0s autopkgtest [20:43:17]: starting date and time: 2024-11-29 20:43:17+0000 0s autopkgtest [20:43:17]: git checkout: be626eda Fix armhf LXD image generation for plucky 0s autopkgtest [20:43:17]: host juju-7f2275-prod-proposed-migration-environment-15; command line: /home/ubuntu/autopkgtest/runner/autopkgtest --output-dir /tmp/autopkgtest-work.jzqrhozw/out --timeout-copy=6000 --setup-commands /home/ubuntu/autopkgtest-cloud/worker-config-production/setup-canonical.sh --apt-pocket=proposed=src:shadow --apt-upgrade sssd --timeout-short=300 --timeout-copy=20000 --timeout-build=20000 --env=ADT_TEST_TRIGGERS=shadow/1:4.13+dfsg1-4ubuntu3.3 -- ssh -s /home/ubuntu/autopkgtest/ssh-setup/nova -- --flavor builder-cpu2-ram4-disk20 --security-groups autopkgtest-juju-7f2275-prod-proposed-migration-environment-15@bos03-7.secgroup --name adt-noble-amd64-sssd-20241129-204317-juju-7f2275-prod-proposed-migration-environment-15-09c02d8a-557a-44f9-85b7-8a68b239e927 --image adt/ubuntu-noble-amd64-server --keyname testbed-juju-7f2275-prod-proposed-migration-environment-15 --net-id=net_prod-proposed-migration-amd64 -e TERM=linux -e ''"'"'http_proxy=http://squid.internal:3128'"'"'' -e ''"'"'https_proxy=http://squid.internal:3128'"'"'' -e ''"'"'no_proxy=127.0.0.1,127.0.1.1,login.ubuntu.com,localhost,localdomain,novalocal,internal,archive.ubuntu.com,ports.ubuntu.com,security.ubuntu.com,ddebs.ubuntu.com,changelogs.ubuntu.com,keyserver.ubuntu.com,launchpadlibrarian.net,launchpadcontent.net,launchpad.net,10.24.0.0/24,keystone.ps5.canonical.com,objectstorage.prodstack5.canonical.com'"'"'' --mirror=http://ftpmaster.internal/ubuntu/ 50s autopkgtest [20:44:07]: testbed dpkg architecture: amd64 50s autopkgtest [20:44:07]: testbed apt version: 2.7.14build2 51s autopkgtest [20:44:08]: @@@@@@@@@@@@@@@@@@@@ test bed setup 51s autopkgtest [20:44:08]: testbed release detected to be: None 52s autopkgtest [20:44:09]: updating testbed package index (apt update) 95s Get:1 http://ftpmaster.internal/ubuntu noble-proposed InRelease [265 kB] 95s Hit:2 http://ftpmaster.internal/ubuntu noble InRelease 95s Hit:3 http://ftpmaster.internal/ubuntu noble-updates InRelease 95s Hit:4 http://ftpmaster.internal/ubuntu noble-security InRelease 95s Get:5 http://ftpmaster.internal/ubuntu noble-proposed/multiverse Sources [8604 B] 95s Get:6 http://ftpmaster.internal/ubuntu noble-proposed/main Sources [103 kB] 95s Get:7 http://ftpmaster.internal/ubuntu noble-proposed/restricted Sources [17.3 kB] 96s Get:8 http://ftpmaster.internal/ubuntu noble-proposed/universe Sources [92.1 kB] 96s Get:9 http://ftpmaster.internal/ubuntu noble-proposed/main i386 Packages [126 kB] 96s Get:10 http://ftpmaster.internal/ubuntu noble-proposed/main amd64 Packages [247 kB] 96s Get:11 http://ftpmaster.internal/ubuntu noble-proposed/main amd64 c-n-f Metadata [3768 B] 96s Get:12 http://ftpmaster.internal/ubuntu noble-proposed/restricted amd64 Packages [130 kB] 96s Get:13 http://ftpmaster.internal/ubuntu noble-proposed/restricted i386 Packages [3004 B] 96s Get:14 http://ftpmaster.internal/ubuntu noble-proposed/restricted amd64 c-n-f Metadata [360 B] 96s Get:15 http://ftpmaster.internal/ubuntu noble-proposed/universe amd64 Packages [706 kB] 96s Get:16 http://ftpmaster.internal/ubuntu noble-proposed/universe i386 Packages [516 kB] 96s Get:17 http://ftpmaster.internal/ubuntu noble-proposed/universe amd64 c-n-f Metadata [10.7 kB] 96s Get:18 http://ftpmaster.internal/ubuntu noble-proposed/multiverse i386 Packages [2604 B] 96s Get:19 http://ftpmaster.internal/ubuntu noble-proposed/multiverse amd64 Packages [14.0 kB] 96s Get:20 http://ftpmaster.internal/ubuntu noble-proposed/multiverse amd64 c-n-f Metadata [344 B] 100s Fetched 2248 kB in 45s (50.1 kB/s) 101s Reading package lists... 101s Reading package lists... 102s Building dependency tree... 102s Reading state information... 102s Calculating upgrade... 102s 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 102s Reading package lists... 102s Building dependency tree... 102s Reading state information... 103s 0 upgraded, 0 newly installed, 0 to remove and 2 not upgraded. 103s autopkgtest [20:45:00]: upgrading testbed (apt dist-upgrade and autopurge) 103s Reading package lists... 103s Building dependency tree... 103s Reading state information... 103s Calculating upgrade...Starting pkgProblemResolver with broken count: 0 103s Starting 2 pkgProblemResolver with broken count: 0 103s Done 104s Entering ResolveByKeep 105s 105s The following packages will be upgraded: 105s login passwd 105s 2 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 105s Need to get 1047 kB of archives. 105s After this operation, 4096 B disk space will be freed. 105s Get:1 http://ftpmaster.internal/ubuntu noble-proposed/main amd64 login amd64 1:4.13+dfsg1-4ubuntu3.3 [202 kB] 105s Get:2 http://ftpmaster.internal/ubuntu noble-proposed/main amd64 passwd amd64 1:4.13+dfsg1-4ubuntu3.3 [845 kB] 106s Fetched 1047 kB in 1s (1743 kB/s) 106s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 74185 files and directories currently installed.) 106s Preparing to unpack .../login_1%3a4.13+dfsg1-4ubuntu3.3_amd64.deb ... 106s Unpacking login (1:4.13+dfsg1-4ubuntu3.3) over (1:4.13+dfsg1-4ubuntu3.2) ... 106s Setting up login (1:4.13+dfsg1-4ubuntu3.3) ... 106s Installing new version of config file /etc/pam.d/login ... 106s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 74185 files and directories currently installed.) 106s Preparing to unpack .../passwd_1%3a4.13+dfsg1-4ubuntu3.3_amd64.deb ... 106s Unpacking passwd (1:4.13+dfsg1-4ubuntu3.3) over (1:4.13+dfsg1-4ubuntu3.2) ... 106s Setting up passwd (1:4.13+dfsg1-4ubuntu3.3) ... 106s Processing triggers for man-db (2.12.0-4build2) ... 108s Reading package lists... 108s Building dependency tree... 108s Reading state information... 108s Starting pkgProblemResolver with broken count: 0 108s Starting 2 pkgProblemResolver with broken count: 0 108s Done 108s 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 111s autopkgtest [20:45:08]: testbed running kernel: Linux 6.8.0-49-generic #49-Ubuntu SMP PREEMPT_DYNAMIC Mon Nov 4 02:06:24 UTC 2024 111s autopkgtest [20:45:08]: @@@@@@@@@@@@@@@@@@@@ apt-source sssd 125s Get:1 http://ftpmaster.internal/ubuntu noble-updates/main sssd 2.9.4-1.1ubuntu6.1 (dsc) [5064 B] 125s Get:2 http://ftpmaster.internal/ubuntu noble-updates/main sssd 2.9.4-1.1ubuntu6.1 (tar) [7983 kB] 125s Get:3 http://ftpmaster.internal/ubuntu noble-updates/main sssd 2.9.4-1.1ubuntu6.1 (diff) [51.3 kB] 125s gpgv: Signature made Mon Jun 10 14:26:32 2024 UTC 125s gpgv: using RSA key 50C4A0DDCF31E452CEB19B516569D855A744BE93 125s gpgv: Can't check signature: No public key 125s dpkg-source: warning: cannot verify inline signature for ./sssd_2.9.4-1.1ubuntu6.1.dsc: no acceptable signature found 126s autopkgtest [20:45:23]: testing package sssd version 2.9.4-1.1ubuntu6.1 129s autopkgtest [20:45:26]: build not needed 136s autopkgtest [20:45:33]: test ldap-user-group-ldap-auth: preparing testbed 136s Reading package lists... 136s Building dependency tree... 136s Reading state information... 137s Starting pkgProblemResolver with broken count: 0 137s Starting 2 pkgProblemResolver with broken count: 0 137s Done 137s The following NEW packages will be installed: 137s expect ldap-utils libavahi-client3 libavahi-common-data libavahi-common3 137s libbasicobjects0t64 libcares2 libcollection4t64 libcrack2 libdhash1t64 137s libevent-2.1-7t64 libini-config5t64 libipa-hbac-dev libipa-hbac0t64 libjose0 137s libkrad0 libldb2 libltdl7 libnfsidmap1 libnss-sss libnss-sudo libodbc2 137s libpam-pwquality libpam-sss libpath-utils1t64 libpwquality-common 137s libpwquality1 libref-array1t64 libsmbclient0 libsss-certmap-dev 137s libsss-certmap0 libsss-idmap-dev libsss-idmap0 libsss-nss-idmap-dev 137s libsss-nss-idmap0 libsss-sudo libtalloc2 libtcl8.6 libtdb1 libtevent0t64 137s libverto-libevent1t64 libverto1t64 libwbclient0 python3-libipa-hbac 137s python3-libsss-nss-idmap python3-sss samba-libs slapd sssd sssd-ad 137s sssd-ad-common sssd-common sssd-dbus sssd-idp sssd-ipa sssd-kcm sssd-krb5 137s sssd-krb5-common sssd-ldap sssd-passkey sssd-proxy sssd-tools tcl-expect 137s tcl8.6 137s 0 upgraded, 64 newly installed, 0 to remove and 0 not upgraded. 137s Need to get 12.7 MB of archives. 137s After this operation, 48.8 MB of additional disk space will be used. 137s Get:1 http://ftpmaster.internal/ubuntu noble/main amd64 libltdl7 amd64 2.4.7-7build1 [40.3 kB] 138s Get:2 http://ftpmaster.internal/ubuntu noble-updates/main amd64 libodbc2 amd64 2.3.12-1ubuntu0.24.04.1 [158 kB] 138s Get:3 http://ftpmaster.internal/ubuntu noble-updates/main amd64 slapd amd64 2.6.7+dfsg-1~exp1ubuntu8.1 [1553 kB] 138s Get:4 http://ftpmaster.internal/ubuntu noble/main amd64 libtcl8.6 amd64 8.6.14+dfsg-1build1 [988 kB] 138s Get:5 http://ftpmaster.internal/ubuntu noble/main amd64 tcl8.6 amd64 8.6.14+dfsg-1build1 [14.7 kB] 138s Get:6 http://ftpmaster.internal/ubuntu noble/universe amd64 tcl-expect amd64 5.45.4-3 [110 kB] 138s Get:7 http://ftpmaster.internal/ubuntu noble/universe amd64 expect amd64 5.45.4-3 [137 kB] 138s Get:8 http://ftpmaster.internal/ubuntu noble-updates/main amd64 ldap-utils amd64 2.6.7+dfsg-1~exp1ubuntu8.1 [153 kB] 138s Get:9 http://ftpmaster.internal/ubuntu noble/main amd64 libavahi-common-data amd64 0.8-13ubuntu6 [29.7 kB] 138s Get:10 http://ftpmaster.internal/ubuntu noble/main amd64 libavahi-common3 amd64 0.8-13ubuntu6 [23.3 kB] 138s Get:11 http://ftpmaster.internal/ubuntu noble/main amd64 libavahi-client3 amd64 0.8-13ubuntu6 [26.8 kB] 138s Get:12 http://ftpmaster.internal/ubuntu noble/main amd64 libbasicobjects0t64 amd64 0.6.2-2.1build1 [5854 B] 138s Get:13 http://ftpmaster.internal/ubuntu noble/main amd64 libcares2 amd64 1.27.0-1.0ubuntu1 [73.7 kB] 138s Get:14 http://ftpmaster.internal/ubuntu noble/main amd64 libcollection4t64 amd64 0.6.2-2.1build1 [22.8 kB] 138s Get:15 http://ftpmaster.internal/ubuntu noble/main amd64 libcrack2 amd64 2.9.6-5.1build2 [29.0 kB] 138s Get:16 http://ftpmaster.internal/ubuntu noble/main amd64 libdhash1t64 amd64 0.6.2-2.1build1 [8614 B] 138s Get:17 http://ftpmaster.internal/ubuntu noble/main amd64 libevent-2.1-7t64 amd64 2.1.12-stable-9ubuntu2 [145 kB] 138s Get:18 http://ftpmaster.internal/ubuntu noble/main amd64 libpath-utils1t64 amd64 0.6.2-2.1build1 [8744 B] 138s Get:19 http://ftpmaster.internal/ubuntu noble/main amd64 libref-array1t64 amd64 0.6.2-2.1build1 [7420 B] 138s Get:20 http://ftpmaster.internal/ubuntu noble/main amd64 libini-config5t64 amd64 0.6.2-2.1build1 [43.5 kB] 138s Get:21 http://ftpmaster.internal/ubuntu noble-updates/main amd64 libipa-hbac0t64 amd64 2.9.4-1.1ubuntu6.1 [17.6 kB] 138s Get:22 http://ftpmaster.internal/ubuntu noble/universe amd64 libjose0 amd64 13-1 [44.5 kB] 138s Get:23 http://ftpmaster.internal/ubuntu noble/main amd64 libverto-libevent1t64 amd64 0.3.1-1.2ubuntu3 [6424 B] 138s Get:24 http://ftpmaster.internal/ubuntu noble/main amd64 libverto1t64 amd64 0.3.1-1.2ubuntu3 [10.5 kB] 138s Get:25 http://ftpmaster.internal/ubuntu noble-updates/main amd64 libkrad0 amd64 1.20.1-6ubuntu2.2 [22.2 kB] 138s Get:26 http://ftpmaster.internal/ubuntu noble/main amd64 libtalloc2 amd64 2.4.2-1build2 [27.3 kB] 138s Get:27 http://ftpmaster.internal/ubuntu noble/main amd64 libtdb1 amd64 1.4.10-1build1 [46.8 kB] 138s Get:28 http://ftpmaster.internal/ubuntu noble/main amd64 libtevent0t64 amd64 0.16.1-2build1 [42.6 kB] 138s Get:29 http://ftpmaster.internal/ubuntu noble/main amd64 libldb2 amd64 2:2.8.0+samba4.19.5+dfsg-4ubuntu9 [187 kB] 138s Get:30 http://ftpmaster.internal/ubuntu noble/main amd64 libnfsidmap1 amd64 1:2.6.4-3ubuntu5 [48.2 kB] 138s Get:31 http://ftpmaster.internal/ubuntu noble/universe amd64 libnss-sudo all 1.9.15p5-3ubuntu5 [15.2 kB] 138s Get:32 http://ftpmaster.internal/ubuntu noble/main amd64 libpwquality-common all 1.4.5-3build1 [7748 B] 138s Get:33 http://ftpmaster.internal/ubuntu noble/main amd64 libpwquality1 amd64 1.4.5-3build1 [13.5 kB] 138s Get:34 http://ftpmaster.internal/ubuntu noble/main amd64 libpam-pwquality amd64 1.4.5-3build1 [11.7 kB] 138s Get:35 http://ftpmaster.internal/ubuntu noble/main amd64 libwbclient0 amd64 2:4.19.5+dfsg-4ubuntu9 [70.6 kB] 138s Get:36 http://ftpmaster.internal/ubuntu noble/main amd64 samba-libs amd64 2:4.19.5+dfsg-4ubuntu9 [6017 kB] 139s Get:37 http://ftpmaster.internal/ubuntu noble/main amd64 libsmbclient0 amd64 2:4.19.5+dfsg-4ubuntu9 [62.4 kB] 139s Get:38 http://ftpmaster.internal/ubuntu noble-updates/main amd64 libnss-sss amd64 2.9.4-1.1ubuntu6.1 [31.7 kB] 139s Get:39 http://ftpmaster.internal/ubuntu noble-updates/main amd64 libpam-sss amd64 2.9.4-1.1ubuntu6.1 [50.5 kB] 139s Get:40 http://ftpmaster.internal/ubuntu noble-updates/main amd64 python3-sss amd64 2.9.4-1.1ubuntu6.1 [47.3 kB] 139s Get:41 http://ftpmaster.internal/ubuntu noble-updates/main amd64 libsss-certmap0 amd64 2.9.4-1.1ubuntu6.1 [47.3 kB] 139s Get:42 http://ftpmaster.internal/ubuntu noble-updates/main amd64 libsss-idmap0 amd64 2.9.4-1.1ubuntu6.1 [21.9 kB] 139s Get:43 http://ftpmaster.internal/ubuntu noble-updates/main amd64 libsss-nss-idmap0 amd64 2.9.4-1.1ubuntu6.1 [30.5 kB] 139s Get:44 http://ftpmaster.internal/ubuntu noble-updates/main amd64 sssd-common amd64 2.9.4-1.1ubuntu6.1 [1139 kB] 139s Get:45 http://ftpmaster.internal/ubuntu noble-updates/universe amd64 sssd-idp amd64 2.9.4-1.1ubuntu6.1 [27.4 kB] 139s Get:46 http://ftpmaster.internal/ubuntu noble-updates/universe amd64 sssd-passkey amd64 2.9.4-1.1ubuntu6.1 [32.4 kB] 139s Get:47 http://ftpmaster.internal/ubuntu noble-updates/main amd64 libipa-hbac-dev amd64 2.9.4-1.1ubuntu6.1 [6668 B] 139s Get:48 http://ftpmaster.internal/ubuntu noble-updates/main amd64 libsss-certmap-dev amd64 2.9.4-1.1ubuntu6.1 [5736 B] 139s Get:49 http://ftpmaster.internal/ubuntu noble-updates/main amd64 libsss-idmap-dev amd64 2.9.4-1.1ubuntu6.1 [8382 B] 139s Get:50 http://ftpmaster.internal/ubuntu noble-updates/main amd64 libsss-nss-idmap-dev amd64 2.9.4-1.1ubuntu6.1 [6716 B] 139s Get:51 http://ftpmaster.internal/ubuntu noble-updates/universe amd64 libsss-sudo amd64 2.9.4-1.1ubuntu6.1 [21.3 kB] 139s Get:52 http://ftpmaster.internal/ubuntu noble-updates/universe amd64 python3-libipa-hbac amd64 2.9.4-1.1ubuntu6.1 [16.8 kB] 139s Get:53 http://ftpmaster.internal/ubuntu noble-updates/universe amd64 python3-libsss-nss-idmap amd64 2.9.4-1.1ubuntu6.1 [9182 B] 139s Get:54 http://ftpmaster.internal/ubuntu noble-updates/main amd64 sssd-ad-common amd64 2.9.4-1.1ubuntu6.1 [77.1 kB] 139s Get:55 http://ftpmaster.internal/ubuntu noble-updates/main amd64 sssd-krb5-common amd64 2.9.4-1.1ubuntu6.1 [88.8 kB] 139s Get:56 http://ftpmaster.internal/ubuntu noble-updates/main amd64 sssd-ad amd64 2.9.4-1.1ubuntu6.1 [136 kB] 139s Get:57 http://ftpmaster.internal/ubuntu noble-updates/main amd64 sssd-ipa amd64 2.9.4-1.1ubuntu6.1 [221 kB] 139s Get:58 http://ftpmaster.internal/ubuntu noble-updates/main amd64 sssd-krb5 amd64 2.9.4-1.1ubuntu6.1 [14.5 kB] 139s Get:59 http://ftpmaster.internal/ubuntu noble-updates/main amd64 sssd-ldap amd64 2.9.4-1.1ubuntu6.1 [31.3 kB] 139s Get:60 http://ftpmaster.internal/ubuntu noble-updates/main amd64 sssd-proxy amd64 2.9.4-1.1ubuntu6.1 [44.6 kB] 139s Get:61 http://ftpmaster.internal/ubuntu noble-updates/main amd64 sssd amd64 2.9.4-1.1ubuntu6.1 [4122 B] 139s Get:62 http://ftpmaster.internal/ubuntu noble-updates/main amd64 sssd-dbus amd64 2.9.4-1.1ubuntu6.1 [104 kB] 139s Get:63 http://ftpmaster.internal/ubuntu noble-updates/universe amd64 sssd-kcm amd64 2.9.4-1.1ubuntu6.1 [140 kB] 139s Get:64 http://ftpmaster.internal/ubuntu noble-updates/main amd64 sssd-tools amd64 2.9.4-1.1ubuntu6.1 [97.8 kB] 139s Preconfiguring packages ... 139s Fetched 12.7 MB in 2s (8236 kB/s) 139s Selecting previously unselected package libltdl7:amd64. 139s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 74185 files and directories currently installed.) 139s Preparing to unpack .../00-libltdl7_2.4.7-7build1_amd64.deb ... 139s Unpacking libltdl7:amd64 (2.4.7-7build1) ... 139s Selecting previously unselected package libodbc2:amd64. 139s Preparing to unpack .../01-libodbc2_2.3.12-1ubuntu0.24.04.1_amd64.deb ... 139s Unpacking libodbc2:amd64 (2.3.12-1ubuntu0.24.04.1) ... 139s Selecting previously unselected package slapd. 139s Preparing to unpack .../02-slapd_2.6.7+dfsg-1~exp1ubuntu8.1_amd64.deb ... 139s Unpacking slapd (2.6.7+dfsg-1~exp1ubuntu8.1) ... 139s Selecting previously unselected package libtcl8.6:amd64. 139s Preparing to unpack .../03-libtcl8.6_8.6.14+dfsg-1build1_amd64.deb ... 139s Unpacking libtcl8.6:amd64 (8.6.14+dfsg-1build1) ... 140s Selecting previously unselected package tcl8.6. 140s Preparing to unpack .../04-tcl8.6_8.6.14+dfsg-1build1_amd64.deb ... 140s Unpacking tcl8.6 (8.6.14+dfsg-1build1) ... 140s Selecting previously unselected package tcl-expect:amd64. 140s Preparing to unpack .../05-tcl-expect_5.45.4-3_amd64.deb ... 140s Unpacking tcl-expect:amd64 (5.45.4-3) ... 140s Selecting previously unselected package expect. 140s Preparing to unpack .../06-expect_5.45.4-3_amd64.deb ... 140s Unpacking expect (5.45.4-3) ... 140s Selecting previously unselected package ldap-utils. 140s Preparing to unpack .../07-ldap-utils_2.6.7+dfsg-1~exp1ubuntu8.1_amd64.deb ... 140s Unpacking ldap-utils (2.6.7+dfsg-1~exp1ubuntu8.1) ... 140s Selecting previously unselected package libavahi-common-data:amd64. 140s Preparing to unpack .../08-libavahi-common-data_0.8-13ubuntu6_amd64.deb ... 140s Unpacking libavahi-common-data:amd64 (0.8-13ubuntu6) ... 140s Selecting previously unselected package libavahi-common3:amd64. 140s Preparing to unpack .../09-libavahi-common3_0.8-13ubuntu6_amd64.deb ... 140s Unpacking libavahi-common3:amd64 (0.8-13ubuntu6) ... 140s Selecting previously unselected package libavahi-client3:amd64. 140s Preparing to unpack .../10-libavahi-client3_0.8-13ubuntu6_amd64.deb ... 140s Unpacking libavahi-client3:amd64 (0.8-13ubuntu6) ... 140s Selecting previously unselected package libbasicobjects0t64:amd64. 140s Preparing to unpack .../11-libbasicobjects0t64_0.6.2-2.1build1_amd64.deb ... 140s Unpacking libbasicobjects0t64:amd64 (0.6.2-2.1build1) ... 140s Selecting previously unselected package libcares2:amd64. 140s Preparing to unpack .../12-libcares2_1.27.0-1.0ubuntu1_amd64.deb ... 140s Unpacking libcares2:amd64 (1.27.0-1.0ubuntu1) ... 140s Selecting previously unselected package libcollection4t64:amd64. 140s Preparing to unpack .../13-libcollection4t64_0.6.2-2.1build1_amd64.deb ... 140s Unpacking libcollection4t64:amd64 (0.6.2-2.1build1) ... 140s Selecting previously unselected package libcrack2:amd64. 140s Preparing to unpack .../14-libcrack2_2.9.6-5.1build2_amd64.deb ... 140s Unpacking libcrack2:amd64 (2.9.6-5.1build2) ... 140s Selecting previously unselected package libdhash1t64:amd64. 140s Preparing to unpack .../15-libdhash1t64_0.6.2-2.1build1_amd64.deb ... 140s Unpacking libdhash1t64:amd64 (0.6.2-2.1build1) ... 140s Selecting previously unselected package libevent-2.1-7t64:amd64. 140s Preparing to unpack .../16-libevent-2.1-7t64_2.1.12-stable-9ubuntu2_amd64.deb ... 140s Unpacking libevent-2.1-7t64:amd64 (2.1.12-stable-9ubuntu2) ... 140s Selecting previously unselected package libpath-utils1t64:amd64. 140s Preparing to unpack .../17-libpath-utils1t64_0.6.2-2.1build1_amd64.deb ... 140s Unpacking libpath-utils1t64:amd64 (0.6.2-2.1build1) ... 140s Selecting previously unselected package libref-array1t64:amd64. 140s Preparing to unpack .../18-libref-array1t64_0.6.2-2.1build1_amd64.deb ... 140s Unpacking libref-array1t64:amd64 (0.6.2-2.1build1) ... 140s Selecting previously unselected package libini-config5t64:amd64. 140s Preparing to unpack .../19-libini-config5t64_0.6.2-2.1build1_amd64.deb ... 140s Unpacking libini-config5t64:amd64 (0.6.2-2.1build1) ... 140s Selecting previously unselected package libipa-hbac0t64. 140s Preparing to unpack .../20-libipa-hbac0t64_2.9.4-1.1ubuntu6.1_amd64.deb ... 140s Unpacking libipa-hbac0t64 (2.9.4-1.1ubuntu6.1) ... 140s Selecting previously unselected package libjose0:amd64. 140s Preparing to unpack .../21-libjose0_13-1_amd64.deb ... 140s Unpacking libjose0:amd64 (13-1) ... 140s Selecting previously unselected package libverto-libevent1t64:amd64. 140s Preparing to unpack .../22-libverto-libevent1t64_0.3.1-1.2ubuntu3_amd64.deb ... 140s Unpacking libverto-libevent1t64:amd64 (0.3.1-1.2ubuntu3) ... 140s Selecting previously unselected package libverto1t64:amd64. 140s Preparing to unpack .../23-libverto1t64_0.3.1-1.2ubuntu3_amd64.deb ... 140s Unpacking libverto1t64:amd64 (0.3.1-1.2ubuntu3) ... 140s Selecting previously unselected package libkrad0:amd64. 140s Preparing to unpack .../24-libkrad0_1.20.1-6ubuntu2.2_amd64.deb ... 140s Unpacking libkrad0:amd64 (1.20.1-6ubuntu2.2) ... 140s Selecting previously unselected package libtalloc2:amd64. 140s Preparing to unpack .../25-libtalloc2_2.4.2-1build2_amd64.deb ... 140s Unpacking libtalloc2:amd64 (2.4.2-1build2) ... 140s Selecting previously unselected package libtdb1:amd64. 140s Preparing to unpack .../26-libtdb1_1.4.10-1build1_amd64.deb ... 140s Unpacking libtdb1:amd64 (1.4.10-1build1) ... 140s Selecting previously unselected package libtevent0t64:amd64. 140s Preparing to unpack .../27-libtevent0t64_0.16.1-2build1_amd64.deb ... 140s Unpacking libtevent0t64:amd64 (0.16.1-2build1) ... 140s Selecting previously unselected package libldb2:amd64. 140s Preparing to unpack .../28-libldb2_2%3a2.8.0+samba4.19.5+dfsg-4ubuntu9_amd64.deb ... 140s Unpacking libldb2:amd64 (2:2.8.0+samba4.19.5+dfsg-4ubuntu9) ... 140s Selecting previously unselected package libnfsidmap1:amd64. 140s Preparing to unpack .../29-libnfsidmap1_1%3a2.6.4-3ubuntu5_amd64.deb ... 140s Unpacking libnfsidmap1:amd64 (1:2.6.4-3ubuntu5) ... 140s Selecting previously unselected package libnss-sudo. 140s Preparing to unpack .../30-libnss-sudo_1.9.15p5-3ubuntu5_all.deb ... 140s Unpacking libnss-sudo (1.9.15p5-3ubuntu5) ... 140s Selecting previously unselected package libpwquality-common. 140s Preparing to unpack .../31-libpwquality-common_1.4.5-3build1_all.deb ... 140s Unpacking libpwquality-common (1.4.5-3build1) ... 140s Selecting previously unselected package libpwquality1:amd64. 140s Preparing to unpack .../32-libpwquality1_1.4.5-3build1_amd64.deb ... 140s Unpacking libpwquality1:amd64 (1.4.5-3build1) ... 140s Selecting previously unselected package libpam-pwquality:amd64. 140s Preparing to unpack .../33-libpam-pwquality_1.4.5-3build1_amd64.deb ... 140s Unpacking libpam-pwquality:amd64 (1.4.5-3build1) ... 140s Selecting previously unselected package libwbclient0:amd64. 140s Preparing to unpack .../34-libwbclient0_2%3a4.19.5+dfsg-4ubuntu9_amd64.deb ... 140s Unpacking libwbclient0:amd64 (2:4.19.5+dfsg-4ubuntu9) ... 140s Selecting previously unselected package samba-libs:amd64. 140s Preparing to unpack .../35-samba-libs_2%3a4.19.5+dfsg-4ubuntu9_amd64.deb ... 140s Unpacking samba-libs:amd64 (2:4.19.5+dfsg-4ubuntu9) ... 141s Selecting previously unselected package libsmbclient0:amd64. 141s Preparing to unpack .../36-libsmbclient0_2%3a4.19.5+dfsg-4ubuntu9_amd64.deb ... 141s Unpacking libsmbclient0:amd64 (2:4.19.5+dfsg-4ubuntu9) ... 141s Selecting previously unselected package libnss-sss:amd64. 141s Preparing to unpack .../37-libnss-sss_2.9.4-1.1ubuntu6.1_amd64.deb ... 141s Unpacking libnss-sss:amd64 (2.9.4-1.1ubuntu6.1) ... 141s Selecting previously unselected package libpam-sss:amd64. 141s Preparing to unpack .../38-libpam-sss_2.9.4-1.1ubuntu6.1_amd64.deb ... 141s Unpacking libpam-sss:amd64 (2.9.4-1.1ubuntu6.1) ... 141s Selecting previously unselected package python3-sss. 141s Preparing to unpack .../39-python3-sss_2.9.4-1.1ubuntu6.1_amd64.deb ... 141s Unpacking python3-sss (2.9.4-1.1ubuntu6.1) ... 141s Selecting previously unselected package libsss-certmap0. 141s Preparing to unpack .../40-libsss-certmap0_2.9.4-1.1ubuntu6.1_amd64.deb ... 141s Unpacking libsss-certmap0 (2.9.4-1.1ubuntu6.1) ... 141s Selecting previously unselected package libsss-idmap0. 141s Preparing to unpack .../41-libsss-idmap0_2.9.4-1.1ubuntu6.1_amd64.deb ... 141s Unpacking libsss-idmap0 (2.9.4-1.1ubuntu6.1) ... 141s Selecting previously unselected package libsss-nss-idmap0. 141s Preparing to unpack .../42-libsss-nss-idmap0_2.9.4-1.1ubuntu6.1_amd64.deb ... 141s Unpacking libsss-nss-idmap0 (2.9.4-1.1ubuntu6.1) ... 141s Selecting previously unselected package sssd-common. 141s Preparing to unpack .../43-sssd-common_2.9.4-1.1ubuntu6.1_amd64.deb ... 141s Unpacking sssd-common (2.9.4-1.1ubuntu6.1) ... 141s Selecting previously unselected package sssd-idp. 141s Preparing to unpack .../44-sssd-idp_2.9.4-1.1ubuntu6.1_amd64.deb ... 141s Unpacking sssd-idp (2.9.4-1.1ubuntu6.1) ... 141s Selecting previously unselected package sssd-passkey. 141s Preparing to unpack .../45-sssd-passkey_2.9.4-1.1ubuntu6.1_amd64.deb ... 141s Unpacking sssd-passkey (2.9.4-1.1ubuntu6.1) ... 141s Selecting previously unselected package libipa-hbac-dev. 141s Preparing to unpack .../46-libipa-hbac-dev_2.9.4-1.1ubuntu6.1_amd64.deb ... 141s Unpacking libipa-hbac-dev (2.9.4-1.1ubuntu6.1) ... 141s Selecting previously unselected package libsss-certmap-dev. 141s Preparing to unpack .../47-libsss-certmap-dev_2.9.4-1.1ubuntu6.1_amd64.deb ... 141s Unpacking libsss-certmap-dev (2.9.4-1.1ubuntu6.1) ... 141s Selecting previously unselected package libsss-idmap-dev. 141s Preparing to unpack .../48-libsss-idmap-dev_2.9.4-1.1ubuntu6.1_amd64.deb ... 141s Unpacking libsss-idmap-dev (2.9.4-1.1ubuntu6.1) ... 141s Selecting previously unselected package libsss-nss-idmap-dev. 141s Preparing to unpack .../49-libsss-nss-idmap-dev_2.9.4-1.1ubuntu6.1_amd64.deb ... 141s Unpacking libsss-nss-idmap-dev (2.9.4-1.1ubuntu6.1) ... 141s Selecting previously unselected package libsss-sudo. 141s Preparing to unpack .../50-libsss-sudo_2.9.4-1.1ubuntu6.1_amd64.deb ... 141s Unpacking libsss-sudo (2.9.4-1.1ubuntu6.1) ... 141s Selecting previously unselected package python3-libipa-hbac. 141s Preparing to unpack .../51-python3-libipa-hbac_2.9.4-1.1ubuntu6.1_amd64.deb ... 141s Unpacking python3-libipa-hbac (2.9.4-1.1ubuntu6.1) ... 141s Selecting previously unselected package python3-libsss-nss-idmap. 141s Preparing to unpack .../52-python3-libsss-nss-idmap_2.9.4-1.1ubuntu6.1_amd64.deb ... 141s Unpacking python3-libsss-nss-idmap (2.9.4-1.1ubuntu6.1) ... 141s Selecting previously unselected package sssd-ad-common. 141s Preparing to unpack .../53-sssd-ad-common_2.9.4-1.1ubuntu6.1_amd64.deb ... 141s Unpacking sssd-ad-common (2.9.4-1.1ubuntu6.1) ... 141s Selecting previously unselected package sssd-krb5-common. 141s Preparing to unpack .../54-sssd-krb5-common_2.9.4-1.1ubuntu6.1_amd64.deb ... 141s Unpacking sssd-krb5-common (2.9.4-1.1ubuntu6.1) ... 141s Selecting previously unselected package sssd-ad. 141s Preparing to unpack .../55-sssd-ad_2.9.4-1.1ubuntu6.1_amd64.deb ... 141s Unpacking sssd-ad (2.9.4-1.1ubuntu6.1) ... 141s Selecting previously unselected package sssd-ipa. 141s Preparing to unpack .../56-sssd-ipa_2.9.4-1.1ubuntu6.1_amd64.deb ... 141s Unpacking sssd-ipa (2.9.4-1.1ubuntu6.1) ... 141s Selecting previously unselected package sssd-krb5. 141s Preparing to unpack .../57-sssd-krb5_2.9.4-1.1ubuntu6.1_amd64.deb ... 141s Unpacking sssd-krb5 (2.9.4-1.1ubuntu6.1) ... 141s Selecting previously unselected package sssd-ldap. 141s Preparing to unpack .../58-sssd-ldap_2.9.4-1.1ubuntu6.1_amd64.deb ... 141s Unpacking sssd-ldap (2.9.4-1.1ubuntu6.1) ... 141s Selecting previously unselected package sssd-proxy. 141s Preparing to unpack .../59-sssd-proxy_2.9.4-1.1ubuntu6.1_amd64.deb ... 141s Unpacking sssd-proxy (2.9.4-1.1ubuntu6.1) ... 141s Selecting previously unselected package sssd. 141s Preparing to unpack .../60-sssd_2.9.4-1.1ubuntu6.1_amd64.deb ... 141s Unpacking sssd (2.9.4-1.1ubuntu6.1) ... 141s Selecting previously unselected package sssd-dbus. 141s Preparing to unpack .../61-sssd-dbus_2.9.4-1.1ubuntu6.1_amd64.deb ... 141s Unpacking sssd-dbus (2.9.4-1.1ubuntu6.1) ... 141s Selecting previously unselected package sssd-kcm. 141s Preparing to unpack .../62-sssd-kcm_2.9.4-1.1ubuntu6.1_amd64.deb ... 141s Unpacking sssd-kcm (2.9.4-1.1ubuntu6.1) ... 141s Selecting previously unselected package sssd-tools. 141s Preparing to unpack .../63-sssd-tools_2.9.4-1.1ubuntu6.1_amd64.deb ... 141s Unpacking sssd-tools (2.9.4-1.1ubuntu6.1) ... 141s Setting up libpwquality-common (1.4.5-3build1) ... 141s Setting up libnfsidmap1:amd64 (1:2.6.4-3ubuntu5) ... 141s Setting up libsss-idmap0 (2.9.4-1.1ubuntu6.1) ... 141s Setting up libbasicobjects0t64:amd64 (0.6.2-2.1build1) ... 141s Setting up libipa-hbac0t64 (2.9.4-1.1ubuntu6.1) ... 141s Setting up libsss-idmap-dev (2.9.4-1.1ubuntu6.1) ... 141s Setting up libref-array1t64:amd64 (0.6.2-2.1build1) ... 141s Setting up libipa-hbac-dev (2.9.4-1.1ubuntu6.1) ... 141s Setting up libtdb1:amd64 (1.4.10-1build1) ... 141s Setting up libcollection4t64:amd64 (0.6.2-2.1build1) ... 141s Setting up libevent-2.1-7t64:amd64 (2.1.12-stable-9ubuntu2) ... 141s Setting up ldap-utils (2.6.7+dfsg-1~exp1ubuntu8.1) ... 142s Setting up libjose0:amd64 (13-1) ... 142s Setting up libwbclient0:amd64 (2:4.19.5+dfsg-4ubuntu9) ... 142s Setting up libtalloc2:amd64 (2.4.2-1build2) ... 142s Setting up libpath-utils1t64:amd64 (0.6.2-2.1build1) ... 142s Setting up libavahi-common-data:amd64 (0.8-13ubuntu6) ... 142s Setting up libcares2:amd64 (1.27.0-1.0ubuntu1) ... 142s Setting up libdhash1t64:amd64 (0.6.2-2.1build1) ... 142s Setting up libtcl8.6:amd64 (8.6.14+dfsg-1build1) ... 142s Setting up libltdl7:amd64 (2.4.7-7build1) ... 142s Setting up libcrack2:amd64 (2.9.6-5.1build2) ... 142s Setting up libodbc2:amd64 (2.3.12-1ubuntu0.24.04.1) ... 142s Setting up python3-libipa-hbac (2.9.4-1.1ubuntu6.1) ... 142s Setting up libnss-sudo (1.9.15p5-3ubuntu5) ... 142s Setting up libsss-nss-idmap0 (2.9.4-1.1ubuntu6.1) ... 142s Setting up libini-config5t64:amd64 (0.6.2-2.1build1) ... 142s Setting up libtevent0t64:amd64 (0.16.1-2build1) ... 142s Setting up libnss-sss:amd64 (2.9.4-1.1ubuntu6.1) ... 142s Setting up slapd (2.6.7+dfsg-1~exp1ubuntu8.1) ... 142s Creating new user openldap... done. 142s Creating initial configuration... done. 142s Creating LDAP directory... done. 142s Setting up tcl8.6 (8.6.14+dfsg-1build1) ... 142s Setting up libsss-sudo (2.9.4-1.1ubuntu6.1) ... 142s Setting up libsss-nss-idmap-dev (2.9.4-1.1ubuntu6.1) ... 142s Setting up libavahi-common3:amd64 (0.8-13ubuntu6) ... 142s Setting up tcl-expect:amd64 (5.45.4-3) ... 142s Setting up libsss-certmap0 (2.9.4-1.1ubuntu6.1) ... 142s Setting up libpwquality1:amd64 (1.4.5-3build1) ... 142s Setting up python3-libsss-nss-idmap (2.9.4-1.1ubuntu6.1) ... 142s Setting up libldb2:amd64 (2:2.8.0+samba4.19.5+dfsg-4ubuntu9) ... 142s Setting up libavahi-client3:amd64 (0.8-13ubuntu6) ... 142s Setting up expect (5.45.4-3) ... 142s Setting up libpam-pwquality:amd64 (1.4.5-3build1) ... 142s Setting up samba-libs:amd64 (2:4.19.5+dfsg-4ubuntu9) ... 142s Setting up libsss-certmap-dev (2.9.4-1.1ubuntu6.1) ... 142s Setting up python3-sss (2.9.4-1.1ubuntu6.1) ... 143s Setting up libsmbclient0:amd64 (2:4.19.5+dfsg-4ubuntu9) ... 143s Setting up libpam-sss:amd64 (2.9.4-1.1ubuntu6.1) ... 143s Setting up sssd-common (2.9.4-1.1ubuntu6.1) ... 143s Creating SSSD system user & group... 143s warn: The home directory `/var/lib/sss' already exists. Not touching this directory. 143s warn: Warning: The home directory `/var/lib/sss' does not belong to the user you are currently creating. 143s Warning: found usr.sbin.sssd in /etc/apparmor.d/force-complain, forcing complain mode 143s Warning from /etc/apparmor.d/usr.sbin.sssd (/etc/apparmor.d/usr.sbin.sssd line 63): Caching disabled for: 'usr.sbin.sssd' due to force complain 143s Created symlink /etc/systemd/system/sssd.service.wants/sssd-autofs.socket → /usr/lib/systemd/system/sssd-autofs.socket. 144s Created symlink /etc/systemd/system/sssd.service.wants/sssd-nss.socket → /usr/lib/systemd/system/sssd-nss.socket. 144s Created symlink /etc/systemd/system/sssd.service.wants/sssd-pam-priv.socket → /usr/lib/systemd/system/sssd-pam-priv.socket. 144s Created symlink /etc/systemd/system/sssd.service.wants/sssd-pam.socket → /usr/lib/systemd/system/sssd-pam.socket. 144s Created symlink /etc/systemd/system/sssd.service.wants/sssd-ssh.socket → /usr/lib/systemd/system/sssd-ssh.socket. 144s Created symlink /etc/systemd/system/sssd.service.wants/sssd-sudo.socket → /usr/lib/systemd/system/sssd-sudo.socket. 145s Created symlink /etc/systemd/system/multi-user.target.wants/sssd.service → /usr/lib/systemd/system/sssd.service. 145s sssd-autofs.service is a disabled or a static unit, not starting it. 145s sssd-nss.service is a disabled or a static unit, not starting it. 145s sssd-pam.service is a disabled or a static unit, not starting it. 145s sssd-ssh.service is a disabled or a static unit, not starting it. 145s sssd-sudo.service is a disabled or a static unit, not starting it. 145s Could not execute systemctl: at /usr/bin/deb-systemd-invoke line 148. 145s Setting up sssd-proxy (2.9.4-1.1ubuntu6.1) ... 145s Setting up sssd-kcm (2.9.4-1.1ubuntu6.1) ... 145s Created symlink /etc/systemd/system/sockets.target.wants/sssd-kcm.socket → /usr/lib/systemd/system/sssd-kcm.socket. 146s sssd-kcm.service is a disabled or a static unit, not starting it. 146s Setting up sssd-dbus (2.9.4-1.1ubuntu6.1) ... 146s sssd-ifp.service is a disabled or a static unit, not starting it. 146s Setting up sssd-ad-common (2.9.4-1.1ubuntu6.1) ... 146s Created symlink /etc/systemd/system/sssd.service.wants/sssd-pac.socket → /usr/lib/systemd/system/sssd-pac.socket. 146s sssd-pac.service is a disabled or a static unit, not starting it. 146s Could not execute systemctl: at /usr/bin/deb-systemd-invoke line 148. 146s Setting up sssd-krb5-common (2.9.4-1.1ubuntu6.1) ... 146s Setting up sssd-krb5 (2.9.4-1.1ubuntu6.1) ... 146s Setting up sssd-ldap (2.9.4-1.1ubuntu6.1) ... 146s Setting up sssd-ad (2.9.4-1.1ubuntu6.1) ... 146s Setting up sssd-tools (2.9.4-1.1ubuntu6.1) ... 146s Setting up sssd-ipa (2.9.4-1.1ubuntu6.1) ... 146s Setting up sssd (2.9.4-1.1ubuntu6.1) ... 146s Setting up libverto-libevent1t64:amd64 (0.3.1-1.2ubuntu3) ... 146s Setting up libverto1t64:amd64 (0.3.1-1.2ubuntu3) ... 147s Setting up libkrad0:amd64 (1.20.1-6ubuntu2.2) ... 147s Setting up sssd-passkey (2.9.4-1.1ubuntu6.1) ... 147s Setting up sssd-idp (2.9.4-1.1ubuntu6.1) ... 147s Processing triggers for libc-bin (2.39-0ubuntu8.3) ... 147s Processing triggers for ufw (0.36.2-6) ... 147s Processing triggers for man-db (2.12.0-4build2) ... 147s Processing triggers for dbus (1.14.10-4ubuntu4.1) ... 153s autopkgtest [20:45:50]: test ldap-user-group-ldap-auth: [----------------------- 153s + . debian/tests/util 153s + . debian/tests/common-tests 153s + mydomain=example.com 153s + myhostname=ldap.example.com 153s + mysuffix=dc=example,dc=com 153s + admin_dn=cn=admin,dc=example,dc=com 153s + admin_pw=secret 153s + ldap_user=testuser1 153s + ldap_user_pw=testuser1secret 153s + ldap_group=ldapusers 153s + adjust_hostname ldap.example.com 153s + local myhostname=ldap.example.com 153s + echo ldap.example.com 153s + hostname ldap.example.com 153s + grep -qE ldap.example.com /etc/hosts 153s + echo 127.0.1.10 ldap.example.com 153s + reconfigure_slapd 153s + debconf-set-selections 153s + rm -rf /var/backups/*slapd* /var/backups/unknown*ldapdb 153s + dpkg-reconfigure -fnoninteractive -pcritical slapd 153s Backing up /etc/ldap/slapd.d in /var/backups/slapd-2.6.7+dfsg-1~exp1ubuntu8.1... done. 153s Moving old database directory to /var/backups: 153s - directory unknown... done. 153s Creating initial configuration... done. 153s Creating LDAP directory... done. 154s + generate_certs ldap.example.com 154s + local cn=ldap.example.com 154s + local cert=/etc/ldap/server.pem 154s + local key=/etc/ldap/server.key 154s + local cnf=/etc/ldap/openssl.cnf 154s + cat 154s + openssl req -new -x509 -nodes -out /etc/ldap/server.pem -keyout /etc/ldap/server.key -config /etc/ldap/openssl.cnf 154s ........................................................++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 154s .....................................................++++++++++++++++++++++++modifying entry "cn=config" 154s 154s ++++++++++++++++++++++++++++++++++++++++ 154s ----- 154s + chmod 0640 /etc/ldap/server.key 154s + chgrp openldap /etc/ldap/server.key 154s + [ ! -f /etc/ldap/server.pem ] 154s + [ ! -f /etc/ldap/server.key ] 154s + enable_ldap_ssl 154s + cat 154s + cat 154s + ldapmodify -H ldapi:/// -Y EXTERNAL -Q 154s + populate_ldap_rfc2307 154s + cat 154s + ldapadd -x -D cn=admin,dc=example,dc=com -w secret 154s adding new entry "ou=People,dc=example,dc=com" 154s 154s adding new entry "ou=Group,dc=example,dc=com" 154s 154s adding new entry "uid=testuser1,ou=People,dc=example,dc=com" 154s 154s adding new entry "cn=testuser1,ou=Group,dc=example,dc=com" 154s 154s adding new entry "cn=ldapusers,ou=Group,dc=example,dc=com" 154s 154s + configure_sssd_ldap_rfc2307 154s + cat 154s + chmod 0600 /etc/sssd/sssd.conf 154s + systemctl restart sssd 154s + enable_pam_mkhomedir 154s + grep -qE ^session.*pam_mkhomedir\.so /etc/pam.d/common-session 154s Assert local user databases do not have our LDAP test data 154s + echo session optional pam_mkhomedir.so 154s + run_common_tests 154s + echo Assert local user databases do not have our LDAP test data 154s + check_local_user testuser1 154s + local local_user=testuser1 154s + grep -q ^testuser1 /etc/passwd 154s + check_local_group testuser1 154s + local local_group=testuser1 154s + grep -q ^testuser1 /etc/group 154s + check_local_group ldapusers 154s + local local_group=ldapusers 154s + grep -q ^ldapusers /etc/group 154s The LDAP user is known to the system via getent 154s + echo The LDAP user is known to the system via getent 154s + check_getent_user testuser1 154s + local getent_user=testuser1 154s + local output 154s + getent passwd testuser1 154s + output=testuser1:*:10001:10001:testuser1:/home/testuser1:/bin/bash 154s + [ -z testuser1:*:10001:10001:testuser1:/home/testuser1:/bin/bash ] 154s + echo The LDAP user's private group is known to the system via getent 154s + check_getent_group testuser1 154s + local getent_group=testuser1 154s + local output 154s + getent group testuser1 154s The LDAP user's private group is known to the system via getent 154s The LDAP group ldapusers is known to the system via getent 154s + output=testuser1:*:10001:testuser1 154s + [ -z testuser1:*:10001:testuser1 ] 154s + echo The LDAP group ldapusers is known to the system via getent 154s + check_getent_group ldapusers 154s + local getent_group=ldapusers 154s + local output 154s + getent group ldapusers 154s + output=ldapusers:*:10100:testuser1 154s + [ -z ldapusers:*:10100:testuser1 ] 154s + echo The id(1) command can resolve the group membership of the LDAP user 154s + id -Gn testuser1 154s The id(1) command can resolve the group membership of the LDAP user 154s + output=testuser1 ldapusers 154s + [ testuser1 ldapusers != testuser1 ldapusers ] 154s + echo The LDAP user can login on a terminal 154s + /usr/bin/expect -f debian/tests/login.exp testuser1 testuser1secret 154s The LDAP user can login on a terminal 154s spawn login 154s ldap.example.com login: testuser1 154s Password: 154s Welcome to Ubuntu 24.04.1 LTS (GNU/Linux 6.8.0-49-generic x86_64) 154s 154s * Documentation: https://help.ubuntu.com 154s * Management: https://landscape.canonical.com 154s * Support: https://ubuntu.com/pro 154s 154s 154s The programs included with the Ubuntu system are free software; 154s the exact distribution terms for each program are described in the 154s individual files in /usr/share/doc/*/copyright. 154s 154s Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by 154s applicable law. 154s 154s 154s The programs included with the Ubuntu system are free software; 154s the exact distribution terms for each program are described in the 154s individual files in /usr/share/doc/*/copyright. 154s 154s Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by 154s applicable law. 154s 154s Creating directory '/home/testuser1'. 154s [?2004htestuser1@ldap:~$ id -un 154s [?2004l testuser1 155s [?2004htestuser1@ldap:~$ autopkgtest [20:45:52]: test ldap-user-group-ldap-auth: -----------------------] 155s ldap-user-group-ldap-auth PASS 155s autopkgtest [20:45:52]: test ldap-user-group-ldap-auth: - - - - - - - - - - results - - - - - - - - - - 155s autopkgtest [20:45:52]: test ldap-user-group-krb5-auth: preparing testbed 156s Reading package lists... 156s Building dependency tree... 156s Reading state information... 156s Starting pkgProblemResolver with broken count: 0 156s Starting 2 pkgProblemResolver with broken count: 0 156s Done 157s The following NEW packages will be installed: 157s krb5-admin-server krb5-config krb5-kdc krb5-user libgssrpc4t64 157s libkadm5clnt-mit12 libkadm5srv-mit12 libkdb5-10t64 157s 0 upgraded, 8 newly installed, 0 to remove and 0 not upgraded. 157s Need to get 599 kB of archives. 157s After this operation, 2119 kB of additional disk space will be used. 157s Get:1 http://ftpmaster.internal/ubuntu noble/main amd64 krb5-config all 2.7 [22.0 kB] 157s Get:2 http://ftpmaster.internal/ubuntu noble-updates/main amd64 libgssrpc4t64 amd64 1.20.1-6ubuntu2.2 [57.6 kB] 157s Get:3 http://ftpmaster.internal/ubuntu noble-updates/main amd64 libkadm5clnt-mit12 amd64 1.20.1-6ubuntu2.2 [40.1 kB] 157s Get:4 http://ftpmaster.internal/ubuntu noble-updates/main amd64 libkdb5-10t64 amd64 1.20.1-6ubuntu2.2 [40.3 kB] 157s Get:5 http://ftpmaster.internal/ubuntu noble-updates/main amd64 libkadm5srv-mit12 amd64 1.20.1-6ubuntu2.2 [53.0 kB] 157s Get:6 http://ftpmaster.internal/ubuntu noble-updates/universe amd64 krb5-user amd64 1.20.1-6ubuntu2.2 [109 kB] 157s Get:7 http://ftpmaster.internal/ubuntu noble-updates/universe amd64 krb5-kdc amd64 1.20.1-6ubuntu2.2 [182 kB] 157s Get:8 http://ftpmaster.internal/ubuntu noble-updates/universe amd64 krb5-admin-server amd64 1.20.1-6ubuntu2.2 [95.8 kB] 157s Preconfiguring packages ... 159s Fetched 599 kB in 1s (1134 kB/s) 159s Selecting previously unselected package krb5-config. 159s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 75476 files and directories currently installed.) 159s Preparing to unpack .../0-krb5-config_2.7_all.deb ... 159s Unpacking krb5-config (2.7) ... 159s Selecting previously unselected package libgssrpc4t64:amd64. 159s Preparing to unpack .../1-libgssrpc4t64_1.20.1-6ubuntu2.2_amd64.deb ... 159s Unpacking libgssrpc4t64:amd64 (1.20.1-6ubuntu2.2) ... 159s Selecting previously unselected package libkadm5clnt-mit12:amd64. 159s Preparing to unpack .../2-libkadm5clnt-mit12_1.20.1-6ubuntu2.2_amd64.deb ... 159s Unpacking libkadm5clnt-mit12:amd64 (1.20.1-6ubuntu2.2) ... 159s Selecting previously unselected package libkdb5-10t64:amd64. 159s Preparing to unpack .../3-libkdb5-10t64_1.20.1-6ubuntu2.2_amd64.deb ... 159s Unpacking libkdb5-10t64:amd64 (1.20.1-6ubuntu2.2) ... 159s Selecting previously unselected package libkadm5srv-mit12:amd64. 159s Preparing to unpack .../4-libkadm5srv-mit12_1.20.1-6ubuntu2.2_amd64.deb ... 159s Unpacking libkadm5srv-mit12:amd64 (1.20.1-6ubuntu2.2) ... 159s Selecting previously unselected package krb5-user. 159s Preparing to unpack .../5-krb5-user_1.20.1-6ubuntu2.2_amd64.deb ... 159s Unpacking krb5-user (1.20.1-6ubuntu2.2) ... 159s Selecting previously unselected package krb5-kdc. 159s Preparing to unpack .../6-krb5-kdc_1.20.1-6ubuntu2.2_amd64.deb ... 159s Unpacking krb5-kdc (1.20.1-6ubuntu2.2) ... 159s Selecting previously unselected package krb5-admin-server. 159s Preparing to unpack .../7-krb5-admin-server_1.20.1-6ubuntu2.2_amd64.deb ... 159s Unpacking krb5-admin-server (1.20.1-6ubuntu2.2) ... 159s Setting up libgssrpc4t64:amd64 (1.20.1-6ubuntu2.2) ... 159s Setting up krb5-config (2.7) ... 160s Setting up libkadm5clnt-mit12:amd64 (1.20.1-6ubuntu2.2) ... 160s Setting up libkdb5-10t64:amd64 (1.20.1-6ubuntu2.2) ... 160s Setting up libkadm5srv-mit12:amd64 (1.20.1-6ubuntu2.2) ... 160s Setting up krb5-user (1.20.1-6ubuntu2.2) ... 160s update-alternatives: using /usr/bin/kinit.mit to provide /usr/bin/kinit (kinit) in auto mode 160s update-alternatives: using /usr/bin/klist.mit to provide /usr/bin/klist (klist) in auto mode 160s update-alternatives: using /usr/bin/kswitch.mit to provide /usr/bin/kswitch (kswitch) in auto mode 160s update-alternatives: using /usr/bin/ksu.mit to provide /usr/bin/ksu (ksu) in auto mode 160s update-alternatives: using /usr/bin/kpasswd.mit to provide /usr/bin/kpasswd (kpasswd) in auto mode 160s update-alternatives: using /usr/bin/kdestroy.mit to provide /usr/bin/kdestroy (kdestroy) in auto mode 160s update-alternatives: using /usr/bin/kadmin.mit to provide /usr/bin/kadmin (kadmin) in auto mode 160s update-alternatives: using /usr/bin/ktutil.mit to provide /usr/bin/ktutil (ktutil) in auto mode 160s Setting up krb5-kdc (1.20.1-6ubuntu2.2) ... 160s Created symlink /etc/systemd/system/multi-user.target.wants/krb5-kdc.service → /usr/lib/systemd/system/krb5-kdc.service. 160s Could not execute systemctl: at /usr/bin/deb-systemd-invoke line 148. 160s Setting up krb5-admin-server (1.20.1-6ubuntu2.2) ... 161s Created symlink /etc/systemd/system/multi-user.target.wants/krb5-admin-server.service → /usr/lib/systemd/system/krb5-admin-server.service. 161s Processing triggers for man-db (2.12.0-4build2) ... 162s Processing triggers for libc-bin (2.39-0ubuntu8.3) ... 167s autopkgtest [20:46:04]: test ldap-user-group-krb5-auth: [----------------------- 168s + . debian/tests/util 168s + . debian/tests/common-tests 168s + mydomain=example.com 168s + myhostname=ldap.example.com 168s + mysuffix=dc=example,dc=com 168s + myrealm=EXAMPLE.COM 168s + admin_dn=cn=admin,dc=example,dc=com 168s + admin_pw=secret 168s + ldap_user=testuser1 168s + ldap_user_pw=testuser1secret 168s + kerberos_principal_pw=testuser1kerberos 168s + ldap_group=ldapusers 168s + adjust_hostname ldap.example.com 168s + local myhostname=ldap.example.com 168s + echo ldap.example.com 168s + hostname ldap.example.com 168s + grep -qE ldap.example.com /etc/hosts 168s + reconfigure_slapd 168s + debconf-set-selections 168s + rm -rf /var/backups/slapd-2.6.7+dfsg-1~exp1ubuntu8.1 /var/backups/unknown-2.6.7+dfsg-1~exp1ubuntu8.1-20241129-204550.ldapdb 168s + dpkg-reconfigure -fnoninteractive -pcritical slapd 168s Backing up /etc/ldap/slapd.d in /var/backups/slapd-2.6.7+dfsg-1~exp1ubuntu8.1... done. 168s Moving old database directory to /var/backups: 168s - directory unknown... done. 168s Creating initial configuration... done. 168s Creating LDAP directory... done. 168s + generate_certs ldap.example.com 168s + local cn=ldap.example.com 168s + local cert=/etc/ldap/server.pem 168s + local key=/etc/ldap/server.key 168s + local cnf=/etc/ldap/openssl.cnf 168s + cat 168s + openssl req -new -x509 -nodes -out /etc/ldap/server.pem -keyout /etc/ldap/server.key -config /etc/ldap/openssl.cnf 168s .................................................................................................................++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 168s .....................modifying entry "cn=config" 168s 168s adding new entry "ou=People,dc=example,dc=com" 168s 168s adding new entry "ou=Group,dc=example,dc=com" 168s 168s adding new entry "uid=testuser1,ou=People,dc=example,dc=com" 168s 168s adding new entry "cn=testuser1,ou=Group,dc=example,dc=com" 168s 168s adding new entry "cn=ldapusers,ou=Group,dc=example,dc=com" 168s 168s .....++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 168s ----- 168s + chmod 0640 /etc/ldap/server.key 168s + chgrp openldap /etc/ldap/server.key 168s + [ ! -f /etc/ldap/server.pem ] 168s + [ ! -f /etc/ldap/server.key ] 168s + enable_ldap_ssl 168s + cat 168s + cat 168s + ldapmodify -H ldapi:/// -Y EXTERNAL -Q 168s + populate_ldap_rfc2307 168s + cat 168s + ldapadd -x -D cn=admin,dc=example,dc=com -w secret 168s + create_realm EXAMPLE.COM ldap.example.com 168s + local realm_name=EXAMPLE.COM 168s + local kerberos_server=ldap.example.com 168s + rm -rf /var/lib/krb5kdc/* 168s + rm -rf /etc/krb5kdc/kdc.conf 168s + rm -f /etc/krb5.keytab 168s + cat 168s + cat 168s + echo # */admin * 168s + kdb5_util create -s -P secretpassword 168s Initializing database '/var/lib/krb5kdc/principal' for realm 'EXAMPLE.COM', 168s master key name 'K/M@EXAMPLE.COM' 168s + systemctl restart krb5-kdc.service krb5-admin-server.service 168s + create_krb_principal testuser1 testuser1kerberos 168s + local principal=testuser1 168s + local password=testuser1kerberos 168s + kadmin.local -q addprinc -pw testuser1kerberos testuser1 168s No policy specified for testuser1@EXAMPLE.COM; defaulting to no policy 168s Authenticating as principal root/admin@EXAMPLE.COM with password. 168s Principal "testuser1@EXAMPLE.COM" created. 168s + configure_sssd_ldap_rfc2307_krb5_auth 168s + cat 168s + chmod 0600 /etc/sssd/sssd.conf 168s + systemctl restart sssd 169s + enable_pam_mkhomedir 169s + grep -qE ^session.*pam_mkhomedir\.so /etc/pam.d/common-session 169s + run_common_tests 169s + echo Assert local user databases do not have our LDAP test data 169s + check_local_user testuser1 169s + local local_user=testuser1 169s + grep -q ^testuser1 /etc/passwd 169s Assert local user databases do not have our LDAP test data 169s + check_local_group testuser1 169s + local local_group=testuser1 169s + grep -q ^testuser1 /etc/group 169s + check_local_group ldapusers 169s + local local_group=ldapusers 169s + grep -q ^ldapusers /etc/group 169s + echo The LDAP user is known to the system via getent 169s + check_getent_user testuser1 169s + local getent_user=testuser1 169s + local output 169s + getent passwd testuser1 169s The LDAP user is known to the system via getent 169s + output=testuser1:*:10001:10001:testuser1:/home/testuser1:/bin/bash 169s + [ -z testuser1:*:10001:10001:testuser1:/home/testuser1:/bin/bash ] 169s + echo The LDAP user's private group is known to the system via getent 169s + check_getent_group testuser1 169s + local getent_group=testuser1 169s + local output 169s The LDAP user's private group is known to the system via getent 169s + getent group testuser1 169s + output=testuser1:*:10001:testuser1 169s + [The LDAP group ldapusers is known to the system via getent 169s -z testuser1:*:10001:testuser1 ] 169s + echo The LDAP group ldapusers is known to the system via getent 169s + check_getent_group ldapusers 169s + local getent_group=ldapusers 169s + local output 169s + getent group ldapusers 169s + output=ldapusers:*:10100:testuser1 169s + [ -z ldapusers:*:10100:testuser1 ] 169s + echo The id(1) command can resolve the group membership of the LDAP user 169s + id -GnThe id(1) command can resolve the group membership of the LDAP user 169s testuser1 169s The Kerberos principal can login on a terminal 169s + output=testuser1 ldapusers 169s + [ testuser1 ldapusers != testuser1 ldapusers ] 169s + echo The Kerberos principal can login on a terminal 169s + kdestroy 169s + /usr/bin/expect -f debian/tests/login.exp testuser1 testuser1kerberos testuser1@EXAMPLE.COM 169s spawn login 169s ldap.example.com login: testuser1 169s Password: 169s Welcome to Ubuntu 24.04.1 LTS (GNU/Linux 6.8.0-49-generic x86_64) 169s 169s * Documentation: https://help.ubuntu.com 169s * Management: https://landscape.canonical.com 169s * Support: https://ubuntu.com/pro 169s 169s 169s The programs included with the Ubuntu system are free software; 169s the exact distribution terms for each program are described in the 169s individual files in /usr/share/doc/*/copyright. 169s 169s Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by 169s applicable law. 169s 169s [?2004htestuser1@ldap:~$ id -un 169s [?2004l testuser1 169s [?2004htestuser1@ldap:~$ klist 169s [?2004l Ticket cache: FILE:/tmp/krb5cc_10001_hUujt5 169s Default principal: testuser1@EXAMPLE.COM 169s autopkgtest [20:46:06]: test ldap-user-group-krb5-auth: -----------------------] 170s ldap-user-group-krb5-auth PASS 170s autopkgtest [20:46:07]: test ldap-user-group-krb5-auth: - - - - - - - - - - results - - - - - - - - - - 170s autopkgtest [20:46:07]: test sssd-softhism2-certificates-tests.sh: preparing testbed 453s autopkgtest [20:50:50]: testbed dpkg architecture: amd64 453s autopkgtest [20:50:50]: testbed apt version: 2.7.14build2 453s autopkgtest [20:50:50]: @@@@@@@@@@@@@@@@@@@@ test bed setup 453s autopkgtest [20:50:50]: testbed release detected to be: noble 454s autopkgtest [20:50:51]: updating testbed package index (apt update) 454s Get:1 http://ftpmaster.internal/ubuntu noble-proposed InRelease [265 kB] 455s Hit:2 http://ftpmaster.internal/ubuntu noble InRelease 455s Hit:3 http://ftpmaster.internal/ubuntu noble-updates InRelease 455s Hit:4 http://ftpmaster.internal/ubuntu noble-security InRelease 455s Get:5 http://ftpmaster.internal/ubuntu noble-proposed/universe Sources [92.1 kB] 455s Get:6 http://ftpmaster.internal/ubuntu noble-proposed/restricted Sources [17.3 kB] 455s Get:7 http://ftpmaster.internal/ubuntu noble-proposed/main Sources [103 kB] 455s Get:8 http://ftpmaster.internal/ubuntu noble-proposed/multiverse Sources [8604 B] 455s Get:9 http://ftpmaster.internal/ubuntu noble-proposed/main i386 Packages [126 kB] 455s Get:10 http://ftpmaster.internal/ubuntu noble-proposed/main amd64 Packages [247 kB] 455s Get:11 http://ftpmaster.internal/ubuntu noble-proposed/main amd64 c-n-f Metadata [3768 B] 455s Get:12 http://ftpmaster.internal/ubuntu noble-proposed/restricted amd64 Packages [130 kB] 455s Get:13 http://ftpmaster.internal/ubuntu noble-proposed/restricted i386 Packages [3004 B] 455s Get:14 http://ftpmaster.internal/ubuntu noble-proposed/restricted amd64 c-n-f Metadata [360 B] 455s Get:15 http://ftpmaster.internal/ubuntu noble-proposed/universe i386 Packages [516 kB] 455s Get:16 http://ftpmaster.internal/ubuntu noble-proposed/universe amd64 Packages [706 kB] 455s Get:17 http://ftpmaster.internal/ubuntu noble-proposed/universe amd64 c-n-f Metadata [10.7 kB] 455s Get:18 http://ftpmaster.internal/ubuntu noble-proposed/multiverse amd64 Packages [14.0 kB] 455s Get:19 http://ftpmaster.internal/ubuntu noble-proposed/multiverse i386 Packages [2604 B] 455s Get:20 http://ftpmaster.internal/ubuntu noble-proposed/multiverse amd64 c-n-f Metadata [344 B] 458s Fetched 2248 kB in 1s (2351 kB/s) 459s Reading package lists... 460s Reading package lists... 460s Building dependency tree... 460s Reading state information... 460s Calculating upgrade... 460s 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 460s Reading package lists... 460s Building dependency tree... 460s Reading state information... 461s 0 upgraded, 0 newly installed, 0 to remove and 2 not upgraded. 461s autopkgtest [20:50:58]: upgrading testbed (apt dist-upgrade and autopurge) 461s Reading package lists... 461s Building dependency tree... 461s Reading state information... 461s Calculating upgrade...Starting pkgProblemResolver with broken count: 0 461s Starting 2 pkgProblemResolver with broken count: 0 461s Done 462s Entering ResolveByKeep 462s 462s The following packages will be upgraded: 462s login passwd 462s 2 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 462s Need to get 1047 kB of archives. 462s After this operation, 4096 B disk space will be freed. 462s Get:1 http://ftpmaster.internal/ubuntu noble-proposed/main amd64 login amd64 1:4.13+dfsg1-4ubuntu3.3 [202 kB] 462s Get:2 http://ftpmaster.internal/ubuntu noble-proposed/main amd64 passwd amd64 1:4.13+dfsg1-4ubuntu3.3 [845 kB] 463s Fetched 1047 kB in 1s (1971 kB/s) 463s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 74185 files and directories currently installed.) 463s Preparing to unpack .../login_1%3a4.13+dfsg1-4ubuntu3.3_amd64.deb ... 463s Unpacking login (1:4.13+dfsg1-4ubuntu3.3) over (1:4.13+dfsg1-4ubuntu3.2) ... 463s Setting up login (1:4.13+dfsg1-4ubuntu3.3) ... 463s Installing new version of config file /etc/pam.d/login ... 463s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 74185 files and directories currently installed.) 463s Preparing to unpack .../passwd_1%3a4.13+dfsg1-4ubuntu3.3_amd64.deb ... 463s Unpacking passwd (1:4.13+dfsg1-4ubuntu3.3) over (1:4.13+dfsg1-4ubuntu3.2) ... 464s Setting up passwd (1:4.13+dfsg1-4ubuntu3.3) ... 464s Processing triggers for man-db (2.12.0-4build2) ... 465s Reading package lists... 466s Building dependency tree... 466s Reading state information... 466s Starting pkgProblemResolver with broken count: 0 466s Starting 2 pkgProblemResolver with broken count: 0 466s Done 466s 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 469s Reading package lists... 469s Building dependency tree... 469s Reading state information... 470s Starting pkgProblemResolver with broken count: 0 470s Starting 2 pkgProblemResolver with broken count: 0 470s Done 470s The following NEW packages will be installed: 470s gnutls-bin libavahi-client3 libavahi-common-data libavahi-common3 470s libbasicobjects0t64 libcares2 libcollection4t64 libcrack2 libdhash1t64 470s libevent-2.1-7t64 libgnutls-dane0t64 libini-config5t64 libipa-hbac0t64 470s libldb2 libnfsidmap1 libnss-sss libpam-pwquality libpam-sss 470s libpath-utils1t64 libpwquality-common libpwquality1 libref-array1t64 470s libsmbclient0 libsofthsm2 libsss-certmap0 libsss-idmap0 libsss-nss-idmap0 470s libtalloc2 libtdb1 libtevent0t64 libunbound8 libwbclient0 python3-sss 470s samba-libs softhsm2 softhsm2-common sssd sssd-ad sssd-ad-common sssd-common 470s sssd-ipa sssd-krb5 sssd-krb5-common sssd-ldap sssd-proxy 471s 0 upgraded, 45 newly installed, 0 to remove and 0 not upgraded. 471s Need to get 10.1 MB of archives. 471s After this operation, 39.2 MB of additional disk space will be used. 471s Get:1 http://ftpmaster.internal/ubuntu noble/main amd64 libevent-2.1-7t64 amd64 2.1.12-stable-9ubuntu2 [145 kB] 471s Get:2 http://ftpmaster.internal/ubuntu noble-updates/main amd64 libunbound8 amd64 1.19.2-1ubuntu3.3 [442 kB] 471s Get:3 http://ftpmaster.internal/ubuntu noble-updates/main amd64 libgnutls-dane0t64 amd64 3.8.3-1.1ubuntu3.2 [23.5 kB] 471s Get:4 http://ftpmaster.internal/ubuntu noble-updates/universe amd64 gnutls-bin amd64 3.8.3-1.1ubuntu3.2 [270 kB] 471s Get:5 http://ftpmaster.internal/ubuntu noble/main amd64 libavahi-common-data amd64 0.8-13ubuntu6 [29.7 kB] 471s Get:6 http://ftpmaster.internal/ubuntu noble/main amd64 libavahi-common3 amd64 0.8-13ubuntu6 [23.3 kB] 471s Get:7 http://ftpmaster.internal/ubuntu noble/main amd64 libavahi-client3 amd64 0.8-13ubuntu6 [26.8 kB] 471s Get:8 http://ftpmaster.internal/ubuntu noble/main amd64 libbasicobjects0t64 amd64 0.6.2-2.1build1 [5854 B] 471s Get:9 http://ftpmaster.internal/ubuntu noble/main amd64 libcares2 amd64 1.27.0-1.0ubuntu1 [73.7 kB] 471s Get:10 http://ftpmaster.internal/ubuntu noble/main amd64 libcollection4t64 amd64 0.6.2-2.1build1 [22.8 kB] 471s Get:11 http://ftpmaster.internal/ubuntu noble/main amd64 libcrack2 amd64 2.9.6-5.1build2 [29.0 kB] 471s Get:12 http://ftpmaster.internal/ubuntu noble/main amd64 libdhash1t64 amd64 0.6.2-2.1build1 [8614 B] 471s Get:13 http://ftpmaster.internal/ubuntu noble/main amd64 libpath-utils1t64 amd64 0.6.2-2.1build1 [8744 B] 471s Get:14 http://ftpmaster.internal/ubuntu noble/main amd64 libref-array1t64 amd64 0.6.2-2.1build1 [7420 B] 471s Get:15 http://ftpmaster.internal/ubuntu noble/main amd64 libini-config5t64 amd64 0.6.2-2.1build1 [43.5 kB] 471s Get:16 http://ftpmaster.internal/ubuntu noble-updates/main amd64 libipa-hbac0t64 amd64 2.9.4-1.1ubuntu6.1 [17.6 kB] 471s Get:17 http://ftpmaster.internal/ubuntu noble/main amd64 libtalloc2 amd64 2.4.2-1build2 [27.3 kB] 471s Get:18 http://ftpmaster.internal/ubuntu noble/main amd64 libtdb1 amd64 1.4.10-1build1 [46.8 kB] 471s Get:19 http://ftpmaster.internal/ubuntu noble/main amd64 libtevent0t64 amd64 0.16.1-2build1 [42.6 kB] 471s Get:20 http://ftpmaster.internal/ubuntu noble/main amd64 libldb2 amd64 2:2.8.0+samba4.19.5+dfsg-4ubuntu9 [187 kB] 471s Get:21 http://ftpmaster.internal/ubuntu noble/main amd64 libnfsidmap1 amd64 1:2.6.4-3ubuntu5 [48.2 kB] 471s Get:22 http://ftpmaster.internal/ubuntu noble/main amd64 libpwquality-common all 1.4.5-3build1 [7748 B] 471s Get:23 http://ftpmaster.internal/ubuntu noble/main amd64 libpwquality1 amd64 1.4.5-3build1 [13.5 kB] 471s Get:24 http://ftpmaster.internal/ubuntu noble/main amd64 libpam-pwquality amd64 1.4.5-3build1 [11.7 kB] 471s Get:25 http://ftpmaster.internal/ubuntu noble/main amd64 libwbclient0 amd64 2:4.19.5+dfsg-4ubuntu9 [70.6 kB] 471s Get:26 http://ftpmaster.internal/ubuntu noble/main amd64 samba-libs amd64 2:4.19.5+dfsg-4ubuntu9 [6017 kB] 472s Get:27 http://ftpmaster.internal/ubuntu noble/main amd64 libsmbclient0 amd64 2:4.19.5+dfsg-4ubuntu9 [62.4 kB] 472s Get:28 http://ftpmaster.internal/ubuntu noble-updates/main amd64 libnss-sss amd64 2.9.4-1.1ubuntu6.1 [31.7 kB] 472s Get:29 http://ftpmaster.internal/ubuntu noble-updates/main amd64 libpam-sss amd64 2.9.4-1.1ubuntu6.1 [50.5 kB] 472s Get:30 http://ftpmaster.internal/ubuntu noble/universe amd64 softhsm2-common amd64 2.6.1-2.2ubuntu3 [6198 B] 472s Get:31 http://ftpmaster.internal/ubuntu noble/universe amd64 libsofthsm2 amd64 2.6.1-2.2ubuntu3 [266 kB] 472s Get:32 http://ftpmaster.internal/ubuntu noble-updates/main amd64 libsss-certmap0 amd64 2.9.4-1.1ubuntu6.1 [47.3 kB] 472s Get:33 http://ftpmaster.internal/ubuntu noble-updates/main amd64 libsss-idmap0 amd64 2.9.4-1.1ubuntu6.1 [21.9 kB] 472s Get:34 http://ftpmaster.internal/ubuntu noble-updates/main amd64 libsss-nss-idmap0 amd64 2.9.4-1.1ubuntu6.1 [30.5 kB] 472s Get:35 http://ftpmaster.internal/ubuntu noble-updates/main amd64 python3-sss amd64 2.9.4-1.1ubuntu6.1 [47.3 kB] 472s Get:36 http://ftpmaster.internal/ubuntu noble/universe amd64 softhsm2 amd64 2.6.1-2.2ubuntu3 [175 kB] 472s Get:37 http://ftpmaster.internal/ubuntu noble-updates/main amd64 sssd-common amd64 2.9.4-1.1ubuntu6.1 [1139 kB] 472s Get:38 http://ftpmaster.internal/ubuntu noble-updates/main amd64 sssd-ad-common amd64 2.9.4-1.1ubuntu6.1 [77.1 kB] 472s Get:39 http://ftpmaster.internal/ubuntu noble-updates/main amd64 sssd-krb5-common amd64 2.9.4-1.1ubuntu6.1 [88.8 kB] 472s Get:40 http://ftpmaster.internal/ubuntu noble-updates/main amd64 sssd-ad amd64 2.9.4-1.1ubuntu6.1 [136 kB] 472s Get:41 http://ftpmaster.internal/ubuntu noble-updates/main amd64 sssd-ipa amd64 2.9.4-1.1ubuntu6.1 [221 kB] 472s Get:42 http://ftpmaster.internal/ubuntu noble-updates/main amd64 sssd-krb5 amd64 2.9.4-1.1ubuntu6.1 [14.5 kB] 472s Get:43 http://ftpmaster.internal/ubuntu noble-updates/main amd64 sssd-ldap amd64 2.9.4-1.1ubuntu6.1 [31.3 kB] 472s Get:44 http://ftpmaster.internal/ubuntu noble-updates/main amd64 sssd-proxy amd64 2.9.4-1.1ubuntu6.1 [44.6 kB] 472s Get:45 http://ftpmaster.internal/ubuntu noble-updates/main amd64 sssd amd64 2.9.4-1.1ubuntu6.1 [4122 B] 472s Fetched 10.1 MB in 1s (7132 kB/s) 472s Selecting previously unselected package libevent-2.1-7t64:amd64. 472s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 74185 files and directories currently installed.) 472s Preparing to unpack .../00-libevent-2.1-7t64_2.1.12-stable-9ubuntu2_amd64.deb ... 472s Unpacking libevent-2.1-7t64:amd64 (2.1.12-stable-9ubuntu2) ... 472s Selecting previously unselected package libunbound8:amd64. 472s Preparing to unpack .../01-libunbound8_1.19.2-1ubuntu3.3_amd64.deb ... 472s Unpacking libunbound8:amd64 (1.19.2-1ubuntu3.3) ... 472s Selecting previously unselected package libgnutls-dane0t64:amd64. 472s Preparing to unpack .../02-libgnutls-dane0t64_3.8.3-1.1ubuntu3.2_amd64.deb ... 472s Unpacking libgnutls-dane0t64:amd64 (3.8.3-1.1ubuntu3.2) ... 472s Selecting previously unselected package gnutls-bin. 472s Preparing to unpack .../03-gnutls-bin_3.8.3-1.1ubuntu3.2_amd64.deb ... 472s Unpacking gnutls-bin (3.8.3-1.1ubuntu3.2) ... 472s Selecting previously unselected package libavahi-common-data:amd64. 472s Preparing to unpack .../04-libavahi-common-data_0.8-13ubuntu6_amd64.deb ... 472s Unpacking libavahi-common-data:amd64 (0.8-13ubuntu6) ... 472s Selecting previously unselected package libavahi-common3:amd64. 472s Preparing to unpack .../05-libavahi-common3_0.8-13ubuntu6_amd64.deb ... 472s Unpacking libavahi-common3:amd64 (0.8-13ubuntu6) ... 472s Selecting previously unselected package libavahi-client3:amd64. 472s Preparing to unpack .../06-libavahi-client3_0.8-13ubuntu6_amd64.deb ... 472s Unpacking libavahi-client3:amd64 (0.8-13ubuntu6) ... 472s Selecting previously unselected package libbasicobjects0t64:amd64. 472s Preparing to unpack .../07-libbasicobjects0t64_0.6.2-2.1build1_amd64.deb ... 472s Unpacking libbasicobjects0t64:amd64 (0.6.2-2.1build1) ... 472s Selecting previously unselected package libcares2:amd64. 472s Preparing to unpack .../08-libcares2_1.27.0-1.0ubuntu1_amd64.deb ... 472s Unpacking libcares2:amd64 (1.27.0-1.0ubuntu1) ... 472s Selecting previously unselected package libcollection4t64:amd64. 472s Preparing to unpack .../09-libcollection4t64_0.6.2-2.1build1_amd64.deb ... 472s Unpacking libcollection4t64:amd64 (0.6.2-2.1build1) ... 472s Selecting previously unselected package libcrack2:amd64. 472s Preparing to unpack .../10-libcrack2_2.9.6-5.1build2_amd64.deb ... 472s Unpacking libcrack2:amd64 (2.9.6-5.1build2) ... 472s Selecting previously unselected package libdhash1t64:amd64. 472s Preparing to unpack .../11-libdhash1t64_0.6.2-2.1build1_amd64.deb ... 472s Unpacking libdhash1t64:amd64 (0.6.2-2.1build1) ... 472s Selecting previously unselected package libpath-utils1t64:amd64. 472s Preparing to unpack .../12-libpath-utils1t64_0.6.2-2.1build1_amd64.deb ... 472s Unpacking libpath-utils1t64:amd64 (0.6.2-2.1build1) ... 472s Selecting previously unselected package libref-array1t64:amd64. 472s Preparing to unpack .../13-libref-array1t64_0.6.2-2.1build1_amd64.deb ... 472s Unpacking libref-array1t64:amd64 (0.6.2-2.1build1) ... 472s Selecting previously unselected package libini-config5t64:amd64. 472s Preparing to unpack .../14-libini-config5t64_0.6.2-2.1build1_amd64.deb ... 472s Unpacking libini-config5t64:amd64 (0.6.2-2.1build1) ... 472s Selecting previously unselected package libipa-hbac0t64. 472s Preparing to unpack .../15-libipa-hbac0t64_2.9.4-1.1ubuntu6.1_amd64.deb ... 472s Unpacking libipa-hbac0t64 (2.9.4-1.1ubuntu6.1) ... 472s Selecting previously unselected package libtalloc2:amd64. 472s Preparing to unpack .../16-libtalloc2_2.4.2-1build2_amd64.deb ... 472s Unpacking libtalloc2:amd64 (2.4.2-1build2) ... 472s Selecting previously unselected package libtdb1:amd64. 472s Preparing to unpack .../17-libtdb1_1.4.10-1build1_amd64.deb ... 472s Unpacking libtdb1:amd64 (1.4.10-1build1) ... 472s Selecting previously unselected package libtevent0t64:amd64. 473s Preparing to unpack .../18-libtevent0t64_0.16.1-2build1_amd64.deb ... 473s Unpacking libtevent0t64:amd64 (0.16.1-2build1) ... 473s Selecting previously unselected package libldb2:amd64. 473s Preparing to unpack .../19-libldb2_2%3a2.8.0+samba4.19.5+dfsg-4ubuntu9_amd64.deb ... 473s Unpacking libldb2:amd64 (2:2.8.0+samba4.19.5+dfsg-4ubuntu9) ... 473s Selecting previously unselected package libnfsidmap1:amd64. 473s Preparing to unpack .../20-libnfsidmap1_1%3a2.6.4-3ubuntu5_amd64.deb ... 473s Unpacking libnfsidmap1:amd64 (1:2.6.4-3ubuntu5) ... 473s Selecting previously unselected package libpwquality-common. 473s Preparing to unpack .../21-libpwquality-common_1.4.5-3build1_all.deb ... 473s Unpacking libpwquality-common (1.4.5-3build1) ... 473s Selecting previously unselected package libpwquality1:amd64. 473s Preparing to unpack .../22-libpwquality1_1.4.5-3build1_amd64.deb ... 473s Unpacking libpwquality1:amd64 (1.4.5-3build1) ... 473s Selecting previously unselected package libpam-pwquality:amd64. 473s Preparing to unpack .../23-libpam-pwquality_1.4.5-3build1_amd64.deb ... 473s Unpacking libpam-pwquality:amd64 (1.4.5-3build1) ... 473s Selecting previously unselected package libwbclient0:amd64. 473s Preparing to unpack .../24-libwbclient0_2%3a4.19.5+dfsg-4ubuntu9_amd64.deb ... 473s Unpacking libwbclient0:amd64 (2:4.19.5+dfsg-4ubuntu9) ... 473s Selecting previously unselected package samba-libs:amd64. 473s Preparing to unpack .../25-samba-libs_2%3a4.19.5+dfsg-4ubuntu9_amd64.deb ... 473s Unpacking samba-libs:amd64 (2:4.19.5+dfsg-4ubuntu9) ... 473s Selecting previously unselected package libsmbclient0:amd64. 473s Preparing to unpack .../26-libsmbclient0_2%3a4.19.5+dfsg-4ubuntu9_amd64.deb ... 473s Unpacking libsmbclient0:amd64 (2:4.19.5+dfsg-4ubuntu9) ... 473s Selecting previously unselected package libnss-sss:amd64. 473s Preparing to unpack .../27-libnss-sss_2.9.4-1.1ubuntu6.1_amd64.deb ... 473s Unpacking libnss-sss:amd64 (2.9.4-1.1ubuntu6.1) ... 473s Selecting previously unselected package libpam-sss:amd64. 473s Preparing to unpack .../28-libpam-sss_2.9.4-1.1ubuntu6.1_amd64.deb ... 473s Unpacking libpam-sss:amd64 (2.9.4-1.1ubuntu6.1) ... 473s Selecting previously unselected package softhsm2-common. 473s Preparing to unpack .../29-softhsm2-common_2.6.1-2.2ubuntu3_amd64.deb ... 473s Unpacking softhsm2-common (2.6.1-2.2ubuntu3) ... 473s Selecting previously unselected package libsofthsm2. 473s Preparing to unpack .../30-libsofthsm2_2.6.1-2.2ubuntu3_amd64.deb ... 473s Unpacking libsofthsm2 (2.6.1-2.2ubuntu3) ... 473s Selecting previously unselected package libsss-certmap0. 473s Preparing to unpack .../31-libsss-certmap0_2.9.4-1.1ubuntu6.1_amd64.deb ... 473s Unpacking libsss-certmap0 (2.9.4-1.1ubuntu6.1) ... 473s Selecting previously unselected package libsss-idmap0. 473s Preparing to unpack .../32-libsss-idmap0_2.9.4-1.1ubuntu6.1_amd64.deb ... 473s Unpacking libsss-idmap0 (2.9.4-1.1ubuntu6.1) ... 473s Selecting previously unselected package libsss-nss-idmap0. 473s Preparing to unpack .../33-libsss-nss-idmap0_2.9.4-1.1ubuntu6.1_amd64.deb ... 473s Unpacking libsss-nss-idmap0 (2.9.4-1.1ubuntu6.1) ... 473s Selecting previously unselected package python3-sss. 473s Preparing to unpack .../34-python3-sss_2.9.4-1.1ubuntu6.1_amd64.deb ... 473s Unpacking python3-sss (2.9.4-1.1ubuntu6.1) ... 473s Selecting previously unselected package softhsm2. 473s Preparing to unpack .../35-softhsm2_2.6.1-2.2ubuntu3_amd64.deb ... 473s Unpacking softhsm2 (2.6.1-2.2ubuntu3) ... 473s Selecting previously unselected package sssd-common. 473s Preparing to unpack .../36-sssd-common_2.9.4-1.1ubuntu6.1_amd64.deb ... 473s Unpacking sssd-common (2.9.4-1.1ubuntu6.1) ... 473s Selecting previously unselected package sssd-ad-common. 473s Preparing to unpack .../37-sssd-ad-common_2.9.4-1.1ubuntu6.1_amd64.deb ... 473s Unpacking sssd-ad-common (2.9.4-1.1ubuntu6.1) ... 473s Selecting previously unselected package sssd-krb5-common. 473s Preparing to unpack .../38-sssd-krb5-common_2.9.4-1.1ubuntu6.1_amd64.deb ... 473s Unpacking sssd-krb5-common (2.9.4-1.1ubuntu6.1) ... 473s Selecting previously unselected package sssd-ad. 473s Preparing to unpack .../39-sssd-ad_2.9.4-1.1ubuntu6.1_amd64.deb ... 473s Unpacking sssd-ad (2.9.4-1.1ubuntu6.1) ... 473s Selecting previously unselected package sssd-ipa. 473s Preparing to unpack .../40-sssd-ipa_2.9.4-1.1ubuntu6.1_amd64.deb ... 473s Unpacking sssd-ipa (2.9.4-1.1ubuntu6.1) ... 473s Selecting previously unselected package sssd-krb5. 473s Preparing to unpack .../41-sssd-krb5_2.9.4-1.1ubuntu6.1_amd64.deb ... 473s Unpacking sssd-krb5 (2.9.4-1.1ubuntu6.1) ... 473s Selecting previously unselected package sssd-ldap. 473s Preparing to unpack .../42-sssd-ldap_2.9.4-1.1ubuntu6.1_amd64.deb ... 473s Unpacking sssd-ldap (2.9.4-1.1ubuntu6.1) ... 473s Selecting previously unselected package sssd-proxy. 473s Preparing to unpack .../43-sssd-proxy_2.9.4-1.1ubuntu6.1_amd64.deb ... 473s Unpacking sssd-proxy (2.9.4-1.1ubuntu6.1) ... 473s Selecting previously unselected package sssd. 473s Preparing to unpack .../44-sssd_2.9.4-1.1ubuntu6.1_amd64.deb ... 473s Unpacking sssd (2.9.4-1.1ubuntu6.1) ... 473s Setting up libpwquality-common (1.4.5-3build1) ... 473s Setting up softhsm2-common (2.6.1-2.2ubuntu3) ... 473s 473s Creating config file /etc/softhsm/softhsm2.conf with new version 474s Setting up libnfsidmap1:amd64 (1:2.6.4-3ubuntu5) ... 474s Setting up libsss-idmap0 (2.9.4-1.1ubuntu6.1) ... 474s Setting up libbasicobjects0t64:amd64 (0.6.2-2.1build1) ... 474s Setting up libipa-hbac0t64 (2.9.4-1.1ubuntu6.1) ... 474s Setting up libref-array1t64:amd64 (0.6.2-2.1build1) ... 474s Setting up libtdb1:amd64 (1.4.10-1build1) ... 474s Setting up libcollection4t64:amd64 (0.6.2-2.1build1) ... 474s Setting up libevent-2.1-7t64:amd64 (2.1.12-stable-9ubuntu2) ... 474s Setting up libwbclient0:amd64 (2:4.19.5+dfsg-4ubuntu9) ... 474s Setting up libtalloc2:amd64 (2.4.2-1build2) ... 474s Setting up libpath-utils1t64:amd64 (0.6.2-2.1build1) ... 474s Setting up libunbound8:amd64 (1.19.2-1ubuntu3.3) ... 474s Setting up libgnutls-dane0t64:amd64 (3.8.3-1.1ubuntu3.2) ... 474s Setting up libavahi-common-data:amd64 (0.8-13ubuntu6) ... 474s Setting up libcares2:amd64 (1.27.0-1.0ubuntu1) ... 474s Setting up libdhash1t64:amd64 (0.6.2-2.1build1) ... 474s Setting up libcrack2:amd64 (2.9.6-5.1build2) ... 474s Setting up libsss-nss-idmap0 (2.9.4-1.1ubuntu6.1) ... 474s Setting up libini-config5t64:amd64 (0.6.2-2.1build1) ... 474s Setting up libtevent0t64:amd64 (0.16.1-2build1) ... 474s Setting up libnss-sss:amd64 (2.9.4-1.1ubuntu6.1) ... 474s Setting up gnutls-bin (3.8.3-1.1ubuntu3.2) ... 474s Setting up libsofthsm2 (2.6.1-2.2ubuntu3) ... 474s Setting up softhsm2 (2.6.1-2.2ubuntu3) ... 474s Setting up libavahi-common3:amd64 (0.8-13ubuntu6) ... 474s Setting up libsss-certmap0 (2.9.4-1.1ubuntu6.1) ... 474s Setting up libpwquality1:amd64 (1.4.5-3build1) ... 474s Setting up libldb2:amd64 (2:2.8.0+samba4.19.5+dfsg-4ubuntu9) ... 474s Setting up libavahi-client3:amd64 (0.8-13ubuntu6) ... 474s Setting up libpam-pwquality:amd64 (1.4.5-3build1) ... 474s Setting up samba-libs:amd64 (2:4.19.5+dfsg-4ubuntu9) ... 474s Setting up python3-sss (2.9.4-1.1ubuntu6.1) ... 474s Setting up libsmbclient0:amd64 (2:4.19.5+dfsg-4ubuntu9) ... 474s Setting up libpam-sss:amd64 (2.9.4-1.1ubuntu6.1) ... 474s Setting up sssd-common (2.9.4-1.1ubuntu6.1) ... 474s Creating SSSD system user & group... 474s warn: The home directory `/var/lib/sss' already exists. Not touching this directory. 474s warn: Warning: The home directory `/var/lib/sss' does not belong to the user you are currently creating. 474s Warning: found usr.sbin.sssd in /etc/apparmor.d/force-complain, forcing complain mode 474s Warning from /etc/apparmor.d/usr.sbin.sssd (/etc/apparmor.d/usr.sbin.sssd line 63): Caching disabled for: 'usr.sbin.sssd' due to force complain 475s Created symlink /etc/systemd/system/sssd.service.wants/sssd-autofs.socket → /usr/lib/systemd/system/sssd-autofs.socket. 475s Created symlink /etc/systemd/system/sssd.service.wants/sssd-nss.socket → /usr/lib/systemd/system/sssd-nss.socket. 475s Created symlink /etc/systemd/system/sssd.service.wants/sssd-pam-priv.socket → /usr/lib/systemd/system/sssd-pam-priv.socket. 475s Created symlink /etc/systemd/system/sssd.service.wants/sssd-pam.socket → /usr/lib/systemd/system/sssd-pam.socket. 476s Created symlink /etc/systemd/system/sssd.service.wants/sssd-ssh.socket → /usr/lib/systemd/system/sssd-ssh.socket. 476s Created symlink /etc/systemd/system/sssd.service.wants/sssd-sudo.socket → /usr/lib/systemd/system/sssd-sudo.socket. 476s Created symlink /etc/systemd/system/multi-user.target.wants/sssd.service → /usr/lib/systemd/system/sssd.service. 476s sssd-autofs.service is a disabled or a static unit, not starting it. 476s sssd-nss.service is a disabled or a static unit, not starting it. 476s sssd-pam.service is a disabled or a static unit, not starting it. 476s sssd-ssh.service is a disabled or a static unit, not starting it. 476s sssd-sudo.service is a disabled or a static unit, not starting it. 476s Could not execute systemctl: at /usr/bin/deb-systemd-invoke line 148. 476s Setting up sssd-proxy (2.9.4-1.1ubuntu6.1) ... 476s Setting up sssd-ad-common (2.9.4-1.1ubuntu6.1) ... 477s Created symlink /etc/systemd/system/sssd.service.wants/sssd-pac.socket → /usr/lib/systemd/system/sssd-pac.socket. 477s sssd-pac.service is a disabled or a static unit, not starting it. 477s Could not execute systemctl: at /usr/bin/deb-systemd-invoke line 148. 477s Setting up sssd-krb5-common (2.9.4-1.1ubuntu6.1) ... 477s Setting up sssd-krb5 (2.9.4-1.1ubuntu6.1) ... 477s Setting up sssd-ldap (2.9.4-1.1ubuntu6.1) ... 477s Setting up sssd-ad (2.9.4-1.1ubuntu6.1) ... 477s Setting up sssd-ipa (2.9.4-1.1ubuntu6.1) ... 477s Setting up sssd (2.9.4-1.1ubuntu6.1) ... 477s Processing triggers for man-db (2.12.0-4build2) ... 478s Processing triggers for libc-bin (2.39-0ubuntu8.3) ... 481s autopkgtest [20:51:18]: test sssd-softhism2-certificates-tests.sh: [----------------------- 481s + '[' -z ubuntu ']' 481s + required_tools=(p11tool openssl softhsm2-util) 481s + for cmd in "${required_tools[@]}" 481s + command -v p11tool 481s + for cmd in "${required_tools[@]}" 481s + command -v openssl 481s + for cmd in "${required_tools[@]}" 481s + command -v softhsm2-util 481s + PIN=053350 481s +++ find /usr/lib/softhsm/libsofthsm2.so 481s +++ head -n 1 481s ++ realpath /usr/lib/softhsm/libsofthsm2.so 481s + SOFTHSM2_MODULE=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so 481s + SSSD_P11_CHILD=/usr/libexec/sssd/p11_child 481s + TOKEN_ID=00112233445566778899FFAABBCCDDEEFF012345 481s + '[' '!' -v NO_SSSD_TESTS ']' 481s + '[' '!' -x /usr/libexec/sssd/p11_child ']' 481s + ca_db_arg=ca_db 481s ++ /usr/libexec/sssd/p11_child --help 481s + p11_child_help='Usage: p11_child [OPTION...] 481s -d, --debug-level=INT Debug level 481s --debug-timestamps=INT Add debug timestamps 481s --debug-microseconds=INT Show timestamps with microseconds 481s --dumpable=INT Allow core dumps 481s --debug-fd=INT An open file descriptor for the debug 481s logs 481s --logger=stderr|files|journald Set logger 481s --auth Run in auth mode 481s --pre Run in pre-auth mode 481s --wait_for_card Wait until card is available 481s --verification Run in verification mode 481s --pin Expect PIN on stdin 481s --keypad Expect PIN on keypad 481s --verify=STRING Tune validation 481s --ca_db=STRING CA DB to use 481s --module_name=STRING Module name for authentication 481s --token_name=STRING Token name for authentication 481s --key_id=STRING Key ID for authentication 481s --label=STRING Label for authentication 481s --certificate=STRING certificate to verify, base64 encoded 481s --uri=STRING PKCS#11 URI to restrict selection 481s --chain-id=LONG Tevent chain ID used for logging 481s purposes 481s 481s Help options: 481s -?, --help Show this help message 481s --usage Display brief usage message' 481s + echo 'Usage: p11_child [OPTION...] 481s -d, --debug-level=INT Debug level 481s --debug-timestamps=INT Add debug timestamps 481s --debug-microseconds=INT Show timestamps with microseconds 481s --dumpable=INT Allow core dumps 481s --debug-fd=INT An open file descriptor for the debug 481s logs 481s --logger=stderr|files|journald Set logger 481s --auth Run in auth mode 481s --pre Run in pre-auth mode 481s --wait_for_card Wait until card is available 481s --verification Run in verification mode 481s --pin Expect PIN on stdin 481s --keypad Expect PIN on keypad 481s --verify=STRING Tune validation 481s --ca_db=STRING CA DB to use 481s --module_name=STRING Module name for authentication 481s --token_name=STRING Token name for authentication 481s --key_id=STRING Key ID for authentication 481s --label=STRING Label for authentication 481s --certificate=STRING certificate to verify, base64 encoded 481s --uri=STRING PKCS#11 URI to restrict selection 481s --chain-id=LONG Tevent chain ID used for logging 481s purposes 481s 481s Help options: 481s -?, --help Show this help message 481s --usage Display brief usage message' 481s + grep nssdb -qs 481s + echo 'Usage: p11_child [OPTION...] 481s -d, --debug-level=INT Debug level 481s --debug-timestamps=INT Add debug timestamps 481s --debug-microseconds=INT Show timestamps with microseconds 481s --dumpable=INT Allow core dumps 481s --debug-fd=INT An open file descriptor for the debug 481s logs 481s --logger=stderr|files|journald Set logger 481s --auth Run in auth mode 481s --pre Run in pre-auth mode 481s --wait_for_card Wait until card is available 481s --verification Run in verification mode 481s --pin Expect PIN on stdin 481s --keypad Expect PIN on keypad 481s --verify=STRING Tune validation 481s --ca_db=STRING CA DB to use 481s --module_name=STRING Module name for authentication 481s --token_name=STRING Token name for authentication 481s --key_id=STRING Key ID for authentication 481s --label=STRING Label for authentication 481s --certificate=STRING certificate to verify, base64 encoded 481s --uri=STRING PKCS#11 URI to restrict selection 481s --chain-id=LONG Tevent chain ID used for logging 481s purposes 481s 481s Help options: 481s -?, --help Show this help message 481s --usage Display brief usage message' 481s + grep -qs -- --ca_db 481s + '[' '!' -e /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so ']' 481s ++ mktemp -d -t sssd-softhsm2-XXXXXX 481s + tmpdir=/tmp/sssd-softhsm2-p8kq75 481s + keys_size=1024 481s + [[ ! -v KEEP_TEMPORARY_FILES ]] 481s + trap 'rm -rf "$tmpdir"' EXIT 481s + trap 'set +x; echo -e "\nUnexpected failure!!!"' ERR 481s + echo -n 01 481s + touch /tmp/sssd-softhsm2-p8kq75/index.txt 481s + mkdir -p /tmp/sssd-softhsm2-p8kq75/new_certs 481s + cat 481s + root_ca_key_pass=pass:random-root-CA-password-18090 481s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-p8kq75/test-root-CA-key.pem -passout pass:random-root-CA-password-18090 1024 481s + openssl req -passin pass:random-root-CA-password-18090 -batch -config /tmp/sssd-softhsm2-p8kq75/test-root-CA.config -x509 -new -nodes -key /tmp/sssd-softhsm2-p8kq75/test-root-CA-key.pem -sha256 -days 1024 -set_serial 0 -extensions v3_ca -out /tmp/sssd-softhsm2-p8kq75/test-root-CA.pem 481s + openssl x509 -noout -in /tmp/sssd-softhsm2-p8kq75/test-root-CA.pem 481s + cat 481s + intermediate_ca_key_pass=pass:random-intermediate-CA-password-10694 481s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-p8kq75/test-intermediate-CA-key.pem -passout pass:random-intermediate-CA-password-10694 1024 481s + openssl req -batch -new -nodes -passin pass:random-intermediate-CA-password-10694 -config /tmp/sssd-softhsm2-p8kq75/test-intermediate-CA.config -key /tmp/sssd-softhsm2-p8kq75/test-intermediate-CA-key.pem -passout pass:random-root-CA-password-18090 -sha256 -extensions v3_ca -out /tmp/sssd-softhsm2-p8kq75/test-intermediate-CA-certificate-request.pem 481s + openssl req -text -noout -in /tmp/sssd-softhsm2-p8kq75/test-intermediate-CA-certificate-request.pem 481s Certificate Request: 481s Data: 481s Version: 1 (0x0) 481s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 481s Subject Public Key Info: 481s Public Key Algorithm: rsaEncryption 481s Public-Key: (1024 bit) 481s Modulus: 481s 00:cb:c2:a6:d1:75:04:d4:f7:e2:2c:ba:92:c2:78: 481s 62:3f:92:07:ca:96:39:31:45:3d:ce:5a:52:94:0e: 481s 6d:d9:76:06:03:7d:49:82:f2:81:e9:b3:fa:e5:26: 481s 57:b5:43:9b:c3:47:e2:20:89:8c:12:f7:98:71:76: 481s e1:45:d9:ba:ae:0f:ab:8d:92:e2:b5:28:4f:ef:86: 481s 16:e6:76:4f:7f:6f:73:0d:1c:66:b4:73:28:ab:96: 481s 87:9d:87:fd:cc:eb:49:22:76:2d:21:52:d1:e8:d1: 481s 9a:94:c6:96:b5:62:f0:13:17:cc:60:b3:ac:8e:83: 481s 9d:34:4f:e7:26:b0:38:1a:4b 481s Exponent: 65537 (0x10001) 481s Attributes: 481s (none) 481s Requested Extensions: 481s Signature Algorithm: sha256WithRSAEncryption 481s Signature Value: 481s bf:24:2a:ee:c9:fa:6e:7f:a0:07:f1:24:2e:9f:b3:f5:c5:a9: 481s f5:db:09:97:b1:e5:ab:87:38:e2:df:20:07:f6:92:4e:25:d8: 481s 34:41:26:ff:9e:cc:b1:0c:e2:d3:af:32:21:c5:97:97:e3:4f: 481s b9:4f:35:e8:c0:09:2a:aa:af:7a:ec:9a:07:fc:09:ef:27:e8: 481s 39:f9:62:ed:c4:c7:c9:ff:e1:94:f7:e3:e5:6b:73:3d:3d:39: 481s e7:ce:e0:d3:33:1b:9e:f1:4b:03:fa:18:8b:13:47:b3:24:ab: 481s e1:14:10:ad:d5:64:e4:bf:43:f6:64:ee:a1:7c:39:77:e0:0c: 481s 45:8d 481s + openssl ca -batch -notext -config /tmp/sssd-softhsm2-p8kq75/test-root-CA.config -passin pass:random-root-CA-password-18090 -keyfile /tmp/sssd-softhsm2-p8kq75/test-root-CA-key.pem -in /tmp/sssd-softhsm2-p8kq75/test-intermediate-CA-certificate-request.pem -days 365 -extensions v3_intermediate_ca -out /tmp/sssd-softhsm2-p8kq75/test-intermediate-CA.pem 481s Using configuration from /tmp/sssd-softhsm2-p8kq75/test-root-CA.config 481s Check that the request matches the signature 481s Signature ok 481s Certificate Details: 481s Serial Number: 1 (0x1) 481s Validity 481s Not Before: Nov 29 20:51:18 2024 GMT 481s Not After : Nov 29 20:51:18 2025 GMT 481s Subject: 481s organizationName = Test Organization 481s organizationalUnitName = Test Organization Unit 481s commonName = Test Organization Intermediate CA 481s X509v3 extensions: 481s X509v3 Subject Key Identifier: 481s 78:9A:BE:B7:7C:2C:97:8E:F8:F2:DF:43:B4:13:71:78:1A:EB:1C:95 481s X509v3 Authority Key Identifier: 481s keyid:E5:4F:3D:69:04:B8:D3:8A:56:E3:77:E0:52:88:AB:FE:81:B6:71:0E 481s DirName:/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root CA 481s serial:00 481s X509v3 Basic Constraints: 481s CA:TRUE 481s X509v3 Key Usage: critical 481s Digital Signature, Certificate Sign, CRL Sign 481s Certificate is to be certified until Nov 29 20:51:18 2025 GMT (365 days) 481s 481s Write out database with 1 new entries 481s Database updated 481s + openssl x509 -noout -in /tmp/sssd-softhsm2-p8kq75/test-intermediate-CA.pem 481s + openssl verify -CAfile /tmp/sssd-softhsm2-p8kq75/test-root-CA.pem /tmp/sssd-softhsm2-p8kq75/test-intermediate-CA.pem 481s /tmp/sssd-softhsm2-p8kq75/test-intermediate-CA.pem: OK 481s + cat 481s + sub_intermediate_ca_key_pass=pass:random-sub-intermediate-CA-password-21139 481s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-p8kq75/test-sub-intermediate-CA-key.pem -passout pass:random-sub-intermediate-CA-password-21139 1024 481s + openssl req -batch -new -nodes -passin pass:random-sub-intermediate-CA-password-21139 -config /tmp/sssd-softhsm2-p8kq75/test-sub-intermediate-CA.config -key /tmp/sssd-softhsm2-p8kq75/test-sub-intermediate-CA-key.pem -passout pass:random-intermediate-CA-password-10694 -sha256 -extensions v3_ca -out /tmp/sssd-softhsm2-p8kq75/test-sub-intermediate-CA-certificate-request.pem 481s + openssl req -text -noout -in /tmp/sssd-softhsm2-p8kq75/test-sub-intermediate-CA-certificate-request.pem 481s Certificate Request: 481s Data: 481s Version: 1 (0x0) 481s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 481s Subject Public Key Info: 481s Public Key Algorithm: rsaEncryption 481s Public-Key: (1024 bit) 481s Modulus: 481s 00:d3:d7:1a:e1:7e:f9:2f:83:30:66:d8:2f:d3:fa: 481s d5:99:d3:87:ad:e8:40:91:c9:9c:62:3d:77:87:07: 481s 25:df:f4:c4:1e:cf:52:39:8c:a9:64:fe:0c:ee:02: 481s 0b:ea:9c:3b:04:cf:99:82:6c:61:b0:c2:21:f9:6b: 481s ba:49:ab:96:e7:7c:5a:44:4b:f7:bd:cd:19:89:b6: 481s 69:60:58:2e:e1:48:2c:04:b8:ed:20:cd:44:3f:59: 481s 6b:73:22:01:c1:68:d2:b7:19:1d:01:3d:1e:8c:9a: 481s 5a:f6:ab:69:1b:83:41:67:af:2b:34:75:2e:0e:b7: 481s 71:80:b5:5c:1d:f6:37:d7:39 481s Exponent: 65537 (0x10001) 481s Attributes: 481s (none) 481s Requested Extensions: 481s Signature Algorithm: sha256WithRSAEncryption 481s Signature Value: 481s c3:6d:a9:c6:50:8f:5c:6d:84:1f:26:d8:12:8d:7b:b6:88:17: 481s c1:00:27:cc:d7:b3:77:35:fe:d0:49:0b:40:c6:3d:66:70:6e: 481s 84:08:65:81:b0:80:84:38:d9:2b:58:b9:cd:fa:13:0d:c3:1b: 481s 9d:c7:ac:7b:3c:5e:18:66:8c:6e:73:e6:05:be:16:27:a2:cd: 481s 68:ed:87:26:3a:71:9a:29:eb:df:5c:96:41:a4:e2:ad:40:3e: 481s 73:35:78:70:b7:f2:94:45:89:01:bb:0a:92:b2:97:8b:e7:65: 481s fc:07:54:0e:dc:d0:97:a6:9d:e9:db:9f:a3:38:7d:c7:d1:14: 481s 1c:1c 481s + openssl ca -batch -notext -config /tmp/sssd-softhsm2-p8kq75/test-intermediate-CA.config -passin pass:random-intermediate-CA-password-10694 -keyfile /tmp/sssd-softhsm2-p8kq75/test-intermediate-CA-key.pem -in /tmp/sssd-softhsm2-p8kq75/test-sub-intermediate-CA-certificate-request.pem -days 365 -extensions v3_intermediate_ca -out /tmp/sssd-softhsm2-p8kq75/test-sub-intermediate-CA.pem 481s Using configuration from /tmp/sssd-softhsm2-p8kq75/test-intermediate-CA.config 481s Check that the request matches the signature 481s Signature ok 481s Certificate Details: 481s Serial Number: 2 (0x2) 481s Validity 481s Not Before: Nov 29 20:51:18 2024 GMT 481s Not After : Nov 29 20:51:18 2025 GMT 481s Subject: 481s organizationName = Test Organization 481s organizationalUnitName = Test Organization Unit 481s commonName = Test Organization Sub Intermediate CA 481s X509v3 extensions: 481s X509v3 Subject Key Identifier: 481s 70:8E:FD:93:AA:B7:64:7C:99:7F:9D:7A:AD:6E:FA:F2:6D:98:D3:F4 481s X509v3 Authority Key Identifier: 481s keyid:78:9A:BE:B7:7C:2C:97:8E:F8:F2:DF:43:B4:13:71:78:1A:EB:1C:95 481s DirName:/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root CA 481s serial:01 481s X509v3 Basic Constraints: 481s CA:TRUE 481s X509v3 Key Usage: critical 481s Digital Signature, Certificate Sign, CRL Sign 481s Certificate is to be certified until Nov 29 20:51:18 2025 GMT (365 days) 481s 481s Write out database with 1 new entries 481s Database updated 481s + openssl x509 -noout -in /tmp/sssd-softhsm2-p8kq75/test-sub-intermediate-CA.pem 482s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-p8kq75/test-intermediate-CA.pem /tmp/sssd-softhsm2-p8kq75/test-sub-intermediate-CA.pem 482s /tmp/sssd-softhsm2-p8kq75/test-sub-intermediate-CA.pem: OK 482s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-p8kq75/test-root-CA.pem /tmp/sssd-softhsm2-p8kq75/test-sub-intermediate-CA.pem 482s + local cmd=openssl 482s + shift 482s + openssl verify -CAfile /tmp/sssd-softhsm2-p8kq75/test-root-CA.pem /tmp/sssd-softhsm2-p8kq75/test-sub-intermediate-CA.pem 482s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 482s error 20 at 0 depth lookup: unable to get local issuer certificate 482s error /tmp/sssd-softhsm2-p8kq75/test-sub-intermediate-CA.pem: verification failed 482s + cat 482s + root_ca_trusted_cert_0001_key_pass=pass:random-root-ca-trusted-cert-0001-31396 482s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-p8kq75/test-root-CA-trusted-certificate-0001-key.pem -passout pass:random-root-ca-trusted-cert-0001-31396 1024 482s + openssl req -new -nodes -reqexts req_exts -passin pass:random-root-ca-trusted-cert-0001-31396 -key /tmp/sssd-softhsm2-p8kq75/test-root-CA-trusted-certificate-0001-key.pem -config /tmp/sssd-softhsm2-p8kq75/test-root-CA-trusted-certificate-0001.config -out /tmp/sssd-softhsm2-p8kq75/test-root-CA-trusted-certificate-0001-request.pem 482s + openssl req -text -noout -in /tmp/sssd-softhsm2-p8kq75/test-root-CA-trusted-certificate-0001-request.pem 482s Certificate Request: 482s Data: 482s Version: 1 (0x0) 482s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 482s Subject Public Key Info: 482s Public Key Algorithm: rsaEncryption 482s Public-Key: (1024 bit) 482s Modulus: 482s 00:ce:8e:46:30:83:4f:30:fb:d1:63:63:74:35:39: 482s df:dc:51:f7:9e:a5:00:8b:a3:9e:0d:a8:91:3a:60: 482s 90:62:89:3d:fa:22:23:72:05:a9:3f:7e:79:9e:1a: 482s fa:b6:02:18:e0:ea:60:ed:ae:86:70:ba:21:c3:c7: 482s 9d:c8:01:10:7f:1f:02:44:d5:3a:e8:2f:39:1d:71: 482s cf:54:cf:d2:0f:b8:0c:b9:00:71:1d:5c:63:26:83: 482s 22:f1:d8:8f:d5:59:ed:ea:69:f2:e8:7a:0d:42:6e: 482s d1:1b:dc:09:ab:07:a6:35:90:77:51:94:40:f7:93: 482s ac:91:0e:bd:e6:0f:8c:20:d1 482s Exponent: 65537 (0x10001) 482s Attributes: 482s Requested Extensions: 482s X509v3 Basic Constraints: 482s CA:FALSE 482s Netscape Cert Type: 482s SSL Client, S/MIME 482s Netscape Comment: 482s Test Organization Root CA trusted Certificate 482s X509v3 Subject Key Identifier: 482s 9F:6D:6D:55:4A:F0:9A:90:60:59:B2:9E:BA:33:7A:77:15:F0:D3:BE 482s X509v3 Key Usage: critical 482s Digital Signature, Non Repudiation, Key Encipherment 482s X509v3 Extended Key Usage: 482s TLS Web Client Authentication, E-mail Protection 482s X509v3 Subject Alternative Name: 482s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 482s Signature Algorithm: sha256WithRSAEncryption 482s Signature Value: 482s 25:13:ab:93:1e:10:9a:f2:ac:8a:21:9d:cc:6d:fa:6b:05:76: 482s 4a:34:27:2f:f3:35:d4:e0:8c:6f:00:88:80:93:93:f4:22:50: 482s 98:c3:be:50:a9:27:12:d2:ae:15:9f:ad:09:d1:e6:63:7c:73: 482s 7d:4b:ab:f1:89:9c:54:9f:ac:16:0e:a3:76:64:a5:f7:de:e5: 482s 50:95:48:ab:c2:e9:7c:36:f5:df:d1:10:54:f3:47:0b:47:83: 482s d5:bd:75:a9:b0:32:10:da:95:04:ee:99:12:af:7f:84:04:55: 482s 67:36:9d:cb:f5:fb:26:46:d2:52:eb:9a:f5:fd:2c:24:bd:1d: 482s ef:40 482s + openssl ca -batch -notext -config /tmp/sssd-softhsm2-p8kq75/test-root-CA.config -passin pass:random-root-CA-password-18090 -keyfile /tmp/sssd-softhsm2-p8kq75/test-root-CA-key.pem -in /tmp/sssd-softhsm2-p8kq75/test-root-CA-trusted-certificate-0001-request.pem -days 365 -extensions usr_cert -out /tmp/sssd-softhsm2-p8kq75/test-root-CA-trusted-certificate-0001.pem 482s Using configuration from /tmp/sssd-softhsm2-p8kq75/test-root-CA.config 482s Check that the request matches the signature 482s Signature ok 482s Certificate Details: 482s Serial Number: 3 (0x3) 482s Validity 482s Not Before: Nov 29 20:51:19 2024 GMT 482s Not After : Nov 29 20:51:19 2025 GMT 482s Subject: 482s organizationName = Test Organization 482s organizationalUnitName = Test Organization Unit 482s commonName = Test Organization Root Trusted Certificate 0001 482s X509v3 extensions: 482s X509v3 Authority Key Identifier: 482s E5:4F:3D:69:04:B8:D3:8A:56:E3:77:E0:52:88:AB:FE:81:B6:71:0E 482s X509v3 Basic Constraints: 482s CA:FALSE 482s Netscape Cert Type: 482s SSL Client, S/MIME 482s Netscape Comment: 482s Test Organization Root CA trusted Certificate 482s X509v3 Subject Key Identifier: 482s 9F:6D:6D:55:4A:F0:9A:90:60:59:B2:9E:BA:33:7A:77:15:F0:D3:BE 482s X509v3 Key Usage: critical 482s Digital Signature, Non Repudiation, Key Encipherment 482s X509v3 Extended Key Usage: 482s TLS Web Client Authentication, E-mail Protection 482s X509v3 Subject Alternative Name: 482s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 482s Certificate is to be certified until Nov 29 20:51:19 2025 GMT (365 days) 482s 482s Write out database with 1 new entries 482s Database updated 482s + openssl x509 -noout -in /tmp/sssd-softhsm2-p8kq75/test-root-CA-trusted-certificate-0001.pem 482s + openssl verify -CAfile /tmp/sssd-softhsm2-p8kq75/test-root-CA.pem /tmp/sssd-softhsm2-p8kq75/test-root-CA-trusted-certificate-0001.pem 482s /tmp/sssd-softhsm2-p8kq75/test-root-CA-trusted-certificate-0001.pem: OK 482s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-p8kq75/test-intermediate-CA.pem /tmp/sssd-softhsm2-p8kq75/test-root-CA-trusted-certificate-0001.pem 482s + local cmd=openssl 482s + shift 482s + openssl verify -CAfile /tmp/sssd-softhsm2-p8kq75/test-intermediate-CA.pem /tmp/sssd-softhsm2-p8kq75/test-root-CA-trusted-certificate-0001.pem 482s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 482s error 20 at 0 depth lookup: unable to get local issuer certificate 482s error /tmp/sssd-softhsm2-p8kq75/test-root-CA-trusted-certificate-0001.pem: verification failed 482s + cat 482s + intermediate_ca_trusted_cert_0001_key_pass=pass:random-intermediate-ca-trusted-cert-0001-6504 482s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-p8kq75/test-intermediate-CA-trusted-certificate-0001-key.pem -passout pass:random-intermediate-ca-trusted-cert-0001-6504 1024 482s + openssl req -new -nodes -reqexts req_exts -passin pass:random-intermediate-ca-trusted-cert-0001-6504 -key /tmp/sssd-softhsm2-p8kq75/test-intermediate-CA-trusted-certificate-0001-key.pem -config /tmp/sssd-softhsm2-p8kq75/test-intermediate-CA-trusted-certificate-0001.config -out /tmp/sssd-softhsm2-p8kq75/test-intermediate-CA-trusted-certificate-0001-request.pem 482s + openssl req -text -noout -in /tmp/sssd-softhsm2-p8kq75/test-intermediate-CA-trusted-certificate-0001-request.pem 482s Certificate Request: 482s Data: 482s Version: 1 (0x0) 482s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 482s Subject Public Key Info: 482s Public Key Algorithm: rsaEncryption 482s Public-Key: (1024 bit) 482s Modulus: 482s 00:b6:b9:e4:6a:2a:47:7f:c0:8d:78:66:bb:44:44: 482s da:bb:92:80:9b:9a:69:a6:c3:33:b5:ae:bc:bd:0d: 482s a0:8b:f1:fd:4d:88:43:4e:61:87:f9:6d:b4:bd:5c: 482s 53:96:80:11:39:58:b1:67:8f:6c:00:3f:1f:de:8c: 482s d0:32:39:41:cc:1c:7a:15:13:e4:fd:d0:d0:02:00: 482s bd:5d:f9:f0:ac:22:97:a8:bb:0e:87:6f:a3:6f:dd: 482s ee:cc:f3:69:1f:94:2e:78:23:81:6b:e3:f7:95:ee: 482s 32:c8:af:fd:66:88:7a:7d:7c:02:8e:1e:9b:25:6b: 482s 87:a2:99:69:0e:69:1a:09:c1 482s Exponent: 65537 (0x10001) 482s Attributes: 482s Requested Extensions: 482s X509v3 Basic Constraints: 482s CA:FALSE 482s Netscape Cert Type: 482s SSL Client, S/MIME 482s Netscape Comment: 482s Test Organization Intermediate CA trusted Certificate 482s X509v3 Subject Key Identifier: 482s 66:3A:10:FB:C8:E0:62:85:B0:94:AD:C3:46:0C:EE:4E:FC:CC:83:5C 482s X509v3 Key Usage: critical 482s Digital Signature, Non Repudiation, Key Encipherment 482s X509v3 Extended Key Usage: 482s TLS Web Client Authentication, E-mail Protection 482s X509v3 Subject Alternative Name: 482s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 482s Signature Algorithm: sha256WithRSAEncryption 482s Signature Value: 482s 35:5c:1b:48:ef:2c:7a:0e:7c:79:4c:20:0a:e3:49:2e:ab:22: 482s c6:17:4f:4b:33:c7:16:01:a6:a9:76:b3:be:5a:f5:88:b3:f7: 482s e8:e8:a9:01:d3:ba:97:4a:68:94:f8:85:97:7e:a7:45:82:62: 482s 77:94:b0:5d:d9:9b:ab:97:56:17:3c:75:b5:1e:ba:07:f3:ad: 482s 68:9f:f7:a4:6f:0b:62:ee:19:ed:2f:4c:dd:49:c7:70:1f:96: 482s 9e:5f:07:08:d6:de:0f:38:bb:16:32:ca:92:7a:62:33:08:b7: 482s ed:21:84:0b:c7:58:ff:dc:da:37:7e:44:89:2d:54:b4:6b:e3: 482s 39:0f 482s + openssl ca -passin pass:random-intermediate-CA-password-10694 -config /tmp/sssd-softhsm2-p8kq75/test-intermediate-CA.config -batch -notext -keyfile /tmp/sssd-softhsm2-p8kq75/test-intermediate-CA-key.pem -in /tmp/sssd-softhsm2-p8kq75/test-intermediate-CA-trusted-certificate-0001-request.pem -days 365 -extensions usr_cert -out /tmp/sssd-softhsm2-p8kq75/test-intermediate-CA-trusted-certificate-0001.pem 482s Using configuration from /tmp/sssd-softhsm2-p8kq75/test-intermediate-CA.config 482s Check that the request matches the signature 482s Signature ok 482s Certificate Details: 482s Serial Number: 4 (0x4) 482s Validity 482s Not Before: Nov 29 20:51:19 2024 GMT 482s Not After : Nov 29 20:51:19 2025 GMT 482s Subject: 482s organizationName = Test Organization 482s organizationalUnitName = Test Organization Unit 482s commonName = Test Organization Intermediate Trusted Certificate 0001 482s X509v3 extensions: 482s X509v3 Authority Key Identifier: 482s 78:9A:BE:B7:7C:2C:97:8E:F8:F2:DF:43:B4:13:71:78:1A:EB:1C:95 482s X509v3 Basic Constraints: 482s CA:FALSE 482s Netscape Cert Type: 482s SSL Client, S/MIME 482s Netscape Comment: 482s Test Organization Intermediate CA trusted Certificate 482s X509v3 Subject Key Identifier: 482s 66:3A:10:FB:C8:E0:62:85:B0:94:AD:C3:46:0C:EE:4E:FC:CC:83:5C 482s X509v3 Key Usage: critical 482s Digital Signature, Non Repudiation, Key Encipherment 482s X509v3 Extended Key Usage: 482s TLS Web Client Authentication, E-mail Protection 482s X509v3 Subject Alternative Name: 482s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 482s Certificate is to be certified until Nov 29 20:51:19 2025 GMT (365 days) 482s 482s Write out database with 1 new entries 482s Database updated 482s + openssl x509 -noout -in /tmp/sssd-softhsm2-p8kq75/test-intermediate-CA-trusted-certificate-0001.pem 482s + echo 'This certificate should not be trusted fully' 482s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-p8kq75/test-intermediate-CA.pem /tmp/sssd-softhsm2-p8kq75/test-intermediate-CA-trusted-certificate-0001.pem 482s + local cmd=openssl 482s + shift 482s + openssl verify -CAfile /tmp/sssd-softhsm2-p8kq75/test-intermediate-CA.pem /tmp/sssd-softhsm2-p8kq75/test-intermediate-CA-trusted-certificate-0001.pem 482s This certificate should not be trusted fully 482s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 482s error 2 at 1 depth lookup: unable to get issuer certificate 482s error /tmp/sssd-softhsm2-p8kq75/test-intermediate-CA-trusted-certificate-0001.pem: verification failed 482s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-p8kq75/test-intermediate-CA.pem /tmp/sssd-softhsm2-p8kq75/test-intermediate-CA-trusted-certificate-0001.pem 482s /tmp/sssd-softhsm2-p8kq75/test-intermediate-CA-trusted-certificate-0001.pem: OK 482s + cat 482s + sub_intermediate_ca_trusted_cert_0001_key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-5749 482s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-p8kq75/test-sub-intermediate-CA-trusted-certificate-0001-key.pem -passout pass:random-sub-intermediate-ca-trusted-cert-0001-5749 1024 482s + openssl req -new -nodes -reqexts req_exts -passin pass:random-sub-intermediate-ca-trusted-cert-0001-5749 -key /tmp/sssd-softhsm2-p8kq75/test-sub-intermediate-CA-trusted-certificate-0001-key.pem -config /tmp/sssd-softhsm2-p8kq75/test-sub-intermediate-CA-trusted-certificate-0001.config -out /tmp/sssd-softhsm2-p8kq75/test-sub-intermediate-CA-trusted-certificate-0001-request.pem 482s + openssl req -text -noout -in /tmp/sssd-softhsm2-p8kq75/test-sub-intermediate-CA-trusted-certificate-0001-request.pem 482s Certificate Request: 482s Data: 482s Version: 1 (0x0) 482s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 482s Subject Public Key Info: 482s Public Key Algorithm: rsaEncryption 482s Public-Key: (1024 bit) 482s Modulus: 482s 00:dc:3f:9e:40:08:5d:d2:45:3c:e7:93:8a:ba:9d: 482s f7:fe:0e:cb:aa:a9:51:8a:1d:c9:c7:5b:62:bc:7f: 482s 9f:f7:11:fe:0c:2a:58:27:16:8e:20:8b:d6:63:5d: 482s b3:e9:e1:ec:99:d8:87:6d:e8:81:52:d5:02:1d:98: 482s ff:36:57:dd:e0:03:9b:1e:88:50:53:e9:5e:f2:6e: 482s 14:8c:f3:16:7a:d8:e8:1f:15:ef:b6:d1:bf:d5:e1: 482s e3:13:52:ea:8d:4a:9d:8b:e0:66:34:6a:c4:8c:07: 482s e5:ca:58:3e:46:1e:c1:9d:f4:89:db:b7:ba:ee:20: 482s ab:d4:4b:3b:23:71:ad:c1:11 482s Exponent: 65537 (0x10001) 482s Attributes: 482s Requested Extensions: 482s X509v3 Basic Constraints: 482s CA:FALSE 482s Netscape Cert Type: 482s SSL Client, S/MIME 482s Netscape Comment: 482s Test Organization Sub Intermediate CA trusted Certificate 482s X509v3 Subject Key Identifier: 482s 66:E4:DC:F2:FF:31:3E:1B:CF:03:FE:28:0A:98:BA:0B:CC:75:19:7C 482s X509v3 Key Usage: critical 482s Digital Signature, Non Repudiation, Key Encipherment 482s X509v3 Extended Key Usage: 482s TLS Web Client Authentication, E-mail Protection 482s X509v3 Subject Alternative Name: 482s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 482s Signature Algorithm: sha256WithRSAEncryption 482s Signature Value: 482s 7a:22:50:f3:99:e4:ea:67:91:d7:77:dd:b7:96:70:4b:4a:be: 482s fe:5c:9c:dd:3d:ba:a6:f5:80:7b:44:f9:a4:3f:90:f1:3d:43: 482s 0b:12:6a:c7:4a:f1:1d:13:3c:d2:04:9c:27:95:f6:97:f6:fb: 482s ca:ec:06:e7:a1:8d:76:51:b9:18:0d:e3:a0:f9:7c:35:a5:a3: 482s 71:6d:4e:df:43:ad:ac:c3:27:ea:18:e3:23:66:df:85:80:13: 482s fb:74:2d:c7:70:31:25:dc:8e:7d:ed:81:ee:ad:18:73:77:1b: 482s a0:c7:ce:d5:f7:c3:1a:e9:61:b0:12:69:b7:53:ae:13:57:92: 482s 58:64 482s + openssl ca -passin pass:random-sub-intermediate-CA-password-21139 -config /tmp/sssd-softhsm2-p8kq75/test-sub-intermediate-CA.config -batch -notext -keyfile /tmp/sssd-softhsm2-p8kq75/test-sub-intermediate-CA-key.pem -in /tmp/sssd-softhsm2-p8kq75/test-sub-intermediate-CA-trusted-certificate-0001-request.pem -days 365 -extensions usr_cert -out /tmp/sssd-softhsm2-p8kq75/test-sub-intermediate-CA-trusted-certificate-0001.pem 482s Using configuration from /tmp/sssd-softhsm2-p8kq75/test-sub-intermediate-CA.config 482s Check that the request matches the signature 482s Signature ok 482s Certificate Details: 482s Serial Number: 5 (0x5) 482s Validity 482s Not Before: Nov 29 20:51:19 2024 GMT 482s Not After : Nov 29 20:51:19 2025 GMT 482s Subject: 482s organizationName = Test Organization 482s organizationalUnitName = Test Organization Unit 482s commonName = Test Organization Sub Intermediate Trusted Certificate 0001 482s X509v3 extensions: 482s X509v3 Authority Key Identifier: 482s 70:8E:FD:93:AA:B7:64:7C:99:7F:9D:7A:AD:6E:FA:F2:6D:98:D3:F4 482s X509v3 Basic Constraints: 482s CA:FALSE 482s Netscape Cert Type: 482s SSL Client, S/MIME 482s Netscape Comment: 482s Test Organization Sub Intermediate CA trusted Certificate 482s X509v3 Subject Key Identifier: 482s 66:E4:DC:F2:FF:31:3E:1B:CF:03:FE:28:0A:98:BA:0B:CC:75:19:7C 482s X509v3 Key Usage: critical 482s Digital Signature, Non Repudiation, Key Encipherment 482s X509v3 Extended Key Usage: 482s TLS Web Client Authentication, E-mail Protection 482s X509v3 Subject Alternative Name: 482s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 482s Certificate is to be certified until Nov 29 20:51:19 2025 GMT (365 days) 482s 482s Write out database with 1 new entries 482s Database updated 482s + openssl x509 -noout -in /tmp/sssd-softhsm2-p8kq75/test-sub-intermediate-CA-trusted-certificate-0001.pem 482s This certificate should not be trusted fully 482s + echo 'This certificate should not be trusted fully' 482s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-p8kq75/test-sub-intermediate-CA.pem /tmp/sssd-softhsm2-p8kq75/test-sub-intermediate-CA-trusted-certificate-0001.pem 482s + local cmd=openssl 482s + shift 482s + openssl verify -CAfile /tmp/sssd-softhsm2-p8kq75/test-sub-intermediate-CA.pem /tmp/sssd-softhsm2-p8kq75/test-sub-intermediate-CA-trusted-certificate-0001.pem 482s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 482s error 2 at 1 depth lookup: unable to get issuer certificate 482s error /tmp/sssd-softhsm2-p8kq75/test-sub-intermediate-CA-trusted-certificate-0001.pem: verification failed 482s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-p8kq75/test-intermediate-CA.pem /tmp/sssd-softhsm2-p8kq75/test-sub-intermediate-CA-trusted-certificate-0001.pem 482s + local cmd=openssl 482s + shift 482s + openssl verify -CAfile /tmp/sssd-softhsm2-p8kq75/test-intermediate-CA.pem /tmp/sssd-softhsm2-p8kq75/test-sub-intermediate-CA-trusted-certificate-0001.pem 482s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 482s error 20 at 0 depth lookup: unable to get local issuer certificate 482s error /tmp/sssd-softhsm2-p8kq75/test-sub-intermediate-CA-trusted-certificate-0001.pem: verification failed 482s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-p8kq75/test-sub-intermediate-CA.pem /tmp/sssd-softhsm2-p8kq75/test-sub-intermediate-CA-trusted-certificate-0001.pem 482s /tmp/sssd-softhsm2-p8kq75/test-sub-intermediate-CA-trusted-certificate-0001.pem: OK 482s + expect_fail openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-p8kq75/test-intermediate-CA.pem /tmp/sssd-softhsm2-p8kq75/test-sub-intermediate-CA-trusted-certificate-0001.pem 482s + local cmd=openssl 482s + shift 482s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-p8kq75/test-intermediate-CA.pem /tmp/sssd-softhsm2-p8kq75/test-sub-intermediate-CA-trusted-certificate-0001.pem 482s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 482s error 20 at 0 depth lookup: unable to get local issuer certificate 482s error /tmp/sssd-softhsm2-p8kq75/test-sub-intermediate-CA-trusted-certificate-0001.pem: verification failed 482s + echo 'Building a the full-chain CA file...' 482s Building a the full-chain CA file... 482s + cat /tmp/sssd-softhsm2-p8kq75/test-root-CA.pem /tmp/sssd-softhsm2-p8kq75/test-intermediate-CA.pem /tmp/sssd-softhsm2-p8kq75/test-sub-intermediate-CA.pem 482s + cat /tmp/sssd-softhsm2-p8kq75/test-root-CA.pem /tmp/sssd-softhsm2-p8kq75/test-intermediate-CA.pem 482s + cat /tmp/sssd-softhsm2-p8kq75/test-intermediate-CA.pem /tmp/sssd-softhsm2-p8kq75/test-sub-intermediate-CA.pem 482s + openssl pkcs7 -print_certs -noout 482s + openssl crl2pkcs7 -nocrl -certfile /tmp/sssd-softhsm2-p8kq75/test-full-chain-CA.pem 482s subject=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 482s issuer=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 482s 482s subject=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 482s issuer=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 482s 482s subject=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 482s issuer=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 482s 482s + openssl verify -CAfile /tmp/sssd-softhsm2-p8kq75/test-full-chain-CA.pem /tmp/sssd-softhsm2-p8kq75/test-intermediate-CA.pem 482s /tmp/sssd-softhsm2-p8kq75/test-intermediate-CA.pem: OK 482s + openssl verify -CAfile /tmp/sssd-softhsm2-p8kq75/test-full-chain-CA.pem /tmp/sssd-softhsm2-p8kq75/test-root-CA-trusted-certificate-0001.pem 482s /tmp/sssd-softhsm2-p8kq75/test-root-CA-trusted-certificate-0001.pem: OK 482s + openssl verify -CAfile /tmp/sssd-softhsm2-p8kq75/test-full-chain-CA.pem /tmp/sssd-softhsm2-p8kq75/test-intermediate-CA-trusted-certificate-0001.pem 482s /tmp/sssd-softhsm2-p8kq75/test-intermediate-CA-trusted-certificate-0001.pem: OK 482s + openssl verify -CAfile /tmp/sssd-softhsm2-p8kq75/test-full-chain-CA.pem /tmp/sssd-softhsm2-p8kq75/test-root-intermediate-chain-CA.pem 482s /tmp/sssd-softhsm2-p8kq75/test-root-intermediate-chain-CA.pem: OK 482s + openssl verify -CAfile /tmp/sssd-softhsm2-p8kq75/test-full-chain-CA.pem /tmp/sssd-softhsm2-p8kq75/test-sub-intermediate-CA-trusted-certificate-0001.pem 482s /tmp/sssd-softhsm2-p8kq75/test-sub-intermediate-CA-trusted-certificate-0001.pem: OK 482s + echo 'Certificates generation completed!' 482s Certificates generation completed! 482s + [[ -v NO_SSSD_TESTS ]] 482s + invalid_certificate /tmp/sssd-softhsm2-p8kq75/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-31396 /dev/null 482s + check_certificate /tmp/sssd-softhsm2-p8kq75/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-31396 /dev/null 482s + local certificate=/tmp/sssd-softhsm2-p8kq75/test-root-CA-trusted-certificate-0001.pem 482s + local key_pass=pass:random-root-ca-trusted-cert-0001-31396 482s + local key_ring=/dev/null 482s + local verify_option= 482s + prepare_softhsm2_card /tmp/sssd-softhsm2-p8kq75/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-31396 482s + local certificate=/tmp/sssd-softhsm2-p8kq75/test-root-CA-trusted-certificate-0001.pem 482s + local key_pass=pass:random-root-ca-trusted-cert-0001-31396 482s + local key_cn 482s + local key_name 482s + local tokens_dir 482s + local output_cert_file 482s + token_name= 482s ++ basename /tmp/sssd-softhsm2-p8kq75/test-root-CA-trusted-certificate-0001.pem .pem 482s + key_name=test-root-CA-trusted-certificate-0001 482s ++ sed -n 's/ *commonName *= //p' 482s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-p8kq75/test-root-CA-trusted-certificate-0001.pem 482s + key_cn='Test Organization Root Trusted Certificate 0001' 482s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 482s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-p8kq75/softhsm2-test-root-CA-trusted-certificate-0001.conf 482s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-p8kq75/softhsm2-test-root-CA-trusted-certificate-0001.conf 482s ++ basename /tmp/sssd-softhsm2-p8kq75/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 482s + tokens_dir=/tmp/sssd-softhsm2-p8kq75/softhsm2-test-root-CA-trusted-certificate-0001 482s + token_name='Test Organization Root Tr Token' 482s + '[' '!' -e /tmp/sssd-softhsm2-p8kq75/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 482s + local key_file 482s + local decrypted_key 482s + mkdir -p /tmp/sssd-softhsm2-p8kq75/softhsm2-test-root-CA-trusted-certificate-0001 482s + key_file=/tmp/sssd-softhsm2-p8kq75/test-root-CA-trusted-certificate-0001-key.pem 482s + decrypted_key=/tmp/sssd-softhsm2-p8kq75/test-root-CA-trusted-certificate-0001-key-decrypted.pem 482s + cat 482s + softhsm2-util --init-token --label 'Test Organization Root Tr Token' --pin 053350 --so-pin 053350 --free 482s Slot 0 has a free/uninitialized token. 482s The token has been initialized and is reassigned to slot 751779679 482s + softhsm2-util --show-slots 482s Available slots: 482s Slot 751779679 482s Slot info: 482s Description: SoftHSM slot ID 0x2ccf3f5f 482s Manufacturer ID: SoftHSM project 482s Hardware version: 2.6 482s Firmware version: 2.6 482s Token present: yes 482s Token info: 482s Manufacturer ID: SoftHSM project 482s Model: SoftHSM v2 482s Hardware version: 2.6 482s Firmware version: 2.6 482s Serial number: 04ac68fb2ccf3f5f 482s Initialized: yes 482s User PIN init.: yes 482s Label: Test Organization Root Tr Token 482s Slot 1 482s Slot info: 482s Description: SoftHSM slot ID 0x1 482s Manufacturer ID: SoftHSM project 482s Hardware version: 2.6 482s Firmware version: 2.6 482s Token present: yes 482s Token info: 482s Manufacturer ID: SoftHSM project 482s Model: SoftHSM v2 482s Hardware version: 2.6 482s Firmware version: 2.6 482s Serial number: 482s Initialized: no 482s User PIN init.: no 482s Label: 482s + p11tool --provider=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=/tmp/sssd-softhsm2-p8kq75/test-root-CA-trusted-certificate-0001.pem --login --set-pin=053350 --label 'Test Organization Root Trusted Certificate 0001' --id 00112233445566778899FFAABBCCDDEEFF012345 482s + openssl rsa -passin pass:random-root-ca-trusted-cert-0001-31396 -in /tmp/sssd-softhsm2-p8kq75/test-root-CA-trusted-certificate-0001-key.pem -out /tmp/sssd-softhsm2-p8kq75/test-root-CA-trusted-certificate-0001-key-decrypted.pem 482s writing RSA key 482s + p11tool --provider=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so --write --load-privkey=/tmp/sssd-softhsm2-p8kq75/test-root-CA-trusted-certificate-0001-key-decrypted.pem --login --set-pin=053350 --label 'Test Organization Root Trusted Certificate 0001 Key' --id 00112233445566778899FFAABBCCDDEEFF012345 482s + rm /tmp/sssd-softhsm2-p8kq75/test-root-CA-trusted-certificate-0001-key-decrypted.pem 482s + p11tool --provider=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so --list-all 482s Object 0: 482s URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=04ac68fb2ccf3f5f;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert 482s Type: X.509 Certificate (RSA-1024) 482s Expires: Sat Nov 29 20:51:19 2025 482s Label: Test Organization Root Trusted Certificate 0001 482s ID: 00:11:22:33:44:55:66:77:88:99:ff:aa:bb:cc:dd:ee:ff:01:23:45 482s 482s + echo 'Test Organization Root Tr Token' 482s + '[' -n '' ']' 482s Test Organization Root Tr Token 482s + local output_base_name=SSSD-child-13622 482s + local output_file=/tmp/sssd-softhsm2-p8kq75/SSSD-child-13622.output 482s + output_cert_file=/tmp/sssd-softhsm2-p8kq75/SSSD-child-13622.pem 482s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/dev/null 482s [p11_child[2936]] [main] (0x0400): p11_child started. 482s [p11_child[2936]] [main] (0x2000): Running in [pre-auth] mode. 482s [p11_child[2936]] [main] (0x2000): Running with effective IDs: [0][0]. 482s [p11_child[2936]] [main] (0x2000): Running with real IDs [0][0]. 482s [p11_child[2936]] [init_verification] (0x0040): X509_LOOKUP_load_file [/dev/null] failed [92274824][error:05800088:x509 certificate routines::no certificate or crl found]. 482s [p11_child[2936]] [do_work] (0x0040): init_verification failed. 482s [p11_child[2936]] [main] (0x0020): p11_child failed (5) 482s + return 2 482s + valid_certificate /tmp/sssd-softhsm2-p8kq75/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-31396 /dev/null no_verification 482s + check_certificate /tmp/sssd-softhsm2-p8kq75/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-31396 /dev/null no_verification 482s + local certificate=/tmp/sssd-softhsm2-p8kq75/test-root-CA-trusted-certificate-0001.pem 482s + local key_pass=pass:random-root-ca-trusted-cert-0001-31396 482s + local key_ring=/dev/null 482s + local verify_option=no_verification 482s + prepare_softhsm2_card /tmp/sssd-softhsm2-p8kq75/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-31396 482s + local certificate=/tmp/sssd-softhsm2-p8kq75/test-root-CA-trusted-certificate-0001.pem 482s + local key_pass=pass:random-root-ca-trusted-cert-0001-31396 482s + local key_cn 482s + local key_name 482s + local tokens_dir 482s + local output_cert_file 482s + token_name= 482s ++ basename /tmp/sssd-softhsm2-p8kq75/test-root-CA-trusted-certificate-0001.pem .pem 482s + key_name=test-root-CA-trusted-certificate-0001 482s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-p8kq75/test-root-CA-trusted-certificate-0001.pem 482s ++ sed -n 's/ *commonName *= //p' 482s + key_cn='Test Organization Root Trusted Certificate 0001' 482s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 482s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-p8kq75/softhsm2-test-root-CA-trusted-certificate-0001.conf 482s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-p8kq75/softhsm2-test-root-CA-trusted-certificate-0001.conf 482s ++ basename /tmp/sssd-softhsm2-p8kq75/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 482s + tokens_dir=/tmp/sssd-softhsm2-p8kq75/softhsm2-test-root-CA-trusted-certificate-0001 482s Test Organization Root Tr Token 482s + token_name='Test Organization Root Tr Token' 482s + '[' '!' -e /tmp/sssd-softhsm2-p8kq75/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 482s + '[' '!' -d /tmp/sssd-softhsm2-p8kq75/softhsm2-test-root-CA-trusted-certificate-0001 ']' 482s + echo 'Test Organization Root Tr Token' 482s + '[' -n no_verification ']' 482s + local verify_arg=--verify=no_verification 482s + local output_base_name=SSSD-child-23229 482s + local output_file=/tmp/sssd-softhsm2-p8kq75/SSSD-child-23229.output 482s + output_cert_file=/tmp/sssd-softhsm2-p8kq75/SSSD-child-23229.pem 482s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so --verify=no_verification --ca_db=/dev/null 482s [p11_child[2942]] [main] (0x0400): p11_child started. 482s [p11_child[2942]] [main] (0x2000): Running in [pre-auth] mode. 482s [p11_child[2942]] [main] (0x2000): Running with effective IDs: [0][0]. 482s [p11_child[2942]] [main] (0x2000): Running with real IDs [0][0]. 482s [p11_child[2942]] [parse_cert_verify_opts] (0x0020): Found 'no_verification' option, disabling verification completely. This should not be used in production. 482s [p11_child[2942]] [do_card] (0x4000): Module List: 482s [p11_child[2942]] [do_card] (0x4000): common name: [softhsm2]. 482s [p11_child[2942]] [do_card] (0x4000): dll name: [/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 482s [p11_child[2942]] [do_card] (0x4000): Description [SoftHSM slot ID 0x2ccf3f5f] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 482s [p11_child[2942]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 482s [p11_child[2942]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x2ccf3f5f][751779679] of module [0][/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 482s [p11_child[2942]] [do_card] (0x4000): Login NOT required. 482s [p11_child[2942]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 482s [p11_child[2942]] [do_card] (0x4000): /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Root Tr Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 482s [p11_child[2942]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x2ccf3f5f;slot-manufacturer=SoftHSM%20project;slot-id=751779679;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=04ac68fb2ccf3f5f;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 482s [p11_child[2942]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 482s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-p8kq75/SSSD-child-23229.output 482s + echo '-----BEGIN CERTIFICATE-----' 482s + tail -n1 /tmp/sssd-softhsm2-p8kq75/SSSD-child-23229.output 482s + echo '-----END CERTIFICATE-----' 482s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-p8kq75/SSSD-child-23229.pem 482s Certificate: 482s Data: 482s Version: 3 (0x2) 482s Serial Number: 3 (0x3) 482s Signature Algorithm: sha256WithRSAEncryption 482s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 482s Validity 482s Not Before: Nov 29 20:51:19 2024 GMT 482s Not After : Nov 29 20:51:19 2025 GMT 482s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 482s Subject Public Key Info: 482s Public Key Algorithm: rsaEncryption 482s Public-Key: (1024 bit) 482s Modulus: 482s 00:ce:8e:46:30:83:4f:30:fb:d1:63:63:74:35:39: 482s df:dc:51:f7:9e:a5:00:8b:a3:9e:0d:a8:91:3a:60: 482s 90:62:89:3d:fa:22:23:72:05:a9:3f:7e:79:9e:1a: 482s fa:b6:02:18:e0:ea:60:ed:ae:86:70:ba:21:c3:c7: 482s 9d:c8:01:10:7f:1f:02:44:d5:3a:e8:2f:39:1d:71: 482s cf:54:cf:d2:0f:b8:0c:b9:00:71:1d:5c:63:26:83: 482s 22:f1:d8:8f:d5:59:ed:ea:69:f2:e8:7a:0d:42:6e: 482s d1:1b:dc:09:ab:07:a6:35:90:77:51:94:40:f7:93: 482s ac:91:0e:bd:e6:0f:8c:20:d1 482s Exponent: 65537 (0x10001) 482s X509v3 extensions: 482s X509v3 Authority Key Identifier: 482s E5:4F:3D:69:04:B8:D3:8A:56:E3:77:E0:52:88:AB:FE:81:B6:71:0E 482s X509v3 Basic Constraints: 482s CA:FALSE 482s Netscape Cert Type: 482s SSL Client, S/MIME 482s Netscape Comment: 482s Test Organization Root CA trusted Certificate 482s X509v3 Subject Key Identifier: 482s 9F:6D:6D:55:4A:F0:9A:90:60:59:B2:9E:BA:33:7A:77:15:F0:D3:BE 482s X509v3 Key Usage: critical 482s Digital Signature, Non Repudiation, Key Encipherment 482s X509v3 Extended Key Usage: 482s TLS Web Client Authentication, E-mail Protection 482s X509v3 Subject Alternative Name: 482s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 482s Signature Algorithm: sha256WithRSAEncryption 482s Signature Value: 482s 51:ac:ea:e5:38:ca:53:de:0e:88:76:92:8a:c1:2f:fc:30:8a: 482s f8:49:17:05:5d:99:d7:6d:a0:cb:47:aa:a2:d1:94:a5:74:7e: 482s 9c:2d:ac:ad:92:56:e6:fd:d1:5c:89:18:92:c6:f8:3d:26:cf: 482s 22:61:28:2f:48:1e:1e:30:14:9c:7e:80:3f:64:62:63:24:57: 482s dd:f8:70:b1:4d:50:ce:24:87:b0:15:1d:8d:d8:98:51:d5:9f: 482s 22:52:23:c5:e4:38:31:11:51:f0:4d:a2:f6:ff:72:8e:5a:0f: 482s 10:0c:73:81:b3:d8:2e:72:bb:64:8a:9e:f2:94:4c:0e:64:11: 482s 1f:2e 482s + local found_md5 expected_md5 482s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-p8kq75/test-root-CA-trusted-certificate-0001.pem 482s + expected_md5=Modulus=CE8E4630834F30FBD16363743539DFDC51F79EA5008BA39E0DA8913A609062893DFA22237205A93F7E799E1AFAB60218E0EA60EDAE8670BA21C3C79DC801107F1F0244D53AE82F391D71CF54CFD20FB80CB900711D5C63268322F1D88FD559EDEA69F2E87A0D426ED11BDC09AB07A6359077519440F793AC910EBDE60F8C20D1 482s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-p8kq75/SSSD-child-23229.pem 482s + found_md5=Modulus=CE8E4630834F30FBD16363743539DFDC51F79EA5008BA39E0DA8913A609062893DFA22237205A93F7E799E1AFAB60218E0EA60EDAE8670BA21C3C79DC801107F1F0244D53AE82F391D71CF54CFD20FB80CB900711D5C63268322F1D88FD559EDEA69F2E87A0D426ED11BDC09AB07A6359077519440F793AC910EBDE60F8C20D1 482s + '[' Modulus=CE8E4630834F30FBD16363743539DFDC51F79EA5008BA39E0DA8913A609062893DFA22237205A93F7E799E1AFAB60218E0EA60EDAE8670BA21C3C79DC801107F1F0244D53AE82F391D71CF54CFD20FB80CB900711D5C63268322F1D88FD559EDEA69F2E87A0D426ED11BDC09AB07A6359077519440F793AC910EBDE60F8C20D1 '!=' Modulus=CE8E4630834F30FBD16363743539DFDC51F79EA5008BA39E0DA8913A609062893DFA22237205A93F7E799E1AFAB60218E0EA60EDAE8670BA21C3C79DC801107F1F0244D53AE82F391D71CF54CFD20FB80CB900711D5C63268322F1D88FD559EDEA69F2E87A0D426ED11BDC09AB07A6359077519440F793AC910EBDE60F8C20D1 ']' 482s + output_file=/tmp/sssd-softhsm2-p8kq75/SSSD-child-23229-auth.output 482s ++ basename /tmp/sssd-softhsm2-p8kq75/SSSD-child-23229-auth.output .output 482s + output_cert_file=/tmp/sssd-softhsm2-p8kq75/SSSD-child-23229-auth.pem 482s + echo -n 053350 482s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/dev/null --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=no_verification --token_name 'Test Organization Root Tr Token' --module_name /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so 482s [p11_child[2950]] [main] (0x0400): p11_child started. 482s [p11_child[2950]] [main] (0x2000): Running in [auth] mode. 482s [p11_child[2950]] [main] (0x2000): Running with effective IDs: [0][0]. 482s [p11_child[2950]] [main] (0x2000): Running with real IDs [0][0]. 482s [p11_child[2950]] [parse_cert_verify_opts] (0x0020): Found 'no_verification' option, disabling verification completely. This should not be used in production. 482s [p11_child[2950]] [do_card] (0x4000): Module List: 482s [p11_child[2950]] [do_card] (0x4000): common name: [softhsm2]. 482s [p11_child[2950]] [do_card] (0x4000): dll name: [/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 482s [p11_child[2950]] [do_card] (0x4000): Description [SoftHSM slot ID 0x2ccf3f5f] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 482s [p11_child[2950]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 482s [p11_child[2950]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x2ccf3f5f][751779679] of module [0][/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 482s [p11_child[2950]] [do_card] (0x4000): Login required. 482s [p11_child[2950]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 482s [p11_child[2950]] [do_card] (0x4000): /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so Test Organization Root Tr Token Test Organization Root Tr Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 482s [p11_child[2950]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x2ccf3f5f;slot-manufacturer=SoftHSM%20project;slot-id=751779679;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=04ac68fb2ccf3f5f;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 482s [p11_child[2950]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 482s [p11_child[2950]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 482s [p11_child[2950]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 482s [p11_child[2950]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 482s [p11_child[2950]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 482s [p11_child[2950]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 482s [p11_child[2950]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 482s [p11_child[2950]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 482s [p11_child[2950]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 482s [p11_child[2950]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 482s [p11_child[2950]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 482s [p11_child[2950]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 482s [p11_child[2950]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 482s [p11_child[2950]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 482s [p11_child[2950]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 482s [p11_child[2950]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 482s [p11_child[2950]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 482s [p11_child[2950]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 482s [p11_child[2950]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 482s [p11_child[2950]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 482s [p11_child[2950]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 482s [p11_child[2950]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 482s [p11_child[2950]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 482s [p11_child[2950]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 482s [p11_child[2950]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 482s [p11_child[2950]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 482s [p11_child[2950]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 482s [p11_child[2950]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 482s [p11_child[2950]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 482s [p11_child[2950]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 482s [p11_child[2950]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 482s [p11_child[2950]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 482s [p11_child[2950]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 482s [p11_child[2950]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 482s [p11_child[2950]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 482s [p11_child[2950]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 482s [p11_child[2950]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 482s [p11_child[2950]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 482s [p11_child[2950]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 482s [p11_child[2950]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 482s [p11_child[2950]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 482s [p11_child[2950]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 482s [p11_child[2950]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 482s [p11_child[2950]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 482s [p11_child[2950]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 482s [p11_child[2950]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 482s [p11_child[2950]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 482s [p11_child[2950]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 482s [p11_child[2950]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 482s [p11_child[2950]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 482s [p11_child[2950]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 482s [p11_child[2950]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 482s [p11_child[2950]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 482s [p11_child[2950]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 482s [p11_child[2950]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 482s [p11_child[2950]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 482s [p11_child[2950]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 482s [p11_child[2950]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 482s [p11_child[2950]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 482s [p11_child[2950]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 482s [p11_child[2950]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 482s [p11_child[2950]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 482s [p11_child[2950]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 482s [p11_child[2950]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 482s [p11_child[2950]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 482s [p11_child[2950]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 482s [p11_child[2950]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 482s [p11_child[2950]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 482s [p11_child[2950]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 482s [p11_child[2950]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 482s [p11_child[2950]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 482s [p11_child[2950]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 482s [p11_child[2950]] [do_card] (0x4000): Certificate verified and validated. 482s [p11_child[2950]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 482s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-p8kq75/SSSD-child-23229-auth.output 482s + echo '-----BEGIN CERTIFICATE-----' 482s + tail -n1 /tmp/sssd-softhsm2-p8kq75/SSSD-child-23229-auth.output 482s + echo '-----END CERTIFICATE-----' 482s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-p8kq75/SSSD-child-23229-auth.pem 482s Certificate: 482s Data: 482s Version: 3 (0x2) 482s Serial Number: 3 (0x3) 482s Signature Algorithm: sha256WithRSAEncryption 482s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 482s Validity 482s Not Before: Nov 29 20:51:19 2024 GMT 482s Not After : Nov 29 20:51:19 2025 GMT 482s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 482s Subject Public Key Info: 482s Public Key Algorithm: rsaEncryption 482s Public-Key: (1024 bit) 482s Modulus: 482s 00:ce:8e:46:30:83:4f:30:fb:d1:63:63:74:35:39: 482s df:dc:51:f7:9e:a5:00:8b:a3:9e:0d:a8:91:3a:60: 482s 90:62:89:3d:fa:22:23:72:05:a9:3f:7e:79:9e:1a: 482s fa:b6:02:18:e0:ea:60:ed:ae:86:70:ba:21:c3:c7: 482s 9d:c8:01:10:7f:1f:02:44:d5:3a:e8:2f:39:1d:71: 482s cf:54:cf:d2:0f:b8:0c:b9:00:71:1d:5c:63:26:83: 482s 22:f1:d8:8f:d5:59:ed:ea:69:f2:e8:7a:0d:42:6e: 482s d1:1b:dc:09:ab:07:a6:35:90:77:51:94:40:f7:93: 482s ac:91:0e:bd:e6:0f:8c:20:d1 482s Exponent: 65537 (0x10001) 482s X509v3 extensions: 482s X509v3 Authority Key Identifier: 482s E5:4F:3D:69:04:B8:D3:8A:56:E3:77:E0:52:88:AB:FE:81:B6:71:0E 482s X509v3 Basic Constraints: 482s CA:FALSE 482s Netscape Cert Type: 482s SSL Client, S/MIME 482s Netscape Comment: 482s Test Organization Root CA trusted Certificate 482s X509v3 Subject Key Identifier: 482s 9F:6D:6D:55:4A:F0:9A:90:60:59:B2:9E:BA:33:7A:77:15:F0:D3:BE 482s X509v3 Key Usage: critical 482s Digital Signature, Non Repudiation, Key Encipherment 482s X509v3 Extended Key Usage: 482s TLS Web Client Authentication, E-mail Protection 482s X509v3 Subject Alternative Name: 482s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 482s Signature Algorithm: sha256WithRSAEncryption 482s Signature Value: 482s 51:ac:ea:e5:38:ca:53:de:0e:88:76:92:8a:c1:2f:fc:30:8a: 482s f8:49:17:05:5d:99:d7:6d:a0:cb:47:aa:a2:d1:94:a5:74:7e: 482s 9c:2d:ac:ad:92:56:e6:fd:d1:5c:89:18:92:c6:f8:3d:26:cf: 482s 22:61:28:2f:48:1e:1e:30:14:9c:7e:80:3f:64:62:63:24:57: 482s dd:f8:70:b1:4d:50:ce:24:87:b0:15:1d:8d:d8:98:51:d5:9f: 482s 22:52:23:c5:e4:38:31:11:51:f0:4d:a2:f6:ff:72:8e:5a:0f: 482s 10:0c:73:81:b3:d8:2e:72:bb:64:8a:9e:f2:94:4c:0e:64:11: 482s 1f:2e 482s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-p8kq75/SSSD-child-23229-auth.pem 482s + found_md5=Modulus=CE8E4630834F30FBD16363743539DFDC51F79EA5008BA39E0DA8913A609062893DFA22237205A93F7E799E1AFAB60218E0EA60EDAE8670BA21C3C79DC801107F1F0244D53AE82F391D71CF54CFD20FB80CB900711D5C63268322F1D88FD559EDEA69F2E87A0D426ED11BDC09AB07A6359077519440F793AC910EBDE60F8C20D1 482s + '[' Modulus=CE8E4630834F30FBD16363743539DFDC51F79EA5008BA39E0DA8913A609062893DFA22237205A93F7E799E1AFAB60218E0EA60EDAE8670BA21C3C79DC801107F1F0244D53AE82F391D71CF54CFD20FB80CB900711D5C63268322F1D88FD559EDEA69F2E87A0D426ED11BDC09AB07A6359077519440F793AC910EBDE60F8C20D1 '!=' Modulus=CE8E4630834F30FBD16363743539DFDC51F79EA5008BA39E0DA8913A609062893DFA22237205A93F7E799E1AFAB60218E0EA60EDAE8670BA21C3C79DC801107F1F0244D53AE82F391D71CF54CFD20FB80CB900711D5C63268322F1D88FD559EDEA69F2E87A0D426ED11BDC09AB07A6359077519440F793AC910EBDE60F8C20D1 ']' 482s + valid_certificate /tmp/sssd-softhsm2-p8kq75/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-31396 /tmp/sssd-softhsm2-p8kq75/test-root-CA.pem 482s + check_certificate /tmp/sssd-softhsm2-p8kq75/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-31396 /tmp/sssd-softhsm2-p8kq75/test-root-CA.pem 482s + local certificate=/tmp/sssd-softhsm2-p8kq75/test-root-CA-trusted-certificate-0001.pem 482s + local key_pass=pass:random-root-ca-trusted-cert-0001-31396 482s + local key_ring=/tmp/sssd-softhsm2-p8kq75/test-root-CA.pem 482s + local verify_option= 482s + prepare_softhsm2_card /tmp/sssd-softhsm2-p8kq75/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-31396 482s + local certificate=/tmp/sssd-softhsm2-p8kq75/test-root-CA-trusted-certificate-0001.pem 482s + local key_pass=pass:random-root-ca-trusted-cert-0001-31396 482s + local key_cn 482s + local key_name 482s + local tokens_dir 482s + local output_cert_file 482s + token_name= 482s ++ basename /tmp/sssd-softhsm2-p8kq75/test-root-CA-trusted-certificate-0001.pem .pem 482s + key_name=test-root-CA-trusted-certificate-0001 482s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-p8kq75/test-root-CA-trusted-certificate-0001.pem 482s ++ sed -n 's/ *commonName *= //p' 482s + key_cn='Test Organization Root Trusted Certificate 0001' 482s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 482s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-p8kq75/softhsm2-test-root-CA-trusted-certificate-0001.conf 482s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-p8kq75/softhsm2-test-root-CA-trusted-certificate-0001.conf 482s ++ basename /tmp/sssd-softhsm2-p8kq75/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 482s + tokens_dir=/tmp/sssd-softhsm2-p8kq75/softhsm2-test-root-CA-trusted-certificate-0001 482s + token_name='Test Organization Root Tr Token' 482s + '[' '!' -e /tmp/sssd-softhsm2-p8kq75/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 482s + '[' '!' -d /tmp/sssd-softhsm2-p8kq75/softhsm2-test-root-CA-trusted-certificate-0001 ']' 482s Test Organization Root Tr Token 482s + echo 'Test Organization Root Tr Token' 482s + '[' -n '' ']' 482s + local output_base_name=SSSD-child-204 482s + local output_file=/tmp/sssd-softhsm2-p8kq75/SSSD-child-204.output 482s + output_cert_file=/tmp/sssd-softhsm2-p8kq75/SSSD-child-204.pem 482s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-p8kq75/test-root-CA.pem 482s [p11_child[2960]] [main] (0x0400): p11_child started. 482s [p11_child[2960]] [main] (0x2000): Running in [pre-auth] mode. 482s [p11_child[2960]] [main] (0x2000): Running with effective IDs: [0][0]. 482s [p11_child[2960]] [main] (0x2000): Running with real IDs [0][0]. 482s [p11_child[2960]] [do_card] (0x4000): Module List: 482s [p11_child[2960]] [do_card] (0x4000): common name: [softhsm2]. 482s [p11_child[2960]] [do_card] (0x4000): dll name: [/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 482s [p11_child[2960]] [do_card] (0x4000): Description [SoftHSM slot ID 0x2ccf3f5f] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 482s [p11_child[2960]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 482s [p11_child[2960]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x2ccf3f5f][751779679] of module [0][/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 482s [p11_child[2960]] [do_card] (0x4000): Login NOT required. 482s [p11_child[2960]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 482s [p11_child[2960]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 482s [p11_child[2960]] [do_card] (0x4000): /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Root Tr Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 482s [p11_child[2960]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x2ccf3f5f;slot-manufacturer=SoftHSM%20project;slot-id=751779679;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=04ac68fb2ccf3f5f;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 482s [p11_child[2960]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 482s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-p8kq75/SSSD-child-204.output 482s + echo '-----BEGIN CERTIFICATE-----' 482s + tail -n1 /tmp/sssd-softhsm2-p8kq75/SSSD-child-204.output 482s + echo '-----END CERTIFICATE-----' 482s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-p8kq75/SSSD-child-204.pem 482s Certificate: 482s Data: 482s Version: 3 (0x2) 482s Serial Number: 3 (0x3) 482s Signature Algorithm: sha256WithRSAEncryption 482s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 482s Validity 482s Not Before: Nov 29 20:51:19 2024 GMT 482s Not After : Nov 29 20:51:19 2025 GMT 482s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 482s Subject Public Key Info: 482s Public Key Algorithm: rsaEncryption 482s Public-Key: (1024 bit) 482s Modulus: 482s 00:ce:8e:46:30:83:4f:30:fb:d1:63:63:74:35:39: 482s df:dc:51:f7:9e:a5:00:8b:a3:9e:0d:a8:91:3a:60: 482s 90:62:89:3d:fa:22:23:72:05:a9:3f:7e:79:9e:1a: 482s fa:b6:02:18:e0:ea:60:ed:ae:86:70:ba:21:c3:c7: 482s 9d:c8:01:10:7f:1f:02:44:d5:3a:e8:2f:39:1d:71: 482s cf:54:cf:d2:0f:b8:0c:b9:00:71:1d:5c:63:26:83: 482s 22:f1:d8:8f:d5:59:ed:ea:69:f2:e8:7a:0d:42:6e: 482s d1:1b:dc:09:ab:07:a6:35:90:77:51:94:40:f7:93: 482s ac:91:0e:bd:e6:0f:8c:20:d1 482s Exponent: 65537 (0x10001) 482s X509v3 extensions: 482s X509v3 Authority Key Identifier: 482s E5:4F:3D:69:04:B8:D3:8A:56:E3:77:E0:52:88:AB:FE:81:B6:71:0E 482s X509v3 Basic Constraints: 482s CA:FALSE 482s Netscape Cert Type: 482s SSL Client, S/MIME 482s Netscape Comment: 482s Test Organization Root CA trusted Certificate 482s X509v3 Subject Key Identifier: 482s 9F:6D:6D:55:4A:F0:9A:90:60:59:B2:9E:BA:33:7A:77:15:F0:D3:BE 482s X509v3 Key Usage: critical 482s Digital Signature, Non Repudiation, Key Encipherment 482s X509v3 Extended Key Usage: 482s TLS Web Client Authentication, E-mail Protection 482s X509v3 Subject Alternative Name: 482s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 482s Signature Algorithm: sha256WithRSAEncryption 482s Signature Value: 482s 51:ac:ea:e5:38:ca:53:de:0e:88:76:92:8a:c1:2f:fc:30:8a: 482s f8:49:17:05:5d:99:d7:6d:a0:cb:47:aa:a2:d1:94:a5:74:7e: 482s 9c:2d:ac:ad:92:56:e6:fd:d1:5c:89:18:92:c6:f8:3d:26:cf: 482s 22:61:28:2f:48:1e:1e:30:14:9c:7e:80:3f:64:62:63:24:57: 482s dd:f8:70:b1:4d:50:ce:24:87:b0:15:1d:8d:d8:98:51:d5:9f: 482s 22:52:23:c5:e4:38:31:11:51:f0:4d:a2:f6:ff:72:8e:5a:0f: 482s 10:0c:73:81:b3:d8:2e:72:bb:64:8a:9e:f2:94:4c:0e:64:11: 482s 1f:2e 482s + local found_md5 expected_md5 482s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-p8kq75/test-root-CA-trusted-certificate-0001.pem 482s + expected_md5=Modulus=CE8E4630834F30FBD16363743539DFDC51F79EA5008BA39E0DA8913A609062893DFA22237205A93F7E799E1AFAB60218E0EA60EDAE8670BA21C3C79DC801107F1F0244D53AE82F391D71CF54CFD20FB80CB900711D5C63268322F1D88FD559EDEA69F2E87A0D426ED11BDC09AB07A6359077519440F793AC910EBDE60F8C20D1 482s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-p8kq75/SSSD-child-204.pem 482s + found_md5=Modulus=CE8E4630834F30FBD16363743539DFDC51F79EA5008BA39E0DA8913A609062893DFA22237205A93F7E799E1AFAB60218E0EA60EDAE8670BA21C3C79DC801107F1F0244D53AE82F391D71CF54CFD20FB80CB900711D5C63268322F1D88FD559EDEA69F2E87A0D426ED11BDC09AB07A6359077519440F793AC910EBDE60F8C20D1 482s + '[' Modulus=CE8E4630834F30FBD16363743539DFDC51F79EA5008BA39E0DA8913A609062893DFA22237205A93F7E799E1AFAB60218E0EA60EDAE8670BA21C3C79DC801107F1F0244D53AE82F391D71CF54CFD20FB80CB900711D5C63268322F1D88FD559EDEA69F2E87A0D426ED11BDC09AB07A6359077519440F793AC910EBDE60F8C20D1 '!=' Modulus=CE8E4630834F30FBD16363743539DFDC51F79EA5008BA39E0DA8913A609062893DFA22237205A93F7E799E1AFAB60218E0EA60EDAE8670BA21C3C79DC801107F1F0244D53AE82F391D71CF54CFD20FB80CB900711D5C63268322F1D88FD559EDEA69F2E87A0D426ED11BDC09AB07A6359077519440F793AC910EBDE60F8C20D1 ']' 482s + output_file=/tmp/sssd-softhsm2-p8kq75/SSSD-child-204-auth.output 482s ++ basename /tmp/sssd-softhsm2-p8kq75/SSSD-child-204-auth.output .output 482s + output_cert_file=/tmp/sssd-softhsm2-p8kq75/SSSD-child-204-auth.pem 482s + echo -n 053350 482s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-p8kq75/test-root-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 '' --token_name 'Test Organization Root Tr Token' --module_name /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so 482s [p11_child[2968]] [main] (0x0400): p11_child started. 482s [p11_child[2968]] [main] (0x2000): Running in [auth] mode. 482s [p11_child[2968]] [main] (0x2000): Running with effective IDs: [0][0]. 482s [p11_child[2968]] [main] (0x2000): Running with real IDs [0][0]. 482s [p11_child[2968]] [do_card] (0x4000): Module List: 482s [p11_child[2968]] [do_card] (0x4000): common name: [softhsm2]. 482s [p11_child[2968]] [do_card] (0x4000): dll name: [/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 482s [p11_child[2968]] [do_card] (0x4000): Description [SoftHSM slot ID 0x2ccf3f5f] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 482s [p11_child[2968]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 482s [p11_child[2968]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x2ccf3f5f][751779679] of module [0][/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 482s [p11_child[2968]] [do_card] (0x4000): Login required. 482s [p11_child[2968]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 482s [p11_child[2968]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 482s [p11_child[2968]] [do_card] (0x4000): /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so Test Organization Root Tr Token Test Organization Root Tr Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 482s [p11_child[2968]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x2ccf3f5f;slot-manufacturer=SoftHSM%20project;slot-id=751779679;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=04ac68fb2ccf3f5f;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 482s [p11_child[2968]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 482s [p11_child[2968]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 482s [p11_child[2968]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 482s [p11_child[2968]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 482s [p11_child[2968]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 482s [p11_child[2968]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 482s [p11_child[2968]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 482s [p11_child[2968]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 482s [p11_child[2968]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 482s [p11_child[2968]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 482s [p11_child[2968]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 482s [p11_child[2968]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 482s [p11_child[2968]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 482s [p11_child[2968]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 482s [p11_child[2968]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 482s [p11_child[2968]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 482s [p11_child[2968]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 482s [p11_child[2968]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 482s [p11_child[2968]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 482s [p11_child[2968]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 482s [p11_child[2968]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 482s [p11_child[2968]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 482s [p11_child[2968]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 482s [p11_child[2968]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 482s [p11_child[2968]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 482s [p11_child[2968]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 482s [p11_child[2968]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 482s [p11_child[2968]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 482s [p11_child[2968]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 482s [p11_child[2968]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 482s [p11_child[2968]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 482s [p11_child[2968]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 482s [p11_child[2968]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 482s [p11_child[2968]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 482s [p11_child[2968]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 482s [p11_child[2968]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 482s [p11_child[2968]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 482s [p11_child[2968]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 482s [p11_child[2968]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 482s [p11_child[2968]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 482s [p11_child[2968]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 482s [p11_child[2968]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 482s [p11_child[2968]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 482s [p11_child[2968]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 482s [p11_child[2968]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 482s [p11_child[2968]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 482s [p11_child[2968]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 482s [p11_child[2968]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 482s [p11_child[2968]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 482s [p11_child[2968]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 482s [p11_child[2968]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 482s [p11_child[2968]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 482s [p11_child[2968]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 482s [p11_child[2968]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 482s [p11_child[2968]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 482s [p11_child[2968]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 482s [p11_child[2968]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 482s [p11_child[2968]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 482s [p11_child[2968]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 482s [p11_child[2968]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 482s [p11_child[2968]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 482s [p11_child[2968]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 482s [p11_child[2968]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 482s [p11_child[2968]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 482s [p11_child[2968]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 482s [p11_child[2968]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 482s [p11_child[2968]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 482s [p11_child[2968]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 482s [p11_child[2968]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 482s [p11_child[2968]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 482s [p11_child[2968]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 482s [p11_child[2968]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 482s [p11_child[2968]] [do_card] (0x4000): Certificate verified and validated. 482s [p11_child[2968]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 482s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-p8kq75/SSSD-child-204-auth.output 482s + echo '-----BEGIN CERTIFICATE-----' 482s + tail -n1 /tmp/sssd-softhsm2-p8kq75/SSSD-child-204-auth.output 482s + echo '-----END CERTIFICATE-----' 482s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-p8kq75/SSSD-child-204-auth.pem 482s Certificate: 482s Data: 482s Version: 3 (0x2) 482s Serial Number: 3 (0x3) 482s Signature Algorithm: sha256WithRSAEncryption 482s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 482s Validity 482s Not Before: Nov 29 20:51:19 2024 GMT 482s Not After : Nov 29 20:51:19 2025 GMT 482s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 482s Subject Public Key Info: 482s Public Key Algorithm: rsaEncryption 482s Public-Key: (1024 bit) 482s Modulus: 482s 00:ce:8e:46:30:83:4f:30:fb:d1:63:63:74:35:39: 482s df:dc:51:f7:9e:a5:00:8b:a3:9e:0d:a8:91:3a:60: 482s 90:62:89:3d:fa:22:23:72:05:a9:3f:7e:79:9e:1a: 482s fa:b6:02:18:e0:ea:60:ed:ae:86:70:ba:21:c3:c7: 482s 9d:c8:01:10:7f:1f:02:44:d5:3a:e8:2f:39:1d:71: 482s cf:54:cf:d2:0f:b8:0c:b9:00:71:1d:5c:63:26:83: 482s 22:f1:d8:8f:d5:59:ed:ea:69:f2:e8:7a:0d:42:6e: 482s d1:1b:dc:09:ab:07:a6:35:90:77:51:94:40:f7:93: 482s ac:91:0e:bd:e6:0f:8c:20:d1 482s Exponent: 65537 (0x10001) 482s X509v3 extensions: 482s X509v3 Authority Key Identifier: 482s E5:4F:3D:69:04:B8:D3:8A:56:E3:77:E0:52:88:AB:FE:81:B6:71:0E 482s X509v3 Basic Constraints: 482s CA:FALSE 482s Netscape Cert Type: 482s SSL Client, S/MIME 482s Netscape Comment: 482s Test Organization Root CA trusted Certificate 482s X509v3 Subject Key Identifier: 482s 9F:6D:6D:55:4A:F0:9A:90:60:59:B2:9E:BA:33:7A:77:15:F0:D3:BE 482s X509v3 Key Usage: critical 482s Digital Signature, Non Repudiation, Key Encipherment 482s X509v3 Extended Key Usage: 482s TLS Web Client Authentication, E-mail Protection 482s X509v3 Subject Alternative Name: 482s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 482s Signature Algorithm: sha256WithRSAEncryption 482s Signature Value: 482s 51:ac:ea:e5:38:ca:53:de:0e:88:76:92:8a:c1:2f:fc:30:8a: 482s f8:49:17:05:5d:99:d7:6d:a0:cb:47:aa:a2:d1:94:a5:74:7e: 482s 9c:2d:ac:ad:92:56:e6:fd:d1:5c:89:18:92:c6:f8:3d:26:cf: 482s 22:61:28:2f:48:1e:1e:30:14:9c:7e:80:3f:64:62:63:24:57: 482s dd:f8:70:b1:4d:50:ce:24:87:b0:15:1d:8d:d8:98:51:d5:9f: 482s 22:52:23:c5:e4:38:31:11:51:f0:4d:a2:f6:ff:72:8e:5a:0f: 482s 10:0c:73:81:b3:d8:2e:72:bb:64:8a:9e:f2:94:4c:0e:64:11: 482s 1f:2e 482s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-p8kq75/SSSD-child-204-auth.pem 482s + found_md5=Modulus=CE8E4630834F30FBD16363743539DFDC51F79EA5008BA39E0DA8913A609062893DFA22237205A93F7E799E1AFAB60218E0EA60EDAE8670BA21C3C79DC801107F1F0244D53AE82F391D71CF54CFD20FB80CB900711D5C63268322F1D88FD559EDEA69F2E87A0D426ED11BDC09AB07A6359077519440F793AC910EBDE60F8C20D1 482s + '[' Modulus=CE8E4630834F30FBD16363743539DFDC51F79EA5008BA39E0DA8913A609062893DFA22237205A93F7E799E1AFAB60218E0EA60EDAE8670BA21C3C79DC801107F1F0244D53AE82F391D71CF54CFD20FB80CB900711D5C63268322F1D88FD559EDEA69F2E87A0D426ED11BDC09AB07A6359077519440F793AC910EBDE60F8C20D1 '!=' Modulus=CE8E4630834F30FBD16363743539DFDC51F79EA5008BA39E0DA8913A609062893DFA22237205A93F7E799E1AFAB60218E0EA60EDAE8670BA21C3C79DC801107F1F0244D53AE82F391D71CF54CFD20FB80CB900711D5C63268322F1D88FD559EDEA69F2E87A0D426ED11BDC09AB07A6359077519440F793AC910EBDE60F8C20D1 ']' 482s + valid_certificate /tmp/sssd-softhsm2-p8kq75/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-31396 /tmp/sssd-softhsm2-p8kq75/test-root-CA.pem partial_chain 482s + check_certificate /tmp/sssd-softhsm2-p8kq75/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-31396 /tmp/sssd-softhsm2-p8kq75/test-root-CA.pem partial_chain 482s + local certificate=/tmp/sssd-softhsm2-p8kq75/test-root-CA-trusted-certificate-0001.pem 482s + local key_pass=pass:random-root-ca-trusted-cert-0001-31396 482s + local key_ring=/tmp/sssd-softhsm2-p8kq75/test-root-CA.pem 482s + local verify_option=partial_chain 482s + prepare_softhsm2_card /tmp/sssd-softhsm2-p8kq75/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-31396 482s + local certificate=/tmp/sssd-softhsm2-p8kq75/test-root-CA-trusted-certificate-0001.pem 482s + local key_pass=pass:random-root-ca-trusted-cert-0001-31396 482s + local key_cn 482s + local key_name 482s + local tokens_dir 482s + local output_cert_file 482s + token_name= 482s ++ basename /tmp/sssd-softhsm2-p8kq75/test-root-CA-trusted-certificate-0001.pem .pem 482s + key_name=test-root-CA-trusted-certificate-0001 482s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-p8kq75/test-root-CA-trusted-certificate-0001.pem 482s ++ sed -n 's/ *commonName *= //p' 482s + key_cn='Test Organization Root Trusted Certificate 0001' 482s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 482s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-p8kq75/softhsm2-test-root-CA-trusted-certificate-0001.conf 482s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-p8kq75/softhsm2-test-root-CA-trusted-certificate-0001.conf 482s ++ basename /tmp/sssd-softhsm2-p8kq75/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 482s + tokens_dir=/tmp/sssd-softhsm2-p8kq75/softhsm2-test-root-CA-trusted-certificate-0001 482s + token_name='Test Organization Root Tr Token' 482s Test Organization Root Tr Token 482s + '[' '!' -e /tmp/sssd-softhsm2-p8kq75/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 482s + '[' '!' -d /tmp/sssd-softhsm2-p8kq75/softhsm2-test-root-CA-trusted-certificate-0001 ']' 482s + echo 'Test Organization Root Tr Token' 482s + '[' -n partial_chain ']' 482s + local verify_arg=--verify=partial_chain 482s + local output_base_name=SSSD-child-672 482s + local output_file=/tmp/sssd-softhsm2-p8kq75/SSSD-child-672.output 482s + output_cert_file=/tmp/sssd-softhsm2-p8kq75/SSSD-child-672.pem 482s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-p8kq75/test-root-CA.pem 482s [p11_child[2978]] [main] (0x0400): p11_child started. 482s [p11_child[2978]] [main] (0x2000): Running in [pre-auth] mode. 482s [p11_child[2978]] [main] (0x2000): Running with effective IDs: [0][0]. 482s [p11_child[2978]] [main] (0x2000): Running with real IDs [0][0]. 482s [p11_child[2978]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 482s [p11_child[2978]] [do_card] (0x4000): Module List: 482s [p11_child[2978]] [do_card] (0x4000): common name: [softhsm2]. 482s [p11_child[2978]] [do_card] (0x4000): dll name: [/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 482s [p11_child[2978]] [do_card] (0x4000): Description [SoftHSM slot ID 0x2ccf3f5f] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 482s [p11_child[2978]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 482s [p11_child[2978]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x2ccf3f5f][751779679] of module [0][/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 482s [p11_child[2978]] [do_card] (0x4000): Login NOT required. 482s [p11_child[2978]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 482s [p11_child[2978]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 482s [p11_child[2978]] [do_card] (0x4000): /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Root Tr Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 482s [p11_child[2978]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x2ccf3f5f;slot-manufacturer=SoftHSM%20project;slot-id=751779679;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=04ac68fb2ccf3f5f;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 482s [p11_child[2978]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 482s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-p8kq75/SSSD-child-672.output 482s + echo '-----BEGIN CERTIFICATE-----' 482s + tail -n1 /tmp/sssd-softhsm2-p8kq75/SSSD-child-672.output 482s + echo '-----END CERTIFICATE-----' 482s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-p8kq75/SSSD-child-672.pem 482s Certificate: 482s Data: 482s Version: 3 (0x2) 482s Serial Number: 3 (0x3) 482s Signature Algorithm: sha256WithRSAEncryption 482s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 482s Validity 482s Not Before: Nov 29 20:51:19 2024 GMT 482s Not After : Nov 29 20:51:19 2025 GMT 482s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 482s Subject Public Key Info: 482s Public Key Algorithm: rsaEncryption 482s Public-Key: (1024 bit) 482s Modulus: 482s 00:ce:8e:46:30:83:4f:30:fb:d1:63:63:74:35:39: 482s df:dc:51:f7:9e:a5:00:8b:a3:9e:0d:a8:91:3a:60: 482s 90:62:89:3d:fa:22:23:72:05:a9:3f:7e:79:9e:1a: 482s fa:b6:02:18:e0:ea:60:ed:ae:86:70:ba:21:c3:c7: 482s 9d:c8:01:10:7f:1f:02:44:d5:3a:e8:2f:39:1d:71: 482s cf:54:cf:d2:0f:b8:0c:b9:00:71:1d:5c:63:26:83: 482s 22:f1:d8:8f:d5:59:ed:ea:69:f2:e8:7a:0d:42:6e: 482s d1:1b:dc:09:ab:07:a6:35:90:77:51:94:40:f7:93: 482s ac:91:0e:bd:e6:0f:8c:20:d1 482s Exponent: 65537 (0x10001) 482s X509v3 extensions: 482s X509v3 Authority Key Identifier: 482s E5:4F:3D:69:04:B8:D3:8A:56:E3:77:E0:52:88:AB:FE:81:B6:71:0E 482s X509v3 Basic Constraints: 482s CA:FALSE 482s Netscape Cert Type: 482s SSL Client, S/MIME 482s Netscape Comment: 482s Test Organization Root CA trusted Certificate 482s X509v3 Subject Key Identifier: 482s 9F:6D:6D:55:4A:F0:9A:90:60:59:B2:9E:BA:33:7A:77:15:F0:D3:BE 482s X509v3 Key Usage: critical 482s Digital Signature, Non Repudiation, Key Encipherment 482s X509v3 Extended Key Usage: 482s TLS Web Client Authentication, E-mail Protection 482s X509v3 Subject Alternative Name: 482s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 482s Signature Algorithm: sha256WithRSAEncryption 482s Signature Value: 482s 51:ac:ea:e5:38:ca:53:de:0e:88:76:92:8a:c1:2f:fc:30:8a: 482s f8:49:17:05:5d:99:d7:6d:a0:cb:47:aa:a2:d1:94:a5:74:7e: 482s 9c:2d:ac:ad:92:56:e6:fd:d1:5c:89:18:92:c6:f8:3d:26:cf: 482s 22:61:28:2f:48:1e:1e:30:14:9c:7e:80:3f:64:62:63:24:57: 482s dd:f8:70:b1:4d:50:ce:24:87:b0:15:1d:8d:d8:98:51:d5:9f: 482s 22:52:23:c5:e4:38:31:11:51:f0:4d:a2:f6:ff:72:8e:5a:0f: 482s 10:0c:73:81:b3:d8:2e:72:bb:64:8a:9e:f2:94:4c:0e:64:11: 482s 1f:2e 482s + local found_md5 expected_md5 482s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-p8kq75/test-root-CA-trusted-certificate-0001.pem 482s + expected_md5=Modulus=CE8E4630834F30FBD16363743539DFDC51F79EA5008BA39E0DA8913A609062893DFA22237205A93F7E799E1AFAB60218E0EA60EDAE8670BA21C3C79DC801107F1F0244D53AE82F391D71CF54CFD20FB80CB900711D5C63268322F1D88FD559EDEA69F2E87A0D426ED11BDC09AB07A6359077519440F793AC910EBDE60F8C20D1 482s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-p8kq75/SSSD-child-672.pem 482s + found_md5=Modulus=CE8E4630834F30FBD16363743539DFDC51F79EA5008BA39E0DA8913A609062893DFA22237205A93F7E799E1AFAB60218E0EA60EDAE8670BA21C3C79DC801107F1F0244D53AE82F391D71CF54CFD20FB80CB900711D5C63268322F1D88FD559EDEA69F2E87A0D426ED11BDC09AB07A6359077519440F793AC910EBDE60F8C20D1 482s + '[' Modulus=CE8E4630834F30FBD16363743539DFDC51F79EA5008BA39E0DA8913A609062893DFA22237205A93F7E799E1AFAB60218E0EA60EDAE8670BA21C3C79DC801107F1F0244D53AE82F391D71CF54CFD20FB80CB900711D5C63268322F1D88FD559EDEA69F2E87A0D426ED11BDC09AB07A6359077519440F793AC910EBDE60F8C20D1 '!=' Modulus=CE8E4630834F30FBD16363743539DFDC51F79EA5008BA39E0DA8913A609062893DFA22237205A93F7E799E1AFAB60218E0EA60EDAE8670BA21C3C79DC801107F1F0244D53AE82F391D71CF54CFD20FB80CB900711D5C63268322F1D88FD559EDEA69F2E87A0D426ED11BDC09AB07A6359077519440F793AC910EBDE60F8C20D1 ']' 482s + output_file=/tmp/sssd-softhsm2-p8kq75/SSSD-child-672-auth.output 482s ++ basename /tmp/sssd-softhsm2-p8kq75/SSSD-child-672-auth.output .output 482s + output_cert_file=/tmp/sssd-softhsm2-p8kq75/SSSD-child-672-auth.pem 482s + echo -n 053350 482s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-p8kq75/test-root-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Root Tr Token' --module_name /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so 482s [p11_child[2986]] [main] (0x0400): p11_child started. 482s [p11_child[2986]] [main] (0x2000): Running in [auth] mode. 482s [p11_child[2986]] [main] (0x2000): Running with effective IDs: [0][0]. 482s [p11_child[2986]] [main] (0x2000): Running with real IDs [0][0]. 482s [p11_child[2986]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 482s [p11_child[2986]] [do_card] (0x4000): Module List: 482s [p11_child[2986]] [do_card] (0x4000): common name: [softhsm2]. 482s [p11_child[2986]] [do_card] (0x4000): dll name: [/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 482s [p11_child[2986]] [do_card] (0x4000): Description [SoftHSM slot ID 0x2ccf3f5f] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 482s [p11_child[2986]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 482s [p11_child[2986]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x2ccf3f5f][751779679] of module [0][/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 482s [p11_child[2986]] [do_card] (0x4000): Login required. 482s [p11_child[2986]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 482s [p11_child[2986]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 482s [p11_child[2986]] [do_card] (0x4000): /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so Test Organization Root Tr Token Test Organization Root Tr Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 482s [p11_child[2986]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x2ccf3f5f;slot-manufacturer=SoftHSM%20project;slot-id=751779679;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=04ac68fb2ccf3f5f;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 482s [p11_child[2986]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 482s [p11_child[2986]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 482s [p11_child[2986]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 482s [p11_child[2986]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 482s [p11_child[2986]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 482s [p11_child[2986]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 482s [p11_child[2986]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 482s [p11_child[2986]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 482s [p11_child[2986]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 482s [p11_child[2986]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 482s [p11_child[2986]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 482s [p11_child[2986]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 482s [p11_child[2986]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 482s [p11_child[2986]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 482s [p11_child[2986]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 482s [p11_child[2986]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 482s [p11_child[2986]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 482s [p11_child[2986]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 482s [p11_child[2986]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 482s [p11_child[2986]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 482s [p11_child[2986]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 482s [p11_child[2986]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 482s [p11_child[2986]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 482s [p11_child[2986]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 482s [p11_child[2986]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 482s [p11_child[2986]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 482s [p11_child[2986]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 482s [p11_child[2986]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 482s [p11_child[2986]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 482s [p11_child[2986]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 482s [p11_child[2986]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 482s [p11_child[2986]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 482s [p11_child[2986]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 482s [p11_child[2986]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 482s [p11_child[2986]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 482s [p11_child[2986]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 482s [p11_child[2986]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 482s [p11_child[2986]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 482s [p11_child[2986]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 482s [p11_child[2986]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 482s [p11_child[2986]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 482s [p11_child[2986]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 482s [p11_child[2986]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 482s [p11_child[2986]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 482s [p11_child[2986]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 482s [p11_child[2986]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 482s [p11_child[2986]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 482s [p11_child[2986]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 482s [p11_child[2986]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 482s [p11_child[2986]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 482s [p11_child[2986]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 482s [p11_child[2986]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 482s [p11_child[2986]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 482s [p11_child[2986]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 482s [p11_child[2986]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 482s [p11_child[2986]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 482s [p11_child[2986]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 482s [p11_child[2986]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 482s [p11_child[2986]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 482s [p11_child[2986]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 482s [p11_child[2986]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 482s [p11_child[2986]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 482s [p11_child[2986]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 482s [p11_child[2986]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 482s [p11_child[2986]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 482s [p11_child[2986]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 482s [p11_child[2986]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 482s [p11_child[2986]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 482s [p11_child[2986]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 482s [p11_child[2986]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 482s [p11_child[2986]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 482s [p11_child[2986]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 482s [p11_child[2986]] [do_card] (0x4000): Certificate verified and validated. 482s [p11_child[2986]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 482s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-p8kq75/SSSD-child-672-auth.output 482s + echo '-----BEGIN CERTIFICATE-----' 482s + tail -n1 /tmp/sssd-softhsm2-p8kq75/SSSD-child-672-auth.output 482s + echo '-----END CERTIFICATE-----' 482s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-p8kq75/SSSD-child-672-auth.pem 482s Certificate: 482s Data: 482s Version: 3 (0x2) 482s Serial Number: 3 (0x3) 482s Signature Algorithm: sha256WithRSAEncryption 482s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 482s Validity 482s Not Before: Nov 29 20:51:19 2024 GMT 482s Not After : Nov 29 20:51:19 2025 GMT 482s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 482s Subject Public Key Info: 482s Public Key Algorithm: rsaEncryption 482s Public-Key: (1024 bit) 482s Modulus: 482s 00:ce:8e:46:30:83:4f:30:fb:d1:63:63:74:35:39: 482s df:dc:51:f7:9e:a5:00:8b:a3:9e:0d:a8:91:3a:60: 482s 90:62:89:3d:fa:22:23:72:05:a9:3f:7e:79:9e:1a: 482s fa:b6:02:18:e0:ea:60:ed:ae:86:70:ba:21:c3:c7: 482s 9d:c8:01:10:7f:1f:02:44:d5:3a:e8:2f:39:1d:71: 482s cf:54:cf:d2:0f:b8:0c:b9:00:71:1d:5c:63:26:83: 482s 22:f1:d8:8f:d5:59:ed:ea:69:f2:e8:7a:0d:42:6e: 482s d1:1b:dc:09:ab:07:a6:35:90:77:51:94:40:f7:93: 482s ac:91:0e:bd:e6:0f:8c:20:d1 482s Exponent: 65537 (0x10001) 482s X509v3 extensions: 482s X509v3 Authority Key Identifier: 482s E5:4F:3D:69:04:B8:D3:8A:56:E3:77:E0:52:88:AB:FE:81:B6:71:0E 482s X509v3 Basic Constraints: 482s CA:FALSE 482s Netscape Cert Type: 482s SSL Client, S/MIME 482s Netscape Comment: 482s Test Organization Root CA trusted Certificate 482s X509v3 Subject Key Identifier: 482s 9F:6D:6D:55:4A:F0:9A:90:60:59:B2:9E:BA:33:7A:77:15:F0:D3:BE 482s X509v3 Key Usage: critical 482s Digital Signature, Non Repudiation, Key Encipherment 482s X509v3 Extended Key Usage: 482s TLS Web Client Authentication, E-mail Protection 482s X509v3 Subject Alternative Name: 482s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 482s Signature Algorithm: sha256WithRSAEncryption 482s Signature Value: 482s 51:ac:ea:e5:38:ca:53:de:0e:88:76:92:8a:c1:2f:fc:30:8a: 482s f8:49:17:05:5d:99:d7:6d:a0:cb:47:aa:a2:d1:94:a5:74:7e: 482s 9c:2d:ac:ad:92:56:e6:fd:d1:5c:89:18:92:c6:f8:3d:26:cf: 482s 22:61:28:2f:48:1e:1e:30:14:9c:7e:80:3f:64:62:63:24:57: 482s dd:f8:70:b1:4d:50:ce:24:87:b0:15:1d:8d:d8:98:51:d5:9f: 482s 22:52:23:c5:e4:38:31:11:51:f0:4d:a2:f6:ff:72:8e:5a:0f: 482s 10:0c:73:81:b3:d8:2e:72:bb:64:8a:9e:f2:94:4c:0e:64:11: 482s 1f:2e 482s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-p8kq75/SSSD-child-672-auth.pem 482s + found_md5=Modulus=CE8E4630834F30FBD16363743539DFDC51F79EA5008BA39E0DA8913A609062893DFA22237205A93F7E799E1AFAB60218E0EA60EDAE8670BA21C3C79DC801107F1F0244D53AE82F391D71CF54CFD20FB80CB900711D5C63268322F1D88FD559EDEA69F2E87A0D426ED11BDC09AB07A6359077519440F793AC910EBDE60F8C20D1 482s + '[' Modulus=CE8E4630834F30FBD16363743539DFDC51F79EA5008BA39E0DA8913A609062893DFA22237205A93F7E799E1AFAB60218E0EA60EDAE8670BA21C3C79DC801107F1F0244D53AE82F391D71CF54CFD20FB80CB900711D5C63268322F1D88FD559EDEA69F2E87A0D426ED11BDC09AB07A6359077519440F793AC910EBDE60F8C20D1 '!=' Modulus=CE8E4630834F30FBD16363743539DFDC51F79EA5008BA39E0DA8913A609062893DFA22237205A93F7E799E1AFAB60218E0EA60EDAE8670BA21C3C79DC801107F1F0244D53AE82F391D71CF54CFD20FB80CB900711D5C63268322F1D88FD559EDEA69F2E87A0D426ED11BDC09AB07A6359077519440F793AC910EBDE60F8C20D1 ']' 482s + valid_certificate /tmp/sssd-softhsm2-p8kq75/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-31396 /tmp/sssd-softhsm2-p8kq75/test-full-chain-CA.pem 482s + check_certificate /tmp/sssd-softhsm2-p8kq75/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-31396 /tmp/sssd-softhsm2-p8kq75/test-full-chain-CA.pem 482s + local certificate=/tmp/sssd-softhsm2-p8kq75/test-root-CA-trusted-certificate-0001.pem 482s + local key_pass=pass:random-root-ca-trusted-cert-0001-31396 482s + local key_ring=/tmp/sssd-softhsm2-p8kq75/test-full-chain-CA.pem 482s + local verify_option= 482s + prepare_softhsm2_card /tmp/sssd-softhsm2-p8kq75/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-31396 482s + local certificate=/tmp/sssd-softhsm2-p8kq75/test-root-CA-trusted-certificate-0001.pem 482s + local key_pass=pass:random-root-ca-trusted-cert-0001-31396 482s + local key_cn 482s + local key_name 482s + local tokens_dir 482s + local output_cert_file 482s + token_name= 482s ++ basename /tmp/sssd-softhsm2-p8kq75/test-root-CA-trusted-certificate-0001.pem .pem 482s + key_name=test-root-CA-trusted-certificate-0001 482s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-p8kq75/test-root-CA-trusted-certificate-0001.pem 482s ++ sed -n 's/ *commonName *= //p' 482s + key_cn='Test Organization Root Trusted Certificate 0001' 482s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 482s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-p8kq75/softhsm2-test-root-CA-trusted-certificate-0001.conf 482s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-p8kq75/softhsm2-test-root-CA-trusted-certificate-0001.conf 482s ++ basename /tmp/sssd-softhsm2-p8kq75/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 482s + tokens_dir=/tmp/sssd-softhsm2-p8kq75/softhsm2-test-root-CA-trusted-certificate-0001 482s + token_name='Test Organization Root Tr Token' 482s Test Organization Root Tr Token 482s + '[' '!' -e /tmp/sssd-softhsm2-p8kq75/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 482s + '[' '!' -d /tmp/sssd-softhsm2-p8kq75/softhsm2-test-root-CA-trusted-certificate-0001 ']' 482s + echo 'Test Organization Root Tr Token' 482s + '[' -n '' ']' 482s + local output_base_name=SSSD-child-29135 482s + local output_file=/tmp/sssd-softhsm2-p8kq75/SSSD-child-29135.output 482s + output_cert_file=/tmp/sssd-softhsm2-p8kq75/SSSD-child-29135.pem 482s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-p8kq75/test-full-chain-CA.pem 482s [p11_child[2996]] [main] (0x0400): p11_child started. 482s [p11_child[2996]] [main] (0x2000): Running in [pre-auth] mode. 482s [p11_child[2996]] [main] (0x2000): Running with effective IDs: [0][0]. 482s [p11_child[2996]] [main] (0x2000): Running with real IDs [0][0]. 482s [p11_child[2996]] [do_card] (0x4000): Module List: 482s [p11_child[2996]] [do_card] (0x4000): common name: [softhsm2]. 482s [p11_child[2996]] [do_card] (0x4000): dll name: [/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 482s [p11_child[2996]] [do_card] (0x4000): Description [SoftHSM slot ID 0x2ccf3f5f] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 482s [p11_child[2996]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 482s [p11_child[2996]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x2ccf3f5f][751779679] of module [0][/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 482s [p11_child[2996]] [do_card] (0x4000): Login NOT required. 482s [p11_child[2996]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 482s [p11_child[2996]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 482s [p11_child[2996]] [do_card] (0x4000): /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Root Tr Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 482s [p11_child[2996]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x2ccf3f5f;slot-manufacturer=SoftHSM%20project;slot-id=751779679;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=04ac68fb2ccf3f5f;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 482s [p11_child[2996]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 482s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-p8kq75/SSSD-child-29135.output 483s + echo '-----BEGIN CERTIFICATE-----' 483s + tail -n1 /tmp/sssd-softhsm2-p8kq75/SSSD-child-29135.output 483s + echo '-----END CERTIFICATE-----' 483s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-p8kq75/SSSD-child-29135.pem 483s Certificate: 483s Data: 483s Version: 3 (0x2) 483s Serial Number: 3 (0x3) 483s Signature Algorithm: sha256WithRSAEncryption 483s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 483s Validity 483s Not Before: Nov 29 20:51:19 2024 GMT 483s Not After : Nov 29 20:51:19 2025 GMT 483s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 483s Subject Public Key Info: 483s Public Key Algorithm: rsaEncryption 483s Public-Key: (1024 bit) 483s Modulus: 483s 00:ce:8e:46:30:83:4f:30:fb:d1:63:63:74:35:39: 483s df:dc:51:f7:9e:a5:00:8b:a3:9e:0d:a8:91:3a:60: 483s 90:62:89:3d:fa:22:23:72:05:a9:3f:7e:79:9e:1a: 483s fa:b6:02:18:e0:ea:60:ed:ae:86:70:ba:21:c3:c7: 483s 9d:c8:01:10:7f:1f:02:44:d5:3a:e8:2f:39:1d:71: 483s cf:54:cf:d2:0f:b8:0c:b9:00:71:1d:5c:63:26:83: 483s 22:f1:d8:8f:d5:59:ed:ea:69:f2:e8:7a:0d:42:6e: 483s d1:1b:dc:09:ab:07:a6:35:90:77:51:94:40:f7:93: 483s ac:91:0e:bd:e6:0f:8c:20:d1 483s Exponent: 65537 (0x10001) 483s X509v3 extensions: 483s X509v3 Authority Key Identifier: 483s E5:4F:3D:69:04:B8:D3:8A:56:E3:77:E0:52:88:AB:FE:81:B6:71:0E 483s X509v3 Basic Constraints: 483s CA:FALSE 483s Netscape Cert Type: 483s SSL Client, S/MIME 483s Netscape Comment: 483s Test Organization Root CA trusted Certificate 483s X509v3 Subject Key Identifier: 483s 9F:6D:6D:55:4A:F0:9A:90:60:59:B2:9E:BA:33:7A:77:15:F0:D3:BE 483s X509v3 Key Usage: critical 483s Digital Signature, Non Repudiation, Key Encipherment 483s X509v3 Extended Key Usage: 483s TLS Web Client Authentication, E-mail Protection 483s X509v3 Subject Alternative Name: 483s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 483s Signature Algorithm: sha256WithRSAEncryption 483s Signature Value: 483s 51:ac:ea:e5:38:ca:53:de:0e:88:76:92:8a:c1:2f:fc:30:8a: 483s f8:49:17:05:5d:99:d7:6d:a0:cb:47:aa:a2:d1:94:a5:74:7e: 483s 9c:2d:ac:ad:92:56:e6:fd:d1:5c:89:18:92:c6:f8:3d:26:cf: 483s 22:61:28:2f:48:1e:1e:30:14:9c:7e:80:3f:64:62:63:24:57: 483s dd:f8:70:b1:4d:50:ce:24:87:b0:15:1d:8d:d8:98:51:d5:9f: 483s 22:52:23:c5:e4:38:31:11:51:f0:4d:a2:f6:ff:72:8e:5a:0f: 483s 10:0c:73:81:b3:d8:2e:72:bb:64:8a:9e:f2:94:4c:0e:64:11: 483s 1f:2e 483s + local found_md5 expected_md5 483s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-p8kq75/test-root-CA-trusted-certificate-0001.pem 483s + expected_md5=Modulus=CE8E4630834F30FBD16363743539DFDC51F79EA5008BA39E0DA8913A609062893DFA22237205A93F7E799E1AFAB60218E0EA60EDAE8670BA21C3C79DC801107F1F0244D53AE82F391D71CF54CFD20FB80CB900711D5C63268322F1D88FD559EDEA69F2E87A0D426ED11BDC09AB07A6359077519440F793AC910EBDE60F8C20D1 483s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-p8kq75/SSSD-child-29135.pem 483s + found_md5=Modulus=CE8E4630834F30FBD16363743539DFDC51F79EA5008BA39E0DA8913A609062893DFA22237205A93F7E799E1AFAB60218E0EA60EDAE8670BA21C3C79DC801107F1F0244D53AE82F391D71CF54CFD20FB80CB900711D5C63268322F1D88FD559EDEA69F2E87A0D426ED11BDC09AB07A6359077519440F793AC910EBDE60F8C20D1 483s + '[' Modulus=CE8E4630834F30FBD16363743539DFDC51F79EA5008BA39E0DA8913A609062893DFA22237205A93F7E799E1AFAB60218E0EA60EDAE8670BA21C3C79DC801107F1F0244D53AE82F391D71CF54CFD20FB80CB900711D5C63268322F1D88FD559EDEA69F2E87A0D426ED11BDC09AB07A6359077519440F793AC910EBDE60F8C20D1 '!=' Modulus=CE8E4630834F30FBD16363743539DFDC51F79EA5008BA39E0DA8913A609062893DFA22237205A93F7E799E1AFAB60218E0EA60EDAE8670BA21C3C79DC801107F1F0244D53AE82F391D71CF54CFD20FB80CB900711D5C63268322F1D88FD559EDEA69F2E87A0D426ED11BDC09AB07A6359077519440F793AC910EBDE60F8C20D1 ']' 483s + output_file=/tmp/sssd-softhsm2-p8kq75/SSSD-child-29135-auth.output 483s ++ basename /tmp/sssd-softhsm2-p8kq75/SSSD-child-29135-auth.output .output 483s + output_cert_file=/tmp/sssd-softhsm2-p8kq75/SSSD-child-29135-auth.pem 483s + echo -n 053350 483s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-p8kq75/test-full-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 '' --token_name 'Test Organization Root Tr Token' --module_name /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so 483s [p11_child[3004]] [main] (0x0400): p11_child started. 483s [p11_child[3004]] [main] (0x2000): Running in [auth] mode. 483s [p11_child[3004]] [main] (0x2000): Running with effective IDs: [0][0]. 483s [p11_child[3004]] [main] (0x2000): Running with real IDs [0][0]. 483s [p11_child[3004]] [do_card] (0x4000): Module List: 483s [p11_child[3004]] [do_card] (0x4000): common name: [softhsm2]. 483s [p11_child[3004]] [do_card] (0x4000): dll name: [/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 483s [p11_child[3004]] [do_card] (0x4000): Description [SoftHSM slot ID 0x2ccf3f5f] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 483s [p11_child[3004]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 483s [p11_child[3004]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x2ccf3f5f][751779679] of module [0][/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 483s [p11_child[3004]] [do_card] (0x4000): Login required. 483s [p11_child[3004]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 483s [p11_child[3004]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 483s [p11_child[3004]] [do_card] (0x4000): /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so Test Organization Root Tr Token Test Organization Root Tr Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 483s [p11_child[3004]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x2ccf3f5f;slot-manufacturer=SoftHSM%20project;slot-id=751779679;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=04ac68fb2ccf3f5f;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 483s [p11_child[3004]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 483s [p11_child[3004]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 483s [p11_child[3004]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 483s [p11_child[3004]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 483s [p11_child[3004]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 483s [p11_child[3004]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 483s [p11_child[3004]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 483s [p11_child[3004]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 483s [p11_child[3004]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 483s [p11_child[3004]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 483s [p11_child[3004]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 483s [p11_child[3004]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 483s [p11_child[3004]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 483s [p11_child[3004]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 483s [p11_child[3004]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 483s [p11_child[3004]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 483s [p11_child[3004]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 483s [p11_child[3004]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 483s [p11_child[3004]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 483s [p11_child[3004]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 483s [p11_child[3004]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 483s [p11_child[3004]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 483s [p11_child[3004]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 483s [p11_child[3004]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 483s [p11_child[3004]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 483s [p11_child[3004]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 483s [p11_child[3004]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 483s [p11_child[3004]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 483s [p11_child[3004]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 483s [p11_child[3004]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 483s [p11_child[3004]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 483s [p11_child[3004]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 483s [p11_child[3004]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 483s [p11_child[3004]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 483s [p11_child[3004]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 483s [p11_child[3004]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 483s [p11_child[3004]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 483s [p11_child[3004]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 483s [p11_child[3004]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 483s [p11_child[3004]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 483s [p11_child[3004]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 483s [p11_child[3004]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 483s [p11_child[3004]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 483s [p11_child[3004]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 483s [p11_child[3004]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 483s [p11_child[3004]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 483s [p11_child[3004]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 483s [p11_child[3004]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 483s [p11_child[3004]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 483s [p11_child[3004]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 483s [p11_child[3004]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 483s [p11_child[3004]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 483s [p11_child[3004]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 483s [p11_child[3004]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 483s [p11_child[3004]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 483s [p11_child[3004]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 483s [p11_child[3004]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 483s [p11_child[3004]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 483s [p11_child[3004]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 483s [p11_child[3004]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 483s [p11_child[3004]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 483s [p11_child[3004]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 483s [p11_child[3004]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 483s [p11_child[3004]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 483s [p11_child[3004]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 483s [p11_child[3004]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 483s [p11_child[3004]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 483s [p11_child[3004]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 483s [p11_child[3004]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 483s [p11_child[3004]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 483s [p11_child[3004]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 483s [p11_child[3004]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 483s [p11_child[3004]] [do_card] (0x4000): Certificate verified and validated. 483s [p11_child[3004]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 483s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-p8kq75/SSSD-child-29135-auth.output 483s + echo '-----BEGIN CERTIFICATE-----' 483s + tail -n1 /tmp/sssd-softhsm2-p8kq75/SSSD-child-29135-auth.output 483s + echo '-----END CERTIFICATE-----' 483s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-p8kq75/SSSD-child-29135-auth.pem 483s Certificate: 483s Data: 483s Version: 3 (0x2) 483s Serial Number: 3 (0x3) 483s Signature Algorithm: sha256WithRSAEncryption 483s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 483s Validity 483s Not Before: Nov 29 20:51:19 2024 GMT 483s Not After : Nov 29 20:51:19 2025 GMT 483s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 483s Subject Public Key Info: 483s Public Key Algorithm: rsaEncryption 483s Public-Key: (1024 bit) 483s Modulus: 483s 00:ce:8e:46:30:83:4f:30:fb:d1:63:63:74:35:39: 483s df:dc:51:f7:9e:a5:00:8b:a3:9e:0d:a8:91:3a:60: 483s 90:62:89:3d:fa:22:23:72:05:a9:3f:7e:79:9e:1a: 483s fa:b6:02:18:e0:ea:60:ed:ae:86:70:ba:21:c3:c7: 483s 9d:c8:01:10:7f:1f:02:44:d5:3a:e8:2f:39:1d:71: 483s cf:54:cf:d2:0f:b8:0c:b9:00:71:1d:5c:63:26:83: 483s 22:f1:d8:8f:d5:59:ed:ea:69:f2:e8:7a:0d:42:6e: 483s d1:1b:dc:09:ab:07:a6:35:90:77:51:94:40:f7:93: 483s ac:91:0e:bd:e6:0f:8c:20:d1 483s Exponent: 65537 (0x10001) 483s X509v3 extensions: 483s X509v3 Authority Key Identifier: 483s E5:4F:3D:69:04:B8:D3:8A:56:E3:77:E0:52:88:AB:FE:81:B6:71:0E 483s X509v3 Basic Constraints: 483s CA:FALSE 483s Netscape Cert Type: 483s SSL Client, S/MIME 483s Netscape Comment: 483s Test Organization Root CA trusted Certificate 483s X509v3 Subject Key Identifier: 483s 9F:6D:6D:55:4A:F0:9A:90:60:59:B2:9E:BA:33:7A:77:15:F0:D3:BE 483s X509v3 Key Usage: critical 483s Digital Signature, Non Repudiation, Key Encipherment 483s X509v3 Extended Key Usage: 483s TLS Web Client Authentication, E-mail Protection 483s X509v3 Subject Alternative Name: 483s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 483s Signature Algorithm: sha256WithRSAEncryption 483s Signature Value: 483s 51:ac:ea:e5:38:ca:53:de:0e:88:76:92:8a:c1:2f:fc:30:8a: 483s f8:49:17:05:5d:99:d7:6d:a0:cb:47:aa:a2:d1:94:a5:74:7e: 483s 9c:2d:ac:ad:92:56:e6:fd:d1:5c:89:18:92:c6:f8:3d:26:cf: 483s 22:61:28:2f:48:1e:1e:30:14:9c:7e:80:3f:64:62:63:24:57: 483s dd:f8:70:b1:4d:50:ce:24:87:b0:15:1d:8d:d8:98:51:d5:9f: 483s 22:52:23:c5:e4:38:31:11:51:f0:4d:a2:f6:ff:72:8e:5a:0f: 483s 10:0c:73:81:b3:d8:2e:72:bb:64:8a:9e:f2:94:4c:0e:64:11: 483s 1f:2e 483s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-p8kq75/SSSD-child-29135-auth.pem 483s + found_md5=Modulus=CE8E4630834F30FBD16363743539DFDC51F79EA5008BA39E0DA8913A609062893DFA22237205A93F7E799E1AFAB60218E0EA60EDAE8670BA21C3C79DC801107F1F0244D53AE82F391D71CF54CFD20FB80CB900711D5C63268322F1D88FD559EDEA69F2E87A0D426ED11BDC09AB07A6359077519440F793AC910EBDE60F8C20D1 483s + '[' Modulus=CE8E4630834F30FBD16363743539DFDC51F79EA5008BA39E0DA8913A609062893DFA22237205A93F7E799E1AFAB60218E0EA60EDAE8670BA21C3C79DC801107F1F0244D53AE82F391D71CF54CFD20FB80CB900711D5C63268322F1D88FD559EDEA69F2E87A0D426ED11BDC09AB07A6359077519440F793AC910EBDE60F8C20D1 '!=' Modulus=CE8E4630834F30FBD16363743539DFDC51F79EA5008BA39E0DA8913A609062893DFA22237205A93F7E799E1AFAB60218E0EA60EDAE8670BA21C3C79DC801107F1F0244D53AE82F391D71CF54CFD20FB80CB900711D5C63268322F1D88FD559EDEA69F2E87A0D426ED11BDC09AB07A6359077519440F793AC910EBDE60F8C20D1 ']' 483s + valid_certificate /tmp/sssd-softhsm2-p8kq75/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-31396 /tmp/sssd-softhsm2-p8kq75/test-full-chain-CA.pem partial_chain 483s + check_certificate /tmp/sssd-softhsm2-p8kq75/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-31396 /tmp/sssd-softhsm2-p8kq75/test-full-chain-CA.pem partial_chain 483s + local certificate=/tmp/sssd-softhsm2-p8kq75/test-root-CA-trusted-certificate-0001.pem 483s + local key_pass=pass:random-root-ca-trusted-cert-0001-31396 483s + local key_ring=/tmp/sssd-softhsm2-p8kq75/test-full-chain-CA.pem 483s + local verify_option=partial_chain 483s + prepare_softhsm2_card /tmp/sssd-softhsm2-p8kq75/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-31396 483s + local certificate=/tmp/sssd-softhsm2-p8kq75/test-root-CA-trusted-certificate-0001.pem 483s + local key_pass=pass:random-root-ca-trusted-cert-0001-31396 483s + local key_cn 483s + local key_name 483s + local tokens_dir 483s + local output_cert_file 483s + token_name= 483s ++ basename /tmp/sssd-softhsm2-p8kq75/test-root-CA-trusted-certificate-0001.pem .pem 483s + key_name=test-root-CA-trusted-certificate-0001 483s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-p8kq75/test-root-CA-trusted-certificate-0001.pem 483s ++ sed -n 's/ *commonName *= //p' 483s Test Organization Root Tr Token 483s Certificate: 483s Data: 483s Version: 3 (0x2) 483s Serial Number: 3 (0x3) 483s Signature Algorithm: sha256WithRSAEncryption 483s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 483s Validity 483s Not Before: Nov 29 20:51:19 2024 GMT 483s Not After : Nov 29 20:51:19 2025 GMT 483s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 483s Subject Public Key Info: 483s Public Key Algorithm: rsaEncryption 483s Public-Key: (1024 bit) 483s Modulus: 483s 00:ce:8e:46:30:83:4f:30:fb:d1:63:63:74:35:39: 483s df:dc:51:f7:9e:a5:00:8b:a3:9e:0d:a8:91:3a:60: 483s 90:62:89:3d:fa:22:23:72:05:a9:3f:7e:79:9e:1a: 483s fa:b6:02:18:e0:ea:60:ed:ae:86:70:ba:21:c3:c7: 483s 9d:c8:01:10:7f:1f:02:44:d5:3a:e8:2f:39:1d:71: 483s cf:54:cf:d2:0f:b8:0c:b9:00:71:1d:5c:63:26:83: 483s 22:f1:d8:8f:d5:59:ed:ea:69:f2:e8:7a:0d:42:6e: 483s d1:1b:dc:09:ab:07:a6:35:90:77:51:94:40:f7:93: 483s ac:91:0e:bd:e6:0f:8c:20:d1 483s Exponent: 65537 (0x10001) 483s X509v3 extensions: 483s X509v3 Authority Key Identifier: 483s E5:4F:3D:69:04:B8:D3:8A:56:E3:77:E0:52:88:AB:FE:81:B6:71:0E 483s X509v3 Basic Constraints: 483s CA:FALSE 483s Netscape Cert Type: 483s SSL Client, S/MIME 483s Netscape Comment: 483s Test Organization Root CA trusted Certificate 483s X509v3 Subject Key Identifier: 483s 9F:6D:6D:55:4A:F0:9A:90:60:59:B2:9E:BA:33:7A:77:15:F0:D3:BE 483s X509v3 Key Usage: critical 483s Digital Signature, Non Repudiation, Key Encipherment 483s X509v3 Extended Key Usage: 483s TLS Web Client Authentication, E-mail Protection 483s X509v3 Subject Alternative Name: 483s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 483s Signature Algorithm: sha256WithRSAEncryption 483s Signature Value: 483s 51:ac:ea:e5:38:ca:53:de:0e:88:76:92:8a:c1:2f:fc:30:8a: 483s f8:49:17:05:5d:99:d7:6d:a0:cb:47:aa:a2:d1:94:a5:74:7e: 483s 9c:2d:ac:ad:92:56:e6:fd:d1:5c:89:18:92:c6:f8:3d:26:cf: 483s 22:61:28:2f:48:1e:1e:30:14:9c:7e:80:3f:64:62:63:24:57: 483s dd:f8:70:b1:4d:50:ce:24:87:b0:15:1d:8d:d8:98:51:d5:9f: 483s 22:52:23:c5:e4:38:31:11:51:f0:4d:a2:f6:ff:72:8e:5a:0f: 483s 10:0c:73:81:b3:d8:2e:72:bb:64:8a:9e:f2:94:4c:0e:64:11: 483s 1f:2e 483s + key_cn='Test Organization Root Trusted Certificate 0001' 483s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 483s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-p8kq75/softhsm2-test-root-CA-trusted-certificate-0001.conf 483s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-p8kq75/softhsm2-test-root-CA-trusted-certificate-0001.conf 483s ++ basename /tmp/sssd-softhsm2-p8kq75/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 483s + tokens_dir=/tmp/sssd-softhsm2-p8kq75/softhsm2-test-root-CA-trusted-certificate-0001 483s + token_name='Test Organization Root Tr Token' 483s + '[' '!' -e /tmp/sssd-softhsm2-p8kq75/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 483s + '[' '!' -d /tmp/sssd-softhsm2-p8kq75/softhsm2-test-root-CA-trusted-certificate-0001 ']' 483s + echo 'Test Organization Root Tr Token' 483s + '[' -n partial_chain ']' 483s + local verify_arg=--verify=partial_chain 483s + local output_base_name=SSSD-child-18838 483s + local output_file=/tmp/sssd-softhsm2-p8kq75/SSSD-child-18838.output 483s + output_cert_file=/tmp/sssd-softhsm2-p8kq75/SSSD-child-18838.pem 483s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-p8kq75/test-full-chain-CA.pem 483s [p11_child[3014]] [main] (0x0400): p11_child started. 483s [p11_child[3014]] [main] (0x2000): Running in [pre-auth] mode. 483s [p11_child[3014]] [main] (0x2000): Running with effective IDs: [0][0]. 483s [p11_child[3014]] [main] (0x2000): Running with real IDs [0][0]. 483s [p11_child[3014]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 483s [p11_child[3014]] [do_card] (0x4000): Module List: 483s [p11_child[3014]] [do_card] (0x4000): common name: [softhsm2]. 483s [p11_child[3014]] [do_card] (0x4000): dll name: [/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 483s [p11_child[3014]] [do_card] (0x4000): Description [SoftHSM slot ID 0x2ccf3f5f] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 483s [p11_child[3014]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 483s [p11_child[3014]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x2ccf3f5f][751779679] of module [0][/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 483s [p11_child[3014]] [do_card] (0x4000): Login NOT required. 483s [p11_child[3014]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 483s [p11_child[3014]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 483s [p11_child[3014]] [do_card] (0x4000): /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Root Tr Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 483s [p11_child[3014]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x2ccf3f5f;slot-manufacturer=SoftHSM%20project;slot-id=751779679;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=04ac68fb2ccf3f5f;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 483s [p11_child[3014]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 483s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-p8kq75/SSSD-child-18838.output 483s + echo '-----BEGIN CERTIFICATE-----' 483s + tail -n1 /tmp/sssd-softhsm2-p8kq75/SSSD-child-18838.output 483s + echo '-----END CERTIFICATE-----' 483s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-p8kq75/SSSD-child-18838.pem 483s + local found_md5 expected_md5 483s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-p8kq75/test-root-CA-trusted-certificate-0001.pem 483s + expected_md5=Modulus=CE8E4630834F30FBD16363743539DFDC51F79EA5008BA39E0DA8913A609062893DFA22237205A93F7E799E1AFAB60218E0EA60EDAE8670BA21C3C79DC801107F1F0244D53AE82F391D71CF54CFD20FB80CB900711D5C63268322F1D88FD559EDEA69F2E87A0D426ED11BDC09AB07A6359077519440F793AC910EBDE60F8C20D1 483s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-p8kq75/SSSD-child-18838.pem 483s + found_md5=Modulus=CE8E4630834F30FBD16363743539DFDC51F79EA5008BA39E0DA8913A609062893DFA22237205A93F7E799E1AFAB60218E0EA60EDAE8670BA21C3C79DC801107F1F0244D53AE82F391D71CF54CFD20FB80CB900711D5C63268322F1D88FD559EDEA69F2E87A0D426ED11BDC09AB07A6359077519440F793AC910EBDE60F8C20D1 483s + '[' Modulus=CE8E4630834F30FBD16363743539DFDC51F79EA5008BA39E0DA8913A609062893DFA22237205A93F7E799E1AFAB60218E0EA60EDAE8670BA21C3C79DC801107F1F0244D53AE82F391D71CF54CFD20FB80CB900711D5C63268322F1D88FD559EDEA69F2E87A0D426ED11BDC09AB07A6359077519440F793AC910EBDE60F8C20D1 '!=' Modulus=CE8E4630834F30FBD16363743539DFDC51F79EA5008BA39E0DA8913A609062893DFA22237205A93F7E799E1AFAB60218E0EA60EDAE8670BA21C3C79DC801107F1F0244D53AE82F391D71CF54CFD20FB80CB900711D5C63268322F1D88FD559EDEA69F2E87A0D426ED11BDC09AB07A6359077519440F793AC910EBDE60F8C20D1 ']' 483s + output_file=/tmp/sssd-softhsm2-p8kq75/SSSD-child-18838-auth.output 483s ++ basename /tmp/sssd-softhsm2-p8kq75/SSSD-child-18838-auth.output .output 483s + output_cert_file=/tmp/sssd-softhsm2-p8kq75/SSSD-child-18838-auth.pem 483s + echo -n 053350 483s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-p8kq75/test-full-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Root Tr Token' --module_name /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so 483s [p11_child[3022]] [main] (0x0400): p11_child started. 483s [p11_child[3022]] [main] (0x2000): Running in [auth] mode. 483s [p11_child[3022]] [main] (0x2000): Running with effective IDs: [0][0]. 483s [p11_child[3022]] [main] (0x2000): Running with real IDs [0][0]. 483s [p11_child[3022]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 483s [p11_child[3022]] [do_card] (0x4000): Module List: 483s [p11_child[3022]] [do_card] (0x4000): common name: [softhsm2]. 483s [p11_child[3022]] [do_card] (0x4000): dll name: [/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 483s [p11_child[3022]] [do_card] (0x4000): Description [SoftHSM slot ID 0x2ccf3f5f] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 483s [p11_child[3022]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 483s [p11_child[3022]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x2ccf3f5f][751779679] of module [0][/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 483s [p11_child[3022]] [do_card] (0x4000): Login required. 483s [p11_child[3022]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 483s [p11_child[3022]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 483s [p11_child[3022]] [do_card] (0x4000): /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so Test Organization Root Tr Token Test Organization Root Tr Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 483s [p11_child[3022]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x2ccf3f5f;slot-manufacturer=SoftHSM%20project;slot-id=751779679;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=04ac68fb2ccf3f5f;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 483s [p11_child[3022]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 483s [p11_child[3022]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 483s [p11_child[3022]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 483s [p11_child[3022]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 483s [p11_child[3022]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 483s [p11_child[3022]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 483s [p11_child[3022]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 483s [p11_child[3022]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 483s [p11_child[3022]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 483s [p11_child[3022]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 483s [p11_child[3022]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 483s [p11_child[3022]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 483s [p11_child[3022]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 483s [p11_child[3022]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 483s [p11_child[3022]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 483s [p11_child[3022]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 483s [p11_child[3022]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 483s [p11_child[3022]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 483s [p11_child[3022]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 483s [p11_child[3022]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 483s [p11_child[3022]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 483s [p11_child[3022]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 483s [p11_child[3022]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 483s [p11_child[3022]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 483s [p11_child[3022]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 483s [p11_child[3022]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 483s [p11_child[3022]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 483s [p11_child[3022]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 483s [p11_child[3022]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 483s [p11_child[3022]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 483s [p11_child[3022]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 483s [p11_child[3022]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 483s [p11_child[3022]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 483s [p11_child[3022]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 483s [p11_child[3022]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 483s [p11_child[3022]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 483s [p11_child[3022]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 483s [p11_child[3022]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 483s [p11_child[3022]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 483s [p11_child[3022]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 483s [p11_child[3022]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 483s [p11_child[3022]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 483s [p11_child[3022]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 483s [p11_child[3022]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 483s [p11_child[3022]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 483s [p11_child[3022]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 483s [p11_child[3022]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 483s [p11_child[3022]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 483s [p11_child[3022]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 483s [p11_child[3022]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 483s [p11_child[3022]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 483s [p11_child[3022]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 483s [p11_child[3022]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 483s [p11_child[3022]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 483s [p11_child[3022]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 483s [p11_child[3022]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 483s [p11_child[3022]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 483s [p11_child[3022]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 483s [p11_child[3022]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 483s [p11_child[3022]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 483s [p11_child[3022]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 483s [p11_child[3022]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 483s [p11_child[3022]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 483s [p11_child[3022]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 483s [p11_child[3022]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 483s [p11_child[3022]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 483s [p11_child[3022]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 483s [p11_child[3022]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 483s [p11_child[3022]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 483s [p11_child[3022]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 483s [p11_child[3022]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 483s [p11_child[3022]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 483s [p11_child[3022]] [do_card] (0x4000): Certificate verified and validated. 483s [p11_child[3022]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 483s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-p8kq75/SSSD-child-18838-auth.output 483s + echo '-----BEGIN CERTIFICATE-----' 483s + tail -n1 /tmp/sssd-softhsm2-p8kq75/SSSD-child-18838-auth.output 483s + echo '-----END CERTIFICATE-----' 483s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-p8kq75/SSSD-child-18838-auth.pem 483s Certificate: 483s Data: 483s Version: 3 (0x2) 483s Serial Number: 3 (0x3) 483s Signature Algorithm: sha256WithRSAEncryption 483s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 483s Validity 483s Not Before: Nov 29 20:51:19 2024 GMT 483s Not After : Nov 29 20:51:19 2025 GMT 483s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 483s Subject Public Key Info: 483s Public Key Algorithm: rsaEncryption 483s Public-Key: (1024 bit) 483s Modulus: 483s 00:ce:8e:46:30:83:4f:30:fb:d1:63:63:74:35:39: 483s df:dc:51:f7:9e:a5:00:8b:a3:9e:0d:a8:91:3a:60: 483s 90:62:89:3d:fa:22:23:72:05:a9:3f:7e:79:9e:1a: 483s fa:b6:02:18:e0:ea:60:ed:ae:86:70:ba:21:c3:c7: 483s 9d:c8:01:10:7f:1f:02:44:d5:3a:e8:2f:39:1d:71: 483s cf:54:cf:d2:0f:b8:0c:b9:00:71:1d:5c:63:26:83: 483s 22:f1:d8:8f:d5:59:ed:ea:69:f2:e8:7a:0d:42:6e: 483s d1:1b:dc:09:ab:07:a6:35:90:77:51:94:40:f7:93: 483s ac:91:0e:bd:e6:0f:8c:20:d1 483s Exponent: 65537 (0x10001) 483s X509v3 extensions: 483s X509v3 Authority Key Identifier: 483s E5:4F:3D:69:04:B8:D3:8A:56:E3:77:E0:52:88:AB:FE:81:B6:71:0E 483s X509v3 Basic Constraints: 483s CA:FALSE 483s Netscape Cert Type: 483s SSL Client, S/MIME 483s Netscape Comment: 483s Test Organization Root CA trusted Certificate 483s X509v3 Subject Key Identifier: 483s 9F:6D:6D:55:4A:F0:9A:90:60:59:B2:9E:BA:33:7A:77:15:F0:D3:BE 483s X509v3 Key Usage: critical 483s Digital Signature, Non Repudiation, Key Encipherment 483s X509v3 Extended Key Usage: 483s TLS Web Client Authentication, E-mail Protection 483s X509v3 Subject Alternative Name: 483s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 483s Signature Algorithm: sha256WithRSAEncryption 483s Signature Value: 483s 51:ac:ea:e5:38:ca:53:de:0e:88:76:92:8a:c1:2f:fc:30:8a: 483s f8:49:17:05:5d:99:d7:6d:a0:cb:47:aa:a2:d1:94:a5:74:7e: 483s 9c:2d:ac:ad:92:56:e6:fd:d1:5c:89:18:92:c6:f8:3d:26:cf: 483s 22:61:28:2f:48:1e:1e:30:14:9c:7e:80:3f:64:62:63:24:57: 483s dd:f8:70:b1:4d:50:ce:24:87:b0:15:1d:8d:d8:98:51:d5:9f: 483s 22:52:23:c5:e4:38:31:11:51:f0:4d:a2:f6:ff:72:8e:5a:0f: 483s 10:0c:73:81:b3:d8:2e:72:bb:64:8a:9e:f2:94:4c:0e:64:11: 483s 1f:2e 483s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-p8kq75/SSSD-child-18838-auth.pem 483s + found_md5=Modulus=CE8E4630834F30FBD16363743539DFDC51F79EA5008BA39E0DA8913A609062893DFA22237205A93F7E799E1AFAB60218E0EA60EDAE8670BA21C3C79DC801107F1F0244D53AE82F391D71CF54CFD20FB80CB900711D5C63268322F1D88FD559EDEA69F2E87A0D426ED11BDC09AB07A6359077519440F793AC910EBDE60F8C20D1 483s + '[' Modulus=CE8E4630834F30FBD16363743539DFDC51F79EA5008BA39E0DA8913A609062893DFA22237205A93F7E799E1AFAB60218E0EA60EDAE8670BA21C3C79DC801107F1F0244D53AE82F391D71CF54CFD20FB80CB900711D5C63268322F1D88FD559EDEA69F2E87A0D426ED11BDC09AB07A6359077519440F793AC910EBDE60F8C20D1 '!=' Modulus=CE8E4630834F30FBD16363743539DFDC51F79EA5008BA39E0DA8913A609062893DFA22237205A93F7E799E1AFAB60218E0EA60EDAE8670BA21C3C79DC801107F1F0244D53AE82F391D71CF54CFD20FB80CB900711D5C63268322F1D88FD559EDEA69F2E87A0D426ED11BDC09AB07A6359077519440F793AC910EBDE60F8C20D1 ']' 483s + invalid_certificate /tmp/sssd-softhsm2-p8kq75/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-31396 /tmp/sssd-softhsm2-p8kq75/test-intermediate-CA.pem 483s + check_certificate /tmp/sssd-softhsm2-p8kq75/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-31396 /tmp/sssd-softhsm2-p8kq75/test-intermediate-CA.pem 483s + local certificate=/tmp/sssd-softhsm2-p8kq75/test-root-CA-trusted-certificate-0001.pem 483s + local key_pass=pass:random-root-ca-trusted-cert-0001-31396 483s + local key_ring=/tmp/sssd-softhsm2-p8kq75/test-intermediate-CA.pem 483s + local verify_option= 483s + prepare_softhsm2_card /tmp/sssd-softhsm2-p8kq75/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-31396 483s + local certificate=/tmp/sssd-softhsm2-p8kq75/test-root-CA-trusted-certificate-0001.pem 483s + local key_pass=pass:random-root-ca-trusted-cert-0001-31396 483s + local key_cn 483s + local key_name 483s + local tokens_dir 483s + local output_cert_file 483s + token_name= 483s ++ basename /tmp/sssd-softhsm2-p8kq75/test-root-CA-trusted-certificate-0001.pem .pem 483s + key_name=test-root-CA-trusted-certificate-0001 483s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-p8kq75/test-root-CA-trusted-certificate-0001.pem 483s ++ sed -n 's/ *commonName *= //p' 483s + key_cn='Test Organization Root Trusted Certificate 0001' 483s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 483s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-p8kq75/softhsm2-test-root-CA-trusted-certificate-0001.conf 483s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-p8kq75/softhsm2-test-root-CA-trusted-certificate-0001.conf 483s ++ basename /tmp/sssd-softhsm2-p8kq75/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 483s Test Organization Root Tr Token 483s + tokens_dir=/tmp/sssd-softhsm2-p8kq75/softhsm2-test-root-CA-trusted-certificate-0001 483s + token_name='Test Organization Root Tr Token' 483s + '[' '!' -e /tmp/sssd-softhsm2-p8kq75/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 483s + '[' '!' -d /tmp/sssd-softhsm2-p8kq75/softhsm2-test-root-CA-trusted-certificate-0001 ']' 483s + echo 'Test Organization Root Tr Token' 483s + '[' -n '' ']' 483s + local output_base_name=SSSD-child-10340 483s + local output_file=/tmp/sssd-softhsm2-p8kq75/SSSD-child-10340.output 483s + output_cert_file=/tmp/sssd-softhsm2-p8kq75/SSSD-child-10340.pem 483s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-p8kq75/test-intermediate-CA.pem 483s [p11_child[3032]] [main] (0x0400): p11_child started. 483s [p11_child[3032]] [main] (0x2000): Running in [pre-auth] mode. 483s [p11_child[3032]] [main] (0x2000): Running with effective IDs: [0][0]. 483s [p11_child[3032]] [main] (0x2000): Running with real IDs [0][0]. 483s [p11_child[3032]] [do_card] (0x4000): Module List: 483s [p11_child[3032]] [do_card] (0x4000): common name: [softhsm2]. 483s [p11_child[3032]] [do_card] (0x4000): dll name: [/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 483s [p11_child[3032]] [do_card] (0x4000): Description [SoftHSM slot ID 0x2ccf3f5f] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 483s [p11_child[3032]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 483s [p11_child[3032]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x2ccf3f5f][751779679] of module [0][/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 483s [p11_child[3032]] [do_card] (0x4000): Login NOT required. 483s [p11_child[3032]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 483s [p11_child[3032]] [do_verification] (0x0040): X509_verify_cert failed [0]. 483s [p11_child[3032]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 483s [p11_child[3032]] [read_certs] (0x0040): Certificate [Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] not valid, skipping. 483s [p11_child[3032]] [do_card] (0x4000): No certificate found. 483s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-p8kq75/SSSD-child-10340.output 483s + return 2 483s + invalid_certificate /tmp/sssd-softhsm2-p8kq75/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-31396 /tmp/sssd-softhsm2-p8kq75/test-intermediate-CA.pem partial_chain 483s + check_certificate /tmp/sssd-softhsm2-p8kq75/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-31396 /tmp/sssd-softhsm2-p8kq75/test-intermediate-CA.pem partial_chain 483s + local certificate=/tmp/sssd-softhsm2-p8kq75/test-root-CA-trusted-certificate-0001.pem 483s + local key_pass=pass:random-root-ca-trusted-cert-0001-31396 483s + local key_ring=/tmp/sssd-softhsm2-p8kq75/test-intermediate-CA.pem 483s + local verify_option=partial_chain 483s + prepare_softhsm2_card /tmp/sssd-softhsm2-p8kq75/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-31396 483s + local certificate=/tmp/sssd-softhsm2-p8kq75/test-root-CA-trusted-certificate-0001.pem 483s + local key_pass=pass:random-root-ca-trusted-cert-0001-31396 483s + local key_cn 483s + local key_name 483s + local tokens_dir 483s + local output_cert_file 483s + token_name= 483s ++ basename /tmp/sssd-softhsm2-p8kq75/test-root-CA-trusted-certificate-0001.pem .pem 483s + key_name=test-root-CA-trusted-certificate-0001 483s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-p8kq75/test-root-CA-trusted-certificate-0001.pem 483s ++ sed -n 's/ *commonName *= //p' 483s + key_cn='Test Organization Root Trusted Certificate 0001' 483s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 483s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-p8kq75/softhsm2-test-root-CA-trusted-certificate-0001.conf 483s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-p8kq75/softhsm2-test-root-CA-trusted-certificate-0001.conf 483s ++ basename /tmp/sssd-softhsm2-p8kq75/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 483s + tokens_dir=/tmp/sssd-softhsm2-p8kq75/softhsm2-test-root-CA-trusted-certificate-0001 483s + token_name='Test Organization Root Tr Token' 483s + '[' '!' -e /tmp/sssd-softhsm2-p8kq75/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 483s + '[' '!' -d /tmp/sssd-softhsm2-p8kq75/softhsm2-test-root-CA-trusted-certificate-0001 ']' 483s + echo 'Test Organization Root Tr Token' 483s Test Organization Root Tr Token 483s + '[' -n partial_chain ']' 483s + local verify_arg=--verify=partial_chain 483s + local output_base_name=SSSD-child-22809 483s + local output_file=/tmp/sssd-softhsm2-p8kq75/SSSD-child-22809.output 483s + output_cert_file=/tmp/sssd-softhsm2-p8kq75/SSSD-child-22809.pem 483s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-p8kq75/test-intermediate-CA.pem 483s [p11_child[3039]] [main] (0x0400): p11_child started. 483s [p11_child[3039]] [main] (0x2000): Running in [pre-auth] mode. 483s [p11_child[3039]] [main] (0x2000): Running with effective IDs: [0][0]. 483s [p11_child[3039]] [main] (0x2000): Running with real IDs [0][0]. 483s [p11_child[3039]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 483s [p11_child[3039]] [do_card] (0x4000): Module List: 483s [p11_child[3039]] [do_card] (0x4000): common name: [softhsm2]. 483s [p11_child[3039]] [do_card] (0x4000): dll name: [/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 483s [p11_child[3039]] [do_card] (0x4000): Description [SoftHSM slot ID 0x2ccf3f5f] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 483s [p11_child[3039]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 483s [p11_child[3039]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x2ccf3f5f][751779679] of module [0][/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 483s [p11_child[3039]] [do_card] (0x4000): Login NOT required. 483s [p11_child[3039]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 483s [p11_child[3039]] [do_verification] (0x0040): X509_verify_cert failed [0]. 483s [p11_child[3039]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 483s [p11_child[3039]] [read_certs] (0x0040): Certificate [Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] not valid, skipping. 483s [p11_child[3039]] [do_card] (0x4000): No certificate found. 483s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-p8kq75/SSSD-child-22809.output 483s + return 2 483s + invalid_certificate /tmp/sssd-softhsm2-p8kq75/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-6504 /dev/null 483s + check_certificate /tmp/sssd-softhsm2-p8kq75/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-6504 /dev/null 483s + local certificate=/tmp/sssd-softhsm2-p8kq75/test-intermediate-CA-trusted-certificate-0001.pem 483s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-6504 483s + local key_ring=/dev/null 483s + local verify_option= 483s + prepare_softhsm2_card /tmp/sssd-softhsm2-p8kq75/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-6504 483s + local certificate=/tmp/sssd-softhsm2-p8kq75/test-intermediate-CA-trusted-certificate-0001.pem 483s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-6504 483s + local key_cn 483s + local key_name 483s + local tokens_dir 483s + local output_cert_file 483s + token_name= 483s ++ basename /tmp/sssd-softhsm2-p8kq75/test-intermediate-CA-trusted-certificate-0001.pem .pem 483s + key_name=test-intermediate-CA-trusted-certificate-0001 483s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-p8kq75/test-intermediate-CA-trusted-certificate-0001.pem 483s ++ sed -n 's/ *commonName *= //p' 483s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 483s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 483s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-p8kq75/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 483s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-p8kq75/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 483s ++ basename /tmp/sssd-softhsm2-p8kq75/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 483s + tokens_dir=/tmp/sssd-softhsm2-p8kq75/softhsm2-test-intermediate-CA-trusted-certificate-0001 483s + token_name='Test Organization Interme Token' 483s + '[' '!' -e /tmp/sssd-softhsm2-p8kq75/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 483s + local key_file 483s + local decrypted_key 483s + mkdir -p /tmp/sssd-softhsm2-p8kq75/softhsm2-test-intermediate-CA-trusted-certificate-0001 483s + key_file=/tmp/sssd-softhsm2-p8kq75/test-intermediate-CA-trusted-certificate-0001-key.pem 483s + decrypted_key=/tmp/sssd-softhsm2-p8kq75/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 483s + cat 483s + softhsm2-util --init-token --label 'Test Organization Interme Token' --pin 053350 --so-pin 053350 --free 483s Slot 0 has a free/uninitialized token. 483s The token has been initialized and is reassigned to slot 1972598773 483s + softhsm2-util --show-slots 483s Available slots: 483s Slot 1972598773 483s Slot info: 483s Description: SoftHSM slot ID 0x759377f5 483s Manufacturer ID: SoftHSM project 483s Hardware version: 2.6 483s Firmware version: 2.6 483s Token present: yes 483s Token info: 483s Manufacturer ID: SoftHSM project 483s Model: SoftHSM v2 483s Hardware version: 2.6 483s Firmware version: 2.6 483s Serial number: 3cbc49b2f59377f5 483s Initialized: yes 483s User PIN init.: yes 483s Label: Test Organization Interme Token 483s Slot 1 483s Slot info: 483s Description: SoftHSM slot ID 0x1 483s Manufacturer ID: SoftHSM project 483s Hardware version: 2.6 483s Firmware version: 2.6 483s Token present: yes 483s Token info: 483s Manufacturer ID: SoftHSM project 483s Model: SoftHSM v2 483s Hardware version: 2.6 483s Firmware version: 2.6 483s Serial number: 483s Initialized: no 483s User PIN init.: no 483s Label: 483s + p11tool --provider=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=/tmp/sssd-softhsm2-p8kq75/test-intermediate-CA-trusted-certificate-0001.pem --login --set-pin=053350 --label 'Test Organization Intermediate Trusted Certificate 0001' --id 00112233445566778899FFAABBCCDDEEFF012345 483s + openssl rsa -passin pass:random-intermediate-ca-trusted-cert-0001-6504 -in /tmp/sssd-softhsm2-p8kq75/test-intermediate-CA-trusted-certificate-0001-key.pem -out /tmp/sssd-softhsm2-p8kq75/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 483s writing RSA key 483s + p11tool --provider=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so --write --load-privkey=/tmp/sssd-softhsm2-p8kq75/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem --login --set-pin=053350 --label 'Test Organization Intermediate Trusted Certificate 0001 Key' --id 00112233445566778899FFAABBCCDDEEFF012345 483s + rm /tmp/sssd-softhsm2-p8kq75/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 483s + p11tool --provider=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so --list-all 483s Object 0: 483s URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=3cbc49b2f59377f5;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert 483s Type: X.509 Certificate (RSA-1024) 483s Expires: Sat Nov 29 20:51:19 2025 483s Label: Test Organization Intermediate Trusted Certificate 0001 483s ID: 00:11:22:33:44:55:66:77:88:99:ff:aa:bb:cc:dd:ee:ff:01:23:45 483s 483s Test Organization Interme Token 483s + echo 'Test Organization Interme Token' 483s + '[' -n '' ']' 483s + local output_base_name=SSSD-child-13205 483s + local output_file=/tmp/sssd-softhsm2-p8kq75/SSSD-child-13205.output 483s + output_cert_file=/tmp/sssd-softhsm2-p8kq75/SSSD-child-13205.pem 483s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/dev/null 483s [p11_child[3055]] [main] (0x0400): p11_child started. 483s [p11_child[3055]] [main] (0x2000): Running in [pre-auth] mode. 483s [p11_child[3055]] [main] (0x2000): Running with effective IDs: [0][0]. 483s [p11_child[3055]] [main] (0x2000): Running with real IDs [0][0]. 483s [p11_child[3055]] [init_verification] (0x0040): X509_LOOKUP_load_file [/dev/null] failed [92274824][error:05800088:x509 certificate routines::no certificate or crl found]. 483s [p11_child[3055]] [do_work] (0x0040): init_verification failed. 483s [p11_child[3055]] [main] (0x0020): p11_child failed (5) 483s + return 2 483s + valid_certificate /tmp/sssd-softhsm2-p8kq75/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-6504 /dev/null no_verification 483s + check_certificate /tmp/sssd-softhsm2-p8kq75/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-6504 /dev/null no_verification 483s + local certificate=/tmp/sssd-softhsm2-p8kq75/test-intermediate-CA-trusted-certificate-0001.pem 483s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-6504 483s + local key_ring=/dev/null 483s + local verify_option=no_verification 483s + prepare_softhsm2_card /tmp/sssd-softhsm2-p8kq75/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-6504 483s + local certificate=/tmp/sssd-softhsm2-p8kq75/test-intermediate-CA-trusted-certificate-0001.pem 483s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-6504 483s + local key_cn 483s + local key_name 483s + local tokens_dir 483s + local output_cert_file 483s + token_name= 483s ++ basename /tmp/sssd-softhsm2-p8kq75/test-intermediate-CA-trusted-certificate-0001.pem .pem 483s + key_name=test-intermediate-CA-trusted-certificate-0001 483s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-p8kq75/test-intermediate-CA-trusted-certificate-0001.pem 483s ++ sed -n 's/ *commonName *= //p' 483s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 483s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 483s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-p8kq75/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 483s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-p8kq75/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 483s ++ basename /tmp/sssd-softhsm2-p8kq75/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 483s Test Organization Interme Token 483s + tokens_dir=/tmp/sssd-softhsm2-p8kq75/softhsm2-test-intermediate-CA-trusted-certificate-0001 483s + token_name='Test Organization Interme Token' 483s + '[' '!' -e /tmp/sssd-softhsm2-p8kq75/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 483s + '[' '!' -d /tmp/sssd-softhsm2-p8kq75/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 483s + echo 'Test Organization Interme Token' 483s + '[' -n no_verification ']' 483s + local verify_arg=--verify=no_verification 483s + local output_base_name=SSSD-child-25518 483s + local output_file=/tmp/sssd-softhsm2-p8kq75/SSSD-child-25518.output 483s + output_cert_file=/tmp/sssd-softhsm2-p8kq75/SSSD-child-25518.pem 483s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so --verify=no_verification --ca_db=/dev/null 483s [p11_child[3061]] [main] (0x0400): p11_child started. 483s [p11_child[3061]] [main] (0x2000): Running in [pre-auth] mode. 483s [p11_child[3061]] [main] (0x2000): Running with effective IDs: [0][0]. 483s [p11_child[3061]] [main] (0x2000): Running with real IDs [0][0]. 483s [p11_child[3061]] [parse_cert_verify_opts] (0x0020): Found 'no_verification' option, disabling verification completely. This should not be used in production. 483s [p11_child[3061]] [do_card] (0x4000): Module List: 483s [p11_child[3061]] [do_card] (0x4000): common name: [softhsm2]. 483s [p11_child[3061]] [do_card] (0x4000): dll name: [/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 483s [p11_child[3061]] [do_card] (0x4000): Description [SoftHSM slot ID 0x759377f5] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 483s [p11_child[3061]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 483s [p11_child[3061]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x759377f5][1972598773] of module [0][/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 483s [p11_child[3061]] [do_card] (0x4000): Login NOT required. 483s [p11_child[3061]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 483s [p11_child[3061]] [do_card] (0x4000): /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Interme Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 483s [p11_child[3061]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x759377f5;slot-manufacturer=SoftHSM%20project;slot-id=1972598773;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=3cbc49b2f59377f5;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 483s [p11_child[3061]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 483s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-p8kq75/SSSD-child-25518.output 483s + echo '-----BEGIN CERTIFICATE-----' 483s + tail -n1 /tmp/sssd-softhsm2-p8kq75/SSSD-child-25518.output 483s + echo '-----END CERTIFICATE-----' 483s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-p8kq75/SSSD-child-25518.pem 483s Certificate: 483s Data: 483s Version: 3 (0x2) 483s Serial Number: 4 (0x4) 483s Signature Algorithm: sha256WithRSAEncryption 483s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 483s Validity 483s Not Before: Nov 29 20:51:19 2024 GMT 483s Not After : Nov 29 20:51:19 2025 GMT 483s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 483s Subject Public Key Info: 483s Public Key Algorithm: rsaEncryption 483s Public-Key: (1024 bit) 483s Modulus: 483s 00:b6:b9:e4:6a:2a:47:7f:c0:8d:78:66:bb:44:44: 483s da:bb:92:80:9b:9a:69:a6:c3:33:b5:ae:bc:bd:0d: 483s a0:8b:f1:fd:4d:88:43:4e:61:87:f9:6d:b4:bd:5c: 483s 53:96:80:11:39:58:b1:67:8f:6c:00:3f:1f:de:8c: 483s d0:32:39:41:cc:1c:7a:15:13:e4:fd:d0:d0:02:00: 483s bd:5d:f9:f0:ac:22:97:a8:bb:0e:87:6f:a3:6f:dd: 483s ee:cc:f3:69:1f:94:2e:78:23:81:6b:e3:f7:95:ee: 483s 32:c8:af:fd:66:88:7a:7d:7c:02:8e:1e:9b:25:6b: 483s 87:a2:99:69:0e:69:1a:09:c1 483s Exponent: 65537 (0x10001) 483s X509v3 extensions: 483s X509v3 Authority Key Identifier: 483s 78:9A:BE:B7:7C:2C:97:8E:F8:F2:DF:43:B4:13:71:78:1A:EB:1C:95 483s X509v3 Basic Constraints: 483s CA:FALSE 483s Netscape Cert Type: 483s SSL Client, S/MIME 483s Netscape Comment: 483s Test Organization Intermediate CA trusted Certificate 483s X509v3 Subject Key Identifier: 483s 66:3A:10:FB:C8:E0:62:85:B0:94:AD:C3:46:0C:EE:4E:FC:CC:83:5C 483s X509v3 Key Usage: critical 483s Digital Signature, Non Repudiation, Key Encipherment 483s X509v3 Extended Key Usage: 483s TLS Web Client Authentication, E-mail Protection 483s X509v3 Subject Alternative Name: 483s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 483s Signature Algorithm: sha256WithRSAEncryption 483s Signature Value: 483s 27:77:bb:74:42:a7:ff:ec:bc:d3:6b:77:84:0e:4b:0b:b9:4b: 483s ad:9f:6a:d1:7d:b9:96:d5:a1:e6:34:59:c6:79:d7:ac:7e:56: 483s b0:23:46:2e:97:38:95:a3:98:16:70:20:56:f4:85:d1:0b:5b: 483s 25:d5:34:16:d9:53:13:a2:1e:21:b8:81:8a:02:08:d5:37:06: 483s 61:a0:16:d6:99:93:25:b9:76:cc:09:7c:f0:a4:76:eb:92:0d: 483s 7e:a3:4c:55:2d:e9:f8:89:3d:b0:5d:83:16:d6:69:12:b7:c1: 483s 68:8d:43:c0:5b:43:3a:25:7b:09:9b:fd:23:3b:e7:8a:e4:e2: 483s 17:68 483s + local found_md5 expected_md5 483s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-p8kq75/test-intermediate-CA-trusted-certificate-0001.pem 483s + expected_md5=Modulus=B6B9E46A2A477FC08D7866BB4444DABB92809B9A69A6C333B5AEBCBD0DA08BF1FD4D88434E6187F96DB4BD5C539680113958B1678F6C003F1FDE8CD0323941CC1C7A1513E4FDD0D00200BD5DF9F0AC2297A8BB0E876FA36FDDEECCF3691F942E7823816BE3F795EE32C8AFFD66887A7D7C028E1E9B256B87A299690E691A09C1 483s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-p8kq75/SSSD-child-25518.pem 483s + found_md5=Modulus=B6B9E46A2A477FC08D7866BB4444DABB92809B9A69A6C333B5AEBCBD0DA08BF1FD4D88434E6187F96DB4BD5C539680113958B1678F6C003F1FDE8CD0323941CC1C7A1513E4FDD0D00200BD5DF9F0AC2297A8BB0E876FA36FDDEECCF3691F942E7823816BE3F795EE32C8AFFD66887A7D7C028E1E9B256B87A299690E691A09C1 483s + '[' Modulus=B6B9E46A2A477FC08D7866BB4444DABB92809B9A69A6C333B5AEBCBD0DA08BF1FD4D88434E6187F96DB4BD5C539680113958B1678F6C003F1FDE8CD0323941CC1C7A1513E4FDD0D00200BD5DF9F0AC2297A8BB0E876FA36FDDEECCF3691F942E7823816BE3F795EE32C8AFFD66887A7D7C028E1E9B256B87A299690E691A09C1 '!=' Modulus=B6B9E46A2A477FC08D7866BB4444DABB92809B9A69A6C333B5AEBCBD0DA08BF1FD4D88434E6187F96DB4BD5C539680113958B1678F6C003F1FDE8CD0323941CC1C7A1513E4FDD0D00200BD5DF9F0AC2297A8BB0E876FA36FDDEECCF3691F942E7823816BE3F795EE32C8AFFD66887A7D7C028E1E9B256B87A299690E691A09C1 ']' 483s + output_file=/tmp/sssd-softhsm2-p8kq75/SSSD-child-25518-auth.output 483s ++ basename /tmp/sssd-softhsm2-p8kq75/SSSD-child-25518-auth.output .output 483s + output_cert_file=/tmp/sssd-softhsm2-p8kq75/SSSD-child-25518-auth.pem 483s + echo -n 053350 483s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/dev/null --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=no_verification --token_name 'Test Organization Interme Token' --module_name /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so 483s [p11_child[3069]] [main] (0x0400): p11_child started. 483s [p11_child[3069]] [main] (0x2000): Running in [auth] mode. 483s [p11_child[3069]] [main] (0x2000): Running with effective IDs: [0][0]. 483s [p11_child[3069]] [main] (0x2000): Running with real IDs [0][0]. 483s [p11_child[3069]] [parse_cert_verify_opts] (0x0020): Found 'no_verification' option, disabling verification completely. This should not be used in production. 483s [p11_child[3069]] [do_card] (0x4000): Module List: 483s [p11_child[3069]] [do_card] (0x4000): common name: [softhsm2]. 483s [p11_child[3069]] [do_card] (0x4000): dll name: [/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 483s [p11_child[3069]] [do_card] (0x4000): Description [SoftHSM slot ID 0x759377f5] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 483s [p11_child[3069]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 483s [p11_child[3069]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x759377f5][1972598773] of module [0][/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 483s [p11_child[3069]] [do_card] (0x4000): Login required. 483s [p11_child[3069]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 483s [p11_child[3069]] [do_card] (0x4000): /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so Test Organization Interme Token Test Organization Interme Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 483s [p11_child[3069]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x759377f5;slot-manufacturer=SoftHSM%20project;slot-id=1972598773;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=3cbc49b2f59377f5;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 483s [p11_child[3069]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 483s [p11_child[3069]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 483s [p11_child[3069]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 483s [p11_child[3069]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 483s [p11_child[3069]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 483s [p11_child[3069]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 483s [p11_child[3069]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 483s [p11_child[3069]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 483s [p11_child[3069]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 483s [p11_child[3069]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 483s [p11_child[3069]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 483s [p11_child[3069]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 483s [p11_child[3069]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 483s [p11_child[3069]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 483s [p11_child[3069]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 483s [p11_child[3069]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 483s [p11_child[3069]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 483s [p11_child[3069]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 483s [p11_child[3069]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 483s [p11_child[3069]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 483s [p11_child[3069]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 483s [p11_child[3069]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 483s [p11_child[3069]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 483s [p11_child[3069]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 483s [p11_child[3069]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 483s [p11_child[3069]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 483s [p11_child[3069]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 483s [p11_child[3069]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 483s [p11_child[3069]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 483s [p11_child[3069]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 483s [p11_child[3069]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 483s [p11_child[3069]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 483s [p11_child[3069]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 483s [p11_child[3069]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 483s [p11_child[3069]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 483s [p11_child[3069]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 483s [p11_child[3069]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 483s [p11_child[3069]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 483s [p11_child[3069]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 483s [p11_child[3069]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 483s [p11_child[3069]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 483s [p11_child[3069]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 483s [p11_child[3069]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 483s [p11_child[3069]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 483s [p11_child[3069]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 483s [p11_child[3069]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 483s [p11_child[3069]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 483s [p11_child[3069]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 483s [p11_child[3069]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 483s [p11_child[3069]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 483s [p11_child[3069]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 483s [p11_child[3069]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 483s [p11_child[3069]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 483s [p11_child[3069]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 483s [p11_child[3069]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 483s [p11_child[3069]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 483s [p11_child[3069]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 483s [p11_child[3069]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 483s [p11_child[3069]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 483s [p11_child[3069]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 483s [p11_child[3069]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 483s [p11_child[3069]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 483s [p11_child[3069]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 483s [p11_child[3069]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 483s [p11_child[3069]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 483s [p11_child[3069]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 483s [p11_child[3069]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 483s [p11_child[3069]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 483s [p11_child[3069]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 483s [p11_child[3069]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 483s [p11_child[3069]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 483s [p11_child[3069]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 483s [p11_child[3069]] [do_card] (0x4000): Certificate verified and validated. 483s [p11_child[3069]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 483s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-p8kq75/SSSD-child-25518-auth.output 483s + echo '-----BEGIN CERTIFICATE-----' 483s + tail -n1 /tmp/sssd-softhsm2-p8kq75/SSSD-child-25518-auth.output 483s + echo '-----END CERTIFICATE-----' 483s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-p8kq75/SSSD-child-25518-auth.pem 483s Certificate: 483s Data: 483s Version: 3 (0x2) 483s Serial Number: 4 (0x4) 483s Signature Algorithm: sha256WithRSAEncryption 483s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 483s Validity 483s Not Before: Nov 29 20:51:19 2024 GMT 483s Not After : Nov 29 20:51:19 2025 GMT 483s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 483s Subject Public Key Info: 483s Public Key Algorithm: rsaEncryption 483s Public-Key: (1024 bit) 483s Modulus: 483s 00:b6:b9:e4:6a:2a:47:7f:c0:8d:78:66:bb:44:44: 483s da:bb:92:80:9b:9a:69:a6:c3:33:b5:ae:bc:bd:0d: 483s a0:8b:f1:fd:4d:88:43:4e:61:87:f9:6d:b4:bd:5c: 483s 53:96:80:11:39:58:b1:67:8f:6c:00:3f:1f:de:8c: 483s d0:32:39:41:cc:1c:7a:15:13:e4:fd:d0:d0:02:00: 483s bd:5d:f9:f0:ac:22:97:a8:bb:0e:87:6f:a3:6f:dd: 483s ee:cc:f3:69:1f:94:2e:78:23:81:6b:e3:f7:95:ee: 483s 32:c8:af:fd:66:88:7a:7d:7c:02:8e:1e:9b:25:6b: 483s 87:a2:99:69:0e:69:1a:09:c1 483s Exponent: 65537 (0x10001) 483s X509v3 extensions: 483s X509v3 Authority Key Identifier: 483s 78:9A:BE:B7:7C:2C:97:8E:F8:F2:DF:43:B4:13:71:78:1A:EB:1C:95 483s X509v3 Basic Constraints: 483s CA:FALSE 483s Netscape Cert Type: 483s SSL Client, S/MIME 483s Netscape Comment: 483s Test Organization Intermediate CA trusted Certificate 483s X509v3 Subject Key Identifier: 483s 66:3A:10:FB:C8:E0:62:85:B0:94:AD:C3:46:0C:EE:4E:FC:CC:83:5C 483s X509v3 Key Usage: critical 483s Digital Signature, Non Repudiation, Key Encipherment 483s X509v3 Extended Key Usage: 483s TLS Web Client Authentication, E-mail Protection 483s X509v3 Subject Alternative Name: 483s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 483s Signature Algorithm: sha256WithRSAEncryption 483s Signature Value: 483s 27:77:bb:74:42:a7:ff:ec:bc:d3:6b:77:84:0e:4b:0b:b9:4b: 483s ad:9f:6a:d1:7d:b9:96:d5:a1:e6:34:59:c6:79:d7:ac:7e:56: 483s b0:23:46:2e:97:38:95:a3:98:16:70:20:56:f4:85:d1:0b:5b: 483s 25:d5:34:16:d9:53:13:a2:1e:21:b8:81:8a:02:08:d5:37:06: 483s 61:a0:16:d6:99:93:25:b9:76:cc:09:7c:f0:a4:76:eb:92:0d: 483s 7e:a3:4c:55:2d:e9:f8:89:3d:b0:5d:83:16:d6:69:12:b7:c1: 483s 68:8d:43:c0:5b:43:3a:25:7b:09:9b:fd:23:3b:e7:8a:e4:e2: 483s 17:68 483s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-p8kq75/SSSD-child-25518-auth.pem 483s + found_md5=Modulus=B6B9E46A2A477FC08D7866BB4444DABB92809B9A69A6C333B5AEBCBD0DA08BF1FD4D88434E6187F96DB4BD5C539680113958B1678F6C003F1FDE8CD0323941CC1C7A1513E4FDD0D00200BD5DF9F0AC2297A8BB0E876FA36FDDEECCF3691F942E7823816BE3F795EE32C8AFFD66887A7D7C028E1E9B256B87A299690E691A09C1 483s + '[' Modulus=B6B9E46A2A477FC08D7866BB4444DABB92809B9A69A6C333B5AEBCBD0DA08BF1FD4D88434E6187F96DB4BD5C539680113958B1678F6C003F1FDE8CD0323941CC1C7A1513E4FDD0D00200BD5DF9F0AC2297A8BB0E876FA36FDDEECCF3691F942E7823816BE3F795EE32C8AFFD66887A7D7C028E1E9B256B87A299690E691A09C1 '!=' Modulus=B6B9E46A2A477FC08D7866BB4444DABB92809B9A69A6C333B5AEBCBD0DA08BF1FD4D88434E6187F96DB4BD5C539680113958B1678F6C003F1FDE8CD0323941CC1C7A1513E4FDD0D00200BD5DF9F0AC2297A8BB0E876FA36FDDEECCF3691F942E7823816BE3F795EE32C8AFFD66887A7D7C028E1E9B256B87A299690E691A09C1 ']' 483s + invalid_certificate /tmp/sssd-softhsm2-p8kq75/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-6504 /tmp/sssd-softhsm2-p8kq75/test-root-CA.pem 483s + check_certificate /tmp/sssd-softhsm2-p8kq75/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-6504 /tmp/sssd-softhsm2-p8kq75/test-root-CA.pem 483s + local certificate=/tmp/sssd-softhsm2-p8kq75/test-intermediate-CA-trusted-certificate-0001.pem 483s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-6504 483s + local key_ring=/tmp/sssd-softhsm2-p8kq75/test-root-CA.pem 483s + local verify_option= 483s + prepare_softhsm2_card /tmp/sssd-softhsm2-p8kq75/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-6504 483s + local certificate=/tmp/sssd-softhsm2-p8kq75/test-intermediate-CA-trusted-certificate-0001.pem 483s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-6504 483s + local key_cn 483s + local key_name 483s + local tokens_dir 483s + local output_cert_file 483s + token_name= 483s ++ basename /tmp/sssd-softhsm2-p8kq75/test-intermediate-CA-trusted-certificate-0001.pem .pem 483s + key_name=test-intermediate-CA-trusted-certificate-0001 483s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-p8kq75/test-intermediate-CA-trusted-certificate-0001.pem 483s ++ sed -n 's/ *commonName *= //p' 483s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 483s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 483s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-p8kq75/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 483s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-p8kq75/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 483s ++ basename /tmp/sssd-softhsm2-p8kq75/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 483s + tokens_dir=/tmp/sssd-softhsm2-p8kq75/softhsm2-test-intermediate-CA-trusted-certificate-0001 483s + token_name='Test Organization Interme Token' 483s Test Organization Interme Token 483s + '[' '!' -e /tmp/sssd-softhsm2-p8kq75/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 483s + '[' '!' -d /tmp/sssd-softhsm2-p8kq75/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 483s + echo 'Test Organization Interme Token' 483s + '[' -n '' ']' 483s + local output_base_name=SSSD-child-27363 483s + local output_file=/tmp/sssd-softhsm2-p8kq75/SSSD-child-27363.output 483s + output_cert_file=/tmp/sssd-softhsm2-p8kq75/SSSD-child-27363.pem 483s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-p8kq75/test-root-CA.pem 483s [p11_child[3079]] [main] (0x0400): p11_child started. 483s [p11_child[3079]] [main] (0x2000): Running in [pre-auth] mode. 483s [p11_child[3079]] [main] (0x2000): Running with effective IDs: [0][0]. 483s [p11_child[3079]] [main] (0x2000): Running with real IDs [0][0]. 483s [p11_child[3079]] [do_card] (0x4000): Module List: 483s [p11_child[3079]] [do_card] (0x4000): common name: [softhsm2]. 483s [p11_child[3079]] [do_card] (0x4000): dll name: [/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 483s [p11_child[3079]] [do_card] (0x4000): Description [SoftHSM slot ID 0x759377f5] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 483s [p11_child[3079]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 483s [p11_child[3079]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x759377f5][1972598773] of module [0][/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 483s [p11_child[3079]] [do_card] (0x4000): Login NOT required. 483s [p11_child[3079]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 483s [p11_child[3079]] [do_verification] (0x0040): X509_verify_cert failed [0]. 483s [p11_child[3079]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 483s [p11_child[3079]] [read_certs] (0x0040): Certificate [Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] not valid, skipping. 483s [p11_child[3079]] [do_card] (0x4000): No certificate found. 483s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-p8kq75/SSSD-child-27363.output 483s + return 2 483s + invalid_certificate /tmp/sssd-softhsm2-p8kq75/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-6504 /tmp/sssd-softhsm2-p8kq75/test-root-CA.pem partial_chain 483s + check_certificate /tmp/sssd-softhsm2-p8kq75/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-6504 /tmp/sssd-softhsm2-p8kq75/test-root-CA.pem partial_chain 483s + local certificate=/tmp/sssd-softhsm2-p8kq75/test-intermediate-CA-trusted-certificate-0001.pem 483s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-6504 483s + local key_ring=/tmp/sssd-softhsm2-p8kq75/test-root-CA.pem 483s + local verify_option=partial_chain 483s + prepare_softhsm2_card /tmp/sssd-softhsm2-p8kq75/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-6504 483s + local certificate=/tmp/sssd-softhsm2-p8kq75/test-intermediate-CA-trusted-certificate-0001.pem 483s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-6504 483s + local key_cn 483s + local key_name 483s + local tokens_dir 483s + local output_cert_file 483s + token_name= 483s ++ basename /tmp/sssd-softhsm2-p8kq75/test-intermediate-CA-trusted-certificate-0001.pem .pem 483s + key_name=test-intermediate-CA-trusted-certificate-0001 483s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-p8kq75/test-intermediate-CA-trusted-certificate-0001.pem 483s ++ sed -n 's/ *commonName *= //p' 483s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 483s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 483s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-p8kq75/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 483s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-p8kq75/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 483s ++ basename /tmp/sssd-softhsm2-p8kq75/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 483s Test Organization Interme Token 483s + tokens_dir=/tmp/sssd-softhsm2-p8kq75/softhsm2-test-intermediate-CA-trusted-certificate-0001 483s + token_name='Test Organization Interme Token' 483s + '[' '!' -e /tmp/sssd-softhsm2-p8kq75/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 483s + '[' '!' -d /tmp/sssd-softhsm2-p8kq75/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 483s + echo 'Test Organization Interme Token' 483s + '[' -n partial_chain ']' 483s + local verify_arg=--verify=partial_chain 483s + local output_base_name=SSSD-child-1725 483s + local output_file=/tmp/sssd-softhsm2-p8kq75/SSSD-child-1725.output 483s + output_cert_file=/tmp/sssd-softhsm2-p8kq75/SSSD-child-1725.pem 483s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-p8kq75/test-root-CA.pem 483s [p11_child[3086]] [main] (0x0400): p11_child started. 483s [p11_child[3086]] [main] (0x2000): Running in [pre-auth] mode. 483s [p11_child[3086]] [main] (0x2000): Running with effective IDs: [0][0]. 483s [p11_child[3086]] [main] (0x2000): Running with real IDs [0][0]. 483s [p11_child[3086]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 483s [p11_child[3086]] [do_card] (0x4000): Module List: 483s [p11_child[3086]] [do_card] (0x4000): common name: [softhsm2]. 483s [p11_child[3086]] [do_card] (0x4000): dll name: [/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 483s [p11_child[3086]] [do_card] (0x4000): Description [SoftHSM slot ID 0x759377f5] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 483s [p11_child[3086]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 483s [p11_child[3086]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x759377f5][1972598773] of module [0][/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 483s [p11_child[3086]] [do_card] (0x4000): Login NOT required. 483s [p11_child[3086]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 483s [p11_child[3086]] [do_verification] (0x0040): X509_verify_cert failed [0]. 483s [p11_child[3086]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 483s [p11_child[3086]] [read_certs] (0x0040): Certificate [Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] not valid, skipping. 483s [p11_child[3086]] [do_card] (0x4000): No certificate found. 483s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-p8kq75/SSSD-child-1725.output 483s + return 2 483s + valid_certificate /tmp/sssd-softhsm2-p8kq75/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-6504 /tmp/sssd-softhsm2-p8kq75/test-full-chain-CA.pem 483s + check_certificate /tmp/sssd-softhsm2-p8kq75/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-6504 /tmp/sssd-softhsm2-p8kq75/test-full-chain-CA.pem 483s + local certificate=/tmp/sssd-softhsm2-p8kq75/test-intermediate-CA-trusted-certificate-0001.pem 483s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-6504 483s + local key_ring=/tmp/sssd-softhsm2-p8kq75/test-full-chain-CA.pem 483s + local verify_option= 483s + prepare_softhsm2_card /tmp/sssd-softhsm2-p8kq75/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-6504 483s + local certificate=/tmp/sssd-softhsm2-p8kq75/test-intermediate-CA-trusted-certificate-0001.pem 483s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-6504 483s + local key_cn 483s + local key_name 483s + local tokens_dir 483s + local output_cert_file 483s + token_name= 483s ++ basename /tmp/sssd-softhsm2-p8kq75/test-intermediate-CA-trusted-certificate-0001.pem .pem 483s + key_name=test-intermediate-CA-trusted-certificate-0001 483s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-p8kq75/test-intermediate-CA-trusted-certificate-0001.pem 483s ++ sed -n 's/ *commonName *= //p' 483s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 483s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 483s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-p8kq75/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 483s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-p8kq75/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 483s ++ basename /tmp/sssd-softhsm2-p8kq75/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 483s + tokens_dir=/tmp/sssd-softhsm2-p8kq75/softhsm2-test-intermediate-CA-trusted-certificate-0001 483s + token_name='Test Organization Interme Token' 483s + '[' '!' -e /tmp/sssd-softhsm2-p8kq75/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 483s Test Organization Interme Token 483s + '[' '!' -d /tmp/sssd-softhsm2-p8kq75/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 483s + echo 'Test Organization Interme Token' 483s + '[' -n '' ']' 483s + local output_base_name=SSSD-child-6174 483s + local output_file=/tmp/sssd-softhsm2-p8kq75/SSSD-child-6174.output 483s + output_cert_file=/tmp/sssd-softhsm2-p8kq75/SSSD-child-6174.pem 483s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-p8kq75/test-full-chain-CA.pem 483s [p11_child[3093]] [main] (0x0400): p11_child started. 483s [p11_child[3093]] [main] (0x2000): Running in [pre-auth] mode. 483s [p11_child[3093]] [main] (0x2000): Running with effective IDs: [0][0]. 483s [p11_child[3093]] [main] (0x2000): Running with real IDs [0][0]. 483s [p11_child[3093]] [do_card] (0x4000): Module List: 483s [p11_child[3093]] [do_card] (0x4000): common name: [softhsm2]. 483s [p11_child[3093]] [do_card] (0x4000): dll name: [/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 483s [p11_child[3093]] [do_card] (0x4000): Description [SoftHSM slot ID 0x759377f5] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 483s [p11_child[3093]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 483s [p11_child[3093]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x759377f5][1972598773] of module [0][/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 483s [p11_child[3093]] [do_card] (0x4000): Login NOT required. 483s [p11_child[3093]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 483s [p11_child[3093]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 483s [p11_child[3093]] [do_card] (0x4000): /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Interme Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 483s [p11_child[3093]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x759377f5;slot-manufacturer=SoftHSM%20project;slot-id=1972598773;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=3cbc49b2f59377f5;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 483s [p11_child[3093]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 483s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-p8kq75/SSSD-child-6174.output 483s + echo '-----BEGIN CERTIFICATE-----' 483s + tail -n1 /tmp/sssd-softhsm2-p8kq75/SSSD-child-6174.output 483s + echo '-----END CERTIFICATE-----' 483s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-p8kq75/SSSD-child-6174.pem 483s Certificate: 483s Data: 483s Version: 3 (0x2) 483s Serial Number: 4 (0x4) 483s Signature Algorithm: sha256WithRSAEncryption 483s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 483s Validity 483s Not Before: Nov 29 20:51:19 2024 GMT 483s Not After : Nov 29 20:51:19 2025 GMT 483s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 483s Subject Public Key Info: 483s Public Key Algorithm: rsaEncryption 483s Public-Key: (1024 bit) 483s Modulus: 483s 00:b6:b9:e4:6a:2a:47:7f:c0:8d:78:66:bb:44:44: 483s da:bb:92:80:9b:9a:69:a6:c3:33:b5:ae:bc:bd:0d: 483s a0:8b:f1:fd:4d:88:43:4e:61:87:f9:6d:b4:bd:5c: 483s 53:96:80:11:39:58:b1:67:8f:6c:00:3f:1f:de:8c: 483s d0:32:39:41:cc:1c:7a:15:13:e4:fd:d0:d0:02:00: 483s bd:5d:f9:f0:ac:22:97:a8:bb:0e:87:6f:a3:6f:dd: 483s ee:cc:f3:69:1f:94:2e:78:23:81:6b:e3:f7:95:ee: 483s 32:c8:af:fd:66:88:7a:7d:7c:02:8e:1e:9b:25:6b: 483s 87:a2:99:69:0e:69:1a:09:c1 483s Exponent: 65537 (0x10001) 483s X509v3 extensions: 483s X509v3 Authority Key Identifier: 483s 78:9A:BE:B7:7C:2C:97:8E:F8:F2:DF:43:B4:13:71:78:1A:EB:1C:95 483s X509v3 Basic Constraints: 483s CA:FALSE 483s Netscape Cert Type: 483s SSL Client, S/MIME 483s Netscape Comment: 483s Test Organization Intermediate CA trusted Certificate 483s X509v3 Subject Key Identifier: 483s 66:3A:10:FB:C8:E0:62:85:B0:94:AD:C3:46:0C:EE:4E:FC:CC:83:5C 483s X509v3 Key Usage: critical 483s Digital Signature, Non Repudiation, Key Encipherment 483s X509v3 Extended Key Usage: 483s TLS Web Client Authentication, E-mail Protection 483s X509v3 Subject Alternative Name: 483s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 483s Signature Algorithm: sha256WithRSAEncryption 483s Signature Value: 483s 27:77:bb:74:42:a7:ff:ec:bc:d3:6b:77:84:0e:4b:0b:b9:4b: 483s ad:9f:6a:d1:7d:b9:96:d5:a1:e6:34:59:c6:79:d7:ac:7e:56: 483s b0:23:46:2e:97:38:95:a3:98:16:70:20:56:f4:85:d1:0b:5b: 483s 25:d5:34:16:d9:53:13:a2:1e:21:b8:81:8a:02:08:d5:37:06: 483s 61:a0:16:d6:99:93:25:b9:76:cc:09:7c:f0:a4:76:eb:92:0d: 483s 7e:a3:4c:55:2d:e9:f8:89:3d:b0:5d:83:16:d6:69:12:b7:c1: 483s 68:8d:43:c0:5b:43:3a:25:7b:09:9b:fd:23:3b:e7:8a:e4:e2: 483s 17:68 483s + local found_md5 expected_md5 483s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-p8kq75/test-intermediate-CA-trusted-certificate-0001.pem 483s + expected_md5=Modulus=B6B9E46A2A477FC08D7866BB4444DABB92809B9A69A6C333B5AEBCBD0DA08BF1FD4D88434E6187F96DB4BD5C539680113958B1678F6C003F1FDE8CD0323941CC1C7A1513E4FDD0D00200BD5DF9F0AC2297A8BB0E876FA36FDDEECCF3691F942E7823816BE3F795EE32C8AFFD66887A7D7C028E1E9B256B87A299690E691A09C1 483s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-p8kq75/SSSD-child-6174.pem 483s + found_md5=Modulus=B6B9E46A2A477FC08D7866BB4444DABB92809B9A69A6C333B5AEBCBD0DA08BF1FD4D88434E6187F96DB4BD5C539680113958B1678F6C003F1FDE8CD0323941CC1C7A1513E4FDD0D00200BD5DF9F0AC2297A8BB0E876FA36FDDEECCF3691F942E7823816BE3F795EE32C8AFFD66887A7D7C028E1E9B256B87A299690E691A09C1 483s + '[' Modulus=B6B9E46A2A477FC08D7866BB4444DABB92809B9A69A6C333B5AEBCBD0DA08BF1FD4D88434E6187F96DB4BD5C539680113958B1678F6C003F1FDE8CD0323941CC1C7A1513E4FDD0D00200BD5DF9F0AC2297A8BB0E876FA36FDDEECCF3691F942E7823816BE3F795EE32C8AFFD66887A7D7C028E1E9B256B87A299690E691A09C1 '!=' Modulus=B6B9E46A2A477FC08D7866BB4444DABB92809B9A69A6C333B5AEBCBD0DA08BF1FD4D88434E6187F96DB4BD5C539680113958B1678F6C003F1FDE8CD0323941CC1C7A1513E4FDD0D00200BD5DF9F0AC2297A8BB0E876FA36FDDEECCF3691F942E7823816BE3F795EE32C8AFFD66887A7D7C028E1E9B256B87A299690E691A09C1 ']' 483s + output_file=/tmp/sssd-softhsm2-p8kq75/SSSD-child-6174-auth.output 483s ++ basename /tmp/sssd-softhsm2-p8kq75/SSSD-child-6174-auth.output .output 483s + output_cert_file=/tmp/sssd-softhsm2-p8kq75/SSSD-child-6174-auth.pem 483s + echo -n 053350 483s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-p8kq75/test-full-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 '' --token_name 'Test Organization Interme Token' --module_name /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so 483s [p11_child[3101]] [main] (0x0400): p11_child started. 483s [p11_child[3101]] [main] (0x2000): Running in [auth] mode. 483s [p11_child[3101]] [main] (0x2000): Running with effective IDs: [0][0]. 483s [p11_child[3101]] [main] (0x2000): Running with real IDs [0][0]. 483s [p11_child[3101]] [do_card] (0x4000): Module List: 483s [p11_child[3101]] [do_card] (0x4000): common name: [softhsm2]. 483s [p11_child[3101]] [do_card] (0x4000): dll name: [/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 483s [p11_child[3101]] [do_card] (0x4000): Description [SoftHSM slot ID 0x759377f5] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 483s [p11_child[3101]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 483s [p11_child[3101]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x759377f5][1972598773] of module [0][/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 483s [p11_child[3101]] [do_card] (0x4000): Login required. 483s [p11_child[3101]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 483s [p11_child[3101]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 483s [p11_child[3101]] [do_card] (0x4000): /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so Test Organization Interme Token Test Organization Interme Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 483s [p11_child[3101]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x759377f5;slot-manufacturer=SoftHSM%20project;slot-id=1972598773;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=3cbc49b2f59377f5;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 483s [p11_child[3101]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 483s [p11_child[3101]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 483s [p11_child[3101]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 483s [p11_child[3101]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 483s [p11_child[3101]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 483s [p11_child[3101]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 483s [p11_child[3101]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 483s [p11_child[3101]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 483s [p11_child[3101]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 483s [p11_child[3101]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 483s [p11_child[3101]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 483s [p11_child[3101]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 483s [p11_child[3101]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 483s [p11_child[3101]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 483s [p11_child[3101]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 483s [p11_child[3101]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 483s [p11_child[3101]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 483s [p11_child[3101]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 483s [p11_child[3101]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 483s [p11_child[3101]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 483s [p11_child[3101]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 483s [p11_child[3101]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 483s [p11_child[3101]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 483s [p11_child[3101]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 483s [p11_child[3101]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 483s [p11_child[3101]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 483s [p11_child[3101]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 483s [p11_child[3101]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 483s [p11_child[3101]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 483s [p11_child[3101]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 483s [p11_child[3101]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 483s [p11_child[3101]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 483s [p11_child[3101]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 483s [p11_child[3101]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 483s [p11_child[3101]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 483s [p11_child[3101]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 483s [p11_child[3101]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 483s [p11_child[3101]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 483s [p11_child[3101]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 483s [p11_child[3101]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 483s [p11_child[3101]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 483s [p11_child[3101]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 483s [p11_child[3101]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 483s [p11_child[3101]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 483s [p11_child[3101]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 483s [p11_child[3101]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 483s [p11_child[3101]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 483s [p11_child[3101]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 483s [p11_child[3101]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 483s [p11_child[3101]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 483s [p11_child[3101]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 483s [p11_child[3101]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 483s [p11_child[3101]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 483s [p11_child[3101]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 483s [p11_child[3101]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 483s [p11_child[3101]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 483s [p11_child[3101]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 483s [p11_child[3101]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 483s [p11_child[3101]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 483s [p11_child[3101]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 483s [p11_child[3101]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 483s [p11_child[3101]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 483s [p11_child[3101]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 483s [p11_child[3101]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 483s [p11_child[3101]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 483s [p11_child[3101]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 483s [p11_child[3101]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 483s [p11_child[3101]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 483s [p11_child[3101]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 483s [p11_child[3101]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 483s [p11_child[3101]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 483s [p11_child[3101]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 483s [p11_child[3101]] [do_card] (0x4000): Certificate verified and validated. 483s [p11_child[3101]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 483s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-p8kq75/SSSD-child-6174-auth.output 483s + echo '-----BEGIN CERTIFICATE-----' 483s + tail -n1 /tmp/sssd-softhsm2-p8kq75/SSSD-child-6174-auth.output 483s + echo '-----END CERTIFICATE-----' 483s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-p8kq75/SSSD-child-6174-auth.pem 483s Certificate: 483s Data: 483s Version: 3 (0x2) 483s Serial Number: 4 (0x4) 483s Signature Algorithm: sha256WithRSAEncryption 483s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 483s Validity 483s Not Before: Nov 29 20:51:19 2024 GMT 483s Not After : Nov 29 20:51:19 2025 GMT 483s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 483s Subject Public Key Info: 483s Public Key Algorithm: rsaEncryption 483s Public-Key: (1024 bit) 483s Modulus: 483s 00:b6:b9:e4:6a:2a:47:7f:c0:8d:78:66:bb:44:44: 483s da:bb:92:80:9b:9a:69:a6:c3:33:b5:ae:bc:bd:0d: 483s a0:8b:f1:fd:4d:88:43:4e:61:87:f9:6d:b4:bd:5c: 483s 53:96:80:11:39:58:b1:67:8f:6c:00:3f:1f:de:8c: 483s d0:32:39:41:cc:1c:7a:15:13:e4:fd:d0:d0:02:00: 483s bd:5d:f9:f0:ac:22:97:a8:bb:0e:87:6f:a3:6f:dd: 483s ee:cc:f3:69:1f:94:2e:78:23:81:6b:e3:f7:95:ee: 483s 32:c8:af:fd:66:88:7a:7d:7c:02:8e:1e:9b:25:6b: 483s 87:a2:99:69:0e:69:1a:09:c1 483s Exponent: 65537 (0x10001) 483s X509v3 extensions: 483s X509v3 Authority Key Identifier: 483s 78:9A:BE:B7:7C:2C:97:8E:F8:F2:DF:43:B4:13:71:78:1A:EB:1C:95 483s X509v3 Basic Constraints: 483s CA:FALSE 483s Netscape Cert Type: 483s SSL Client, S/MIME 483s Netscape Comment: 483s Test Organization Intermediate CA trusted Certificate 483s X509v3 Subject Key Identifier: 483s 66:3A:10:FB:C8:E0:62:85:B0:94:AD:C3:46:0C:EE:4E:FC:CC:83:5C 483s X509v3 Key Usage: critical 483s Digital Signature, Non Repudiation, Key Encipherment 483s X509v3 Extended Key Usage: 483s TLS Web Client Authentication, E-mail Protection 483s X509v3 Subject Alternative Name: 483s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 483s Signature Algorithm: sha256WithRSAEncryption 483s Signature Value: 483s 27:77:bb:74:42:a7:ff:ec:bc:d3:6b:77:84:0e:4b:0b:b9:4b: 483s ad:9f:6a:d1:7d:b9:96:d5:a1:e6:34:59:c6:79:d7:ac:7e:56: 483s b0:23:46:2e:97:38:95:a3:98:16:70:20:56:f4:85:d1:0b:5b: 483s 25:d5:34:16:d9:53:13:a2:1e:21:b8:81:8a:02:08:d5:37:06: 483s 61:a0:16:d6:99:93:25:b9:76:cc:09:7c:f0:a4:76:eb:92:0d: 483s 7e:a3:4c:55:2d:e9:f8:89:3d:b0:5d:83:16:d6:69:12:b7:c1: 483s 68:8d:43:c0:5b:43:3a:25:7b:09:9b:fd:23:3b:e7:8a:e4:e2: 483s 17:68 483s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-p8kq75/SSSD-child-6174-auth.pem 484s + found_md5=Modulus=B6B9E46A2A477FC08D7866BB4444DABB92809B9A69A6C333B5AEBCBD0DA08BF1FD4D88434E6187F96DB4BD5C539680113958B1678F6C003F1FDE8CD0323941CC1C7A1513E4FDD0D00200BD5DF9F0AC2297A8BB0E876FA36FDDEECCF3691F942E7823816BE3F795EE32C8AFFD66887A7D7C028E1E9B256B87A299690E691A09C1 484s + '[' Modulus=B6B9E46A2A477FC08D7866BB4444DABB92809B9A69A6C333B5AEBCBD0DA08BF1FD4D88434E6187F96DB4BD5C539680113958B1678F6C003F1FDE8CD0323941CC1C7A1513E4FDD0D00200BD5DF9F0AC2297A8BB0E876FA36FDDEECCF3691F942E7823816BE3F795EE32C8AFFD66887A7D7C028E1E9B256B87A299690E691A09C1 '!=' Modulus=B6B9E46A2A477FC08D7866BB4444DABB92809B9A69A6C333B5AEBCBD0DA08BF1FD4D88434E6187F96DB4BD5C539680113958B1678F6C003F1FDE8CD0323941CC1C7A1513E4FDD0D00200BD5DF9F0AC2297A8BB0E876FA36FDDEECCF3691F942E7823816BE3F795EE32C8AFFD66887A7D7C028E1E9B256B87A299690E691A09C1 ']' 484s + valid_certificate /tmp/sssd-softhsm2-p8kq75/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-6504 /tmp/sssd-softhsm2-p8kq75/test-full-chain-CA.pem partial_chain 484s + check_certificate /tmp/sssd-softhsm2-p8kq75/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-6504 /tmp/sssd-softhsm2-p8kq75/test-full-chain-CA.pem partial_chain 484s + local certificate=/tmp/sssd-softhsm2-p8kq75/test-intermediate-CA-trusted-certificate-0001.pem 484s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-6504 484s + local key_ring=/tmp/sssd-softhsm2-p8kq75/test-full-chain-CA.pem 484s + local verify_option=partial_chain 484s + prepare_softhsm2_card /tmp/sssd-softhsm2-p8kq75/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-6504 484s + local certificate=/tmp/sssd-softhsm2-p8kq75/test-intermediate-CA-trusted-certificate-0001.pem 484s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-6504 484s + local key_cn 484s + local key_name 484s + local tokens_dir 484s + local output_cert_file 484s + token_name= 484s ++ basename /tmp/sssd-softhsm2-p8kq75/test-intermediate-CA-trusted-certificate-0001.pem .pem 484s + key_name=test-intermediate-CA-trusted-certificate-0001 484s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-p8kq75/test-intermediate-CA-trusted-certificate-0001.pem 484s ++ sed -n 's/ *commonName *= //p' 484s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 484s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 484s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-p8kq75/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 484s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-p8kq75/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 484s ++ basename /tmp/sssd-softhsm2-p8kq75/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 484s Test Organization Interme Token 484s + tokens_dir=/tmp/sssd-softhsm2-p8kq75/softhsm2-test-intermediate-CA-trusted-certificate-0001 484s + token_name='Test Organization Interme Token' 484s + '[' '!' -e /tmp/sssd-softhsm2-p8kq75/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 484s + '[' '!' -d /tmp/sssd-softhsm2-p8kq75/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 484s + echo 'Test Organization Interme Token' 484s + '[' -n partial_chain ']' 484s + local verify_arg=--verify=partial_chain 484s + local output_base_name=SSSD-child-28601 484s + local output_file=/tmp/sssd-softhsm2-p8kq75/SSSD-child-28601.output 484s + output_cert_file=/tmp/sssd-softhsm2-p8kq75/SSSD-child-28601.pem 484s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-p8kq75/test-full-chain-CA.pem 484s [p11_child[3111]] [main] (0x0400): p11_child started. 484s [p11_child[3111]] [main] (0x2000): Running in [pre-auth] mode. 484s [p11_child[3111]] [main] (0x2000): Running with effective IDs: [0][0]. 484s [p11_child[3111]] [main] (0x2000): Running with real IDs [0][0]. 484s [p11_child[3111]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 484s [p11_child[3111]] [do_card] (0x4000): Module List: 484s [p11_child[3111]] [do_card] (0x4000): common name: [softhsm2]. 484s [p11_child[3111]] [do_card] (0x4000): dll name: [/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 484s [p11_child[3111]] [do_card] (0x4000): Description [SoftHSM slot ID 0x759377f5] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 484s [p11_child[3111]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 484s [p11_child[3111]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x759377f5][1972598773] of module [0][/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 484s [p11_child[3111]] [do_card] (0x4000): Login NOT required. 484s [p11_child[3111]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 484s [p11_child[3111]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 484s [p11_child[3111]] [do_card] (0x4000): /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Interme Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 484s [p11_child[3111]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x759377f5;slot-manufacturer=SoftHSM%20project;slot-id=1972598773;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=3cbc49b2f59377f5;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 484s [p11_child[3111]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 484s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-p8kq75/SSSD-child-28601.output 484s + echo '-----BEGIN CERTIFICATE-----' 484s + tail -n1 /tmp/sssd-softhsm2-p8kq75/SSSD-child-28601.output 484s + echo '-----END CERTIFICATE-----' 484s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-p8kq75/SSSD-child-28601.pem 484s Certificate: 484s Data: 484s Version: 3 (0x2) 484s Serial Number: 4 (0x4) 484s Signature Algorithm: sha256WithRSAEncryption 484s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 484s Validity 484s Not Before: Nov 29 20:51:19 2024 GMT 484s Not After : Nov 29 20:51:19 2025 GMT 484s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 484s Subject Public Key Info: 484s Public Key Algorithm: rsaEncryption 484s Public-Key: (1024 bit) 484s Modulus: 484s 00:b6:b9:e4:6a:2a:47:7f:c0:8d:78:66:bb:44:44: 484s da:bb:92:80:9b:9a:69:a6:c3:33:b5:ae:bc:bd:0d: 484s a0:8b:f1:fd:4d:88:43:4e:61:87:f9:6d:b4:bd:5c: 484s 53:96:80:11:39:58:b1:67:8f:6c:00:3f:1f:de:8c: 484s d0:32:39:41:cc:1c:7a:15:13:e4:fd:d0:d0:02:00: 484s bd:5d:f9:f0:ac:22:97:a8:bb:0e:87:6f:a3:6f:dd: 484s ee:cc:f3:69:1f:94:2e:78:23:81:6b:e3:f7:95:ee: 484s 32:c8:af:fd:66:88:7a:7d:7c:02:8e:1e:9b:25:6b: 484s 87:a2:99:69:0e:69:1a:09:c1 484s Exponent: 65537 (0x10001) 484s X509v3 extensions: 484s X509v3 Authority Key Identifier: 484s 78:9A:BE:B7:7C:2C:97:8E:F8:F2:DF:43:B4:13:71:78:1A:EB:1C:95 484s X509v3 Basic Constraints: 484s CA:FALSE 484s Netscape Cert Type: 484s SSL Client, S/MIME 484s Netscape Comment: 484s Test Organization Intermediate CA trusted Certificate 484s X509v3 Subject Key Identifier: 484s 66:3A:10:FB:C8:E0:62:85:B0:94:AD:C3:46:0C:EE:4E:FC:CC:83:5C 484s X509v3 Key Usage: critical 484s Digital Signature, Non Repudiation, Key Encipherment 484s X509v3 Extended Key Usage: 484s TLS Web Client Authentication, E-mail Protection 484s X509v3 Subject Alternative Name: 484s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 484s Signature Algorithm: sha256WithRSAEncryption 484s Signature Value: 484s 27:77:bb:74:42:a7:ff:ec:bc:d3:6b:77:84:0e:4b:0b:b9:4b: 484s ad:9f:6a:d1:7d:b9:96:d5:a1:e6:34:59:c6:79:d7:ac:7e:56: 484s b0:23:46:2e:97:38:95:a3:98:16:70:20:56:f4:85:d1:0b:5b: 484s 25:d5:34:16:d9:53:13:a2:1e:21:b8:81:8a:02:08:d5:37:06: 484s 61:a0:16:d6:99:93:25:b9:76:cc:09:7c:f0:a4:76:eb:92:0d: 484s 7e:a3:4c:55:2d:e9:f8:89:3d:b0:5d:83:16:d6:69:12:b7:c1: 484s 68:8d:43:c0:5b:43:3a:25:7b:09:9b:fd:23:3b:e7:8a:e4:e2: 484s 17:68 484s + local found_md5 expected_md5 484s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-p8kq75/test-intermediate-CA-trusted-certificate-0001.pem 484s + expected_md5=Modulus=B6B9E46A2A477FC08D7866BB4444DABB92809B9A69A6C333B5AEBCBD0DA08BF1FD4D88434E6187F96DB4BD5C539680113958B1678F6C003F1FDE8CD0323941CC1C7A1513E4FDD0D00200BD5DF9F0AC2297A8BB0E876FA36FDDEECCF3691F942E7823816BE3F795EE32C8AFFD66887A7D7C028E1E9B256B87A299690E691A09C1 484s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-p8kq75/SSSD-child-28601.pem 484s + found_md5=Modulus=B6B9E46A2A477FC08D7866BB4444DABB92809B9A69A6C333B5AEBCBD0DA08BF1FD4D88434E6187F96DB4BD5C539680113958B1678F6C003F1FDE8CD0323941CC1C7A1513E4FDD0D00200BD5DF9F0AC2297A8BB0E876FA36FDDEECCF3691F942E7823816BE3F795EE32C8AFFD66887A7D7C028E1E9B256B87A299690E691A09C1 484s + '[' Modulus=B6B9E46A2A477FC08D7866BB4444DABB92809B9A69A6C333B5AEBCBD0DA08BF1FD4D88434E6187F96DB4BD5C539680113958B1678F6C003F1FDE8CD0323941CC1C7A1513E4FDD0D00200BD5DF9F0AC2297A8BB0E876FA36FDDEECCF3691F942E7823816BE3F795EE32C8AFFD66887A7D7C028E1E9B256B87A299690E691A09C1 '!=' Modulus=B6B9E46A2A477FC08D7866BB4444DABB92809B9A69A6C333B5AEBCBD0DA08BF1FD4D88434E6187F96DB4BD5C539680113958B1678F6C003F1FDE8CD0323941CC1C7A1513E4FDD0D00200BD5DF9F0AC2297A8BB0E876FA36FDDEECCF3691F942E7823816BE3F795EE32C8AFFD66887A7D7C028E1E9B256B87A299690E691A09C1 ']' 484s + output_file=/tmp/sssd-softhsm2-p8kq75/SSSD-child-28601-auth.output 484s ++ basename /tmp/sssd-softhsm2-p8kq75/SSSD-child-28601-auth.output .output 484s + output_cert_file=/tmp/sssd-softhsm2-p8kq75/SSSD-child-28601-auth.pem 484s + echo -n 053350 484s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-p8kq75/test-full-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Interme Token' --module_name /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so 484s [p11_child[3119]] [main] (0x0400): p11_child started. 484s [p11_child[3119]] [main] (0x2000): Running in [auth] mode. 484s [p11_child[3119]] [main] (0x2000): Running with effective IDs: [0][0]. 484s [p11_child[3119]] [main] (0x2000): Running with real IDs [0][0]. 484s [p11_child[3119]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 484s [p11_child[3119]] [do_card] (0x4000): Module List: 484s [p11_child[3119]] [do_card] (0x4000): common name: [softhsm2]. 484s [p11_child[3119]] [do_card] (0x4000): dll name: [/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 484s [p11_child[3119]] [do_card] (0x4000): Description [SoftHSM slot ID 0x759377f5] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 484s [p11_child[3119]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 484s [p11_child[3119]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x759377f5][1972598773] of module [0][/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 484s [p11_child[3119]] [do_card] (0x4000): Login required. 484s [p11_child[3119]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 484s [p11_child[3119]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 484s [p11_child[3119]] [do_card] (0x4000): /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so Test Organization Interme Token Test Organization Interme Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 484s [p11_child[3119]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x759377f5;slot-manufacturer=SoftHSM%20project;slot-id=1972598773;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=3cbc49b2f59377f5;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 484s [p11_child[3119]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 484s [p11_child[3119]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 484s [p11_child[3119]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 484s [p11_child[3119]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 484s [p11_child[3119]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 484s [p11_child[3119]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 484s [p11_child[3119]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 484s [p11_child[3119]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 484s [p11_child[3119]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 484s [p11_child[3119]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 484s [p11_child[3119]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 484s [p11_child[3119]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 484s [p11_child[3119]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 484s [p11_child[3119]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 484s [p11_child[3119]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 484s [p11_child[3119]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 484s [p11_child[3119]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 484s [p11_child[3119]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 484s [p11_child[3119]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 484s [p11_child[3119]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 484s [p11_child[3119]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 484s [p11_child[3119]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 484s [p11_child[3119]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 484s [p11_child[3119]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 484s [p11_child[3119]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 484s [p11_child[3119]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 484s [p11_child[3119]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 484s [p11_child[3119]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 484s [p11_child[3119]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 484s [p11_child[3119]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 484s [p11_child[3119]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 484s [p11_child[3119]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 484s [p11_child[3119]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 484s [p11_child[3119]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 484s [p11_child[3119]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 484s [p11_child[3119]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 484s [p11_child[3119]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 484s [p11_child[3119]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 484s [p11_child[3119]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 484s [p11_child[3119]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 484s [p11_child[3119]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 484s [p11_child[3119]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 484s [p11_child[3119]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 484s [p11_child[3119]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 484s [p11_child[3119]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 484s [p11_child[3119]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 484s [p11_child[3119]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 484s [p11_child[3119]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 484s [p11_child[3119]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 484s [p11_child[3119]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 484s [p11_child[3119]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 484s [p11_child[3119]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 484s [p11_child[3119]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 484s [p11_child[3119]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 484s [p11_child[3119]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 484s [p11_child[3119]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 484s [p11_child[3119]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 484s [p11_child[3119]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 484s [p11_child[3119]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 484s [p11_child[3119]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 484s [p11_child[3119]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 484s [p11_child[3119]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 484s [p11_child[3119]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 484s [p11_child[3119]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 484s [p11_child[3119]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 484s [p11_child[3119]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 484s [p11_child[3119]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 484s [p11_child[3119]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 484s [p11_child[3119]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 484s [p11_child[3119]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 484s [p11_child[3119]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 484s [p11_child[3119]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 484s [p11_child[3119]] [do_card] (0x4000): Certificate verified and validated. 484s [p11_child[3119]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 484s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-p8kq75/SSSD-child-28601-auth.output 484s + echo '-----BEGIN CERTIFICATE-----' 484s + tail -n1 /tmp/sssd-softhsm2-p8kq75/SSSD-child-28601-auth.output 484s + echo '-----END CERTIFICATE-----' 484s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-p8kq75/SSSD-child-28601-auth.pem 484s Certificate: 484s Data: 484s Version: 3 (0x2) 484s Serial Number: 4 (0x4) 484s Signature Algorithm: sha256WithRSAEncryption 484s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 484s Validity 484s Not Before: Nov 29 20:51:19 2024 GMT 484s Not After : Nov 29 20:51:19 2025 GMT 484s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 484s Subject Public Key Info: 484s Public Key Algorithm: rsaEncryption 484s Public-Key: (1024 bit) 484s Modulus: 484s 00:b6:b9:e4:6a:2a:47:7f:c0:8d:78:66:bb:44:44: 484s da:bb:92:80:9b:9a:69:a6:c3:33:b5:ae:bc:bd:0d: 484s a0:8b:f1:fd:4d:88:43:4e:61:87:f9:6d:b4:bd:5c: 484s 53:96:80:11:39:58:b1:67:8f:6c:00:3f:1f:de:8c: 484s d0:32:39:41:cc:1c:7a:15:13:e4:fd:d0:d0:02:00: 484s bd:5d:f9:f0:ac:22:97:a8:bb:0e:87:6f:a3:6f:dd: 484s ee:cc:f3:69:1f:94:2e:78:23:81:6b:e3:f7:95:ee: 484s 32:c8:af:fd:66:88:7a:7d:7c:02:8e:1e:9b:25:6b: 484s 87:a2:99:69:0e:69:1a:09:c1 484s Exponent: 65537 (0x10001) 484s X509v3 extensions: 484s X509v3 Authority Key Identifier: 484s 78:9A:BE:B7:7C:2C:97:8E:F8:F2:DF:43:B4:13:71:78:1A:EB:1C:95 484s X509v3 Basic Constraints: 484s CA:FALSE 484s Netscape Cert Type: 484s SSL Client, S/MIME 484s Netscape Comment: 484s Test Organization Intermediate CA trusted Certificate 484s X509v3 Subject Key Identifier: 484s 66:3A:10:FB:C8:E0:62:85:B0:94:AD:C3:46:0C:EE:4E:FC:CC:83:5C 484s X509v3 Key Usage: critical 484s Digital Signature, Non Repudiation, Key Encipherment 484s X509v3 Extended Key Usage: 484s TLS Web Client Authentication, E-mail Protection 484s X509v3 Subject Alternative Name: 484s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 484s Signature Algorithm: sha256WithRSAEncryption 484s Signature Value: 484s 27:77:bb:74:42:a7:ff:ec:bc:d3:6b:77:84:0e:4b:0b:b9:4b: 484s ad:9f:6a:d1:7d:b9:96:d5:a1:e6:34:59:c6:79:d7:ac:7e:56: 484s b0:23:46:2e:97:38:95:a3:98:16:70:20:56:f4:85:d1:0b:5b: 484s 25:d5:34:16:d9:53:13:a2:1e:21:b8:81:8a:02:08:d5:37:06: 484s 61:a0:16:d6:99:93:25:b9:76:cc:09:7c:f0:a4:76:eb:92:0d: 484s 7e:a3:4c:55:2d:e9:f8:89:3d:b0:5d:83:16:d6:69:12:b7:c1: 484s 68:8d:43:c0:5b:43:3a:25:7b:09:9b:fd:23:3b:e7:8a:e4:e2: 484s 17:68 484s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-p8kq75/SSSD-child-28601-auth.pem 484s + found_md5=Modulus=B6B9E46A2A477FC08D7866BB4444DABB92809B9A69A6C333B5AEBCBD0DA08BF1FD4D88434E6187F96DB4BD5C539680113958B1678F6C003F1FDE8CD0323941CC1C7A1513E4FDD0D00200BD5DF9F0AC2297A8BB0E876FA36FDDEECCF3691F942E7823816BE3F795EE32C8AFFD66887A7D7C028E1E9B256B87A299690E691A09C1 484s + '[' Modulus=B6B9E46A2A477FC08D7866BB4444DABB92809B9A69A6C333B5AEBCBD0DA08BF1FD4D88434E6187F96DB4BD5C539680113958B1678F6C003F1FDE8CD0323941CC1C7A1513E4FDD0D00200BD5DF9F0AC2297A8BB0E876FA36FDDEECCF3691F942E7823816BE3F795EE32C8AFFD66887A7D7C028E1E9B256B87A299690E691A09C1 '!=' Modulus=B6B9E46A2A477FC08D7866BB4444DABB92809B9A69A6C333B5AEBCBD0DA08BF1FD4D88434E6187F96DB4BD5C539680113958B1678F6C003F1FDE8CD0323941CC1C7A1513E4FDD0D00200BD5DF9F0AC2297A8BB0E876FA36FDDEECCF3691F942E7823816BE3F795EE32C8AFFD66887A7D7C028E1E9B256B87A299690E691A09C1 ']' 484s + invalid_certificate /tmp/sssd-softhsm2-p8kq75/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-6504 /tmp/sssd-softhsm2-p8kq75/test-intermediate-CA.pem 484s + check_certificate /tmp/sssd-softhsm2-p8kq75/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-6504 /tmp/sssd-softhsm2-p8kq75/test-intermediate-CA.pem 484s + local certificate=/tmp/sssd-softhsm2-p8kq75/test-intermediate-CA-trusted-certificate-0001.pem 484s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-6504 484s + local key_ring=/tmp/sssd-softhsm2-p8kq75/test-intermediate-CA.pem 484s + local verify_option= 484s + prepare_softhsm2_card /tmp/sssd-softhsm2-p8kq75/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-6504 484s + local certificate=/tmp/sssd-softhsm2-p8kq75/test-intermediate-CA-trusted-certificate-0001.pem 484s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-6504 484s + local key_cn 484s + local key_name 484s + local tokens_dir 484s + local output_cert_file 484s + token_name= 484s ++ basename /tmp/sssd-softhsm2-p8kq75/test-intermediate-CA-trusted-certificate-0001.pem .pem 484s + key_name=test-intermediate-CA-trusted-certificate-0001 484s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-p8kq75/test-intermediate-CA-trusted-certificate-0001.pem 484s ++ sed -n 's/ *commonName *= //p' 484s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 484s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 484s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-p8kq75/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 484s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-p8kq75/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 484s ++ basename /tmp/sssd-softhsm2-p8kq75/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 484s + tokens_dir=/tmp/sssd-softhsm2-p8kq75/softhsm2-test-intermediate-CA-trusted-certificate-0001 484s + token_name='Test Organization Interme Token' 484s + '[' '!' -e /tmp/sssd-softhsm2-p8kq75/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 484s + '[' '!' -d /tmp/sssd-softhsm2-p8kq75/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 484s + echo 'Test Organization Interme Token' 484s Test Organization Interme Token 484s + '[' -n '' ']' 484s + local output_base_name=SSSD-child-17145 484s + local output_file=/tmp/sssd-softhsm2-p8kq75/SSSD-child-17145.output 484s + output_cert_file=/tmp/sssd-softhsm2-p8kq75/SSSD-child-17145.pem 484s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-p8kq75/test-intermediate-CA.pem 484s [p11_child[3129]] [main] (0x0400): p11_child started. 484s [p11_child[3129]] [main] (0x2000): Running in [pre-auth] mode. 484s [p11_child[3129]] [main] (0x2000): Running with effective IDs: [0][0]. 484s [p11_child[3129]] [main] (0x2000): Running with real IDs [0][0]. 484s [p11_child[3129]] [do_card] (0x4000): Module List: 484s [p11_child[3129]] [do_card] (0x4000): common name: [softhsm2]. 484s [p11_child[3129]] [do_card] (0x4000): dll name: [/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 484s [p11_child[3129]] [do_card] (0x4000): Description [SoftHSM slot ID 0x759377f5] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 484s [p11_child[3129]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 484s [p11_child[3129]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x759377f5][1972598773] of module [0][/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 484s [p11_child[3129]] [do_card] (0x4000): Login NOT required. 484s [p11_child[3129]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 484s [p11_child[3129]] [do_verification] (0x0040): X509_verify_cert failed [0]. 484s [p11_child[3129]] [do_verification] (0x0040): X509_verify_cert failed [2][unable to get issuer certificate]. 484s [p11_child[3129]] [read_certs] (0x0040): Certificate [Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] not valid, skipping. 484s [p11_child[3129]] [do_card] (0x4000): No certificate found. 484s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-p8kq75/SSSD-child-17145.output 484s + return 2 484s + valid_certificate /tmp/sssd-softhsm2-p8kq75/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-6504 /tmp/sssd-softhsm2-p8kq75/test-intermediate-CA.pem partial_chain 484s + check_certificate /tmp/sssd-softhsm2-p8kq75/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-6504 /tmp/sssd-softhsm2-p8kq75/test-intermediate-CA.pem partial_chain 484s + local certificate=/tmp/sssd-softhsm2-p8kq75/test-intermediate-CA-trusted-certificate-0001.pem 484s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-6504 484s + local key_ring=/tmp/sssd-softhsm2-p8kq75/test-intermediate-CA.pem 484s + local verify_option=partial_chain 484s + prepare_softhsm2_card /tmp/sssd-softhsm2-p8kq75/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-6504 484s + local certificate=/tmp/sssd-softhsm2-p8kq75/test-intermediate-CA-trusted-certificate-0001.pem 484s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-6504 484s + local key_cn 484s + local key_name 484s + local tokens_dir 484s + local output_cert_file 484s + token_name= 484s ++ basename /tmp/sssd-softhsm2-p8kq75/test-intermediate-CA-trusted-certificate-0001.pem .pem 484s + key_name=test-intermediate-CA-trusted-certificate-0001 484s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-p8kq75/test-intermediate-CA-trusted-certificate-0001.pem 484s ++ sed -n 's/ *commonName *= //p' 484s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 484s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 484s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-p8kq75/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 484s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-p8kq75/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 484s ++ basename /tmp/sssd-softhsm2-p8kq75/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 484s Test Organization Interme Token 484s + tokens_dir=/tmp/sssd-softhsm2-p8kq75/softhsm2-test-intermediate-CA-trusted-certificate-0001 484s + token_name='Test Organization Interme Token' 484s + '[' '!' -e /tmp/sssd-softhsm2-p8kq75/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 484s + '[' '!' -d /tmp/sssd-softhsm2-p8kq75/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 484s + echo 'Test Organization Interme Token' 484s + '[' -n partial_chain ']' 484s + local verify_arg=--verify=partial_chain 484s + local output_base_name=SSSD-child-13027 484s + local output_file=/tmp/sssd-softhsm2-p8kq75/SSSD-child-13027.output 484s + output_cert_file=/tmp/sssd-softhsm2-p8kq75/SSSD-child-13027.pem 484s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-p8kq75/test-intermediate-CA.pem 484s [p11_child[3136]] [main] (0x0400): p11_child started. 484s [p11_child[3136]] [main] (0x2000): Running in [pre-auth] mode. 484s [p11_child[3136]] [main] (0x2000): Running with effective IDs: [0][0]. 484s [p11_child[3136]] [main] (0x2000): Running with real IDs [0][0]. 484s [p11_child[3136]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 484s [p11_child[3136]] [do_card] (0x4000): Module List: 484s [p11_child[3136]] [do_card] (0x4000): common name: [softhsm2]. 484s [p11_child[3136]] [do_card] (0x4000): dll name: [/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 484s [p11_child[3136]] [do_card] (0x4000): Description [SoftHSM slot ID 0x759377f5] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 484s [p11_child[3136]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 484s [p11_child[3136]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x759377f5][1972598773] of module [0][/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 484s [p11_child[3136]] [do_card] (0x4000): Login NOT required. 484s [p11_child[3136]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 484s [p11_child[3136]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 484s [p11_child[3136]] [do_card] (0x4000): /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Interme Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 484s [p11_child[3136]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x759377f5;slot-manufacturer=SoftHSM%20project;slot-id=1972598773;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=3cbc49b2f59377f5;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 484s [p11_child[3136]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 484s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-p8kq75/SSSD-child-13027.output 484s + echo '-----BEGIN CERTIFICATE-----' 484s + tail -n1 /tmp/sssd-softhsm2-p8kq75/SSSD-child-13027.output 484s + echo '-----END CERTIFICATE-----' 484s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-p8kq75/SSSD-child-13027.pem 484s Certificate: 484s Data: 484s Version: 3 (0x2) 484s Serial Number: 4 (0x4) 484s Signature Algorithm: sha256WithRSAEncryption 484s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 484s Validity 484s Not Before: Nov 29 20:51:19 2024 GMT 484s Not After : Nov 29 20:51:19 2025 GMT 484s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 484s Subject Public Key Info: 484s Public Key Algorithm: rsaEncryption 484s Public-Key: (1024 bit) 484s Modulus: 484s 00:b6:b9:e4:6a:2a:47:7f:c0:8d:78:66:bb:44:44: 484s da:bb:92:80:9b:9a:69:a6:c3:33:b5:ae:bc:bd:0d: 484s a0:8b:f1:fd:4d:88:43:4e:61:87:f9:6d:b4:bd:5c: 484s 53:96:80:11:39:58:b1:67:8f:6c:00:3f:1f:de:8c: 484s d0:32:39:41:cc:1c:7a:15:13:e4:fd:d0:d0:02:00: 484s bd:5d:f9:f0:ac:22:97:a8:bb:0e:87:6f:a3:6f:dd: 484s ee:cc:f3:69:1f:94:2e:78:23:81:6b:e3:f7:95:ee: 484s 32:c8:af:fd:66:88:7a:7d:7c:02:8e:1e:9b:25:6b: 484s 87:a2:99:69:0e:69:1a:09:c1 484s Exponent: 65537 (0x10001) 484s X509v3 extensions: 484s X509v3 Authority Key Identifier: 484s 78:9A:BE:B7:7C:2C:97:8E:F8:F2:DF:43:B4:13:71:78:1A:EB:1C:95 484s X509v3 Basic Constraints: 484s CA:FALSE 484s Netscape Cert Type: 484s SSL Client, S/MIME 484s Netscape Comment: 484s Test Organization Intermediate CA trusted Certificate 484s X509v3 Subject Key Identifier: 484s 66:3A:10:FB:C8:E0:62:85:B0:94:AD:C3:46:0C:EE:4E:FC:CC:83:5C 484s X509v3 Key Usage: critical 484s Digital Signature, Non Repudiation, Key Encipherment 484s X509v3 Extended Key Usage: 484s TLS Web Client Authentication, E-mail Protection 484s X509v3 Subject Alternative Name: 484s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 484s Signature Algorithm: sha256WithRSAEncryption 484s Signature Value: 484s 27:77:bb:74:42:a7:ff:ec:bc:d3:6b:77:84:0e:4b:0b:b9:4b: 484s ad:9f:6a:d1:7d:b9:96:d5:a1:e6:34:59:c6:79:d7:ac:7e:56: 484s b0:23:46:2e:97:38:95:a3:98:16:70:20:56:f4:85:d1:0b:5b: 484s 25:d5:34:16:d9:53:13:a2:1e:21:b8:81:8a:02:08:d5:37:06: 484s 61:a0:16:d6:99:93:25:b9:76:cc:09:7c:f0:a4:76:eb:92:0d: 484s 7e:a3:4c:55:2d:e9:f8:89:3d:b0:5d:83:16:d6:69:12:b7:c1: 484s 68:8d:43:c0:5b:43:3a:25:7b:09:9b:fd:23:3b:e7:8a:e4:e2: 484s 17:68 484s + local found_md5 expected_md5 484s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-p8kq75/test-intermediate-CA-trusted-certificate-0001.pem 484s + expected_md5=Modulus=B6B9E46A2A477FC08D7866BB4444DABB92809B9A69A6C333B5AEBCBD0DA08BF1FD4D88434E6187F96DB4BD5C539680113958B1678F6C003F1FDE8CD0323941CC1C7A1513E4FDD0D00200BD5DF9F0AC2297A8BB0E876FA36FDDEECCF3691F942E7823816BE3F795EE32C8AFFD66887A7D7C028E1E9B256B87A299690E691A09C1 484s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-p8kq75/SSSD-child-13027.pem 484s + found_md5=Modulus=B6B9E46A2A477FC08D7866BB4444DABB92809B9A69A6C333B5AEBCBD0DA08BF1FD4D88434E6187F96DB4BD5C539680113958B1678F6C003F1FDE8CD0323941CC1C7A1513E4FDD0D00200BD5DF9F0AC2297A8BB0E876FA36FDDEECCF3691F942E7823816BE3F795EE32C8AFFD66887A7D7C028E1E9B256B87A299690E691A09C1 484s + '[' Modulus=B6B9E46A2A477FC08D7866BB4444DABB92809B9A69A6C333B5AEBCBD0DA08BF1FD4D88434E6187F96DB4BD5C539680113958B1678F6C003F1FDE8CD0323941CC1C7A1513E4FDD0D00200BD5DF9F0AC2297A8BB0E876FA36FDDEECCF3691F942E7823816BE3F795EE32C8AFFD66887A7D7C028E1E9B256B87A299690E691A09C1 '!=' Modulus=B6B9E46A2A477FC08D7866BB4444DABB92809B9A69A6C333B5AEBCBD0DA08BF1FD4D88434E6187F96DB4BD5C539680113958B1678F6C003F1FDE8CD0323941CC1C7A1513E4FDD0D00200BD5DF9F0AC2297A8BB0E876FA36FDDEECCF3691F942E7823816BE3F795EE32C8AFFD66887A7D7C028E1E9B256B87A299690E691A09C1 ']' 484s + output_file=/tmp/sssd-softhsm2-p8kq75/SSSD-child-13027-auth.output 484s ++ basename /tmp/sssd-softhsm2-p8kq75/SSSD-child-13027-auth.output .output 484s + output_cert_file=/tmp/sssd-softhsm2-p8kq75/SSSD-child-13027-auth.pem 484s + echo -n 053350 484s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-p8kq75/test-intermediate-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Interme Token' --module_name /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so 484s [p11_child[3144]] [main] (0x0400): p11_child started. 484s [p11_child[3144]] [main] (0x2000): Running in [auth] mode. 484s [p11_child[3144]] [main] (0x2000): Running with effective IDs: [0][0]. 484s [p11_child[3144]] [main] (0x2000): Running with real IDs [0][0]. 484s [p11_child[3144]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 484s [p11_child[3144]] [do_card] (0x4000): Module List: 484s [p11_child[3144]] [do_card] (0x4000): common name: [softhsm2]. 484s [p11_child[3144]] [do_card] (0x4000): dll name: [/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 484s [p11_child[3144]] [do_card] (0x4000): Description [SoftHSM slot ID 0x759377f5] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 484s [p11_child[3144]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 484s [p11_child[3144]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x759377f5][1972598773] of module [0][/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 484s [p11_child[3144]] [do_card] (0x4000): Login required. 484s [p11_child[3144]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 484s [p11_child[3144]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 484s [p11_child[3144]] [do_card] (0x4000): /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so Test Organization Interme Token Test Organization Interme Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 484s [p11_child[3144]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x759377f5;slot-manufacturer=SoftHSM%20project;slot-id=1972598773;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=3cbc49b2f59377f5;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 484s [p11_child[3144]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 484s [p11_child[3144]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 484s [p11_child[3144]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 484s [p11_child[3144]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 484s [p11_child[3144]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 484s [p11_child[3144]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 484s [p11_child[3144]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 484s [p11_child[3144]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 484s [p11_child[3144]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 484s [p11_child[3144]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 484s [p11_child[3144]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 484s [p11_child[3144]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 484s [p11_child[3144]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 484s [p11_child[3144]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 484s [p11_child[3144]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 484s [p11_child[3144]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 484s [p11_child[3144]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 484s [p11_child[3144]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 484s [p11_child[3144]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 484s [p11_child[3144]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 484s [p11_child[3144]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 484s [p11_child[3144]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 484s [p11_child[3144]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 484s [p11_child[3144]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 484s [p11_child[3144]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 484s [p11_child[3144]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 484s [p11_child[3144]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 484s [p11_child[3144]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 484s [p11_child[3144]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 484s [p11_child[3144]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 484s [p11_child[3144]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 484s [p11_child[3144]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 484s [p11_child[3144]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 484s [p11_child[3144]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 484s [p11_child[3144]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 484s [p11_child[3144]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 484s [p11_child[3144]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 484s [p11_child[3144]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 484s [p11_child[3144]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 484s [p11_child[3144]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 484s [p11_child[3144]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 484s [p11_child[3144]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 484s [p11_child[3144]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 484s [p11_child[3144]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 484s [p11_child[3144]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 484s [p11_child[3144]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 484s [p11_child[3144]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 484s [p11_child[3144]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 484s [p11_child[3144]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 484s [p11_child[3144]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 484s [p11_child[3144]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 484s [p11_child[3144]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 484s [p11_child[3144]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 484s [p11_child[3144]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 484s [p11_child[3144]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 484s [p11_child[3144]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 484s [p11_child[3144]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 484s [p11_child[3144]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 484s [p11_child[3144]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 484s [p11_child[3144]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 484s [p11_child[3144]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 484s [p11_child[3144]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 484s [p11_child[3144]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 484s [p11_child[3144]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 484s [p11_child[3144]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 484s [p11_child[3144]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 484s [p11_child[3144]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 484s [p11_child[3144]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 484s [p11_child[3144]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 484s [p11_child[3144]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 484s [p11_child[3144]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 484s [p11_child[3144]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 484s [p11_child[3144]] [do_card] (0x4000): Certificate verified and validated. 484s [p11_child[3144]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 484s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-p8kq75/SSSD-child-13027-auth.output 484s + echo '-----BEGIN CERTIFICATE-----' 484s + tail -n1 /tmp/sssd-softhsm2-p8kq75/SSSD-child-13027-auth.output 484s + echo '-----END CERTIFICATE-----' 484s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-p8kq75/SSSD-child-13027-auth.pem 484s Certificate: 484s Data: 484s Version: 3 (0x2) 484s Serial Number: 4 (0x4) 484s Signature Algorithm: sha256WithRSAEncryption 484s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 484s Validity 484s Not Before: Nov 29 20:51:19 2024 GMT 484s Not After : Nov 29 20:51:19 2025 GMT 484s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 484s Subject Public Key Info: 484s Public Key Algorithm: rsaEncryption 484s Public-Key: (1024 bit) 484s Modulus: 484s 00:b6:b9:e4:6a:2a:47:7f:c0:8d:78:66:bb:44:44: 484s da:bb:92:80:9b:9a:69:a6:c3:33:b5:ae:bc:bd:0d: 484s a0:8b:f1:fd:4d:88:43:4e:61:87:f9:6d:b4:bd:5c: 484s 53:96:80:11:39:58:b1:67:8f:6c:00:3f:1f:de:8c: 484s d0:32:39:41:cc:1c:7a:15:13:e4:fd:d0:d0:02:00: 484s bd:5d:f9:f0:ac:22:97:a8:bb:0e:87:6f:a3:6f:dd: 484s ee:cc:f3:69:1f:94:2e:78:23:81:6b:e3:f7:95:ee: 484s 32:c8:af:fd:66:88:7a:7d:7c:02:8e:1e:9b:25:6b: 484s 87:a2:99:69:0e:69:1a:09:c1 484s Exponent: 65537 (0x10001) 484s X509v3 extensions: 484s X509v3 Authority Key Identifier: 484s 78:9A:BE:B7:7C:2C:97:8E:F8:F2:DF:43:B4:13:71:78:1A:EB:1C:95 484s X509v3 Basic Constraints: 484s CA:FALSE 484s Netscape Cert Type: 484s SSL Client, S/MIME 484s Netscape Comment: 484s Test Organization Intermediate CA trusted Certificate 484s X509v3 Subject Key Identifier: 484s 66:3A:10:FB:C8:E0:62:85:B0:94:AD:C3:46:0C:EE:4E:FC:CC:83:5C 484s X509v3 Key Usage: critical 484s Digital Signature, Non Repudiation, Key Encipherment 484s X509v3 Extended Key Usage: 484s TLS Web Client Authentication, E-mail Protection 484s X509v3 Subject Alternative Name: 484s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 484s Signature Algorithm: sha256WithRSAEncryption 484s Signature Value: 484s 27:77:bb:74:42:a7:ff:ec:bc:d3:6b:77:84:0e:4b:0b:b9:4b: 484s ad:9f:6a:d1:7d:b9:96:d5:a1:e6:34:59:c6:79:d7:ac:7e:56: 484s b0:23:46:2e:97:38:95:a3:98:16:70:20:56:f4:85:d1:0b:5b: 484s 25:d5:34:16:d9:53:13:a2:1e:21:b8:81:8a:02:08:d5:37:06: 484s 61:a0:16:d6:99:93:25:b9:76:cc:09:7c:f0:a4:76:eb:92:0d: 484s 7e:a3:4c:55:2d:e9:f8:89:3d:b0:5d:83:16:d6:69:12:b7:c1: 484s 68:8d:43:c0:5b:43:3a:25:7b:09:9b:fd:23:3b:e7:8a:e4:e2: 484s 17:68 484s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-p8kq75/SSSD-child-13027-auth.pem 484s + found_md5=Modulus=B6B9E46A2A477FC08D7866BB4444DABB92809B9A69A6C333B5AEBCBD0DA08BF1FD4D88434E6187F96DB4BD5C539680113958B1678F6C003F1FDE8CD0323941CC1C7A1513E4FDD0D00200BD5DF9F0AC2297A8BB0E876FA36FDDEECCF3691F942E7823816BE3F795EE32C8AFFD66887A7D7C028E1E9B256B87A299690E691A09C1 484s + '[' Modulus=B6B9E46A2A477FC08D7866BB4444DABB92809B9A69A6C333B5AEBCBD0DA08BF1FD4D88434E6187F96DB4BD5C539680113958B1678F6C003F1FDE8CD0323941CC1C7A1513E4FDD0D00200BD5DF9F0AC2297A8BB0E876FA36FDDEECCF3691F942E7823816BE3F795EE32C8AFFD66887A7D7C028E1E9B256B87A299690E691A09C1 '!=' Modulus=B6B9E46A2A477FC08D7866BB4444DABB92809B9A69A6C333B5AEBCBD0DA08BF1FD4D88434E6187F96DB4BD5C539680113958B1678F6C003F1FDE8CD0323941CC1C7A1513E4FDD0D00200BD5DF9F0AC2297A8BB0E876FA36FDDEECCF3691F942E7823816BE3F795EE32C8AFFD66887A7D7C028E1E9B256B87A299690E691A09C1 ']' 484s + invalid_certificate /tmp/sssd-softhsm2-p8kq75/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-5749 /tmp/sssd-softhsm2-p8kq75/test-root-CA.pem 484s + check_certificate /tmp/sssd-softhsm2-p8kq75/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-5749 /tmp/sssd-softhsm2-p8kq75/test-root-CA.pem 484s + local certificate=/tmp/sssd-softhsm2-p8kq75/test-sub-intermediate-CA-trusted-certificate-0001.pem 484s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-5749 484s + local key_ring=/tmp/sssd-softhsm2-p8kq75/test-root-CA.pem 484s + local verify_option= 484s + prepare_softhsm2_card /tmp/sssd-softhsm2-p8kq75/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-5749 484s + local certificate=/tmp/sssd-softhsm2-p8kq75/test-sub-intermediate-CA-trusted-certificate-0001.pem 484s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-5749 484s + local key_cn 484s + local key_name 484s + local tokens_dir 484s + local output_cert_file 484s + token_name= 484s ++ basename /tmp/sssd-softhsm2-p8kq75/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 484s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 484s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-p8kq75/test-sub-intermediate-CA-trusted-certificate-0001.pem 484s ++ sed -n 's/ *commonName *= //p' 484s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 484s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 484s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-p8kq75/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 484s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-p8kq75/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 484s ++ basename /tmp/sssd-softhsm2-p8kq75/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 484s + tokens_dir=/tmp/sssd-softhsm2-p8kq75/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 484s + token_name='Test Organization Sub Int Token' 484s + '[' '!' -e /tmp/sssd-softhsm2-p8kq75/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 484s + local key_file 484s + local decrypted_key 484s + mkdir -p /tmp/sssd-softhsm2-p8kq75/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 484s + key_file=/tmp/sssd-softhsm2-p8kq75/test-sub-intermediate-CA-trusted-certificate-0001-key.pem 484s + decrypted_key=/tmp/sssd-softhsm2-p8kq75/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 484s + cat 484s + softhsm2-util --init-token --label 'Test Organization Sub Int Token' --pin 053350 --so-pin 053350 --free 484s Slot 0 has a free/uninitialized token. 484s The token has been initialized and is reassigned to slot 261202582 484s + softhsm2-util --show-slots 484s Available slots: 484s Slot 261202582 484s Slot info: 484s Description: SoftHSM slot ID 0xf91a296 484s Manufacturer ID: SoftHSM project 484s Hardware version: 2.6 484s Firmware version: 2.6 484s Token present: yes 484s Token info: 484s Manufacturer ID: SoftHSM project 484s Model: SoftHSM v2 484s Hardware version: 2.6 484s Firmware version: 2.6 484s Serial number: f25d24598f91a296 484s Initialized: yes 484s User PIN init.: yes 484s Label: Test Organization Sub Int Token 484s Slot 1 484s Slot info: 484s Description: SoftHSM slot ID 0x1 484s Manufacturer ID: SoftHSM project 484s Hardware version: 2.6 484s Firmware version: 2.6 484s Token present: yes 484s Token info: 484s Manufacturer ID: SoftHSM project 484s Model: SoftHSM v2 484s Hardware version: 2.6 484s Firmware version: 2.6 484s Serial number: 484s Initialized: no 484s User PIN init.: no 484s Label: 484s + p11tool --provider=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=/tmp/sssd-softhsm2-p8kq75/test-sub-intermediate-CA-trusted-certificate-0001.pem --login --set-pin=053350 --label 'Test Organization Sub Intermediate Trusted Certificate 0001' --id 00112233445566778899FFAABBCCDDEEFF012345 484s + openssl rsa -passin pass:random-sub-intermediate-ca-trusted-cert-0001-5749 -in /tmp/sssd-softhsm2-p8kq75/test-sub-intermediate-CA-trusted-certificate-0001-key.pem -out /tmp/sssd-softhsm2-p8kq75/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 484s writing RSA key 484s + p11tool --provider=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so --write --load-privkey=/tmp/sssd-softhsm2-p8kq75/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem --login --set-pin=053350 --label 'Test Organization Sub Intermediate Trusted Certificate 0001 Key' --id 00112233445566778899FFAABBCCDDEEFF012345 484s + rm /tmp/sssd-softhsm2-p8kq75/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 484s + p11tool --provider=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so --list-all 484s Object 0: 484s URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=f25d24598f91a296;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert 484s Type: X.509 Certificate (RSA-1024) 484s Expires: Sat Nov 29 20:51:19 2025 484s Label: Test Organization Sub Intermediate Trusted Certificate 0001 484s ID: 00:11:22:33:44:55:66:77:88:99:ff:aa:bb:cc:dd:ee:ff:01:23:45 484s 484s Test Organization Sub Int Token 484s + echo 'Test Organization Sub Int Token' 484s + '[' -n '' ']' 484s + local output_base_name=SSSD-child-20487 484s + local output_file=/tmp/sssd-softhsm2-p8kq75/SSSD-child-20487.output 484s + output_cert_file=/tmp/sssd-softhsm2-p8kq75/SSSD-child-20487.pem 484s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-p8kq75/test-root-CA.pem 484s [p11_child[3163]] [main] (0x0400): p11_child started. 484s [p11_child[3163]] [main] (0x2000): Running in [pre-auth] mode. 484s [p11_child[3163]] [main] (0x2000): Running with effective IDs: [0][0]. 484s [p11_child[3163]] [main] (0x2000): Running with real IDs [0][0]. 484s [p11_child[3163]] [do_card] (0x4000): Module List: 484s [p11_child[3163]] [do_card] (0x4000): common name: [softhsm2]. 484s [p11_child[3163]] [do_card] (0x4000): dll name: [/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 484s [p11_child[3163]] [do_card] (0x4000): Description [SoftHSM slot ID 0xf91a296] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 484s [p11_child[3163]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 484s [p11_child[3163]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0xf91a296][261202582] of module [0][/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 484s [p11_child[3163]] [do_card] (0x4000): Login NOT required. 484s [p11_child[3163]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 484s [p11_child[3163]] [do_verification] (0x0040): X509_verify_cert failed [0]. 484s [p11_child[3163]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 484s [p11_child[3163]] [read_certs] (0x0040): Certificate [Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] not valid, skipping. 484s [p11_child[3163]] [do_card] (0x4000): No certificate found. 484s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-p8kq75/SSSD-child-20487.output 484s + return 2 484s + invalid_certificate /tmp/sssd-softhsm2-p8kq75/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-5749 /tmp/sssd-softhsm2-p8kq75/test-root-CA.pem partial_chain 484s + check_certificate /tmp/sssd-softhsm2-p8kq75/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-5749 /tmp/sssd-softhsm2-p8kq75/test-root-CA.pem partial_chain 484s + local certificate=/tmp/sssd-softhsm2-p8kq75/test-sub-intermediate-CA-trusted-certificate-0001.pem 484s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-5749 484s + local key_ring=/tmp/sssd-softhsm2-p8kq75/test-root-CA.pem 484s + local verify_option=partial_chain 484s + prepare_softhsm2_card /tmp/sssd-softhsm2-p8kq75/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-5749 484s + local certificate=/tmp/sssd-softhsm2-p8kq75/test-sub-intermediate-CA-trusted-certificate-0001.pem 484s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-5749 484s + local key_cn 484s + local key_name 484s + local tokens_dir 484s + local output_cert_file 484s + token_name= 484s ++ basename /tmp/sssd-softhsm2-p8kq75/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 484s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 484s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-p8kq75/test-sub-intermediate-CA-trusted-certificate-0001.pem 484s ++ sed -n 's/ *commonName *= //p' 484s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 484s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 484s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-p8kq75/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 484s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-p8kq75/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 484s ++ basename /tmp/sssd-softhsm2-p8kq75/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 484s + tokens_dir=/tmp/sssd-softhsm2-p8kq75/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 484s + token_name='Test Organization Sub Int Token' 484s + '[' '!' -e /tmp/sssd-softhsm2-p8kq75/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 484s + '[' '!' -d /tmp/sssd-softhsm2-p8kq75/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 484s + echo 'Test Organization Sub Int Token' 484s + '[' -n partial_chain ']' 484s + local verify_arg=--verify=partial_chain 484s + local output_base_name=SSSD-child-17873 484s + local output_file=/tmp/sssd-softhsm2-p8kq75/SSSD-child-17873.output 484s + output_cert_file=/tmp/sssd-softhsm2-p8kq75/SSSD-child-17873.pem 484s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-p8kq75/test-root-CA.pem 484s Test Organization Sub Int Token 484s [p11_child[3170]] [main] (0x0400): p11_child started. 484s [p11_child[3170]] [main] (0x2000): Running in [pre-auth] mode. 484s [p11_child[3170]] [main] (0x2000): Running with effective IDs: [0][0]. 484s [p11_child[3170]] [main] (0x2000): Running with real IDs [0][0]. 484s [p11_child[3170]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 484s [p11_child[3170]] [do_card] (0x4000): Module List: 484s [p11_child[3170]] [do_card] (0x4000): common name: [softhsm2]. 484s [p11_child[3170]] [do_card] (0x4000): dll name: [/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 484s [p11_child[3170]] [do_card] (0x4000): Description [SoftHSM slot ID 0xf91a296] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 484s [p11_child[3170]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 484s [p11_child[3170]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0xf91a296][261202582] of module [0][/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 484s [p11_child[3170]] [do_card] (0x4000): Login NOT required. 484s [p11_child[3170]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 484s [p11_child[3170]] [do_verification] (0x0040): X509_verify_cert failed [0]. 484s [p11_child[3170]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 484s [p11_child[3170]] [read_certs] (0x0040): Certificate [Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] not valid, skipping. 484s [p11_child[3170]] [do_card] (0x4000): No certificate found. 484s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-p8kq75/SSSD-child-17873.output 484s + return 2 484s + valid_certificate /tmp/sssd-softhsm2-p8kq75/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-5749 /tmp/sssd-softhsm2-p8kq75/test-full-chain-CA.pem 484s + check_certificate /tmp/sssd-softhsm2-p8kq75/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-5749 /tmp/sssd-softhsm2-p8kq75/test-full-chain-CA.pem 484s + local certificate=/tmp/sssd-softhsm2-p8kq75/test-sub-intermediate-CA-trusted-certificate-0001.pem 484s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-5749 484s + local key_ring=/tmp/sssd-softhsm2-p8kq75/test-full-chain-CA.pem 484s + local verify_option= 484s + prepare_softhsm2_card /tmp/sssd-softhsm2-p8kq75/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-5749 484s + local certificate=/tmp/sssd-softhsm2-p8kq75/test-sub-intermediate-CA-trusted-certificate-0001.pem 484s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-5749 484s + local key_cn 484s + local key_name 484s + local tokens_dir 484s + local output_cert_file 484s + token_name= 484s ++ basename /tmp/sssd-softhsm2-p8kq75/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 484s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 484s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-p8kq75/test-sub-intermediate-CA-trusted-certificate-0001.pem 484s ++ sed -n 's/ *commonName *= //p' 484s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 484s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 484s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-p8kq75/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 484s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-p8kq75/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 484s ++ basename /tmp/sssd-softhsm2-p8kq75/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 484s + tokens_dir=/tmp/sssd-softhsm2-p8kq75/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 484s + token_name='Test Organization Sub Int Token' 484s + '[' '!' -e /tmp/sssd-softhsm2-p8kq75/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 484s + '[' '!' -d /tmp/sssd-softhsm2-p8kq75/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 484s + echo 'Test Organization Sub Int Token' 484s Test Organization Sub Int Token 484s + '[' -n '' ']' 484s + local output_base_name=SSSD-child-14902 484s + local output_file=/tmp/sssd-softhsm2-p8kq75/SSSD-child-14902.output 484s + output_cert_file=/tmp/sssd-softhsm2-p8kq75/SSSD-child-14902.pem 484s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-p8kq75/test-full-chain-CA.pem 484s [p11_child[3177]] [main] (0x0400): p11_child started. 484s [p11_child[3177]] [main] (0x2000): Running in [pre-auth] mode. 484s [p11_child[3177]] [main] (0x2000): Running with effective IDs: [0][0]. 484s [p11_child[3177]] [main] (0x2000): Running with real IDs [0][0]. 484s [p11_child[3177]] [do_card] (0x4000): Module List: 484s [p11_child[3177]] [do_card] (0x4000): common name: [softhsm2]. 484s [p11_child[3177]] [do_card] (0x4000): dll name: [/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 484s [p11_child[3177]] [do_card] (0x4000): Description [SoftHSM slot ID 0xf91a296] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 484s [p11_child[3177]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 484s [p11_child[3177]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0xf91a296][261202582] of module [0][/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 484s [p11_child[3177]] [do_card] (0x4000): Login NOT required. 484s [p11_child[3177]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 484s [p11_child[3177]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 484s [p11_child[3177]] [do_card] (0x4000): /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Sub Int Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 484s [p11_child[3177]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200xf91a296;slot-manufacturer=SoftHSM%20project;slot-id=261202582;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=f25d24598f91a296;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 484s [p11_child[3177]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 484s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-p8kq75/SSSD-child-14902.output 484s + echo '-----BEGIN CERTIFICATE-----' 484s + tail -n1 /tmp/sssd-softhsm2-p8kq75/SSSD-child-14902.output 484s + echo '-----END CERTIFICATE-----' 484s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-p8kq75/SSSD-child-14902.pem 484s Certificate: 484s Data: 484s Version: 3 (0x2) 484s Serial Number: 5 (0x5) 484s Signature Algorithm: sha256WithRSAEncryption 484s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 484s Validity 484s Not Before: Nov 29 20:51:19 2024 GMT 484s Not After : Nov 29 20:51:19 2025 GMT 484s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 484s Subject Public Key Info: 484s Public Key Algorithm: rsaEncryption 484s Public-Key: (1024 bit) 484s Modulus: 484s 00:dc:3f:9e:40:08:5d:d2:45:3c:e7:93:8a:ba:9d: 484s f7:fe:0e:cb:aa:a9:51:8a:1d:c9:c7:5b:62:bc:7f: 484s 9f:f7:11:fe:0c:2a:58:27:16:8e:20:8b:d6:63:5d: 484s b3:e9:e1:ec:99:d8:87:6d:e8:81:52:d5:02:1d:98: 484s ff:36:57:dd:e0:03:9b:1e:88:50:53:e9:5e:f2:6e: 484s 14:8c:f3:16:7a:d8:e8:1f:15:ef:b6:d1:bf:d5:e1: 484s e3:13:52:ea:8d:4a:9d:8b:e0:66:34:6a:c4:8c:07: 484s e5:ca:58:3e:46:1e:c1:9d:f4:89:db:b7:ba:ee:20: 484s ab:d4:4b:3b:23:71:ad:c1:11 484s Exponent: 65537 (0x10001) 484s X509v3 extensions: 484s X509v3 Authority Key Identifier: 484s 70:8E:FD:93:AA:B7:64:7C:99:7F:9D:7A:AD:6E:FA:F2:6D:98:D3:F4 484s X509v3 Basic Constraints: 484s CA:FALSE 484s Netscape Cert Type: 484s SSL Client, S/MIME 484s Netscape Comment: 484s Test Organization Sub Intermediate CA trusted Certificate 484s X509v3 Subject Key Identifier: 484s 66:E4:DC:F2:FF:31:3E:1B:CF:03:FE:28:0A:98:BA:0B:CC:75:19:7C 484s X509v3 Key Usage: critical 484s Digital Signature, Non Repudiation, Key Encipherment 484s X509v3 Extended Key Usage: 484s TLS Web Client Authentication, E-mail Protection 484s X509v3 Subject Alternative Name: 484s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 484s Signature Algorithm: sha256WithRSAEncryption 484s Signature Value: 484s 6c:22:62:c3:39:5f:05:c2:2b:89:32:ff:b8:a5:dd:a2:1b:ff: 484s e8:62:62:d4:de:d8:9c:85:0a:c6:62:49:1c:21:28:cf:b6:1a: 484s ba:0e:21:b5:78:70:78:39:42:bf:dc:81:15:12:59:af:6e:98: 484s e4:6f:65:f4:96:6e:28:47:f9:da:13:85:c3:44:78:49:ea:72: 484s 9a:5b:c3:2f:36:f8:a8:ab:10:8d:41:2a:05:30:fc:9d:20:c4: 484s 91:65:77:8c:1c:2c:9c:a5:fe:a7:f1:e5:90:7f:86:ad:0a:44: 484s c5:f6:cd:a9:6d:ed:97:41:02:71:6d:9b:a5:0f:41:06:7f:d9: 484s ca:46 484s + local found_md5 expected_md5 484s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-p8kq75/test-sub-intermediate-CA-trusted-certificate-0001.pem 484s + expected_md5=Modulus=DC3F9E40085DD2453CE7938ABA9DF7FE0ECBAAA9518A1DC9C75B62BC7F9FF711FE0C2A5827168E208BD6635DB3E9E1EC99D8876DE88152D5021D98FF3657DDE0039B1E885053E95EF26E148CF3167AD8E81F15EFB6D1BFD5E1E31352EA8D4A9D8BE066346AC48C07E5CA583E461EC19DF489DBB7BAEE20ABD44B3B2371ADC111 484s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-p8kq75/SSSD-child-14902.pem 484s + found_md5=Modulus=DC3F9E40085DD2453CE7938ABA9DF7FE0ECBAAA9518A1DC9C75B62BC7F9FF711FE0C2A5827168E208BD6635DB3E9E1EC99D8876DE88152D5021D98FF3657DDE0039B1E885053E95EF26E148CF3167AD8E81F15EFB6D1BFD5E1E31352EA8D4A9D8BE066346AC48C07E5CA583E461EC19DF489DBB7BAEE20ABD44B3B2371ADC111 484s + '[' Modulus=DC3F9E40085DD2453CE7938ABA9DF7FE0ECBAAA9518A1DC9C75B62BC7F9FF711FE0C2A5827168E208BD6635DB3E9E1EC99D8876DE88152D5021D98FF3657DDE0039B1E885053E95EF26E148CF3167AD8E81F15EFB6D1BFD5E1E31352EA8D4A9D8BE066346AC48C07E5CA583E461EC19DF489DBB7BAEE20ABD44B3B2371ADC111 '!=' Modulus=DC3F9E40085DD2453CE7938ABA9DF7FE0ECBAAA9518A1DC9C75B62BC7F9FF711FE0C2A5827168E208BD6635DB3E9E1EC99D8876DE88152D5021D98FF3657DDE0039B1E885053E95EF26E148CF3167AD8E81F15EFB6D1BFD5E1E31352EA8D4A9D8BE066346AC48C07E5CA583E461EC19DF489DBB7BAEE20ABD44B3B2371ADC111 ']' 484s + output_file=/tmp/sssd-softhsm2-p8kq75/SSSD-child-14902-auth.output 484s ++ basename /tmp/sssd-softhsm2-p8kq75/SSSD-child-14902-auth.output .output 484s + output_cert_file=/tmp/sssd-softhsm2-p8kq75/SSSD-child-14902-auth.pem 484s + echo -n 053350 484s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-p8kq75/test-full-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 '' --token_name 'Test Organization Sub Int Token' --module_name /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so 484s [p11_child[3185]] [main] (0x0400): p11_child started. 484s [p11_child[3185]] [main] (0x2000): Running in [auth] mode. 484s [p11_child[3185]] [main] (0x2000): Running with effective IDs: [0][0]. 484s [p11_child[3185]] [main] (0x2000): Running with real IDs [0][0]. 484s [p11_child[3185]] [do_card] (0x4000): Module List: 484s [p11_child[3185]] [do_card] (0x4000): common name: [softhsm2]. 484s [p11_child[3185]] [do_card] (0x4000): dll name: [/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 484s [p11_child[3185]] [do_card] (0x4000): Description [SoftHSM slot ID 0xf91a296] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 484s [p11_child[3185]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 484s [p11_child[3185]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0xf91a296][261202582] of module [0][/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 484s [p11_child[3185]] [do_card] (0x4000): Login required. 484s [p11_child[3185]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 484s [p11_child[3185]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 484s [p11_child[3185]] [do_card] (0x4000): /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so Test Organization Sub Int Token Test Organization Sub Int Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 484s [p11_child[3185]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200xf91a296;slot-manufacturer=SoftHSM%20project;slot-id=261202582;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=f25d24598f91a296;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 484s [p11_child[3185]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 484s [p11_child[3185]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 484s [p11_child[3185]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 484s [p11_child[3185]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 484s [p11_child[3185]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 484s [p11_child[3185]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 484s [p11_child[3185]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 484s [p11_child[3185]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 484s [p11_child[3185]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 484s [p11_child[3185]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 484s [p11_child[3185]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 484s [p11_child[3185]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 484s [p11_child[3185]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 484s [p11_child[3185]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 484s [p11_child[3185]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 484s [p11_child[3185]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 484s [p11_child[3185]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 484s [p11_child[3185]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 484s [p11_child[3185]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 484s [p11_child[3185]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 484s [p11_child[3185]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 484s [p11_child[3185]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 484s [p11_child[3185]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 484s [p11_child[3185]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 484s [p11_child[3185]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 484s [p11_child[3185]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 484s [p11_child[3185]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 484s [p11_child[3185]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 484s [p11_child[3185]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 484s [p11_child[3185]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 484s [p11_child[3185]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 484s [p11_child[3185]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 484s [p11_child[3185]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 484s [p11_child[3185]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 484s [p11_child[3185]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 484s [p11_child[3185]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 484s [p11_child[3185]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 484s [p11_child[3185]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 484s [p11_child[3185]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 484s [p11_child[3185]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 484s [p11_child[3185]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 484s [p11_child[3185]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 484s [p11_child[3185]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 484s [p11_child[3185]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 484s [p11_child[3185]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 484s [p11_child[3185]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 484s [p11_child[3185]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 484s [p11_child[3185]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 484s [p11_child[3185]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 484s [p11_child[3185]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 484s [p11_child[3185]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 484s [p11_child[3185]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 484s [p11_child[3185]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 484s [p11_child[3185]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 484s [p11_child[3185]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 484s [p11_child[3185]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 484s [p11_child[3185]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 484s [p11_child[3185]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 484s [p11_child[3185]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 484s [p11_child[3185]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 484s [p11_child[3185]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 484s [p11_child[3185]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 484s [p11_child[3185]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 484s [p11_child[3185]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 484s [p11_child[3185]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 484s [p11_child[3185]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 484s [p11_child[3185]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 484s [p11_child[3185]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 484s [p11_child[3185]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 484s [p11_child[3185]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 484s [p11_child[3185]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 484s [p11_child[3185]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 484s [p11_child[3185]] [do_card] (0x4000): Certificate verified and validated. 484s [p11_child[3185]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 484s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-p8kq75/SSSD-child-14902-auth.output 484s + echo '-----BEGIN CERTIFICATE-----' 484s + tail -n1 /tmp/sssd-softhsm2-p8kq75/SSSD-child-14902-auth.output 484s + echo '-----END CERTIFICATE-----' 484s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-p8kq75/SSSD-child-14902-auth.pem 484s Certificate: 484s Data: 484s Version: 3 (0x2) 484s Serial Number: 5 (0x5) 484s Signature Algorithm: sha256WithRSAEncryption 484s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 484s Validity 484s Not Before: Nov 29 20:51:19 2024 GMT 484s Not After : Nov 29 20:51:19 2025 GMT 484s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 484s Subject Public Key Info: 484s Public Key Algorithm: rsaEncryption 484s Public-Key: (1024 bit) 484s Modulus: 484s 00:dc:3f:9e:40:08:5d:d2:45:3c:e7:93:8a:ba:9d: 484s f7:fe:0e:cb:aa:a9:51:8a:1d:c9:c7:5b:62:bc:7f: 484s 9f:f7:11:fe:0c:2a:58:27:16:8e:20:8b:d6:63:5d: 484s b3:e9:e1:ec:99:d8:87:6d:e8:81:52:d5:02:1d:98: 484s ff:36:57:dd:e0:03:9b:1e:88:50:53:e9:5e:f2:6e: 484s 14:8c:f3:16:7a:d8:e8:1f:15:ef:b6:d1:bf:d5:e1: 484s e3:13:52:ea:8d:4a:9d:8b:e0:66:34:6a:c4:8c:07: 484s e5:ca:58:3e:46:1e:c1:9d:f4:89:db:b7:ba:ee:20: 484s ab:d4:4b:3b:23:71:ad:c1:11 484s Exponent: 65537 (0x10001) 484s X509v3 extensions: 484s X509v3 Authority Key Identifier: 484s 70:8E:FD:93:AA:B7:64:7C:99:7F:9D:7A:AD:6E:FA:F2:6D:98:D3:F4 484s X509v3 Basic Constraints: 484s CA:FALSE 484s Netscape Cert Type: 484s SSL Client, S/MIME 484s Netscape Comment: 484s Test Organization Sub Intermediate CA trusted Certificate 484s X509v3 Subject Key Identifier: 484s 66:E4:DC:F2:FF:31:3E:1B:CF:03:FE:28:0A:98:BA:0B:CC:75:19:7C 484s X509v3 Key Usage: critical 484s Digital Signature, Non Repudiation, Key Encipherment 484s X509v3 Extended Key Usage: 484s TLS Web Client Authentication, E-mail Protection 484s X509v3 Subject Alternative Name: 484s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 484s Signature Algorithm: sha256WithRSAEncryption 484s Signature Value: 484s 6c:22:62:c3:39:5f:05:c2:2b:89:32:ff:b8:a5:dd:a2:1b:ff: 484s e8:62:62:d4:de:d8:9c:85:0a:c6:62:49:1c:21:28:cf:b6:1a: 484s ba:0e:21:b5:78:70:78:39:42:bf:dc:81:15:12:59:af:6e:98: 484s e4:6f:65:f4:96:6e:28:47:f9:da:13:85:c3:44:78:49:ea:72: 484s 9a:5b:c3:2f:36:f8:a8:ab:10:8d:41:2a:05:30:fc:9d:20:c4: 484s 91:65:77:8c:1c:2c:9c:a5:fe:a7:f1:e5:90:7f:86:ad:0a:44: 484s c5:f6:cd:a9:6d:ed:97:41:02:71:6d:9b:a5:0f:41:06:7f:d9: 484s ca:46 484s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-p8kq75/SSSD-child-14902-auth.pem 484s + found_md5=Modulus=DC3F9E40085DD2453CE7938ABA9DF7FE0ECBAAA9518A1DC9C75B62BC7F9FF711FE0C2A5827168E208BD6635DB3E9E1EC99D8876DE88152D5021D98FF3657DDE0039B1E885053E95EF26E148CF3167AD8E81F15EFB6D1BFD5E1E31352EA8D4A9D8BE066346AC48C07E5CA583E461EC19DF489DBB7BAEE20ABD44B3B2371ADC111 484s + '[' Modulus=DC3F9E40085DD2453CE7938ABA9DF7FE0ECBAAA9518A1DC9C75B62BC7F9FF711FE0C2A5827168E208BD6635DB3E9E1EC99D8876DE88152D5021D98FF3657DDE0039B1E885053E95EF26E148CF3167AD8E81F15EFB6D1BFD5E1E31352EA8D4A9D8BE066346AC48C07E5CA583E461EC19DF489DBB7BAEE20ABD44B3B2371ADC111 '!=' Modulus=DC3F9E40085DD2453CE7938ABA9DF7FE0ECBAAA9518A1DC9C75B62BC7F9FF711FE0C2A5827168E208BD6635DB3E9E1EC99D8876DE88152D5021D98FF3657DDE0039B1E885053E95EF26E148CF3167AD8E81F15EFB6D1BFD5E1E31352EA8D4A9D8BE066346AC48C07E5CA583E461EC19DF489DBB7BAEE20ABD44B3B2371ADC111 ']' 484s + valid_certificate /tmp/sssd-softhsm2-p8kq75/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-5749 /tmp/sssd-softhsm2-p8kq75/test-full-chain-CA.pem partial_chain 484s + check_certificate /tmp/sssd-softhsm2-p8kq75/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-5749 /tmp/sssd-softhsm2-p8kq75/test-full-chain-CA.pem partial_chain 484s + local certificate=/tmp/sssd-softhsm2-p8kq75/test-sub-intermediate-CA-trusted-certificate-0001.pem 484s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-5749 484s + local key_ring=/tmp/sssd-softhsm2-p8kq75/test-full-chain-CA.pem 484s + local verify_option=partial_chain 484s + prepare_softhsm2_card /tmp/sssd-softhsm2-p8kq75/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-5749 484s + local certificate=/tmp/sssd-softhsm2-p8kq75/test-sub-intermediate-CA-trusted-certificate-0001.pem 484s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-5749 484s + local key_cn 484s + local key_name 484s + local tokens_dir 484s + local output_cert_file 484s + token_name= 484s ++ basename /tmp/sssd-softhsm2-p8kq75/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 484s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 484s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-p8kq75/test-sub-intermediate-CA-trusted-certificate-0001.pem 484s ++ sed -n 's/ *commonName *= //p' 484s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 484s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 484s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-p8kq75/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 484s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-p8kq75/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 484s ++ basename /tmp/sssd-softhsm2-p8kq75/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 484s + tokens_dir=/tmp/sssd-softhsm2-p8kq75/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 484s + token_name='Test Organization Sub Int Token' 484s + '[' '!' -e /tmp/sssd-softhsm2-p8kq75/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 484s + '[' '!' -d /tmp/sssd-softhsm2-p8kq75/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 484s + echo 'Test Organization Sub Int Token' 484s + '[' -n partial_chain ']' 484s + local verify_arg=--verify=partial_chain 484s + local output_base_name=SSSD-child-30533 484s + local output_file=/tmp/sssd-softhsm2-p8kq75/SSSD-child-30533.output 484s + output_cert_file=/tmp/sssd-softhsm2-p8kq75/SSSD-child-30533.pem 484s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-p8kq75/test-full-chain-CA.pem 484s Test Organization Sub Int Token 484s [p11_child[3195]] [main] (0x0400): p11_child started. 484s [p11_child[3195]] [main] (0x2000): Running in [pre-auth] mode. 484s [p11_child[3195]] [main] (0x2000): Running with effective IDs: [0][0]. 484s [p11_child[3195]] [main] (0x2000): Running with real IDs [0][0]. 484s [p11_child[3195]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 484s [p11_child[3195]] [do_card] (0x4000): Module List: 484s [p11_child[3195]] [do_card] (0x4000): common name: [softhsm2]. 484s [p11_child[3195]] [do_card] (0x4000): dll name: [/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 484s [p11_child[3195]] [do_card] (0x4000): Description [SoftHSM slot ID 0xf91a296] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 484s [p11_child[3195]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 484s [p11_child[3195]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0xf91a296][261202582] of module [0][/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 484s [p11_child[3195]] [do_card] (0x4000): Login NOT required. 484s [p11_child[3195]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 484s [p11_child[3195]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 484s [p11_child[3195]] [do_card] (0x4000): /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Sub Int Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 484s [p11_child[3195]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200xf91a296;slot-manufacturer=SoftHSM%20project;slot-id=261202582;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=f25d24598f91a296;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 484s [p11_child[3195]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 484s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-p8kq75/SSSD-child-30533.output 484s + echo '-----BEGIN CERTIFICATE-----' 484s + tail -n1 /tmp/sssd-softhsm2-p8kq75/SSSD-child-30533.output 484s + echo '-----END CERTIFICATE-----' 484s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-p8kq75/SSSD-child-30533.pem 484s Certificate: 484s Data: 484s Version: 3 (0x2) 484s Serial Number: 5 (0x5) 484s Signature Algorithm: sha256WithRSAEncryption 484s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 484s Validity 484s Not Before: Nov 29 20:51:19 2024 GMT 484s Not After : Nov 29 20:51:19 2025 GMT 484s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 484s Subject Public Key Info: 484s Public Key Algorithm: rsaEncryption 484s Public-Key: (1024 bit) 484s Modulus: 484s 00:dc:3f:9e:40:08:5d:d2:45:3c:e7:93:8a:ba:9d: 484s f7:fe:0e:cb:aa:a9:51:8a:1d:c9:c7:5b:62:bc:7f: 484s 9f:f7:11:fe:0c:2a:58:27:16:8e:20:8b:d6:63:5d: 484s b3:e9:e1:ec:99:d8:87:6d:e8:81:52:d5:02:1d:98: 484s ff:36:57:dd:e0:03:9b:1e:88:50:53:e9:5e:f2:6e: 484s 14:8c:f3:16:7a:d8:e8:1f:15:ef:b6:d1:bf:d5:e1: 484s e3:13:52:ea:8d:4a:9d:8b:e0:66:34:6a:c4:8c:07: 484s e5:ca:58:3e:46:1e:c1:9d:f4:89:db:b7:ba:ee:20: 484s ab:d4:4b:3b:23:71:ad:c1:11 484s Exponent: 65537 (0x10001) 484s X509v3 extensions: 484s X509v3 Authority Key Identifier: 484s 70:8E:FD:93:AA:B7:64:7C:99:7F:9D:7A:AD:6E:FA:F2:6D:98:D3:F4 484s X509v3 Basic Constraints: 484s CA:FALSE 484s Netscape Cert Type: 484s SSL Client, S/MIME 484s Netscape Comment: 484s Test Organization Sub Intermediate CA trusted Certificate 484s X509v3 Subject Key Identifier: 484s 66:E4:DC:F2:FF:31:3E:1B:CF:03:FE:28:0A:98:BA:0B:CC:75:19:7C 484s X509v3 Key Usage: critical 484s Digital Signature, Non Repudiation, Key Encipherment 484s X509v3 Extended Key Usage: 484s TLS Web Client Authentication, E-mail Protection 484s X509v3 Subject Alternative Name: 484s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 484s Signature Algorithm: sha256WithRSAEncryption 484s Signature Value: 484s 6c:22:62:c3:39:5f:05:c2:2b:89:32:ff:b8:a5:dd:a2:1b:ff: 484s e8:62:62:d4:de:d8:9c:85:0a:c6:62:49:1c:21:28:cf:b6:1a: 484s ba:0e:21:b5:78:70:78:39:42:bf:dc:81:15:12:59:af:6e:98: 484s e4:6f:65:f4:96:6e:28:47:f9:da:13:85:c3:44:78:49:ea:72: 484s 9a:5b:c3:2f:36:f8:a8:ab:10:8d:41:2a:05:30:fc:9d:20:c4: 484s 91:65:77:8c:1c:2c:9c:a5:fe:a7:f1:e5:90:7f:86:ad:0a:44: 484s c5:f6:cd:a9:6d:ed:97:41:02:71:6d:9b:a5:0f:41:06:7f:d9: 484s ca:46 484s + local found_md5 expected_md5 484s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-p8kq75/test-sub-intermediate-CA-trusted-certificate-0001.pem 484s + expected_md5=Modulus=DC3F9E40085DD2453CE7938ABA9DF7FE0ECBAAA9518A1DC9C75B62BC7F9FF711FE0C2A5827168E208BD6635DB3E9E1EC99D8876DE88152D5021D98FF3657DDE0039B1E885053E95EF26E148CF3167AD8E81F15EFB6D1BFD5E1E31352EA8D4A9D8BE066346AC48C07E5CA583E461EC19DF489DBB7BAEE20ABD44B3B2371ADC111 484s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-p8kq75/SSSD-child-30533.pem 484s + found_md5=Modulus=DC3F9E40085DD2453CE7938ABA9DF7FE0ECBAAA9518A1DC9C75B62BC7F9FF711FE0C2A5827168E208BD6635DB3E9E1EC99D8876DE88152D5021D98FF3657DDE0039B1E885053E95EF26E148CF3167AD8E81F15EFB6D1BFD5E1E31352EA8D4A9D8BE066346AC48C07E5CA583E461EC19DF489DBB7BAEE20ABD44B3B2371ADC111 484s + '[' Modulus=DC3F9E40085DD2453CE7938ABA9DF7FE0ECBAAA9518A1DC9C75B62BC7F9FF711FE0C2A5827168E208BD6635DB3E9E1EC99D8876DE88152D5021D98FF3657DDE0039B1E885053E95EF26E148CF3167AD8E81F15EFB6D1BFD5E1E31352EA8D4A9D8BE066346AC48C07E5CA583E461EC19DF489DBB7BAEE20ABD44B3B2371ADC111 '!=' Modulus=DC3F9E40085DD2453CE7938ABA9DF7FE0ECBAAA9518A1DC9C75B62BC7F9FF711FE0C2A5827168E208BD6635DB3E9E1EC99D8876DE88152D5021D98FF3657DDE0039B1E885053E95EF26E148CF3167AD8E81F15EFB6D1BFD5E1E31352EA8D4A9D8BE066346AC48C07E5CA583E461EC19DF489DBB7BAEE20ABD44B3B2371ADC111 ']' 484s + output_file=/tmp/sssd-softhsm2-p8kq75/SSSD-child-30533-auth.output 484s ++ basename /tmp/sssd-softhsm2-p8kq75/SSSD-child-30533-auth.output .output 484s + output_cert_file=/tmp/sssd-softhsm2-p8kq75/SSSD-child-30533-auth.pem 484s + echo -n 053350 484s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-p8kq75/test-full-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Sub Int Token' --module_name /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so 484s [p11_child[3203]] [main] (0x0400): p11_child started. 484s [p11_child[3203]] [main] (0x2000): Running in [auth] mode. 484s [p11_child[3203]] [main] (0x2000): Running with effective IDs: [0][0]. 484s [p11_child[3203]] [main] (0x2000): Running with real IDs [0][0]. 484s [p11_child[3203]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 485s [p11_child[3203]] [do_card] (0x4000): Module List: 485s [p11_child[3203]] [do_card] (0x4000): common name: [softhsm2]. 485s [p11_child[3203]] [do_card] (0x4000): dll name: [/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 485s [p11_child[3203]] [do_card] (0x4000): Description [SoftHSM slot ID 0xf91a296] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 485s [p11_child[3203]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 485s [p11_child[3203]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0xf91a296][261202582] of module [0][/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 485s [p11_child[3203]] [do_card] (0x4000): Login required. 485s [p11_child[3203]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 485s [p11_child[3203]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 485s [p11_child[3203]] [do_card] (0x4000): /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so Test Organization Sub Int Token Test Organization Sub Int Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 485s [p11_child[3203]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200xf91a296;slot-manufacturer=SoftHSM%20project;slot-id=261202582;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=f25d24598f91a296;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 485s [p11_child[3203]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 485s [p11_child[3203]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 485s [p11_child[3203]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 485s [p11_child[3203]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 485s [p11_child[3203]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 485s [p11_child[3203]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 485s [p11_child[3203]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 485s [p11_child[3203]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 485s [p11_child[3203]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 485s [p11_child[3203]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 485s [p11_child[3203]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 485s [p11_child[3203]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 485s [p11_child[3203]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 485s [p11_child[3203]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 485s [p11_child[3203]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 485s [p11_child[3203]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 485s [p11_child[3203]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 485s [p11_child[3203]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 485s [p11_child[3203]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 485s [p11_child[3203]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 485s [p11_child[3203]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 485s [p11_child[3203]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 485s [p11_child[3203]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 485s [p11_child[3203]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 485s [p11_child[3203]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 485s [p11_child[3203]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 485s [p11_child[3203]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 485s [p11_child[3203]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 485s [p11_child[3203]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 485s [p11_child[3203]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 485s [p11_child[3203]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 485s [p11_child[3203]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 485s [p11_child[3203]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 485s [p11_child[3203]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 485s [p11_child[3203]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 485s [p11_child[3203]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 485s [p11_child[3203]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 485s [p11_child[3203]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 485s [p11_child[3203]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 485s [p11_child[3203]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 485s [p11_child[3203]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 485s [p11_child[3203]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 485s [p11_child[3203]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 485s [p11_child[3203]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 485s [p11_child[3203]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 485s [p11_child[3203]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 485s [p11_child[3203]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 485s [p11_child[3203]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 485s [p11_child[3203]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 485s [p11_child[3203]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 485s [p11_child[3203]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 485s [p11_child[3203]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 485s [p11_child[3203]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 485s [p11_child[3203]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 485s [p11_child[3203]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 485s [p11_child[3203]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 485s [p11_child[3203]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 485s [p11_child[3203]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 485s [p11_child[3203]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 485s [p11_child[3203]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 485s [p11_child[3203]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 485s [p11_child[3203]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 485s [p11_child[3203]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 485s [p11_child[3203]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 485s [p11_child[3203]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 485s [p11_child[3203]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 485s [p11_child[3203]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 485s [p11_child[3203]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 485s [p11_child[3203]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 485s [p11_child[3203]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 485s [p11_child[3203]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 485s [p11_child[3203]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 485s [p11_child[3203]] [do_card] (0x4000): Certificate verified and validated. 485s [p11_child[3203]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 485s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-p8kq75/SSSD-child-30533-auth.output 485s + echo '-----BEGIN CERTIFICATE-----' 485s + tail -n1 /tmp/sssd-softhsm2-p8kq75/SSSD-child-30533-auth.output 485s + echo '-----END CERTIFICATE-----' 485s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-p8kq75/SSSD-child-30533-auth.pem 485s Certificate: 485s Data: 485s Version: 3 (0x2) 485s Serial Number: 5 (0x5) 485s Signature Algorithm: sha256WithRSAEncryption 485s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 485s Validity 485s Not Before: Nov 29 20:51:19 2024 GMT 485s Not After : Nov 29 20:51:19 2025 GMT 485s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 485s Subject Public Key Info: 485s Public Key Algorithm: rsaEncryption 485s Public-Key: (1024 bit) 485s Modulus: 485s 00:dc:3f:9e:40:08:5d:d2:45:3c:e7:93:8a:ba:9d: 485s f7:fe:0e:cb:aa:a9:51:8a:1d:c9:c7:5b:62:bc:7f: 485s 9f:f7:11:fe:0c:2a:58:27:16:8e:20:8b:d6:63:5d: 485s b3:e9:e1:ec:99:d8:87:6d:e8:81:52:d5:02:1d:98: 485s ff:36:57:dd:e0:03:9b:1e:88:50:53:e9:5e:f2:6e: 485s 14:8c:f3:16:7a:d8:e8:1f:15:ef:b6:d1:bf:d5:e1: 485s e3:13:52:ea:8d:4a:9d:8b:e0:66:34:6a:c4:8c:07: 485s e5:ca:58:3e:46:1e:c1:9d:f4:89:db:b7:ba:ee:20: 485s ab:d4:4b:3b:23:71:ad:c1:11 485s Exponent: 65537 (0x10001) 485s X509v3 extensions: 485s X509v3 Authority Key Identifier: 485s 70:8E:FD:93:AA:B7:64:7C:99:7F:9D:7A:AD:6E:FA:F2:6D:98:D3:F4 485s X509v3 Basic Constraints: 485s CA:FALSE 485s Netscape Cert Type: 485s SSL Client, S/MIME 485s Netscape Comment: 485s Test Organization Sub Intermediate CA trusted Certificate 485s X509v3 Subject Key Identifier: 485s 66:E4:DC:F2:FF:31:3E:1B:CF:03:FE:28:0A:98:BA:0B:CC:75:19:7C 485s X509v3 Key Usage: critical 485s Digital Signature, Non Repudiation, Key Encipherment 485s X509v3 Extended Key Usage: 485s TLS Web Client Authentication, E-mail Protection 485s X509v3 Subject Alternative Name: 485s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 485s Signature Algorithm: sha256WithRSAEncryption 485s Signature Value: 485s 6c:22:62:c3:39:5f:05:c2:2b:89:32:ff:b8:a5:dd:a2:1b:ff: 485s e8:62:62:d4:de:d8:9c:85:0a:c6:62:49:1c:21:28:cf:b6:1a: 485s ba:0e:21:b5:78:70:78:39:42:bf:dc:81:15:12:59:af:6e:98: 485s e4:6f:65:f4:96:6e:28:47:f9:da:13:85:c3:44:78:49:ea:72: 485s 9a:5b:c3:2f:36:f8:a8:ab:10:8d:41:2a:05:30:fc:9d:20:c4: 485s 91:65:77:8c:1c:2c:9c:a5:fe:a7:f1:e5:90:7f:86:ad:0a:44: 485s c5:f6:cd:a9:6d:ed:97:41:02:71:6d:9b:a5:0f:41:06:7f:d9: 485s ca:46 485s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-p8kq75/SSSD-child-30533-auth.pem 485s + found_md5=Modulus=DC3F9E40085DD2453CE7938ABA9DF7FE0ECBAAA9518A1DC9C75B62BC7F9FF711FE0C2A5827168E208BD6635DB3E9E1EC99D8876DE88152D5021D98FF3657DDE0039B1E885053E95EF26E148CF3167AD8E81F15EFB6D1BFD5E1E31352EA8D4A9D8BE066346AC48C07E5CA583E461EC19DF489DBB7BAEE20ABD44B3B2371ADC111 485s + '[' Modulus=DC3F9E40085DD2453CE7938ABA9DF7FE0ECBAAA9518A1DC9C75B62BC7F9FF711FE0C2A5827168E208BD6635DB3E9E1EC99D8876DE88152D5021D98FF3657DDE0039B1E885053E95EF26E148CF3167AD8E81F15EFB6D1BFD5E1E31352EA8D4A9D8BE066346AC48C07E5CA583E461EC19DF489DBB7BAEE20ABD44B3B2371ADC111 '!=' Modulus=DC3F9E40085DD2453CE7938ABA9DF7FE0ECBAAA9518A1DC9C75B62BC7F9FF711FE0C2A5827168E208BD6635DB3E9E1EC99D8876DE88152D5021D98FF3657DDE0039B1E885053E95EF26E148CF3167AD8E81F15EFB6D1BFD5E1E31352EA8D4A9D8BE066346AC48C07E5CA583E461EC19DF489DBB7BAEE20ABD44B3B2371ADC111 ']' 485s + invalid_certificate /tmp/sssd-softhsm2-p8kq75/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-5749 /tmp/sssd-softhsm2-p8kq75/test-sub-intermediate-CA.pem 485s + check_certificate /tmp/sssd-softhsm2-p8kq75/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-5749 /tmp/sssd-softhsm2-p8kq75/test-sub-intermediate-CA.pem 485s + local certificate=/tmp/sssd-softhsm2-p8kq75/test-sub-intermediate-CA-trusted-certificate-0001.pem 485s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-5749 485s + local key_ring=/tmp/sssd-softhsm2-p8kq75/test-sub-intermediate-CA.pem 485s + local verify_option= 485s + prepare_softhsm2_card /tmp/sssd-softhsm2-p8kq75/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-5749 485s + local certificate=/tmp/sssd-softhsm2-p8kq75/test-sub-intermediate-CA-trusted-certificate-0001.pem 485s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-5749 485s + local key_cn 485s + local key_name 485s + local tokens_dir 485s + local output_cert_file 485s + token_name= 485s ++ basename /tmp/sssd-softhsm2-p8kq75/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 485s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 485s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-p8kq75/test-sub-intermediate-CA-trusted-certificate-0001.pem 485s ++ sed -n 's/ *commonName *= //p' 485s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 485s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 485s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-p8kq75/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 485s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-p8kq75/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 485s ++ basename /tmp/sssd-softhsm2-p8kq75/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 485s + tokens_dir=/tmp/sssd-softhsm2-p8kq75/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 485s Test Organization Sub Int Token 485s + token_name='Test Organization Sub Int Token' 485s + '[' '!' -e /tmp/sssd-softhsm2-p8kq75/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 485s + '[' '!' -d /tmp/sssd-softhsm2-p8kq75/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 485s + echo 'Test Organization Sub Int Token' 485s + '[' -n '' ']' 485s + local output_base_name=SSSD-child-25742 485s + local output_file=/tmp/sssd-softhsm2-p8kq75/SSSD-child-25742.output 485s + output_cert_file=/tmp/sssd-softhsm2-p8kq75/SSSD-child-25742.pem 485s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-p8kq75/test-sub-intermediate-CA.pem 485s [p11_child[3213]] [main] (0x0400): p11_child started. 485s [p11_child[3213]] [main] (0x2000): Running in [pre-auth] mode. 485s [p11_child[3213]] [main] (0x2000): Running with effective IDs: [0][0]. 485s [p11_child[3213]] [main] (0x2000): Running with real IDs [0][0]. 485s [p11_child[3213]] [do_card] (0x4000): Module List: 485s [p11_child[3213]] [do_card] (0x4000): common name: [softhsm2]. 485s [p11_child[3213]] [do_card] (0x4000): dll name: [/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 485s [p11_child[3213]] [do_card] (0x4000): Description [SoftHSM slot ID 0xf91a296] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 485s [p11_child[3213]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 485s [p11_child[3213]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0xf91a296][261202582] of module [0][/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 485s [p11_child[3213]] [do_card] (0x4000): Login NOT required. 485s [p11_child[3213]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 485s [p11_child[3213]] [do_verification] (0x0040): X509_verify_cert failed [0]. 485s [p11_child[3213]] [do_verification] (0x0040): X509_verify_cert failed [2][unable to get issuer certificate]. 485s [p11_child[3213]] [read_certs] (0x0040): Certificate [Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] not valid, skipping. 485s [p11_child[3213]] [do_card] (0x4000): No certificate found. 485s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-p8kq75/SSSD-child-25742.output 485s + return 2 485s + invalid_certificate /tmp/sssd-softhsm2-p8kq75/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-5749 /tmp/sssd-softhsm2-p8kq75/test-root-intermediate-chain-CA.pem partial_chain 485s + check_certificate /tmp/sssd-softhsm2-p8kq75/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-5749 /tmp/sssd-softhsm2-p8kq75/test-root-intermediate-chain-CA.pem partial_chain 485s + local certificate=/tmp/sssd-softhsm2-p8kq75/test-sub-intermediate-CA-trusted-certificate-0001.pem 485s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-5749 485s + local key_ring=/tmp/sssd-softhsm2-p8kq75/test-root-intermediate-chain-CA.pem 485s + local verify_option=partial_chain 485s + prepare_softhsm2_card /tmp/sssd-softhsm2-p8kq75/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-5749 485s + local certificate=/tmp/sssd-softhsm2-p8kq75/test-sub-intermediate-CA-trusted-certificate-0001.pem 485s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-5749 485s + local key_cn 485s + local key_name 485s + local tokens_dir 485s + local output_cert_file 485s + token_name= 485s ++ basename /tmp/sssd-softhsm2-p8kq75/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 485s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 485s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-p8kq75/test-sub-intermediate-CA-trusted-certificate-0001.pem 485s ++ sed -n 's/ *commonName *= //p' 485s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 485s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 485s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-p8kq75/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 485s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-p8kq75/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 485s ++ basename /tmp/sssd-softhsm2-p8kq75/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 485s Test Organization Sub Int Token 485s + tokens_dir=/tmp/sssd-softhsm2-p8kq75/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 485s + token_name='Test Organization Sub Int Token' 485s + '[' '!' -e /tmp/sssd-softhsm2-p8kq75/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 485s + '[' '!' -d /tmp/sssd-softhsm2-p8kq75/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 485s + echo 'Test Organization Sub Int Token' 485s + '[' -n partial_chain ']' 485s + local verify_arg=--verify=partial_chain 485s + local output_base_name=SSSD-child-18161 485s + local output_file=/tmp/sssd-softhsm2-p8kq75/SSSD-child-18161.output 485s + output_cert_file=/tmp/sssd-softhsm2-p8kq75/SSSD-child-18161.pem 485s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-p8kq75/test-root-intermediate-chain-CA.pem 485s [p11_child[3220]] [main] (0x0400): p11_child started. 485s [p11_child[3220]] [main] (0x2000): Running in [pre-auth] mode. 485s [p11_child[3220]] [main] (0x2000): Running with effective IDs: [0][0]. 485s [p11_child[3220]] [main] (0x2000): Running with real IDs [0][0]. 485s [p11_child[3220]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 485s [p11_child[3220]] [do_card] (0x4000): Module List: 485s [p11_child[3220]] [do_card] (0x4000): common name: [softhsm2]. 485s [p11_child[3220]] [do_card] (0x4000): dll name: [/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 485s [p11_child[3220]] [do_card] (0x4000): Description [SoftHSM slot ID 0xf91a296] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 485s [p11_child[3220]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 485s [p11_child[3220]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0xf91a296][261202582] of module [0][/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 485s [p11_child[3220]] [do_card] (0x4000): Login NOT required. 485s [p11_child[3220]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 485s [p11_child[3220]] [do_verification] (0x0040): X509_verify_cert failed [0]. 485s [p11_child[3220]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 485s [p11_child[3220]] [read_certs] (0x0040): Certificate [Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] not valid, skipping. 485s [p11_child[3220]] [do_card] (0x4000): No certificate found. 485s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-p8kq75/SSSD-child-18161.output 485s + return 2 485s + valid_certificate /tmp/sssd-softhsm2-p8kq75/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-5749 /tmp/sssd-softhsm2-p8kq75/test-sub-intermediate-CA.pem partial_chain 485s + check_certificate /tmp/sssd-softhsm2-p8kq75/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-5749 /tmp/sssd-softhsm2-p8kq75/test-sub-intermediate-CA.pem partial_chain 485s + local certificate=/tmp/sssd-softhsm2-p8kq75/test-sub-intermediate-CA-trusted-certificate-0001.pem 485s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-5749 485s + local key_ring=/tmp/sssd-softhsm2-p8kq75/test-sub-intermediate-CA.pem 485s + local verify_option=partial_chain 485s + prepare_softhsm2_card /tmp/sssd-softhsm2-p8kq75/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-5749 485s + local certificate=/tmp/sssd-softhsm2-p8kq75/test-sub-intermediate-CA-trusted-certificate-0001.pem 485s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-5749 485s + local key_cn 485s + local key_name 485s + local tokens_dir 485s + local output_cert_file 485s + token_name= 485s ++ basename /tmp/sssd-softhsm2-p8kq75/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 485s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 485s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-p8kq75/test-sub-intermediate-CA-trusted-certificate-0001.pem 485s ++ sed -n 's/ *commonName *= //p' 485s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 485s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 485s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-p8kq75/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 485s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-p8kq75/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 485s ++ basename /tmp/sssd-softhsm2-p8kq75/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 485s + tokens_dir=/tmp/sssd-softhsm2-p8kq75/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 485s + token_name='Test Organization Sub Int Token' 485s + '[' '!' -e /tmp/sssd-softhsm2-p8kq75/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 485s Test Organization Sub Int Token 485s + '[' '!' -d /tmp/sssd-softhsm2-p8kq75/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 485s + echo 'Test Organization Sub Int Token' 485s + '[' -n partial_chain ']' 485s + local verify_arg=--verify=partial_chain 485s + local output_base_name=SSSD-child-28327 485s + local output_file=/tmp/sssd-softhsm2-p8kq75/SSSD-child-28327.output 485s + output_cert_file=/tmp/sssd-softhsm2-p8kq75/SSSD-child-28327.pem 485s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-p8kq75/test-sub-intermediate-CA.pem 485s [p11_child[3227]] [main] (0x0400): p11_child started. 485s [p11_child[3227]] [main] (0x2000): Running in [pre-auth] mode. 485s [p11_child[3227]] [main] (0x2000): Running with effective IDs: [0][0]. 485s [p11_child[3227]] [main] (0x2000): Running with real IDs [0][0]. 485s [p11_child[3227]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 485s [p11_child[3227]] [do_card] (0x4000): Module List: 485s [p11_child[3227]] [do_card] (0x4000): common name: [softhsm2]. 485s [p11_child[3227]] [do_card] (0x4000): dll name: [/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 485s [p11_child[3227]] [do_card] (0x4000): Description [SoftHSM slot ID 0xf91a296] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 485s [p11_child[3227]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 485s [p11_child[3227]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0xf91a296][261202582] of module [0][/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 485s [p11_child[3227]] [do_card] (0x4000): Login NOT required. 485s [p11_child[3227]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 485s [p11_child[3227]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 485s [p11_child[3227]] [do_card] (0x4000): /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Sub Int Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 485s [p11_child[3227]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200xf91a296;slot-manufacturer=SoftHSM%20project;slot-id=261202582;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=f25d24598f91a296;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 485s [p11_child[3227]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 485s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-p8kq75/SSSD-child-28327.output 485s + echo '-----BEGIN CERTIFICATE-----' 485s + tail -n1 /tmp/sssd-softhsm2-p8kq75/SSSD-child-28327.output 485s + echo '-----END CERTIFICATE-----' 485s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-p8kq75/SSSD-child-28327.pem 485s Certificate: 485s Data: 485s Version: 3 (0x2) 485s Serial Number: 5 (0x5) 485s Signature Algorithm: sha256WithRSAEncryption 485s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 485s Validity 485s Not Before: Nov 29 20:51:19 2024 GMT 485s Not After : Nov 29 20:51:19 2025 GMT 485s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 485s Subject Public Key Info: 485s Public Key Algorithm: rsaEncryption 485s Public-Key: (1024 bit) 485s Modulus: 485s 00:dc:3f:9e:40:08:5d:d2:45:3c:e7:93:8a:ba:9d: 485s f7:fe:0e:cb:aa:a9:51:8a:1d:c9:c7:5b:62:bc:7f: 485s 9f:f7:11:fe:0c:2a:58:27:16:8e:20:8b:d6:63:5d: 485s b3:e9:e1:ec:99:d8:87:6d:e8:81:52:d5:02:1d:98: 485s ff:36:57:dd:e0:03:9b:1e:88:50:53:e9:5e:f2:6e: 485s 14:8c:f3:16:7a:d8:e8:1f:15:ef:b6:d1:bf:d5:e1: 485s e3:13:52:ea:8d:4a:9d:8b:e0:66:34:6a:c4:8c:07: 485s e5:ca:58:3e:46:1e:c1:9d:f4:89:db:b7:ba:ee:20: 485s ab:d4:4b:3b:23:71:ad:c1:11 485s Exponent: 65537 (0x10001) 485s X509v3 extensions: 485s X509v3 Authority Key Identifier: 485s 70:8E:FD:93:AA:B7:64:7C:99:7F:9D:7A:AD:6E:FA:F2:6D:98:D3:F4 485s X509v3 Basic Constraints: 485s CA:FALSE 485s Netscape Cert Type: 485s SSL Client, S/MIME 485s Netscape Comment: 485s Test Organization Sub Intermediate CA trusted Certificate 485s X509v3 Subject Key Identifier: 485s 66:E4:DC:F2:FF:31:3E:1B:CF:03:FE:28:0A:98:BA:0B:CC:75:19:7C 485s X509v3 Key Usage: critical 485s Digital Signature, Non Repudiation, Key Encipherment 485s X509v3 Extended Key Usage: 485s TLS Web Client Authentication, E-mail Protection 485s X509v3 Subject Alternative Name: 485s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 485s Signature Algorithm: sha256WithRSAEncryption 485s Signature Value: 485s 6c:22:62:c3:39:5f:05:c2:2b:89:32:ff:b8:a5:dd:a2:1b:ff: 485s e8:62:62:d4:de:d8:9c:85:0a:c6:62:49:1c:21:28:cf:b6:1a: 485s ba:0e:21:b5:78:70:78:39:42:bf:dc:81:15:12:59:af:6e:98: 485s e4:6f:65:f4:96:6e:28:47:f9:da:13:85:c3:44:78:49:ea:72: 485s 9a:5b:c3:2f:36:f8:a8:ab:10:8d:41:2a:05:30:fc:9d:20:c4: 485s 91:65:77:8c:1c:2c:9c:a5:fe:a7:f1:e5:90:7f:86:ad:0a:44: 485s c5:f6:cd:a9:6d:ed:97:41:02:71:6d:9b:a5:0f:41:06:7f:d9: 485s ca:46 485s + local found_md5 expected_md5 485s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-p8kq75/test-sub-intermediate-CA-trusted-certificate-0001.pem 485s + expected_md5=Modulus=DC3F9E40085DD2453CE7938ABA9DF7FE0ECBAAA9518A1DC9C75B62BC7F9FF711FE0C2A5827168E208BD6635DB3E9E1EC99D8876DE88152D5021D98FF3657DDE0039B1E885053E95EF26E148CF3167AD8E81F15EFB6D1BFD5E1E31352EA8D4A9D8BE066346AC48C07E5CA583E461EC19DF489DBB7BAEE20ABD44B3B2371ADC111 485s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-p8kq75/SSSD-child-28327.pem 485s + found_md5=Modulus=DC3F9E40085DD2453CE7938ABA9DF7FE0ECBAAA9518A1DC9C75B62BC7F9FF711FE0C2A5827168E208BD6635DB3E9E1EC99D8876DE88152D5021D98FF3657DDE0039B1E885053E95EF26E148CF3167AD8E81F15EFB6D1BFD5E1E31352EA8D4A9D8BE066346AC48C07E5CA583E461EC19DF489DBB7BAEE20ABD44B3B2371ADC111 485s + '[' Modulus=DC3F9E40085DD2453CE7938ABA9DF7FE0ECBAAA9518A1DC9C75B62BC7F9FF711FE0C2A5827168E208BD6635DB3E9E1EC99D8876DE88152D5021D98FF3657DDE0039B1E885053E95EF26E148CF3167AD8E81F15EFB6D1BFD5E1E31352EA8D4A9D8BE066346AC48C07E5CA583E461EC19DF489DBB7BAEE20ABD44B3B2371ADC111 '!=' Modulus=DC3F9E40085DD2453CE7938ABA9DF7FE0ECBAAA9518A1DC9C75B62BC7F9FF711FE0C2A5827168E208BD6635DB3E9E1EC99D8876DE88152D5021D98FF3657DDE0039B1E885053E95EF26E148CF3167AD8E81F15EFB6D1BFD5E1E31352EA8D4A9D8BE066346AC48C07E5CA583E461EC19DF489DBB7BAEE20ABD44B3B2371ADC111 ']' 485s + output_file=/tmp/sssd-softhsm2-p8kq75/SSSD-child-28327-auth.output 485s ++ basename /tmp/sssd-softhsm2-p8kq75/SSSD-child-28327-auth.output .output 485s + output_cert_file=/tmp/sssd-softhsm2-p8kq75/SSSD-child-28327-auth.pem 485s + echo -n 053350 485s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-p8kq75/test-sub-intermediate-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Sub Int Token' --module_name /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so 485s [p11_child[3235]] [main] (0x0400): p11_child started. 485s [p11_child[3235]] [main] (0x2000): Running in [auth] mode. 485s [p11_child[3235]] [main] (0x2000): Running with effective IDs: [0][0]. 485s [p11_child[3235]] [main] (0x2000): Running with real IDs [0][0]. 485s [p11_child[3235]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 485s [p11_child[3235]] [do_card] (0x4000): Module List: 485s [p11_child[3235]] [do_card] (0x4000): common name: [softhsm2]. 485s [p11_child[3235]] [do_card] (0x4000): dll name: [/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 485s [p11_child[3235]] [do_card] (0x4000): Description [SoftHSM slot ID 0xf91a296] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 485s [p11_child[3235]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 485s [p11_child[3235]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0xf91a296][261202582] of module [0][/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 485s [p11_child[3235]] [do_card] (0x4000): Login required. 485s [p11_child[3235]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 485s [p11_child[3235]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 485s [p11_child[3235]] [do_card] (0x4000): /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so Test Organization Sub Int Token Test Organization Sub Int Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 485s [p11_child[3235]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200xf91a296;slot-manufacturer=SoftHSM%20project;slot-id=261202582;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=f25d24598f91a296;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 485s [p11_child[3235]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 485s [p11_child[3235]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 485s [p11_child[3235]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 485s [p11_child[3235]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 485s [p11_child[3235]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 485s [p11_child[3235]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 485s [p11_child[3235]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 485s [p11_child[3235]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 485s [p11_child[3235]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 485s [p11_child[3235]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 485s [p11_child[3235]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 485s [p11_child[3235]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 485s [p11_child[3235]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 485s [p11_child[3235]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 485s [p11_child[3235]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 485s [p11_child[3235]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 485s [p11_child[3235]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 485s [p11_child[3235]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 485s [p11_child[3235]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 485s [p11_child[3235]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 485s [p11_child[3235]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 485s [p11_child[3235]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 485s [p11_child[3235]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 485s [p11_child[3235]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 485s [p11_child[3235]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 485s [p11_child[3235]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 485s [p11_child[3235]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 485s [p11_child[3235]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 485s [p11_child[3235]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 485s [p11_child[3235]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 485s [p11_child[3235]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 485s [p11_child[3235]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 485s [p11_child[3235]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 485s [p11_child[3235]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 485s [p11_child[3235]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 485s [p11_child[3235]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 485s [p11_child[3235]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 485s [p11_child[3235]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 485s [p11_child[3235]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 485s [p11_child[3235]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 485s [p11_child[3235]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 485s [p11_child[3235]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 485s [p11_child[3235]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 485s [p11_child[3235]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 485s [p11_child[3235]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 485s [p11_child[3235]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 485s [p11_child[3235]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 485s [p11_child[3235]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 485s [p11_child[3235]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 485s [p11_child[3235]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 485s [p11_child[3235]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 485s [p11_child[3235]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 485s [p11_child[3235]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 485s [p11_child[3235]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 485s [p11_child[3235]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 485s [p11_child[3235]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 485s [p11_child[3235]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 485s [p11_child[3235]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 485s [p11_child[3235]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 485s [p11_child[3235]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 485s [p11_child[3235]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 485s [p11_child[3235]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 485s [p11_child[3235]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 485s [p11_child[3235]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 485s [p11_child[3235]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 485s [p11_child[3235]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 485s [p11_child[3235]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 485s [p11_child[3235]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 485s [p11_child[3235]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 485s [p11_child[3235]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 485s [p11_child[3235]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 485s [p11_child[3235]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 485s [p11_child[3235]] [do_card] (0x4000): Certificate verified and validated. 485s [p11_child[3235]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 485s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-p8kq75/SSSD-child-28327-auth.output 485s + echo '-----BEGIN CERTIFICATE-----' 485s + tail -n1 /tmp/sssd-softhsm2-p8kq75/SSSD-child-28327-auth.output 485s + echo '-----END CERTIFICATE-----' 485s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-p8kq75/SSSD-child-28327-auth.pem 485s Certificate: 485s Data: 485s Version: 3 (0x2) 485s Serial Number: 5 (0x5) 485s Signature Algorithm: sha256WithRSAEncryption 485s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 485s Validity 485s Not Before: Nov 29 20:51:19 2024 GMT 485s Not After : Nov 29 20:51:19 2025 GMT 485s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 485s Subject Public Key Info: 485s Public Key Algorithm: rsaEncryption 485s Public-Key: (1024 bit) 485s Modulus: 485s 00:dc:3f:9e:40:08:5d:d2:45:3c:e7:93:8a:ba:9d: 485s f7:fe:0e:cb:aa:a9:51:8a:1d:c9:c7:5b:62:bc:7f: 485s 9f:f7:11:fe:0c:2a:58:27:16:8e:20:8b:d6:63:5d: 485s b3:e9:e1:ec:99:d8:87:6d:e8:81:52:d5:02:1d:98: 485s ff:36:57:dd:e0:03:9b:1e:88:50:53:e9:5e:f2:6e: 485s 14:8c:f3:16:7a:d8:e8:1f:15:ef:b6:d1:bf:d5:e1: 485s e3:13:52:ea:8d:4a:9d:8b:e0:66:34:6a:c4:8c:07: 485s e5:ca:58:3e:46:1e:c1:9d:f4:89:db:b7:ba:ee:20: 485s ab:d4:4b:3b:23:71:ad:c1:11 485s Exponent: 65537 (0x10001) 485s X509v3 extensions: 485s X509v3 Authority Key Identifier: 485s 70:8E:FD:93:AA:B7:64:7C:99:7F:9D:7A:AD:6E:FA:F2:6D:98:D3:F4 485s X509v3 Basic Constraints: 485s CA:FALSE 485s Netscape Cert Type: 485s SSL Client, S/MIME 485s Netscape Comment: 485s Test Organization Sub Intermediate CA trusted Certificate 485s X509v3 Subject Key Identifier: 485s 66:E4:DC:F2:FF:31:3E:1B:CF:03:FE:28:0A:98:BA:0B:CC:75:19:7C 485s X509v3 Key Usage: critical 485s Digital Signature, Non Repudiation, Key Encipherment 485s X509v3 Extended Key Usage: 485s TLS Web Client Authentication, E-mail Protection 485s X509v3 Subject Alternative Name: 485s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 485s Signature Algorithm: sha256WithRSAEncryption 485s Signature Value: 485s 6c:22:62:c3:39:5f:05:c2:2b:89:32:ff:b8:a5:dd:a2:1b:ff: 485s e8:62:62:d4:de:d8:9c:85:0a:c6:62:49:1c:21:28:cf:b6:1a: 485s ba:0e:21:b5:78:70:78:39:42:bf:dc:81:15:12:59:af:6e:98: 485s e4:6f:65:f4:96:6e:28:47:f9:da:13:85:c3:44:78:49:ea:72: 485s 9a:5b:c3:2f:36:f8:a8:ab:10:8d:41:2a:05:30:fc:9d:20:c4: 485s 91:65:77:8c:1c:2c:9c:a5:fe:a7:f1:e5:90:7f:86:ad:0a:44: 485s c5:f6:cd:a9:6d:ed:97:41:02:71:6d:9b:a5:0f:41:06:7f:d9: 485s ca:46 485s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-p8kq75/SSSD-child-28327-auth.pem 485s + found_md5=Modulus=DC3F9E40085DD2453CE7938ABA9DF7FE0ECBAAA9518A1DC9C75B62BC7F9FF711FE0C2A5827168E208BD6635DB3E9E1EC99D8876DE88152D5021D98FF3657DDE0039B1E885053E95EF26E148CF3167AD8E81F15EFB6D1BFD5E1E31352EA8D4A9D8BE066346AC48C07E5CA583E461EC19DF489DBB7BAEE20ABD44B3B2371ADC111 485s + '[' Modulus=DC3F9E40085DD2453CE7938ABA9DF7FE0ECBAAA9518A1DC9C75B62BC7F9FF711FE0C2A5827168E208BD6635DB3E9E1EC99D8876DE88152D5021D98FF3657DDE0039B1E885053E95EF26E148CF3167AD8E81F15EFB6D1BFD5E1E31352EA8D4A9D8BE066346AC48C07E5CA583E461EC19DF489DBB7BAEE20ABD44B3B2371ADC111 '!=' Modulus=DC3F9E40085DD2453CE7938ABA9DF7FE0ECBAAA9518A1DC9C75B62BC7F9FF711FE0C2A5827168E208BD6635DB3E9E1EC99D8876DE88152D5021D98FF3657DDE0039B1E885053E95EF26E148CF3167AD8E81F15EFB6D1BFD5E1E31352EA8D4A9D8BE066346AC48C07E5CA583E461EC19DF489DBB7BAEE20ABD44B3B2371ADC111 ']' 485s + valid_certificate /tmp/sssd-softhsm2-p8kq75/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-5749 /tmp/sssd-softhsm2-p8kq75/test-intermediate-sub-chain-CA.pem partial_chain 485s + check_certificate /tmp/sssd-softhsm2-p8kq75/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-5749 /tmp/sssd-softhsm2-p8kq75/test-intermediate-sub-chain-CA.pem partial_chain 485s + local certificate=/tmp/sssd-softhsm2-p8kq75/test-sub-intermediate-CA-trusted-certificate-0001.pem 485s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-5749 485s + local key_ring=/tmp/sssd-softhsm2-p8kq75/test-intermediate-sub-chain-CA.pem 485s + local verify_option=partial_chain 485s + prepare_softhsm2_card /tmp/sssd-softhsm2-p8kq75/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-5749 485s + local certificate=/tmp/sssd-softhsm2-p8kq75/test-sub-intermediate-CA-trusted-certificate-0001.pem 485s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-5749 485s + local key_cn 485s + local key_name 485s + local tokens_dir 485s + local output_cert_file 485s + token_name= 485s ++ basename /tmp/sssd-softhsm2-p8kq75/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 485s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 485s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-p8kq75/test-sub-intermediate-CA-trusted-certificate-0001.pem 485s ++ sed -n 's/ *commonName *= //p' 485s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 485s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 485s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-p8kq75/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 485s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-p8kq75/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 485s ++ basename /tmp/sssd-softhsm2-p8kq75/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 485s + tokens_dir=/tmp/sssd-softhsm2-p8kq75/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 485s + token_name='Test Organization Sub Int Token' 485s + '[' '!' -e /tmp/sssd-softhsm2-p8kq75/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 485s + '[' '!' -d /tmp/sssd-softhsm2-p8kq75/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 485s + echo 'Test Organization Sub Int Token' 485s + '[' -n partial_chain ']' 485s + local verify_arg=--verify=partial_chain 485s + local output_base_name=SSSD-child-9575 485s + local output_file=/tmp/sssd-softhsm2-p8kq75/SSSD-child-9575.output 485s + output_cert_file=/tmp/sssd-softhsm2-p8kq75/SSSD-child-9575.pem 485s Test Organization Sub Int Token 485s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-p8kq75/test-intermediate-sub-chain-CA.pem 485s [p11_child[3245]] [main] (0x0400): p11_child started. 485s [p11_child[3245]] [main] (0x2000): Running in [pre-auth] mode. 485s [p11_child[3245]] [main] (0x2000): Running with effective IDs: [0][0]. 485s [p11_child[3245]] [main] (0x2000): Running with real IDs [0][0]. 485s [p11_child[3245]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 485s [p11_child[3245]] [do_card] (0x4000): Module List: 485s [p11_child[3245]] [do_card] (0x4000): common name: [softhsm2]. 485s [p11_child[3245]] [do_card] (0x4000): dll name: [/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 485s [p11_child[3245]] [do_card] (0x4000): Description [SoftHSM slot ID 0xf91a296] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 485s [p11_child[3245]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 485s [p11_child[3245]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0xf91a296][261202582] of module [0][/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 485s [p11_child[3245]] [do_card] (0x4000): Login NOT required. 485s [p11_child[3245]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 485s [p11_child[3245]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 485s [p11_child[3245]] [do_card] (0x4000): /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Sub Int Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 485s [p11_child[3245]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200xf91a296;slot-manufacturer=SoftHSM%20project;slot-id=261202582;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=f25d24598f91a296;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 485s [p11_child[3245]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 485s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-p8kq75/SSSD-child-9575.output 485s + echo '-----BEGIN CERTIFICATE-----' 485s + tail -n1 /tmp/sssd-softhsm2-p8kq75/SSSD-child-9575.output 485s + echo '-----END CERTIFICATE-----' 485s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-p8kq75/SSSD-child-9575.pem 485s Certificate: 485s Data: 485s Version: 3 (0x2) 485s Serial Number: 5 (0x5) 485s Signature Algorithm: sha256WithRSAEncryption 485s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 485s Validity 485s Not Before: Nov 29 20:51:19 2024 GMT 485s Not After : Nov 29 20:51:19 2025 GMT 485s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 485s Subject Public Key Info: 485s Public Key Algorithm: rsaEncryption 485s Public-Key: (1024 bit) 485s Modulus: 485s 00:dc:3f:9e:40:08:5d:d2:45:3c:e7:93:8a:ba:9d: 485s f7:fe:0e:cb:aa:a9:51:8a:1d:c9:c7:5b:62:bc:7f: 485s 9f:f7:11:fe:0c:2a:58:27:16:8e:20:8b:d6:63:5d: 485s b3:e9:e1:ec:99:d8:87:6d:e8:81:52:d5:02:1d:98: 485s ff:36:57:dd:e0:03:9b:1e:88:50:53:e9:5e:f2:6e: 485s 14:8c:f3:16:7a:d8:e8:1f:15:ef:b6:d1:bf:d5:e1: 485s e3:13:52:ea:8d:4a:9d:8b:e0:66:34:6a:c4:8c:07: 485s e5:ca:58:3e:46:1e:c1:9d:f4:89:db:b7:ba:ee:20: 485s ab:d4:4b:3b:23:71:ad:c1:11 485s Exponent: 65537 (0x10001) 485s X509v3 extensions: 485s X509v3 Authority Key Identifier: 485s 70:8E:FD:93:AA:B7:64:7C:99:7F:9D:7A:AD:6E:FA:F2:6D:98:D3:F4 485s X509v3 Basic Constraints: 485s CA:FALSE 485s Netscape Cert Type: 485s SSL Client, S/MIME 485s Netscape Comment: 485s Test Organization Sub Intermediate CA trusted Certificate 485s X509v3 Subject Key Identifier: 485s 66:E4:DC:F2:FF:31:3E:1B:CF:03:FE:28:0A:98:BA:0B:CC:75:19:7C 485s X509v3 Key Usage: critical 485s Digital Signature, Non Repudiation, Key Encipherment 485s X509v3 Extended Key Usage: 485s TLS Web Client Authentication, E-mail Protection 485s X509v3 Subject Alternative Name: 485s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 485s Signature Algorithm: sha256WithRSAEncryption 485s Signature Value: 485s 6c:22:62:c3:39:5f:05:c2:2b:89:32:ff:b8:a5:dd:a2:1b:ff: 485s e8:62:62:d4:de:d8:9c:85:0a:c6:62:49:1c:21:28:cf:b6:1a: 485s ba:0e:21:b5:78:70:78:39:42:bf:dc:81:15:12:59:af:6e:98: 485s e4:6f:65:f4:96:6e:28:47:f9:da:13:85:c3:44:78:49:ea:72: 485s 9a:5b:c3:2f:36:f8:a8:ab:10:8d:41:2a:05:30:fc:9d:20:c4: 485s 91:65:77:8c:1c:2c:9c:a5:fe:a7:f1:e5:90:7f:86:ad:0a:44: 485s c5:f6:cd:a9:6d:ed:97:41:02:71:6d:9b:a5:0f:41:06:7f:d9: 485s ca:46 485s + local found_md5 expected_md5 485s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-p8kq75/test-sub-intermediate-CA-trusted-certificate-0001.pem 485s + expected_md5=Modulus=DC3F9E40085DD2453CE7938ABA9DF7FE0ECBAAA9518A1DC9C75B62BC7F9FF711FE0C2A5827168E208BD6635DB3E9E1EC99D8876DE88152D5021D98FF3657DDE0039B1E885053E95EF26E148CF3167AD8E81F15EFB6D1BFD5E1E31352EA8D4A9D8BE066346AC48C07E5CA583E461EC19DF489DBB7BAEE20ABD44B3B2371ADC111 485s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-p8kq75/SSSD-child-9575.pem 485s + found_md5=Modulus=DC3F9E40085DD2453CE7938ABA9DF7FE0ECBAAA9518A1DC9C75B62BC7F9FF711FE0C2A5827168E208BD6635DB3E9E1EC99D8876DE88152D5021D98FF3657DDE0039B1E885053E95EF26E148CF3167AD8E81F15EFB6D1BFD5E1E31352EA8D4A9D8BE066346AC48C07E5CA583E461EC19DF489DBB7BAEE20ABD44B3B2371ADC111 485s + '[' Modulus=DC3F9E40085DD2453CE7938ABA9DF7FE0ECBAAA9518A1DC9C75B62BC7F9FF711FE0C2A5827168E208BD6635DB3E9E1EC99D8876DE88152D5021D98FF3657DDE0039B1E885053E95EF26E148CF3167AD8E81F15EFB6D1BFD5E1E31352EA8D4A9D8BE066346AC48C07E5CA583E461EC19DF489DBB7BAEE20ABD44B3B2371ADC111 '!=' Modulus=DC3F9E40085DD2453CE7938ABA9DF7FE0ECBAAA9518A1DC9C75B62BC7F9FF711FE0C2A5827168E208BD6635DB3E9E1EC99D8876DE88152D5021D98FF3657DDE0039B1E885053E95EF26E148CF3167AD8E81F15EFB6D1BFD5E1E31352EA8D4A9D8BE066346AC48C07E5CA583E461EC19DF489DBB7BAEE20ABD44B3B2371ADC111 ']' 485s + output_file=/tmp/sssd-softhsm2-p8kq75/SSSD-child-9575-auth.output 485s ++ basename /tmp/sssd-softhsm2-p8kq75/SSSD-child-9575-auth.output .output 485s + output_cert_file=/tmp/sssd-softhsm2-p8kq75/SSSD-child-9575-auth.pem 485s + echo -n 053350 485s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-p8kq75/test-intermediate-sub-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Sub Int Token' --module_name /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so 485s [p11_child[3253]] [main] (0x0400): p11_child started. 485s [p11_child[3253]] [main] (0x2000): Running in [auth] mode. 485s [p11_child[3253]] [main] (0x2000): Running with effective IDs: [0][0]. 485s [p11_child[3253]] [main] (0x2000): Running with real IDs [0][0]. 485s [p11_child[3253]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 485s [p11_child[3253]] [do_card] (0x4000): Module List: 485s [p11_child[3253]] [do_card] (0x4000): common name: [softhsm2]. 485s [p11_child[3253]] [do_card] (0x4000): dll name: [/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 485s [p11_child[3253]] [do_card] (0x4000): Description [SoftHSM slot ID 0xf91a296] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 485s [p11_child[3253]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 485s [p11_child[3253]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0xf91a296][261202582] of module [0][/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 485s [p11_child[3253]] [do_card] (0x4000): Login required. 485s [p11_child[3253]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 485s [p11_child[3253]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 485s [p11_child[3253]] [do_card] (0x4000): /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so Test Organization Sub Int Token Test Organization Sub Int Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 485s [p11_child[3253]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200xf91a296;slot-manufacturer=SoftHSM%20project;slot-id=261202582;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=f25d24598f91a296;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 485s [p11_child[3253]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 485s [p11_child[3253]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 485s [p11_child[3253]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 485s [p11_child[3253]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 485s [p11_child[3253]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 485s [p11_child[3253]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 485s [p11_child[3253]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 485s [p11_child[3253]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 485s [p11_child[3253]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 485s [p11_child[3253]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 485s [p11_child[3253]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 485s [p11_child[3253]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 485s [p11_child[3253]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 485s [p11_child[3253]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 485s [p11_child[3253]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 485s [p11_child[3253]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 485s [p11_child[3253]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 485s [p11_child[3253]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 485s [p11_child[3253]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 485s [p11_child[3253]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 485s [p11_child[3253]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 485s [p11_child[3253]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 485s [p11_child[3253]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 485s [p11_child[3253]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 485s [p11_child[3253]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 485s [p11_child[3253]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 485s [p11_child[3253]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 485s [p11_child[3253]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 485s [p11_child[3253]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 485s [p11_child[3253]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 485s [p11_child[3253]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 485s [p11_child[3253]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 485s [p11_child[3253]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 485s [p11_child[3253]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 485s [p11_child[3253]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 485s [p11_child[3253]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 485s [p11_child[3253]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 485s [p11_child[3253]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 485s [p11_child[3253]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 485s [p11_child[3253]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 485s [p11_child[3253]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 485s [p11_child[3253]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 485s [p11_child[3253]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 485s [p11_child[3253]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 485s [p11_child[3253]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 485s [p11_child[3253]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 485s [p11_child[3253]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 485s [p11_child[3253]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 485s [p11_child[3253]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 485s [p11_child[3253]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 485s [p11_child[3253]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 485s [p11_child[3253]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 485s [p11_child[3253]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 485s [p11_child[3253]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 485s [p11_child[3253]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 485s [p11_child[3253]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 485s [p11_child[3253]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 485s [p11_child[3253]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 485s [p11_child[3253]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 485s [p11_child[3253]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 485s [p11_child[3253]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 485s [p11_child[3253]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 485s [p11_child[3253]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 485s [p11_child[3253]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 485s [p11_child[3253]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 485s [p11_child[3253]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 485s [p11_child[3253]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 485s [p11_child[3253]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 485s [p11_child[3253]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 485s [p11_child[3253]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 485s [p11_child[3253]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 485s [p11_child[3253]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 485s [p11_child[3253]] [do_card] (0x4000): Certificate verified and validated. 485s [p11_child[3253]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 485s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-p8kq75/SSSD-child-9575-auth.output 485s + echo '-----BEGIN CERTIFICATE-----' 485s + tail -n1 /tmp/sssd-softhsm2-p8kq75/SSSD-child-9575-auth.output 485s + echo '-----END CERTIFICATE-----' 485s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-p8kq75/SSSD-child-9575-auth.pem 485s Certificate: 485s Data: 485s Version: 3 (0x2) 485s Serial Number: 5 (0x5) 485s Signature Algorithm: sha256WithRSAEncryption 485s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 485s Validity 485s Not Before: Nov 29 20:51:19 2024 GMT 485s Not After : Nov 29 20:51:19 2025 GMT 485s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 485s Subject Public Key Info: 485s Public Key Algorithm: rsaEncryption 485s Public-Key: (1024 bit) 485s Modulus: 485s 00:dc:3f:9e:40:08:5d:d2:45:3c:e7:93:8a:ba:9d: 485s f7:fe:0e:cb:aa:a9:51:8a:1d:c9:c7:5b:62:bc:7f: 485s 9f:f7:11:fe:0c:2a:58:27:16:8e:20:8b:d6:63:5d: 485s b3:e9:e1:ec:99:d8:87:6d:e8:81:52:d5:02:1d:98: 485s ff:36:57:dd:e0:03:9b:1e:88:50:53:e9:5e:f2:6e: 485s 14:8c:f3:16:7a:d8:e8:1f:15:ef:b6:d1:bf:d5:e1: 485s e3:13:52:ea:8d:4a:9d:8b:e0:66:34:6a:c4:8c:07: 485s e5:ca:58:3e:46:1e:c1:9d:f4:89:db:b7:ba:ee:20: 485s ab:d4:4b:3b:23:71:ad:c1:11 485s Exponent: 65537 (0x10001) 485s X509v3 extensions: 485s X509v3 Authority Key Identifier: 485s 70:8E:FD:93:AA:B7:64:7C:99:7F:9D:7A:AD:6E:FA:F2:6D:98:D3:F4 485s X509v3 Basic Constraints: 485s CA:FALSE 485s Netscape Cert Type: 485s SSL Client, S/MIME 485s Netscape Comment: 485s Test Organization Sub Intermediate CA trusted Certificate 485s X509v3 Subject Key Identifier: 485s 66:E4:DC:F2:FF:31:3E:1B:CF:03:FE:28:0A:98:BA:0B:CC:75:19:7C 485s X509v3 Key Usage: critical 485s Digital Signature, Non Repudiation, Key Encipherment 485s X509v3 Extended Key Usage: 485s TLS Web Client Authentication, E-mail Protection 485s X509v3 Subject Alternative Name: 485s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 485s Signature Algorithm: sha256WithRSAEncryption 485s Signature Value: 485s 6c:22:62:c3:39:5f:05:c2:2b:89:32:ff:b8:a5:dd:a2:1b:ff: 485s e8:62:62:d4:de:d8:9c:85:0a:c6:62:49:1c:21:28:cf:b6:1a: 485s ba:0e:21:b5:78:70:78:39:42:bf:dc:81:15:12:59:af:6e:98: 485s e4:6f:65:f4:96:6e:28:47:f9:da:13:85:c3:44:78:49:ea:72: 485s 9a:5b:c3:2f:36:f8:a8:ab:10:8d:41:2a:05:30:fc:9d:20:c4: 485s 91:65:77:8c:1c:2c:9c:a5:fe:a7:f1:e5:90:7f:86:ad:0a:44: 485s c5:f6:cd:a9:6d:ed:97:41:02:71:6d:9b:a5:0f:41:06:7f:d9: 485s ca:46 485s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-p8kq75/SSSD-child-9575-auth.pem 485s 485s Test completed, Root CA and intermediate issued certificates verified! 485s + found_md5=Modulus=DC3F9E40085DD2453CE7938ABA9DF7FE0ECBAAA9518A1DC9C75B62BC7F9FF711FE0C2A5827168E208BD6635DB3E9E1EC99D8876DE88152D5021D98FF3657DDE0039B1E885053E95EF26E148CF3167AD8E81F15EFB6D1BFD5E1E31352EA8D4A9D8BE066346AC48C07E5CA583E461EC19DF489DBB7BAEE20ABD44B3B2371ADC111 485s + '[' Modulus=DC3F9E40085DD2453CE7938ABA9DF7FE0ECBAAA9518A1DC9C75B62BC7F9FF711FE0C2A5827168E208BD6635DB3E9E1EC99D8876DE88152D5021D98FF3657DDE0039B1E885053E95EF26E148CF3167AD8E81F15EFB6D1BFD5E1E31352EA8D4A9D8BE066346AC48C07E5CA583E461EC19DF489DBB7BAEE20ABD44B3B2371ADC111 '!=' Modulus=DC3F9E40085DD2453CE7938ABA9DF7FE0ECBAAA9518A1DC9C75B62BC7F9FF711FE0C2A5827168E208BD6635DB3E9E1EC99D8876DE88152D5021D98FF3657DDE0039B1E885053E95EF26E148CF3167AD8E81F15EFB6D1BFD5E1E31352EA8D4A9D8BE066346AC48C07E5CA583E461EC19DF489DBB7BAEE20ABD44B3B2371ADC111 ']' 485s + set +x 485s autopkgtest [20:51:22]: test sssd-softhism2-certificates-tests.sh: -----------------------] 486s autopkgtest [20:51:23]: test sssd-softhism2-certificates-tests.sh: - - - - - - - - - - results - - - - - - - - - - 486s sssd-softhism2-certificates-tests.sh PASS 486s autopkgtest [20:51:23]: test sssd-smart-card-pam-auth-configs: preparing testbed 487s Reading package lists... 487s Building dependency tree... 487s Reading state information... 487s Starting pkgProblemResolver with broken count: 0 487s Starting 2 pkgProblemResolver with broken count: 0 487s Done 487s The following NEW packages will be installed: 487s pamtester 488s 0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded. 488s Need to get 12.7 kB of archives. 488s After this operation, 36.9 kB of additional disk space will be used. 488s Get:1 http://ftpmaster.internal/ubuntu noble/universe amd64 pamtester amd64 0.1.2-4 [12.7 kB] 488s Fetched 12.7 kB in 0s (87.8 kB/s) 488s Selecting previously unselected package pamtester. 488s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 74782 files and directories currently installed.) 488s Preparing to unpack .../pamtester_0.1.2-4_amd64.deb ... 488s Unpacking pamtester (0.1.2-4) ... 488s Setting up pamtester (0.1.2-4) ... 488s Processing triggers for man-db (2.12.0-4build2) ... 489s autopkgtest [20:51:26]: test sssd-smart-card-pam-auth-configs: env OFFLINE_MODE=1 bash debian/tests/sssd-smart-card-pam-auth-configs-tester.sh 489s autopkgtest [20:51:26]: test sssd-smart-card-pam-auth-configs: [----------------------- 489s + '[' -z ubuntu ']' 489s + export DEBIAN_FRONTEND=noninteractive 489s + DEBIAN_FRONTEND=noninteractive 489s + required_tools=(pamtester softhsm2-util sssd) 489s + [[ ! -v OFFLINE_MODE ]] 489s + for cmd in "${required_tools[@]}" 489s + command -v pamtester 489s + for cmd in "${required_tools[@]}" 489s + command -v softhsm2-util 489s + for cmd in "${required_tools[@]}" 489s + command -v sssd 489s + PIN=123456 489s ++ mktemp -d -t sssd-softhsm2-certs-XXXXXX 489s + tmpdir=/tmp/sssd-softhsm2-certs-PUI8uq 489s + backupsdir= 489s + alternative_pam_configs=(sss-smart-card-optional sss-smart-card-required) 489s + declare -a restore_paths 489s + declare -a delete_paths 489s + trap handle_exit EXIT 489s ++ dirname debian/tests/sssd-smart-card-pam-auth-configs-tester.sh 489s + tester=debian/tests/sssd-softhism2-certificates-tests.sh 489s + '[' '!' -e debian/tests/sssd-softhism2-certificates-tests.sh ']' 489s + '[' '!' -e debian/tests/sssd-softhism2-certificates-tests.sh ']' 489s + export PIN TEST_TMPDIR=/tmp/sssd-softhsm2-certs-PUI8uq GENERATE_SMART_CARDS=1 KEEP_TEMPORARY_FILES=1 NO_SSSD_TESTS=1 489s + TEST_TMPDIR=/tmp/sssd-softhsm2-certs-PUI8uq 489s + GENERATE_SMART_CARDS=1 489s + KEEP_TEMPORARY_FILES=1 489s + NO_SSSD_TESTS=1 489s + bash debian/tests/sssd-softhism2-certificates-tests.sh 489s + '[' -z ubuntu ']' 489s + required_tools=(p11tool openssl softhsm2-util) 489s + for cmd in "${required_tools[@]}" 489s + command -v p11tool 489s + for cmd in "${required_tools[@]}" 489s + command -v openssl 489s + for cmd in "${required_tools[@]}" 489s + command -v softhsm2-util 489s + PIN=123456 489s +++ find /usr/lib/softhsm/libsofthsm2.so 489s +++ head -n 1 489s ++ realpath /usr/lib/softhsm/libsofthsm2.so 489s + SOFTHSM2_MODULE=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so 489s + SSSD_P11_CHILD=/usr/libexec/sssd/p11_child 489s + TOKEN_ID=00112233445566778899FFAABBCCDDEEFF012345 489s + '[' '!' -v NO_SSSD_TESTS ']' 489s + '[' '!' -e /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so ']' 489s + tmpdir=/tmp/sssd-softhsm2-certs-PUI8uq 489s + keys_size=1024 489s + [[ ! -v KEEP_TEMPORARY_FILES ]] 489s + trap 'set +x; echo -e "\nUnexpected failure!!!"' ERR 489s + echo -n 01 489s + touch /tmp/sssd-softhsm2-certs-PUI8uq/index.txt 489s + mkdir -p /tmp/sssd-softhsm2-certs-PUI8uq/new_certs 489s + cat 489s + root_ca_key_pass=pass:random-root-CA-password-4033 489s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-certs-PUI8uq/test-root-CA-key.pem -passout pass:random-root-CA-password-4033 1024 489s + openssl req -passin pass:random-root-CA-password-4033 -batch -config /tmp/sssd-softhsm2-certs-PUI8uq/test-root-CA.config -x509 -new -nodes -key /tmp/sssd-softhsm2-certs-PUI8uq/test-root-CA-key.pem -sha256 -days 1024 -set_serial 0 -extensions v3_ca -out /tmp/sssd-softhsm2-certs-PUI8uq/test-root-CA.pem 489s + openssl x509 -noout -in /tmp/sssd-softhsm2-certs-PUI8uq/test-root-CA.pem 489s + cat 489s + intermediate_ca_key_pass=pass:random-intermediate-CA-password-16433 489s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-certs-PUI8uq/test-intermediate-CA-key.pem -passout pass:random-intermediate-CA-password-16433 1024 489s + openssl req -batch -new -nodes -passin pass:random-intermediate-CA-password-16433 -config /tmp/sssd-softhsm2-certs-PUI8uq/test-intermediate-CA.config -key /tmp/sssd-softhsm2-certs-PUI8uq/test-intermediate-CA-key.pem -passout pass:random-root-CA-password-4033 -sha256 -extensions v3_ca -out /tmp/sssd-softhsm2-certs-PUI8uq/test-intermediate-CA-certificate-request.pem 489s + openssl req -text -noout -in /tmp/sssd-softhsm2-certs-PUI8uq/test-intermediate-CA-certificate-request.pem 489s Certificate Request: 489s Data: 489s Version: 1 (0x0) 489s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 489s Subject Public Key Info: 489s Public Key Algorithm: rsaEncryption 489s Public-Key: (1024 bit) 489s Modulus: 489s 00:c3:da:75:d4:56:15:5f:ed:8f:70:1c:8c:6e:29: 489s 2b:59:3c:e8:d2:cc:9a:0b:77:66:3f:ee:2c:ed:9e: 489s 39:4b:53:94:c5:2b:6d:0e:2b:21:2d:28:9f:8d:8d: 489s 36:9e:7f:e9:21:9c:30:7e:c6:90:b3:3f:8b:f4:bc: 489s 48:4f:3e:d0:ab:7d:f4:34:0a:f6:7a:64:4a:a5:32: 489s d8:13:72:a4:40:be:88:05:a3:01:31:fa:d4:45:f7: 489s 81:3d:fd:66:10:56:f7:bd:58:9c:2c:ca:72:53:95: 489s 41:4c:eb:88:c9:c8:27:66:61:52:9e:eb:35:07:8a: 489s 2e:52:0a:82:d6:68:d4:4f:3f 489s Exponent: 65537 (0x10001) 489s Attributes: 489s (none) 489s Requested Extensions: 489s Signature Algorithm: sha256WithRSAEncryption 489s Signature Value: 489s 5b:c3:44:50:a2:3d:02:58:cf:ca:45:c3:2f:43:3a:17:a3:9e: 489s 71:12:88:61:de:0a:a6:af:5c:35:fb:7e:96:3c:e2:26:d6:71: 489s d7:b0:65:b2:09:e5:19:8f:ee:7e:f0:8b:ee:21:95:e7:b8:8b: 489s d4:e0:1c:b6:e4:7d:09:2b:19:31:30:fa:6f:bc:2b:2f:f9:77: 489s cb:a2:63:0f:e6:67:73:17:e7:d9:28:fd:83:8f:f6:08:dc:9f: 489s 2d:14:3f:a0:0a:78:5a:91:0b:52:f5:f1:24:39:29:0f:bb:89: 489s ec:1a:9d:41:88:c4:44:a8:58:69:35:73:49:b1:45:77:5e:ab: 489s 27:ed 489s + openssl ca -batch -notext -config /tmp/sssd-softhsm2-certs-PUI8uq/test-root-CA.config -passin pass:random-root-CA-password-4033 -keyfile /tmp/sssd-softhsm2-certs-PUI8uq/test-root-CA-key.pem -in /tmp/sssd-softhsm2-certs-PUI8uq/test-intermediate-CA-certificate-request.pem -days 365 -extensions v3_intermediate_ca -out /tmp/sssd-softhsm2-certs-PUI8uq/test-intermediate-CA.pem 489s Using configuration from /tmp/sssd-softhsm2-certs-PUI8uq/test-root-CA.config 489s Check that the request matches the signature 489s Signature ok 489s Certificate Details: 489s Serial Number: 1 (0x1) 489s Validity 489s Not Before: Nov 29 20:51:26 2024 GMT 489s Not After : Nov 29 20:51:26 2025 GMT 489s Subject: 489s organizationName = Test Organization 489s organizationalUnitName = Test Organization Unit 489s commonName = Test Organization Intermediate CA 489s X509v3 extensions: 489s X509v3 Subject Key Identifier: 489s D4:29:CB:76:C2:70:96:2A:FB:33:18:2D:C9:9E:33:20:A1:A8:A7:90 489s X509v3 Authority Key Identifier: 489s keyid:CA:18:DD:62:FD:EC:7B:A4:F2:2D:5A:34:F9:86:47:C5:3D:70:55:23 489s DirName:/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root CA 489s serial:00 489s X509v3 Basic Constraints: 489s CA:TRUE 489s X509v3 Key Usage: critical 489s Digital Signature, Certificate Sign, CRL Sign 489s Certificate is to be certified until Nov 29 20:51:26 2025 GMT (365 days) 489s 489s Write out database with 1 new entries 489s Database updated 489s + openssl x509 -noout -in /tmp/sssd-softhsm2-certs-PUI8uq/test-intermediate-CA.pem 489s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-PUI8uq/test-root-CA.pem /tmp/sssd-softhsm2-certs-PUI8uq/test-intermediate-CA.pem 489s /tmp/sssd-softhsm2-certs-PUI8uq/test-intermediate-CA.pem: OK 489s + cat 489s + sub_intermediate_ca_key_pass=pass:random-sub-intermediate-CA-password-17744 489s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-certs-PUI8uq/test-sub-intermediate-CA-key.pem -passout pass:random-sub-intermediate-CA-password-17744 1024 489s + openssl req -batch -new -nodes -passin pass:random-sub-intermediate-CA-password-17744 -config /tmp/sssd-softhsm2-certs-PUI8uq/test-sub-intermediate-CA.config -key /tmp/sssd-softhsm2-certs-PUI8uq/test-sub-intermediate-CA-key.pem -passout pass:random-intermediate-CA-password-16433 -sha256 -extensions v3_ca -out /tmp/sssd-softhsm2-certs-PUI8uq/test-sub-intermediate-CA-certificate-request.pem 489s + openssl req -text -noout -in /tmp/sssd-softhsm2-certs-PUI8uq/test-sub-intermediate-CA-certificate-request.pem 489s Certificate Request: 489s Data: 489s Version: 1 (0x0) 489s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 489s Subject Public Key Info: 489s Public Key Algorithm: rsaEncryption 489s Public-Key: (1024 bit) 489s Modulus: 489s 00:da:ae:7c:74:e8:f2:60:f0:ad:07:b0:a2:10:6a: 489s 1b:33:c5:0d:cb:88:d9:1d:07:25:b1:81:10:e9:e2: 489s 5c:af:5f:ff:ff:2e:a1:07:54:4c:b0:02:fc:49:59: 489s 35:c3:39:b0:bb:46:fe:4e:c4:e2:00:d5:81:e4:10: 489s 7b:35:05:20:67:6f:d2:ea:3f:ce:88:36:e2:6f:01: 489s 67:98:4c:58:7d:15:c6:b5:dc:d2:7c:3e:ea:49:9c: 489s 5e:8f:30:8f:1f:af:c1:4e:26:5c:24:98:e0:53:c7: 489s 8f:a3:c6:f9:eb:3e:1f:cf:22:14:f5:35:1f:33:40: 489s e3:39:08:a8:8c:79:92:b4:d5 489s Exponent: 65537 (0x10001) 489s Attributes: 489s (none) 489s Requested Extensions: 489s Signature Algorithm: sha256WithRSAEncryption 489s Signature Value: 489s 07:a9:50:21:83:bb:4b:16:68:f5:d9:d9:4a:77:b5:6e:8b:69: 489s cd:eb:d6:95:ce:9b:58:a6:44:f9:12:b6:b8:e2:af:25:4c:70: 489s e1:bb:61:4b:99:aa:69:c8:15:fc:db:77:2a:70:0e:48:fa:5f: 489s 36:ba:8c:c4:44:b6:a1:e0:a6:01:56:55:50:d3:d9:b4:aa:b6: 489s 1c:33:61:af:e8:69:22:4c:b6:90:38:ab:cb:86:b4:15:f9:90: 489s f2:b7:96:70:ec:04:c5:d2:a2:b9:f9:d7:59:5e:4c:e5:87:4f: 489s fc:8c:7e:91:5d:53:aa:71:93:ae:e1:5e:74:9b:d2:82:29:13: 489s fb:91 489s + openssl ca -batch -notext -config /tmp/sssd-softhsm2-certs-PUI8uq/test-intermediate-CA.config -passin pass:random-intermediate-CA-password-16433 -keyfile /tmp/sssd-softhsm2-certs-PUI8uq/test-intermediate-CA-key.pem -in /tmp/sssd-softhsm2-certs-PUI8uq/test-sub-intermediate-CA-certificate-request.pem -days 365 -extensions v3_intermediate_ca -out /tmp/sssd-softhsm2-certs-PUI8uq/test-sub-intermediate-CA.pem 489s Using configuration from /tmp/sssd-softhsm2-certs-PUI8uq/test-intermediate-CA.config 489s Check that the request matches the signature 489s Signature ok 489s Certificate Details: 489s Serial Number: 2 (0x2) 489s Validity 489s Not Before: Nov 29 20:51:26 2024 GMT 489s Not After : Nov 29 20:51:26 2025 GMT 489s Subject: 489s organizationName = Test Organization 489s organizationalUnitName = Test Organization Unit 489s commonName = Test Organization Sub Intermediate CA 489s X509v3 extensions: 489s X509v3 Subject Key Identifier: 489s 0B:6B:3F:A3:AE:A0:07:9E:03:38:43:6B:F8:93:15:5A:2F:99:6A:32 489s X509v3 Authority Key Identifier: 489s keyid:D4:29:CB:76:C2:70:96:2A:FB:33:18:2D:C9:9E:33:20:A1:A8:A7:90 489s DirName:/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root CA 489s serial:01 489s X509v3 Basic Constraints: 489s CA:TRUE 489s X509v3 Key Usage: critical 489s Digital Signature, Certificate Sign, CRL Sign 489s Certificate is to be certified until Nov 29 20:51:26 2025 GMT (365 days) 489s 489s Write out database with 1 new entries 489s Database updated 489s + openssl x509 -noout -in /tmp/sssd-softhsm2-certs-PUI8uq/test-sub-intermediate-CA.pem 490s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-certs-PUI8uq/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-PUI8uq/test-sub-intermediate-CA.pem 490s /tmp/sssd-softhsm2-certs-PUI8uq/test-sub-intermediate-CA.pem: OK 490s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-certs-PUI8uq/test-root-CA.pem /tmp/sssd-softhsm2-certs-PUI8uq/test-sub-intermediate-CA.pem 490s + local cmd=openssl 490s + shift 490s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-PUI8uq/test-root-CA.pem /tmp/sssd-softhsm2-certs-PUI8uq/test-sub-intermediate-CA.pem 490s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 490s error 20 at 0 depth lookup: unable to get local issuer certificate 490s error /tmp/sssd-softhsm2-certs-PUI8uq/test-sub-intermediate-CA.pem: verification failed 490s + cat 490s + root_ca_trusted_cert_0001_key_pass=pass:random-root-ca-trusted-cert-0001-13702 490s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-certs-PUI8uq/test-root-CA-trusted-certificate-0001-key.pem -passout pass:random-root-ca-trusted-cert-0001-13702 1024 490s + openssl req -new -nodes -reqexts req_exts -passin pass:random-root-ca-trusted-cert-0001-13702 -key /tmp/sssd-softhsm2-certs-PUI8uq/test-root-CA-trusted-certificate-0001-key.pem -config /tmp/sssd-softhsm2-certs-PUI8uq/test-root-CA-trusted-certificate-0001.config -out /tmp/sssd-softhsm2-certs-PUI8uq/test-root-CA-trusted-certificate-0001-request.pem 490s + openssl req -text -noout -in /tmp/sssd-softhsm2-certs-PUI8uq/test-root-CA-trusted-certificate-0001-request.pem 490s Certificate Request: 490s Data: 490s Version: 1 (0x0) 490s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 490s Subject Public Key Info: 490s Public Key Algorithm: rsaEncryption 490s Public-Key: (1024 bit) 490s Modulus: 490s 00:ea:c4:f3:0f:34:a1:a9:85:63:f9:23:7a:aa:a8: 490s bc:7b:83:9d:d1:5a:b9:4b:5b:c2:79:69:2a:28:3a: 490s 89:0e:cc:46:ab:b8:49:25:62:0f:28:f8:cb:88:31: 490s e6:bd:be:86:e6:4e:fc:7c:86:7c:02:a9:56:6e:57: 490s 4e:5d:20:cd:39:c4:5c:6e:9a:bb:4c:c1:78:fb:3e: 490s 51:dc:92:a8:c1:68:9e:c9:09:9d:b0:0c:4d:10:71: 490s ab:d6:2d:27:ad:b0:ad:75:94:2a:7d:0e:96:0e:e9: 490s 41:04:86:3d:2f:7e:29:fa:aa:bf:9d:68:de:61:67: 490s 15:87:2d:da:e2:7e:30:27:1b 490s Exponent: 65537 (0x10001) 490s Attributes: 490s Requested Extensions: 490s X509v3 Basic Constraints: 490s CA:FALSE 490s Netscape Cert Type: 490s SSL Client, S/MIME 490s Netscape Comment: 490s Test Organization Root CA trusted Certificate 490s X509v3 Subject Key Identifier: 490s C5:C5:84:29:F0:DB:FF:2E:42:72:DA:9E:A7:38:E3:CC:39:FC:B8:53 490s X509v3 Key Usage: critical 490s Digital Signature, Non Repudiation, Key Encipherment 490s X509v3 Extended Key Usage: 490s TLS Web Client Authentication, E-mail Protection 490s X509v3 Subject Alternative Name: 490s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 490s Signature Algorithm: sha256WithRSAEncryption 490s Signature Value: 490s de:d6:85:e2:41:17:16:5d:87:21:36:ae:d7:f2:a6:37:b7:56: 490s e5:32:74:56:78:e8:f6:41:32:76:59:09:f6:c7:b5:b3:7d:03: 490s 5f:dd:c5:67:02:cb:42:68:3a:24:7d:b2:7d:56:cb:12:2e:e0: 490s 14:7c:b4:03:08:26:70:2a:84:2c:b1:dd:ce:f4:db:46:30:bf: 490s e4:37:fa:f8:47:f7:f9:71:70:a6:aa:e3:61:a7:49:a8:09:3e: 490s a1:84:e8:07:b9:fe:bd:25:12:6b:7a:ed:65:57:a8:f3:9a:2d: 490s 0c:17:7c:8e:e6:41:01:14:bb:bd:81:0f:82:a5:d8:5e:23:82: 490s 75:0f 490s + openssl ca -batch -notext -config /tmp/sssd-softhsm2-certs-PUI8uq/test-root-CA.config -passin pass:random-root-CA-password-4033 -keyfile /tmp/sssd-softhsm2-certs-PUI8uq/test-root-CA-key.pem -in /tmp/sssd-softhsm2-certs-PUI8uq/test-root-CA-trusted-certificate-0001-request.pem -days 365 -extensions usr_cert -out /tmp/sssd-softhsm2-certs-PUI8uq/test-root-CA-trusted-certificate-0001.pem 490s Using configuration from /tmp/sssd-softhsm2-certs-PUI8uq/test-root-CA.config 490s Check that the request matches the signature 490s Signature ok 490s Certificate Details: 490s Serial Number: 3 (0x3) 490s Validity 490s Not Before: Nov 29 20:51:27 2024 GMT 490s Not After : Nov 29 20:51:27 2025 GMT 490s Subject: 490s organizationName = Test Organization 490s organizationalUnitName = Test Organization Unit 490s commonName = Test Organization Root Trusted Certificate 0001 490s X509v3 extensions: 490s X509v3 Authority Key Identifier: 490s CA:18:DD:62:FD:EC:7B:A4:F2:2D:5A:34:F9:86:47:C5:3D:70:55:23 490s X509v3 Basic Constraints: 490s CA:FALSE 490s Netscape Cert Type: 490s SSL Client, S/MIME 490s Netscape Comment: 490s Test Organization Root CA trusted Certificate 490s X509v3 Subject Key Identifier: 490s C5:C5:84:29:F0:DB:FF:2E:42:72:DA:9E:A7:38:E3:CC:39:FC:B8:53 490s X509v3 Key Usage: critical 490s Digital Signature, Non Repudiation, Key Encipherment 490s X509v3 Extended Key Usage: 490s TLS Web Client Authentication, E-mail Protection 490s X509v3 Subject Alternative Name: 490s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 490s Certificate is to be certified until Nov 29 20:51:27 2025 GMT (365 days) 490s 490s Write out database with 1 new entries 490s Database updated 490s + openssl x509 -noout -in /tmp/sssd-softhsm2-certs-PUI8uq/test-root-CA-trusted-certificate-0001.pem 490s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-PUI8uq/test-root-CA.pem /tmp/sssd-softhsm2-certs-PUI8uq/test-root-CA-trusted-certificate-0001.pem 490s /tmp/sssd-softhsm2-certs-PUI8uq/test-root-CA-trusted-certificate-0001.pem: OK 490s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-certs-PUI8uq/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-PUI8uq/test-root-CA-trusted-certificate-0001.pem 490s + local cmd=openssl 490s + shift 490s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-PUI8uq/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-PUI8uq/test-root-CA-trusted-certificate-0001.pem 490s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 490s error 20 at 0 depth lookup: unable to get local issuer certificate 490s error /tmp/sssd-softhsm2-certs-PUI8uq/test-root-CA-trusted-certificate-0001.pem: verification failed 490s + cat 490s + intermediate_ca_trusted_cert_0001_key_pass=pass:random-intermediate-ca-trusted-cert-0001-12014 490s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-certs-PUI8uq/test-intermediate-CA-trusted-certificate-0001-key.pem -passout pass:random-intermediate-ca-trusted-cert-0001-12014 1024 490s + openssl req -new -nodes -reqexts req_exts -passin pass:random-intermediate-ca-trusted-cert-0001-12014 -key /tmp/sssd-softhsm2-certs-PUI8uq/test-intermediate-CA-trusted-certificate-0001-key.pem -config /tmp/sssd-softhsm2-certs-PUI8uq/test-intermediate-CA-trusted-certificate-0001.config -out /tmp/sssd-softhsm2-certs-PUI8uq/test-intermediate-CA-trusted-certificate-0001-request.pem 490s + openssl req -text -noout -in /tmp/sssd-softhsm2-certs-PUI8uq/test-intermediate-CA-trusted-certificate-0001-request.pem 490s Certificate Request: 490s Data: 490s Version: 1 (0x0) 490s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 490s Subject Public Key Info: 490s Public Key Algorithm: rsaEncryption 490s Public-Key: (1024 bit) 490s Modulus: 490s 00:a8:04:69:fd:43:09:1c:65:c2:f1:e2:18:98:53: 490s e3:c3:f7:f0:55:6a:bd:50:a8:3a:b2:a1:82:1f:ab: 490s 31:6a:5b:55:65:7e:01:94:f6:c9:d7:26:64:0c:a6: 490s 18:b5:e0:4f:0f:0d:d7:b0:ba:a8:12:ae:ee:0c:b4: 490s 98:e0:eb:b5:9e:85:32:0e:cd:05:e7:e8:dc:8e:cf: 490s 5a:ed:93:f2:f7:40:be:36:9e:1c:20:9d:98:11:03: 490s 03:68:1d:ac:1f:fd:f7:34:ce:27:54:c0:80:1c:41: 490s 15:59:5f:a5:04:4a:5e:d4:29:a3:1a:c9:ae:2e:37: 490s dc:9a:0e:7b:4d:92:95:07:bb 490s Exponent: 65537 (0x10001) 490s Attributes: 490s Requested Extensions: 490s X509v3 Basic Constraints: 490s CA:FALSE 490s Netscape Cert Type: 490s SSL Client, S/MIME 490s Netscape Comment: 490s Test Organization Intermediate CA trusted Certificate 490s X509v3 Subject Key Identifier: 490s 57:43:2B:0D:5D:F9:E7:5E:43:96:3F:9E:AA:A2:0D:D7:5E:06:6B:21 490s X509v3 Key Usage: critical 490s Digital Signature, Non Repudiation, Key Encipherment 490s X509v3 Extended Key Usage: 490s TLS Web Client Authentication, E-mail Protection 490s X509v3 Subject Alternative Name: 490s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 490s Signature Algorithm: sha256WithRSAEncryption 490s Signature Value: 490s a4:90:f5:7e:2b:a7:d0:65:84:0a:47:d0:3f:d5:61:9d:aa:67: 490s 33:84:2f:3d:24:6a:fe:8d:ee:97:aa:f1:8a:fc:35:99:f8:00: 490s 76:be:d1:20:3f:9f:55:34:0d:6c:5e:6b:0d:36:79:bf:87:93: 490s d2:d3:49:70:4c:23:57:f6:74:d8:4b:3d:8f:7d:9b:53:c2:f0: 490s 53:a6:68:2b:0c:8b:9b:13:7c:a4:bf:57:9b:d6:b5:33:e9:34: 490s 08:79:d7:e6:f0:a9:d6:d8:81:51:ff:13:be:4f:71:8e:66:1b: 490s fd:d0:be:d6:61:ae:eb:6b:84:51:96:d3:8c:cb:fc:64:dd:c8: 490s 5e:e1 490s + openssl ca -passin pass:random-intermediate-CA-password-16433 -config /tmp/sssd-softhsm2-certs-PUI8uq/test-intermediate-CA.config -batch -notext -keyfile /tmp/sssd-softhsm2-certs-PUI8uq/test-intermediate-CA-key.pem -in /tmp/sssd-softhsm2-certs-PUI8uq/test-intermediate-CA-trusted-certificate-0001-request.pem -days 365 -extensions usr_cert -out /tmp/sssd-softhsm2-certs-PUI8uq/test-intermediate-CA-trusted-certificate-0001.pem 490s Using configuration from /tmp/sssd-softhsm2-certs-PUI8uq/test-intermediate-CA.config 490s Check that the request matches the signature 490s Signature ok 490s Certificate Details: 490s Serial Number: 4 (0x4) 490s Validity 490s Not Before: Nov 29 20:51:27 2024 GMT 490s Not After : Nov 29 20:51:27 2025 GMT 490s Subject: 490s organizationName = Test Organization 490s organizationalUnitName = Test Organization Unit 490s commonName = Test Organization Intermediate Trusted Certificate 0001 490s X509v3 extensions: 490s X509v3 Authority Key Identifier: 490s D4:29:CB:76:C2:70:96:2A:FB:33:18:2D:C9:9E:33:20:A1:A8:A7:90 490s X509v3 Basic Constraints: 490s CA:FALSE 490s Netscape Cert Type: 490s SSL Client, S/MIME 490s Netscape Comment: 490s Test Organization Intermediate CA trusted Certificate 490s X509v3 Subject Key Identifier: 490s 57:43:2B:0D:5D:F9:E7:5E:43:96:3F:9E:AA:A2:0D:D7:5E:06:6B:21 490s X509v3 Key Usage: critical 490s Digital Signature, Non Repudiation, Key Encipherment 490s X509v3 Extended Key Usage: 490s TLS Web Client Authentication, E-mail Protection 490s X509v3 Subject Alternative Name: 490s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 490s Certificate is to be certified until Nov 29 20:51:27 2025 GMT (365 days) 490s 490s Write out database with 1 new entries 490s Database updated 490s + openssl x509 -noout -in /tmp/sssd-softhsm2-certs-PUI8uq/test-intermediate-CA-trusted-certificate-0001.pem 490s + echo 'This certificate should not be trusted fully' 490s This certificate should not be trusted fully 490s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-certs-PUI8uq/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-PUI8uq/test-intermediate-CA-trusted-certificate-0001.pem 490s + local cmd=openssl 490s + shift 490s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-PUI8uq/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-PUI8uq/test-intermediate-CA-trusted-certificate-0001.pem 490s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 490s error 2 at 1 depth lookup: unable to get issuer certificate 490s error /tmp/sssd-softhsm2-certs-PUI8uq/test-intermediate-CA-trusted-certificate-0001.pem: verification failed 490s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-certs-PUI8uq/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-PUI8uq/test-intermediate-CA-trusted-certificate-0001.pem 490s /tmp/sssd-softhsm2-certs-PUI8uq/test-intermediate-CA-trusted-certificate-0001.pem: OK 490s + cat 490s + sub_intermediate_ca_trusted_cert_0001_key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-13876 490s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-certs-PUI8uq/test-sub-intermediate-CA-trusted-certificate-0001-key.pem -passout pass:random-sub-intermediate-ca-trusted-cert-0001-13876 1024 490s + openssl req -new -nodes -reqexts req_exts -passin pass:random-sub-intermediate-ca-trusted-cert-0001-13876 -key /tmp/sssd-softhsm2-certs-PUI8uq/test-sub-intermediate-CA-trusted-certificate-0001-key.pem -config /tmp/sssd-softhsm2-certs-PUI8uq/test-sub-intermediate-CA-trusted-certificate-0001.config -out /tmp/sssd-softhsm2-certs-PUI8uq/test-sub-intermediate-CA-trusted-certificate-0001-request.pem 490s + openssl req -text -noout -in /tmp/sssd-softhsm2-certs-PUI8uq/test-sub-intermediate-CA-trusted-certificate-0001-request.pem 490s Certificate Request: 490s Data: 490s Version: 1 (0x0) 490s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 490s Subject Public Key Info: 490s Public Key Algorithm: rsaEncryption 490s Public-Key: (1024 bit) 490s Modulus: 490s 00:f7:bc:67:5c:2c:35:06:2c:ab:f5:fc:a6:04:9c: 490s 6d:e7:66:b2:ca:e6:64:70:aa:27:cc:c6:2b:a3:a6: 490s f4:71:7d:b6:41:e1:ce:2f:06:12:55:9a:c3:67:59: 490s 9a:08:d5:d8:4b:24:52:53:06:d5:4b:77:21:73:f3: 490s f6:a9:c9:6f:33:36:b6:aa:6d:29:99:e8:61:97:3b: 490s 2c:fd:9f:33:ca:00:27:fe:65:fe:89:2f:6b:61:bf: 490s 22:58:2c:96:4a:3e:03:61:2b:a9:81:69:45:d6:42: 490s 79:5b:ec:ca:9d:5a:58:db:84:87:88:c4:44:bd:ac: 490s ca:a7:d8:8d:cf:3e:82:47:15 490s Exponent: 65537 (0x10001) 490s Attributes: 490s Requested Extensions: 490s X509v3 Basic Constraints: 490s CA:FALSE 490s Netscape Cert Type: 490s SSL Client, S/MIME 490s Netscape Comment: 490s Test Organization Sub Intermediate CA trusted Certificate 490s X509v3 Subject Key Identifier: 490s F4:1C:7D:42:2F:34:2E:7E:85:95:80:D2:40:C6:82:0C:A1:5D:D9:DD 490s X509v3 Key Usage: critical 490s Digital Signature, Non Repudiation, Key Encipherment 490s X509v3 Extended Key Usage: 490s TLS Web Client Authentication, E-mail Protection 490s X509v3 Subject Alternative Name: 490s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 490s Signature Algorithm: sha256WithRSAEncryption 490s Signature Value: 490s 4c:de:f2:69:58:c8:ed:39:35:d9:c3:a9:27:f9:39:b7:5b:66: 490s 42:66:d7:11:06:6f:f5:9f:d0:e4:a7:42:d5:0c:cb:13:cc:c1: 490s 44:66:c2:e0:11:89:8b:cd:9c:68:46:43:47:a8:b8:6e:e6:c1: 490s b3:c5:29:bc:d8:2a:55:f9:6d:ce:84:aa:86:95:4c:f4:8e:33: 490s 25:ae:94:72:57:15:e1:aa:f2:48:42:46:96:91:7a:f2:bd:3b: 490s b4:ff:3a:e2:5a:39:22:89:67:c4:0e:ab:82:8d:ae:eb:cf:f4: 490s f4:5a:6a:a4:ef:5b:96:27:38:c0:a9:45:1f:98:e1:ce:39:cb: 490s a5:2f 490s + openssl ca -passin pass:random-sub-intermediate-CA-password-17744 -config /tmp/sssd-softhsm2-certs-PUI8uq/test-sub-intermediate-CA.config -batch -notext -keyfile /tmp/sssd-softhsm2-certs-PUI8uq/test-sub-intermediate-CA-key.pem -in /tmp/sssd-softhsm2-certs-PUI8uq/test-sub-intermediate-CA-trusted-certificate-0001-request.pem -days 365 -extensions usr_cert -out /tmp/sssd-softhsm2-certs-PUI8uq/test-sub-intermediate-CA-trusted-certificate-0001.pem 490s Using configuration from /tmp/sssd-softhsm2-certs-PUI8uq/test-sub-intermediate-CA.config 490s Check that the request matches the signature 490s Signature ok 490s Certificate Details: 490s Serial Number: 5 (0x5) 490s Validity 490s Not Before: Nov 29 20:51:27 2024 GMT 490s Not After : Nov 29 20:51:27 2025 GMT 490s Subject: 490s organizationName = Test Organization 490s organizationalUnitName = Test Organization Unit 490s commonName = Test Organization Sub Intermediate Trusted Certificate 0001 490s X509v3 extensions: 490s X509v3 Authority Key Identifier: 490s 0B:6B:3F:A3:AE:A0:07:9E:03:38:43:6B:F8:93:15:5A:2F:99:6A:32 490s X509v3 Basic Constraints: 490s CA:FALSE 490s Netscape Cert Type: 490s SSL Client, S/MIME 490s Netscape Comment: 490s Test Organization Sub Intermediate CA trusted Certificate 490s X509v3 Subject Key Identifier: 490s F4:1C:7D:42:2F:34:2E:7E:85:95:80:D2:40:C6:82:0C:A1:5D:D9:DD 490s X509v3 Key Usage: critical 490s Digital Signature, Non Repudiation, Key Encipherment 490s X509v3 Extended Key Usage: 490s TLS Web Client Authentication, E-mail Protection 490s X509v3 Subject Alternative Name: 490s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 490s Certificate is to be certified until Nov 29 20:51:27 2025 GMT (365 days) 490s 490s Write out database with 1 new entries 490s Database updated 490s + openssl x509 -noout -in /tmp/sssd-softhsm2-certs-PUI8uq/test-sub-intermediate-CA-trusted-certificate-0001.pem 490s This certificate should not be trusted fully 490s + echo 'This certificate should not be trusted fully' 490s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-certs-PUI8uq/test-sub-intermediate-CA.pem /tmp/sssd-softhsm2-certs-PUI8uq/test-sub-intermediate-CA-trusted-certificate-0001.pem 490s + local cmd=openssl 490s + shift 490s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-PUI8uq/test-sub-intermediate-CA.pem /tmp/sssd-softhsm2-certs-PUI8uq/test-sub-intermediate-CA-trusted-certificate-0001.pem 490s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 490s error 2 at 1 depth lookup: unable to get issuer certificate 490s error /tmp/sssd-softhsm2-certs-PUI8uq/test-sub-intermediate-CA-trusted-certificate-0001.pem: verification failed 490s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-certs-PUI8uq/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-PUI8uq/test-sub-intermediate-CA-trusted-certificate-0001.pem 490s + local cmd=openssl 490s + shift 490s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-PUI8uq/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-PUI8uq/test-sub-intermediate-CA-trusted-certificate-0001.pem 490s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 490s error 20 at 0 depth lookup: unable to get local issuer certificate 490s error /tmp/sssd-softhsm2-certs-PUI8uq/test-sub-intermediate-CA-trusted-certificate-0001.pem: verification failed 490s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-certs-PUI8uq/test-sub-intermediate-CA.pem /tmp/sssd-softhsm2-certs-PUI8uq/test-sub-intermediate-CA-trusted-certificate-0001.pem 490s /tmp/sssd-softhsm2-certs-PUI8uq/test-sub-intermediate-CA-trusted-certificate-0001.pem: OK 490s + expect_fail openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-certs-PUI8uq/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-PUI8uq/test-sub-intermediate-CA-trusted-certificate-0001.pem 490s + local cmd=openssl 490s + shift 490s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-certs-PUI8uq/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-PUI8uq/test-sub-intermediate-CA-trusted-certificate-0001.pem 490s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 490s error 20 at 0 depth lookup: unable to get local issuer certificate 490s error /tmp/sssd-softhsm2-certs-PUI8uq/test-sub-intermediate-CA-trusted-certificate-0001.pem: verification failed 490s + echo 'Building a the full-chain CA file...' 490s Building a the full-chain CA file... 490s + cat /tmp/sssd-softhsm2-certs-PUI8uq/test-root-CA.pem /tmp/sssd-softhsm2-certs-PUI8uq/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-PUI8uq/test-sub-intermediate-CA.pem 490s + cat /tmp/sssd-softhsm2-certs-PUI8uq/test-root-CA.pem /tmp/sssd-softhsm2-certs-PUI8uq/test-intermediate-CA.pem 490s + cat /tmp/sssd-softhsm2-certs-PUI8uq/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-PUI8uq/test-sub-intermediate-CA.pem 490s + openssl crl2pkcs7 -nocrl -certfile /tmp/sssd-softhsm2-certs-PUI8uq/test-full-chain-CA.pem 490s + openssl pkcs7 -print_certs -noout 490s subject=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 490s issuer=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 490s 490s subject=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 490s issuer=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 490s 490s subject=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 490s issuer=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 490s 490s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-PUI8uq/test-full-chain-CA.pem /tmp/sssd-softhsm2-certs-PUI8uq/test-intermediate-CA.pem 490s /tmp/sssd-softhsm2-certs-PUI8uq/test-intermediate-CA.pem: OK 490s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-PUI8uq/test-full-chain-CA.pem /tmp/sssd-softhsm2-certs-PUI8uq/test-root-CA-trusted-certificate-0001.pem 490s /tmp/sssd-softhsm2-certs-PUI8uq/test-root-CA-trusted-certificate-0001.pem: OK 490s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-PUI8uq/test-full-chain-CA.pem /tmp/sssd-softhsm2-certs-PUI8uq/test-intermediate-CA-trusted-certificate-0001.pem 490s /tmp/sssd-softhsm2-certs-PUI8uq/test-intermediate-CA-trusted-certificate-0001.pem: OK 490s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-PUI8uq/test-full-chain-CA.pem /tmp/sssd-softhsm2-certs-PUI8uq/test-root-intermediate-chain-CA.pem 490s /tmp/sssd-softhsm2-certs-PUI8uq/test-root-intermediate-chain-CA.pem: OK 490s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-PUI8uq/test-full-chain-CA.pem /tmp/sssd-softhsm2-certs-PUI8uq/test-sub-intermediate-CA-trusted-certificate-0001.pem 490s /tmp/sssd-softhsm2-certs-PUI8uq/test-sub-intermediate-CA-trusted-certificate-0001.pem: OK 490s + echo 'Certificates generation completed!' 490s + [[ -v NO_SSSD_TESTS ]] 490s + [[ -v GENERATE_SMART_CARDS ]] 490s + prepare_softhsm2_card /tmp/sssd-softhsm2-certs-PUI8uq/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-13702 490s + local certificate=/tmp/sssd-softhsm2-certs-PUI8uq/test-root-CA-trusted-certificate-0001.pem 490s + local key_pass=pass:random-root-ca-trusted-cert-0001-13702 490s + local key_cn 490s + local key_name 490s + local tokens_dir 490s + local output_cert_file 490s + token_name= 490s Certificates generation completed! 490s ++ basename /tmp/sssd-softhsm2-certs-PUI8uq/test-root-CA-trusted-certificate-0001.pem .pem 490s + key_name=test-root-CA-trusted-certificate-0001 490s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-certs-PUI8uq/test-root-CA-trusted-certificate-0001.pem 490s ++ sed -n 's/ *commonName *= //p' 490s + key_cn='Test Organization Root Trusted Certificate 0001' 490s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 490s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-certs-PUI8uq/softhsm2-test-root-CA-trusted-certificate-0001.conf 490s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-certs-PUI8uq/softhsm2-test-root-CA-trusted-certificate-0001.conf 490s ++ basename /tmp/sssd-softhsm2-certs-PUI8uq/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 490s + tokens_dir=/tmp/sssd-softhsm2-certs-PUI8uq/softhsm2-test-root-CA-trusted-certificate-0001 490s + token_name='Test Organization Root Tr Token' 490s + '[' '!' -e /tmp/sssd-softhsm2-certs-PUI8uq/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 490s + local key_file 490s + local decrypted_key 490s + mkdir -p /tmp/sssd-softhsm2-certs-PUI8uq/softhsm2-test-root-CA-trusted-certificate-0001 490s + key_file=/tmp/sssd-softhsm2-certs-PUI8uq/test-root-CA-trusted-certificate-0001-key.pem 490s + decrypted_key=/tmp/sssd-softhsm2-certs-PUI8uq/test-root-CA-trusted-certificate-0001-key-decrypted.pem 490s + cat 490s + softhsm2-util --init-token --label 'Test Organization Root Tr Token' --pin 123456 --so-pin 123456 --free 490s Slot 0 has a free/uninitialized token. 490s The token has been initialized and is reassigned to slot 1191481351 490s + softhsm2-util --show-slots 490s Available slots: 490s Slot 1191481351 490s Slot info: 490s Description: SoftHSM slot ID 0x47049007 490s Manufacturer ID: SoftHSM project 490s Hardware version: 2.6 490s Firmware version: 2.6 490s Token present: yes 490s Token info: 490s Manufacturer ID: SoftHSM project 490s Model: SoftHSM v2 490s Hardware version: 2.6 490s Firmware version: 2.6 490s Serial number: 9692ea2d47049007 490s Initialized: yes 490s User PIN init.: yes 490s Label: Test Organization Root Tr Token 490s Slot 1 490s Slot info: 490s Description: SoftHSM slot ID 0x1 490s Manufacturer ID: SoftHSM project 490s Hardware version: 2.6 490s Firmware version: 2.6 490s Token present: yes 490s Token info: 490s Manufacturer ID: SoftHSM project 490s Model: SoftHSM v2 490s Hardware version: 2.6 490s Firmware version: 2.6 490s Serial number: 490s Initialized: no 490s User PIN init.: no 490s Label: 490s + p11tool --provider=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=/tmp/sssd-softhsm2-certs-PUI8uq/test-root-CA-trusted-certificate-0001.pem --login --set-pin=123456 --label 'Test Organization Root Trusted Certificate 0001' --id 00112233445566778899FFAABBCCDDEEFF012345 490s + openssl rsa -passin pass:random-root-ca-trusted-cert-0001-13702 -in /tmp/sssd-softhsm2-certs-PUI8uq/test-root-CA-trusted-certificate-0001-key.pem -out /tmp/sssd-softhsm2-certs-PUI8uq/test-root-CA-trusted-certificate-0001-key-decrypted.pem 490s writing RSA key 490s + p11tool --provider=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so --write --load-privkey=/tmp/sssd-softhsm2-certs-PUI8uq/test-root-CA-trusted-certificate-0001-key-decrypted.pem --login --set-pin=123456 --label 'Test Organization Root Trusted Certificate 0001 Key' --id 00112233445566778899FFAABBCCDDEEFF012345 490s + rm /tmp/sssd-softhsm2-certs-PUI8uq/test-root-CA-trusted-certificate-0001-key-decrypted.pem 490s + p11tool --provider=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so --list-all 490s Object 0: 490s URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=9692ea2d47049007;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert 490s Type: X.509 Certificate (RSA-1024) 490s Expires: Sat Nov 29 20:51:27 2025 490s Label: Test Organization Root Trusted Certificate 0001 490s ID: 00:11:22:33:44:55:66:77:88:99:ff:aa:bb:cc:dd:ee:ff:01:23:45 490s 490s + echo 'Test Organization Root Tr Token' 490s Test Organization Root Tr Token 490s + prepare_softhsm2_card /tmp/sssd-softhsm2-certs-PUI8uq/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-12014 490s + local certificate=/tmp/sssd-softhsm2-certs-PUI8uq/test-intermediate-CA-trusted-certificate-0001.pem 490s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-12014 490s + local key_cn 490s + local key_name 490s + local tokens_dir 490s + local output_cert_file 490s + token_name= 490s ++ basename /tmp/sssd-softhsm2-certs-PUI8uq/test-intermediate-CA-trusted-certificate-0001.pem .pem 490s + key_name=test-intermediate-CA-trusted-certificate-0001 490s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-certs-PUI8uq/test-intermediate-CA-trusted-certificate-0001.pem 490s ++ sed -n 's/ *commonName *= //p' 490s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 490s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 490s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-certs-PUI8uq/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 490s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-certs-PUI8uq/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 490s ++ basename /tmp/sssd-softhsm2-certs-PUI8uq/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 490s + tokens_dir=/tmp/sssd-softhsm2-certs-PUI8uq/softhsm2-test-intermediate-CA-trusted-certificate-0001 490s + token_name='Test Organization Interme Token' 490s + '[' '!' -e /tmp/sssd-softhsm2-certs-PUI8uq/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 490s + local key_file 490s + local decrypted_key 490s + mkdir -p /tmp/sssd-softhsm2-certs-PUI8uq/softhsm2-test-intermediate-CA-trusted-certificate-0001 490s + key_file=/tmp/sssd-softhsm2-certs-PUI8uq/test-intermediate-CA-trusted-certificate-0001-key.pem 490s + decrypted_key=/tmp/sssd-softhsm2-certs-PUI8uq/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 490s + cat 490s + softhsm2-util --init-token --label 'Test Organization Interme Token' --pin 123456 --so-pin 123456 --free 490s Slot 0 has a free/uninitialized token. 490s The token has been initialized and is reassigned to slot 2002760465 490s + softhsm2-util --show-slots 490s Available slots: 490s Slot 2002760465 490s Slot info: 490s Description: SoftHSM slot ID 0x775fb311 490s Manufacturer ID: SoftHSM project 490s Hardware version: 2.6 490s Firmware version: 2.6 490s Token present: yes 490s Token info: 490s Manufacturer ID: SoftHSM project 490s Model: SoftHSM v2 490s Hardware version: 2.6 490s Firmware version: 2.6 490s Serial number: 80425681775fb311 490s Initialized: yes 490s User PIN init.: yes 490s Label: Test Organization Interme Token 490s Slot 1 490s Slot info: 490s Description: SoftHSM slot ID 0x1 490s Manufacturer ID: SoftHSM project 490s Hardware version: 2.6 490s Firmware version: 2.6 490s Token present: yes 490s Token info: 490s Manufacturer ID: SoftHSM project 490s Model: SoftHSM v2 490s Hardware version: 2.6 490s Firmware version: 2.6 490s Serial number: 490s Initialized: no 490s User PIN init.: no 490s Label: 490s + p11tool --provider=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=/tmp/sssd-softhsm2-certs-PUI8uq/test-intermediate-CA-trusted-certificate-0001.pem --login --set-pin=123456 --label 'Test Organization Intermediate Trusted Certificate 0001' --id 00112233445566778899FFAABBCCDDEEFF012345 490s + openssl rsa -passin pass:random-intermediate-ca-trusted-cert-0001-12014 -in /tmp/sssd-softhsm2-certs-PUI8uq/test-intermediate-CA-trusted-certificate-0001-key.pem -out /tmp/sssd-softhsm2-certs-PUI8uq/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 490s writing RSA key 490s + p11tool --provider=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so --write --load-privkey=/tmp/sssd-softhsm2-certs-PUI8uq/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem --login --set-pin=123456 --label 'Test Organization Intermediate Trusted Certificate 0001 Key' --id 00112233445566778899FFAABBCCDDEEFF012345 490s + rm /tmp/sssd-softhsm2-certs-PUI8uq/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 490s + p11tool --provider=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so --list-all 490s Object 0: 490s URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=80425681775fb311;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert 490s Type: X.509 Certificate (RSA-1024) 490s Expires: Sat Nov 29 20:51:27 2025 490s Label: Test Organization Intermediate Trusted Certificate 0001 490s ID: 00:11:22:33:44:55:66:77:88:99:ff:aa:bb:cc:dd:ee:ff:01:23:45 490s 490s + echo 'Test Organization Interme Token' 490s + prepare_softhsm2_card /tmp/sssd-softhsm2-certs-PUI8uq/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-13876 490s + local certificate=/tmp/sssd-softhsm2-certs-PUI8uq/test-sub-intermediate-CA-trusted-certificate-0001.pem 490s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-13876 490s + local key_cn 490s Test Organization Interme Token 490s + local key_name 490s + local tokens_dir 490s + local output_cert_file 490s + token_name= 490s ++ basename /tmp/sssd-softhsm2-certs-PUI8uq/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 490s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 490s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-certs-PUI8uq/test-sub-intermediate-CA-trusted-certificate-0001.pem 490s ++ sed -n 's/ *commonName *= //p' 490s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 490s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 490s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-certs-PUI8uq/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 490s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-certs-PUI8uq/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 490s ++ basename /tmp/sssd-softhsm2-certs-PUI8uq/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 490s + tokens_dir=/tmp/sssd-softhsm2-certs-PUI8uq/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 490s + token_name='Test Organization Sub Int Token' 490s + '[' '!' -e /tmp/sssd-softhsm2-certs-PUI8uq/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 490s + local key_file 490s + local decrypted_key 490s + mkdir -p /tmp/sssd-softhsm2-certs-PUI8uq/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 490s + key_file=/tmp/sssd-softhsm2-certs-PUI8uq/test-sub-intermediate-CA-trusted-certificate-0001-key.pem 490s + decrypted_key=/tmp/sssd-softhsm2-certs-PUI8uq/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 490s + cat 490s + softhsm2-util --init-token --label 'Test Organization Sub Int Token' --pin 123456 --so-pin 123456 --free 490s Slot 0 has a free/uninitialized token. 490s The token has been initialized and is reassigned to slot 2044941867 490s + softhsm2-util --show-slots 490s Available slots: 490s Slot 2044941867 490s Slot info: 490s Description: SoftHSM slot ID 0x79e3562b 490s Manufacturer ID: SoftHSM project 490s Hardware version: 2.6 490s Firmware version: 2.6 490s Token present: yes 490s Token info: 490s Manufacturer ID: SoftHSM project 490s Model: SoftHSM v2 490s Hardware version: 2.6 490s Firmware version: 2.6 490s Serial number: 7fd6c0cef9e3562b 490s Initialized: yes 490s User PIN init.: yes 490s Label: Test Organization Sub Int Token 490s Slot 1 490s Slot info: 490s Description: SoftHSM slot ID 0x1 490s Manufacturer ID: SoftHSM project 490s Hardware version: 2.6 490s Firmware version: 2.6 490s Token present: yes 490s Token info: 490s Manufacturer ID: SoftHSM project 490s Model: SoftHSM v2 490s Hardware version: 2.6 490s Firmware version: 2.6 490s Serial number: 490s Initialized: no 490s User PIN init.: no 490s Label: 490s + p11tool --provider=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=/tmp/sssd-softhsm2-certs-PUI8uq/test-sub-intermediate-CA-trusted-certificate-0001.pem --login --set-pin=123456 --label 'Test Organization Sub Intermediate Trusted Certificate 0001' --id 00112233445566778899FFAABBCCDDEEFF012345 490s + openssl rsa -passin pass:random-sub-intermediate-ca-trusted-cert-0001-13876 -in /tmp/sssd-softhsm2-certs-PUI8uq/test-sub-intermediate-CA-trusted-certificate-0001-key.pem -out /tmp/sssd-softhsm2-certs-PUI8uq/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 490s writing RSA key 490s + p11tool --provider=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so --write --load-privkey=/tmp/sssd-softhsm2-certs-PUI8uq/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem --login --set-pin=123456 --label 'Test Organization Sub Intermediate Trusted Certificate 0001 Key' --id 00112233445566778899FFAABBCCDDEEFF012345 490s + rm /tmp/sssd-softhsm2-certs-PUI8uq/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 490s + p11tool --provider=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so --list-all 490s Object 0: 490s URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=7fd6c0cef9e3562b;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert 490s Type: X.509 Certificate (RSA-1024) 490s Expires: Sat Nov 29 20:51:27 2025 490s Label: Test Organization Sub Intermediate Trusted Certificate 0001 490s ID: 00:11:22:33:44:55:66:77:88:99:ff:aa:bb:cc:dd:ee:ff:01:23:45 490s 490s + echo 'Test Organization Sub Int Token' 490s + echo 'Certificates generation completed!' 490s + exit 0 490s + find /tmp/sssd-softhsm2-certs-PUI8uq -type d -exec chmod 777 '{}' ';' 490s Test Organization Sub Int Token 490s Certificates generation completed! 490s + find /tmp/sssd-softhsm2-certs-PUI8uq -type f -exec chmod 666 '{}' ';' 490s + backup_file /etc/sssd/sssd.conf 490s + '[' -z '' ']' 490s ++ mktemp -d -t sssd-softhsm2-backups-XXXXXX 490s + backupsdir=/tmp/sssd-softhsm2-backups-vmD9sH 490s + '[' -e /etc/sssd/sssd.conf ']' 490s + delete_paths+=("$1") 490s + rm -f /etc/sssd/sssd.conf 490s ++ runuser -u ubuntu -- sh -c 'echo ~' 490s + user_home=/home/ubuntu 490s + mkdir -p /home/ubuntu 490s + chown ubuntu:ubuntu /home/ubuntu 490s ++ runuser -u ubuntu -- sh -c 'echo ${XDG_CONFIG_HOME:-~/.config}' 490s + user_config=/home/ubuntu/.config 490s + system_config=/etc 490s + softhsm2_conf_paths=("${AUTOPKGTEST_NORMAL_USER}:$user_config/softhsm2/softhsm2.conf" "root:$system_config/softhsm/softhsm2.conf") 490s + for path_pair in "${softhsm2_conf_paths[@]}" 490s + IFS=: 490s + read -r -a path 490s + path=/home/ubuntu/.config/softhsm2/softhsm2.conf 490s + backup_file /home/ubuntu/.config/softhsm2/softhsm2.conf 490s + '[' -z /tmp/sssd-softhsm2-backups-vmD9sH ']' 490s + '[' -e /home/ubuntu/.config/softhsm2/softhsm2.conf ']' 490s + delete_paths+=("$1") 490s + rm -f /home/ubuntu/.config/softhsm2/softhsm2.conf 490s + for path_pair in "${softhsm2_conf_paths[@]}" 490s + IFS=: 490s + read -r -a path 490s + path=/etc/softhsm/softhsm2.conf 490s + backup_file /etc/softhsm/softhsm2.conf 490s + '[' -z /tmp/sssd-softhsm2-backups-vmD9sH ']' 490s + '[' -e /etc/softhsm/softhsm2.conf ']' 490s ++ dirname /etc/softhsm/softhsm2.conf 490s + local back_dir=/tmp/sssd-softhsm2-backups-vmD9sH//etc/softhsm 490s ++ basename /etc/softhsm/softhsm2.conf 490s + local back_path=/tmp/sssd-softhsm2-backups-vmD9sH//etc/softhsm/softhsm2.conf 490s + '[' '!' -e /tmp/sssd-softhsm2-backups-vmD9sH//etc/softhsm/softhsm2.conf ']' 490s + mkdir -p /tmp/sssd-softhsm2-backups-vmD9sH//etc/softhsm 490s + cp -a /etc/softhsm/softhsm2.conf /tmp/sssd-softhsm2-backups-vmD9sH//etc/softhsm/softhsm2.conf 490s + restore_paths+=("$back_path") 490s + rm -f /etc/softhsm/softhsm2.conf 490s + test_authentication login /tmp/sssd-softhsm2-certs-PUI8uq/softhsm2-test-root-CA-trusted-certificate-0001.conf /tmp/sssd-softhsm2-certs-PUI8uq/test-full-chain-CA.pem 490s + pam_service=login 490s + certificate_config=/tmp/sssd-softhsm2-certs-PUI8uq/softhsm2-test-root-CA-trusted-certificate-0001.conf 490s + ca_db=/tmp/sssd-softhsm2-certs-PUI8uq/test-full-chain-CA.pem 490s + verification_options= 490s + mkdir -p -m 700 /etc/sssd 490s Using CA DB '/tmp/sssd-softhsm2-certs-PUI8uq/test-full-chain-CA.pem' with verification options: '' 490s + echo 'Using CA DB '\''/tmp/sssd-softhsm2-certs-PUI8uq/test-full-chain-CA.pem'\'' with verification options: '\'''\''' 490s + cat 490s + chmod 600 /etc/sssd/sssd.conf 490s + for path_pair in "${softhsm2_conf_paths[@]}" 490s + IFS=: 490s + read -r -a path 490s + user=ubuntu 490s + path=/home/ubuntu/.config/softhsm2/softhsm2.conf 490s ++ dirname /home/ubuntu/.config/softhsm2/softhsm2.conf 490s + runuser -u ubuntu -- mkdir -p /home/ubuntu/.config/softhsm2 490s + runuser -u ubuntu -- ln -sf /tmp/sssd-softhsm2-certs-PUI8uq/softhsm2-test-root-CA-trusted-certificate-0001.conf /home/ubuntu/.config/softhsm2/softhsm2.conf 490s + runuser -u ubuntu -- softhsm2-util --show-slots 490s + grep 'Test Organization' 490s Label: Test Organization Root Tr Token 490s + for path_pair in "${softhsm2_conf_paths[@]}" 490s + IFS=: 490s + read -r -a path 490s + user=root 490s + path=/etc/softhsm/softhsm2.conf 490s ++ dirname /etc/softhsm/softhsm2.conf 490s + runuser -u root -- mkdir -p /etc/softhsm 490s + runuser -u root -- ln -sf /tmp/sssd-softhsm2-certs-PUI8uq/softhsm2-test-root-CA-trusted-certificate-0001.conf /etc/softhsm/softhsm2.conf 490s + runuser -u root -- softhsm2-util --show-slots 490s + grep 'Test Organization' 490s Label: Test Organization Root Tr Token 490s + systemctl restart sssd 490s + pam-auth-update --disable sss-smart-card-optional sss-smart-card-required 491s + for alternative in "${alternative_pam_configs[@]}" 491s + pam-auth-update --enable sss-smart-card-optional 491s + cat /etc/pam.d/common-auth 491s # 491s # /etc/pam.d/common-auth - authentication settings common to all services 491s # 491s # This file is included from other service-specific PAM config files, 491s # and should contain a list of the authentication modules that define 491s # the central authentication scheme for use on the system 491s # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the 491s # traditional Unix authentication mechanisms. 491s # 491s # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. 491s # To take advantage of this, it is recommended that you configure any 491s # local modules either before or after the default block, and use 491s # pam-auth-update to manage selection of other modules. See 491s # pam-auth-update(8) for details. 491s 491s # here are the per-package modules (the "Primary" block) 491s auth [success=3 default=ignore] pam_sss.so allow_missing_name try_cert_auth 491s auth [success=2 default=ignore] pam_unix.so nullok try_first_pass 491s auth [success=1 default=ignore] pam_sss.so use_first_pass 491s # here's the fallback if no module succeeds 491s auth requisite pam_deny.so 491s # prime the stack with a positive return value if there isn't one already; 491s # this avoids us returning an error just because nothing sets a success code 491s # since the modules above will each just jump around 491s auth required pam_permit.so 491s # and here are more per-package modules (the "Additional" block) 491s auth optional pam_cap.so 491s # end of pam-auth-update config 491s + echo -n -e 123456 491s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 491s pamtester: invoking pam_start(login, ubuntu, ...) 491s pamtester: performing operation - authenticate 491s PIN for Test Organization Root Tr Token: pamtester: successfully authenticated 491s + echo -n -e 123456 491s + runuser -u ubuntu -- pamtester -v login '' authenticate 491s pamtester: invoking pam_start(login, , ...) 491s pamtester: performing operation - authenticate 491s PIN for Test Organization Root Tr Token: pamtester: successfully authenticated 491s + echo -n -e wrong123456 491s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 491s pamtester: invoking pam_start(login, ubuntu, ...) 491s pamtester: performing operation - authenticate 495s PIN for Test Organization Root Tr Token: Password: pamtester: Authentication failure 495s + echo -n -e wrong123456 495s + runuser -u ubuntu -- pamtester -v login '' authenticate 495s pamtester: invoking pam_start(login, , ...) 495s pamtester: performing operation - authenticate 498s PIN for Test Organization Root Tr Token: Password: pamtester: Authentication failure 498s + echo -n -e 123456 498s + pamtester -v login root authenticate 498s pamtester: invoking pam_start(login, root, ...) 498s pamtester: performing operation - authenticate 502s Password: pamtester: Authentication failure 502s + for alternative in "${alternative_pam_configs[@]}" 502s + pam-auth-update --enable sss-smart-card-required 502s PAM configuration 502s ----------------- 502s 502s Incompatible PAM profiles selected. 502s 502s The following PAM profiles cannot be used together: 502s 502s SSS required smart card authentication, SSS optional smart card 502s authentication 502s 502s Please select a different set of modules to enable. 502s 502s + cat /etc/pam.d/common-auth 502s + echo -n -e 123456 502s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 502s # 502s # /etc/pam.d/common-auth - authentication settings common to all services 502s # 502s # This file is included from other service-specific PAM config files, 502s # and should contain a list of the authentication modules that define 502s # the central authentication scheme for use on the system 502s # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the 502s # traditional Unix authentication mechanisms. 502s # 502s # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. 502s # To take advantage of this, it is recommended that you configure any 502s # local modules either before or after the default block, and use 502s # pam-auth-update to manage selection of other modules. See 502s # pam-auth-update(8) for details. 502s 502s # here are the per-package modules (the "Primary" block) 502s auth [success=3 ignore=ignore default=die] pam_sss.so allow_missing_name require_cert_auth 502s auth [success=2 default=ignore] pam_unix.so nullok try_first_pass 502s auth [success=1 default=ignore] pam_sss.so use_first_pass 502s # here's the fallback if no module succeeds 502s auth requisite pam_deny.so 502s # prime the stack with a positive return value if there isn't one already; 502s # this avoids us returning an error just because nothing sets a success code 502s # since the modules above will each just jump around 502s auth required pam_permit.so 502s # and here are more per-package modules (the "Additional" block) 502s auth optional pam_cap.so 502s # end of pam-auth-update config 502s pamtester: invoking pam_start(login, ubuntu, ...) 502s pamtester: performing operation - authenticate 502s PIN for Test Organization Root Tr Token: pamtester: successfully authenticated 502s + echo -n -e 123456 502s + runuser -u ubuntu -- pamtester -v login '' authenticate 502s pamtester: invoking pam_start(login, , ...) 502s pamtester: performing operation - authenticate 502s PIN for Test Organization Root Tr Token: pamtester: successfully authenticated 502s + echo -n -e wrong123456 502s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 502s pamtester: invoking pam_start(login, ubuntu, ...) 502s pamtester: performing operation - authenticate 505s PIN for Test Organization Root Tr Token: pamtester: Authentication failure 505s + echo -n -e wrong123456 505s + runuser -u ubuntu -- pamtester -v login '' authenticate 505s pamtester: invoking pam_start(login, , ...) 505s pamtester: performing operation - authenticate 509s PIN for Test Organization Root Tr Token: pamtester: Authentication failure 509s + echo -n -e 123456 509s + pamtester -v login root authenticate 509s pamtester: invoking pam_start(login, root, ...) 509s pamtester: performing operation - authenticate 512s pamtester: Authentication service cannot retrieve authentication info 512s + test_authentication login /tmp/sssd-softhsm2-certs-PUI8uq/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf /tmp/sssd-softhsm2-certs-PUI8uq/test-full-chain-CA.pem 512s + pam_service=login 512s + certificate_config=/tmp/sssd-softhsm2-certs-PUI8uq/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 512s + ca_db=/tmp/sssd-softhsm2-certs-PUI8uq/test-full-chain-CA.pem 512s + verification_options= 512s + mkdir -p -m 700 /etc/sssd 512s Using CA DB '/tmp/sssd-softhsm2-certs-PUI8uq/test-full-chain-CA.pem' with verification options: '' 512s + echo 'Using CA DB '\''/tmp/sssd-softhsm2-certs-PUI8uq/test-full-chain-CA.pem'\'' with verification options: '\'''\''' 512s + cat 512s + chmod 600 /etc/sssd/sssd.conf 512s + for path_pair in "${softhsm2_conf_paths[@]}" 512s + IFS=: 512s + read -r -a path 512s + user=ubuntu 512s + path=/home/ubuntu/.config/softhsm2/softhsm2.conf 512s ++ dirname /home/ubuntu/.config/softhsm2/softhsm2.conf 512s + runuser -u ubuntu -- mkdir -p /home/ubuntu/.config/softhsm2 512s + runuser -u ubuntu -- ln -sf /tmp/sssd-softhsm2-certs-PUI8uq/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf /home/ubuntu/.config/softhsm2/softhsm2.conf 512s + runuser -u ubuntu -- softhsm2-util --show-slots 512s + grep 'Test Organization' 512s Label: Test Organization Sub Int Token 512s + for path_pair in "${softhsm2_conf_paths[@]}" 512s + IFS=: 512s + read -r -a path 512s + user=root 512s + path=/etc/softhsm/softhsm2.conf 512s ++ dirname /etc/softhsm/softhsm2.conf 512s + runuser -u root -- mkdir -p /etc/softhsm 512s + runuser -u root -- ln -sf /tmp/sssd-softhsm2-certs-PUI8uq/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf /etc/softhsm/softhsm2.conf 512s + runuser -u root -- softhsm2-util --show-slots 512s + grep 'Test Organization' 512s Label: Test Organization Sub Int Token 512s + systemctl restart sssd 512s + pam-auth-update --disable sss-smart-card-optional sss-smart-card-required 512s + for alternative in "${alternative_pam_configs[@]}" 512s + pam-auth-update --enable sss-smart-card-optional 512s + cat /etc/pam.d/common-auth 512s # 512s # /etc/pam.d/common-auth - authentication settings common to all services 512s # 512s # This file is included from other service-specific PAM config files, 512s # and should contain a list of the authentication modules that define 512s # the central authentication scheme for use on the system 512s # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the 512s # traditional Unix authentication mechanisms. 512s # 512s # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. 512s # To take advantage of this, it is recommended that you configure any 512s # local modules either before or after the default block, and use 512s # pam-auth-update to manage selection of other modules. See 512s # pam-auth-update(8) for details. 512s 512s # here are the per-package modules (the "Primary" block) 512s auth [success=3 default=ignore] pam_sss.so allow_missing_name try_cert_auth 512s auth [success=2 default=ignore] pam_unix.so nullok try_first_pass 512s auth [success=1 default=ignore] pam_sss.so use_first_pass 512s # here's the fallback if no module succeeds 512s auth requisite pam_deny.so 512s # prime the stack with a positive return value if there isn't one already; 512s # this avoids us returning an error just because nothing sets a success code 512s # since the modules above will each just jump around 512s auth required pam_permit.so 512s # and here are more per-package modules (the "Additional" block) 512s auth optional pam_cap.so 512s # end of pam-auth-update config 512s + echo -n -e 123456 512s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 512s pamtester: invoking pam_start(login, ubuntu, ...) 512s pamtester: performing operation - authenticate 512s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 512s + echo -n -e 123456 512s + runuser -u ubuntu -- pamtester -v login '' authenticate 512s pamtester: invoking pam_start(login, , ...) 512s pamtester: performing operation - authenticate 512s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 512s + echo -n -e wrong123456 512s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 512s pamtester: invoking pam_start(login, ubuntu, ...) 512s pamtester: performing operation - authenticate 515s PIN for Test Organization Sub Int Token: Password: pamtester: Authentication failure 515s + echo -n -e wrong123456 515s + runuser -u ubuntu -- pamtester -v login '' authenticate 515s pamtester: invoking pam_start(login, , ...) 515s pamtester: performing operation - authenticate 519s PIN for Test Organization Sub Int Token: Password: pamtester: Authentication failure 519s + echo -n -e 123456 519s + pamtester -v login root authenticate 519s pamtester: invoking pam_start(login, root, ...) 519s pamtester: performing operation - authenticate 522s Password: pamtester: Authentication failure 522s + for alternative in "${alternative_pam_configs[@]}" 522s + pam-auth-update --enable sss-smart-card-required 522s PAM configuration 522s ----------------- 522s 522s Incompatible PAM profiles selected. 522s 522s The following PAM profiles cannot be used together: 522s 522s SSS required smart card authentication, SSS optional smart card 522s authentication 522s 522s Please select a different set of modules to enable. 522s 522s + cat /etc/pam.d/common-auth 522s # 522s # /etc/pam.d/common-auth - authentication settings common to all services 522s # 522s # This file is included from other service-specific PAM config files, 522s # and should contain a list of the authentication modules that define 522s # the central authentication scheme for use on the system 522s # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the 522s # traditional Unix authentication mechanisms. 522s # 522s # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. 522s # To take advantage of this, it is recommended that you configure any 522s # local modules either before or after the default block, and use 522s # pam-auth-update to manage selection of other modules. See 522s # pam-auth-update(8) for details. 522s 522s # here are the per-package modules (the "Primary" block) 522s auth [success=3 ignore=ignore default=die] pam_sss.so allow_missing_name require_cert_auth 522s auth [success=2 default=ignore] pam_unix.so nullok try_first_pass 522s auth [success=1 default=ignore] pam_sss.so use_first_pass 522s # here's the fallback if no module succeeds 522s auth requisite pam_deny.so 522s # prime the stack with a positive return value if there isn't one already; 522s # this avoids us returning an error just because nothing sets a success code 522s # since the modules above will each just jump around 522s auth required pam_permit.so 522s # and here are more per-package modules (the "Additional" block) 522s auth optional pam_cap.so 522s # end of pam-auth-update config 522s + echo -n -e 123456 522s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 522s pamtester: invoking pam_start(login, ubuntu, ...) 522s pamtester: performing operation - authenticate 522s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 522s + echo -n -e 123456 522s + runuser -u ubuntu -- pamtester -v login '' authenticate 522s pamtester: invoking pam_start(login, , ...) 522s pamtester: performing operation - authenticate 522s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 522s + echo -n -e wrong123456 522s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 522s pamtester: invoking pam_start(login, ubuntu, ...) 522s pamtester: performing operation - authenticate 526s PIN for Test Organization Sub Int Token: pamtester: Authentication failure 526s + echo -n -e wrong123456 526s + runuser -u ubuntu -- pamtester -v login '' authenticate 526s pamtester: invoking pam_start(login, , ...) 526s pamtester: performing operation - authenticate 528s PIN for Test Organization Sub Int Token: pamtester: Authentication failure 528s + echo -n -e 123456 528s + pamtester -v login root authenticate 528s pamtester: invoking pam_start(login, root, ...) 528s pamtester: performing operation - authenticate 532s pamtester: Authentication service cannot retrieve authentication info 532s + test_authentication login /tmp/sssd-softhsm2-certs-PUI8uq/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf /tmp/sssd-softhsm2-certs-PUI8uq/test-sub-intermediate-CA.pem partial_chain 532s + pam_service=login 532s + certificate_config=/tmp/sssd-softhsm2-certs-PUI8uq/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 532s + ca_db=/tmp/sssd-softhsm2-certs-PUI8uq/test-sub-intermediate-CA.pem 532s + verification_options=partial_chain 532s + mkdir -p -m 700 /etc/sssd 532s Using CA DB '/tmp/sssd-softhsm2-certs-PUI8uq/test-sub-intermediate-CA.pem' with verification options: 'partial_chain' 532s + echo 'Using CA DB '\''/tmp/sssd-softhsm2-certs-PUI8uq/test-sub-intermediate-CA.pem'\'' with verification options: '\''partial_chain'\''' 532s + cat 532s + chmod 600 /etc/sssd/sssd.conf 532s + for path_pair in "${softhsm2_conf_paths[@]}" 532s + IFS=: 532s + read -r -a path 532s + user=ubuntu 532s + path=/home/ubuntu/.config/softhsm2/softhsm2.conf 532s ++ dirname /home/ubuntu/.config/softhsm2/softhsm2.conf 532s + runuser -u ubuntu -- mkdir -p /home/ubuntu/.config/softhsm2 532s + runuser -u ubuntu -- ln -sf /tmp/sssd-softhsm2-certs-PUI8uq/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf /home/ubuntu/.config/softhsm2/softhsm2.conf 532s Label: Test Organization Sub Int Token 532s Label: Test Organization Sub Int Token 532s + runuser -u ubuntu -- softhsm2-util --show-slots 532s + grep 'Test Organization' 532s + for path_pair in "${softhsm2_conf_paths[@]}" 532s + IFS=: 532s + read -r -a path 532s + user=root 532s + path=/etc/softhsm/softhsm2.conf 532s ++ dirname /etc/softhsm/softhsm2.conf 532s + runuser -u root -- mkdir -p /etc/softhsm 532s + runuser -u root -- ln -sf /tmp/sssd-softhsm2-certs-PUI8uq/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf /etc/softhsm/softhsm2.conf 532s + runuser -u root -- softhsm2-util --show-slots 532s + grep 'Test Organization' 532s + systemctl restart sssd 532s + pam-auth-update --disable sss-smart-card-optional sss-smart-card-required 533s + for alternative in "${alternative_pam_configs[@]}" 533s + pam-auth-update --enable sss-smart-card-optional 533s + cat /etc/pam.d/common-auth 533s # 533s # /etc/pam.d/common-auth - authentication settings common to all services 533s # 533s # This file is included from other service-specific PAM config files, 533s # and should contain a list of the authentication modules that define 533s # the central authentication scheme for use on the system 533s # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the 533s # traditional Unix authentication mechanisms. 533s # 533s # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. 533s # To take advantage of this, it is recommended that you configure any 533s # local modules either before or after the default block, and use 533s # pam-auth-update to manage selection of other modules. See 533s # pam-auth-update(8) for details. 533s 533s # here are the per-package modules (the "Primary" block) 533s auth [success=3 default=ignore] pam_sss.so allow_missing_name try_cert_auth 533s auth [success=2 default=ignore] pam_unix.so nullok try_first_pass 533s auth [success=1 default=ignore] pam_sss.so use_first_pass 533s # here's the fallback if no module succeeds 533s auth requisite pam_deny.so 533s # prime the stack with a positive return value if there isn't one already; 533s # this avoids us returning an error just because nothing sets a success code 533s # since the modules above will each just jump around 533s auth required pam_permit.so 533s # and here are more per-package modules (the "Additional" block) 533s auth optional pam_cap.so 533s # end of pam-auth-update config 533s + echo -n -e 123456 533s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 533s pamtester: invoking pam_start(login, ubuntu, ...) 533s pamtester: performing operation - authenticate 533s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 533s + echo -n -e 123456 533s + runuser -u ubuntu -- pamtester -v login '' authenticate 533s pamtester: invoking pam_start(login, , ...) 533s pamtester: performing operation - authenticate 533s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 533s + echo -n -e wrong123456 533s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 533s pamtester: invoking pam_start(login, ubuntu, ...) 533s pamtester: performing operation - authenticate 536s PIN for Test Organization Sub Int Token: Password: pamtester: Authentication failure 536s + echo -n -e wrong123456 536s + runuser -u ubuntu -- pamtester -v login '' authenticate 536s pamtester: invoking pam_start(login, , ...) 536s pamtester: performing operation - authenticate 538s PIN for Test Organization Sub Int Token: Password: pamtester: Authentication failure 538s + echo -n -e 123456 538s + pamtester -v login root authenticate 538s pamtester: invoking pam_start(login, root, ...) 538s pamtester: performing operation - authenticate 541s Password: pamtester: Authentication failure 541s + for alternative in "${alternative_pam_configs[@]}" 541s + pam-auth-update --enable sss-smart-card-required 542s PAM configuration 542s ----------------- 542s 542s Incompatible PAM profiles selected. 542s 542s The following PAM profiles cannot be used together: 542s 542s SSS required smart card authentication, SSS optional smart card 542s authentication 542s 542s Please select a different set of modules to enable. 542s 542s + cat /etc/pam.d/common-auth 542s # 542s # /etc/pam.d/common-auth - authentication settings common to all services 542s # 542s # This file is included from other service-specific PAM config files, 542s # and should contain a list of the authentication modules that define 542s # the central authentication scheme for use on the system 542s # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the 542s # traditional Unix authentication mechanisms. 542s # 542s # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. 542s # To take advantage of this, it is recommended that you configure any 542s # local modules either before or after the default block, and use 542s # pam-auth-update to manage selection of other modules. See 542s # pam-auth-update(8) for details. 542s 542s # here are the per-package modules (the "Primary" block) 542s auth [success=3 ignore=ignore default=die] pam_sss.so allow_missing_name require_cert_auth 542s auth [success=2 default=ignore] pam_unix.so nullok try_first_pass 542s auth [success=1 default=ignore] pam_sss.so use_first_pass 542s # here's the fallback if no module succeeds 542s auth requisite pam_deny.so 542s # prime the stack with a positive return value if there isn't one already; 542s # this avoids us returning an error just because nothing sets a success code 542s # since the modules above will each just jump around 542s auth required pam_permit.so 542s # and here are more per-package modules (the "Additional" block) 542s auth optional pam_cap.so 542s # end of pam-auth-update config 542s + echo -n -e 123456 542s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 542s pamtester: invoking pam_start(login, ubuntu, ...) 542s pamtester: performing operation - authenticate 542s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 542s + echo -n -e 123456 542s + runuser -u ubuntu -- pamtester -v login '' authenticate 542s pamtester: invoking pam_start(login, , ...) 542s pamtester: performing operation - authenticate 542s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 542s + echo -n -e wrong123456 542s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 542s pamtester: invoking pam_start(login, ubuntu, ...) 542s pamtester: performing operation - authenticate 545s PIN for Test Organization Sub Int Token: pamtester: Authentication failure 545s + echo -n -e wrong123456 545s + runuser -u ubuntu -- pamtester -v login '' authenticate 545s pamtester: invoking pam_start(login, , ...) 545s pamtester: performing operation - authenticate 548s PIN for Test Organization Sub Int Token: pamtester: Authentication failure 548s + echo -n -e 123456 548s + pamtester -v login root authenticate 548s pamtester: invoking pam_start(login, root, ...) 548s pamtester: performing operation - authenticate 550s pamtester: Authentication service cannot retrieve authentication info 550s + handle_exit 550s + exit_code=0 550s + restore_changes 550s + for path in "${restore_paths[@]}" 550s + local original_path 550s ++ realpath --strip --relative-base=/tmp/sssd-softhsm2-backups-vmD9sH /tmp/sssd-softhsm2-backups-vmD9sH//etc/softhsm/softhsm2.conf 550s + original_path=/etc/softhsm/softhsm2.conf 550s + rm /etc/softhsm/softhsm2.conf 550s + mv /tmp/sssd-softhsm2-backups-vmD9sH//etc/softhsm/softhsm2.conf /etc/softhsm/softhsm2.conf 550s + for path in "${delete_paths[@]}" 550s + rm -f /etc/sssd/sssd.conf 550s + for path in "${delete_paths[@]}" 550s + rm -f /home/ubuntu/.config/softhsm2/softhsm2.conf 550s + pam-auth-update --disable sss-smart-card-optional sss-smart-card-required 550s + '[' -e /etc/sssd/sssd.conf ']' 550s + systemctl stop sssd 550s + '[' -e /etc/softhsm/softhsm2.conf ']' 550s + chmod 600 /etc/softhsm/softhsm2.conf 550s + rm -rf /tmp/sssd-softhsm2-certs-PUI8uq 550s + '[' 0 = 0 ']' 550s + rm -rf /tmp/sssd-softhsm2-backups-vmD9sH 550s Script completed successfully! 550s + set +x 550s autopkgtest [20:52:27]: test sssd-smart-card-pam-auth-configs: -----------------------] 551s sssd-smart-card-pam-auth-configs PASS 551s autopkgtest [20:52:28]: test sssd-smart-card-pam-auth-configs: - - - - - - - - - - results - - - - - - - - - - 551s autopkgtest [20:52:28]: @@@@@@@@@@@@@@@@@@@@ summary 551s ldap-user-group-ldap-auth PASS 551s ldap-user-group-krb5-auth PASS 551s sssd-softhism2-certificates-tests.sh PASS 551s sssd-smart-card-pam-auth-configs PASS 562s nova [W] Skipping flock for amd64 562s Creating nova instance adt-noble-amd64-sssd-20241129-204317-juju-7f2275-prod-proposed-migration-environment-15-09c02d8a-557a-44f9-85b7-8a68b239e927 from image adt/ubuntu-noble-amd64-server-20241129.img (UUID fa2a8eef-302d-47a2-9b6a-7628188a5bf7)... 562s nova [W] Skipping flock for amd64 562s Creating nova instance adt-noble-amd64-sssd-20241129-204317-juju-7f2275-prod-proposed-migration-environment-15-09c02d8a-557a-44f9-85b7-8a68b239e927 from image adt/ubuntu-noble-amd64-server-20241129.img (UUID fa2a8eef-302d-47a2-9b6a-7628188a5bf7)...