:9c:2d:b9:5e:a5:d8:b8: 229s 0f:46:53:1c:64:3e:30:5a:db:53:58:fc:e8:99:02:16:f5:97: 229s 0e:42:5e:ef:52:50:36:77:0a:9b:d3:8e:53:b5:32:3a:80:ac: 229s 7a:3d:54:db:7a:0d:5e:65:55:d5:34:c5:98:2e:09:54:63:a3: 229s a2:7a:73:c3:42:b4:00:60:28:da:f2:2f:39:ee:e2:f7:4e:44: 229s 68:82 229s Using configuration from /tmp/sssd-softhsm2-certs-aNtZIl/test-intermediate-CA.config 229s Check that the request matches the signature 229s Signature ok 229s Certificate Details: 229s Serial Number: 4 (0x4) 229s Validity 229s Not Before: Nov 16 08:20:29 2024 GMT 229s Not After : Nov 16 08:20:29 2025 GMT 229s Subject: 229s organizationName = Test Organization 229s organizationalUnitName = Test Organization Unit 229s commonName = Test Organization Intermediate Trusted Certificate 0001 229s X509v3 extensions: 229s X509v3 Authority Key Identifier: 229s 1C:A2:E8:9B:E6:4E:04:07:66:35:9A:EC:7E:8F:A9:FD:3A:4E:D7:EB 229s X509v3 Basic Constraints: 229s CA:FALSE 229s Netscape Cert Type: 229s SSL Client, S/MIME 229s Netscape Comment: 229s Test Organization Intermediate CA trusted Certificate 229s X509v3 Subject Key Identifier: 229s D6:28:C9:B1:96:0B:35:FB:6E:F4:13:F0:53:C4:CA:D2:F6:B0:10:13 229s X509v3 Key Usage: critical 229s Digital Signature, Non Repudiation, Key Encipherment 229s X509v3 Extended Key Usage: 229s TLS Web Client Authentication, E-mail Protection 229s X509v3 Subject Alternative Name: 229s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 229s Certificate is to be certified until Nov 16 08:20:29 2025 GMT (365 days) 229s 229s Write out database with 1 new entries 229s Database updated 229s + openssl x509 -noout -in /tmp/sssd-softhsm2-certs-aNtZIl/test-intermediate-CA-trusted-certificate-0001.pem 229s This certificate should not be trusted fully 229s + echo 'This certificate should not be trusted fully' 229s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-certs-aNtZIl/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-aNtZIl/test-intermediate-CA-trusted-certificate-0001.pem 229s + local cmd=openssl 229s + shift 229s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-aNtZIl/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-aNtZIl/test-intermediate-CA-trusted-certificate-0001.pem 229s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 229s error 2 at 1 depth lookup: unable to get issuer certificate 229s error /tmp/sssd-softhsm2-certs-aNtZIl/test-intermediate-CA-trusted-certificate-0001.pem: verification failed 229s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-certs-aNtZIl/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-aNtZIl/test-intermediate-CA-trusted-certificate-0001.pem 229s /tmp/sssd-softhsm2-certs-aNtZIl/test-intermediate-CA-trusted-certificate-0001.pem: OK 229s + cat 229s + sub_intermediate_ca_trusted_cert_0001_key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-25060 229s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-certs-aNtZIl/test-sub-intermediate-CA-trusted-certificate-0001-key.pem -passout pass:random-sub-intermediate-ca-trusted-cert-0001-25060 1024 229s + openssl req -new -nodes -reqexts req_exts -passin pass:random-sub-intermediate-ca-trusted-cert-0001-25060 -key /tmp/sssd-softhsm2-certs-aNtZIl/test-sub-intermediate-CA-trusted-certificate-0001-key.pem -config /tmp/sssd-softhsm2-certs-aNtZIl/test-sub-intermediate-CA-trusted-certificate-0001.config -out /tmp/sssd-softhsm2-certs-aNtZIl/test-sub-intermediate-CA-trusted-certificate-0001-request.pem 229s + openssl req -text -noout -in /tmp/sssd-softhsm2-certs-aNtZIl/test-sub-intermediate-CA-trusted-certificate-0001-request.pem 229s + openssl ca -passin pass:random-sub-intermediate-CA-password-7614 -config /tmp/sssd-softhsm2-certs-aNtZIl/test-sub-intermediate-CA.config -batch -notext -keyfile /tmp/sssd-softhsm2-certs-aNtZIl/test-sub-intermediate-CA-key.pem -in /tmp/sssd-softhsm2-certs-aNtZIl/test-sub-intermediate-CA-trusted-certificate-0001-request.pem -days 365 -extensions usr_cert -out /tmp/sssd-softhsm2-certs-aNtZIl/test-sub-intermediate-CA-trusted-certificate-0001.pem 229s Certificate Request: 229s Data: 229s Version: 1 (0x0) 229s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 229s Subject Public Key Info: 229s Public Key Algorithm: rsaEncryption 229s Public-Key: (1024 bit) 229s Modulus: 229s 00:eb:6e:74:fc:fa:65:0a:15:7b:6e:ea:d0:df:41: 229s 4f:86:9d:9e:ea:00:8b:17:cc:55:c7:21:e3:52:83: 229s 10:0e:68:da:8f:e4:99:f9:0a:64:b0:59:36:06:43: 229s fc:81:50:b9:20:b8:6a:db:21:f7:0e:41:ac:c0:7f: 229s bb:d7:2e:f8:45:08:7e:a9:d7:21:46:90:87:ea:cc: 229s 94:0f:86:c0:97:06:58:73:54:63:66:a0:9f:94:2c: 229s 67:2c:10:b0:77:37:dc:ff:f8:2b:bf:b9:c3:b9:ff: 229s cc:a9:04:95:38:b8:16:73:ee:b2:0e:fa:aa:bd:1f: 229s 03:c0:06:77:24:c3:ef:4a:cd 229s Exponent: 65537 (0x10001) 229s Attributes: 229s Requested Extensions: 229s X509v3 Basic Constraints: 229s CA:FALSE 229s Netscape Cert Type: 229s SSL Client, S/MIME 229s Netscape Comment: 229s Test Organization Sub Intermediate CA trusted Certificate 229s X509v3 Subject Key Identifier: 229s 1B:CD:E2:BE:46:43:8F:72:2A:8C:11:45:2D:AC:BC:77:22:C6:4C:64 229s X509v3 Key Usage: critical 229s Digital Signature, Non Repudiation, Key Encipherment 229s X509v3 Extended Key Usage: 229s TLS Web Client Authentication, E-mail Protection 229s X509v3 Subject Alternative Name: 229s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 229s Signature Algorithm: sha256WithRSAEncryption 229s Signature Value: 229s 76:aa:4f:46:ef:d4:3d:cb:7f:b0:79:b4:c6:fa:f3:bd:3a:12: 229s 5f:67:33:3c:b4:76:c8:c1:d5:90:af:a7:69:e9:eb:40:0b:f5: 229s 39:35:80:ef:a2:5c:5b:fb:70:6b:84:96:ef:28:ca:b6:75:28: 229s cc:13:94:d0:03:55:a0:8d:fb:24:cf:26:37:d3:87:15:1a:7f: 229s 97:14:ed:46:a6:1a:f9:f6:b4:48:c9:3f:c0:89:d1:a1:40:d0: 229s 4a:fa:f1:ec:7b:69:cf:3a:70:8a:6c:c2:56:80:db:dc:9b:f3: 229s 6a:bb:d0:eb:c9:3c:e9:c4:7b:09:ec:bd:74:ba:93:fb:ae:88: 229s fd:38 229s Using configuration from /tmp/sssd-softhsm2-certs-aNtZIl/test-sub-intermediate-CA.config 229s Check that the request matches the signature 229s Signature ok 229s Certificate Details: 229s Serial Number: 5 (0x5) 229s Validity 229s Not Before: Nov 16 08:20:29 2024 GMT 229s Not After : Nov 16 08:20:29 2025 GMT 229s Subject: 229s organizationName = Test Organization 229s organizationalUnitName = Test Organization Unit 229s commonName = Test Organization Sub Intermediate Trusted Certificate 0001 229s X509v3 extensions: 229s X509v3 Authority Key Identifier: 229s 91:AD:19:DF:9B:C3:BE:71:F8:E7:27:F3:D1:7F:B3:8B:62:0B:FF:69 229s X509v3 Basic Constraints: 229s CA:FALSE 229s Netscape Cert Type: 229s SSL Client, S/MIME 229s Netscape Comment: 229s Test Organization Sub Intermediate CA trusted Certificate 229s X509v3 Subject Key Identifier: 229s 1B:CD:E2:BE:46:43:8F:72:2A:8C:11:45:2D:AC:BC:77:22:C6:4C:64 229s X509v3 Key Usage: critical 229s Digital Signature, Non Repudiation, Key Encipherment 229s X509v3 Extended Key Usage: 229s TLS Web Client Authentication, E-mail Protection 229s X509v3 Subject Alternative Name: 229s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 229s Certificate is to be certified until Nov 16 08:20:29 2025 GMT (365 days) 229s 229s Write out database with 1 new entries 229s Database updated 229s + openssl x509 -noout -in /tmp/sssd-softhsm2-certs-aNtZIl/test-sub-intermediate-CA-trusted-certificate-0001.pem 229s This certificate should not be trusted fully 229s + echo 'This certificate should not be trusted fully' 229s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-certs-aNtZIl/test-sub-intermediate-CA.pem /tmp/sssd-softhsm2-certs-aNtZIl/test-sub-intermediate-CA-trusted-certificate-0001.pem 229s + local cmd=openssl 229s + shift 229s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-aNtZIl/test-sub-intermediate-CA.pem /tmp/sssd-softhsm2-certs-aNtZIl/test-sub-intermediate-CA-trusted-certificate-0001.pem 229s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 229s error 2 at 1 depth lookup: unable to get issuer certificate 229s error /tmp/sssd-softhsm2-certs-aNtZIl/test-sub-intermediate-CA-trusted-certificate-0001.pem: verification failed 229s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-certs-aNtZIl/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-aNtZIl/test-sub-intermediate-CA-trusted-certificate-0001.pem 229s + local cmd=openssl 229s + shift 229s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-aNtZIl/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-aNtZIl/test-sub-intermediate-CA-trusted-certificate-0001.pem 229s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 229s error 20 at 0 depth lookup: unable to get local issuer certificate 229s error /tmp/sssd-softhsm2-certs-aNtZIl/test-sub-intermediate-CA-trusted-certificate-0001.pem: verification failed 229s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-certs-aNtZIl/test-sub-intermediate-CA.pem /tmp/sssd-softhsm2-certs-aNtZIl/test-sub-intermediate-CA-trusted-certificate-0001.pem 229s + expect_fail openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-certs-aNtZIl/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-aNtZIl/test-sub-intermediate-CA-trusted-certificate-0001.pem 229s + local cmd=openssl 229s + shift 229s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-certs-aNtZIl/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-aNtZIl/test-sub-intermediate-CA-trusted-certificate-0001.pem 229s /tmp/sssd-softhsm2-certs-aNtZIl/test-sub-intermediate-CA-trusted-certificate-0001.pem: OK 229s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 229s error 20 at 0 depth lookup: unable to get local issuer certificate 229s error /tmp/sssd-softhsm2-certs-aNtZIl/test-sub-intermediate-CA-trusted-certificate-0001.pem: verification failed 229s + echo 'Building a the full-chain CA file...' 229s + cat /tmp/sssd-softhsm2-certs-aNtZIl/test-root-CA.pem /tmp/sssd-softhsm2-certs-aNtZIl/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-aNtZIl/test-sub-intermediate-CA.pem 229s Building a the full-chain CA file... 229s + cat /tmp/sssd-softhsm2-certs-aNtZIl/test-root-CA.pem /tmp/sssd-softhsm2-certs-aNtZIl/test-intermediate-CA.pem 229s + cat /tmp/sssd-softhsm2-certs-aNtZIl/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-aNtZIl/test-sub-intermediate-CA.pem 229s + openssl crl2pkcs7 -nocrl -certfile /tmp/sssd-softhsm2-certs-aNtZIl/test-full-chain-CA.pem 229s + openssl pkcs7 -print_certs -noout 229s subject=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 229s issuer=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 229s 229s subject=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 229s issuer=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 229s 229s subject=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 229s issuer=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 229s 229s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-aNtZIl/test-full-chain-CA.pem /tmp/sssd-softhsm2-certs-aNtZIl/test-intermediate-CA.pem 229s /tmp/sssd-softhsm2-certs-aNtZIl/test-intermediate-CA.pem: OK 229s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-aNtZIl/test-full-chain-CA.pem /tmp/sssd-softhsm2-certs-aNtZIl/test-root-CA-trusted-certificate-0001.pem 229s /tmp/sssd-softhsm2-certs-aNtZIl/test-root-CA-trusted-certificate-0001.pem: OK 229s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-aNtZIl/test-full-chain-CA.pem /tmp/sssd-softhsm2-certs-aNtZIl/test-intermediate-CA-trusted-certificate-0001.pem 229s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-aNtZIl/test-full-chain-CA.pem /tmp/sssd-softhsm2-certs-aNtZIl/test-root-intermediate-chain-CA.pem 229s /tmp/sssd-softhsm2-certs-aNtZIl/test-intermediate-CA-trusted-certificate-0001.pem: OK 229s /tmp/sssd-softhsm2-certs-aNtZIl/test-root-intermediate-chain-CA.pem: OK 229s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-aNtZIl/test-full-chain-CA.pem /tmp/sssd-softhsm2-certs-aNtZIl/test-sub-intermediate-CA-trusted-certificate-0001.pem 229s /tmp/sssd-softhsm2-certs-aNtZIl/test-sub-intermediate-CA-trusted-certificate-0001.pem: OK 229s + echo 'Certificates generation completed!' 229s + [[ -v NO_SSSD_TESTS ]] 229s + [[ -v GENERATE_SMART_CARDS ]] 229s + prepare_softhsm2_card /tmp/sssd-softhsm2-certs-aNtZIl/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-23215 229s + local certificate=/tmp/sssd-softhsm2-certs-aNtZIl/test-root-CA-trusted-certificate-0001.pem 229s + local key_pass=pass:random-root-ca-trusted-cert-0001-23215 229s + local key_cn 229s + local key_name 229s + local tokens_dir 229s + local output_cert_file 229s + token_name= 229s ++ basename /tmp/sssd-softhsm2-certs-aNtZIl/test-root-CA-trusted-certificate-0001.pem .pem 229s Certificates generation completed! 229s + key_name=test-root-CA-trusted-certificate-0001 229s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-certs-aNtZIl/test-root-CA-trusted-certificate-0001.pem 229s ++ sed -n 's/ *commonName *= //p' 229s + key_cn='Test Organization Root Trusted Certificate 0001' 229s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 229s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-certs-aNtZIl/softhsm2-test-root-CA-trusted-certificate-0001.conf 229s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-certs-aNtZIl/softhsm2-test-root-CA-trusted-certificate-0001.conf 229s ++ basename /tmp/sssd-softhsm2-certs-aNtZIl/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 229s + tokens_dir=/tmp/sssd-softhsm2-certs-aNtZIl/softhsm2-test-root-CA-trusted-certificate-0001 229s + token_name='Test Organization Root Tr Token' 229s + '[' '!' -e /tmp/sssd-softhsm2-certs-aNtZIl/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 229s + local key_file 229s + local decrypted_key 229s + mkdir -p /tmp/sssd-softhsm2-certs-aNtZIl/softhsm2-test-root-CA-trusted-certificate-0001 229s + key_file=/tmp/sssd-softhsm2-certs-aNtZIl/test-root-CA-trusted-certificate-0001-key.pem 229s + decrypted_key=/tmp/sssd-softhsm2-certs-aNtZIl/test-root-CA-trusted-certificate-0001-key-decrypted.pem 229s + cat 229s + softhsm2-util --init-token --label 'Test Organization Root Tr Token' --pin 123456 --so-pin 123456 --free 229s Slot 0 has a free/uninitialized token. 229s The token has been initialized and is reassigned to slot 2112312330 229s + softhsm2-util --show-slots 229s Available slots: 229s Slot 2112312330 229s Slot info: 229s Description: SoftHSM slot ID 0x7de7540a 229s Manufacturer ID: SoftHSM project 229s Hardware version: 2.6 229s Firmware version: 2.6 229s Token present: yes 229s Token info: 229s Manufacturer ID: SoftHSM project 229s Model: SoftHSM v2 229s Hardware version: 2.6 229s Firmware version: 2.6 229s Serial number: f7fe081ffde7540a 229s Initialized: yes 229s User PIN init.: yes 229s Label: Test Organization Root Tr Token 229s Slot 1 229s Slot info: 229s Description: SoftHSM slot ID 0x1 229s Manufacturer ID: SoftHSM project 229s Hardware version: 2.6 229s Firmware version: 2.6 229s Token present: yes 229s Token info: 229s Manufacturer ID: SoftHSM project 229s Model: SoftHSM v2 229s Hardware version: 2.6 229s Firmware version: 2.6 229s Serial number: 229s Initialized: no 229s User PIN init.: no 229s Label: 229s + p11tool --provider=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=/tmp/sssd-softhsm2-certs-aNtZIl/test-root-CA-trusted-certificate-0001.pem --login --set-pin=123456 --label 'Test Organization Root Trusted Certificate 0001' --id 00112233445566778899FFAABBCCDDEEFF012345 229s + openssl rsa -passin pass:random-root-ca-trusted-cert-0001-23215 -in /tmp/sssd-softhsm2-certs-aNtZIl/test-root-CA-trusted-certificate-0001-key.pem -out /tmp/sssd-softhsm2-certs-aNtZIl/test-root-CA-trusted-certificate-0001-key-decrypted.pem 229s writing RSA key 229s + p11tool --provider=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so --write --load-privkey=/tmp/sssd-softhsm2-certs-aNtZIl/test-root-CA-trusted-certificate-0001-key-decrypted.pem --login --set-pin=123456 --label 'Test Organization Root Trusted Certificate 0001 Key' --id 00112233445566778899FFAABBCCDDEEFF012345 229s + rm /tmp/sssd-softhsm2-certs-aNtZIl/test-root-CA-trusted-certificate-0001-key-decrypted.pem 229s + p11tool --provider=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so --list-all 229s Object 0: 229s URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=f7fe081ffde7540a;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert 229s Type: X.509 Certificate (RSA-1024) 229s Expires: Sun Nov 16 08:20:28 2025 229s Label: Test Organization Root Trusted Certificate 0001 229s ID: 00:11:22:33:44:55:66:77:88:99:ff:aa:bb:cc:dd:ee:ff:01:23:45 229s 229s Test Organization Root Tr Token 229s + echo 'Test Organization Root Tr Token' 229s + prepare_softhsm2_card /tmp/sssd-softhsm2-certs-aNtZIl/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-29142 229s + local certificate=/tmp/sssd-softhsm2-certs-aNtZIl/test-intermediate-CA-trusted-certificate-0001.pem 229s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-29142 229s + local key_cn 229s + local key_name 229s + local tokens_dir 229s + local output_cert_file 229s + token_name= 229s ++ basename /tmp/sssd-softhsm2-certs-aNtZIl/test-intermediate-CA-trusted-certificate-0001.pem .pem 229s + key_name=test-intermediate-CA-trusted-certificate-0001 229s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-certs-aNtZIl/test-intermediate-CA-trusted-certificate-0001.pem 229s ++ sed -n 's/ *commonName *= //p' 229s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 229s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 229s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-certs-aNtZIl/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 229s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-certs-aNtZIl/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 229s ++ basename /tmp/sssd-softhsm2-certs-aNtZIl/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 229s + tokens_dir=/tmp/sssd-softhsm2-certs-aNtZIl/softhsm2-test-intermediate-CA-trusted-certificate-0001 229s + token_name='Test Organization Interme Token' 229s + '[' '!' -e /tmp/sssd-softhsm2-certs-aNtZIl/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 229s + local key_file 229s + local decrypted_key 229s + mkdir -p /tmp/sssd-softhsm2-certs-aNtZIl/softhsm2-test-intermediate-CA-trusted-certificate-0001 229s + key_file=/tmp/sssd-softhsm2-certs-aNtZIl/test-intermediate-CA-trusted-certificate-0001-key.pem 229s + decrypted_key=/tmp/sssd-softhsm2-certs-aNtZIl/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 229s + cat 229s + softhsm2-util --init-token --label 'Test Organization Interme Token' --pin 123456 --so-pin 123456 --free 229s Slot 0 has a free/uninitialized token. 229s The token has been initialized and is reassigned to slot 779503055 229s + softhsm2-util --show-slots 229s + p11tool --provider=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=/tmp/sssd-softhsm2-certs-aNtZIl/test-intermediate-CA-trusted-certificate-0001.pem --login --set-pin=123456 --label 'Test Organization Intermediate Trusted Certificate 0001' --id 00112233445566778899FFAABBCCDDEEFF012345 229s Available slots: 229s Slot 779503055 229s Slot info: 229s Description: SoftHSM slot ID 0x2e7645cf 229s Manufacturer ID: SoftHSM project 229s Hardware version: 2.6 229s Firmware version: 2.6 229s Token present: yes 229s Token info: 229s Manufacturer ID: SoftHSM project 229s Model: SoftHSM v2 229s Hardware version: 2.6 229s Firmware version: 2.6 229s Serial number: ebc283bd2e7645cf 229s Initialized: yes 229s User PIN init.: yes 229s Label: Test Organization Interme Token 229s Slot 1 229s Slot info: 229s Description: SoftHSM slot ID 0x1 229s Manufacturer ID: SoftHSM project 229s Hardware version: 2.6 229s Firmware version: 2.6 229s Token present: yes 229s Token info: 229s Manufacturer ID: SoftHSM project 229s Model: SoftHSM v2 229s Hardware version: 2.6 229s Firmware version: 2.6 229s Serial number: 229s Initialized: no 229s User PIN init.: no 229s Label: 229s + openssl rsa -passin pass:random-intermediate-ca-trusted-cert-0001-29142 -in /tmp/sssd-softhsm2-certs-aNtZIl/test-intermediate-CA-trusted-certificate-0001-key.pem -out /tmp/sssd-softhsm2-certs-aNtZIl/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 229s writing RSA key 229s + p11tool --provider=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so --write --load-privkey=/tmp/sssd-softhsm2-certs-aNtZIl/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem --login --set-pin=123456 --label 'Test Organization Intermediate Trusted Certificate 0001 Key' --id 00112233445566778899FFAABBCCDDEEFF012345 229s + rm /tmp/sssd-softhsm2-certs-aNtZIl/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 229s + p11tool --provider=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so --list-all 229s Object 0: 229s URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=ebc283bd2e7645cf;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert 229s Type: X.509 Certificate (RSA-1024) 229s Expires: Sun Nov 16 08:20:29 2025 229s Label: Test Organization Intermediate Trusted Certificate 0001 229s ID: 00:11:22:33:44:55:66:77:88:99:ff:aa:bb:cc:dd:ee:ff:01:23:45 229s 229s + echo 'Test Organization Interme Token' 229s + prepare_softhsm2_card /tmp/sssd-softhsm2-certs-aNtZIl/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-25060 229s Test Organization Interme Token 229s + local certificate=/tmp/sssd-softhsm2-certs-aNtZIl/test-sub-intermediate-CA-trusted-certificate-0001.pem 229s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-25060 229s + local key_cn 229s + local key_name 229s + local tokens_dir 229s + local output_cert_file 229s + token_name= 229s ++ basename /tmp/sssd-softhsm2-certs-aNtZIl/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 229s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 229s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-certs-aNtZIl/test-sub-intermediate-CA-trusted-certificate-0001.pem 229s ++ sed -n 's/ *commonName *= //p' 229s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 229s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 229s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-certs-aNtZIl/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 229s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-certs-aNtZIl/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 229s ++ basename /tmp/sssd-softhsm2-certs-aNtZIl/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 229s + tokens_dir=/tmp/sssd-softhsm2-certs-aNtZIl/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 229s + token_name='Test Organization Sub Int Token' 229s + '[' '!' -e /tmp/sssd-softhsm2-certs-aNtZIl/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 229s + local key_file 229s + local decrypted_key 229s + mkdir -p /tmp/sssd-softhsm2-certs-aNtZIl/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 229s + key_file=/tmp/sssd-softhsm2-certs-aNtZIl/test-sub-intermediate-CA-trusted-certificate-0001-key.pem 229s + decrypted_key=/tmp/sssd-softhsm2-certs-aNtZIl/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 229s + cat 229s + softhsm2-util --init-token --label 'Test Organization Sub Int Token' --pin 123456 --so-pin 123456 --free 229s Slot 0 has a free/uninitialized token. 229s The token has been initialized and is reassigned to slot 306195940 229s + softhsm2-util --show-slots 229s Available slots: 229s Slot 306195940 229s Slot info: 229s Description: SoftHSM slot ID 0x12402de4 229s Manufacturer ID: SoftHSM project 229s Hardware version: 2.6 229s Firmware version: 2.6 229s Token present: yes 229s Token info: 229s Manufacturer ID: SoftHSM project 229s Model: SoftHSM v2 229s Hardware version: 2.6 229s Firmware version: 2.6 229s Serial number: f025af3792402de4 229s Initialized: yes 229s User PIN init.: yes 229s Label: Test Organization Sub Int Token 229s Slot 1 229s Slot info: 229s Description: SoftHSM slot ID 0x1 229s Manufacturer ID: SoftHSM project 229s Hardware version: 2.6 229s Firmware version: 2.6 229s Token present: yes 229s Token info: 229s Manufacturer ID: SoftHSM project 229s Model: SoftHSM v2 229s Hardware version: 2.6 229s Firmware version: 2.6 229s Serial number: 229s Initialized: no 229s User PIN init.: no 229s Label: 229s + p11tool --provider=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=/tmp/sssd-softhsm2-certs-aNtZIl/test-sub-intermediate-CA-trusted-certificate-0001.pem --login --set-pin=123456 --label 'Test Organization Sub Intermediate Trusted Certificate 0001' --id 00112233445566778899FFAABBCCDDEEFF012345 230s + openssl rsa -passin pass:random-sub-intermediate-ca-trusted-cert-0001-25060 -in /tmp/sssd-softhsm2-certs-aNtZIl/test-sub-intermediate-CA-trusted-certificate-0001-key.pem -out /tmp/sssd-softhsm2-certs-aNtZIl/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 230s writing RSA key 230s + p11tool --provider=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so --write --load-privkey=/tmp/sssd-softhsm2-certs-aNtZIl/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem --login --set-pin=123456 --label 'Test Organization Sub Intermediate Trusted Certificate 0001 Key' --id 00112233445566778899FFAABBCCDDEEFF012345 230s + rm /tmp/sssd-softhsm2-certs-aNtZIl/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 230s + p11tool --provider=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so --list-all 230s Object 0: 230s URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=f025af3792402de4;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert 230s Type: X.509 Certificate (RSA-1024) 230s Expires: Sun Nov 16 08:20:29 2025 230s Label: Test Organization Sub Intermediate Trusted Certificate 0001 230s ID: 00:11:22:33:44:55:66:77:88:99:ff:aa:bb:cc:dd:ee:ff:01:23:45 230s 230s + echo 'Test Organization Sub Int Token' 230s + echo 'Certificates generation completed!' 230s + exit 0 230s + find /tmp/sssd-softhsm2-certs-aNtZIl -type d -exec chmod 777 '{}' ';' 230s + find /tmp/sssd-softhsm2-certs-aNtZIl -type f -exec chmod 666 '{}' ';' 230s Test Organization Sub Int Token 230s Certificates generation completed! 230s + backup_file /etc/sssd/sssd.conf 230s + '[' -z '' ']' 230s ++ mktemp -d -t sssd-softhsm2-backups-XXXXXX 230s + backupsdir=/tmp/sssd-softhsm2-backups-YHqkYG 230s + '[' -e /etc/sssd/sssd.conf ']' 230s + delete_paths+=("$1") 230s + rm -f /etc/sssd/sssd.conf 230s ++ runuser -u ubuntu -- sh -c 'echo ~' 230s + user_home=/home/ubuntu 230s + mkdir -p /home/ubuntu 230s + chown ubuntu:ubuntu /home/ubuntu 230s ++ runuser -u ubuntu -- sh -c 'echo ${XDG_CONFIG_HOME:-~/.config}' 230s + user_config=/home/ubuntu/.config 230s + system_config=/etc 230s + softhsm2_conf_paths=("${AUTOPKGTEST_NORMAL_USER}:$user_config/softhsm2/softhsm2.conf" "root:$system_config/softhsm/softhsm2.conf") 230s + for path_pair in "${softhsm2_conf_paths[@]}" 230s + IFS=: 230s + read -r -a path 230s + path=/home/ubuntu/.config/softhsm2/softhsm2.conf 230s + backup_file /home/ubuntu/.config/softhsm2/softhsm2.conf 230s + '[' -z /tmp/sssd-softhsm2-backups-YHqkYG ']' 230s + '[' -e /home/ubuntu/.config/softhsm2/softhsm2.conf ']' 230s + delete_paths+=("$1") 230s + rm -f /home/ubuntu/.config/softhsm2/softhsm2.conf 230s + for path_pair in "${softhsm2_conf_paths[@]}" 230s + IFS=: 230s + read -r -a path 230s + path=/etc/softhsm/softhsm2.conf 230s + backup_file /etc/softhsm/softhsm2.conf 230s + '[' -z /tmp/sssd-softhsm2-backups-YHqkYG ']' 230s + '[' -e /etc/softhsm/softhsm2.conf ']' 230s ++ dirname /etc/softhsm/softhsm2.conf 230s + local back_dir=/tmp/sssd-softhsm2-backups-YHqkYG//etc/softhsm 230s ++ basename /etc/softhsm/softhsm2.conf 230s + local back_path=/tmp/sssd-softhsm2-backups-YHqkYG//etc/softhsm/softhsm2.conf 230s + '[' '!' -e /tmp/sssd-softhsm2-backups-YHqkYG//etc/softhsm/softhsm2.conf ']' 230s + mkdir -p /tmp/sssd-softhsm2-backups-YHqkYG//etc/softhsm 230s + cp -a /etc/softhsm/softhsm2.conf /tmp/sssd-softhsm2-backups-YHqkYG//etc/softhsm/softhsm2.conf 230s + restore_paths+=("$back_path") 230s + rm -f /etc/softhsm/softhsm2.conf 230s + test_authentication login /tmp/sssd-softhsm2-certs-aNtZIl/softhsm2-test-root-CA-trusted-certificate-0001.conf /tmp/sssd-softhsm2-certs-aNtZIl/test-full-chain-CA.pem 230s + pam_service=login 230s + certificate_config=/tmp/sssd-softhsm2-certs-aNtZIl/softhsm2-test-root-CA-trusted-certificate-0001.conf 230s + ca_db=/tmp/sssd-softhsm2-certs-aNtZIl/test-full-chain-CA.pem 230s + verification_options= 230s + mkdir -p -m 700 /etc/sssd 230s + echo 'Using CA DB '\''/tmp/sssd-softhsm2-certs-aNtZIl/test-full-chain-CA.pem'\'' with verification options: '\'''\''' 230s + cat 230s Using CA DB '/tmp/sssd-softhsm2-certs-aNtZIl/test-full-chain-CA.pem' with verification options: '' 230s + chmod 600 /etc/sssd/sssd.conf 230s + for path_pair in "${softhsm2_conf_paths[@]}" 230s + IFS=: 230s + read -r -a path 230s + user=ubuntu 230s + path=/home/ubuntu/.config/softhsm2/softhsm2.conf 230s ++ dirname /home/ubuntu/.config/softhsm2/softhsm2.conf 230s + runuser -u ubuntu -- mkdir -p /home/ubuntu/.config/softhsm2 230s + runuser -u ubuntu -- ln -sf /tmp/sssd-softhsm2-certs-aNtZIl/softhsm2-test-root-CA-trusted-certificate-0001.conf /home/ubuntu/.config/softhsm2/softhsm2.conf 230s + runuser -u ubuntu -- softhsm2-util --show-slots 230s + grep 'Test Organization' 230s Label: Test Organization Root Tr Token 230s + for path_pair in "${softhsm2_conf_paths[@]}" 230s + IFS=: 230s + read -r -a path 230s + user=root 230s + path=/etc/softhsm/softhsm2.conf 230s ++ dirname /etc/softhsm/softhsm2.conf 230s + runuser -u root -- mkdir -p /etc/softhsm 230s + runuser -u root -- ln -sf /tmp/sssd-softhsm2-certs-aNtZIl/softhsm2-test-root-CA-trusted-certificate-0001.conf /etc/softhsm/softhsm2.conf 230s + runuser -u root -- softhsm2-util --show-slots 230s + grep 'Test Organization' 230s Label: Test Organization Root Tr Token 230s + systemctl restart sssd 230s + pam-auth-update --disable sss-smart-card-optional sss-smart-card-required 230s + for alternative in "${alternative_pam_configs[@]}" 230s + pam-auth-update --enable sss-smart-card-optional 230s + cat /etc/pam.d/common-auth 230s # 230s # /etc/pam.d/common-auth - authentication settings common to all services 230s # 230s # This file is included from other service-specific PAM config files, 230s # and should contain a list of the authentication modules that define 230s # the central authentication scheme for use on the system 230s # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the 230s # traditional Unix authentication mechanisms. 230s # 230s # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. 230s # To take advantage of this, it is recommended that you configure any 230s # local modules either before or after the default block, and use 230s # pam-auth-update to manage selection of other modules. See 230s # pam-auth-update(8) for details. 230s 230s # here are the per-package modules (the "Primary" block) 230s auth [success=3 default=ignore] pam_sss.so allow_missing_name try_cert_auth 230s auth [success=2 default=ignore] pam_unix.so nullok try_first_pass 230s auth [success=1 default=ignore] pam_sss.so use_first_pass 230s # here's the fallback if no module succeeds 230s auth requisite pam_deny.so 230s # prime the stack with a positive return value if there isn't one already; 230s # this avoids us returning an error just because nothing sets a success code 230s # since the modules above will each just jump around 230s auth required pam_permit.so 230s # and here are more per-package modules (the "Additional" block) 230s auth optional pam_cap.so 230s # end of pam-auth-update config 230s + echo -n -e 123456 230s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 230s pamtester: invoking pam_start(login, ubuntu, ...) 230s pamtester: performing operation - authenticate 230s PIN for Test Organization Root Tr Token: pamtester: successfully authenticated 230s + echo -n -e 123456 230s + runuser -u ubuntu -- pamtester -v login '' authenticate 230s pamtester: invoking pam_start(login, , ...) 230s pamtester: performing operation - authenticate 230s PIN for Test Organization Root Tr Token: pamtester: successfully authenticated 230s + echo -n -e wrong123456 230s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 230s pamtester: invoking pam_start(login, ubuntu, ...) 230s pamtester: performing operation - authenticate 233s PIN for Test Organization Root Tr Token: Password: pamtester: Authentication failure 233s + echo -n -e wrong123456 233s + runuser -u ubuntu -- pamtester -v login '' authenticate 233s pamtester: invoking pam_start(login, , ...) 233s pamtester: performing operation - authenticate 236s PIN for Test Organization Root Tr Token: Password: pamtester: Authentication failure 236s + echo -n -e 123456 236s + pamtester -v login root authenticate 236s pamtester: invoking pam_start(login, root, ...) 236s pamtester: performing operation - authenticate 238s Password: pamtester: Authentication failure 238s + for alternative in "${alternative_pam_configs[@]}" 238s + pam-auth-update --enable sss-smart-card-required 238s PAM configuration 238s ----------------- 238s 238s Incompatible PAM profiles selected. 238s 238s The following PAM profiles cannot be used together: 238s 238s SSS required smart card authentication, SSS optional smart card 238s authentication 238s 238s Please select a different set of modules to enable. 238s 238s + cat /etc/pam.d/common-auth 238s # 238s # /etc/pam.d/common-auth - authentication settings common to all services 238s # 238s # This file is included from other service-specific PAM config files, 238s # and should contain a list of the authentication modules that define 238s # the central authentication scheme for use on the system 238s # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the 238s # traditional Unix authentication mechanisms. 238s # 238s # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. 238s # To take advantage of this, it is recommended that you configure any 238s # local modules either before or after the default block, and use 238s # pam-auth-update to manage selection of other modules. See 238s # pam-auth-update(8) for details. 238s 238s # here are the per-package modules (the "Primary" block) 238s auth [success=3 ignore=ignore default=die] pam_sss.so allow_missing_name require_cert_auth 238s auth [success=2 default=ignore] pam_unix.so nullok try_first_pass 238s auth [success=1 default=ignore] pam_sss.so use_first_pass 238s # here's the fallback if no module succeeds 238s auth requisite pam_deny.so 238s # prime the stack with a positive return value if there isn't one already; 238s # this avoids us returning an error just because nothing sets a success code 238s # since the modules above will each just jump around 238s auth required pam_permit.so 238s # and here are more per-package modules (the "Additional" block) 238s auth optional pam_cap.so 238s # end of pam-auth-update config 238s + echo -n -e 123456 238s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 238s pamtester: invoking pam_start(login, ubuntu, ...) 238s pamtester: performing operation - authenticate 238s PIN for Test Organization Root Tr Token: pamtester: successfully authenticated 238s + echo -n -e 123456 238s + runuser -u ubuntu -- pamtester -v login '' authenticate 238s pamtester: invoking pam_start(login, , ...) 238s pamtester: performing operation - authenticate 238s PIN for Test Organization Root Tr Token: pamtester: successfully authenticated 238s + echo -n -e wrong123456 238s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 238s pamtester: invoking pam_start(login, ubuntu, ...) 238s pamtester: performing operation - authenticate 241s PIN for Test Organization Root Tr Token: pamtester: Authentication failure 241s + echo -n -e wrong123456 241s + runuser -u ubuntu -- pamtester -v login '' authenticate 241s pamtester: invoking pam_start(login, , ...) 241s pamtester: performing operation - authenticate 244s PIN for Test Organization Root Tr Token: pamtester: Authentication failure 244s + echo -n -e 123456 244s + pamtester -v login root authenticate 244s pamtester: invoking pam_start(login, root, ...) 244s pamtester: performing operation - authenticate 247s pamtester: Authentication service cannot retrieve authentication info 247s + test_authentication login /tmp/sssd-softhsm2-certs-aNtZIl/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf /tmp/sssd-softhsm2-certs-aNtZIl/test-full-chain-CA.pem 247s + pam_service=login 247s + certificate_config=/tmp/sssd-softhsm2-certs-aNtZIl/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 247s + ca_db=/tmp/sssd-softhsm2-certs-aNtZIl/test-full-chain-CA.pem 247s + verification_options= 247s + mkdir -p -m 700 /etc/sssd 247s + echo 'Using CA DB '\''/tmp/sssd-softhsm2-certs-aNtZIl/test-full-chain-CA.pem'\'' with verification options: '\'''\''' 247s + cat 247s Using CA DB '/tmp/sssd-softhsm2-certs-aNtZIl/test-full-chain-CA.pem' with verification options: '' 247s + chmod 600 /etc/sssd/sssd.conf 247s + for path_pair in "${softhsm2_conf_paths[@]}" 247s + IFS=: 247s + read -r -a path 247s + user=ubuntu 247s + path=/home/ubuntu/.config/softhsm2/softhsm2.conf 247s ++ dirname /home/ubuntu/.config/softhsm2/softhsm2.conf 247s + runuser -u ubuntu -- mkdir -p /home/ubuntu/.config/softhsm2 247s + runuser -u ubuntu -- ln -sf /tmp/sssd-softhsm2-certs-aNtZIl/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf /home/ubuntu/.config/softhsm2/softhsm2.conf 247s + runuser -u ubuntu -- softhsm2-util --show-slots 247s + grep 'Test Organization' 247s Label: Test Organization Sub Int Token 247s + for path_pair in "${softhsm2_conf_paths[@]}" 247s + IFS=: 247s + read -r -a path 247s + user=root 247s + path=/etc/softhsm/softhsm2.conf 247s ++ dirname /etc/softhsm/softhsm2.conf 247s + runuser -u root -- mkdir -p /etc/softhsm 247s + runuser -u root -- ln -sf /tmp/sssd-softhsm2-certs-aNtZIl/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf /etc/softhsm/softhsm2.conf 247s + runuser -u root -- softhsm2-util --show-slots 247s + grep 'Test Organization' 247s Label: Test Organization Sub Int Token 247s + systemctl restart sssd 247s + pam-auth-update --disable sss-smart-card-optional sss-smart-card-required 247s + for alternative in "${alternative_pam_configs[@]}" 247s + pam-auth-update --enable sss-smart-card-optional 247s + cat /etc/pam.d/common-auth 247s # 247s # /etc/pam.d/common-auth - authentication settings common to all services 247s # 247s # This file is included from other service-specific PAM config files, 247s # and should contain a list of the authentication modules that define 247s # the central authentication scheme for use on the system 247s # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the 247s # traditional Unix authentication mechanisms. 247s # 247s # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. 247s # To take advantage of this, it is recommended that you configure any 247s # local modules either before or after the default block, and use 247s # pam-auth-update to manage selection of other modules. See 247s # pam-auth-update(8) for details. 247s 247s # here are the per-package modules (the "Primary" block) 247s auth [success=3 default=ignore] pam_sss.so allow_missing_name try_cert_auth 247s auth [success=2 default=ignore] pam_unix.so nullok try_first_pass 247s auth [success=1 default=ignore] pam_sss.so use_first_pass 247s # here's the fallback if no module succeeds 247s auth requisite pam_deny.so 247s # prime the stack with a positive return value if there isn't one already; 247s # this avoids us returning an error just because nothing sets a success code 247s # since the modules above will each just jump around 247s auth required pam_permit.so 247s # and here are more per-package modules (the "Additional" block) 247s auth optional pam_cap.so 247s # end of pam-auth-update config 247s + echo -n -e 123456 247s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 247s pamtester: invoking pam_start(login, ubuntu, ...) 247s pamtester: performing operation - authenticate 247s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 247s + echo -n -e 123456 247s + runuser -u ubuntu -- pamtester -v login '' authenticate 247s pamtester: invoking pam_start(login, , ...) 247s pamtester: performing operation - authenticate 247s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 247s + echo -n -e wrong123456 247s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 247s pamtester: invoking pam_start(login, ubuntu, ...) 247s pamtester: performing operation - authenticate 250s PIN for Test Organization Sub Int Token: Password: pamtester: Authentication failure 250s + echo -n -e wrong123456 250s + runuser -u ubuntu -- pamtester -v login '' authenticate 250s pamtester: invoking pam_start(login, , ...) 250s pamtester: performing operation - authenticate 253s PIN for Test Organization Sub Int Token: Password: pamtester: Authentication failure 253s + echo -n -e 123456 253s + pamtester -v login root authenticate 253s pamtester: invoking pam_start(login, root, ...) 253s pamtester: performing operation - authenticate 255s Password: pamtester: Authentication failure 255s + for alternative in "${alternative_pam_configs[@]}" 255s + pam-auth-update --enable sss-smart-card-required 255s PAM configuration 255s ----------------- 255s 255s Incompatible PAM profiles selected. 255s 255s The following PAM profiles cannot be used together: 255s 255s SSS required smart card authentication, SSS optional smart card 255s authentication 255s 255s Please select a different set of modules to enable. 255s 255s + cat /etc/pam.d/common-auth 255s # 255s # /etc/pam.d/common-auth - authentication settings common to all services 255s # 255s # This file is included from other service-specific PAM config files, 255s # and should contain a list of the authentication modules that define 255s # the central authentication scheme for use on the system 255s # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the 255s # traditional Unix authentication mechanisms. 255s # 255s # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. 255s # To take advantage of this, it is recommended that you configure any 255s # local modules either before or after the default block, and use 255s # pam-auth-update to manage selection of other modules. See 255s # pam-auth-update(8) for details. 255s 255s # here are the per-package modules (the "Primary" block) 255s auth [success=3 ignore=ignore default=die] pam_sss.so allow_missing_name require_cert_auth 255s auth [success=2 default=ignore] pam_unix.so nullok try_first_pass 255s auth [success=1 default=ignore] pam_sss.so use_first_pass 255s # here's the fallback if no module succeeds 255s auth requisite pam_deny.so 255s # prime the stack with a positive return value if there isn't one already; 255s # this avoids us returning an error just because nothing sets a success code 255s # since the modules above will each just jump around 255s auth required pam_permit.so 255s # and here are more per-package modules (the "Additional" block) 255s auth optional pam_cap.so 255s # end of pam-auth-update config 255s + echo -n -e 123456 255s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 255s pamtester: invoking pam_start(login, ubuntu, ...) 255s pamtester: performing operation - authenticate 255s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 255s + echo -n -e 123456 255s + runuser -u ubuntu -- pamtester -v login '' authenticate 255s pamtester: invoking pam_start(login, , ...) 255s pamtester: performing operation - authenticate 255s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 255s + echo -n -e wrong123456 255s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 255s pamtester: invoking pam_start(login, ubuntu, ...) 255s pamtester: performing operation - authenticate 258s PIN for Test Organization Sub Int Token: pamtester: Authentication failure 258s + echo -n -e wrong123456 258s + runuser -u ubuntu -- pamtester -v login '' authenticate 258s pamtester: invoking pam_start(login, , ...) 258s pamtester: performing operation - authenticate 261s PIN for Test Organization Sub Int Token: pamtester: Authentication failure 261s + echo -n -e 123456 261s + pamtester -v login root authenticate 261s pamtester: invoking pam_start(login, root, ...) 261s pamtester: performing operation - authenticate 264s pamtester: Authentication service cannot retrieve authentication info 264s + test_authentication login /tmp/sssd-softhsm2-certs-aNtZIl/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf /tmp/sssd-softhsm2-certs-aNtZIl/test-sub-intermediate-CA.pem partial_chain 264s + pam_service=login 264s + certificate_config=/tmp/sssd-softhsm2-certs-aNtZIl/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 264s + ca_db=/tmp/sssd-softhsm2-certs-aNtZIl/test-sub-intermediate-CA.pem 264s + verification_options=partial_chain 264s + mkdir -p -m 700 /etc/sssd 264s Using CA DB '/tmp/sssd-softhsm2-certs-aNtZIl/test-sub-intermediate-CA.pem' with verification options: 'partial_chain' 264s + echo 'Using CA DB '\''/tmp/sssd-softhsm2-certs-aNtZIl/test-sub-intermediate-CA.pem'\'' with verification options: '\''partial_chain'\''' 264s + cat 264s + chmod 600 /etc/sssd/sssd.conf 264s + for path_pair in "${softhsm2_conf_paths[@]}" 264s + IFS=: 264s + read -r -a path 264s + user=ubuntu 264s + path=/home/ubuntu/.config/softhsm2/softhsm2.conf 264s ++ dirname /home/ubuntu/.config/softhsm2/softhsm2.conf 264s + runuser -u ubuntu -- mkdir -p /home/ubuntu/.config/softhsm2 264s + runuser -u ubuntu -- ln -sf /tmp/sssd-softhsm2-certs-aNtZIl/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf /home/ubuntu/.config/softhsm2/softhsm2.conf 264s + runuser -u ubuntu -- softhsm2-util --show-slots 264s + grep 'Test Organization' 264s Label: Test Organization Sub Int Token 264s + for path_pair in "${softhsm2_conf_paths[@]}" 264s + IFS=: 264s + read -r -a path 264s + user=root 264s + path=/etc/softhsm/softhsm2.conf 264s ++ dirname /etc/softhsm/softhsm2.conf 264s + runuser -u root -- mkdir -p /etc/softhsm 264s + runuser -u root -- ln -sf /tmp/sssd-softhsm2-certs-aNtZIl/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf /etc/softhsm/softhsm2.conf 264s + runuser -u root -- softhsm2-util --show-slots 264s + grep 'Test Organization' 264s Label: Test Organization Sub Int Token 264s + systemctl restart sssd 264s + pam-auth-update --disable sss-smart-card-optional sss-smart-card-required 264s + for alternative in "${alternative_pam_configs[@]}" 264s + pam-auth-update --enable sss-smart-card-optional 264s + cat /etc/pam.d/common-auth 264s # 264s # /etc/pam.d/common-auth - authentication settings common to all services 264s # 264s # This file is included from other service-specific PAM config files, 264s # and should contain a list of the authentication modules that define 264s # the central authentication scheme for use on the system 264s # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the 264s # traditional Unix authentication mechanisms. 264s # 264s # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. 264s # To take advantage of this, it is recommended that you configure any 264s # local modules either before or after the default block, and use 264s # pam-auth-update to manage selection of other modules. See 264s # pam-auth-update(8) for details. 264s 264s # here are the per-package modules (the "Primary" block) 264s auth [success=3 default=ignore] pam_sss.so allow_missing_name try_cert_auth 264s auth [success=2 default=ignore] pam_unix.so nullok try_first_pass 264s auth [success=1 default=ignore] pam_sss.so use_first_pass 264s # here's the fallback if no module succeeds 264s auth requisite pam_deny.so 264s # prime the stack with a positive return value if there isn't one already; 264s # this avoids us returning an error just because nothing sets a success code 264s # since the modules above will each just jump around 264s auth required pam_permit.so 264s # and here are more per-package modules (the "Additional" block) 264s auth optional pam_cap.so 264s # end of pam-auth-update config 264s + echo -n -e 123456 264s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 264s pamtester: invoking pam_start(login, ubuntu, ...) 264s pamtester: performing operation - authenticate 264s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 264s + echo -n -e 123456 264s + runuser -u ubuntu -- pamtester -v login '' authenticate 264s pamtester: invoking pam_start(login, , ...) 264s pamtester: performing operation - authenticate 264s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 264s + echo -n -e wrong123456 264s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 264s pamtester: invoking pam_start(login, ubuntu, ...) 264s pamtester: performing operation - authenticate 268s PIN for Test Organization Sub Int Token: Password: pamtester: Authentication failure 268s + echo -n -e wrong123456 268s + runuser -u ubuntu -- pamtester -v login '' authenticate 268s pamtester: invoking pam_start(login, , ...) 268s pamtester: performing operation - authenticate 271s PIN for Test Organization Sub Int Token: Password: pamtester: Authentication failure 271s + echo -n -e 123456 271s + pamtester -v login root authenticate 271s pamtester: invoking pam_start(login, root, ...) 271s pamtester: performing operation - authenticate 274s Password: pamtester: Authentication failure 274s + for alternative in "${alternative_pam_configs[@]}" 274s + pam-auth-update --enable sss-smart-card-required 274s PAM configuration 274s ----------------- 274s 274s Incompatible PAM profiles selected. 274s 274s The following PAM profiles cannot be used together: 274s 274s SSS required smart card authentication, SSS optional smart card 274s authentication 274s 274s Please select a different set of modules to enable. 274s 274s + cat /etc/pam.d/common-auth 274s # 274s # /etc/pam.d/common-auth - authentication settings common to all services 274s # 274s # This file is included from other service-specific PAM config files, 274s # and should contain a list of the authentication modules that define 274s # the central authentication scheme for use on the system 274s # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the 274s # traditional Unix authentication mechanisms. 274s # 274s # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. 274s # To take advantage of this, it is recommended that you configure any 274s # local modules either before or after the default block, and use 274s # pam-auth-update to manage selection of other modules. See 274s # pam-auth-update(8) for details. 274s 274s # here are the per-package modules (the "Primary" block) 274s auth [success=3 ignore=ignore default=die] pam_sss.so allow_missing_name require_cert_auth 274s auth [success=2 default=ignore] pam_unix.so nullok try_first_pass 274s auth [success=1 default=ignore] pam_sss.so use_first_pass 274s # here's the fallback if no module succeeds 274s auth requisite pam_deny.so 274s # prime the stack with a positive return value if there isn't one already; 274s # this avoids us returning an error just because nothing sets a success code 274s # since the modules above will each just jump around 274s auth required pam_permit.so 274s # and here are more per-package modules (the "Additional" block) 274s auth optional pam_cap.so 274s # end of pam-auth-update config 274s + echo -n -e 123456 274s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 274s pamtester: invoking pam_start(login, ubuntu, ...) 274s pamtester: performing operation - authenticate 274s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 274s + echo -n -e 123456 274s + runuser -u ubuntu -- pamtester -v login '' authenticate 274s pamtester: invoking pam_start(login, , ...) 274s pamtester: performing operation - authenticate 274s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 274s + echo -n -e wrong123456 274s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 274s pamtester: invoking pam_start(login, ubuntu, ...) 274s pamtester: performing operation - authenticate 277s PIN for Test Organization Sub Int Token: pamtester: Authentication failure 277s + echo -n -e wrong123456 277s + runuser -u ubuntu -- pamtester -v login '' authenticate 277s pamtester: invoking pam_start(login, , ...) 277s pamtester: performing operation - authenticate 279s PIN for Test Organization Sub Int Token: pamtester: Authentication failure 279s + echo -n -e 123456 279s + pamtester -v login root authenticate 279s pamtester: invoking pam_start(login, root, ...) 279s pamtester: performing operation - authenticate 281s pamtester: Authentication service cannot retrieve authentication info 281s + handle_exit 281s + exit_code=0 281s + restore_changes 281s + for path in "${restore_paths[@]}" 281s + local original_path 281s ++ realpath --strip --relative-base=/tmp/sssd-softhsm2-backups-YHqkYG /tmp/sssd-softhsm2-backups-YHqkYG//etc/softhsm/softhsm2.conf 281s + original_path=/etc/softhsm/softhsm2.conf 281s + rm /etc/softhsm/softhsm2.conf 281s + mv /tmp/sssd-softhsm2-backups-YHqkYG//etc/softhsm/softhsm2.conf /etc/softhsm/softhsm2.conf 281s + for path in "${delete_paths[@]}" 281s + rm -f /etc/sssd/sssd.conf 281s + for path in "${delete_paths[@]}" 281s + rm -f /home/ubuntu/.config/softhsm2/softhsm2.conf 281s + pam-auth-update --disable sss-smart-card-optional sss-smart-card-required 282s + '[' -e /etc/sssd/sssd.conf ']' 282s + systemctl stop sssd 282s + '[' -e /etc/softhsm/softhsm2.conf ']' 282s + chmod 600 /etc/softhsm/softhsm2.conf 282s + rm -rf /tmp/sssd-softhsm2-certs-aNtZIl 282s + '[' 0 = 0 ']' 282s + rm -rf /tmp/sssd-softhsm2-backups-YHqkYG 282s + set +x 282s Script completed successfully! 282s autopkgtest [08:21:22]: test sssd-smart-card-pam-auth-configs: -----------------------] 282s sssd-smart-card-pam-auth-configs PASS 282s autopkgtest [08:21:22]: test sssd-smart-card-pam-auth-configs: - - - - - - - - - - results - - - - - - - - - - 282s autopkgtest [08:21:22]: @@@@@@@@@@@@@@@@@@@@ summary 282s ldap-user-group-ldap-auth PASS 282s ldap-user-group-krb5-auth PASS 282s sssd-softhism2-certificates-tests.sh PASS 282s sssd-smart-card-pam-auth-configs PASS 295s virt: nova [W] Skipping flock for amd64 295s virt: Creating nova instance adt-noble-amd64-sssd-20241116-074137-juju-7f2275-prod-proposed-migration-environment-2-245dba9c-4f04-4102-ad88-c19d5ebaeeb1 from image adt/ubuntu-noble-amd64-server-20241114.img (UUID a8bb2c88-3805-4c76-9d19-ba8ca7da0793)... 295s virt: nova [W] Skipping flock for amd64 295s virt: Creating nova instance adt-noble-amd64-sssd-20241116-074137-juju-7f2275-prod-proposed-migration-environment-2-245dba9c-4f04-4102-ad88-c19d5ebaeeb1 from image adt/ubuntu-noble-amd64-server-20241114.img (UUID a8bb2c88-3805-4c76-9d19-ba8ca7da0793)...