0s autopkgtest [00:21:54]: starting date: 2024-03-05 0s autopkgtest [00:21:54]: git checkout: d9c0295 adt_testbed.py: supress warnings from apt using a shell pipeline 0s autopkgtest [00:21:54]: host juju-7f2275-prod-proposed-migration-environment-2; command line: /home/ubuntu/autopkgtest/runner/autopkgtest --output-dir /tmp/autopkgtest-work.b0yjznvw/out --timeout-copy=6000 --setup-commands /home/ubuntu/autopkgtest-cloud/worker-config-production/setup-canonical.sh --setup-commands /home/ubuntu/autopkgtest/setup-commands/setup-testbed --apt-pocket=proposed=src:jose,src:openssl --apt-upgrade sssd --timeout-short=300 --timeout-copy=20000 --timeout-build=20000 '--env=ADT_TEST_TRIGGERS=jose/11-3build1 openssl/3.0.10-1ubuntu5' -- ssh -s /home/ubuntu/autopkgtest/ssh-setup/nova -- --flavor autopkgtest --security-groups autopkgtest-juju-7f2275-prod-proposed-migration-environment-2@bos03-arm64-13.secgroup --name adt-noble-arm64-sssd-20240305-002154-juju-7f2275-prod-proposed-migration-environment-2 --image adt/ubuntu-noble-arm64-server --keyname testbed-juju-7f2275-prod-proposed-migration-environment-2 --net-id=net_prod-proposed-migration -e TERM=linux -e ''"'"'http_proxy=http://squid.internal:3128'"'"'' -e ''"'"'https_proxy=http://squid.internal:3128'"'"'' -e ''"'"'no_proxy=127.0.0.1,127.0.1.1,login.ubuntu.com,localhost,localdomain,novalocal,internal,archive.ubuntu.com,ports.ubuntu.com,security.ubuntu.com,ddebs.ubuntu.com,changelogs.ubuntu.com,launchpadlibrarian.net,launchpadcontent.net,launchpad.net,10.24.0.0/24,keystone.ps5.canonical.com,objectstorage.prodstack5.canonical.com'"'"'' --mirror=http://ftpmaster.internal/ubuntu/ 116s autopkgtest [00:23:50]: @@@@@@@@@@@@@@@@@@@@ test bed setup 116s Get:1 http://ftpmaster.internal/ubuntu noble-proposed InRelease [117 kB] 117s Get:2 http://ftpmaster.internal/ubuntu noble-proposed/universe Sources [1755 kB] 119s Get:3 http://ftpmaster.internal/ubuntu noble-proposed/main Sources [313 kB] 120s Get:4 http://ftpmaster.internal/ubuntu noble-proposed/restricted Sources [3976 B] 120s Get:5 http://ftpmaster.internal/ubuntu noble-proposed/multiverse Sources [23.8 kB] 120s Get:6 http://ftpmaster.internal/ubuntu noble-proposed/main arm64 Packages [422 kB] 121s Get:7 http://ftpmaster.internal/ubuntu noble-proposed/main arm64 c-n-f Metadata [3144 B] 121s Get:8 http://ftpmaster.internal/ubuntu noble-proposed/restricted arm64 Packages [20.3 kB] 121s Get:9 http://ftpmaster.internal/ubuntu noble-proposed/restricted arm64 c-n-f Metadata [116 B] 121s Get:10 http://ftpmaster.internal/ubuntu noble-proposed/universe arm64 Packages [2019 kB] 123s Get:11 http://ftpmaster.internal/ubuntu noble-proposed/universe arm64 c-n-f Metadata [8528 B] 123s Get:12 http://ftpmaster.internal/ubuntu noble-proposed/multiverse arm64 Packages [14.0 kB] 123s Get:13 http://ftpmaster.internal/ubuntu noble-proposed/multiverse arm64 c-n-f Metadata [116 B] 124s Fetched 4700 kB in 7s (648 kB/s) 125s Reading package lists... 128s Reading package lists... 128s Building dependency tree... 128s Reading state information... 129s Calculating upgrade... 129s The following packages will be REMOVED: 129s libssl3 129s The following NEW packages will be installed: 129s libssl3t64 129s The following packages will be upgraded: 129s dbus dbus-bin dbus-daemon dbus-session-bus-common dbus-system-bus-common 129s dbus-user-session gcc-13-base libdbus-1-3 libksba8 libpython3-stdlib openssl 129s python3 python3-minimal 129s 13 upgraded, 1 newly installed, 1 to remove and 0 not upgraded. 129s Need to get 3532 kB of archives. 129s After this operation, 70.7 kB of additional disk space will be used. 129s Get:1 http://ftpmaster.internal/ubuntu noble-proposed/main arm64 openssl arm64 3.0.10-1ubuntu5 [982 kB] 130s Get:2 http://ftpmaster.internal/ubuntu noble-proposed/main arm64 libssl3t64 arm64 3.0.10-1ubuntu5 [1763 kB] 131s Get:3 http://ftpmaster.internal/ubuntu noble/main arm64 python3-minimal arm64 3.12.1-0ubuntu2 [27.0 kB] 131s Get:4 http://ftpmaster.internal/ubuntu noble/main arm64 python3 arm64 3.12.1-0ubuntu2 [24.1 kB] 131s Get:5 http://ftpmaster.internal/ubuntu noble/main arm64 libpython3-stdlib arm64 3.12.1-0ubuntu2 [9742 B] 131s Get:6 http://ftpmaster.internal/ubuntu noble/main arm64 gcc-13-base arm64 13.2.0-17ubuntu2 [47.4 kB] 131s Get:7 http://ftpmaster.internal/ubuntu noble/main arm64 dbus-system-bus-common all 1.14.10-4ubuntu1 [81.4 kB] 131s Get:8 http://ftpmaster.internal/ubuntu noble/main arm64 dbus-session-bus-common all 1.14.10-4ubuntu1 [80.2 kB] 131s Get:9 http://ftpmaster.internal/ubuntu noble/main arm64 dbus-user-session arm64 1.14.10-4ubuntu1 [9958 B] 131s Get:10 http://ftpmaster.internal/ubuntu noble/main arm64 dbus-daemon arm64 1.14.10-4ubuntu1 [115 kB] 131s Get:11 http://ftpmaster.internal/ubuntu noble/main arm64 dbus-bin arm64 1.14.10-4ubuntu1 [38.8 kB] 131s Get:12 http://ftpmaster.internal/ubuntu noble/main arm64 dbus arm64 1.14.10-4ubuntu1 [23.9 kB] 131s Get:13 http://ftpmaster.internal/ubuntu noble/main arm64 libdbus-1-3 arm64 1.14.10-4ubuntu1 [210 kB] 131s Get:14 http://ftpmaster.internal/ubuntu noble/main arm64 libksba8 arm64 1.6.6-1 [119 kB] 132s Fetched 3532 kB in 2s (2282 kB/s) 132s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 116535 files and directories currently installed.) 132s Preparing to unpack .../openssl_3.0.10-1ubuntu5_arm64.deb ... 132s Unpacking openssl (3.0.10-1ubuntu5) over (3.0.10-1ubuntu4) ... 132s dpkg: libssl3:arm64: dependency problems, but removing anyway as you requested: 132s wget depends on libssl3 (>= 3.0.0). 132s u-boot-tools depends on libssl3 (>= 3.0.0). 132s tnftp depends on libssl3 (>= 3.0.0). 132s tcpdump depends on libssl3 (>= 3.0.0). 132s systemd-resolved depends on libssl3 (>= 3.0.0). 132s systemd depends on libssl3 (>= 3.0.0). 132s sudo depends on libssl3 (>= 3.0.0). 132s sbsigntool depends on libssl3 (>= 3.0.0). 132s rsync depends on libssl3 (>= 3.0.0). 132s python3-cryptography depends on libssl3 (>= 3.0.0). 132s openssh-server depends on libssl3 (>= 3.0.10). 132s openssh-client depends on libssl3 (>= 3.0.10). 132s mtd-utils depends on libssl3 (>= 3.0.0). 132s mokutil depends on libssl3 (>= 3.0.0). 132s linux-headers-6.8.0-11-generic depends on libssl3 (>= 3.0.0). 132s linux-headers-6.6.0-14-generic depends on libssl3 (>= 3.0.0). 132s libsystemd-shared:arm64 depends on libssl3 (>= 3.0.0). 132s libssh-4:arm64 depends on libssl3 (>= 3.0.0). 132s libsasl2-modules:arm64 depends on libssl3 (>= 3.0.0). 132s libsasl2-2:arm64 depends on libssl3 (>= 3.0.0). 132s libpython3.12-minimal:arm64 depends on libssl3 (>= 3.0.0). 132s libnvme1 depends on libssl3 (>= 3.0.0). 132s libkrb5-3:arm64 depends on libssl3 (>= 3.0.0). 132s libkmod2:arm64 depends on libssl3 (>= 3.0.0). 132s libfido2-1:arm64 depends on libssl3 (>= 3.0.0). 132s libcurl4:arm64 depends on libssl3 (>= 3.0.0). 132s libcryptsetup12:arm64 depends on libssl3 (>= 3.0.0). 132s kmod depends on libssl3 (>= 3.0.0). 132s dhcpcd-base depends on libssl3 (>= 3.0.0). 132s bind9-libs:arm64 depends on libssl3 (>= 3.0.0). 132s 132s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 116535 files and directories currently installed.) 132s Removing libssl3:arm64 (3.0.10-1ubuntu4) ... 132s Selecting previously unselected package libssl3t64:arm64. 132s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 116524 files and directories currently installed.) 132s Preparing to unpack .../libssl3t64_3.0.10-1ubuntu5_arm64.deb ... 132s Unpacking libssl3t64:arm64 (3.0.10-1ubuntu5) ... 132s Preparing to unpack .../python3-minimal_3.12.1-0ubuntu2_arm64.deb ... 132s Unpacking python3-minimal (3.12.1-0ubuntu2) over (3.12.1-0ubuntu1) ... 133s Setting up python3-minimal (3.12.1-0ubuntu2) ... 133s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 116537 files and directories currently installed.) 133s Preparing to unpack .../00-python3_3.12.1-0ubuntu2_arm64.deb ... 133s Unpacking python3 (3.12.1-0ubuntu2) over (3.12.1-0ubuntu1) ... 133s Preparing to unpack .../01-libpython3-stdlib_3.12.1-0ubuntu2_arm64.deb ... 133s Unpacking libpython3-stdlib:arm64 (3.12.1-0ubuntu2) over (3.12.1-0ubuntu1) ... 133s Preparing to unpack .../02-gcc-13-base_13.2.0-17ubuntu2_arm64.deb ... 133s Unpacking gcc-13-base:arm64 (13.2.0-17ubuntu2) over (13.2.0-16ubuntu1) ... 133s Preparing to unpack .../03-dbus-system-bus-common_1.14.10-4ubuntu1_all.deb ... 133s Unpacking dbus-system-bus-common (1.14.10-4ubuntu1) over (1.14.10-3ubuntu1) ... 134s Preparing to unpack .../04-dbus-session-bus-common_1.14.10-4ubuntu1_all.deb ... 134s Unpacking dbus-session-bus-common (1.14.10-4ubuntu1) over (1.14.10-3ubuntu1) ... 134s Preparing to unpack .../05-dbus-user-session_1.14.10-4ubuntu1_arm64.deb ... 134s Unpacking dbus-user-session (1.14.10-4ubuntu1) over (1.14.10-3ubuntu1) ... 134s Preparing to unpack .../06-dbus-daemon_1.14.10-4ubuntu1_arm64.deb ... 134s Unpacking dbus-daemon (1.14.10-4ubuntu1) over (1.14.10-3ubuntu1) ... 134s Preparing to unpack .../07-dbus-bin_1.14.10-4ubuntu1_arm64.deb ... 134s Unpacking dbus-bin (1.14.10-4ubuntu1) over (1.14.10-3ubuntu1) ... 134s Preparing to unpack .../08-dbus_1.14.10-4ubuntu1_arm64.deb ... 134s Unpacking dbus (1.14.10-4ubuntu1) over (1.14.10-3ubuntu1) ... 134s Preparing to unpack .../09-libdbus-1-3_1.14.10-4ubuntu1_arm64.deb ... 134s Unpacking libdbus-1-3:arm64 (1.14.10-4ubuntu1) over (1.14.10-3ubuntu1) ... 134s Preparing to unpack .../10-libksba8_1.6.6-1_arm64.deb ... 134s Unpacking libksba8:arm64 (1.6.6-1) over (1.6.5-2) ... 134s Setting up libksba8:arm64 (1.6.6-1) ... 134s Setting up libssl3t64:arm64 (3.0.10-1ubuntu5) ... 134s Setting up gcc-13-base:arm64 (13.2.0-17ubuntu2) ... 134s Setting up libdbus-1-3:arm64 (1.14.10-4ubuntu1) ... 134s Setting up dbus-session-bus-common (1.14.10-4ubuntu1) ... 134s Setting up dbus-system-bus-common (1.14.10-4ubuntu1) ... 134s Setting up openssl (3.0.10-1ubuntu5) ... 134s Setting up dbus-bin (1.14.10-4ubuntu1) ... 134s Setting up libpython3-stdlib:arm64 (3.12.1-0ubuntu2) ... 134s Setting up python3 (3.12.1-0ubuntu2) ... 135s Setting up dbus-daemon (1.14.10-4ubuntu1) ... 135s Setting up dbus-user-session (1.14.10-4ubuntu1) ... 135s Setting up dbus (1.14.10-4ubuntu1) ... 135s A reboot is required to replace the running dbus-daemon. 135s Please reboot the system when convenient. 136s Processing triggers for man-db (2.12.0-3) ... 136s Processing triggers for libc-bin (2.39-0ubuntu2) ... 137s Reading package lists... 137s Building dependency tree... 137s Reading state information... 138s The following packages will be REMOVED: 138s linux-headers-6.6.0-14* linux-headers-6.6.0-14-generic* 138s linux-image-6.6.0-14-generic* linux-modules-6.6.0-14-generic* 138s linux-modules-extra-6.6.0-14-generic* 139s 0 upgraded, 0 newly installed, 5 to remove and 0 not upgraded. 139s After this operation, 322 MB disk space will be freed. 139s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 116537 files and directories currently installed.) 139s Removing linux-headers-6.6.0-14-generic (6.6.0-14.14) ... 139s Removing linux-headers-6.6.0-14 (6.6.0-14.14) ... 141s Removing linux-image-6.6.0-14-generic (6.6.0-14.14) ... 141s I: /boot/vmlinuz.old is now a symlink to vmlinuz-6.8.0-11-generic 141s I: /boot/initrd.img.old is now a symlink to initrd.img-6.8.0-11-generic 141s /etc/kernel/postrm.d/initramfs-tools: 141s update-initramfs: Deleting /boot/initrd.img-6.6.0-14-generic 141s /etc/kernel/postrm.d/zz-flash-kernel: 141s flash-kernel: Kernel 6.6.0-14-generic has been removed. 141s flash-kernel: A higher version (6.8.0-11-generic) is still installed, no reflashing required. 142s /etc/kernel/postrm.d/zz-update-grub: 142s Sourcing file `/etc/default/grub' 142s Sourcing file `/etc/default/grub.d/50-cloudimg-settings.cfg' 142s Generating grub configuration file ... 142s Found linux image: /boot/vmlinuz-6.8.0-11-generic 143s Found initrd image: /boot/initrd.img-6.8.0-11-generic 146s Warning: os-prober will not be executed to detect other bootable partitions. 146s Systems on them will not be added to the GRUB boot configuration. 146s Check GRUB_DISABLE_OS_PROBER documentation entry. 146s Adding boot menu entry for UEFI Firmware Settings ... 146s done 146s Removing linux-modules-extra-6.6.0-14-generic (6.6.0-14.14) ... 148s Removing linux-modules-6.6.0-14-generic (6.6.0-14.14) ... 148s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 74663 files and directories currently installed.) 148s Purging configuration files for linux-modules-extra-6.6.0-14-generic (6.6.0-14.14) ... 148s Purging configuration files for linux-image-6.6.0-14-generic (6.6.0-14.14) ... 148s Purging configuration files for linux-modules-6.6.0-14-generic (6.6.0-14.14) ... 149s sh: Attempting to set up Debian/Ubuntu apt sources automatically 149s sh: Distribution appears to be Ubuntu 151s Reading package lists... 151s Building dependency tree... 151s Reading state information... 153s eatmydata is already the newest version (131-1). 153s dbus is already the newest version (1.14.10-4ubuntu1). 153s 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 153s Reading package lists... 153s Building dependency tree... 153s Reading state information... 154s rng-tools-debian is already the newest version (2.4). 154s 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 154s Reading package lists... 154s Building dependency tree... 154s Reading state information... 155s haveged is already the newest version (1.9.14-1ubuntu1). 155s 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 155s Reading package lists... 156s Building dependency tree... 156s Reading state information... 156s The following packages will be REMOVED: 156s cloud-init* python3-configobj* python3-debconf* 157s 0 upgraded, 0 newly installed, 3 to remove and 0 not upgraded. 157s After this operation, 3248 kB disk space will be freed. 157s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 74662 files and directories currently installed.) 157s Removing cloud-init (24.1-0ubuntu1) ... 158s Removing python3-configobj (5.0.8-3) ... 158s Removing python3-debconf (1.5.86) ... 158s Processing triggers for man-db (2.12.0-3) ... 158s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 74273 files and directories currently installed.) 158s Purging configuration files for cloud-init (24.1-0ubuntu1) ... 159s dpkg: warning: while removing cloud-init, directory '/etc/cloud/cloud.cfg.d' not empty so not removed 159s Processing triggers for rsyslog (8.2312.0-3ubuntu3) ... 160s Reading package lists... 160s Building dependency tree... 160s Reading state information... 161s linux-generic is already the newest version (6.8.0-11.11+1). 161s 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 161s Hit:1 http://ftpmaster.internal/ubuntu noble InRelease 162s Hit:2 http://ftpmaster.internal/ubuntu noble-updates InRelease 162s Hit:3 http://ftpmaster.internal/ubuntu noble-security InRelease 162s Hit:4 http://ftpmaster.internal/ubuntu noble-proposed InRelease 164s Reading package lists... 164s Reading package lists... 164s Building dependency tree... 164s Reading state information... 165s Calculating upgrade... 166s 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 166s Reading package lists... 166s Building dependency tree... 166s Reading state information... 168s 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 168s autopkgtest [00:24:42]: rebooting testbed after setup commands that affected boot 388s autopkgtest-virt-ssh: WARNING: ssh connection failed. Retrying in 3 seconds... 395s autopkgtest [00:28:29]: testbed running kernel: Linux 6.8.0-11-generic #11-Ubuntu SMP PREEMPT_DYNAMIC Wed Feb 14 02:53:31 UTC 2024 395s autopkgtest [00:28:29]: testbed dpkg architecture: arm64 396s autopkgtest [00:28:30]: @@@@@@@@@@@@@@@@@@@@ apt-source sssd 408s Get:1 http://ftpmaster.internal/ubuntu noble/main sssd 2.9.4-1ubuntu1 (dsc) [5269 B] 408s Get:2 http://ftpmaster.internal/ubuntu noble/main sssd 2.9.4-1ubuntu1 (tar) [7983 kB] 408s Get:3 http://ftpmaster.internal/ubuntu noble/main sssd 2.9.4-1ubuntu1 (asc) [833 B] 408s Get:4 http://ftpmaster.internal/ubuntu noble/main sssd 2.9.4-1ubuntu1 (diff) [48.4 kB] 408s gpgv: Signature made Mon Feb 26 21:56:54 2024 UTC 408s gpgv: using RSA key E92FD0B36B14F1F4D8E0EB2F106DA1C8C3CBBF14 408s gpgv: Can't check signature: No public key 408s dpkg-source: warning: cannot verify inline signature for ./sssd_2.9.4-1ubuntu1.dsc: no acceptable signature found 408s autopkgtest [00:28:42]: testing package sssd version 2.9.4-1ubuntu1 408s autopkgtest [00:28:42]: build not needed 411s autopkgtest [00:28:45]: test ldap-user-group-ldap-auth: preparing testbed 414s Reading package lists... 415s Building dependency tree... 415s Reading state information... 415s Correcting dependencies...Starting pkgProblemResolver with broken count: 0 415s Starting 2 pkgProblemResolver with broken count: 0 415s Done 415s Done 416s Starting pkgProblemResolver with broken count: 0 416s Starting 2 pkgProblemResolver with broken count: 0 416s Done 417s The following additional packages will be installed: 417s expect ldap-utils libavahi-client3 libavahi-common-data libavahi-common3 417s libbasicobjects0 libc-ares2 libcollection4 libcrack2 libdhash1 417s libevent-2.1-7 libini-config5 libipa-hbac-dev libipa-hbac0 libjose0 libkrad0 417s libldb2 libltdl7 libnfsidmap1 libnss-sss libnss-sudo libodbc2 417s libpam-pwquality libpam-sss libpath-utils1 libpwquality-common libpwquality1 417s libref-array1 libsmbclient libsss-certmap-dev libsss-certmap0 417s libsss-idmap-dev libsss-idmap0 libsss-nss-idmap-dev libsss-nss-idmap0 417s libsss-sudo libtalloc2 libtcl8.6 libtdb1 libtevent0 libverto-libevent1 417s libverto1 libwbclient0 python3-libipa-hbac python3-libsss-nss-idmap 417s python3-sss samba-libs slapd sssd sssd-ad sssd-ad-common sssd-common 417s sssd-dbus sssd-idp sssd-ipa sssd-kcm sssd-krb5 sssd-krb5-common sssd-ldap 417s sssd-passkey sssd-proxy sssd-tools tcl-expect tcl8.6 417s Suggested packages: 417s tk8.6 libsasl2-modules-gssapi-mit | libsasl2-modules-gssapi-heimdal 417s odbc-postgresql tdsodbc adcli libsasl2-modules-ldap tcl-tclreadline 417s Recommended packages: 417s cracklib-runtime libsasl2-modules-gssapi-mit 417s | libsasl2-modules-gssapi-heimdal 417s The following NEW packages will be installed: 417s expect ldap-utils libavahi-client3 libavahi-common-data libavahi-common3 417s libbasicobjects0 libc-ares2 libcollection4 libcrack2 libdhash1 417s libevent-2.1-7 libini-config5 libipa-hbac-dev libipa-hbac0 libjose0 libkrad0 417s libldb2 libltdl7 libnfsidmap1 libnss-sss libnss-sudo libodbc2 417s libpam-pwquality libpam-sss libpath-utils1 libpwquality-common libpwquality1 417s libref-array1 libsmbclient libsss-certmap-dev libsss-certmap0 417s libsss-idmap-dev libsss-idmap0 libsss-nss-idmap-dev libsss-nss-idmap0 417s libsss-sudo libtalloc2 libtcl8.6 libtdb1 libtevent0 libverto-libevent1 417s libverto1 libwbclient0 python3-libipa-hbac python3-libsss-nss-idmap 417s python3-sss samba-libs slapd sssd sssd-ad sssd-ad-common sssd-common 417s sssd-dbus sssd-idp sssd-ipa sssd-kcm sssd-krb5 sssd-krb5-common sssd-ldap 417s sssd-passkey sssd-proxy sssd-tools tcl-expect tcl8.6 417s 0 upgraded, 64 newly installed, 0 to remove and 0 not upgraded. 417s 1 not fully installed or removed. 417s Need to get 12.6 MB of archives. 417s After this operation, 59.9 MB of additional disk space will be used. 417s Get:1 http://ftpmaster.internal/ubuntu noble/main arm64 libtalloc2 arm64 2.4.2-1 [26.6 kB] 417s Get:2 http://ftpmaster.internal/ubuntu noble/main arm64 libtdb1 arm64 1.4.10-1 [48.4 kB] 417s Get:3 http://ftpmaster.internal/ubuntu noble/main arm64 libtevent0 arm64 0.16.1-1 [41.8 kB] 417s Get:4 http://ftpmaster.internal/ubuntu noble/main arm64 libldb2 arm64 2:2.8.0+samba4.19.5+dfsg-1ubuntu1 [187 kB] 417s Get:5 http://ftpmaster.internal/ubuntu noble/main arm64 python3-sss arm64 2.9.4-1ubuntu1 [46.5 kB] 417s Get:6 http://ftpmaster.internal/ubuntu noble/main arm64 libsss-idmap0 arm64 2.9.4-1ubuntu1 [21.8 kB] 417s Get:7 http://ftpmaster.internal/ubuntu noble/main arm64 libnss-sss arm64 2.9.4-1ubuntu1 [31.7 kB] 417s Get:8 http://ftpmaster.internal/ubuntu noble/main arm64 libcrack2 arm64 2.9.6-5.1 [28.7 kB] 417s Get:9 http://ftpmaster.internal/ubuntu noble/main arm64 libpwquality-common all 1.4.5-3 [7658 B] 417s Get:10 http://ftpmaster.internal/ubuntu noble/main arm64 libpwquality1 arm64 1.4.5-3 [13.2 kB] 417s Get:11 http://ftpmaster.internal/ubuntu noble/main arm64 libpam-pwquality arm64 1.4.5-3 [11.6 kB] 417s Get:12 http://ftpmaster.internal/ubuntu noble/main arm64 libpam-sss arm64 2.9.4-1ubuntu1 [48.8 kB] 417s Get:13 http://ftpmaster.internal/ubuntu noble/main arm64 libc-ares2 arm64 1.27.0-1 [74.1 kB] 417s Get:14 http://ftpmaster.internal/ubuntu noble/main arm64 libdhash1 arm64 0.6.2-2 [8540 B] 417s Get:15 http://ftpmaster.internal/ubuntu noble/main arm64 libbasicobjects0 arm64 0.6.2-2 [5586 B] 417s Get:16 http://ftpmaster.internal/ubuntu noble/main arm64 libcollection4 arm64 0.6.2-2 [23.0 kB] 417s Get:17 http://ftpmaster.internal/ubuntu noble/main arm64 libpath-utils1 arm64 0.6.2-2 [8722 B] 417s Get:18 http://ftpmaster.internal/ubuntu noble/main arm64 libref-array1 arm64 0.6.2-2 [7042 B] 417s Get:19 http://ftpmaster.internal/ubuntu noble/main arm64 libini-config5 arm64 0.6.2-2 [43.7 kB] 417s Get:20 http://ftpmaster.internal/ubuntu noble/main arm64 libnfsidmap1 arm64 1:2.6.3-3ubuntu1 [47.1 kB] 417s Get:21 http://ftpmaster.internal/ubuntu noble/main arm64 libsss-certmap0 arm64 2.9.4-1ubuntu1 [45.8 kB] 417s Get:22 http://ftpmaster.internal/ubuntu noble/main arm64 libsss-nss-idmap0 arm64 2.9.4-1ubuntu1 [30.3 kB] 417s Get:23 http://ftpmaster.internal/ubuntu noble/main arm64 sssd-common arm64 2.9.4-1ubuntu1 [1147 kB] 418s Get:24 http://ftpmaster.internal/ubuntu noble/main arm64 libavahi-common-data arm64 0.8-13ubuntu2 [29.5 kB] 418s Get:25 http://ftpmaster.internal/ubuntu noble/main arm64 libavahi-common3 arm64 0.8-13ubuntu2 [23.2 kB] 418s Get:26 http://ftpmaster.internal/ubuntu noble/main arm64 libavahi-client3 arm64 0.8-13ubuntu2 [27.3 kB] 418s Get:27 http://ftpmaster.internal/ubuntu noble/main arm64 libwbclient0 arm64 2:4.19.5+dfsg-1ubuntu1 [70.6 kB] 418s Get:28 http://ftpmaster.internal/ubuntu noble/main arm64 samba-libs arm64 2:4.19.5+dfsg-1ubuntu1 [6061 kB] 418s Get:29 http://ftpmaster.internal/ubuntu noble/main arm64 sssd-ad-common arm64 2.9.4-1ubuntu1 [75.4 kB] 418s Get:30 http://ftpmaster.internal/ubuntu noble/main arm64 sssd-krb5-common arm64 2.9.4-1ubuntu1 [87.9 kB] 418s Get:31 http://ftpmaster.internal/ubuntu noble/main arm64 libsmbclient arm64 2:4.19.5+dfsg-1ubuntu1 [62.2 kB] 418s Get:32 http://ftpmaster.internal/ubuntu noble/main arm64 sssd-ad arm64 2.9.4-1ubuntu1 [134 kB] 418s Get:33 http://ftpmaster.internal/ubuntu noble/main arm64 libipa-hbac0 arm64 2.9.4-1ubuntu1 [16.7 kB] 418s Get:34 http://ftpmaster.internal/ubuntu noble/main arm64 sssd-ipa arm64 2.9.4-1ubuntu1 [220 kB] 419s Get:35 http://ftpmaster.internal/ubuntu noble/main arm64 sssd-krb5 arm64 2.9.4-1ubuntu1 [14.3 kB] 419s Get:36 http://ftpmaster.internal/ubuntu noble/main arm64 sssd-ldap arm64 2.9.4-1ubuntu1 [31.3 kB] 419s Get:37 http://ftpmaster.internal/ubuntu noble/main arm64 sssd-proxy arm64 2.9.4-1ubuntu1 [44.6 kB] 419s Get:38 http://ftpmaster.internal/ubuntu noble/main arm64 sssd arm64 2.9.4-1ubuntu1 [4120 B] 419s Get:39 http://ftpmaster.internal/ubuntu noble/main arm64 sssd-dbus arm64 2.9.4-1ubuntu1 [103 kB] 419s Get:40 http://ftpmaster.internal/ubuntu noble-proposed/universe arm64 libjose0 arm64 11-3build1 [44.3 kB] 419s Get:41 http://ftpmaster.internal/ubuntu noble/main arm64 libevent-2.1-7 arm64 2.1.12-stable-9 [138 kB] 419s Get:42 http://ftpmaster.internal/ubuntu noble/main arm64 libverto-libevent1 arm64 0.3.1-1ubuntu5 [5848 B] 419s Get:43 http://ftpmaster.internal/ubuntu noble/main arm64 libverto1 arm64 0.3.1-1ubuntu5 [10.2 kB] 419s Get:44 http://ftpmaster.internal/ubuntu noble/main arm64 libkrad0 arm64 1.20.1-5build1 [22.1 kB] 419s Get:45 http://ftpmaster.internal/ubuntu noble/universe arm64 sssd-idp arm64 2.9.4-1ubuntu1 [27.9 kB] 419s Get:46 http://ftpmaster.internal/ubuntu noble/universe arm64 sssd-kcm arm64 2.9.4-1ubuntu1 [139 kB] 419s Get:47 http://ftpmaster.internal/ubuntu noble/universe arm64 sssd-passkey arm64 2.9.4-1ubuntu1 [32.7 kB] 419s Get:48 http://ftpmaster.internal/ubuntu noble/main arm64 sssd-tools arm64 2.9.4-1ubuntu1 [97.5 kB] 419s Get:49 http://ftpmaster.internal/ubuntu noble/main arm64 libipa-hbac-dev arm64 2.9.4-1ubuntu1 [6660 B] 419s Get:50 http://ftpmaster.internal/ubuntu noble/main arm64 libsss-certmap-dev arm64 2.9.4-1ubuntu1 [5722 B] 419s Get:51 http://ftpmaster.internal/ubuntu noble/main arm64 libsss-idmap-dev arm64 2.9.4-1ubuntu1 [8380 B] 419s Get:52 http://ftpmaster.internal/ubuntu noble/main arm64 libsss-nss-idmap-dev arm64 2.9.4-1ubuntu1 [6714 B] 419s Get:53 http://ftpmaster.internal/ubuntu noble/universe arm64 libnss-sudo all 1.9.15p5-3ubuntu1 [14.9 kB] 419s Get:54 http://ftpmaster.internal/ubuntu noble/universe arm64 libsss-sudo arm64 2.9.4-1ubuntu1 [20.4 kB] 419s Get:55 http://ftpmaster.internal/ubuntu noble/universe arm64 python3-libipa-hbac arm64 2.9.4-1ubuntu1 [16.6 kB] 419s Get:56 http://ftpmaster.internal/ubuntu noble/universe arm64 python3-libsss-nss-idmap arm64 2.9.4-1ubuntu1 [9160 B] 419s Get:57 http://ftpmaster.internal/ubuntu noble/main arm64 libltdl7 arm64 2.4.7-7 [40.3 kB] 419s Get:58 http://ftpmaster.internal/ubuntu noble/main arm64 libodbc2 arm64 2.3.12-1 [144 kB] 419s Get:59 http://ftpmaster.internal/ubuntu noble/main arm64 slapd arm64 2.6.7+dfsg-1~exp1ubuntu1 [1515 kB] 419s Get:60 http://ftpmaster.internal/ubuntu noble/main arm64 ldap-utils arm64 2.6.7+dfsg-1~exp1ubuntu1 [149 kB] 419s Get:61 http://ftpmaster.internal/ubuntu noble/main arm64 libtcl8.6 arm64 8.6.13+dfsg-2 [980 kB] 419s Get:62 http://ftpmaster.internal/ubuntu noble/main arm64 tcl8.6 arm64 8.6.13+dfsg-2 [14.6 kB] 419s Get:63 http://ftpmaster.internal/ubuntu noble/universe arm64 tcl-expect arm64 5.45.4-2build1 [103 kB] 419s Get:64 http://ftpmaster.internal/ubuntu noble/universe arm64 expect arm64 5.45.4-2build1 [137 kB] 420s Preconfiguring packages ... 420s Fetched 12.6 MB in 2s (5387 kB/s) 420s Selecting previously unselected package libtalloc2:arm64. 420s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 74218 files and directories currently installed.) 420s Preparing to unpack .../00-libtalloc2_2.4.2-1_arm64.deb ... 420s Unpacking libtalloc2:arm64 (2.4.2-1) ... 420s Selecting previously unselected package libtdb1:arm64. 420s Preparing to unpack .../01-libtdb1_1.4.10-1_arm64.deb ... 420s Unpacking libtdb1:arm64 (1.4.10-1) ... 420s Selecting previously unselected package libtevent0:arm64. 420s Preparing to unpack .../02-libtevent0_0.16.1-1_arm64.deb ... 420s Unpacking libtevent0:arm64 (0.16.1-1) ... 420s Selecting previously unselected package libldb2:arm64. 420s Preparing to unpack .../03-libldb2_2%3a2.8.0+samba4.19.5+dfsg-1ubuntu1_arm64.deb ... 420s Unpacking libldb2:arm64 (2:2.8.0+samba4.19.5+dfsg-1ubuntu1) ... 420s Selecting previously unselected package python3-sss. 420s Preparing to unpack .../04-python3-sss_2.9.4-1ubuntu1_arm64.deb ... 420s Unpacking python3-sss (2.9.4-1ubuntu1) ... 420s Selecting previously unselected package libsss-idmap0. 420s Preparing to unpack .../05-libsss-idmap0_2.9.4-1ubuntu1_arm64.deb ... 420s Unpacking libsss-idmap0 (2.9.4-1ubuntu1) ... 420s Selecting previously unselected package libnss-sss:arm64. 420s Preparing to unpack .../06-libnss-sss_2.9.4-1ubuntu1_arm64.deb ... 420s Unpacking libnss-sss:arm64 (2.9.4-1ubuntu1) ... 420s Selecting previously unselected package libcrack2:arm64. 420s Preparing to unpack .../07-libcrack2_2.9.6-5.1_arm64.deb ... 420s Unpacking libcrack2:arm64 (2.9.6-5.1) ... 420s Selecting previously unselected package libpwquality-common. 420s Preparing to unpack .../08-libpwquality-common_1.4.5-3_all.deb ... 420s Unpacking libpwquality-common (1.4.5-3) ... 420s Selecting previously unselected package libpwquality1:arm64. 420s Preparing to unpack .../09-libpwquality1_1.4.5-3_arm64.deb ... 420s Unpacking libpwquality1:arm64 (1.4.5-3) ... 420s Selecting previously unselected package libpam-pwquality:arm64. 421s Preparing to unpack .../10-libpam-pwquality_1.4.5-3_arm64.deb ... 421s Unpacking libpam-pwquality:arm64 (1.4.5-3) ... 421s Selecting previously unselected package libpam-sss:arm64. 421s Preparing to unpack .../11-libpam-sss_2.9.4-1ubuntu1_arm64.deb ... 421s Unpacking libpam-sss:arm64 (2.9.4-1ubuntu1) ... 421s Selecting previously unselected package libc-ares2:arm64. 421s Preparing to unpack .../12-libc-ares2_1.27.0-1_arm64.deb ... 421s Unpacking libc-ares2:arm64 (1.27.0-1) ... 421s Selecting previously unselected package libdhash1:arm64. 421s Preparing to unpack .../13-libdhash1_0.6.2-2_arm64.deb ... 421s Unpacking libdhash1:arm64 (0.6.2-2) ... 421s Selecting previously unselected package libbasicobjects0:arm64. 421s Preparing to unpack .../14-libbasicobjects0_0.6.2-2_arm64.deb ... 421s Unpacking libbasicobjects0:arm64 (0.6.2-2) ... 421s Selecting previously unselected package libcollection4:arm64. 421s Preparing to unpack .../15-libcollection4_0.6.2-2_arm64.deb ... 421s Unpacking libcollection4:arm64 (0.6.2-2) ... 421s Selecting previously unselected package libpath-utils1:arm64. 421s Preparing to unpack .../16-libpath-utils1_0.6.2-2_arm64.deb ... 421s Unpacking libpath-utils1:arm64 (0.6.2-2) ... 421s Selecting previously unselected package libref-array1:arm64. 421s Preparing to unpack .../17-libref-array1_0.6.2-2_arm64.deb ... 421s Unpacking libref-array1:arm64 (0.6.2-2) ... 421s Selecting previously unselected package libini-config5:arm64. 421s Preparing to unpack .../18-libini-config5_0.6.2-2_arm64.deb ... 421s Unpacking libini-config5:arm64 (0.6.2-2) ... 421s Selecting previously unselected package libnfsidmap1:arm64. 421s Preparing to unpack .../19-libnfsidmap1_1%3a2.6.3-3ubuntu1_arm64.deb ... 421s Unpacking libnfsidmap1:arm64 (1:2.6.3-3ubuntu1) ... 421s Selecting previously unselected package libsss-certmap0. 421s Preparing to unpack .../20-libsss-certmap0_2.9.4-1ubuntu1_arm64.deb ... 421s Unpacking libsss-certmap0 (2.9.4-1ubuntu1) ... 421s Selecting previously unselected package libsss-nss-idmap0. 421s Preparing to unpack .../21-libsss-nss-idmap0_2.9.4-1ubuntu1_arm64.deb ... 421s Unpacking libsss-nss-idmap0 (2.9.4-1ubuntu1) ... 421s Selecting previously unselected package sssd-common. 421s Preparing to unpack .../22-sssd-common_2.9.4-1ubuntu1_arm64.deb ... 421s Unpacking sssd-common (2.9.4-1ubuntu1) ... 421s Selecting previously unselected package libavahi-common-data:arm64. 421s Preparing to unpack .../23-libavahi-common-data_0.8-13ubuntu2_arm64.deb ... 421s Unpacking libavahi-common-data:arm64 (0.8-13ubuntu2) ... 421s Selecting previously unselected package libavahi-common3:arm64. 422s Preparing to unpack .../24-libavahi-common3_0.8-13ubuntu2_arm64.deb ... 422s Unpacking libavahi-common3:arm64 (0.8-13ubuntu2) ... 422s Selecting previously unselected package libavahi-client3:arm64. 422s Preparing to unpack .../25-libavahi-client3_0.8-13ubuntu2_arm64.deb ... 422s Unpacking libavahi-client3:arm64 (0.8-13ubuntu2) ... 422s Selecting previously unselected package libwbclient0:arm64. 422s Preparing to unpack .../26-libwbclient0_2%3a4.19.5+dfsg-1ubuntu1_arm64.deb ... 422s Unpacking libwbclient0:arm64 (2:4.19.5+dfsg-1ubuntu1) ... 422s Selecting previously unselected package samba-libs:arm64. 422s Preparing to unpack .../27-samba-libs_2%3a4.19.5+dfsg-1ubuntu1_arm64.deb ... 422s Unpacking samba-libs:arm64 (2:4.19.5+dfsg-1ubuntu1) ... 422s Selecting previously unselected package sssd-ad-common. 422s Preparing to unpack .../28-sssd-ad-common_2.9.4-1ubuntu1_arm64.deb ... 422s Unpacking sssd-ad-common (2.9.4-1ubuntu1) ... 422s Selecting previously unselected package sssd-krb5-common. 422s Preparing to unpack .../29-sssd-krb5-common_2.9.4-1ubuntu1_arm64.deb ... 422s Unpacking sssd-krb5-common (2.9.4-1ubuntu1) ... 422s Selecting previously unselected package libsmbclient:arm64. 422s Preparing to unpack .../30-libsmbclient_2%3a4.19.5+dfsg-1ubuntu1_arm64.deb ... 422s Unpacking libsmbclient:arm64 (2:4.19.5+dfsg-1ubuntu1) ... 422s Selecting previously unselected package sssd-ad. 423s Preparing to unpack .../31-sssd-ad_2.9.4-1ubuntu1_arm64.deb ... 423s Unpacking sssd-ad (2.9.4-1ubuntu1) ... 423s Selecting previously unselected package libipa-hbac0. 423s Preparing to unpack .../32-libipa-hbac0_2.9.4-1ubuntu1_arm64.deb ... 423s Unpacking libipa-hbac0 (2.9.4-1ubuntu1) ... 423s Selecting previously unselected package sssd-ipa. 423s Preparing to unpack .../33-sssd-ipa_2.9.4-1ubuntu1_arm64.deb ... 423s Unpacking sssd-ipa (2.9.4-1ubuntu1) ... 423s Selecting previously unselected package sssd-krb5. 423s Preparing to unpack .../34-sssd-krb5_2.9.4-1ubuntu1_arm64.deb ... 423s Unpacking sssd-krb5 (2.9.4-1ubuntu1) ... 423s Selecting previously unselected package sssd-ldap. 423s Preparing to unpack .../35-sssd-ldap_2.9.4-1ubuntu1_arm64.deb ... 423s Unpacking sssd-ldap (2.9.4-1ubuntu1) ... 423s Selecting previously unselected package sssd-proxy. 423s Preparing to unpack .../36-sssd-proxy_2.9.4-1ubuntu1_arm64.deb ... 423s Unpacking sssd-proxy (2.9.4-1ubuntu1) ... 423s Selecting previously unselected package sssd. 423s Preparing to unpack .../37-sssd_2.9.4-1ubuntu1_arm64.deb ... 423s Unpacking sssd (2.9.4-1ubuntu1) ... 423s Selecting previously unselected package sssd-dbus. 423s Preparing to unpack .../38-sssd-dbus_2.9.4-1ubuntu1_arm64.deb ... 423s Unpacking sssd-dbus (2.9.4-1ubuntu1) ... 423s Selecting previously unselected package libjose0:arm64. 423s Preparing to unpack .../39-libjose0_11-3build1_arm64.deb ... 423s Unpacking libjose0:arm64 (11-3build1) ... 423s Selecting previously unselected package libevent-2.1-7:arm64. 423s Preparing to unpack .../40-libevent-2.1-7_2.1.12-stable-9_arm64.deb ... 423s Unpacking libevent-2.1-7:arm64 (2.1.12-stable-9) ... 423s Selecting previously unselected package libverto-libevent1:arm64. 423s Preparing to unpack .../41-libverto-libevent1_0.3.1-1ubuntu5_arm64.deb ... 423s Unpacking libverto-libevent1:arm64 (0.3.1-1ubuntu5) ... 423s Selecting previously unselected package libverto1:arm64. 423s Preparing to unpack .../42-libverto1_0.3.1-1ubuntu5_arm64.deb ... 423s Unpacking libverto1:arm64 (0.3.1-1ubuntu5) ... 424s Selecting previously unselected package libkrad0:arm64. 424s Preparing to unpack .../43-libkrad0_1.20.1-5build1_arm64.deb ... 424s Unpacking libkrad0:arm64 (1.20.1-5build1) ... 424s Selecting previously unselected package sssd-idp. 424s Preparing to unpack .../44-sssd-idp_2.9.4-1ubuntu1_arm64.deb ... 424s Unpacking sssd-idp (2.9.4-1ubuntu1) ... 424s Selecting previously unselected package sssd-kcm. 424s Preparing to unpack .../45-sssd-kcm_2.9.4-1ubuntu1_arm64.deb ... 424s Unpacking sssd-kcm (2.9.4-1ubuntu1) ... 424s Selecting previously unselected package sssd-passkey. 424s Preparing to unpack .../46-sssd-passkey_2.9.4-1ubuntu1_arm64.deb ... 424s Unpacking sssd-passkey (2.9.4-1ubuntu1) ... 424s Selecting previously unselected package sssd-tools. 424s Preparing to unpack .../47-sssd-tools_2.9.4-1ubuntu1_arm64.deb ... 424s Unpacking sssd-tools (2.9.4-1ubuntu1) ... 424s Selecting previously unselected package libipa-hbac-dev. 424s Preparing to unpack .../48-libipa-hbac-dev_2.9.4-1ubuntu1_arm64.deb ... 424s Unpacking libipa-hbac-dev (2.9.4-1ubuntu1) ... 424s Selecting previously unselected package libsss-certmap-dev. 424s Preparing to unpack .../49-libsss-certmap-dev_2.9.4-1ubuntu1_arm64.deb ... 424s Unpacking libsss-certmap-dev (2.9.4-1ubuntu1) ... 424s Selecting previously unselected package libsss-idmap-dev. 424s Preparing to unpack .../50-libsss-idmap-dev_2.9.4-1ubuntu1_arm64.deb ... 424s Unpacking libsss-idmap-dev (2.9.4-1ubuntu1) ... 424s Selecting previously unselected package libsss-nss-idmap-dev. 424s Preparing to unpack .../51-libsss-nss-idmap-dev_2.9.4-1ubuntu1_arm64.deb ... 424s Unpacking libsss-nss-idmap-dev (2.9.4-1ubuntu1) ... 424s Selecting previously unselected package libnss-sudo. 424s Preparing to unpack .../52-libnss-sudo_1.9.15p5-3ubuntu1_all.deb ... 424s Unpacking libnss-sudo (1.9.15p5-3ubuntu1) ... 424s Selecting previously unselected package libsss-sudo. 424s Preparing to unpack .../53-libsss-sudo_2.9.4-1ubuntu1_arm64.deb ... 424s Unpacking libsss-sudo (2.9.4-1ubuntu1) ... 424s Selecting previously unselected package python3-libipa-hbac. 424s Preparing to unpack .../54-python3-libipa-hbac_2.9.4-1ubuntu1_arm64.deb ... 424s Unpacking python3-libipa-hbac (2.9.4-1ubuntu1) ... 424s Selecting previously unselected package python3-libsss-nss-idmap. 424s Preparing to unpack .../55-python3-libsss-nss-idmap_2.9.4-1ubuntu1_arm64.deb ... 424s Unpacking python3-libsss-nss-idmap (2.9.4-1ubuntu1) ... 424s Selecting previously unselected package libltdl7:arm64. 424s Preparing to unpack .../56-libltdl7_2.4.7-7_arm64.deb ... 424s Unpacking libltdl7:arm64 (2.4.7-7) ... 424s Selecting previously unselected package libodbc2:arm64. 424s Preparing to unpack .../57-libodbc2_2.3.12-1_arm64.deb ... 424s Unpacking libodbc2:arm64 (2.3.12-1) ... 424s Selecting previously unselected package slapd. 424s Preparing to unpack .../58-slapd_2.6.7+dfsg-1~exp1ubuntu1_arm64.deb ... 424s Unpacking slapd (2.6.7+dfsg-1~exp1ubuntu1) ... 424s Selecting previously unselected package ldap-utils. 424s Preparing to unpack .../59-ldap-utils_2.6.7+dfsg-1~exp1ubuntu1_arm64.deb ... 424s Unpacking ldap-utils (2.6.7+dfsg-1~exp1ubuntu1) ... 424s Selecting previously unselected package libtcl8.6:arm64. 424s Preparing to unpack .../60-libtcl8.6_8.6.13+dfsg-2_arm64.deb ... 424s Unpacking libtcl8.6:arm64 (8.6.13+dfsg-2) ... 424s Selecting previously unselected package tcl8.6. 424s Preparing to unpack .../61-tcl8.6_8.6.13+dfsg-2_arm64.deb ... 424s Unpacking tcl8.6 (8.6.13+dfsg-2) ... 424s Selecting previously unselected package tcl-expect:arm64. 424s Preparing to unpack .../62-tcl-expect_5.45.4-2build1_arm64.deb ... 424s Unpacking tcl-expect:arm64 (5.45.4-2build1) ... 424s Selecting previously unselected package expect. 424s Preparing to unpack .../63-expect_5.45.4-2build1_arm64.deb ... 424s Unpacking expect (5.45.4-2build1) ... 424s Setting up libpwquality-common (1.4.5-3) ... 424s Setting up libpath-utils1:arm64 (0.6.2-2) ... 424s Setting up libnfsidmap1:arm64 (1:2.6.3-3ubuntu1) ... 424s Setting up libsss-idmap0 (2.9.4-1ubuntu1) ... 424s Setting up libbasicobjects0:arm64 (0.6.2-2) ... 424s Setting up libsss-idmap-dev (2.9.4-1ubuntu1) ... 424s Setting up libtdb1:arm64 (1.4.10-1) ... 424s Setting up libc-ares2:arm64 (1.27.0-1) ... 424s Setting up ldap-utils (2.6.7+dfsg-1~exp1ubuntu1) ... 424s Setting up libjose0:arm64 (11-3build1) ... 424s Setting up libwbclient0:arm64 (2:4.19.5+dfsg-1ubuntu1) ... 424s Setting up libtalloc2:arm64 (2.4.2-1) ... 424s Setting up libdhash1:arm64 (0.6.2-2) ... 424s Setting up libtevent0:arm64 (0.16.1-1) ... 424s Setting up libavahi-common-data:arm64 (0.8-13ubuntu2) ... 425s Setting up libevent-2.1-7:arm64 (2.1.12-stable-9) ... 425s Setting up libtcl8.6:arm64 (8.6.13+dfsg-2) ... 425s Setting up libltdl7:arm64 (2.4.7-7) ... 425s Setting up libcrack2:arm64 (2.9.6-5.1) ... 425s Setting up libcollection4:arm64 (0.6.2-2) ... 425s Setting up libodbc2:arm64 (2.3.12-1) ... 425s Setting up libipa-hbac0 (2.9.4-1ubuntu1) ... 425s Setting up python3-libipa-hbac (2.9.4-1ubuntu1) ... 425s Setting up libref-array1:arm64 (0.6.2-2) ... 425s Setting up libnss-sudo (1.9.15p5-3ubuntu1) ... 425s Setting up libldb2:arm64 (2:2.8.0+samba4.19.5+dfsg-1ubuntu1) ... 425s Setting up libsss-nss-idmap0 (2.9.4-1ubuntu1) ... 425s Setting up libnss-sss:arm64 (2.9.4-1ubuntu1) ... 425s Setting up slapd (2.6.7+dfsg-1~exp1ubuntu1) ... 425s Creating new user openldap... done. 425s Creating initial configuration... done. 425s Creating LDAP directory... done. 426s Setting up tcl8.6 (8.6.13+dfsg-2) ... 426s Setting up libsss-sudo (2.9.4-1ubuntu1) ... 426s Setting up libsss-nss-idmap-dev (2.9.4-1ubuntu1) ... 426s Setting up libipa-hbac-dev (2.9.4-1ubuntu1) ... 426s Setting up libini-config5:arm64 (0.6.2-2) ... 426s Setting up libavahi-common3:arm64 (0.8-13ubuntu2) ... 426s Setting up tcl-expect:arm64 (5.45.4-2build1) ... 426s Setting up python3-sss (2.9.4-1ubuntu1) ... 426s Setting up libsss-certmap0 (2.9.4-1ubuntu1) ... 426s Setting up libpwquality1:arm64 (1.4.5-3) ... 426s Setting up python3-libsss-nss-idmap (2.9.4-1ubuntu1) ... 426s Setting up libavahi-client3:arm64 (0.8-13ubuntu2) ... 426s Setting up expect (5.45.4-2build1) ... 426s Setting up libpam-pwquality:arm64 (1.4.5-3) ... 426s Setting up samba-libs:arm64 (2:4.19.5+dfsg-1ubuntu1) ... 426s Setting up libsss-certmap-dev (2.9.4-1ubuntu1) ... 426s Setting up libsmbclient:arm64 (2:4.19.5+dfsg-1ubuntu1) ... 426s Setting up libpam-sss:arm64 (2.9.4-1ubuntu1) ... 426s Setting up sssd-common (2.9.4-1ubuntu1) ... 426s Creating SSSD system user & group... 426s warn: The home directory `/var/lib/sss' already exists. Not touching this directory. 426s warn: Warning: The home directory `/var/lib/sss' does not belong to the user you are currently creating. 427s Warning: found usr.sbin.sssd in /etc/apparmor.d/force-complain, forcing complain mode 427s Warning from /etc/apparmor.d/usr.sbin.sssd (/etc/apparmor.d/usr.sbin.sssd line 63): Caching disabled for: 'usr.sbin.sssd' due to force complain 427s Created symlink /etc/systemd/system/sssd.service.wants/sssd-autofs.socket → /usr/lib/systemd/system/sssd-autofs.socket. 427s Created symlink /etc/systemd/system/sssd.service.wants/sssd-nss.socket → /usr/lib/systemd/system/sssd-nss.socket. 427s Created symlink /etc/systemd/system/sssd.service.wants/sssd-pam-priv.socket → /usr/lib/systemd/system/sssd-pam-priv.socket. 428s Created symlink /etc/systemd/system/sssd.service.wants/sssd-pam.socket → /usr/lib/systemd/system/sssd-pam.socket. 428s Created symlink /etc/systemd/system/sssd.service.wants/sssd-ssh.socket → /usr/lib/systemd/system/sssd-ssh.socket. 428s Created symlink /etc/systemd/system/sssd.service.wants/sssd-sudo.socket → /usr/lib/systemd/system/sssd-sudo.socket. 429s Created symlink /etc/systemd/system/multi-user.target.wants/sssd.service → /usr/lib/systemd/system/sssd.service. 429s sssd-autofs.service is a disabled or a static unit, not starting it. 429s sssd-nss.service is a disabled or a static unit, not starting it. 429s sssd-pam.service is a disabled or a static unit, not starting it. 429s sssd-ssh.service is a disabled or a static unit, not starting it. 429s sssd-sudo.service is a disabled or a static unit, not starting it. 429s Could not execute systemctl: at /usr/bin/deb-systemd-invoke line 148. 429s Setting up sssd-proxy (2.9.4-1ubuntu1) ... 429s Setting up sssd-kcm (2.9.4-1ubuntu1) ... 429s Created symlink /etc/systemd/system/sockets.target.wants/sssd-kcm.socket → /usr/lib/systemd/system/sssd-kcm.socket. 430s sssd-kcm.service is a disabled or a static unit, not starting it. 430s Setting up sssd-dbus (2.9.4-1ubuntu1) ... 430s sssd-ifp.service is a disabled or a static unit, not starting it. 430s Setting up sssd-ad-common (2.9.4-1ubuntu1) ... 430s Created symlink /etc/systemd/system/sssd.service.wants/sssd-pac.socket → /usr/lib/systemd/system/sssd-pac.socket. 431s sssd-pac.service is a disabled or a static unit, not starting it. 431s Could not execute systemctl: at /usr/bin/deb-systemd-invoke line 148. 431s Setting up sssd-krb5-common (2.9.4-1ubuntu1) ... 431s Setting up sssd-krb5 (2.9.4-1ubuntu1) ... 431s Setting up sssd-ldap (2.9.4-1ubuntu1) ... 431s Setting up sssd-ad (2.9.4-1ubuntu1) ... 431s Setting up sssd-tools (2.9.4-1ubuntu1) ... 431s Setting up sssd-ipa (2.9.4-1ubuntu1) ... 431s Setting up sssd (2.9.4-1ubuntu1) ... 431s Setting up libverto-libevent1:arm64 (0.3.1-1ubuntu5) ... 431s Setting up libverto1:arm64 (0.3.1-1ubuntu5) ... 431s Setting up libkrad0:arm64 (1.20.1-5build1) ... 431s Setting up sssd-passkey (2.9.4-1ubuntu1) ... 431s Setting up sssd-idp (2.9.4-1ubuntu1) ... 431s Setting up autopkgtest-satdep (0) ... 431s Processing triggers for libc-bin (2.39-0ubuntu2) ... 431s Processing triggers for ufw (0.36.2-5) ... 431s Processing triggers for man-db (2.12.0-3) ... 432s Processing triggers for dbus (1.14.10-4ubuntu1) ... 442s (Reading database ... 75503 files and directories currently installed.) 442s Removing autopkgtest-satdep (0) ... 443s autopkgtest [00:29:17]: test ldap-user-group-ldap-auth: [----------------------- 444s + . debian/tests/util 444s + . debian/tests/common-tests 444s + mydomain=example.com 444s + myhostname=ldap.example.com 444s + mysuffix=dc=example,dc=com 444s + admin_dn=cn=admin,dc=example,dc=com 444s + admin_pw=secret 444s + ldap_user=testuser1 444s + ldap_user_pw=testuser1secret 444s + ldap_group=ldapusers 444s + adjust_hostname ldap.example.com 444s + local myhostname=ldap.example.com 444s + echo ldap.example.com 444s + hostname ldap.example.com 444s + grep -qE ldap.example.com /etc/hosts 444s + echo 127.0.1.10 ldap.example.com 444s + reconfigure_slapd 444s + debconf-set-selections 444s + rm -rf /var/backups/*slapd* /var/backups/unknown*ldapdb 444s + dpkg-reconfigure -fnoninteractive -pcritical slapd 444s Backing up /etc/ldap/slapd.d in /var/backups/slapd-2.6.7+dfsg-1~exp1ubuntu1... done. 444s Moving old database directory to /var/backups: 444s - directory unknown... done. 444s Creating initial configuration... done. 445s Creating LDAP directory... done. 445s + generate_certs ldap.example.com 445s + local cn=ldap.example.com 445s + local cert=/etc/ldap/server.pem 445s + local key=/etc/ldap/server.key 445s + local cnf=/etc/ldap/openssl.cnf 445s + cat 445s + openssl req -new -x509 -nodes -out /etc/ldap/server.pem -keyout /etc/ldap/server.key -config /etc/ldap/openssl.cnf 445s .......++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 445s .......................................................++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 445s ----- 445s + chmod 0640 /etc/ldap/server.key 445s + chgrp openldap /etc/ldap/server.key 445s + [ ! -f /etc/ldap/server.pem ] 445s + [ ! -f /etc/ldap/server.key ] 445s + enable_ldap_ssl 445s + cat 445s + cat 445s + ldapmodify -H ldapi:/// -Y EXTERNAL -Q 445s modifying entry "cn=config" 445s 445s + populate_ldap_rfc2307 445s + cat 445s + ldapadd -x -D cn=admin,dc=example,dc=com -w secret 445s adding new entry "ou=People,dc=example,dc=com" 445s 445s adding new entry "ou=Group,dc=example,dc=com" 445s 445s adding new entry "uid=testuser1,ou=People,dc=example,dc=com" 445s 445s adding new entry "cn=testuser1,ou=Group,dc=example,dc=com" 445s 445s adding new entry "cn=ldapusers,ou=Group,dc=example,dc=com" 445s 445s + configure_sssd_ldap_rfc2307 445s + cat 445s + chmod 0600 /etc/sssd/sssd.conf 445s + systemctl restart sssd 445s + enable_pam_mkhomedir 445s + grep -qE ^session.*pam_mkhomedir\.so /etc/pam.d/common-session 445s + echo session optional pam_mkhomedir.so 445s + run_common_tests 445s + echo Assert local user databases do not have our LDAP test data 445s + check_local_user testuser1 445s + local local_user=testuser1 445s + grep -q ^testuser1 /etc/passwd 445s Assert local user databases do not have our LDAP test data 445s + check_local_group testuser1 445s + local local_group=testuser1 445s + grep -q ^testuser1 /etc/group 445s + check_local_group ldapusers 445s + local local_group=ldapusers 445s + grep -q ^ldapusers /etc/group 445s + echo The LDAP user is known to the system via getent 445s + check_getent_user testuser1 445s + local getent_user=testuser1 445s + local output 445s The LDAP user is known to the system via getent 445s + getent passwd testuser1 445s The LDAP user's private group is known to the system via getent 445s + output=testuser1:*:10001:10001:testuser1:/home/testuser1:/bin/bash 445s + [ -z testuser1:*:10001:10001:testuser1:/home/testuser1:/bin/bash ] 445s + echo The LDAP user's private group is known to the system via getent 445s + check_getent_group testuser1 445s + local getent_group=testuser1 445s + local output 445s + getent group testuser1 445s + output=testuser1:*:10001:testuser1 445s + [ -z testuser1:*:10001:testuser1 ] 445s + echo The LDAP group ldapusers is known to the system via getent 445s + check_getent_group ldapusers 445s + local getent_group=ldapusers 445s + local output 445s + getent group ldapusers 445s The LDAP group ldapusers is known to the system via getent 445s + output=ldapusers:*:10100:testuser1 445s + [ -z ldapusers:*:10100:testuser1 ] 445s + echo The id(1) command can resolve the group membership of the LDAP user 445s + id -Gn testuser1 445s The id(1) command can resolve the group membership of the LDAP user 445s The LDAP user can login on a terminal 445s + output=testuser1 ldapusers 445s + [ testuser1 ldapusers != testuser1 ldapusers ] 445s + echo The LDAP user can login on a terminal 445s + /usr/bin/expect -f debian/tests/login.exp testuser1 testuser1secret 445s spawn login 446s ldap.example.com login: testuser1 446s Password: 446s Welcome to Ubuntu Noble Numbat (development branch) (GNU/Linux 6.8.0-11-generic aarch64) 446s 446s * Documentation: https://help.ubuntu.com 446s * Management: https://landscape.canonical.com 446s * Support: https://ubuntu.com/pro 446s 446s 446s The programs included with the Ubuntu system are free software; 446s the exact distribution terms for each program are described in the 446s individual files in /usr/share/doc/*/copyright. 446s 446s Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by 446s applicable law. 446s 446s 446s The programs included with the Ubuntu system are free software; 446s the exact distribution terms for each program are described in the 446s individual files in /usr/share/doc/*/copyright. 446s 446s Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by 446s applicable law. 446s 446s Creating directory '/home/testuser1'. 446s [?2004htestuser1@ldap:~$ id -un 446s [?2004l testuser1 446s [?2004htestuser1@ldap:~$ autopkgtest [00:29:20]: test ldap-user-group-ldap-auth: -----------------------] 447s autopkgtest [00:29:21]: test ldap-user-group-ldap-auth: - - - - - - - - - - results - - - - - - - - - - 447s ldap-user-group-ldap-auth PASS 447s autopkgtest [00:29:21]: test ldap-user-group-krb5-auth: preparing testbed 449s Reading package lists... 450s Building dependency tree... 450s Reading state information... 450s Correcting dependencies...Starting pkgProblemResolver with broken count: 0 450s Starting 2 pkgProblemResolver with broken count: 0 450s Done 450s Done 451s Starting pkgProblemResolver with broken count: 0 451s Starting 2 pkgProblemResolver with broken count: 0 451s Done 451s The following additional packages will be installed: 451s krb5-admin-server krb5-config krb5-kdc krb5-user libgssrpc4 451s libkadm5clnt-mit12 libkadm5srv-mit12 libkdb5-10 451s Suggested packages: 451s krb5-kdc-ldap krb5-kpropd krb5-k5tls krb5-doc 451s The following NEW packages will be installed: 451s krb5-admin-server krb5-config krb5-kdc krb5-user libgssrpc4 451s libkadm5clnt-mit12 libkadm5srv-mit12 libkdb5-10 452s 0 upgraded, 8 newly installed, 0 to remove and 0 not upgraded. 452s 1 not fully installed or removed. 452s Need to get 594 kB of archives. 452s After this operation, 2907 kB of additional disk space will be used. 452s Get:1 http://ftpmaster.internal/ubuntu noble/main arm64 libgssrpc4 arm64 1.20.1-5build1 [57.4 kB] 452s Get:2 http://ftpmaster.internal/ubuntu noble/main arm64 libkadm5clnt-mit12 arm64 1.20.1-5build1 [39.9 kB] 452s Get:3 http://ftpmaster.internal/ubuntu noble/main arm64 libkdb5-10 arm64 1.20.1-5build1 [39.8 kB] 452s Get:4 http://ftpmaster.internal/ubuntu noble/main arm64 libkadm5srv-mit12 arm64 1.20.1-5build1 [53.2 kB] 452s Get:5 http://ftpmaster.internal/ubuntu noble/universe arm64 krb5-user arm64 1.20.1-5build1 [108 kB] 452s Get:6 http://ftpmaster.internal/ubuntu noble/main arm64 krb5-config all 2.7 [22.0 kB] 452s Get:7 http://ftpmaster.internal/ubuntu noble/universe arm64 krb5-kdc arm64 1.20.1-5build1 [180 kB] 452s Get:8 http://ftpmaster.internal/ubuntu noble/universe arm64 krb5-admin-server arm64 1.20.1-5build1 [94.6 kB] 452s Preconfiguring packages ... 454s Fetched 594 kB in 1s (1085 kB/s) 454s Selecting previously unselected package libgssrpc4:arm64. 454s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 75503 files and directories currently installed.) 454s Preparing to unpack .../0-libgssrpc4_1.20.1-5build1_arm64.deb ... 454s Unpacking libgssrpc4:arm64 (1.20.1-5build1) ... 454s Selecting previously unselected package libkadm5clnt-mit12:arm64. 454s Preparing to unpack .../1-libkadm5clnt-mit12_1.20.1-5build1_arm64.deb ... 454s Unpacking libkadm5clnt-mit12:arm64 (1.20.1-5build1) ... 454s Selecting previously unselected package libkdb5-10:arm64. 454s Preparing to unpack .../2-libkdb5-10_1.20.1-5build1_arm64.deb ... 454s Unpacking libkdb5-10:arm64 (1.20.1-5build1) ... 454s Selecting previously unselected package libkadm5srv-mit12:arm64. 454s Preparing to unpack .../3-libkadm5srv-mit12_1.20.1-5build1_arm64.deb ... 454s Unpacking libkadm5srv-mit12:arm64 (1.20.1-5build1) ... 454s Selecting previously unselected package krb5-user. 454s Preparing to unpack .../4-krb5-user_1.20.1-5build1_arm64.deb ... 454s Unpacking krb5-user (1.20.1-5build1) ... 454s Selecting previously unselected package krb5-config. 454s Preparing to unpack .../5-krb5-config_2.7_all.deb ... 454s Unpacking krb5-config (2.7) ... 454s Selecting previously unselected package krb5-kdc. 454s Preparing to unpack .../6-krb5-kdc_1.20.1-5build1_arm64.deb ... 454s Unpacking krb5-kdc (1.20.1-5build1) ... 454s Selecting previously unselected package krb5-admin-server. 454s Preparing to unpack .../7-krb5-admin-server_1.20.1-5build1_arm64.deb ... 454s Unpacking krb5-admin-server (1.20.1-5build1) ... 454s Setting up libgssrpc4:arm64 (1.20.1-5build1) ... 454s Setting up krb5-config (2.7) ... 454s Setting up libkadm5clnt-mit12:arm64 (1.20.1-5build1) ... 454s Setting up libkdb5-10:arm64 (1.20.1-5build1) ... 454s Setting up libkadm5srv-mit12:arm64 (1.20.1-5build1) ... 454s Setting up krb5-user (1.20.1-5build1) ... 454s update-alternatives: using /usr/bin/kinit.mit to provide /usr/bin/kinit (kinit) in auto mode 454s update-alternatives: using /usr/bin/klist.mit to provide /usr/bin/klist (klist) in auto mode 454s update-alternatives: using /usr/bin/kswitch.mit to provide /usr/bin/kswitch (kswitch) in auto mode 454s update-alternatives: using /usr/bin/ksu.mit to provide /usr/bin/ksu (ksu) in auto mode 454s update-alternatives: using /usr/bin/kpasswd.mit to provide /usr/bin/kpasswd (kpasswd) in auto mode 454s update-alternatives: using /usr/bin/kdestroy.mit to provide /usr/bin/kdestroy (kdestroy) in auto mode 454s update-alternatives: using /usr/bin/kadmin.mit to provide /usr/bin/kadmin (kadmin) in auto mode 454s update-alternatives: using /usr/bin/ktutil.mit to provide /usr/bin/ktutil (ktutil) in auto mode 454s Setting up krb5-kdc (1.20.1-5build1) ... 455s Created symlink /etc/systemd/system/multi-user.target.wants/krb5-kdc.service → /usr/lib/systemd/system/krb5-kdc.service. 455s Could not execute systemctl: at /usr/bin/deb-systemd-invoke line 148. 455s Setting up krb5-admin-server (1.20.1-5build1) ... 456s Created symlink /etc/systemd/system/multi-user.target.wants/krb5-admin-server.service → /usr/lib/systemd/system/krb5-admin-server.service. 456s Setting up autopkgtest-satdep (0) ... 456s Processing triggers for man-db (2.12.0-3) ... 457s Processing triggers for libc-bin (2.39-0ubuntu2) ... 465s (Reading database ... 75596 files and directories currently installed.) 465s Removing autopkgtest-satdep (0) ... 466s autopkgtest [00:29:40]: test ldap-user-group-krb5-auth: [----------------------- 466s + . debian/tests/util 466s + . debian/tests/common-tests 466s + mydomain=example.com 466s + myhostname=ldap.example.com 466s + mysuffix=dc=example,dc=com 466s + myrealm=EXAMPLE.COM 466s + admin_dn=cn=admin,dc=example,dc=com 466s + admin_pw=secret 466s + ldap_user=testuser1 466s + ldap_user_pw=testuser1secret 466s + kerberos_principal_pw=testuser1kerberos 466s + ldap_group=ldapusers 466s + adjust_hostname ldap.example.com 466s + local myhostname=ldap.example.com 466s + echo ldap.example.com 466s + hostname ldap.example.com 466s + grep -qE ldap.example.com /etc/hosts 466s + reconfigure_slapd 466s + debconf-set-selections 466s + rm -rf /var/backups/slapd-2.6.7+dfsg-1~exp1ubuntu1 /var/backups/unknown-2.6.7+dfsg-1~exp1ubuntu1-20240305-002918.ldapdb 466s + dpkg-reconfigure -fnoninteractive -pcritical slapd 466s Backing up /etc/ldap/slapd.d in /var/backups/slapd-2.6.7+dfsg-1~exp1ubuntu1... done. 466s Moving old database directory to /var/backups: 466s - directory unknown... done. 466s Creating initial configuration... done. 466s Creating LDAP directory... done. 467s + generate_certs ldap.example.com 467s + local cn=ldap.example.com 467s + local cert=/etc/ldap/server.pem 467s + local key=/etc/ldap/server.key 467s + local cnf=/etc/ldap/openssl.cnf 467s + cat 467s + openssl req -new -x509 -nodes -out /etc/ldap/server.pem -keyout /etc/ldap/server.key -config /etc/ldap/openssl.cnf 467s .........................................................................++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 467s ...........................................................................................++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 467s ----- 467s + chmod 0640 /etc/ldap/server.key 467s + chgrp openldap /etc/ldap/server.key 467s + [ ! -f /etc/ldap/server.pem ] 467s + [ ! -f /etc/ldap/server.key ] 467s + enable_ldap_ssl 467s + cat 467s + cat 467s + ldapmodify -H ldapi:/// -Y EXTERNAL -Q 467s modifying entry "cn=config" 467s 467s + populate_ldap_rfc2307 467s + cat 467s + ldapadd -x -Dadding new entry "ou=People,dc=example,dc=com" 467s 467s adding new entry "ou=Group,dc=example,dc=com" 467s 467s adding new entry "uid=testuser1,ou=People,dc=example,dc=com" 467s 467s adding new entry "cn=testuser1,ou=Group,dc=example,dc=com" 467s 467s adding new entry "cn=ldapusers,ou=Group,dc=example,dc=com" 467s 467s Initializing database '/var/lib/krb5kdc/principal' for realm 'EXAMPLE.COM', 467s master key name 'K/M@EXAMPLE.COM' 467s cn=admin,dc=example,dc=com -w secret 467s + create_realm EXAMPLE.COM ldap.example.com 467s + local realm_name=EXAMPLE.COM 467s + local kerberos_server=ldap.example.com 467s + rm -rf /var/lib/krb5kdc/* 467s + rm -rf /etc/krb5kdc/kdc.conf 467s + rm -f /etc/krb5.keytab 467s + cat 467s + cat 467s + echo # */admin * 467s + kdb5_util create -s -P secretpassword 467s + systemctl restart krb5-kdc.service krb5-admin-server.service 467s + create_krb_principal testuser1 testuser1kerberos 467s + local principal=testuser1 467s + local password=testuser1kerberos 467s + kadmin.local -q addprinc -pw testuser1kerberos testuser1 467s No policy specified for testuser1@EXAMPLE.COM; defaulting to no policy 467s Authenticating as principal root/admin@EXAMPLE.COM with password. 467s Principal "testuser1@EXAMPLE.COM" created. 467s + configure_sssd_ldap_rfc2307_krb5_auth 467s + cat 467s + chmod 0600 /etc/sssd/sssd.conf 467s + systemctl restart sssd 467s + enable_pam_mkhomedir 467s + grep -qE ^session.*pam_mkhomedir\.so /etc/pam.d/common-session 467s Assert local user databases do not have our LDAP test data 467s + run_common_tests 467s + echo Assert local user databases do not have our LDAP test data 467s + check_local_user testuser1 467s + local local_user=testuser1 467s + grep -q ^testuser1 /etc/passwd 467s + check_local_group testuser1 467s + local local_group=testuser1 467s + grep -q ^testuser1 /etc/group 467s + The LDAP user is known to the system via getent 467s check_local_group ldapusers 467s + local local_group=ldapusers 467s + grep -q ^ldapusers /etc/group 467s + echo The LDAP user is known to the system via getent 467s + check_getent_user testuser1 467s + local getent_user=testuser1 467s + local output 467s + getent passwd testuser1 467s The LDAP user's private group is known to the system via getent 467s + output=testuser1:*:10001:10001:testuser1:/home/testuser1:/bin/bash 467s + [ -z testuser1:*:10001:10001:testuser1:/home/testuser1:/bin/bash ] 467s + echo The LDAP user's private group is known to the system via getent 467s + check_getent_group testuser1 467s + local getent_group=testuser1 467s + local output 467s + getent group testuser1 467s + output=testuser1:*:10001:testuser1 467s + [ -z testuser1:*:10001:testuser1 ] 467s + echo The LDAP group ldapusers is known to the system via getent 467s + check_getent_group ldapusers 467s + local getent_group=ldapusers 467s + local output 467s The LDAP group ldapusers is known to the system via getent 467s + getent group ldapusers 467s The id(1) command can resolve the group membership of the LDAP user 467s + output=ldapusers:*:10100:testuser1 467s + [ -z ldapusers:*:10100:testuser1 ] 467s + echo The id(1) command can resolve the group membership of the LDAP user 467s + id -Gn testuser1 467s + output=testuser1 ldapusers 467s + [ testuser1 ldapusers != testuser1 ldapusers ] 467s + echo The Kerberos principal can login on a terminal 467s The Kerberos principal can login on a terminal 467s + kdestroy 467s + /usr/bin/expect -f debian/tests/login.exp testuser1 testuser1kerberos testuser1@EXAMPLE.COM 467s spawn login 467s ldap.example.com login: testuser1 467s Password: 468s Welcome to Ubuntu Noble Numbat (development branch) (GNU/Linux 6.8.0-11-generic aarch64) 468s 468s * Documentation: https://help.ubuntu.com 468s * Management: https://landscape.canonical.com 468s * Support: https://ubuntu.com/pro 468s 468s 468s The programs included with the Ubuntu system are free software; 468s the exact distribution terms for each program are described in the 468s individual files in /usr/share/doc/*/copyright. 468s 468s Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by 468s applicable law. 468s 468s Last login: Tue Mar 5 00:29:20 UTC 2024 on pts/0 468s [?2004htestuser1@ldap:~$ id -un 468s [?2004l testuser1 468s [?2004htestuser1@ldap:~$ klist 468s [?2004l Ticket cache: FILE:/tmp/krb5cc_10001_0TckfN 468s Default principal: testuser1@EXAMPLE.COM 468s 468s Valid starting Expires Service principal 468s autopkgtest [00:29:42]: test ldap-user-group-krb5-auth: -----------------------] 468s autopkgtest [00:29:42]: test ldap-user-group-krb5-auth: - - - - - - - - - - results - - - - - - - - - - 468s ldap-user-group-krb5-auth PASS 469s autopkgtest [00:29:43]: test sssd-softhism2-certificates-tests.sh: preparing testbed 571s autopkgtest [00:31:25]: @@@@@@@@@@@@@@@@@@@@ test bed setup 572s Get:1 http://ftpmaster.internal/ubuntu noble-proposed InRelease [117 kB] 572s Get:2 http://ftpmaster.internal/ubuntu noble-proposed/universe Sources [1755 kB] 572s Get:3 http://ftpmaster.internal/ubuntu noble-proposed/restricted Sources [3976 B] 572s Get:4 http://ftpmaster.internal/ubuntu noble-proposed/main Sources [313 kB] 572s Get:5 http://ftpmaster.internal/ubuntu noble-proposed/multiverse Sources [23.8 kB] 572s Get:6 http://ftpmaster.internal/ubuntu noble-proposed/main arm64 Packages [422 kB] 572s Get:7 http://ftpmaster.internal/ubuntu noble-proposed/main arm64 c-n-f Metadata [3144 B] 572s Get:8 http://ftpmaster.internal/ubuntu noble-proposed/restricted arm64 Packages [20.3 kB] 572s Get:9 http://ftpmaster.internal/ubuntu noble-proposed/restricted arm64 c-n-f Metadata [116 B] 572s Get:10 http://ftpmaster.internal/ubuntu noble-proposed/universe arm64 Packages [2019 kB] 572s Get:11 http://ftpmaster.internal/ubuntu noble-proposed/universe arm64 c-n-f Metadata [8528 B] 572s Get:12 http://ftpmaster.internal/ubuntu noble-proposed/multiverse arm64 Packages [14.0 kB] 572s Get:13 http://ftpmaster.internal/ubuntu noble-proposed/multiverse arm64 c-n-f Metadata [116 B] 574s Fetched 4700 kB in 1s (3956 kB/s) 574s Reading package lists... 577s Reading package lists... 577s Building dependency tree... 577s Reading state information... 578s Calculating upgrade... 578s The following packages will be REMOVED: 578s libssl3 578s The following NEW packages will be installed: 578s libssl3t64 578s The following packages will be upgraded: 578s dbus dbus-bin dbus-daemon dbus-session-bus-common dbus-system-bus-common 578s dbus-user-session gcc-13-base libdbus-1-3 libksba8 libpython3-stdlib openssl 578s python3 python3-minimal 579s 13 upgraded, 1 newly installed, 1 to remove and 0 not upgraded. 579s Need to get 3532 kB of archives. 579s After this operation, 70.7 kB of additional disk space will be used. 579s Get:1 http://ftpmaster.internal/ubuntu noble-proposed/main arm64 openssl arm64 3.0.10-1ubuntu5 [982 kB] 579s Get:2 http://ftpmaster.internal/ubuntu noble-proposed/main arm64 libssl3t64 arm64 3.0.10-1ubuntu5 [1763 kB] 579s Get:3 http://ftpmaster.internal/ubuntu noble/main arm64 python3-minimal arm64 3.12.1-0ubuntu2 [27.0 kB] 579s Get:4 http://ftpmaster.internal/ubuntu noble/main arm64 python3 arm64 3.12.1-0ubuntu2 [24.1 kB] 579s Get:5 http://ftpmaster.internal/ubuntu noble/main arm64 libpython3-stdlib arm64 3.12.1-0ubuntu2 [9742 B] 579s Get:6 http://ftpmaster.internal/ubuntu noble/main arm64 gcc-13-base arm64 13.2.0-17ubuntu2 [47.4 kB] 579s Get:7 http://ftpmaster.internal/ubuntu noble/main arm64 dbus-system-bus-common all 1.14.10-4ubuntu1 [81.4 kB] 579s Get:8 http://ftpmaster.internal/ubuntu noble/main arm64 dbus-session-bus-common all 1.14.10-4ubuntu1 [80.2 kB] 579s Get:9 http://ftpmaster.internal/ubuntu noble/main arm64 dbus-user-session arm64 1.14.10-4ubuntu1 [9958 B] 579s Get:10 http://ftpmaster.internal/ubuntu noble/main arm64 dbus-daemon arm64 1.14.10-4ubuntu1 [115 kB] 579s Get:11 http://ftpmaster.internal/ubuntu noble/main arm64 dbus-bin arm64 1.14.10-4ubuntu1 [38.8 kB] 579s Get:12 http://ftpmaster.internal/ubuntu noble/main arm64 dbus arm64 1.14.10-4ubuntu1 [23.9 kB] 579s Get:13 http://ftpmaster.internal/ubuntu noble/main arm64 libdbus-1-3 arm64 1.14.10-4ubuntu1 [210 kB] 579s Get:14 http://ftpmaster.internal/ubuntu noble/main arm64 libksba8 arm64 1.6.6-1 [119 kB] 580s Fetched 3532 kB in 1s (3745 kB/s) 580s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 116535 files and directories currently installed.) 580s Preparing to unpack .../openssl_3.0.10-1ubuntu5_arm64.deb ... 580s Unpacking openssl (3.0.10-1ubuntu5) over (3.0.10-1ubuntu4) ... 581s dpkg: libssl3:arm64: dependency problems, but removing anyway as you requested: 581s wget depends on libssl3 (>= 3.0.0). 581s u-boot-tools depends on libssl3 (>= 3.0.0). 581s tnftp depends on libssl3 (>= 3.0.0). 581s tcpdump depends on libssl3 (>= 3.0.0). 581s systemd-resolved depends on libssl3 (>= 3.0.0). 581s systemd depends on libssl3 (>= 3.0.0). 581s sudo depends on libssl3 (>= 3.0.0). 581s sbsigntool depends on libssl3 (>= 3.0.0). 581s rsync depends on libssl3 (>= 3.0.0). 581s python3-cryptography depends on libssl3 (>= 3.0.0). 581s openssh-server depends on libssl3 (>= 3.0.10). 581s openssh-client depends on libssl3 (>= 3.0.10). 581s mtd-utils depends on libssl3 (>= 3.0.0). 581s mokutil depends on libssl3 (>= 3.0.0). 581s linux-headers-6.8.0-11-generic depends on libssl3 (>= 3.0.0). 581s linux-headers-6.6.0-14-generic depends on libssl3 (>= 3.0.0). 581s libsystemd-shared:arm64 depends on libssl3 (>= 3.0.0). 581s libssh-4:arm64 depends on libssl3 (>= 3.0.0). 581s libsasl2-modules:arm64 depends on libssl3 (>= 3.0.0). 581s libsasl2-2:arm64 depends on libssl3 (>= 3.0.0). 581s libpython3.12-minimal:arm64 depends on libssl3 (>= 3.0.0). 581s libnvme1 depends on libssl3 (>= 3.0.0). 581s libkrb5-3:arm64 depends on libssl3 (>= 3.0.0). 581s libkmod2:arm64 depends on libssl3 (>= 3.0.0). 581s libfido2-1:arm64 depends on libssl3 (>= 3.0.0). 581s libcurl4:arm64 depends on libssl3 (>= 3.0.0). 581s libcryptsetup12:arm64 depends on libssl3 (>= 3.0.0). 581s kmod depends on libssl3 (>= 3.0.0). 581s dhcpcd-base depends on libssl3 (>= 3.0.0). 581s bind9-libs:arm64 depends on libssl3 (>= 3.0.0). 581s 581s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 116535 files and directories currently installed.) 581s Removing libssl3:arm64 (3.0.10-1ubuntu4) ... 581s Selecting previously unselected package libssl3t64:arm64. 581s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 116524 files and directories currently installed.) 581s Preparing to unpack .../libssl3t64_3.0.10-1ubuntu5_arm64.deb ... 581s Unpacking libssl3t64:arm64 (3.0.10-1ubuntu5) ... 582s Preparing to unpack .../python3-minimal_3.12.1-0ubuntu2_arm64.deb ... 582s Unpacking python3-minimal (3.12.1-0ubuntu2) over (3.12.1-0ubuntu1) ... 582s Setting up python3-minimal (3.12.1-0ubuntu2) ... 583s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 116537 files and directories currently installed.) 583s Preparing to unpack .../00-python3_3.12.1-0ubuntu2_arm64.deb ... 583s Unpacking python3 (3.12.1-0ubuntu2) over (3.12.1-0ubuntu1) ... 583s Preparing to unpack .../01-libpython3-stdlib_3.12.1-0ubuntu2_arm64.deb ... 583s Unpacking libpython3-stdlib:arm64 (3.12.1-0ubuntu2) over (3.12.1-0ubuntu1) ... 584s Preparing to unpack .../02-gcc-13-base_13.2.0-17ubuntu2_arm64.deb ... 584s Unpacking gcc-13-base:arm64 (13.2.0-17ubuntu2) over (13.2.0-16ubuntu1) ... 584s Preparing to unpack .../03-dbus-system-bus-common_1.14.10-4ubuntu1_all.deb ... 584s Unpacking dbus-system-bus-common (1.14.10-4ubuntu1) over (1.14.10-3ubuntu1) ... 584s Preparing to unpack .../04-dbus-session-bus-common_1.14.10-4ubuntu1_all.deb ... 584s Unpacking dbus-session-bus-common (1.14.10-4ubuntu1) over (1.14.10-3ubuntu1) ... 585s Preparing to unpack .../05-dbus-user-session_1.14.10-4ubuntu1_arm64.deb ... 585s Unpacking dbus-user-session (1.14.10-4ubuntu1) over (1.14.10-3ubuntu1) ... 585s Preparing to unpack .../06-dbus-daemon_1.14.10-4ubuntu1_arm64.deb ... 585s Unpacking dbus-daemon (1.14.10-4ubuntu1) over (1.14.10-3ubuntu1) ... 586s Preparing to unpack .../07-dbus-bin_1.14.10-4ubuntu1_arm64.deb ... 586s Unpacking dbus-bin (1.14.10-4ubuntu1) over (1.14.10-3ubuntu1) ... 586s Preparing to unpack .../08-dbus_1.14.10-4ubuntu1_arm64.deb ... 586s Unpacking dbus (1.14.10-4ubuntu1) over (1.14.10-3ubuntu1) ... 586s Preparing to unpack .../09-libdbus-1-3_1.14.10-4ubuntu1_arm64.deb ... 586s Unpacking libdbus-1-3:arm64 (1.14.10-4ubuntu1) over (1.14.10-3ubuntu1) ... 587s Preparing to unpack .../10-libksba8_1.6.6-1_arm64.deb ... 587s Unpacking libksba8:arm64 (1.6.6-1) over (1.6.5-2) ... 587s Setting up libksba8:arm64 (1.6.6-1) ... 587s Setting up libssl3t64:arm64 (3.0.10-1ubuntu5) ... 587s Setting up gcc-13-base:arm64 (13.2.0-17ubuntu2) ... 587s Setting up libdbus-1-3:arm64 (1.14.10-4ubuntu1) ... 587s Setting up dbus-session-bus-common (1.14.10-4ubuntu1) ... 587s Setting up dbus-system-bus-common (1.14.10-4ubuntu1) ... 587s Setting up openssl (3.0.10-1ubuntu5) ... 587s Setting up dbus-bin (1.14.10-4ubuntu1) ... 587s Setting up libpython3-stdlib:arm64 (3.12.1-0ubuntu2) ... 587s Setting up python3 (3.12.1-0ubuntu2) ... 587s Setting up dbus-daemon (1.14.10-4ubuntu1) ... 587s Setting up dbus-user-session (1.14.10-4ubuntu1) ... 587s Setting up dbus (1.14.10-4ubuntu1) ... 587s A reboot is required to replace the running dbus-daemon. 587s Please reboot the system when convenient. 588s Processing triggers for man-db (2.12.0-3) ... 589s Processing triggers for libc-bin (2.39-0ubuntu2) ... 589s Reading package lists... 589s Building dependency tree... 589s Reading state information... 590s The following packages will be REMOVED: 590s linux-headers-6.6.0-14* linux-headers-6.6.0-14-generic* 590s linux-image-6.6.0-14-generic* linux-modules-6.6.0-14-generic* 590s linux-modules-extra-6.6.0-14-generic* 590s 0 upgraded, 0 newly installed, 5 to remove and 0 not upgraded. 590s After this operation, 322 MB disk space will be freed. 590s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 116537 files and directories currently installed.) 590s Removing linux-headers-6.6.0-14-generic (6.6.0-14.14) ... 591s Removing linux-headers-6.6.0-14 (6.6.0-14.14) ... 592s Removing linux-image-6.6.0-14-generic (6.6.0-14.14) ... 592s I: /boot/vmlinuz.old is now a symlink to vmlinuz-6.8.0-11-generic 592s I: /boot/initrd.img.old is now a symlink to initrd.img-6.8.0-11-generic 592s /etc/kernel/postrm.d/initramfs-tools: 592s update-initramfs: Deleting /boot/initrd.img-6.6.0-14-generic 592s /etc/kernel/postrm.d/zz-flash-kernel: 592s flash-kernel: Kernel 6.6.0-14-generic has been removed. 592s flash-kernel: A higher version (6.8.0-11-generic) is still installed, no reflashing required. 592s /etc/kernel/postrm.d/zz-update-grub: 592s Sourcing file `/etc/default/grub' 592s Sourcing file `/etc/default/grub.d/50-cloudimg-settings.cfg' 592s Generating grub configuration file ... 593s Found linux image: /boot/vmlinuz-6.8.0-11-generic 593s Found initrd image: /boot/initrd.img-6.8.0-11-generic 593s Warning: os-prober will not be executed to detect other bootable partitions. 593s Systems on them will not be added to the GRUB boot configuration. 593s Check GRUB_DISABLE_OS_PROBER documentation entry. 593s Adding boot menu entry for UEFI Firmware Settings ... 593s done 593s Removing linux-modules-extra-6.6.0-14-generic (6.6.0-14.14) ... 595s Removing linux-modules-6.6.0-14-generic (6.6.0-14.14) ... 595s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 74663 files and directories currently installed.) 595s Purging configuration files for linux-modules-extra-6.6.0-14-generic (6.6.0-14.14) ... 595s Purging configuration files for linux-image-6.6.0-14-generic (6.6.0-14.14) ... 595s Purging configuration files for linux-modules-6.6.0-14-generic (6.6.0-14.14) ... 596s sh: Attempting to set up Debian/Ubuntu apt sources automatically 596s sh: Distribution appears to be Ubuntu 597s Reading package lists... 598s Building dependency tree... 598s Reading state information... 598s eatmydata is already the newest version (131-1). 598s dbus is already the newest version (1.14.10-4ubuntu1). 598s 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 598s Reading package lists... 598s Building dependency tree... 598s Reading state information... 599s rng-tools-debian is already the newest version (2.4). 599s 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 599s Reading package lists... 599s Building dependency tree... 599s Reading state information... 600s haveged is already the newest version (1.9.14-1ubuntu1). 600s 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 600s Reading package lists... 600s Building dependency tree... 600s Reading state information... 601s The following packages will be REMOVED: 601s cloud-init* python3-configobj* python3-debconf* 601s 0 upgraded, 0 newly installed, 3 to remove and 0 not upgraded. 601s After this operation, 3248 kB disk space will be freed. 601s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 74662 files and directories currently installed.) 601s Removing cloud-init (24.1-0ubuntu1) ... 602s Removing python3-configobj (5.0.8-3) ... 602s Removing python3-debconf (1.5.86) ... 602s Processing triggers for man-db (2.12.0-3) ... 603s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 74273 files and directories currently installed.) 603s Purging configuration files for cloud-init (24.1-0ubuntu1) ... 603s dpkg: warning: while removing cloud-init, directory '/etc/cloud/cloud.cfg.d' not empty so not removed 603s Processing triggers for rsyslog (8.2312.0-3ubuntu3) ... 604s Reading package lists... 604s Building dependency tree... 604s Reading state information... 605s linux-generic is already the newest version (6.8.0-11.11+1). 605s 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 605s Hit:1 http://ftpmaster.internal/ubuntu noble InRelease 605s Hit:2 http://ftpmaster.internal/ubuntu noble-updates InRelease 605s Hit:3 http://ftpmaster.internal/ubuntu noble-security InRelease 605s Hit:4 http://ftpmaster.internal/ubuntu noble-proposed InRelease 607s Reading package lists... 607s Reading package lists... 607s Building dependency tree... 607s Reading state information... 608s Calculating upgrade... 608s 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 608s Reading package lists... 608s Building dependency tree... 608s Reading state information... 610s 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 610s autopkgtest [00:32:04]: rebooting testbed after setup commands that affected boot 636s autopkgtest [00:32:30]: testbed dpkg architecture: arm64 641s Reading package lists... 641s Building dependency tree... 641s Reading state information... 641s Correcting dependencies...Starting pkgProblemResolver with broken count: 0 642s Starting 2 pkgProblemResolver with broken count: 0 642s Done 642s Done 642s Starting pkgProblemResolver with broken count: 0 642s Starting 2 pkgProblemResolver with broken count: 0 642s Done 643s The following additional packages will be installed: 643s gnutls-bin libavahi-client3 libavahi-common-data libavahi-common3 643s libbasicobjects0 libc-ares2 libcollection4 libcrack2 libdhash1 643s libevent-2.1-7 libgnutls-dane0 libini-config5 libipa-hbac0 libldb2 643s libnfsidmap1 libnss-sss libpam-pwquality libpam-sss libpath-utils1 643s libpwquality-common libpwquality1 libref-array1 libsmbclient libsofthsm2 643s libsss-certmap0 libsss-idmap0 libsss-nss-idmap0 libtalloc2 libtdb1 643s libtevent0 libunbound8 libwbclient0 python3-sss samba-libs softhsm2 643s softhsm2-common sssd sssd-ad sssd-ad-common sssd-common sssd-ipa sssd-krb5 643s sssd-krb5-common sssd-ldap sssd-proxy 643s Suggested packages: 643s dns-root-data adcli libsss-sudo sssd-tools libsasl2-modules-ldap 643s Recommended packages: 643s cracklib-runtime libsasl2-modules-gssapi-mit 643s | libsasl2-modules-gssapi-heimdal ldap-utils 644s The following NEW packages will be installed: 644s gnutls-bin libavahi-client3 libavahi-common-data libavahi-common3 644s libbasicobjects0 libc-ares2 libcollection4 libcrack2 libdhash1 644s libevent-2.1-7 libgnutls-dane0 libini-config5 libipa-hbac0 libldb2 644s libnfsidmap1 libnss-sss libpam-pwquality libpam-sss libpath-utils1 644s libpwquality-common libpwquality1 libref-array1 libsmbclient libsofthsm2 644s libsss-certmap0 libsss-idmap0 libsss-nss-idmap0 libtalloc2 libtdb1 644s libtevent0 libunbound8 libwbclient0 python3-sss samba-libs softhsm2 644s softhsm2-common sssd sssd-ad sssd-ad-common sssd-common sssd-ipa sssd-krb5 644s sssd-krb5-common sssd-ldap sssd-proxy 644s 0 upgraded, 45 newly installed, 0 to remove and 0 not upgraded. 644s 1 not fully installed or removed. 644s Need to get 10.1 MB of archives. 644s After this operation, 48.6 MB of additional disk space will be used. 644s Get:1 http://ftpmaster.internal/ubuntu noble/main arm64 libevent-2.1-7 arm64 2.1.12-stable-9 [138 kB] 645s Get:2 http://ftpmaster.internal/ubuntu noble/main arm64 libunbound8 arm64 1.19.1-1ubuntu1 [423 kB] 645s Get:3 http://ftpmaster.internal/ubuntu noble/main arm64 libgnutls-dane0 arm64 3.8.3-1ubuntu1 [23.3 kB] 645s Get:4 http://ftpmaster.internal/ubuntu noble/universe arm64 gnutls-bin arm64 3.8.3-1ubuntu1 [267 kB] 645s Get:5 http://ftpmaster.internal/ubuntu noble/universe arm64 softhsm2-common arm64 2.6.1-2.2 [5806 B] 645s Get:6 http://ftpmaster.internal/ubuntu noble/universe arm64 libsofthsm2 arm64 2.6.1-2.2 [246 kB] 645s Get:7 http://ftpmaster.internal/ubuntu noble/universe arm64 softhsm2 arm64 2.6.1-2.2 [167 kB] 645s Get:8 http://ftpmaster.internal/ubuntu noble/main arm64 libtalloc2 arm64 2.4.2-1 [26.6 kB] 645s Get:9 http://ftpmaster.internal/ubuntu noble/main arm64 libtdb1 arm64 1.4.10-1 [48.4 kB] 645s Get:10 http://ftpmaster.internal/ubuntu noble/main arm64 libtevent0 arm64 0.16.1-1 [41.8 kB] 645s Get:11 http://ftpmaster.internal/ubuntu noble/main arm64 libldb2 arm64 2:2.8.0+samba4.19.5+dfsg-1ubuntu1 [187 kB] 645s Get:12 http://ftpmaster.internal/ubuntu noble/main arm64 python3-sss arm64 2.9.4-1ubuntu1 [46.5 kB] 645s Get:13 http://ftpmaster.internal/ubuntu noble/main arm64 libsss-idmap0 arm64 2.9.4-1ubuntu1 [21.8 kB] 645s Get:14 http://ftpmaster.internal/ubuntu noble/main arm64 libnss-sss arm64 2.9.4-1ubuntu1 [31.7 kB] 645s Get:15 http://ftpmaster.internal/ubuntu noble/main arm64 libcrack2 arm64 2.9.6-5.1 [28.7 kB] 645s Get:16 http://ftpmaster.internal/ubuntu noble/main arm64 libpwquality-common all 1.4.5-3 [7658 B] 645s Get:17 http://ftpmaster.internal/ubuntu noble/main arm64 libpwquality1 arm64 1.4.5-3 [13.2 kB] 645s Get:18 http://ftpmaster.internal/ubuntu noble/main arm64 libpam-pwquality arm64 1.4.5-3 [11.6 kB] 645s Get:19 http://ftpmaster.internal/ubuntu noble/main arm64 libpam-sss arm64 2.9.4-1ubuntu1 [48.8 kB] 645s Get:20 http://ftpmaster.internal/ubuntu noble/main arm64 libc-ares2 arm64 1.27.0-1 [74.1 kB] 645s Get:21 http://ftpmaster.internal/ubuntu noble/main arm64 libdhash1 arm64 0.6.2-2 [8540 B] 645s Get:22 http://ftpmaster.internal/ubuntu noble/main arm64 libbasicobjects0 arm64 0.6.2-2 [5586 B] 645s Get:23 http://ftpmaster.internal/ubuntu noble/main arm64 libcollection4 arm64 0.6.2-2 [23.0 kB] 645s Get:24 http://ftpmaster.internal/ubuntu noble/main arm64 libpath-utils1 arm64 0.6.2-2 [8722 B] 645s Get:25 http://ftpmaster.internal/ubuntu noble/main arm64 libref-array1 arm64 0.6.2-2 [7042 B] 645s Get:26 http://ftpmaster.internal/ubuntu noble/main arm64 libini-config5 arm64 0.6.2-2 [43.7 kB] 645s Get:27 http://ftpmaster.internal/ubuntu noble/main arm64 libnfsidmap1 arm64 1:2.6.3-3ubuntu1 [47.1 kB] 645s Get:28 http://ftpmaster.internal/ubuntu noble/main arm64 libsss-certmap0 arm64 2.9.4-1ubuntu1 [45.8 kB] 645s Get:29 http://ftpmaster.internal/ubuntu noble/main arm64 libsss-nss-idmap0 arm64 2.9.4-1ubuntu1 [30.3 kB] 645s Get:30 http://ftpmaster.internal/ubuntu noble/main arm64 sssd-common arm64 2.9.4-1ubuntu1 [1147 kB] 645s Get:31 http://ftpmaster.internal/ubuntu noble/main arm64 libavahi-common-data arm64 0.8-13ubuntu2 [29.5 kB] 645s Get:32 http://ftpmaster.internal/ubuntu noble/main arm64 libavahi-common3 arm64 0.8-13ubuntu2 [23.2 kB] 645s Get:33 http://ftpmaster.internal/ubuntu noble/main arm64 libavahi-client3 arm64 0.8-13ubuntu2 [27.3 kB] 645s Get:34 http://ftpmaster.internal/ubuntu noble/main arm64 libwbclient0 arm64 2:4.19.5+dfsg-1ubuntu1 [70.6 kB] 645s Get:35 http://ftpmaster.internal/ubuntu noble/main arm64 samba-libs arm64 2:4.19.5+dfsg-1ubuntu1 [6061 kB] 646s Get:36 http://ftpmaster.internal/ubuntu noble/main arm64 sssd-ad-common arm64 2.9.4-1ubuntu1 [75.4 kB] 646s Get:37 http://ftpmaster.internal/ubuntu noble/main arm64 sssd-krb5-common arm64 2.9.4-1ubuntu1 [87.9 kB] 646s Get:38 http://ftpmaster.internal/ubuntu noble/main arm64 libsmbclient arm64 2:4.19.5+dfsg-1ubuntu1 [62.2 kB] 646s Get:39 http://ftpmaster.internal/ubuntu noble/main arm64 sssd-ad arm64 2.9.4-1ubuntu1 [134 kB] 646s Get:40 http://ftpmaster.internal/ubuntu noble/main arm64 libipa-hbac0 arm64 2.9.4-1ubuntu1 [16.7 kB] 646s Get:41 http://ftpmaster.internal/ubuntu noble/main arm64 sssd-ipa arm64 2.9.4-1ubuntu1 [220 kB] 646s Get:42 http://ftpmaster.internal/ubuntu noble/main arm64 sssd-krb5 arm64 2.9.4-1ubuntu1 [14.3 kB] 646s Get:43 http://ftpmaster.internal/ubuntu noble/main arm64 sssd-ldap arm64 2.9.4-1ubuntu1 [31.3 kB] 646s Get:44 http://ftpmaster.internal/ubuntu noble/main arm64 sssd-proxy arm64 2.9.4-1ubuntu1 [44.6 kB] 646s Get:45 http://ftpmaster.internal/ubuntu noble/main arm64 sssd arm64 2.9.4-1ubuntu1 [4120 B] 646s Fetched 10.1 MB in 2s (5480 kB/s) 647s Selecting previously unselected package libevent-2.1-7:arm64. 647s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 74218 files and directories currently installed.) 647s Preparing to unpack .../00-libevent-2.1-7_2.1.12-stable-9_arm64.deb ... 647s Unpacking libevent-2.1-7:arm64 (2.1.12-stable-9) ... 647s Selecting previously unselected package libunbound8:arm64. 647s Preparing to unpack .../01-libunbound8_1.19.1-1ubuntu1_arm64.deb ... 647s Unpacking libunbound8:arm64 (1.19.1-1ubuntu1) ... 647s Selecting previously unselected package libgnutls-dane0:arm64. 647s Preparing to unpack .../02-libgnutls-dane0_3.8.3-1ubuntu1_arm64.deb ... 647s Unpacking libgnutls-dane0:arm64 (3.8.3-1ubuntu1) ... 647s Selecting previously unselected package gnutls-bin. 647s Preparing to unpack .../03-gnutls-bin_3.8.3-1ubuntu1_arm64.deb ... 647s Unpacking gnutls-bin (3.8.3-1ubuntu1) ... 647s Selecting previously unselected package softhsm2-common. 647s Preparing to unpack .../04-softhsm2-common_2.6.1-2.2_arm64.deb ... 647s Unpacking softhsm2-common (2.6.1-2.2) ... 647s Selecting previously unselected package libsofthsm2. 647s Preparing to unpack .../05-libsofthsm2_2.6.1-2.2_arm64.deb ... 647s Unpacking libsofthsm2 (2.6.1-2.2) ... 647s Selecting previously unselected package softhsm2. 647s Preparing to unpack .../06-softhsm2_2.6.1-2.2_arm64.deb ... 647s Unpacking softhsm2 (2.6.1-2.2) ... 647s Selecting previously unselected package libtalloc2:arm64. 647s Preparing to unpack .../07-libtalloc2_2.4.2-1_arm64.deb ... 647s Unpacking libtalloc2:arm64 (2.4.2-1) ... 647s Selecting previously unselected package libtdb1:arm64. 647s Preparing to unpack .../08-libtdb1_1.4.10-1_arm64.deb ... 647s Unpacking libtdb1:arm64 (1.4.10-1) ... 647s Selecting previously unselected package libtevent0:arm64. 647s Preparing to unpack .../09-libtevent0_0.16.1-1_arm64.deb ... 647s Unpacking libtevent0:arm64 (0.16.1-1) ... 647s Selecting previously unselected package libldb2:arm64. 647s Preparing to unpack .../10-libldb2_2%3a2.8.0+samba4.19.5+dfsg-1ubuntu1_arm64.deb ... 647s Unpacking libldb2:arm64 (2:2.8.0+samba4.19.5+dfsg-1ubuntu1) ... 647s Selecting previously unselected package python3-sss. 647s Preparing to unpack .../11-python3-sss_2.9.4-1ubuntu1_arm64.deb ... 647s Unpacking python3-sss (2.9.4-1ubuntu1) ... 647s Selecting previously unselected package libsss-idmap0. 647s Preparing to unpack .../12-libsss-idmap0_2.9.4-1ubuntu1_arm64.deb ... 647s Unpacking libsss-idmap0 (2.9.4-1ubuntu1) ... 647s Selecting previously unselected package libnss-sss:arm64. 647s Preparing to unpack .../13-libnss-sss_2.9.4-1ubuntu1_arm64.deb ... 647s Unpacking libnss-sss:arm64 (2.9.4-1ubuntu1) ... 647s Selecting previously unselected package libcrack2:arm64. 647s Preparing to unpack .../14-libcrack2_2.9.6-5.1_arm64.deb ... 647s Unpacking libcrack2:arm64 (2.9.6-5.1) ... 647s Selecting previously unselected package libpwquality-common. 647s Preparing to unpack .../15-libpwquality-common_1.4.5-3_all.deb ... 647s Unpacking libpwquality-common (1.4.5-3) ... 647s Selecting previously unselected package libpwquality1:arm64. 647s Preparing to unpack .../16-libpwquality1_1.4.5-3_arm64.deb ... 647s Unpacking libpwquality1:arm64 (1.4.5-3) ... 647s Selecting previously unselected package libpam-pwquality:arm64. 647s Preparing to unpack .../17-libpam-pwquality_1.4.5-3_arm64.deb ... 647s Unpacking libpam-pwquality:arm64 (1.4.5-3) ... 648s Selecting previously unselected package libpam-sss:arm64. 648s Preparing to unpack .../18-libpam-sss_2.9.4-1ubuntu1_arm64.deb ... 648s Unpacking libpam-sss:arm64 (2.9.4-1ubuntu1) ... 648s Selecting previously unselected package libc-ares2:arm64. 648s Preparing to unpack .../19-libc-ares2_1.27.0-1_arm64.deb ... 648s Unpacking libc-ares2:arm64 (1.27.0-1) ... 648s Selecting previously unselected package libdhash1:arm64. 648s Preparing to unpack .../20-libdhash1_0.6.2-2_arm64.deb ... 648s Unpacking libdhash1:arm64 (0.6.2-2) ... 648s Selecting previously unselected package libbasicobjects0:arm64. 648s Preparing to unpack .../21-libbasicobjects0_0.6.2-2_arm64.deb ... 648s Unpacking libbasicobjects0:arm64 (0.6.2-2) ... 648s Selecting previously unselected package libcollection4:arm64. 648s Preparing to unpack .../22-libcollection4_0.6.2-2_arm64.deb ... 648s Unpacking libcollection4:arm64 (0.6.2-2) ... 648s Selecting previously unselected package libpath-utils1:arm64. 648s Preparing to unpack .../23-libpath-utils1_0.6.2-2_arm64.deb ... 648s Unpacking libpath-utils1:arm64 (0.6.2-2) ... 648s Selecting previously unselected package libref-array1:arm64. 648s Preparing to unpack .../24-libref-array1_0.6.2-2_arm64.deb ... 648s Unpacking libref-array1:arm64 (0.6.2-2) ... 648s Selecting previously unselected package libini-config5:arm64. 648s Preparing to unpack .../25-libini-config5_0.6.2-2_arm64.deb ... 648s Unpacking libini-config5:arm64 (0.6.2-2) ... 648s Selecting previously unselected package libnfsidmap1:arm64. 648s Preparing to unpack .../26-libnfsidmap1_1%3a2.6.3-3ubuntu1_arm64.deb ... 648s Unpacking libnfsidmap1:arm64 (1:2.6.3-3ubuntu1) ... 648s Selecting previously unselected package libsss-certmap0. 648s Preparing to unpack .../27-libsss-certmap0_2.9.4-1ubuntu1_arm64.deb ... 648s Unpacking libsss-certmap0 (2.9.4-1ubuntu1) ... 648s Selecting previously unselected package libsss-nss-idmap0. 648s Preparing to unpack .../28-libsss-nss-idmap0_2.9.4-1ubuntu1_arm64.deb ... 648s Unpacking libsss-nss-idmap0 (2.9.4-1ubuntu1) ... 648s Selecting previously unselected package sssd-common. 648s Preparing to unpack .../29-sssd-common_2.9.4-1ubuntu1_arm64.deb ... 648s Unpacking sssd-common (2.9.4-1ubuntu1) ... 648s Selecting previously unselected package libavahi-common-data:arm64. 648s Preparing to unpack .../30-libavahi-common-data_0.8-13ubuntu2_arm64.deb ... 648s Unpacking libavahi-common-data:arm64 (0.8-13ubuntu2) ... 648s Selecting previously unselected package libavahi-common3:arm64. 648s Preparing to unpack .../31-libavahi-common3_0.8-13ubuntu2_arm64.deb ... 648s Unpacking libavahi-common3:arm64 (0.8-13ubuntu2) ... 648s Selecting previously unselected package libavahi-client3:arm64. 648s Preparing to unpack .../32-libavahi-client3_0.8-13ubuntu2_arm64.deb ... 648s Unpacking libavahi-client3:arm64 (0.8-13ubuntu2) ... 648s Selecting previously unselected package libwbclient0:arm64. 648s Preparing to unpack .../33-libwbclient0_2%3a4.19.5+dfsg-1ubuntu1_arm64.deb ... 648s Unpacking libwbclient0:arm64 (2:4.19.5+dfsg-1ubuntu1) ... 648s Selecting previously unselected package samba-libs:arm64. 648s Preparing to unpack .../34-samba-libs_2%3a4.19.5+dfsg-1ubuntu1_arm64.deb ... 648s Unpacking samba-libs:arm64 (2:4.19.5+dfsg-1ubuntu1) ... 648s Selecting previously unselected package sssd-ad-common. 648s Preparing to unpack .../35-sssd-ad-common_2.9.4-1ubuntu1_arm64.deb ... 648s Unpacking sssd-ad-common (2.9.4-1ubuntu1) ... 649s Selecting previously unselected package sssd-krb5-common. 649s Preparing to unpack .../36-sssd-krb5-common_2.9.4-1ubuntu1_arm64.deb ... 649s Unpacking sssd-krb5-common (2.9.4-1ubuntu1) ... 649s Selecting previously unselected package libsmbclient:arm64. 649s Preparing to unpack .../37-libsmbclient_2%3a4.19.5+dfsg-1ubuntu1_arm64.deb ... 649s Unpacking libsmbclient:arm64 (2:4.19.5+dfsg-1ubuntu1) ... 649s Selecting previously unselected package sssd-ad. 649s Preparing to unpack .../38-sssd-ad_2.9.4-1ubuntu1_arm64.deb ... 649s Unpacking sssd-ad (2.9.4-1ubuntu1) ... 649s Selecting previously unselected package libipa-hbac0. 649s Preparing to unpack .../39-libipa-hbac0_2.9.4-1ubuntu1_arm64.deb ... 649s Unpacking libipa-hbac0 (2.9.4-1ubuntu1) ... 649s Selecting previously unselected package sssd-ipa. 649s Preparing to unpack .../40-sssd-ipa_2.9.4-1ubuntu1_arm64.deb ... 649s Unpacking sssd-ipa (2.9.4-1ubuntu1) ... 649s Selecting previously unselected package sssd-krb5. 649s Preparing to unpack .../41-sssd-krb5_2.9.4-1ubuntu1_arm64.deb ... 649s Unpacking sssd-krb5 (2.9.4-1ubuntu1) ... 649s Selecting previously unselected package sssd-ldap. 649s Preparing to unpack .../42-sssd-ldap_2.9.4-1ubuntu1_arm64.deb ... 649s Unpacking sssd-ldap (2.9.4-1ubuntu1) ... 649s Selecting previously unselected package sssd-proxy. 649s Preparing to unpack .../43-sssd-proxy_2.9.4-1ubuntu1_arm64.deb ... 649s Unpacking sssd-proxy (2.9.4-1ubuntu1) ... 649s Selecting previously unselected package sssd. 649s Preparing to unpack .../44-sssd_2.9.4-1ubuntu1_arm64.deb ... 649s Unpacking sssd (2.9.4-1ubuntu1) ... 649s Setting up libpwquality-common (1.4.5-3) ... 649s Setting up libpath-utils1:arm64 (0.6.2-2) ... 649s Setting up softhsm2-common (2.6.1-2.2) ... 650s 650s Creating config file /etc/softhsm/softhsm2.conf with new version 650s Setting up libnfsidmap1:arm64 (1:2.6.3-3ubuntu1) ... 650s Setting up libsss-idmap0 (2.9.4-1ubuntu1) ... 650s Setting up libbasicobjects0:arm64 (0.6.2-2) ... 650s Setting up libtdb1:arm64 (1.4.10-1) ... 650s Setting up libc-ares2:arm64 (1.27.0-1) ... 650s Setting up libwbclient0:arm64 (2:4.19.5+dfsg-1ubuntu1) ... 650s Setting up libtalloc2:arm64 (2.4.2-1) ... 650s Setting up libdhash1:arm64 (0.6.2-2) ... 650s Setting up libtevent0:arm64 (0.16.1-1) ... 650s Setting up libavahi-common-data:arm64 (0.8-13ubuntu2) ... 650s Setting up libevent-2.1-7:arm64 (2.1.12-stable-9) ... 650s Setting up libcrack2:arm64 (2.9.6-5.1) ... 650s Setting up libcollection4:arm64 (0.6.2-2) ... 650s Setting up libipa-hbac0 (2.9.4-1ubuntu1) ... 650s Setting up libref-array1:arm64 (0.6.2-2) ... 650s Setting up libldb2:arm64 (2:2.8.0+samba4.19.5+dfsg-1ubuntu1) ... 650s Setting up libsss-nss-idmap0 (2.9.4-1ubuntu1) ... 650s Setting up libnss-sss:arm64 (2.9.4-1ubuntu1) ... 650s Setting up libsofthsm2 (2.6.1-2.2) ... 650s Setting up softhsm2 (2.6.1-2.2) ... 650s Setting up libini-config5:arm64 (0.6.2-2) ... 650s Setting up libavahi-common3:arm64 (0.8-13ubuntu2) ... 650s Setting up python3-sss (2.9.4-1ubuntu1) ... 650s Setting up libsss-certmap0 (2.9.4-1ubuntu1) ... 650s Setting up libunbound8:arm64 (1.19.1-1ubuntu1) ... 650s Setting up libpwquality1:arm64 (1.4.5-3) ... 650s Setting up libavahi-client3:arm64 (0.8-13ubuntu2) ... 650s Setting up libgnutls-dane0:arm64 (3.8.3-1ubuntu1) ... 650s Setting up libpam-pwquality:arm64 (1.4.5-3) ... 650s Setting up samba-libs:arm64 (2:4.19.5+dfsg-1ubuntu1) ... 650s Setting up libsmbclient:arm64 (2:4.19.5+dfsg-1ubuntu1) ... 650s Setting up libpam-sss:arm64 (2.9.4-1ubuntu1) ... 650s Setting up gnutls-bin (3.8.3-1ubuntu1) ... 650s Setting up sssd-common (2.9.4-1ubuntu1) ... 650s Creating SSSD system user & group... 651s warn: The home directory `/var/lib/sss' already exists. Not touching this directory. 651s warn: Warning: The home directory `/var/lib/sss' does not belong to the user you are currently creating. 651s Warning: found usr.sbin.sssd in /etc/apparmor.d/force-complain, forcing complain mode 651s Warning from /etc/apparmor.d/usr.sbin.sssd (/etc/apparmor.d/usr.sbin.sssd line 63): Caching disabled for: 'usr.sbin.sssd' due to force complain 651s Created symlink /etc/systemd/system/sssd.service.wants/sssd-autofs.socket → /usr/lib/systemd/system/sssd-autofs.socket. 652s Created symlink /etc/systemd/system/sssd.service.wants/sssd-nss.socket → /usr/lib/systemd/system/sssd-nss.socket. 652s Created symlink /etc/systemd/system/sssd.service.wants/sssd-pam-priv.socket → /usr/lib/systemd/system/sssd-pam-priv.socket. 652s Created symlink /etc/systemd/system/sssd.service.wants/sssd-pam.socket → /usr/lib/systemd/system/sssd-pam.socket. 652s Created symlink /etc/systemd/system/sssd.service.wants/sssd-ssh.socket → /usr/lib/systemd/system/sssd-ssh.socket. 652s Created symlink /etc/systemd/system/sssd.service.wants/sssd-sudo.socket → /usr/lib/systemd/system/sssd-sudo.socket. 653s Created symlink /etc/systemd/system/multi-user.target.wants/sssd.service → /usr/lib/systemd/system/sssd.service. 653s sssd-autofs.service is a disabled or a static unit, not starting it. 653s sssd-nss.service is a disabled or a static unit, not starting it. 653s sssd-pam.service is a disabled or a static unit, not starting it. 653s sssd-ssh.service is a disabled or a static unit, not starting it. 653s sssd-sudo.service is a disabled or a static unit, not starting it. 653s Could not execute systemctl: at /usr/bin/deb-systemd-invoke line 148. 653s Setting up sssd-proxy (2.9.4-1ubuntu1) ... 653s Setting up sssd-ad-common (2.9.4-1ubuntu1) ... 654s Created symlink /etc/systemd/system/sssd.service.wants/sssd-pac.socket → /usr/lib/systemd/system/sssd-pac.socket. 654s sssd-pac.service is a disabled or a static unit, not starting it. 654s Could not execute systemctl: at /usr/bin/deb-systemd-invoke line 148. 654s Setting up sssd-krb5-common (2.9.4-1ubuntu1) ... 654s Setting up sssd-krb5 (2.9.4-1ubuntu1) ... 654s Setting up sssd-ldap (2.9.4-1ubuntu1) ... 654s Setting up sssd-ad (2.9.4-1ubuntu1) ... 654s Setting up sssd-ipa (2.9.4-1ubuntu1) ... 654s Setting up sssd (2.9.4-1ubuntu1) ... 654s Setting up autopkgtest-satdep (0) ... 654s Processing triggers for man-db (2.12.0-3) ... 655s Processing triggers for libc-bin (2.39-0ubuntu2) ... 659s (Reading database ... 74806 files and directories currently installed.) 659s Removing autopkgtest-satdep (0) ... 664s autopkgtest [00:32:58]: test sssd-softhism2-certificates-tests.sh: [----------------------- 664s + '[' -z ubuntu ']' 664s + required_tools=(p11tool openssl softhsm2-util) 664s + for cmd in "${required_tools[@]}" 664s + command -v p11tool 664s + for cmd in "${required_tools[@]}" 664s + command -v openssl 664s + for cmd in "${required_tools[@]}" 664s + command -v softhsm2-util 664s + PIN=053350 664s +++ find /usr/lib/softhsm/libsofthsm2.so 664s +++ head -n 1 664s ++ realpath /usr/lib/softhsm/libsofthsm2.so 664s + SOFTHSM2_MODULE=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so 664s + SSSD_P11_CHILD=/usr/libexec/sssd/p11_child 664s + TOKEN_ID=00112233445566778899FFAABBCCDDEEFF012345 664s + '[' '!' -v NO_SSSD_TESTS ']' 664s + '[' '!' -x /usr/libexec/sssd/p11_child ']' 664s + ca_db_arg=ca_db 664s ++ /usr/libexec/sssd/p11_child --help 664s + p11_child_help='Usage: p11_child [OPTION...] 664s -d, --debug-level=INT Debug level 664s --debug-timestamps=INT Add debug timestamps 664s --debug-microseconds=INT Show timestamps with microseconds 664s --dumpable=INT Allow core dumps 664s --debug-fd=INT An open file descriptor for the debug 664s logs 664s --logger=stderr|files|journald Set logger 664s --auth Run in auth mode 664s --pre Run in pre-auth mode 664s --wait_for_card Wait until card is available 664s --verification Run in verification mode 664s --pin Expect PIN on stdin 664s --keypad Expect PIN on keypad 664s --verify=STRING Tune validation 664s --ca_db=STRING CA DB to use 664s --module_name=STRING Module name for authentication 664s --token_name=STRING Token name for authentication 664s --key_id=STRING Key ID for authentication 664s --label=STRING Label for authentication 664s --certificate=STRING certificate to verify, base64 encoded 664s --uri=STRING PKCS#11 URI to restrict selection 664s --chain-id=LONG Tevent chain ID used for logging 664s purposes 664s 664s Help options: 664s -?, --help Show this help message 664s --usage Display brief usage message' 664s + echo 'Usage: p11_child [OPTION...] 664s -d, --debug-level=INT Debug level 664s --debug-timestamps=INT Add debug timestamps 664s --debug-microseconds=INT Show timestamps with microseconds 664s --dumpable=INT Allow core dumps 664s --debug-fd=INT An open file descriptor for the debug 664s logs 664s --logger=stderr|files|journald Set logger 664s --auth Run in auth mode 664s --pre Run in pre-auth mode 664s --wait_for_card Wait until card is available 664s --verification Run in verification mode 664s --pin Expect PIN on stdin 664s --keypad Expect PIN on keypad 664s --verify=STRING Tune validation 664s --ca_db=STRING CA DB to use 664s --module_name=STRING Module name for authentication 664s --token_name=STRING Token name for authentication 664s --key_id=STRING Key ID for authentication 664s --label=STRING Label for authentication 664s --certificate=STRING certificate to verify, base64 encoded 664s --uri=STRING PKCS#11 URI to restrict selection 664s --chain-id=LONG Tevent chain ID used for logging 664s purposes 664s 664s Help options: 664s -?, --help Show this help message 664s --usage Display brief usage message' 664s + grep nssdb -qs 664s + echo 'Usage: p11_child [OPTION...] 664s -d, --debug-level=INT Debug level 664s --debug-timestamps=INT Add debug timestamps 664s --debug-microseconds=INT Show timestamps with microseconds 664s --dumpable=INT Allow core dumps 664s --debug-fd=INT An open file descriptor for the debug 664s logs 664s --logger=stderr|files|journald Set logger 664s --auth Run in auth mode 664s --pre Run in pre-auth mode 664s --wait_for_card Wait until card is available 664s --verification Run in verification mode 664s --pin Expect PIN on stdin 664s --keypad Expect PIN on keypad 664s --verify=STRING Tune validation 664s --ca_db=STRING CA DB to use 664s --module_name=STRING Module name for authentication 664s --token_name=STRING Token name for authentication 664s --key_id=STRING Key ID for authentication 664s --label=STRING Label for authentication 664s --certificate=STRING certificate to verify, base64 encoded 664s --uri=STRING PKCS#11 URI to restrict selection 664s --chain-id=LONG Tevent chain ID used for logging 664s purposes 664s 664s Help options: 664s -?, --help Show this help message 664s --usage Display brief usage message' 664s + grep -qs -- --ca_db 664s + '[' '!' -e /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so ']' 664s ++ mktemp -d -t sssd-softhsm2-XXXXXX 664s + tmpdir=/tmp/sssd-softhsm2-rsACTo 664s + keys_size=1024 664s + [[ ! -v KEEP_TEMPORARY_FILES ]] 664s + trap 'rm -rf "$tmpdir"' EXIT 664s + trap 'set +x; echo -e "\nUnexpected failure!!!"' ERR 664s + echo -n 01 664s + touch /tmp/sssd-softhsm2-rsACTo/index.txt 664s + mkdir -p /tmp/sssd-softhsm2-rsACTo/new_certs 664s + cat 664s + root_ca_key_pass=pass:random-root-CA-password-12643 664s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-rsACTo/test-root-CA-key.pem -passout pass:random-root-CA-password-12643 1024 665s + openssl req -passin pass:random-root-CA-password-12643 -batch -config /tmp/sssd-softhsm2-rsACTo/test-root-CA.config -x509 -new -nodes -key /tmp/sssd-softhsm2-rsACTo/test-root-CA-key.pem -sha256 -days 1024 -set_serial 0 -extensions v3_ca -out /tmp/sssd-softhsm2-rsACTo/test-root-CA.pem 665s + openssl x509 -noout -in /tmp/sssd-softhsm2-rsACTo/test-root-CA.pem 665s + cat 665s + intermediate_ca_key_pass=pass:random-intermediate-CA-password-7847 665s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-rsACTo/test-intermediate-CA-key.pem -passout pass:random-intermediate-CA-password-7847 1024 665s + openssl req -batch -new -nodes -passin pass:random-intermediate-CA-password-7847 -config /tmp/sssd-softhsm2-rsACTo/test-intermediate-CA.config -key /tmp/sssd-softhsm2-rsACTo/test-intermediate-CA-key.pem -passout pass:random-root-CA-password-12643 -sha256 -extensions v3_ca -out /tmp/sssd-softhsm2-rsACTo/test-intermediate-CA-certificate-request.pem 665s + openssl req -text -noout -in /tmp/sssd-softhsm2-rsACTo/test-intermediate-CA-certificate-request.pem 665s Certificate Request: 665s Data: 665s Version: 1 (0x0) 665s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 665s Subject Public Key Info: 665s Public Key Algorithm: rsaEncryption 665s Public-Key: (1024 bit) 665s Modulus: 665s 00:b2:ad:61:cc:13:91:7c:41:e4:8d:69:8a:95:65: 665s cb:b5:2c:79:90:50:30:5b:8c:08:8d:f3:7c:4e:62: 665s 18:8a:fa:76:a8:79:3d:d3:79:07:c7:5e:fb:25:58: 665s 82:22:3f:65:df:85:2c:10:a9:cf:90:df:01:ee:2c: 665s 89:1c:a0:96:9e:9c:63:dc:fb:16:49:dc:46:f0:7b: 665s 5e:76:16:9e:05:3f:e4:e9:e2:e0:a7:fe:db:40:9e: 665s 70:f6:62:74:a6:1a:e2:b4:da:76:19:78:c1:0a:ff: 665s 85:42:ac:98:16:af:cb:ea:f6:f8:48:0b:37:c4:ab: 665s 70:a6:5f:45:f2:98:ed:dd:e1 665s Exponent: 65537 (0x10001) 665s Attributes: 665s (none) 665s Requested Extensions: 665s Signature Algorithm: sha256WithRSAEncryption 665s Signature Value: 665s 40:e8:64:a7:56:b3:73:60:37:71:e6:04:4f:59:57:e1:af:9c: 665s 0f:fc:bf:1e:0e:41:7d:a7:56:e6:58:c6:12:80:85:67:06:69: 665s 7c:e0:ab:a0:7e:7f:75:5e:3c:48:0d:0a:e8:a4:ce:64:ed:4b: 665s 9f:2f:7f:ea:04:62:69:ab:ae:17:6c:a0:2c:75:80:b8:b2:9b: 665s 5a:f9:7a:77:3b:db:37:ad:10:78:a4:92:99:19:61:d0:eb:bc: 665s b2:89:86:ae:fa:a1:8f:83:f7:3f:65:9f:0c:5c:af:13:a3:f6: 665s 64:c6:b7:14:d5:96:66:e5:6a:e1:31:28:dd:4d:02:28:2d:6c: 665s 77:93 665s + openssl ca -batch -notext -config /tmp/sssd-softhsm2-rsACTo/test-root-CA.config -passin pass:random-root-CA-password-12643 -keyfile /tmp/sssd-softhsm2-rsACTo/test-root-CA-key.pem -in /tmp/sssd-softhsm2-rsACTo/test-intermediate-CA-certificate-request.pem -days 365 -extensions v3_intermediate_ca -out /tmp/sssd-softhsm2-rsACTo/test-intermediate-CA.pem 665s Using configuration from /tmp/sssd-softhsm2-rsACTo/test-root-CA.config 665s Check that the request matches the signature 665s Signature ok 665s Certificate Details: 665s Serial Number: 1 (0x1) 665s Validity 665s Not Before: Mar 5 00:32:59 2024 GMT 665s Not After : Mar 5 00:32:59 2025 GMT 665s Subject: 665s organizationName = Test Organization 665s organizationalUnitName = Test Organization Unit 665s commonName = Test Organization Intermediate CA 665s X509v3 extensions: 665s X509v3 Subject Key Identifier: 665s 8A:C7:FC:AC:82:67:46:7B:93:36:0A:20:20:0A:A3:19:AA:B1:69:AB 665s X509v3 Authority Key Identifier: 665s keyid:1A:59:A5:F6:6A:BF:D6:1E:B8:61:4F:36:2A:6F:C2:13:F1:CC:4F:93 665s DirName:/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root CA 665s serial:00 665s X509v3 Basic Constraints: 665s CA:TRUE 665s X509v3 Key Usage: critical 665s Digital Signature, Certificate Sign, CRL Sign 665s Certificate is to be certified until Mar 5 00:32:59 2025 GMT (365 days) 665s 665s Write out database with 1 new entries 665s Database updated 665s + openssl x509 -noout -in /tmp/sssd-softhsm2-rsACTo/test-intermediate-CA.pem 665s + openssl verify -CAfile /tmp/sssd-softhsm2-rsACTo/test-root-CA.pem /tmp/sssd-softhsm2-rsACTo/test-intermediate-CA.pem 665s /tmp/sssd-softhsm2-rsACTo/test-intermediate-CA.pem: OK 665s + cat 665s + sub_intermediate_ca_key_pass=pass:random-sub-intermediate-CA-password-25555 665s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-rsACTo/test-sub-intermediate-CA-key.pem -passout pass:random-sub-intermediate-CA-password-25555 1024 665s + openssl req -batch -new -nodes -passin pass:random-sub-intermediate-CA-password-25555 -config /tmp/sssd-softhsm2-rsACTo/test-sub-intermediate-CA.config -key /tmp/sssd-softhsm2-rsACTo/test-sub-intermediate-CA-key.pem -passout pass:random-intermediate-CA-password-7847 -sha256 -extensions v3_ca -out /tmp/sssd-softhsm2-rsACTo/test-sub-intermediate-CA-certificate-request.pem 665s + openssl req -text -noout -in /tmp/sssd-softhsm2-rsACTo/test-sub-intermediate-CA-certificate-request.pem 665s Certificate Request: 665s Data: 665s Version: 1 (0x0) 665s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 665s Subject Public Key Info: 665s Public Key Algorithm: rsaEncryption 665s Public-Key: (1024 bit) 665s Modulus: 665s 00:c7:3f:53:7f:c6:8c:b8:4b:ee:5a:b1:c9:ed:87: 665s 97:03:ed:91:0e:ed:3d:85:98:ba:5e:92:98:36:20: 665s dc:3c:5d:c4:ee:5b:b7:17:fc:8a:57:b7:de:39:b7: 665s c5:93:67:a1:55:63:84:cf:a8:85:45:b1:fc:ae:9e: 665s ff:4a:d1:7e:16:3c:15:11:7a:6a:0c:d1:b7:1c:e3: 665s e5:b1:af:a0:c7:89:0b:af:f7:d5:02:60:b9:4f:cf: 665s 70:b7:14:1f:72:af:8f:8e:1f:7d:90:b2:85:0f:2b: 665s 5b:1f:83:ae:a9:37:40:39:71:79:59:a9:8c:6e:cf: 665s c2:c6:65:c2:70:a8:17:67:67 665s Exponent: 65537 (0x10001) 665s Attributes: 665s (none) 665s Requested Extensions: 665s Signature Algorithm: sha256WithRSAEncryption 665s Signature Value: 665s 14:c5:e5:57:e7:0f:a2:f7:16:9f:9f:a3:7a:3f:9c:16:72:ca: 665s 90:9f:43:8b:58:99:b1:f8:5a:ab:d5:a1:7a:f1:5a:db:06:d1: 665s d8:c7:42:5a:9e:3e:61:48:70:2c:2d:9f:6e:e0:07:f9:ed:8d: 665s cb:08:dd:03:a8:a8:f8:10:3e:a1:75:be:4a:a1:db:96:f6:48: 665s 50:38:30:aa:23:64:6a:e2:4a:01:2b:c3:2e:1f:19:96:f0:7b: 665s 94:0c:9d:10:4a:21:b2:8a:af:06:46:8f:0b:ee:56:dd:29:d1: 665s 9c:b8:bc:22:59:de:38:e2:53:41:9f:84:12:be:c5:d4:f4:0b: 665s 32:06 665s + openssl ca -batch -notext -config /tmp/sssd-softhsm2-rsACTo/test-intermediate-CA.config -passin pass:random-intermediate-CA-password-7847 -keyfile /tmp/sssd-softhsm2-rsACTo/test-intermediate-CA-key.pem -in /tmp/sssd-softhsm2-rsACTo/test-sub-intermediate-CA-certificate-request.pem -days 365 -extensions v3_intermediate_ca -out /tmp/sssd-softhsm2-rsACTo/test-sub-intermediate-CA.pem 665s Using configuration from /tmp/sssd-softhsm2-rsACTo/test-intermediate-CA.config 665s Check that the request matches the signature 665s Signature ok 665s Certificate Details: 665s Serial Number: 2 (0x2) 665s Validity 665s Not Before: Mar 5 00:32:59 2024 GMT 665s Not After : Mar 5 00:32:59 2025 GMT 665s Subject: 665s organizationName = Test Organization 665s organizationalUnitName = Test Organization Unit 665s commonName = Test Organization Sub Intermediate CA 665s X509v3 extensions: 665s X509v3 Subject Key Identifier: 665s 89:DB:63:36:EB:0A:59:7A:4A:CB:80:BA:E4:4D:32:2F:2A:E5:24:F8 665s X509v3 Authority Key Identifier: 665s keyid:8A:C7:FC:AC:82:67:46:7B:93:36:0A:20:20:0A:A3:19:AA:B1:69:AB 665s DirName:/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root CA 665s serial:01 665s X509v3 Basic Constraints: 665s CA:TRUE 665s X509v3 Key Usage: critical 665s Digital Signature, Certificate Sign, CRL Sign 665s Certificate is to be certified until Mar 5 00:32:59 2025 GMT (365 days) 665s 665s Write out database with 1 new entries 665s Database updated 665s + openssl x509 -noout -in /tmp/sssd-softhsm2-rsACTo/test-sub-intermediate-CA.pem 665s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-rsACTo/test-intermediate-CA.pem /tmp/sssd-softhsm2-rsACTo/test-sub-intermediate-CA.pem 665s /tmp/sssd-softhsm2-rsACTo/test-sub-intermediate-CA.pem: OK 665s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-rsACTo/test-root-CA.pem /tmp/sssd-softhsm2-rsACTo/test-sub-intermediate-CA.pem 665s + local cmd=openssl 665s + shift 665s + openssl verify -CAfile /tmp/sssd-softhsm2-rsACTo/test-root-CA.pem /tmp/sssd-softhsm2-rsACTo/test-sub-intermediate-CA.pem 665s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 665s error 20 at 0 depth lookup: unable to get local issuer certificate 665s error /tmp/sssd-softhsm2-rsACTo/test-sub-intermediate-CA.pem: verification failed 665s + cat 665s + root_ca_trusted_cert_0001_key_pass=pass:random-root-ca-trusted-cert-0001-14273 665s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-rsACTo/test-root-CA-trusted-certificate-0001-key.pem -passout pass:random-root-ca-trusted-cert-0001-14273 1024 665s + openssl req -new -nodes -reqexts req_exts -passin pass:random-root-ca-trusted-cert-0001-14273 -key /tmp/sssd-softhsm2-rsACTo/test-root-CA-trusted-certificate-0001-key.pem -config /tmp/sssd-softhsm2-rsACTo/test-root-CA-trusted-certificate-0001.config -out /tmp/sssd-softhsm2-rsACTo/test-root-CA-trusted-certificate-0001-request.pem 665s + openssl req -text -noout -in /tmp/sssd-softhsm2-rsACTo/test-root-CA-trusted-certificate-0001-request.pem 665s Certificate Request: 665s Data: 665s Version: 1 (0x0) 665s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 665s Subject Public Key Info: 665s Public Key Algorithm: rsaEncryption 665s Public-Key: (1024 bit) 665s Modulus: 665s 00:c7:69:13:f4:6f:37:3a:75:50:7d:5a:be:11:3d: 665s ae:8d:87:0e:08:11:bc:3b:f3:c9:cc:22:75:36:3b: 665s 75:be:2b:16:3c:ea:0d:ac:21:99:30:0c:63:9d:96: 665s d7:d8:22:f5:f8:88:88:62:71:e2:61:02:d4:10:06: 665s 4a:bb:a3:f9:a7:28:79:04:b9:6c:ff:88:74:67:f2: 665s 71:88:2a:b3:9a:93:d8:83:0e:2c:65:22:32:92:7a: 665s 02:9e:f9:5f:8e:2d:4a:f9:1c:2d:4a:aa:37:6d:3d: 665s 9c:fe:fe:5a:fe:08:eb:2b:1f:b5:98:39:27:8e:96: 665s e1:0f:74:95:6f:ac:21:57:03 665s Exponent: 65537 (0x10001) 665s Attributes: 665s Requested Extensions: 665s X509v3 Basic Constraints: 665s CA:FALSE 665s Netscape Cert Type: 665s SSL Client, S/MIME 665s Netscape Comment: 665s Test Organization Root CA trusted Certificate 665s X509v3 Subject Key Identifier: 665s 50:5F:2A:42:F8:E7:B6:EC:4F:A1:40:B5:D4:38:80:05:54:EB:A6:25 665s X509v3 Key Usage: critical 665s Digital Signature, Non Repudiation, Key Encipherment 665s X509v3 Extended Key Usage: 665s TLS Web Client Authentication, E-mail Protection 665s X509v3 Subject Alternative Name: 665s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 665s Signature Algorithm: sha256WithRSAEncryption 665s Signature Value: 665s 12:b3:d0:77:f6:f2:aa:2f:07:d9:91:05:28:57:0b:c5:3b:cf: 665s 38:c5:ae:85:38:78:b5:be:d1:8c:c2:99:89:d7:86:d0:95:34: 665s 75:d8:13:55:fa:90:72:9e:47:56:6a:88:98:30:5c:ee:d0:4c: 665s a9:94:23:78:10:61:34:58:95:67:2e:5b:05:72:ab:95:b9:93: 665s 5a:f4:2a:b3:34:28:c6:d4:37:15:7d:bd:7a:2b:2f:96:f2:8b: 665s 3c:0d:31:15:b5:ca:e7:df:4b:02:9c:e8:ce:f9:27:74:6b:8a: 665s 7a:ec:fc:fe:df:40:60:bc:40:0f:4b:8f:bf:0f:88:b5:cb:1d: 665s ca:f5 665s + openssl ca -batch -notext -config /tmp/sssd-softhsm2-rsACTo/test-root-CA.config -passin pass:random-root-CA-password-12643 -keyfile /tmp/sssd-softhsm2-rsACTo/test-root-CA-key.pem -in /tmp/sssd-softhsm2-rsACTo/test-root-CA-trusted-certificate-0001-request.pem -days 365 -extensions usr_cert -out /tmp/sssd-softhsm2-rsACTo/test-root-CA-trusted-certificate-0001.pem 665s Using configuration from /tmp/sssd-softhsm2-rsACTo/test-root-CA.config 665s Check that the request matches the signature 665s Signature ok 665s Certificate Details: 665s Serial Number: 3 (0x3) 665s Validity 665s Not Before: Mar 5 00:32:59 2024 GMT 665s Not After : Mar 5 00:32:59 2025 GMT 665s Subject: 665s organizationName = Test Organization 665s organizationalUnitName = Test Organization Unit 665s commonName = Test Organization Root Trusted Certificate 0001 665s X509v3 extensions: 665s X509v3 Authority Key Identifier: 665s 1A:59:A5:F6:6A:BF:D6:1E:B8:61:4F:36:2A:6F:C2:13:F1:CC:4F:93 665s X509v3 Basic Constraints: 665s CA:FALSE 665s Netscape Cert Type: 665s SSL Client, S/MIME 665s Netscape Comment: 665s Test Organization Root CA trusted Certificate 665s X509v3 Subject Key Identifier: 665s 50:5F:2A:42:F8:E7:B6:EC:4F:A1:40:B5:D4:38:80:05:54:EB:A6:25 665s X509v3 Key Usage: critical 665s Digital Signature, Non Repudiation, Key Encipherment 665s X509v3 Extended Key Usage: 665s TLS Web Client Authentication, E-mail Protection 665s X509v3 Subject Alternative Name: 665s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 665s Certificate is to be certified until Mar 5 00:32:59 2025 GMT (365 days) 665s 665s Write out database with 1 new entries 665s Database updated 665s + openssl x509 -noout -in /tmp/sssd-softhsm2-rsACTo/test-root-CA-trusted-certificate-0001.pem 665s + openssl verify -CAfile /tmp/sssd-softhsm2-rsACTo/test-root-CA.pem /tmp/sssd-softhsm2-rsACTo/test-root-CA-trusted-certificate-0001.pem 665s /tmp/sssd-softhsm2-rsACTo/test-root-CA-trusted-certificate-0001.pem: OK 665s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-rsACTo/test-intermediate-CA.pem /tmp/sssd-softhsm2-rsACTo/test-root-CA-trusted-certificate-0001.pem 665s + local cmd=openssl 665s + shift 665s + openssl verify -CAfile /tmp/sssd-softhsm2-rsACTo/test-intermediate-CA.pem /tmp/sssd-softhsm2-rsACTo/test-root-CA-trusted-certificate-0001.pem 665s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 665s error 20 at 0 depth lookup: unable to get local issuer certificate 665s error /tmp/sssd-softhsm2-rsACTo/test-root-CA-trusted-certificate-0001.pem: verification failed 665s + cat 665s + intermediate_ca_trusted_cert_0001_key_pass=pass:random-intermediate-ca-trusted-cert-0001-25038 665s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-rsACTo/test-intermediate-CA-trusted-certificate-0001-key.pem -passout pass:random-intermediate-ca-trusted-cert-0001-25038 1024 665s + openssl req -new -nodes -reqexts req_exts -passin pass:random-intermediate-ca-trusted-cert-0001-25038 -key /tmp/sssd-softhsm2-rsACTo/test-intermediate-CA-trusted-certificate-0001-key.pem -config /tmp/sssd-softhsm2-rsACTo/test-intermediate-CA-trusted-certificate-0001.config -out /tmp/sssd-softhsm2-rsACTo/test-intermediate-CA-trusted-certificate-0001-request.pem 665s + openssl req -text -noout -in /tmp/sssd-softhsm2-rsACTo/test-intermediate-CA-trusted-certificate-0001-request.pem 665s Certificate Request: 665s Data: 665s Version: 1 (0x0) 665s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 665s Subject Public Key Info: 665s Public Key Algorithm: rsaEncryption 665s Public-Key: (1024 bit) 665s Modulus: 665s 00:b2:e5:97:f3:72:5f:52:96:66:7b:72:41:eb:e3: 665s 5d:00:35:ef:71:f0:0f:6b:b7:ed:44:98:85:54:ef: 665s cd:fa:a3:11:71:48:f9:16:06:59:fc:d8:e3:9d:9f: 665s c4:c9:46:11:8c:8e:85:17:89:be:fe:ee:f2:38:f6: 665s 06:f3:f3:72:63:68:b0:bf:36:35:54:3c:b2:a7:be: 665s 50:63:f0:97:0d:0a:65:65:30:a7:7f:1e:aa:60:cb: 665s 92:16:b7:61:0d:9b:64:6f:9d:a0:8e:53:a5:2d:15: 665s 09:5a:69:a7:76:dd:1a:a9:b7:46:c0:1d:2b:41:d4: 665s 74:d9:db:7c:d3:97:9a:cb:ff 665s Exponent: 65537 (0x10001) 665s Attributes: 665s Requested Extensions: 665s X509v3 Basic Constraints: 665s CA:FALSE 665s Netscape Cert Type: 665s SSL Client, S/MIME 665s Netscape Comment: 665s Test Organization Intermediate CA trusted Certificate 665s X509v3 Subject Key Identifier: 665s 68:86:F2:0F:B1:52:B4:97:09:64:D9:49:BB:CC:4E:00:3A:73:9E:A1 665s X509v3 Key Usage: critical 665s Digital Signature, Non Repudiation, Key Encipherment 665s X509v3 Extended Key Usage: 665s TLS Web Client Authentication, E-mail Protection 665s X509v3 Subject Alternative Name: 665s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 665s Signature Algorithm: sha256WithRSAEncryption 665s Signature Value: 665s 68:a5:75:a6:ce:57:64:02:06:33:8f:82:6b:6f:45:e6:ca:f1: 665s 44:66:d3:36:12:a8:26:17:0a:8b:59:eb:f3:9f:92:b1:eb:2d: 665s 0d:a9:ce:29:c0:bb:07:fe:52:e7:4d:c1:01:2f:0c:0b:48:ae: 665s e2:aa:3a:4d:37:e0:6c:4a:0d:43:d1:78:a4:ff:87:e3:d8:a3: 665s e4:48:2c:7e:48:88:48:b3:73:75:72:da:1d:48:1d:3c:b9:84: 665s 2b:82:59:5f:49:7a:19:bb:bd:f8:e0:e1:2a:35:d5:d0:98:f5: 665s 24:74:9c:5c:d9:97:61:66:9c:4b:b0:b1:d1:3a:92:ac:76:dc: 665s cf:28 665s + openssl ca -passin pass:random-intermediate-CA-password-7847 -config /tmp/sssd-softhsm2-rsACTo/test-intermediate-CA.config -batch -notext -keyfile /tmp/sssd-softhsm2-rsACTo/test-intermediate-CA-key.pem -in /tmp/sssd-softhsm2-rsACTo/test-intermediate-CA-trusted-certificate-0001-request.pem -days 365 -extensions usr_cert -out /tmp/sssd-softhsm2-rsACTo/test-intermediate-CA-trusted-certificate-0001.pem 665s Using configuration from /tmp/sssd-softhsm2-rsACTo/test-intermediate-CA.config 665s Check that the request matches the signature 665s Signature ok 665s Certificate Details: 665s Serial Number: 4 (0x4) 665s Validity 665s Not Before: Mar 5 00:32:59 2024 GMT 665s Not After : Mar 5 00:32:59 2025 GMT 665s Subject: 665s organizationName = Test Organization 665s organizationalUnitName = Test Organization Unit 665s commonName = Test Organization Intermediate Trusted Certificate 0001 665s X509v3 extensions: 665s X509v3 Authority Key Identifier: 665s 8A:C7:FC:AC:82:67:46:7B:93:36:0A:20:20:0A:A3:19:AA:B1:69:AB 665s X509v3 Basic Constraints: 665s CA:FALSE 665s Netscape Cert Type: 665s SSL Client, S/MIME 665s Netscape Comment: 665s Test Organization Intermediate CA trusted Certificate 665s X509v3 Subject Key Identifier: 665s 68:86:F2:0F:B1:52:B4:97:09:64:D9:49:BB:CC:4E:00:3A:73:9E:A1 665s X509v3 Key Usage: critical 665s Digital Signature, Non Repudiation, Key Encipherment 665s X509v3 Extended Key Usage: 665s TLS Web Client Authentication, E-mail Protection 665s X509v3 Subject Alternative Name: 665s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 665s Certificate is to be certified until Mar 5 00:32:59 2025 GMT (365 days) 665s 665s Write out database with 1 new entries 665s Database updated 665s + openssl x509 -noout -in /tmp/sssd-softhsm2-rsACTo/test-intermediate-CA-trusted-certificate-0001.pem 665s + echo 'This certificate should not be trusted fully' 665s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-rsACTo/test-intermediate-CA.pem /tmp/sssd-softhsm2-rsACTo/test-intermediate-CA-trusted-certificate-0001.pem 665s + local cmd=openssl 665s + shift 665s + openssl verify -CAfile /tmp/sssd-softhsm2-rsACTo/test-intermediate-CA.pem /tmp/sssd-softhsm2-rsACTo/test-intermediate-CA-trusted-certificate-0001.pem 665s This certificate should not be trusted fully 665s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 665s error 2 at 1 depth lookup: unable to get issuer certificate 665s error /tmp/sssd-softhsm2-rsACTo/test-intermediate-CA-trusted-certificate-0001.pem: verification failed 665s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-rsACTo/test-intermediate-CA.pem /tmp/sssd-softhsm2-rsACTo/test-intermediate-CA-trusted-certificate-0001.pem 665s /tmp/sssd-softhsm2-rsACTo/test-intermediate-CA-trusted-certificate-0001.pem: OK 665s + cat 665s + sub_intermediate_ca_trusted_cert_0001_key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-16541 665s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-rsACTo/test-sub-intermediate-CA-trusted-certificate-0001-key.pem -passout pass:random-sub-intermediate-ca-trusted-cert-0001-16541 1024 665s + openssl req -new -nodes -reqexts req_exts -passin pass:random-sub-intermediate-ca-trusted-cert-0001-16541 -key /tmp/sssd-softhsm2-rsACTo/test-sub-intermediate-CA-trusted-certificate-0001-key.pem -config /tmp/sssd-softhsm2-rsACTo/test-sub-intermediate-CA-trusted-certificate-0001.config -out /tmp/sssd-softhsm2-rsACTo/test-sub-intermediate-CA-trusted-certificate-0001-request.pem 665s + openssl req -text -noout -in /tmp/sssd-softhsm2-rsACTo/test-sub-intermediate-CA-trusted-certificate-0001-request.pem 665s Certificate Request: 665s Data: 665s Version: 1 (0x0) 665s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 665s Subject Public Key Info: 665s Public Key Algorithm: rsaEncryption 665s Public-Key: (1024 bit) 665s Modulus: 665s 00:d4:ae:a2:c4:27:56:00:8c:88:a2:90:98:61:ba: 665s e5:a7:f8:c9:8b:55:08:1b:8c:7b:fc:fc:37:d9:77: 665s 7b:d5:b5:31:60:ce:f0:44:11:76:4f:17:b8:1d:91: 665s c9:06:14:06:e4:f3:52:5a:f1:1f:34:2b:19:bd:87: 665s 01:5d:be:bd:22:2d:fc:b9:a9:ed:38:7f:ff:fc:7f: 665s 94:92:a3:f8:e8:20:77:6e:b8:36:b3:75:b4:3f:09: 665s 7d:38:0c:cd:c6:de:13:c1:c1:92:d9:12:59:9b:81: 665s e7:40:83:3f:c1:05:8a:64:da:70:fe:02:05:7e:f1: 665s 20:0e:dc:a3:a6:f0:a3:5e:6d 665s Exponent: 65537 (0x10001) 665s Attributes: 665s Requested Extensions: 665s X509v3 Basic Constraints: 665s CA:FALSE 665s Netscape Cert Type: 665s SSL Client, S/MIME 665s Netscape Comment: 665s Test Organization Sub Intermediate CA trusted Certificate 665s X509v3 Subject Key Identifier: 665s 6B:FD:2E:10:70:3A:18:D8:63:A7:8F:3E:30:1C:F2:A1:FD:A6:00:4E 665s X509v3 Key Usage: critical 665s Digital Signature, Non Repudiation, Key Encipherment 665s X509v3 Extended Key Usage: 665s TLS Web Client Authentication, E-mail Protection 665s X509v3 Subject Alternative Name: 665s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 665s Signature Algorithm: sha256WithRSAEncryption 665s Signature Value: 665s 81:37:f3:26:d7:71:4c:fd:cb:02:c7:5c:5f:50:15:b3:07:cd: 665s 1e:3f:61:7a:53:78:ba:5b:90:91:d5:63:92:c2:d5:fe:11:f5: 665s 26:a1:a2:fd:70:92:f7:a7:0c:c9:72:15:ca:d8:7a:e6:ca:36: 665s 15:1a:46:17:e1:20:4f:12:3f:11:d2:43:8d:e5:71:e3:c3:76: 665s d2:26:59:24:d6:aa:42:fb:74:c9:23:11:55:4e:f1:2e:2e:6b: 665s ce:23:44:b9:c6:ba:a4:93:df:c5:0f:16:9d:7b:33:8d:6e:21: 665s 3f:9e:ec:de:91:ed:ec:69:a6:e6:bf:2d:7c:71:4b:c1:13:81: 665s ad:ee 665s + openssl ca -passin pass:random-sub-intermediate-CA-password-25555 -config /tmp/sssd-softhsm2-rsACTo/test-sub-intermediate-CA.config -batch -notext -keyfile /tmp/sssd-softhsm2-rsACTo/test-sub-intermediate-CA-key.pem -in /tmp/sssd-softhsm2-rsACTo/test-sub-intermediate-CA-trusted-certificate-0001-request.pem -days 365 -extensions usr_cert -out /tmp/sssd-softhsm2-rsACTo/test-sub-intermediate-CA-trusted-certificate-0001.pem 665s Using configuration from /tmp/sssd-softhsm2-rsACTo/test-sub-intermediate-CA.config 665s Check that the request matches the signature 665s Signature ok 665s Certificate Details: 665s Serial Number: 5 (0x5) 665s Validity 665s Not Before: Mar 5 00:32:59 2024 GMT 665s Not After : Mar 5 00:32:59 2025 GMT 665s Subject: 665s organizationName = Test Organization 665s organizationalUnitName = Test Organization Unit 665s commonName = Test Organization Sub Intermediate Trusted Certificate 0001 665s X509v3 extensions: 665s X509v3 Authority Key Identifier: 665s 89:DB:63:36:EB:0A:59:7A:4A:CB:80:BA:E4:4D:32:2F:2A:E5:24:F8 665s X509v3 Basic Constraints: 665s CA:FALSE 665s Netscape Cert Type: 665s SSL Client, S/MIME 665s Netscape Comment: 665s Test Organization Sub Intermediate CA trusted Certificate 665s X509v3 Subject Key Identifier: 665s 6B:FD:2E:10:70:3A:18:D8:63:A7:8F:3E:30:1C:F2:A1:FD:A6:00:4E 665s X509v3 Key Usage: critical 665s Digital Signature, Non Repudiation, Key Encipherment 665s X509v3 Extended Key Usage: 665s TLS Web Client Authentication, E-mail Protection 665s X509v3 Subject Alternative Name: 665s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 665s Certificate is to be certified until Mar 5 00:32:59 2025 GMT (365 days) 665s 665s Write out database with 1 new entries 665s Database updated 665s + openssl x509 -noout -in /tmp/sssd-softhsm2-rsACTo/test-sub-intermediate-CA-trusted-certificate-0001.pem 665s This certificate should not be trusted fully 665s + echo 'This certificate should not be trusted fully' 665s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-rsACTo/test-sub-intermediate-CA.pem /tmp/sssd-softhsm2-rsACTo/test-sub-intermediate-CA-trusted-certificate-0001.pem 665s + local cmd=openssl 665s + shift 665s + openssl verify -CAfile /tmp/sssd-softhsm2-rsACTo/test-sub-intermediate-CA.pem /tmp/sssd-softhsm2-rsACTo/test-sub-intermediate-CA-trusted-certificate-0001.pem 665s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 665s error 2 at 1 depth lookup: unable to get issuer certificate 665s error /tmp/sssd-softhsm2-rsACTo/test-sub-intermediate-CA-trusted-certificate-0001.pem: verification failed 665s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-rsACTo/test-intermediate-CA.pem /tmp/sssd-softhsm2-rsACTo/test-sub-intermediate-CA-trusted-certificate-0001.pem 665s + local cmd=openssl 665s + shift 665s + openssl verify -CAfile /tmp/sssd-softhsm2-rsACTo/test-intermediate-CA.pem /tmp/sssd-softhsm2-rsACTo/test-sub-intermediate-CA-trusted-certificate-0001.pem 665s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 665s error 20 at 0 depth lookup: unable to get local issuer certificate 665s error /tmp/sssd-softhsm2-rsACTo/test-sub-intermediate-CA-trusted-certificate-0001.pem: verification failed 665s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-rsACTo/test-sub-intermediate-CA.pem /tmp/sssd-softhsm2-rsACTo/test-sub-intermediate-CA-trusted-certificate-0001.pem 665s /tmp/sssd-softhsm2-rsACTo/test-sub-intermediate-CA-trusted-certificate-0001.pem: OK 665s + expect_fail openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-rsACTo/test-intermediate-CA.pem /tmp/sssd-softhsm2-rsACTo/test-sub-intermediate-CA-trusted-certificate-0001.pem 665s + local cmd=openssl 665s + shift 665s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-rsACTo/test-intermediate-CA.pem /tmp/sssd-softhsm2-rsACTo/test-sub-intermediate-CA-trusted-certificate-0001.pem 665s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 665s error 20 at 0 depth lookup: unable to get local issuer certificate 665s error /tmp/sssd-softhsm2-rsACTo/test-sub-intermediate-CA-trusted-certificate-0001.pem: verification failed 665s + echo 'Building a the full-chain CA file...' 665s Building a the full-chain CA file... 665s + cat /tmp/sssd-softhsm2-rsACTo/test-root-CA.pem /tmp/sssd-softhsm2-rsACTo/test-intermediate-CA.pem /tmp/sssd-softhsm2-rsACTo/test-sub-intermediate-CA.pem 665s + cat /tmp/sssd-softhsm2-rsACTo/test-root-CA.pem /tmp/sssd-softhsm2-rsACTo/test-intermediate-CA.pem 665s + cat /tmp/sssd-softhsm2-rsACTo/test-intermediate-CA.pem /tmp/sssd-softhsm2-rsACTo/test-sub-intermediate-CA.pem 665s + openssl crl2pkcs7 -nocrl -certfile /tmp/sssd-softhsm2-rsACTo/test-full-chain-CA.pem 665s + openssl pkcs7 -print_certs -noout 665s subject=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 665s issuer=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 665s 665s subject=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 665s issuer=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 665s 665s subject=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 665s issuer=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 665s 665s + openssl verify -CAfile /tmp/sssd-softhsm2-rsACTo/test-full-chain-CA.pem /tmp/sssd-softhsm2-rsACTo/test-intermediate-CA.pem 665s /tmp/sssd-softhsm2-rsACTo/test-intermediate-CA.pem: OK 665s + openssl verify -CAfile /tmp/sssd-softhsm2-rsACTo/test-full-chain-CA.pem /tmp/sssd-softhsm2-rsACTo/test-root-CA-trusted-certificate-0001.pem 665s /tmp/sssd-softhsm2-rsACTo/test-root-CA-trusted-certificate-0001.pem: OK 665s + openssl verify -CAfile /tmp/sssd-softhsm2-rsACTo/test-full-chain-CA.pem /tmp/sssd-softhsm2-rsACTo/test-intermediate-CA-trusted-certificate-0001.pem 665s /tmp/sssd-softhsm2-rsACTo/test-intermediate-CA-trusted-certificate-0001.pem: OK 665s + openssl verify -CAfile /tmp/sssd-softhsm2-rsACTo/test-full-chain-CA.pem /tmp/sssd-softhsm2-rsACTo/test-root-intermediate-chain-CA.pem 665s /tmp/sssd-softhsm2-rsACTo/test-root-intermediate-chain-CA.pem: OK 665s + openssl verify -CAfile /tmp/sssd-softhsm2-rsACTo/test-full-chain-CA.pem /tmp/sssd-softhsm2-rsACTo/test-sub-intermediate-CA-trusted-certificate-0001.pem 665s /tmp/sssd-softhsm2-rsACTo/test-sub-intermediate-CA-trusted-certificate-0001.pem: OK 665s Certificates generation completed! 665s + echo 'Certificates generation completed!' 665s + [[ -v NO_SSSD_TESTS ]] 665s + invalid_certificate /tmp/sssd-softhsm2-rsACTo/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-14273 /dev/null 665s + check_certificate /tmp/sssd-softhsm2-rsACTo/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-14273 /dev/null 665s + local certificate=/tmp/sssd-softhsm2-rsACTo/test-root-CA-trusted-certificate-0001.pem 665s + local key_pass=pass:random-root-ca-trusted-cert-0001-14273 665s + local key_ring=/dev/null 665s + local verify_option= 665s + prepare_softhsm2_card /tmp/sssd-softhsm2-rsACTo/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-14273 665s + local certificate=/tmp/sssd-softhsm2-rsACTo/test-root-CA-trusted-certificate-0001.pem 665s + local key_pass=pass:random-root-ca-trusted-cert-0001-14273 665s + local key_cn 665s + local key_name 665s + local tokens_dir 665s + local output_cert_file 665s + token_name= 665s ++ basename /tmp/sssd-softhsm2-rsACTo/test-root-CA-trusted-certificate-0001.pem .pem 665s + key_name=test-root-CA-trusted-certificate-0001 665s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-rsACTo/test-root-CA-trusted-certificate-0001.pem 665s ++ sed -n 's/ *commonName *= //p' 665s + key_cn='Test Organization Root Trusted Certificate 0001' 665s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 665s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-rsACTo/softhsm2-test-root-CA-trusted-certificate-0001.conf 665s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-rsACTo/softhsm2-test-root-CA-trusted-certificate-0001.conf 665s ++ basename /tmp/sssd-softhsm2-rsACTo/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 665s + tokens_dir=/tmp/sssd-softhsm2-rsACTo/softhsm2-test-root-CA-trusted-certificate-0001 665s + token_name='Test Organization Root Tr Token' 665s + '[' '!' -e /tmp/sssd-softhsm2-rsACTo/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 665s + local key_file 665s + local decrypted_key 665s + mkdir -p /tmp/sssd-softhsm2-rsACTo/softhsm2-test-root-CA-trusted-certificate-0001 665s + key_file=/tmp/sssd-softhsm2-rsACTo/test-root-CA-trusted-certificate-0001-key.pem 665s + decrypted_key=/tmp/sssd-softhsm2-rsACTo/test-root-CA-trusted-certificate-0001-key-decrypted.pem 665s + cat 665s + softhsm2-util --init-token --label 'Test Organization Root Tr Token' --pin 053350 --so-pin 053350 --free 666s Slot 0 has a free/uninitialized token. 666s The token has been initialized and is reassigned to slot 1410800493 666s Available slots: 666s Slot 1410800493 666s Slot info: 666s Description: SoftHSM slot ID 0x54171b6d 666s Manufacturer ID: SoftHSM project 666s Hardware version: 2.6 666s Firmware version: 2.6 666s Token present: yes 666s Token info: 666s Manufacturer ID: SoftHSM project 666s Model: SoftHSM v2 666s Hardware version: 2.6 666s Firmware version: 2.6 666s Serial number: cd1ef49754171b6d 666s Initialized: yes 666s User PIN init.: yes 666s Label: Test Organization Root Tr Token 666s Slot 1 666s Slot info: 666s Description: SoftHSM slot ID 0x1 666s Manufacturer ID: SoftHSM project 666s Hardware version: 2.6 666s Firmware version: 2.6 666s Token present: yes 666s Token info: 666s Manufacturer ID: SoftHSM project 666s Model: SoftHSM v2 666s Hardware version: 2.6 666s Firmware version: 2.6 666s Serial number: 666s Initialized: no 666s User PIN init.: no 666s Label: 666s + softhsm2-util --show-slots 666s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=/tmp/sssd-softhsm2-rsACTo/test-root-CA-trusted-certificate-0001.pem --login --set-pin=053350 --label 'Test Organization Root Trusted Certificate 0001' --id 00112233445566778899FFAABBCCDDEEFF012345 666s + openssl rsa -passin pass:random-root-ca-trusted-cert-0001-14273 -in /tmp/sssd-softhsm2-rsACTo/test-root-CA-trusted-certificate-0001-key.pem -out /tmp/sssd-softhsm2-rsACTo/test-root-CA-trusted-certificate-0001-key-decrypted.pem 666s writing RSA key 666s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --write --load-privkey=/tmp/sssd-softhsm2-rsACTo/test-root-CA-trusted-certificate-0001-key-decrypted.pem --login --set-pin=053350 --label 'Test Organization Root Trusted Certificate 0001 Key' --id 00112233445566778899FFAABBCCDDEEFF012345 666s + rm /tmp/sssd-softhsm2-rsACTo/test-root-CA-trusted-certificate-0001-key-decrypted.pem 666s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --list-all 666s Object 0: 666s URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=cd1ef49754171b6d;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert 666s Type: X.509 Certificate (RSA-1024) 666s Expires: Wed Mar 5 00:32:59 2025 666s Label: Test Organization Root Trusted Certificate 0001 666s ID: 00:11:22:33:44:55:66:77:88:99:ff:aa:bb:cc:dd:ee:ff:01:23:45 666s 666s Test Organization Root Tr Token 666s + echo 'Test Organization Root Tr Token' 666s + '[' -n '' ']' 666s + local output_base_name=SSSD-child-949 666s + local output_file=/tmp/sssd-softhsm2-rsACTo/SSSD-child-949.output 666s + output_cert_file=/tmp/sssd-softhsm2-rsACTo/SSSD-child-949.pem 666s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/dev/null 666s [p11_child[2013]] [main] (0x0400): p11_child started. 666s [p11_child[2013]] [main] (0x2000): Running in [pre-auth] mode. 666s [p11_child[2013]] [main] (0x2000): Running with effective IDs: [0][0]. 666s [p11_child[2013]] [main] (0x2000): Running with real IDs [0][0]. 666s [p11_child[2013]] [init_verification] (0x0040): X509_LOOKUP_load_file [/dev/null] failed [92274824][error:05800088:x509 certificate routines::no certificate or crl found]. 666s [p11_child[2013]] [do_work] (0x0040): init_verification failed. 666s [p11_child[2013]] [main] (0x0020): p11_child failed (5) 666s + return 2 666s + valid_certificate /tmp/sssd-softhsm2-rsACTo/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-14273 /dev/null no_verification 666s + check_certificate /tmp/sssd-softhsm2-rsACTo/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-14273 /dev/null no_verification 666s + local certificate=/tmp/sssd-softhsm2-rsACTo/test-root-CA-trusted-certificate-0001.pem 666s + local key_pass=pass:random-root-ca-trusted-cert-0001-14273 666s + local key_ring=/dev/null 666s + local verify_option=no_verification 666s + prepare_softhsm2_card /tmp/sssd-softhsm2-rsACTo/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-14273 666s + local certificate=/tmp/sssd-softhsm2-rsACTo/test-root-CA-trusted-certificate-0001.pem 666s + local key_pass=pass:random-root-ca-trusted-cert-0001-14273 666s + local key_cn 666s + local key_name 666s + local tokens_dir 666s + local output_cert_file 666s + token_name= 666s ++ basename /tmp/sssd-softhsm2-rsACTo/test-root-CA-trusted-certificate-0001.pem .pem 666s + key_name=test-root-CA-trusted-certificate-0001 666s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-rsACTo/test-root-CA-trusted-certificate-0001.pem 666s ++ sed -n 's/ *commonName *= //p' 666s + key_cn='Test Organization Root Trusted Certificate 0001' 666s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 666s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-rsACTo/softhsm2-test-root-CA-trusted-certificate-0001.conf 666s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-rsACTo/softhsm2-test-root-CA-trusted-certificate-0001.conf 666s ++ basename /tmp/sssd-softhsm2-rsACTo/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 666s Test Organization Root Tr Token 666s + tokens_dir=/tmp/sssd-softhsm2-rsACTo/softhsm2-test-root-CA-trusted-certificate-0001 666s + token_name='Test Organization Root Tr Token' 666s + '[' '!' -e /tmp/sssd-softhsm2-rsACTo/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 666s + '[' '!' -d /tmp/sssd-softhsm2-rsACTo/softhsm2-test-root-CA-trusted-certificate-0001 ']' 666s + echo 'Test Organization Root Tr Token' 666s + '[' -n no_verification ']' 666s + local verify_arg=--verify=no_verification 666s + local output_base_name=SSSD-child-3493 666s + local output_file=/tmp/sssd-softhsm2-rsACTo/SSSD-child-3493.output 666s + output_cert_file=/tmp/sssd-softhsm2-rsACTo/SSSD-child-3493.pem 666s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --verify=no_verification --ca_db=/dev/null 666s [p11_child[2019]] [main] (0x0400): p11_child started. 666s [p11_child[2019]] [main] (0x2000): Running in [pre-auth] mode. 666s [p11_child[2019]] [main] (0x2000): Running with effective IDs: [0][0]. 666s [p11_child[2019]] [main] (0x2000): Running with real IDs [0][0]. 666s [p11_child[2019]] [parse_cert_verify_opts] (0x0020): Found 'no_verification' option, disabling verification completely. This should not be used in production. 666s [p11_child[2019]] [do_card] (0x4000): Module List: 666s [p11_child[2019]] [do_card] (0x4000): common name: [softhsm2]. 666s [p11_child[2019]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 666s [p11_child[2019]] [do_card] (0x4000): Description [SoftHSM slot ID 0x54171b6d] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 666s [p11_child[2019]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 666s [p11_child[2019]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x54171b6d][1410800493] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 666s [p11_child[2019]] [do_card] (0x4000): Login NOT required. 666s [p11_child[2019]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 666s [p11_child[2019]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Root Tr Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 666s [p11_child[2019]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x54171b6d;slot-manufacturer=SoftHSM%20project;slot-id=1410800493;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=cd1ef49754171b6d;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 666s [p11_child[2019]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 666s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-rsACTo/SSSD-child-3493.output 666s + echo '-----BEGIN CERTIFICATE-----' 666s + tail -n1 /tmp/sssd-softhsm2-rsACTo/SSSD-child-3493.output 666s + echo '-----END CERTIFICATE-----' 666s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-rsACTo/SSSD-child-3493.pem 666s Certificate: 666s Data: 666s Version: 3 (0x2) 666s Serial Number: 3 (0x3) 666s Signature Algorithm: sha256WithRSAEncryption 666s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 666s Validity 666s Not Before: Mar 5 00:32:59 2024 GMT 666s Not After : Mar 5 00:32:59 2025 GMT 666s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 666s Subject Public Key Info: 666s Public Key Algorithm: rsaEncryption 666s Public-Key: (1024 bit) 666s Modulus: 666s 00:c7:69:13:f4:6f:37:3a:75:50:7d:5a:be:11:3d: 666s ae:8d:87:0e:08:11:bc:3b:f3:c9:cc:22:75:36:3b: 666s 75:be:2b:16:3c:ea:0d:ac:21:99:30:0c:63:9d:96: 666s d7:d8:22:f5:f8:88:88:62:71:e2:61:02:d4:10:06: 666s 4a:bb:a3:f9:a7:28:79:04:b9:6c:ff:88:74:67:f2: 666s 71:88:2a:b3:9a:93:d8:83:0e:2c:65:22:32:92:7a: 666s 02:9e:f9:5f:8e:2d:4a:f9:1c:2d:4a:aa:37:6d:3d: 666s 9c:fe:fe:5a:fe:08:eb:2b:1f:b5:98:39:27:8e:96: 666s e1:0f:74:95:6f:ac:21:57:03 666s Exponent: 65537 (0x10001) 666s X509v3 extensions: 666s X509v3 Authority Key Identifier: 666s 1A:59:A5:F6:6A:BF:D6:1E:B8:61:4F:36:2A:6F:C2:13:F1:CC:4F:93 666s X509v3 Basic Constraints: 666s CA:FALSE 666s Netscape Cert Type: 666s SSL Client, S/MIME 666s Netscape Comment: 666s Test Organization Root CA trusted Certificate 666s X509v3 Subject Key Identifier: 666s 50:5F:2A:42:F8:E7:B6:EC:4F:A1:40:B5:D4:38:80:05:54:EB:A6:25 666s X509v3 Key Usage: critical 666s Digital Signature, Non Repudiation, Key Encipherment 666s X509v3 Extended Key Usage: 666s TLS Web Client Authentication, E-mail Protection 666s X509v3 Subject Alternative Name: 666s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 666s Signature Algorithm: sha256WithRSAEncryption 666s Signature Value: 666s 2d:0e:4b:49:66:86:e3:39:42:94:88:08:13:f5:55:2e:d2:2c: 666s 2c:29:31:58:1e:96:14:5f:2c:21:5b:6b:1a:74:f1:64:32:c9: 666s bd:23:bd:21:66:21:f2:34:7c:a1:17:09:8a:55:95:5f:ad:e8: 666s bc:f6:f3:b0:d2:42:3a:31:7b:ad:4c:83:b5:92:f8:b8:d3:33: 666s ef:b0:73:59:5e:f0:c5:c3:e2:02:e8:be:c8:82:69:a6:3c:b4: 666s 6b:20:44:dc:e4:50:5c:19:47:28:5c:4b:75:88:53:e0:0c:28: 666s 01:af:f7:af:15:8c:57:29:19:3a:70:fc:44:6f:1c:a4:4d:75: 666s 59:da 666s + local found_md5 expected_md5 666s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-rsACTo/test-root-CA-trusted-certificate-0001.pem 666s + expected_md5=Modulus=C76913F46F373A75507D5ABE113DAE8D870E0811BC3BF3C9CC2275363B75BE2B163CEA0DAC2199300C639D96D7D822F5F888886271E26102D410064ABBA3F9A7287904B96CFF887467F271882AB39A93D8830E2C652232927A029EF95F8E2D4AF91C2D4AAA376D3D9CFEFE5AFE08EB2B1FB59839278E96E10F74956FAC215703 666s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-rsACTo/SSSD-child-3493.pem 666s + found_md5=Modulus=C76913F46F373A75507D5ABE113DAE8D870E0811BC3BF3C9CC2275363B75BE2B163CEA0DAC2199300C639D96D7D822F5F888886271E26102D410064ABBA3F9A7287904B96CFF887467F271882AB39A93D8830E2C652232927A029EF95F8E2D4AF91C2D4AAA376D3D9CFEFE5AFE08EB2B1FB59839278E96E10F74956FAC215703 666s + '[' Modulus=C76913F46F373A75507D5ABE113DAE8D870E0811BC3BF3C9CC2275363B75BE2B163CEA0DAC2199300C639D96D7D822F5F888886271E26102D410064ABBA3F9A7287904B96CFF887467F271882AB39A93D8830E2C652232927A029EF95F8E2D4AF91C2D4AAA376D3D9CFEFE5AFE08EB2B1FB59839278E96E10F74956FAC215703 '!=' Modulus=C76913F46F373A75507D5ABE113DAE8D870E0811BC3BF3C9CC2275363B75BE2B163CEA0DAC2199300C639D96D7D822F5F888886271E26102D410064ABBA3F9A7287904B96CFF887467F271882AB39A93D8830E2C652232927A029EF95F8E2D4AF91C2D4AAA376D3D9CFEFE5AFE08EB2B1FB59839278E96E10F74956FAC215703 ']' 666s + output_file=/tmp/sssd-softhsm2-rsACTo/SSSD-child-3493-auth.output 666s ++ basename /tmp/sssd-softhsm2-rsACTo/SSSD-child-3493-auth.output .output 666s + output_cert_file=/tmp/sssd-softhsm2-rsACTo/SSSD-child-3493-auth.pem 666s + echo -n 053350 666s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/dev/null --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=no_verification --token_name 'Test Organization Root Tr Token' --module_name /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so 666s [p11_child[2027]] [main] (0x0400): p11_child started. 666s [p11_child[2027]] [main] (0x2000): Running in [auth] mode. 666s [p11_child[2027]] [main] (0x2000): Running with effective IDs: [0][0]. 666s [p11_child[2027]] [main] (0x2000): Running with real IDs [0][0]. 666s [p11_child[2027]] [parse_cert_verify_opts] (0x0020): Found 'no_verification' option, disabling verification completely. This should not be used in production. 666s [p11_child[2027]] [do_card] (0x4000): Module List: 666s [p11_child[2027]] [do_card] (0x4000): common name: [softhsm2]. 666s [p11_child[2027]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 666s [p11_child[2027]] [do_card] (0x4000): Description [SoftHSM slot ID 0x54171b6d] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 666s [p11_child[2027]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 666s [p11_child[2027]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x54171b6d][1410800493] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 666s [p11_child[2027]] [do_card] (0x4000): Login required. 666s [p11_child[2027]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 666s [p11_child[2027]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so Test Organization Root Tr Token Test Organization Root Tr Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 666s [p11_child[2027]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x54171b6d;slot-manufacturer=SoftHSM%20project;slot-id=1410800493;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=cd1ef49754171b6d;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 666s [p11_child[2027]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 666s [p11_child[2027]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 666s [p11_child[2027]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 666s [p11_child[2027]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 666s [p11_child[2027]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 666s [p11_child[2027]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 666s [p11_child[2027]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 666s [p11_child[2027]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 666s [p11_child[2027]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 666s [p11_child[2027]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 666s [p11_child[2027]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 666s [p11_child[2027]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 666s [p11_child[2027]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 666s [p11_child[2027]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 666s [p11_child[2027]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 666s [p11_child[2027]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 666s [p11_child[2027]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 666s [p11_child[2027]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 666s [p11_child[2027]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 666s [p11_child[2027]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 666s [p11_child[2027]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 666s [p11_child[2027]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 666s [p11_child[2027]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 666s [p11_child[2027]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 666s [p11_child[2027]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 666s [p11_child[2027]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 666s [p11_child[2027]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 666s [p11_child[2027]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 666s [p11_child[2027]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 666s [p11_child[2027]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 666s [p11_child[2027]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 666s [p11_child[2027]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 666s [p11_child[2027]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 666s [p11_child[2027]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 666s [p11_child[2027]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 666s [p11_child[2027]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 666s [p11_child[2027]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 666s [p11_child[2027]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 666s [p11_child[2027]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 666s [p11_child[2027]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 666s [p11_child[2027]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 666s [p11_child[2027]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 666s [p11_child[2027]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 666s [p11_child[2027]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 666s [p11_child[2027]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 666s [p11_child[2027]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 666s [p11_child[2027]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 666s [p11_child[2027]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 666s [p11_child[2027]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 666s [p11_child[2027]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 666s [p11_child[2027]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 666s [p11_child[2027]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 666s [p11_child[2027]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 666s [p11_child[2027]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 666s [p11_child[2027]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 666s [p11_child[2027]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 666s [p11_child[2027]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 666s [p11_child[2027]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 666s [p11_child[2027]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 666s [p11_child[2027]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 666s [p11_child[2027]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 666s [p11_child[2027]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 666s [p11_child[2027]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 666s [p11_child[2027]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 666s [p11_child[2027]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 666s [p11_child[2027]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 666s [p11_child[2027]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 666s [p11_child[2027]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 666s [p11_child[2027]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 666s [p11_child[2027]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 666s [p11_child[2027]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 666s [p11_child[2027]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 666s [p11_child[2027]] [do_card] (0x4000): Certificate verified and validated. 666s [p11_child[2027]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 666s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-rsACTo/SSSD-child-3493-auth.output 666s + echo '-----BEGIN CERTIFICATE-----' 666s + tail -n1 /tmp/sssd-softhsm2-rsACTo/SSSD-child-3493-auth.output 666s + echo '-----END CERTIFICATE-----' 666s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-rsACTo/SSSD-child-3493-auth.pem 666s Certificate: 666s Data: 666s Version: 3 (0x2) 666s Serial Number: 3 (0x3) 666s Signature Algorithm: sha256WithRSAEncryption 666s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 666s Validity 666s Not Before: Mar 5 00:32:59 2024 GMT 666s Not After : Mar 5 00:32:59 2025 GMT 666s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 666s Subject Public Key Info: 666s Public Key Algorithm: rsaEncryption 666s Public-Key: (1024 bit) 666s Modulus: 666s 00:c7:69:13:f4:6f:37:3a:75:50:7d:5a:be:11:3d: 666s ae:8d:87:0e:08:11:bc:3b:f3:c9:cc:22:75:36:3b: 666s 75:be:2b:16:3c:ea:0d:ac:21:99:30:0c:63:9d:96: 666s d7:d8:22:f5:f8:88:88:62:71:e2:61:02:d4:10:06: 666s 4a:bb:a3:f9:a7:28:79:04:b9:6c:ff:88:74:67:f2: 666s 71:88:2a:b3:9a:93:d8:83:0e:2c:65:22:32:92:7a: 666s 02:9e:f9:5f:8e:2d:4a:f9:1c:2d:4a:aa:37:6d:3d: 666s 9c:fe:fe:5a:fe:08:eb:2b:1f:b5:98:39:27:8e:96: 666s e1:0f:74:95:6f:ac:21:57:03 666s Exponent: 65537 (0x10001) 666s X509v3 extensions: 666s X509v3 Authority Key Identifier: 666s 1A:59:A5:F6:6A:BF:D6:1E:B8:61:4F:36:2A:6F:C2:13:F1:CC:4F:93 666s X509v3 Basic Constraints: 666s CA:FALSE 666s Netscape Cert Type: 666s SSL Client, S/MIME 666s Netscape Comment: 666s Test Organization Root CA trusted Certificate 666s X509v3 Subject Key Identifier: 666s 50:5F:2A:42:F8:E7:B6:EC:4F:A1:40:B5:D4:38:80:05:54:EB:A6:25 666s X509v3 Key Usage: critical 666s Digital Signature, Non Repudiation, Key Encipherment 666s X509v3 Extended Key Usage: 666s TLS Web Client Authentication, E-mail Protection 666s X509v3 Subject Alternative Name: 666s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 666s Signature Algorithm: sha256WithRSAEncryption 666s Signature Value: 666s 2d:0e:4b:49:66:86:e3:39:42:94:88:08:13:f5:55:2e:d2:2c: 666s 2c:29:31:58:1e:96:14:5f:2c:21:5b:6b:1a:74:f1:64:32:c9: 666s bd:23:bd:21:66:21:f2:34:7c:a1:17:09:8a:55:95:5f:ad:e8: 666s bc:f6:f3:b0:d2:42:3a:31:7b:ad:4c:83:b5:92:f8:b8:d3:33: 666s ef:b0:73:59:5e:f0:c5:c3:e2:02:e8:be:c8:82:69:a6:3c:b4: 666s 6b:20:44:dc:e4:50:5c:19:47:28:5c:4b:75:88:53:e0:0c:28: 666s 01:af:f7:af:15:8c:57:29:19:3a:70:fc:44:6f:1c:a4:4d:75: 666s 59:da 666s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-rsACTo/SSSD-child-3493-auth.pem 666s + found_md5=Modulus=C76913F46F373A75507D5ABE113DAE8D870E0811BC3BF3C9CC2275363B75BE2B163CEA0DAC2199300C639D96D7D822F5F888886271E26102D410064ABBA3F9A7287904B96CFF887467F271882AB39A93D8830E2C652232927A029EF95F8E2D4AF91C2D4AAA376D3D9CFEFE5AFE08EB2B1FB59839278E96E10F74956FAC215703 666s + '[' Modulus=C76913F46F373A75507D5ABE113DAE8D870E0811BC3BF3C9CC2275363B75BE2B163CEA0DAC2199300C639D96D7D822F5F888886271E26102D410064ABBA3F9A7287904B96CFF887467F271882AB39A93D8830E2C652232927A029EF95F8E2D4AF91C2D4AAA376D3D9CFEFE5AFE08EB2B1FB59839278E96E10F74956FAC215703 '!=' Modulus=C76913F46F373A75507D5ABE113DAE8D870E0811BC3BF3C9CC2275363B75BE2B163CEA0DAC2199300C639D96D7D822F5F888886271E26102D410064ABBA3F9A7287904B96CFF887467F271882AB39A93D8830E2C652232927A029EF95F8E2D4AF91C2D4AAA376D3D9CFEFE5AFE08EB2B1FB59839278E96E10F74956FAC215703 ']' 666s + valid_certificate /tmp/sssd-softhsm2-rsACTo/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-14273 /tmp/sssd-softhsm2-rsACTo/test-root-CA.pem 666s + check_certificate /tmp/sssd-softhsm2-rsACTo/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-14273 /tmp/sssd-softhsm2-rsACTo/test-root-CA.pem 666s + local certificate=/tmp/sssd-softhsm2-rsACTo/test-root-CA-trusted-certificate-0001.pem 666s + local key_pass=pass:random-root-ca-trusted-cert-0001-14273 666s + local key_ring=/tmp/sssd-softhsm2-rsACTo/test-root-CA.pem 666s + local verify_option= 666s + prepare_softhsm2_card /tmp/sssd-softhsm2-rsACTo/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-14273 666s + local certificate=/tmp/sssd-softhsm2-rsACTo/test-root-CA-trusted-certificate-0001.pem 666s + local key_pass=pass:random-root-ca-trusted-cert-0001-14273 666s + local key_cn 666s + local key_name 666s + local tokens_dir 666s + local output_cert_file 666s + token_name= 666s ++ basename /tmp/sssd-softhsm2-rsACTo/test-root-CA-trusted-certificate-0001.pem .pem 666s + key_name=test-root-CA-trusted-certificate-0001 666s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-rsACTo/test-root-CA-trusted-certificate-0001.pem 666s ++ sed -n 's/ *commonName *= //p' 666s + key_cn='Test Organization Root Trusted Certificate 0001' 666s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 666s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-rsACTo/softhsm2-test-root-CA-trusted-certificate-0001.conf 666s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-rsACTo/softhsm2-test-root-CA-trusted-certificate-0001.conf 666s ++ basename /tmp/sssd-softhsm2-rsACTo/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 666s + tokens_dir=/tmp/sssd-softhsm2-rsACTo/softhsm2-test-root-CA-trusted-certificate-0001 666s + token_name='Test Organization Root Tr Token' 666s + '[' '!' -e /tmp/sssd-softhsm2-rsACTo/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 666s + '[' '!' -d /tmp/sssd-softhsm2-rsACTo/softhsm2-test-root-CA-trusted-certificate-0001 ']' 666s + echo 'Test Organization Root Tr Token' 666s Test Organization Root Tr Token 666s + '[' -n '' ']' 666s + local output_base_name=SSSD-child-29845 666s + local output_file=/tmp/sssd-softhsm2-rsACTo/SSSD-child-29845.output 666s + output_cert_file=/tmp/sssd-softhsm2-rsACTo/SSSD-child-29845.pem 666s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-rsACTo/test-root-CA.pem 666s [p11_child[2037]] [main] (0x0400): p11_child started. 666s [p11_child[2037]] [main] (0x2000): Running in [pre-auth] mode. 666s [p11_child[2037]] [main] (0x2000): Running with effective IDs: [0][0]. 666s [p11_child[2037]] [main] (0x2000): Running with real IDs [0][0]. 666s [p11_child[2037]] [do_card] (0x4000): Module List: 666s [p11_child[2037]] [do_card] (0x4000): common name: [softhsm2]. 666s [p11_child[2037]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 666s [p11_child[2037]] [do_card] (0x4000): Description [SoftHSM slot ID 0x54171b6d] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 666s [p11_child[2037]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 666s [p11_child[2037]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x54171b6d][1410800493] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 666s [p11_child[2037]] [do_card] (0x4000): Login NOT required. 666s [p11_child[2037]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 666s [p11_child[2037]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 666s [p11_child[2037]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Root Tr Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 666s [p11_child[2037]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x54171b6d;slot-manufacturer=SoftHSM%20project;slot-id=1410800493;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=cd1ef49754171b6d;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 666s [p11_child[2037]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 666s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-rsACTo/SSSD-child-29845.output 666s + echo '-----BEGIN CERTIFICATE-----' 666s + tail -n1 /tmp/sssd-softhsm2-rsACTo/SSSD-child-29845.output 666s + echo '-----END CERTIFICATE-----' 666s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-rsACTo/SSSD-child-29845.pem 666s Certificate: 666s Data: 666s Version: 3 (0x2) 666s Serial Number: 3 (0x3) 666s Signature Algorithm: sha256WithRSAEncryption 666s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 666s Validity 666s Not Before: Mar 5 00:32:59 2024 GMT 666s Not After : Mar 5 00:32:59 2025 GMT 666s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 666s Subject Public Key Info: 666s Public Key Algorithm: rsaEncryption 666s Public-Key: (1024 bit) 666s Modulus: 666s 00:c7:69:13:f4:6f:37:3a:75:50:7d:5a:be:11:3d: 666s ae:8d:87:0e:08:11:bc:3b:f3:c9:cc:22:75:36:3b: 666s 75:be:2b:16:3c:ea:0d:ac:21:99:30:0c:63:9d:96: 666s d7:d8:22:f5:f8:88:88:62:71:e2:61:02:d4:10:06: 666s 4a:bb:a3:f9:a7:28:79:04:b9:6c:ff:88:74:67:f2: 666s 71:88:2a:b3:9a:93:d8:83:0e:2c:65:22:32:92:7a: 666s 02:9e:f9:5f:8e:2d:4a:f9:1c:2d:4a:aa:37:6d:3d: 666s 9c:fe:fe:5a:fe:08:eb:2b:1f:b5:98:39:27:8e:96: 666s e1:0f:74:95:6f:ac:21:57:03 666s Exponent: 65537 (0x10001) 666s X509v3 extensions: 666s X509v3 Authority Key Identifier: 666s 1A:59:A5:F6:6A:BF:D6:1E:B8:61:4F:36:2A:6F:C2:13:F1:CC:4F:93 666s X509v3 Basic Constraints: 666s CA:FALSE 666s Netscape Cert Type: 666s SSL Client, S/MIME 666s Netscape Comment: 666s Test Organization Root CA trusted Certificate 666s X509v3 Subject Key Identifier: 666s 50:5F:2A:42:F8:E7:B6:EC:4F:A1:40:B5:D4:38:80:05:54:EB:A6:25 666s X509v3 Key Usage: critical 666s Digital Signature, Non Repudiation, Key Encipherment 666s X509v3 Extended Key Usage: 666s TLS Web Client Authentication, E-mail Protection 666s X509v3 Subject Alternative Name: 666s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 666s Signature Algorithm: sha256WithRSAEncryption 666s Signature Value: 666s 2d:0e:4b:49:66:86:e3:39:42:94:88:08:13:f5:55:2e:d2:2c: 666s 2c:29:31:58:1e:96:14:5f:2c:21:5b:6b:1a:74:f1:64:32:c9: 666s bd:23:bd:21:66:21:f2:34:7c:a1:17:09:8a:55:95:5f:ad:e8: 666s bc:f6:f3:b0:d2:42:3a:31:7b:ad:4c:83:b5:92:f8:b8:d3:33: 666s ef:b0:73:59:5e:f0:c5:c3:e2:02:e8:be:c8:82:69:a6:3c:b4: 666s 6b:20:44:dc:e4:50:5c:19:47:28:5c:4b:75:88:53:e0:0c:28: 666s 01:af:f7:af:15:8c:57:29:19:3a:70:fc:44:6f:1c:a4:4d:75: 666s 59:da 666s + local found_md5 expected_md5 666s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-rsACTo/test-root-CA-trusted-certificate-0001.pem 666s + expected_md5=Modulus=C76913F46F373A75507D5ABE113DAE8D870E0811BC3BF3C9CC2275363B75BE2B163CEA0DAC2199300C639D96D7D822F5F888886271E26102D410064ABBA3F9A7287904B96CFF887467F271882AB39A93D8830E2C652232927A029EF95F8E2D4AF91C2D4AAA376D3D9CFEFE5AFE08EB2B1FB59839278E96E10F74956FAC215703 666s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-rsACTo/SSSD-child-29845.pem 666s + found_md5=Modulus=C76913F46F373A75507D5ABE113DAE8D870E0811BC3BF3C9CC2275363B75BE2B163CEA0DAC2199300C639D96D7D822F5F888886271E26102D410064ABBA3F9A7287904B96CFF887467F271882AB39A93D8830E2C652232927A029EF95F8E2D4AF91C2D4AAA376D3D9CFEFE5AFE08EB2B1FB59839278E96E10F74956FAC215703 666s + '[' Modulus=C76913F46F373A75507D5ABE113DAE8D870E0811BC3BF3C9CC2275363B75BE2B163CEA0DAC2199300C639D96D7D822F5F888886271E26102D410064ABBA3F9A7287904B96CFF887467F271882AB39A93D8830E2C652232927A029EF95F8E2D4AF91C2D4AAA376D3D9CFEFE5AFE08EB2B1FB59839278E96E10F74956FAC215703 '!=' Modulus=C76913F46F373A75507D5ABE113DAE8D870E0811BC3BF3C9CC2275363B75BE2B163CEA0DAC2199300C639D96D7D822F5F888886271E26102D410064ABBA3F9A7287904B96CFF887467F271882AB39A93D8830E2C652232927A029EF95F8E2D4AF91C2D4AAA376D3D9CFEFE5AFE08EB2B1FB59839278E96E10F74956FAC215703 ']' 666s + output_file=/tmp/sssd-softhsm2-rsACTo/SSSD-child-29845-auth.output 666s ++ basename /tmp/sssd-softhsm2-rsACTo/SSSD-child-29845-auth.output .output 666s + output_cert_file=/tmp/sssd-softhsm2-rsACTo/SSSD-child-29845-auth.pem 666s + echo -n 053350 666s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-rsACTo/test-root-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 '' --token_name 'Test Organization Root Tr Token' --module_name /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so 666s [p11_child[2045]] [main] (0x0400): p11_child started. 666s [p11_child[2045]] [main] (0x2000): Running in [auth] mode. 666s [p11_child[2045]] [main] (0x2000): Running with effective IDs: [0][0]. 666s [p11_child[2045]] [main] (0x2000): Running with real IDs [0][0]. 666s [p11_child[2045]] [do_card] (0x4000): Module List: 666s [p11_child[2045]] [do_card] (0x4000): common name: [softhsm2]. 666s [p11_child[2045]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 666s [p11_child[2045]] [do_card] (0x4000): Description [SoftHSM slot ID 0x54171b6d] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 666s [p11_child[2045]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 666s [p11_child[2045]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x54171b6d][1410800493] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 666s [p11_child[2045]] [do_card] (0x4000): Login required. 666s [p11_child[2045]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 666s [p11_child[2045]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 666s [p11_child[2045]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so Test Organization Root Tr Token Test Organization Root Tr Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 666s [p11_child[2045]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x54171b6d;slot-manufacturer=SoftHSM%20project;slot-id=1410800493;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=cd1ef49754171b6d;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 666s [p11_child[2045]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 666s [p11_child[2045]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 666s [p11_child[2045]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 666s [p11_child[2045]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 666s [p11_child[2045]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 666s [p11_child[2045]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 666s [p11_child[2045]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 666s [p11_child[2045]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 666s [p11_child[2045]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 666s [p11_child[2045]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 666s [p11_child[2045]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 666s [p11_child[2045]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 666s [p11_child[2045]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 666s [p11_child[2045]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 666s [p11_child[2045]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 666s [p11_child[2045]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 666s [p11_child[2045]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 666s [p11_child[2045]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 666s [p11_child[2045]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 666s [p11_child[2045]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 666s [p11_child[2045]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 666s [p11_child[2045]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 666s [p11_child[2045]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 666s [p11_child[2045]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 666s [p11_child[2045]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 666s [p11_child[2045]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 666s [p11_child[2045]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 666s [p11_child[2045]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 666s [p11_child[2045]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 666s [p11_child[2045]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 666s [p11_child[2045]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 666s [p11_child[2045]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 666s [p11_child[2045]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 666s [p11_child[2045]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 666s [p11_child[2045]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 666s [p11_child[2045]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 666s [p11_child[2045]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 666s [p11_child[2045]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 666s [p11_child[2045]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 666s [p11_child[2045]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 666s [p11_child[2045]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 666s [p11_child[2045]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 666s [p11_child[2045]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 666s [p11_child[2045]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 666s [p11_child[2045]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 666s [p11_child[2045]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 666s [p11_child[2045]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 666s [p11_child[2045]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 666s [p11_child[2045]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 666s [p11_child[2045]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 666s [p11_child[2045]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 666s [p11_child[2045]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 666s [p11_child[2045]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 666s [p11_child[2045]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 666s [p11_child[2045]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 666s [p11_child[2045]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 666s [p11_child[2045]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 666s [p11_child[2045]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 666s [p11_child[2045]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 666s [p11_child[2045]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 666s [p11_child[2045]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 666s [p11_child[2045]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 666s [p11_child[2045]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 666s [p11_child[2045]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 666s [p11_child[2045]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 666s [p11_child[2045]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 666s [p11_child[2045]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 666s [p11_child[2045]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 666s [p11_child[2045]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 666s [p11_child[2045]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 666s [p11_child[2045]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 666s [p11_child[2045]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 666s [p11_child[2045]] [do_card] (0x4000): Certificate verified and validated. 666s [p11_child[2045]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 666s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-rsACTo/SSSD-child-29845-auth.output 666s + echo '-----BEGIN CERTIFICATE-----' 666s + tail -n1 /tmp/sssd-softhsm2-rsACTo/SSSD-child-29845-auth.output 666s + echo '-----END CERTIFICATE-----' 666s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-rsACTo/SSSD-child-29845-auth.pem 666s Certificate: 666s Data: 666s Version: 3 (0x2) 666s Serial Number: 3 (0x3) 666s Signature Algorithm: sha256WithRSAEncryption 666s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 666s Validity 666s Not Before: Mar 5 00:32:59 2024 GMT 666s Not After : Mar 5 00:32:59 2025 GMT 666s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 666s Subject Public Key Info: 666s Public Key Algorithm: rsaEncryption 666s Public-Key: (1024 bit) 666s Modulus: 666s 00:c7:69:13:f4:6f:37:3a:75:50:7d:5a:be:11:3d: 666s ae:8d:87:0e:08:11:bc:3b:f3:c9:cc:22:75:36:3b: 666s 75:be:2b:16:3c:ea:0d:ac:21:99:30:0c:63:9d:96: 666s d7:d8:22:f5:f8:88:88:62:71:e2:61:02:d4:10:06: 666s 4a:bb:a3:f9:a7:28:79:04:b9:6c:ff:88:74:67:f2: 666s 71:88:2a:b3:9a:93:d8:83:0e:2c:65:22:32:92:7a: 666s 02:9e:f9:5f:8e:2d:4a:f9:1c:2d:4a:aa:37:6d:3d: 666s 9c:fe:fe:5a:fe:08:eb:2b:1f:b5:98:39:27:8e:96: 666s e1:0f:74:95:6f:ac:21:57:03 666s Exponent: 65537 (0x10001) 666s X509v3 extensions: 666s X509v3 Authority Key Identifier: 666s 1A:59:A5:F6:6A:BF:D6:1E:B8:61:4F:36:2A:6F:C2:13:F1:CC:4F:93 666s X509v3 Basic Constraints: 666s CA:FALSE 666s Netscape Cert Type: 666s SSL Client, S/MIME 666s Netscape Comment: 666s Test Organization Root CA trusted Certificate 666s X509v3 Subject Key Identifier: 666s 50:5F:2A:42:F8:E7:B6:EC:4F:A1:40:B5:D4:38:80:05:54:EB:A6:25 666s X509v3 Key Usage: critical 666s Digital Signature, Non Repudiation, Key Encipherment 666s X509v3 Extended Key Usage: 666s TLS Web Client Authentication, E-mail Protection 666s X509v3 Subject Alternative Name: 666s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 666s Signature Algorithm: sha256WithRSAEncryption 666s Signature Value: 666s 2d:0e:4b:49:66:86:e3:39:42:94:88:08:13:f5:55:2e:d2:2c: 666s 2c:29:31:58:1e:96:14:5f:2c:21:5b:6b:1a:74:f1:64:32:c9: 666s bd:23:bd:21:66:21:f2:34:7c:a1:17:09:8a:55:95:5f:ad:e8: 666s bc:f6:f3:b0:d2:42:3a:31:7b:ad:4c:83:b5:92:f8:b8:d3:33: 666s ef:b0:73:59:5e:f0:c5:c3:e2:02:e8:be:c8:82:69:a6:3c:b4: 666s 6b:20:44:dc:e4:50:5c:19:47:28:5c:4b:75:88:53:e0:0c:28: 666s 01:af:f7:af:15:8c:57:29:19:3a:70:fc:44:6f:1c:a4:4d:75: 666s 59:da 666s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-rsACTo/SSSD-child-29845-auth.pem 666s + found_md5=Modulus=C76913F46F373A75507D5ABE113DAE8D870E0811BC3BF3C9CC2275363B75BE2B163CEA0DAC2199300C639D96D7D822F5F888886271E26102D410064ABBA3F9A7287904B96CFF887467F271882AB39A93D8830E2C652232927A029EF95F8E2D4AF91C2D4AAA376D3D9CFEFE5AFE08EB2B1FB59839278E96E10F74956FAC215703 666s + '[' Modulus=C76913F46F373A75507D5ABE113DAE8D870E0811BC3BF3C9CC2275363B75BE2B163CEA0DAC2199300C639D96D7D822F5F888886271E26102D410064ABBA3F9A7287904B96CFF887467F271882AB39A93D8830E2C652232927A029EF95F8E2D4AF91C2D4AAA376D3D9CFEFE5AFE08EB2B1FB59839278E96E10F74956FAC215703 '!=' Modulus=C76913F46F373A75507D5ABE113DAE8D870E0811BC3BF3C9CC2275363B75BE2B163CEA0DAC2199300C639D96D7D822F5F888886271E26102D410064ABBA3F9A7287904B96CFF887467F271882AB39A93D8830E2C652232927A029EF95F8E2D4AF91C2D4AAA376D3D9CFEFE5AFE08EB2B1FB59839278E96E10F74956FAC215703 ']' 666s + valid_certificate /tmp/sssd-softhsm2-rsACTo/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-14273 /tmp/sssd-softhsm2-rsACTo/test-root-CA.pem partial_chain 666s + check_certificate /tmp/sssd-softhsm2-rsACTo/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-14273 /tmp/sssd-softhsm2-rsACTo/test-root-CA.pem partial_chain 666s + local certificate=/tmp/sssd-softhsm2-rsACTo/test-root-CA-trusted-certificate-0001.pem 666s + local key_pass=pass:random-root-ca-trusted-cert-0001-14273 666s + local key_ring=/tmp/sssd-softhsm2-rsACTo/test-root-CA.pem 666s + local verify_option=partial_chain 666s + prepare_softhsm2_card /tmp/sssd-softhsm2-rsACTo/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-14273 666s + local certificate=/tmp/sssd-softhsm2-rsACTo/test-root-CA-trusted-certificate-0001.pem 666s + local key_pass=pass:random-root-ca-trusted-cert-0001-14273 666s + local key_cn 666s + local key_name 666s + local tokens_dir 666s + local output_cert_file 666s + token_name= 666s ++ basename /tmp/sssd-softhsm2-rsACTo/test-root-CA-trusted-certificate-0001.pem .pem 666s + key_name=test-root-CA-trusted-certificate-0001 666s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-rsACTo/test-root-CA-trusted-certificate-0001.pem 666s ++ sed -n 's/ *commonName *= //p' 666s + key_cn='Test Organization Root Trusted Certificate 0001' 666s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 666s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-rsACTo/softhsm2-test-root-CA-trusted-certificate-0001.conf 666s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-rsACTo/softhsm2-test-root-CA-trusted-certificate-0001.conf 666s ++ basename /tmp/sssd-softhsm2-rsACTo/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 666s Test Organization Root Tr Token 666s + tokens_dir=/tmp/sssd-softhsm2-rsACTo/softhsm2-test-root-CA-trusted-certificate-0001 666s + token_name='Test Organization Root Tr Token' 666s + '[' '!' -e /tmp/sssd-softhsm2-rsACTo/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 666s + '[' '!' -d /tmp/sssd-softhsm2-rsACTo/softhsm2-test-root-CA-trusted-certificate-0001 ']' 666s + echo 'Test Organization Root Tr Token' 666s + '[' -n partial_chain ']' 666s + local verify_arg=--verify=partial_chain 666s + local output_base_name=SSSD-child-8249 666s + local output_file=/tmp/sssd-softhsm2-rsACTo/SSSD-child-8249.output 666s + output_cert_file=/tmp/sssd-softhsm2-rsACTo/SSSD-child-8249.pem 666s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-rsACTo/test-root-CA.pem 666s [p11_child[2055]] [main] (0x0400): p11_child started. 666s [p11_child[2055]] [main] (0x2000): Running in [pre-auth] mode. 666s [p11_child[2055]] [main] (0x2000): Running with effective IDs: [0][0]. 666s [p11_child[2055]] [main] (0x2000): Running with real IDs [0][0]. 666s [p11_child[2055]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 666s [p11_child[2055]] [do_card] (0x4000): Module List: 666s [p11_child[2055]] [do_card] (0x4000): common name: [softhsm2]. 666s [p11_child[2055]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 666s [p11_child[2055]] [do_card] (0x4000): Description [SoftHSM slot ID 0x54171b6d] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 666s [p11_child[2055]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 666s [p11_child[2055]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x54171b6d][1410800493] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 666s [p11_child[2055]] [do_card] (0x4000): Login NOT required. 666s [p11_child[2055]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 666s [p11_child[2055]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 666s [p11_child[2055]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Root Tr Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 666s [p11_child[2055]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x54171b6d;slot-manufacturer=SoftHSM%20project;slot-id=1410800493;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=cd1ef49754171b6d;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 666s [p11_child[2055]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 666s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-rsACTo/SSSD-child-8249.output 666s + echo '-----BEGIN CERTIFICATE-----' 666s + tail -n1 /tmp/sssd-softhsm2-rsACTo/SSSD-child-8249.output 666s + echo '-----END CERTIFICATE-----' 666s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-rsACTo/SSSD-child-8249.pem 666s Certificate: 666s Data: 666s Version: 3 (0x2) 666s Serial Number: 3 (0x3) 666s Signature Algorithm: sha256WithRSAEncryption 666s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 666s Validity 666s Not Before: Mar 5 00:32:59 2024 GMT 666s Not After : Mar 5 00:32:59 2025 GMT 666s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 666s Subject Public Key Info: 666s Public Key Algorithm: rsaEncryption 666s Public-Key: (1024 bit) 666s Modulus: 666s 00:c7:69:13:f4:6f:37:3a:75:50:7d:5a:be:11:3d: 666s ae:8d:87:0e:08:11:bc:3b:f3:c9:cc:22:75:36:3b: 666s 75:be:2b:16:3c:ea:0d:ac:21:99:30:0c:63:9d:96: 666s d7:d8:22:f5:f8:88:88:62:71:e2:61:02:d4:10:06: 666s 4a:bb:a3:f9:a7:28:79:04:b9:6c:ff:88:74:67:f2: 666s 71:88:2a:b3:9a:93:d8:83:0e:2c:65:22:32:92:7a: 666s 02:9e:f9:5f:8e:2d:4a:f9:1c:2d:4a:aa:37:6d:3d: 666s 9c:fe:fe:5a:fe:08:eb:2b:1f:b5:98:39:27:8e:96: 666s e1:0f:74:95:6f:ac:21:57:03 666s Exponent: 65537 (0x10001) 666s X509v3 extensions: 666s X509v3 Authority Key Identifier: 666s 1A:59:A5:F6:6A:BF:D6:1E:B8:61:4F:36:2A:6F:C2:13:F1:CC:4F:93 666s X509v3 Basic Constraints: 666s CA:FALSE 666s Netscape Cert Type: 666s SSL Client, S/MIME 666s Netscape Comment: 666s Test Organization Root CA trusted Certificate 666s X509v3 Subject Key Identifier: 666s 50:5F:2A:42:F8:E7:B6:EC:4F:A1:40:B5:D4:38:80:05:54:EB:A6:25 666s X509v3 Key Usage: critical 666s Digital Signature, Non Repudiation, Key Encipherment 666s X509v3 Extended Key Usage: 666s TLS Web Client Authentication, E-mail Protection 666s X509v3 Subject Alternative Name: 666s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 666s Signature Algorithm: sha256WithRSAEncryption 666s Signature Value: 666s 2d:0e:4b:49:66:86:e3:39:42:94:88:08:13:f5:55:2e:d2:2c: 666s 2c:29:31:58:1e:96:14:5f:2c:21:5b:6b:1a:74:f1:64:32:c9: 666s bd:23:bd:21:66:21:f2:34:7c:a1:17:09:8a:55:95:5f:ad:e8: 666s bc:f6:f3:b0:d2:42:3a:31:7b:ad:4c:83:b5:92:f8:b8:d3:33: 666s ef:b0:73:59:5e:f0:c5:c3:e2:02:e8:be:c8:82:69:a6:3c:b4: 666s 6b:20:44:dc:e4:50:5c:19:47:28:5c:4b:75:88:53:e0:0c:28: 666s 01:af:f7:af:15:8c:57:29:19:3a:70:fc:44:6f:1c:a4:4d:75: 666s 59:da 666s + local found_md5 expected_md5 666s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-rsACTo/test-root-CA-trusted-certificate-0001.pem 666s + expected_md5=Modulus=C76913F46F373A75507D5ABE113DAE8D870E0811BC3BF3C9CC2275363B75BE2B163CEA0DAC2199300C639D96D7D822F5F888886271E26102D410064ABBA3F9A7287904B96CFF887467F271882AB39A93D8830E2C652232927A029EF95F8E2D4AF91C2D4AAA376D3D9CFEFE5AFE08EB2B1FB59839278E96E10F74956FAC215703 666s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-rsACTo/SSSD-child-8249.pem 666s + found_md5=Modulus=C76913F46F373A75507D5ABE113DAE8D870E0811BC3BF3C9CC2275363B75BE2B163CEA0DAC2199300C639D96D7D822F5F888886271E26102D410064ABBA3F9A7287904B96CFF887467F271882AB39A93D8830E2C652232927A029EF95F8E2D4AF91C2D4AAA376D3D9CFEFE5AFE08EB2B1FB59839278E96E10F74956FAC215703 666s + '[' Modulus=C76913F46F373A75507D5ABE113DAE8D870E0811BC3BF3C9CC2275363B75BE2B163CEA0DAC2199300C639D96D7D822F5F888886271E26102D410064ABBA3F9A7287904B96CFF887467F271882AB39A93D8830E2C652232927A029EF95F8E2D4AF91C2D4AAA376D3D9CFEFE5AFE08EB2B1FB59839278E96E10F74956FAC215703 '!=' Modulus=C76913F46F373A75507D5ABE113DAE8D870E0811BC3BF3C9CC2275363B75BE2B163CEA0DAC2199300C639D96D7D822F5F888886271E26102D410064ABBA3F9A7287904B96CFF887467F271882AB39A93D8830E2C652232927A029EF95F8E2D4AF91C2D4AAA376D3D9CFEFE5AFE08EB2B1FB59839278E96E10F74956FAC215703 ']' 666s + output_file=/tmp/sssd-softhsm2-rsACTo/SSSD-child-8249-auth.output 666s ++ basename /tmp/sssd-softhsm2-rsACTo/SSSD-child-8249-auth.output .output 666s + output_cert_file=/tmp/sssd-softhsm2-rsACTo/SSSD-child-8249-auth.pem 666s + echo -n 053350 666s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-rsACTo/test-root-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Root Tr Token' --module_name /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so 666s [p11_child[2063]] [main] (0x0400): p11_child started. 666s [p11_child[2063]] [main] (0x2000): Running in [auth] mode. 666s [p11_child[2063]] [main] (0x2000): Running with effective IDs: [0][0]. 666s [p11_child[2063]] [main] (0x2000): Running with real IDs [0][0]. 666s [p11_child[2063]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 666s [p11_child[2063]] [do_card] (0x4000): Module List: 666s [p11_child[2063]] [do_card] (0x4000): common name: [softhsm2]. 666s [p11_child[2063]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 666s [p11_child[2063]] [do_card] (0x4000): Description [SoftHSM slot ID 0x54171b6d] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 666s [p11_child[2063]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 666s [p11_child[2063]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x54171b6d][1410800493] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 666s [p11_child[2063]] [do_card] (0x4000): Login required. 666s [p11_child[2063]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 666s [p11_child[2063]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 666s [p11_child[2063]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so Test Organization Root Tr Token Test Organization Root Tr Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 666s [p11_child[2063]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x54171b6d;slot-manufacturer=SoftHSM%20project;slot-id=1410800493;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=cd1ef49754171b6d;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 666s [p11_child[2063]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 666s [p11_child[2063]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 666s [p11_child[2063]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 666s [p11_child[2063]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 666s [p11_child[2063]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 666s [p11_child[2063]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 666s [p11_child[2063]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 666s [p11_child[2063]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 666s [p11_child[2063]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 666s [p11_child[2063]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 666s [p11_child[2063]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 666s [p11_child[2063]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 666s [p11_child[2063]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 666s [p11_child[2063]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 666s [p11_child[2063]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 666s [p11_child[2063]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 666s [p11_child[2063]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 666s [p11_child[2063]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 666s [p11_child[2063]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 666s [p11_child[2063]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 666s [p11_child[2063]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 666s [p11_child[2063]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 666s [p11_child[2063]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 666s [p11_child[2063]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 666s [p11_child[2063]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 666s [p11_child[2063]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 666s [p11_child[2063]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 666s [p11_child[2063]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 666s [p11_child[2063]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 666s [p11_child[2063]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 666s [p11_child[2063]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 666s [p11_child[2063]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 666s [p11_child[2063]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 666s [p11_child[2063]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 666s [p11_child[2063]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 666s [p11_child[2063]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 666s [p11_child[2063]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 666s [p11_child[2063]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 666s [p11_child[2063]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 666s [p11_child[2063]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 666s [p11_child[2063]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 666s [p11_child[2063]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 666s [p11_child[2063]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 666s [p11_child[2063]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 666s [p11_child[2063]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 666s [p11_child[2063]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 666s [p11_child[2063]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 666s [p11_child[2063]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 666s [p11_child[2063]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 666s [p11_child[2063]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 666s [p11_child[2063]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 666s [p11_child[2063]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 666s [p11_child[2063]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 666s [p11_child[2063]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 666s [p11_child[2063]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 666s [p11_child[2063]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 666s [p11_child[2063]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 666s [p11_child[2063]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 666s [p11_child[2063]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 666s [p11_child[2063]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 666s [p11_child[2063]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 666s [p11_child[2063]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 666s [p11_child[2063]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 666s [p11_child[2063]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 666s [p11_child[2063]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 666s [p11_child[2063]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 666s [p11_child[2063]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 666s [p11_child[2063]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 666s [p11_child[2063]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 666s [p11_child[2063]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 666s [p11_child[2063]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 666s [p11_child[2063]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 666s [p11_child[2063]] [do_card] (0x4000): Certificate verified and validated. 666s [p11_child[2063]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 666s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-rsACTo/SSSD-child-8249-auth.output 666s + echo '-----BEGIN CERTIFICATE-----' 666s + tail -n1 /tmp/sssd-softhsm2-rsACTo/SSSD-child-8249-auth.output 666s + echo '-----END CERTIFICATE-----' 666s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-rsACTo/SSSD-child-8249-auth.pem 667s Certificate: 667s Data: 667s Version: 3 (0x2) 667s Serial Number: 3 (0x3) 667s Signature Algorithm: sha256WithRSAEncryption 667s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 667s Validity 667s Not Before: Mar 5 00:32:59 2024 GMT 667s Not After : Mar 5 00:32:59 2025 GMT 667s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 667s Subject Public Key Info: 667s Public Key Algorithm: rsaEncryption 667s Public-Key: (1024 bit) 667s Modulus: 667s 00:c7:69:13:f4:6f:37:3a:75:50:7d:5a:be:11:3d: 667s ae:8d:87:0e:08:11:bc:3b:f3:c9:cc:22:75:36:3b: 667s 75:be:2b:16:3c:ea:0d:ac:21:99:30:0c:63:9d:96: 667s d7:d8:22:f5:f8:88:88:62:71:e2:61:02:d4:10:06: 667s 4a:bb:a3:f9:a7:28:79:04:b9:6c:ff:88:74:67:f2: 667s 71:88:2a:b3:9a:93:d8:83:0e:2c:65:22:32:92:7a: 667s 02:9e:f9:5f:8e:2d:4a:f9:1c:2d:4a:aa:37:6d:3d: 667s 9c:fe:fe:5a:fe:08:eb:2b:1f:b5:98:39:27:8e:96: 667s e1:0f:74:95:6f:ac:21:57:03 667s Exponent: 65537 (0x10001) 667s X509v3 extensions: 667s X509v3 Authority Key Identifier: 667s 1A:59:A5:F6:6A:BF:D6:1E:B8:61:4F:36:2A:6F:C2:13:F1:CC:4F:93 667s X509v3 Basic Constraints: 667s CA:FALSE 667s Netscape Cert Type: 667s SSL Client, S/MIME 667s Netscape Comment: 667s Test Organization Root CA trusted Certificate 667s X509v3 Subject Key Identifier: 667s 50:5F:2A:42:F8:E7:B6:EC:4F:A1:40:B5:D4:38:80:05:54:EB:A6:25 667s X509v3 Key Usage: critical 667s Digital Signature, Non Repudiation, Key Encipherment 667s X509v3 Extended Key Usage: 667s TLS Web Client Authentication, E-mail Protection 667s X509v3 Subject Alternative Name: 667s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 667s Signature Algorithm: sha256WithRSAEncryption 667s Signature Value: 667s 2d:0e:4b:49:66:86:e3:39:42:94:88:08:13:f5:55:2e:d2:2c: 667s 2c:29:31:58:1e:96:14:5f:2c:21:5b:6b:1a:74:f1:64:32:c9: 667s bd:23:bd:21:66:21:f2:34:7c:a1:17:09:8a:55:95:5f:ad:e8: 667s bc:f6:f3:b0:d2:42:3a:31:7b:ad:4c:83:b5:92:f8:b8:d3:33: 667s ef:b0:73:59:5e:f0:c5:c3:e2:02:e8:be:c8:82:69:a6:3c:b4: 667s 6b:20:44:dc:e4:50:5c:19:47:28:5c:4b:75:88:53:e0:0c:28: 667s 01:af:f7:af:15:8c:57:29:19:3a:70:fc:44:6f:1c:a4:4d:75: 667s 59:da 667s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-rsACTo/SSSD-child-8249-auth.pem 667s + found_md5=Modulus=C76913F46F373A75507D5ABE113DAE8D870E0811BC3BF3C9CC2275363B75BE2B163CEA0DAC2199300C639D96D7D822F5F888886271E26102D410064ABBA3F9A7287904B96CFF887467F271882AB39A93D8830E2C652232927A029EF95F8E2D4AF91C2D4AAA376D3D9CFEFE5AFE08EB2B1FB59839278E96E10F74956FAC215703 667s + '[' Modulus=C76913F46F373A75507D5ABE113DAE8D870E0811BC3BF3C9CC2275363B75BE2B163CEA0DAC2199300C639D96D7D822F5F888886271E26102D410064ABBA3F9A7287904B96CFF887467F271882AB39A93D8830E2C652232927A029EF95F8E2D4AF91C2D4AAA376D3D9CFEFE5AFE08EB2B1FB59839278E96E10F74956FAC215703 '!=' Modulus=C76913F46F373A75507D5ABE113DAE8D870E0811BC3BF3C9CC2275363B75BE2B163CEA0DAC2199300C639D96D7D822F5F888886271E26102D410064ABBA3F9A7287904B96CFF887467F271882AB39A93D8830E2C652232927A029EF95F8E2D4AF91C2D4AAA376D3D9CFEFE5AFE08EB2B1FB59839278E96E10F74956FAC215703 ']' 667s + valid_certificate /tmp/sssd-softhsm2-rsACTo/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-14273 /tmp/sssd-softhsm2-rsACTo/test-full-chain-CA.pem 667s + check_certificate /tmp/sssd-softhsm2-rsACTo/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-14273 /tmp/sssd-softhsm2-rsACTo/test-full-chain-CA.pem 667s + local certificate=/tmp/sssd-softhsm2-rsACTo/test-root-CA-trusted-certificate-0001.pem 667s + local key_pass=pass:random-root-ca-trusted-cert-0001-14273 667s + local key_ring=/tmp/sssd-softhsm2-rsACTo/test-full-chain-CA.pem 667s + local verify_option= 667s + prepare_softhsm2_card /tmp/sssd-softhsm2-rsACTo/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-14273 667s + local certificate=/tmp/sssd-softhsm2-rsACTo/test-root-CA-trusted-certificate-0001.pem 667s + local key_pass=pass:random-root-ca-trusted-cert-0001-14273 667s + local key_cn 667s + local key_name 667s + local tokens_dir 667s + local output_cert_file 667s + token_name= 667s ++ basename /tmp/sssd-softhsm2-rsACTo/test-root-CA-trusted-certificate-0001.pem .pem 667s + key_name=test-root-CA-trusted-certificate-0001 667s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-rsACTo/test-root-CA-trusted-certificate-0001.pem 667s ++ sed -n 's/ *commonName *= //p' 667s + key_cn='Test Organization Root Trusted Certificate 0001' 667s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 667s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-rsACTo/softhsm2-test-root-CA-trusted-certificate-0001.conf 667s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-rsACTo/softhsm2-test-root-CA-trusted-certificate-0001.conf 667s ++ basename /tmp/sssd-softhsm2-rsACTo/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 667s Test Organization Root Tr Token 667s + tokens_dir=/tmp/sssd-softhsm2-rsACTo/softhsm2-test-root-CA-trusted-certificate-0001 667s + token_name='Test Organization Root Tr Token' 667s + '[' '!' -e /tmp/sssd-softhsm2-rsACTo/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 667s + '[' '!' -d /tmp/sssd-softhsm2-rsACTo/softhsm2-test-root-CA-trusted-certificate-0001 ']' 667s + echo 'Test Organization Root Tr Token' 667s + '[' -n '' ']' 667s + local output_base_name=SSSD-child-21280 667s + local output_file=/tmp/sssd-softhsm2-rsACTo/SSSD-child-21280.output 667s + output_cert_file=/tmp/sssd-softhsm2-rsACTo/SSSD-child-21280.pem 667s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-rsACTo/test-full-chain-CA.pem 667s [p11_child[2073]] [main] (0x0400): p11_child started. 667s [p11_child[2073]] [main] (0x2000): Running in [pre-auth] mode. 667s [p11_child[2073]] [main] (0x2000): Running with effective IDs: [0][0]. 667s [p11_child[2073]] [main] (0x2000): Running with real IDs [0][0]. 667s [p11_child[2073]] [do_card] (0x4000): Module List: 667s [p11_child[2073]] [do_card] (0x4000): common name: [softhsm2]. 667s [p11_child[2073]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 667s [p11_child[2073]] [do_card] (0x4000): Description [SoftHSM slot ID 0x54171b6d] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 667s [p11_child[2073]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 667s [p11_child[2073]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x54171b6d][1410800493] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 667s [p11_child[2073]] [do_card] (0x4000): Login NOT required. 667s [p11_child[2073]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 667s [p11_child[2073]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 667s [p11_child[2073]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Root Tr Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 667s [p11_child[2073]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x54171b6d;slot-manufacturer=SoftHSM%20project;slot-id=1410800493;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=cd1ef49754171b6d;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 667s [p11_child[2073]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 667s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-rsACTo/SSSD-child-21280.output 667s + echo '-----BEGIN CERTIFICATE-----' 667s + tail -n1 /tmp/sssd-softhsm2-rsACTo/SSSD-child-21280.output 667s + echo '-----END CERTIFICATE-----' 667s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-rsACTo/SSSD-child-21280.pem 667s Certificate: 667s Data: 667s Version: 3 (0x2) 667s Serial Number: 3 (0x3) 667s Signature Algorithm: sha256WithRSAEncryption 667s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 667s Validity 667s Not Before: Mar 5 00:32:59 2024 GMT 667s Not After : Mar 5 00:32:59 2025 GMT 667s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 667s Subject Public Key Info: 667s Public Key Algorithm: rsaEncryption 667s Public-Key: (1024 bit) 667s Modulus: 667s 00:c7:69:13:f4:6f:37:3a:75:50:7d:5a:be:11:3d: 667s ae:8d:87:0e:08:11:bc:3b:f3:c9:cc:22:75:36:3b: 667s 75:be:2b:16:3c:ea:0d:ac:21:99:30:0c:63:9d:96: 667s d7:d8:22:f5:f8:88:88:62:71:e2:61:02:d4:10:06: 667s 4a:bb:a3:f9:a7:28:79:04:b9:6c:ff:88:74:67:f2: 667s 71:88:2a:b3:9a:93:d8:83:0e:2c:65:22:32:92:7a: 667s 02:9e:f9:5f:8e:2d:4a:f9:1c:2d:4a:aa:37:6d:3d: 667s 9c:fe:fe:5a:fe:08:eb:2b:1f:b5:98:39:27:8e:96: 667s e1:0f:74:95:6f:ac:21:57:03 667s Exponent: 65537 (0x10001) 667s X509v3 extensions: 667s X509v3 Authority Key Identifier: 667s 1A:59:A5:F6:6A:BF:D6:1E:B8:61:4F:36:2A:6F:C2:13:F1:CC:4F:93 667s X509v3 Basic Constraints: 667s CA:FALSE 667s Netscape Cert Type: 667s SSL Client, S/MIME 667s Netscape Comment: 667s Test Organization Root CA trusted Certificate 667s X509v3 Subject Key Identifier: 667s 50:5F:2A:42:F8:E7:B6:EC:4F:A1:40:B5:D4:38:80:05:54:EB:A6:25 667s X509v3 Key Usage: critical 667s Digital Signature, Non Repudiation, Key Encipherment 667s X509v3 Extended Key Usage: 667s TLS Web Client Authentication, E-mail Protection 667s X509v3 Subject Alternative Name: 667s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 667s Signature Algorithm: sha256WithRSAEncryption 667s Signature Value: 667s 2d:0e:4b:49:66:86:e3:39:42:94:88:08:13:f5:55:2e:d2:2c: 667s 2c:29:31:58:1e:96:14:5f:2c:21:5b:6b:1a:74:f1:64:32:c9: 667s bd:23:bd:21:66:21:f2:34:7c:a1:17:09:8a:55:95:5f:ad:e8: 667s bc:f6:f3:b0:d2:42:3a:31:7b:ad:4c:83:b5:92:f8:b8:d3:33: 667s ef:b0:73:59:5e:f0:c5:c3:e2:02:e8:be:c8:82:69:a6:3c:b4: 667s 6b:20:44:dc:e4:50:5c:19:47:28:5c:4b:75:88:53:e0:0c:28: 667s 01:af:f7:af:15:8c:57:29:19:3a:70:fc:44:6f:1c:a4:4d:75: 667s 59:da 667s + local found_md5 expected_md5 667s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-rsACTo/test-root-CA-trusted-certificate-0001.pem 667s + expected_md5=Modulus=C76913F46F373A75507D5ABE113DAE8D870E0811BC3BF3C9CC2275363B75BE2B163CEA0DAC2199300C639D96D7D822F5F888886271E26102D410064ABBA3F9A7287904B96CFF887467F271882AB39A93D8830E2C652232927A029EF95F8E2D4AF91C2D4AAA376D3D9CFEFE5AFE08EB2B1FB59839278E96E10F74956FAC215703 667s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-rsACTo/SSSD-child-21280.pem 667s + found_md5=Modulus=C76913F46F373A75507D5ABE113DAE8D870E0811BC3BF3C9CC2275363B75BE2B163CEA0DAC2199300C639D96D7D822F5F888886271E26102D410064ABBA3F9A7287904B96CFF887467F271882AB39A93D8830E2C652232927A029EF95F8E2D4AF91C2D4AAA376D3D9CFEFE5AFE08EB2B1FB59839278E96E10F74956FAC215703 667s + '[' Modulus=C76913F46F373A75507D5ABE113DAE8D870E0811BC3BF3C9CC2275363B75BE2B163CEA0DAC2199300C639D96D7D822F5F888886271E26102D410064ABBA3F9A7287904B96CFF887467F271882AB39A93D8830E2C652232927A029EF95F8E2D4AF91C2D4AAA376D3D9CFEFE5AFE08EB2B1FB59839278E96E10F74956FAC215703 '!=' Modulus=C76913F46F373A75507D5ABE113DAE8D870E0811BC3BF3C9CC2275363B75BE2B163CEA0DAC2199300C639D96D7D822F5F888886271E26102D410064ABBA3F9A7287904B96CFF887467F271882AB39A93D8830E2C652232927A029EF95F8E2D4AF91C2D4AAA376D3D9CFEFE5AFE08EB2B1FB59839278E96E10F74956FAC215703 ']' 667s + output_file=/tmp/sssd-softhsm2-rsACTo/SSSD-child-21280-auth.output 667s ++ basename /tmp/sssd-softhsm2-rsACTo/SSSD-child-21280-auth.output .output 667s + output_cert_file=/tmp/sssd-softhsm2-rsACTo/SSSD-child-21280-auth.pem 667s + echo -n 053350 667s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-rsACTo/test-full-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 '' --token_name 'Test Organization Root Tr Token' --module_name /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so 667s [p11_child[2081]] [main] (0x0400): p11_child started. 667s [p11_child[2081]] [main] (0x2000): Running in [auth] mode. 667s [p11_child[2081]] [main] (0x2000): Running with effective IDs: [0][0]. 667s [p11_child[2081]] [main] (0x2000): Running with real IDs [0][0]. 667s [p11_child[2081]] [do_card] (0x4000): Module List: 667s [p11_child[2081]] [do_card] (0x4000): common name: [softhsm2]. 667s [p11_child[2081]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 667s [p11_child[2081]] [do_card] (0x4000): Description [SoftHSM slot ID 0x54171b6d] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 667s [p11_child[2081]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 667s [p11_child[2081]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x54171b6d][1410800493] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 667s [p11_child[2081]] [do_card] (0x4000): Login required. 667s [p11_child[2081]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 667s [p11_child[2081]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 667s [p11_child[2081]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so Test Organization Root Tr Token Test Organization Root Tr Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 667s [p11_child[2081]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x54171b6d;slot-manufacturer=SoftHSM%20project;slot-id=1410800493;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=cd1ef49754171b6d;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 667s [p11_child[2081]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 667s [p11_child[2081]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 667s [p11_child[2081]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 667s [p11_child[2081]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 667s [p11_child[2081]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 667s [p11_child[2081]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 667s [p11_child[2081]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 667s [p11_child[2081]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 667s [p11_child[2081]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 667s [p11_child[2081]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 667s [p11_child[2081]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 667s [p11_child[2081]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 667s [p11_child[2081]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 667s [p11_child[2081]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 667s [p11_child[2081]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 667s [p11_child[2081]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 667s [p11_child[2081]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 667s [p11_child[2081]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 667s [p11_child[2081]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 667s [p11_child[2081]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 667s [p11_child[2081]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 667s [p11_child[2081]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 667s [p11_child[2081]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 667s [p11_child[2081]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 667s [p11_child[2081]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 667s [p11_child[2081]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 667s [p11_child[2081]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 667s [p11_child[2081]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 667s [p11_child[2081]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 667s [p11_child[2081]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 667s [p11_child[2081]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 667s [p11_child[2081]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 667s [p11_child[2081]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 667s [p11_child[2081]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 667s [p11_child[2081]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 667s [p11_child[2081]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 667s [p11_child[2081]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 667s [p11_child[2081]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 667s [p11_child[2081]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 667s [p11_child[2081]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 667s [p11_child[2081]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 667s [p11_child[2081]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 667s [p11_child[2081]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 667s [p11_child[2081]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 667s [p11_child[2081]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 667s [p11_child[2081]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 667s [p11_child[2081]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 667s [p11_child[2081]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 667s [p11_child[2081]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 667s [p11_child[2081]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 667s [p11_child[2081]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 667s [p11_child[2081]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 667s [p11_child[2081]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 667s [p11_child[2081]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 667s [p11_child[2081]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 667s [p11_child[2081]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 667s [p11_child[2081]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 667s [p11_child[2081]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 667s [p11_child[2081]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 667s [p11_child[2081]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 667s [p11_child[2081]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 667s [p11_child[2081]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 667s [p11_child[2081]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 667s [p11_child[2081]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 667s [p11_child[2081]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 667s [p11_child[2081]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 667s [p11_child[2081]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 667s [p11_child[2081]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 667s [p11_child[2081]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 667s [p11_child[2081]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 667s [p11_child[2081]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 667s [p11_child[2081]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 667s [p11_child[2081]] [do_card] (0x4000): Certificate verified and validated. 667s [p11_child[2081]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 667s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-rsACTo/SSSD-child-21280-auth.output 667s + echo '-----BEGIN CERTIFICATE-----' 667s + tail -n1 /tmp/sssd-softhsm2-rsACTo/SSSD-child-21280-auth.output 667s + echo '-----END CERTIFICATE-----' 667s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-rsACTo/SSSD-child-21280-auth.pem 667s Certificate: 667s Data: 667s Version: 3 (0x2) 667s Serial Number: 3 (0x3) 667s Signature Algorithm: sha256WithRSAEncryption 667s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 667s Validity 667s Not Before: Mar 5 00:32:59 2024 GMT 667s Not After : Mar 5 00:32:59 2025 GMT 667s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 667s Subject Public Key Info: 667s Public Key Algorithm: rsaEncryption 667s Public-Key: (1024 bit) 667s Modulus: 667s 00:c7:69:13:f4:6f:37:3a:75:50:7d:5a:be:11:3d: 667s ae:8d:87:0e:08:11:bc:3b:f3:c9:cc:22:75:36:3b: 667s 75:be:2b:16:3c:ea:0d:ac:21:99:30:0c:63:9d:96: 667s d7:d8:22:f5:f8:88:88:62:71:e2:61:02:d4:10:06: 667s 4a:bb:a3:f9:a7:28:79:04:b9:6c:ff:88:74:67:f2: 667s 71:88:2a:b3:9a:93:d8:83:0e:2c:65:22:32:92:7a: 667s 02:9e:f9:5f:8e:2d:4a:f9:1c:2d:4a:aa:37:6d:3d: 667s 9c:fe:fe:5a:fe:08:eb:2b:1f:b5:98:39:27:8e:96: 667s e1:0f:74:95:6f:ac:21:57:03 667s Exponent: 65537 (0x10001) 667s X509v3 extensions: 667s X509v3 Authority Key Identifier: 667s 1A:59:A5:F6:6A:BF:D6:1E:B8:61:4F:36:2A:6F:C2:13:F1:CC:4F:93 667s X509v3 Basic Constraints: 667s CA:FALSE 667s Netscape Cert Type: 667s SSL Client, S/MIME 667s Netscape Comment: 667s Test Organization Root CA trusted Certificate 667s X509v3 Subject Key Identifier: 667s 50:5F:2A:42:F8:E7:B6:EC:4F:A1:40:B5:D4:38:80:05:54:EB:A6:25 667s X509v3 Key Usage: critical 667s Digital Signature, Non Repudiation, Key Encipherment 667s X509v3 Extended Key Usage: 667s TLS Web Client Authentication, E-mail Protection 667s X509v3 Subject Alternative Name: 667s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 667s Signature Algorithm: sha256WithRSAEncryption 667s Signature Value: 667s 2d:0e:4b:49:66:86:e3:39:42:94:88:08:13:f5:55:2e:d2:2c: 667s 2c:29:31:58:1e:96:14:5f:2c:21:5b:6b:1a:74:f1:64:32:c9: 667s bd:23:bd:21:66:21:f2:34:7c:a1:17:09:8a:55:95:5f:ad:e8: 667s bc:f6:f3:b0:d2:42:3a:31:7b:ad:4c:83:b5:92:f8:b8:d3:33: 667s ef:b0:73:59:5e:f0:c5:c3:e2:02:e8:be:c8:82:69:a6:3c:b4: 667s 6b:20:44:dc:e4:50:5c:19:47:28:5c:4b:75:88:53:e0:0c:28: 667s 01:af:f7:af:15:8c:57:29:19:3a:70:fc:44:6f:1c:a4:4d:75: 667s 59:da 667s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-rsACTo/SSSD-child-21280-auth.pem 667s + found_md5=Modulus=C76913F46F373A75507D5ABE113DAE8D870E0811BC3BF3C9CC2275363B75BE2B163CEA0DAC2199300C639D96D7D822F5F888886271E26102D410064ABBA3F9A7287904B96CFF887467F271882AB39A93D8830E2C652232927A029EF95F8E2D4AF91C2D4AAA376D3D9CFEFE5AFE08EB2B1FB59839278E96E10F74956FAC215703 667s + '[' Modulus=C76913F46F373A75507D5ABE113DAE8D870E0811BC3BF3C9CC2275363B75BE2B163CEA0DAC2199300C639D96D7D822F5F888886271E26102D410064ABBA3F9A7287904B96CFF887467F271882AB39A93D8830E2C652232927A029EF95F8E2D4AF91C2D4AAA376D3D9CFEFE5AFE08EB2B1FB59839278E96E10F74956FAC215703 '!=' Modulus=C76913F46F373A75507D5ABE113DAE8D870E0811BC3BF3C9CC2275363B75BE2B163CEA0DAC2199300C639D96D7D822F5F888886271E26102D410064ABBA3F9A7287904B96CFF887467F271882AB39A93D8830E2C652232927A029EF95F8E2D4AF91C2D4AAA376D3D9CFEFE5AFE08EB2B1FB59839278E96E10F74956FAC215703 ']' 667s + valid_certificate /tmp/sssd-softhsm2-rsACTo/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-14273 /tmp/sssd-softhsm2-rsACTo/test-full-chain-CA.pem partial_chain 667s + check_certificate /tmp/sssd-softhsm2-rsACTo/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-14273 /tmp/sssd-softhsm2-rsACTo/test-full-chain-CA.pem partial_chain 667s + local certificate=/tmp/sssd-softhsm2-rsACTo/test-root-CA-trusted-certificate-0001.pem 667s + local key_pass=pass:random-root-ca-trusted-cert-0001-14273 667s + local key_ring=/tmp/sssd-softhsm2-rsACTo/test-full-chain-CA.pem 667s + local verify_option=partial_chain 667s + prepare_softhsm2_card /tmp/sssd-softhsm2-rsACTo/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-14273 667s + local certificate=/tmp/sssd-softhsm2-rsACTo/test-root-CA-trusted-certificate-0001.pem 667s + local key_pass=pass:random-root-ca-trusted-cert-0001-14273 667s + local key_cn 667s + local key_name 667s + local tokens_dir 667s + local output_cert_file 667s + token_name= 667s ++ basename /tmp/sssd-softhsm2-rsACTo/test-root-CA-trusted-certificate-0001.pem .pem 667s + key_name=test-root-CA-trusted-certificate-0001 667s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-rsACTo/test-root-CA-trusted-certificate-0001.pem 667s ++ sed -n 's/ *commonName *= //p' 667s + key_cn='Test Organization Root Trusted Certificate 0001' 667s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 667s Test Organization Root Tr Token 667s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-rsACTo/softhsm2-test-root-CA-trusted-certificate-0001.conf 667s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-rsACTo/softhsm2-test-root-CA-trusted-certificate-0001.conf 667s ++ basename /tmp/sssd-softhsm2-rsACTo/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 667s + tokens_dir=/tmp/sssd-softhsm2-rsACTo/softhsm2-test-root-CA-trusted-certificate-0001 667s + token_name='Test Organization Root Tr Token' 667s + '[' '!' -e /tmp/sssd-softhsm2-rsACTo/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 667s + '[' '!' -d /tmp/sssd-softhsm2-rsACTo/softhsm2-test-root-CA-trusted-certificate-0001 ']' 667s + echo 'Test Organization Root Tr Token' 667s + '[' -n partial_chain ']' 667s + local verify_arg=--verify=partial_chain 667s + local output_base_name=SSSD-child-6038 667s + local output_file=/tmp/sssd-softhsm2-rsACTo/SSSD-child-6038.output 667s + output_cert_file=/tmp/sssd-softhsm2-rsACTo/SSSD-child-6038.pem 667s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-rsACTo/test-full-chain-CA.pem 667s [p11_child[2091]] [main] (0x0400): p11_child started. 667s [p11_child[2091]] [main] (0x2000): Running in [pre-auth] mode. 667s [p11_child[2091]] [main] (0x2000): Running with effective IDs: [0][0]. 667s [p11_child[2091]] [main] (0x2000): Running with real IDs [0][0]. 667s [p11_child[2091]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 667s [p11_child[2091]] [do_card] (0x4000): Module List: 667s [p11_child[2091]] [do_card] (0x4000): common name: [softhsm2]. 667s [p11_child[2091]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 667s [p11_child[2091]] [do_card] (0x4000): Description [SoftHSM slot ID 0x54171b6d] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 667s [p11_child[2091]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 667s [p11_child[2091]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x54171b6d][1410800493] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 667s [p11_child[2091]] [do_card] (0x4000): Login NOT required. 667s [p11_child[2091]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 667s [p11_child[2091]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 667s [p11_child[2091]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Root Tr Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 667s [p11_child[2091]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x54171b6d;slot-manufacturer=SoftHSM%20project;slot-id=1410800493;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=cd1ef49754171b6d;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 667s [p11_child[2091]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 667s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-rsACTo/SSSD-child-6038.output 667s + echo '-----BEGIN CERTIFICATE-----' 667s + tail -n1 /tmp/sssd-softhsm2-rsACTo/SSSD-child-6038.output 667s + echo '-----END CERTIFICATE-----' 667s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-rsACTo/SSSD-child-6038.pem 667s Certificate: 667s Data: 667s Version: 3 (0x2) 667s Serial Number: 3 (0x3) 667s Signature Algorithm: sha256WithRSAEncryption 667s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 667s Validity 667s Not Before: Mar 5 00:32:59 2024 GMT 667s Not After : Mar 5 00:32:59 2025 GMT 667s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 667s Subject Public Key Info: 667s Public Key Algorithm: rsaEncryption 667s Public-Key: (1024 bit) 667s Modulus: 667s 00:c7:69:13:f4:6f:37:3a:75:50:7d:5a:be:11:3d: 667s ae:8d:87:0e:08:11:bc:3b:f3:c9:cc:22:75:36:3b: 667s 75:be:2b:16:3c:ea:0d:ac:21:99:30:0c:63:9d:96: 667s d7:d8:22:f5:f8:88:88:62:71:e2:61:02:d4:10:06: 667s 4a:bb:a3:f9:a7:28:79:04:b9:6c:ff:88:74:67:f2: 667s 71:88:2a:b3:9a:93:d8:83:0e:2c:65:22:32:92:7a: 667s 02:9e:f9:5f:8e:2d:4a:f9:1c:2d:4a:aa:37:6d:3d: 667s 9c:fe:fe:5a:fe:08:eb:2b:1f:b5:98:39:27:8e:96: 667s e1:0f:74:95:6f:ac:21:57:03 667s Exponent: 65537 (0x10001) 667s X509v3 extensions: 667s X509v3 Authority Key Identifier: 667s 1A:59:A5:F6:6A:BF:D6:1E:B8:61:4F:36:2A:6F:C2:13:F1:CC:4F:93 667s X509v3 Basic Constraints: 667s CA:FALSE 667s Netscape Cert Type: 667s SSL Client, S/MIME 667s Netscape Comment: 667s Test Organization Root CA trusted Certificate 667s X509v3 Subject Key Identifier: 667s 50:5F:2A:42:F8:E7:B6:EC:4F:A1:40:B5:D4:38:80:05:54:EB:A6:25 667s X509v3 Key Usage: critical 667s Digital Signature, Non Repudiation, Key Encipherment 667s X509v3 Extended Key Usage: 667s TLS Web Client Authentication, E-mail Protection 667s X509v3 Subject Alternative Name: 667s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 667s Signature Algorithm: sha256WithRSAEncryption 667s Signature Value: 667s 2d:0e:4b:49:66:86:e3:39:42:94:88:08:13:f5:55:2e:d2:2c: 667s 2c:29:31:58:1e:96:14:5f:2c:21:5b:6b:1a:74:f1:64:32:c9: 667s bd:23:bd:21:66:21:f2:34:7c:a1:17:09:8a:55:95:5f:ad:e8: 667s bc:f6:f3:b0:d2:42:3a:31:7b:ad:4c:83:b5:92:f8:b8:d3:33: 667s ef:b0:73:59:5e:f0:c5:c3:e2:02:e8:be:c8:82:69:a6:3c:b4: 667s 6b:20:44:dc:e4:50:5c:19:47:28:5c:4b:75:88:53:e0:0c:28: 667s 01:af:f7:af:15:8c:57:29:19:3a:70:fc:44:6f:1c:a4:4d:75: 667s 59:da 667s + local found_md5 expected_md5 667s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-rsACTo/test-root-CA-trusted-certificate-0001.pem 667s + expected_md5=Modulus=C76913F46F373A75507D5ABE113DAE8D870E0811BC3BF3C9CC2275363B75BE2B163CEA0DAC2199300C639D96D7D822F5F888886271E26102D410064ABBA3F9A7287904B96CFF887467F271882AB39A93D8830E2C652232927A029EF95F8E2D4AF91C2D4AAA376D3D9CFEFE5AFE08EB2B1FB59839278E96E10F74956FAC215703 667s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-rsACTo/SSSD-child-6038.pem 667s + found_md5=Modulus=C76913F46F373A75507D5ABE113DAE8D870E0811BC3BF3C9CC2275363B75BE2B163CEA0DAC2199300C639D96D7D822F5F888886271E26102D410064ABBA3F9A7287904B96CFF887467F271882AB39A93D8830E2C652232927A029EF95F8E2D4AF91C2D4AAA376D3D9CFEFE5AFE08EB2B1FB59839278E96E10F74956FAC215703 667s + '[' Modulus=C76913F46F373A75507D5ABE113DAE8D870E0811BC3BF3C9CC2275363B75BE2B163CEA0DAC2199300C639D96D7D822F5F888886271E26102D410064ABBA3F9A7287904B96CFF887467F271882AB39A93D8830E2C652232927A029EF95F8E2D4AF91C2D4AAA376D3D9CFEFE5AFE08EB2B1FB59839278E96E10F74956FAC215703 '!=' Modulus=C76913F46F373A75507D5ABE113DAE8D870E0811BC3BF3C9CC2275363B75BE2B163CEA0DAC2199300C639D96D7D822F5F888886271E26102D410064ABBA3F9A7287904B96CFF887467F271882AB39A93D8830E2C652232927A029EF95F8E2D4AF91C2D4AAA376D3D9CFEFE5AFE08EB2B1FB59839278E96E10F74956FAC215703 ']' 667s + output_file=/tmp/sssd-softhsm2-rsACTo/SSSD-child-6038-auth.output 667s ++ basename /tmp/sssd-softhsm2-rsACTo/SSSD-child-6038-auth.output .output 667s + output_cert_file=/tmp/sssd-softhsm2-rsACTo/SSSD-child-6038-auth.pem 667s + echo -n 053350 667s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-rsACTo/test-full-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Root Tr Token' --module_name /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so 667s [p11_child[2099]] [main] (0x0400): p11_child started. 667s [p11_child[2099]] [main] (0x2000): Running in [auth] mode. 667s [p11_child[2099]] [main] (0x2000): Running with effective IDs: [0][0]. 667s [p11_child[2099]] [main] (0x2000): Running with real IDs [0][0]. 667s [p11_child[2099]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 667s [p11_child[2099]] [do_card] (0x4000): Module List: 667s [p11_child[2099]] [do_card] (0x4000): common name: [softhsm2]. 667s [p11_child[2099]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 667s [p11_child[2099]] [do_card] (0x4000): Description [SoftHSM slot ID 0x54171b6d] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 667s [p11_child[2099]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 667s [p11_child[2099]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x54171b6d][1410800493] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 667s [p11_child[2099]] [do_card] (0x4000): Login required. 667s [p11_child[2099]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 667s [p11_child[2099]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 667s [p11_child[2099]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so Test Organization Root Tr Token Test Organization Root Tr Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 667s [p11_child[2099]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x54171b6d;slot-manufacturer=SoftHSM%20project;slot-id=1410800493;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=cd1ef49754171b6d;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 667s [p11_child[2099]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 667s [p11_child[2099]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 667s [p11_child[2099]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 667s [p11_child[2099]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 667s [p11_child[2099]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 667s [p11_child[2099]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 667s [p11_child[2099]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 667s [p11_child[2099]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 667s [p11_child[2099]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 667s [p11_child[2099]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 667s [p11_child[2099]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 667s [p11_child[2099]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 667s [p11_child[2099]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 667s [p11_child[2099]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 667s [p11_child[2099]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 667s [p11_child[2099]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 667s [p11_child[2099]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 667s [p11_child[2099]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 667s [p11_child[2099]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 667s [p11_child[2099]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 667s [p11_child[2099]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 667s [p11_child[2099]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 667s [p11_child[2099]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 667s [p11_child[2099]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 667s [p11_child[2099]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 667s [p11_child[2099]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 667s [p11_child[2099]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 667s [p11_child[2099]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 667s [p11_child[2099]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 667s [p11_child[2099]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 667s [p11_child[2099]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 667s [p11_child[2099]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 667s [p11_child[2099]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 667s [p11_child[2099]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 667s [p11_child[2099]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 667s [p11_child[2099]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 667s [p11_child[2099]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 667s [p11_child[2099]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 667s [p11_child[2099]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 667s [p11_child[2099]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 667s [p11_child[2099]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 667s [p11_child[2099]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 667s [p11_child[2099]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 667s [p11_child[2099]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 667s [p11_child[2099]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 667s [p11_child[2099]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 667s [p11_child[2099]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 667s [p11_child[2099]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 667s [p11_child[2099]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 667s [p11_child[2099]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 667s [p11_child[2099]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 667s [p11_child[2099]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 667s [p11_child[2099]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 667s [p11_child[2099]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 667s [p11_child[2099]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 667s [p11_child[2099]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 667s [p11_child[2099]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 667s [p11_child[2099]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 667s [p11_child[2099]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 667s [p11_child[2099]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 667s [p11_child[2099]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 667s [p11_child[2099]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 667s [p11_child[2099]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 667s [p11_child[2099]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 667s [p11_child[2099]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 667s [p11_child[2099]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 667s [p11_child[2099]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 667s [p11_child[2099]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 667s [p11_child[2099]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 667s [p11_child[2099]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 667s [p11_child[2099]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 667s [p11_child[2099]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 667s [p11_child[2099]] [do_card] (0x4000): Certificate verified and validated. 667s [p11_child[2099]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 667s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-rsACTo/SSSD-child-6038-auth.output 667s + echo '-----BEGIN CERTIFICATE-----' 667s + tail -n1 /tmp/sssd-softhsm2-rsACTo/SSSD-child-6038-auth.output 667s + echo '-----END CERTIFICATE-----' 667s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-rsACTo/SSSD-child-6038-auth.pem 667s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-rsACTo/SSSD-child-6038-auth.pem 667s Certificate: 667s Data: 667s Version: 3 (0x2) 667s Serial Number: 3 (0x3) 667s Signature Algorithm: sha256WithRSAEncryption 667s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 667s Validity 667s Not Before: Mar 5 00:32:59 2024 GMT 667s Not After : Mar 5 00:32:59 2025 GMT 667s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 667s Subject Public Key Info: 667s Public Key Algorithm: rsaEncryption 667s Public-Key: (1024 bit) 667s Modulus: 667s 00:c7:69:13:f4:6f:37:3a:75:50:7d:5a:be:11:3d: 667s ae:8d:87:0e:08:11:bc:3b:f3:c9:cc:22:75:36:3b: 667s 75:be:2b:16:3c:ea:0d:ac:21:99:30:0c:63:9d:96: 667s d7:d8:22:f5:f8:88:88:62:71:e2:61:02:d4:10:06: 667s 4a:bb:a3:f9:a7:28:79:04:b9:6c:ff:88:74:67:f2: 667s 71:88:2a:b3:9a:93:d8:83:0e:2c:65:22:32:92:7a: 667s 02:9e:f9:5f:8e:2d:4a:f9:1c:2d:4a:aa:37:6d:3d: 667s 9c:fe:fe:5a:fe:08:eb:2b:1f:b5:98:39:27:8e:96: 667s e1:0f:74:95:6f:ac:21:57:03 667s Exponent: 65537 (0x10001) 667s X509v3 extensions: 667s X509v3 Authority Key Identifier: 667s 1A:59:A5:F6:6A:BF:D6:1E:B8:61:4F:36:2A:6F:C2:13:F1:CC:4F:93 667s X509v3 Basic Constraints: 667s CA:FALSE 667s Netscape Cert Type: 667s SSL Client, S/MIME 667s Netscape Comment: 667s Test Organization Root CA trusted Certificate 667s X509v3 Subject Key Identifier: 667s 50:5F:2A:42:F8:E7:B6:EC:4F:A1:40:B5:D4:38:80:05:54:EB:A6:25 667s X509v3 Key Usage: critical 667s Digital Signature, Non Repudiation, Key Encipherment 667s X509v3 Extended Key Usage: 667s TLS Web Client Authentication, E-mail Protection 667s X509v3 Subject Alternative Name: 667s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 667s Signature Algorithm: sha256WithRSAEncryption 667s Signature Value: 667s 2d:0e:4b:49:66:86:e3:39:42:94:88:08:13:f5:55:2e:d2:2c: 667s 2c:29:31:58:1e:96:14:5f:2c:21:5b:6b:1a:74:f1:64:32:c9: 667s bd:23:bd:21:66:21:f2:34:7c:a1:17:09:8a:55:95:5f:ad:e8: 667s bc:f6:f3:b0:d2:42:3a:31:7b:ad:4c:83:b5:92:f8:b8:d3:33: 667s ef:b0:73:59:5e:f0:c5:c3:e2:02:e8:be:c8:82:69:a6:3c:b4: 667s 6b:20:44:dc:e4:50:5c:19:47:28:5c:4b:75:88:53:e0:0c:28: 667s 01:af:f7:af:15:8c:57:29:19:3a:70:fc:44:6f:1c:a4:4d:75: 667s 59:da 667s + found_md5=Modulus=C76913F46F373A75507D5ABE113DAE8D870E0811BC3BF3C9CC2275363B75BE2B163CEA0DAC2199300C639D96D7D822F5F888886271E26102D410064ABBA3F9A7287904B96CFF887467F271882AB39A93D8830E2C652232927A029EF95F8E2D4AF91C2D4AAA376D3D9CFEFE5AFE08EB2B1FB59839278E96E10F74956FAC215703 667s + '[' Modulus=C76913F46F373A75507D5ABE113DAE8D870E0811BC3BF3C9CC2275363B75BE2B163CEA0DAC2199300C639D96D7D822F5F888886271E26102D410064ABBA3F9A7287904B96CFF887467F271882AB39A93D8830E2C652232927A029EF95F8E2D4AF91C2D4AAA376D3D9CFEFE5AFE08EB2B1FB59839278E96E10F74956FAC215703 '!=' Modulus=C76913F46F373A75507D5ABE113DAE8D870E0811BC3BF3C9CC2275363B75BE2B163CEA0DAC2199300C639D96D7D822F5F888886271E26102D410064ABBA3F9A7287904B96CFF887467F271882AB39A93D8830E2C652232927A029EF95F8E2D4AF91C2D4AAA376D3D9CFEFE5AFE08EB2B1FB59839278E96E10F74956FAC215703 ']' 667s + invalid_certificate /tmp/sssd-softhsm2-rsACTo/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-14273 /tmp/sssd-softhsm2-rsACTo/test-intermediate-CA.pem 667s + check_certificate /tmp/sssd-softhsm2-rsACTo/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-14273 /tmp/sssd-softhsm2-rsACTo/test-intermediate-CA.pem 667s + local certificate=/tmp/sssd-softhsm2-rsACTo/test-root-CA-trusted-certificate-0001.pem 667s + local key_pass=pass:random-root-ca-trusted-cert-0001-14273 667s + local key_ring=/tmp/sssd-softhsm2-rsACTo/test-intermediate-CA.pem 667s + local verify_option= 667s + prepare_softhsm2_card /tmp/sssd-softhsm2-rsACTo/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-14273 667s + local certificate=/tmp/sssd-softhsm2-rsACTo/test-root-CA-trusted-certificate-0001.pem 667s + local key_pass=pass:random-root-ca-trusted-cert-0001-14273 667s + local key_cn 667s + local key_name 667s + local tokens_dir 667s + local output_cert_file 667s + token_name= 667s ++ basename /tmp/sssd-softhsm2-rsACTo/test-root-CA-trusted-certificate-0001.pem .pem 667s + key_name=test-root-CA-trusted-certificate-0001 667s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-rsACTo/test-root-CA-trusted-certificate-0001.pem 667s ++ sed -n 's/ *commonName *= //p' 667s + key_cn='Test Organization Root Trusted Certificate 0001' 667s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 667s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-rsACTo/softhsm2-test-root-CA-trusted-certificate-0001.conf 667s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-rsACTo/softhsm2-test-root-CA-trusted-certificate-0001.conf 667s ++ basename /tmp/sssd-softhsm2-rsACTo/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 667s + tokens_dir=/tmp/sssd-softhsm2-rsACTo/softhsm2-test-root-CA-trusted-certificate-0001 667s + token_name='Test Organization Root Tr Token' 667s + '[' '!' -e /tmp/sssd-softhsm2-rsACTo/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 667s + '[' '!' -d /tmp/sssd-softhsm2-rsACTo/softhsm2-test-root-CA-trusted-certificate-0001 ']' 667s + echo 'Test Organization Root Tr Token' 667s Test Organization Root Tr Token 667s + '[' -n '' ']' 667s + local output_base_name=SSSD-child-14418 667s + local output_file=/tmp/sssd-softhsm2-rsACTo/SSSD-child-14418.output 667s + output_cert_file=/tmp/sssd-softhsm2-rsACTo/SSSD-child-14418.pem 667s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-rsACTo/test-intermediate-CA.pem 667s [p11_child[2109]] [main] (0x0400): p11_child started. 667s [p11_child[2109]] [main] (0x2000): Running in [pre-auth] mode. 667s [p11_child[2109]] [main] (0x2000): Running with effective IDs: [0][0]. 667s [p11_child[2109]] [main] (0x2000): Running with real IDs [0][0]. 667s [p11_child[2109]] [do_card] (0x4000): Module List: 667s [p11_child[2109]] [do_card] (0x4000): common name: [softhsm2]. 667s [p11_child[2109]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 667s [p11_child[2109]] [do_card] (0x4000): Description [SoftHSM slot ID 0x54171b6d] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 667s [p11_child[2109]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 667s [p11_child[2109]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x54171b6d][1410800493] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 667s [p11_child[2109]] [do_card] (0x4000): Login NOT required. 667s [p11_child[2109]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 667s [p11_child[2109]] [do_verification] (0x0040): X509_verify_cert failed [0]. 667s [p11_child[2109]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 667s [p11_child[2109]] [read_certs] (0x0040): Certificate [Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] not valid, skipping. 667s [p11_child[2109]] [do_card] (0x4000): No certificate found. 667s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-rsACTo/SSSD-child-14418.output 667s + return 2 667s + invalid_certificate /tmp/sssd-softhsm2-rsACTo/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-14273 /tmp/sssd-softhsm2-rsACTo/test-intermediate-CA.pem partial_chain 667s + check_certificate /tmp/sssd-softhsm2-rsACTo/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-14273 /tmp/sssd-softhsm2-rsACTo/test-intermediate-CA.pem partial_chain 667s + local certificate=/tmp/sssd-softhsm2-rsACTo/test-root-CA-trusted-certificate-0001.pem 667s + local key_pass=pass:random-root-ca-trusted-cert-0001-14273 667s + local key_ring=/tmp/sssd-softhsm2-rsACTo/test-intermediate-CA.pem 667s + local verify_option=partial_chain 667s + prepare_softhsm2_card /tmp/sssd-softhsm2-rsACTo/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-14273 667s + local certificate=/tmp/sssd-softhsm2-rsACTo/test-root-CA-trusted-certificate-0001.pem 667s + local key_pass=pass:random-root-ca-trusted-cert-0001-14273 667s + local key_cn 667s + local key_name 667s + local tokens_dir 667s + local output_cert_file 667s + token_name= 667s ++ basename /tmp/sssd-softhsm2-rsACTo/test-root-CA-trusted-certificate-0001.pem .pem 667s + key_name=test-root-CA-trusted-certificate-0001 667s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-rsACTo/test-root-CA-trusted-certificate-0001.pem 667s ++ sed -n 's/ *commonName *= //p' 667s + key_cn='Test Organization Root Trusted Certificate 0001' 667s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 667s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-rsACTo/softhsm2-test-root-CA-trusted-certificate-0001.conf 667s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-rsACTo/softhsm2-test-root-CA-trusted-certificate-0001.conf 667s ++ basename /tmp/sssd-softhsm2-rsACTo/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 667s + tokens_dir=/tmp/sssd-softhsm2-rsACTo/softhsm2-test-root-CA-trusted-certificate-0001 667s + token_name='Test Organization Root Tr Token' 667s + '[' '!' -e /tmp/sssd-softhsm2-rsACTo/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 667s + '[' '!' -d /tmp/sssd-softhsm2-rsACTo/softhsm2-test-root-CA-trusted-certificate-0001 ']' 667s Test Organization Root Tr Token 667s + echo 'Test Organization Root Tr Token' 667s + '[' -n partial_chain ']' 667s + local verify_arg=--verify=partial_chain 667s + local output_base_name=SSSD-child-4388 667s + local output_file=/tmp/sssd-softhsm2-rsACTo/SSSD-child-4388.output 667s + output_cert_file=/tmp/sssd-softhsm2-rsACTo/SSSD-child-4388.pem 667s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-rsACTo/test-intermediate-CA.pem 667s [p11_child[2116]] [main] (0x0400): p11_child started. 667s [p11_child[2116]] [main] (0x2000): Running in [pre-auth] mode. 667s [p11_child[2116]] [main] (0x2000): Running with effective IDs: [0][0]. 667s [p11_child[2116]] [main] (0x2000): Running with real IDs [0][0]. 667s [p11_child[2116]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 667s [p11_child[2116]] [do_card] (0x4000): Module List: 667s [p11_child[2116]] [do_card] (0x4000): common name: [softhsm2]. 667s [p11_child[2116]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 667s [p11_child[2116]] [do_card] (0x4000): Description [SoftHSM slot ID 0x54171b6d] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 667s [p11_child[2116]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 667s [p11_child[2116]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x54171b6d][1410800493] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 667s [p11_child[2116]] [do_card] (0x4000): Login NOT required. 667s [p11_child[2116]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 667s [p11_child[2116]] [do_verification] (0x0040): X509_verify_cert failed [0]. 667s [p11_child[2116]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 667s [p11_child[2116]] [read_certs] (0x0040): Certificate [Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] not valid, skipping. 667s [p11_child[2116]] [do_card] (0x4000): No certificate found. 667s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-rsACTo/SSSD-child-4388.output 667s + return 2 667s + invalid_certificate /tmp/sssd-softhsm2-rsACTo/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-25038 /dev/null 667s + check_certificate /tmp/sssd-softhsm2-rsACTo/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-25038 /dev/null 667s + local certificate=/tmp/sssd-softhsm2-rsACTo/test-intermediate-CA-trusted-certificate-0001.pem 667s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-25038 667s + local key_ring=/dev/null 667s + local verify_option= 667s + prepare_softhsm2_card /tmp/sssd-softhsm2-rsACTo/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-25038 667s + local certificate=/tmp/sssd-softhsm2-rsACTo/test-intermediate-CA-trusted-certificate-0001.pem 667s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-25038 667s + local key_cn 667s + local key_name 667s + local tokens_dir 667s + local output_cert_file 667s + token_name= 667s ++ basename /tmp/sssd-softhsm2-rsACTo/test-intermediate-CA-trusted-certificate-0001.pem .pem 667s + key_name=test-intermediate-CA-trusted-certificate-0001 667s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-rsACTo/test-intermediate-CA-trusted-certificate-0001.pem 667s ++ sed -n 's/ *commonName *= //p' 667s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 667s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 667s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-rsACTo/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 667s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-rsACTo/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 667s ++ basename /tmp/sssd-softhsm2-rsACTo/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 667s + tokens_dir=/tmp/sssd-softhsm2-rsACTo/softhsm2-test-intermediate-CA-trusted-certificate-0001 667s + token_name='Test Organization Interme Token' 667s + '[' '!' -e /tmp/sssd-softhsm2-rsACTo/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 667s + local key_file 667s + local decrypted_key 667s + mkdir -p /tmp/sssd-softhsm2-rsACTo/softhsm2-test-intermediate-CA-trusted-certificate-0001 667s + key_file=/tmp/sssd-softhsm2-rsACTo/test-intermediate-CA-trusted-certificate-0001-key.pem 667s + decrypted_key=/tmp/sssd-softhsm2-rsACTo/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 667s + cat 667s + softhsm2-util --init-token --label 'Test Organization Interme Token' --pin 053350 --so-pin 053350 --free 667s + softhsm2-util --show-slots 667s Slot 0 has a free/uninitialized token. 667s The token has been initialized and is reassigned to slot 1864369106 667s Available slots: 667s Slot 1864369106 667s Slot info: 667s Description: SoftHSM slot ID 0x6f2003d2 667s Manufacturer ID: SoftHSM project 667s Hardware version: 2.6 667s Firmware version: 2.6 667s Token present: yes 667s Token info: 667s Manufacturer ID: SoftHSM project 667s Model: SoftHSM v2 667s Hardware version: 2.6 667s Firmware version: 2.6 667s Serial number: defa04e76f2003d2 667s Initialized: yes 667s User PIN init.: yes 667s Label: Test Organization Interme Token 667s Slot 1 667s Slot info: 667s Description: SoftHSM slot ID 0x1 667s Manufacturer ID: SoftHSM project 667s Hardware version: 2.6 667s Firmware version: 2.6 667s Token present: yes 667s Token info: 667s Manufacturer ID: SoftHSM project 667s Model: SoftHSM v2 667s Hardware version: 2.6 667s Firmware version: 2.6 667s Serial number: 667s Initialized: no 667s User PIN init.: no 667s Label: 667s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=/tmp/sssd-softhsm2-rsACTo/test-intermediate-CA-trusted-certificate-0001.pem --login --set-pin=053350 --label 'Test Organization Intermediate Trusted Certificate 0001' --id 00112233445566778899FFAABBCCDDEEFF012345 667s + openssl rsa -passin pass:random-intermediate-ca-trusted-cert-0001-25038 -in /tmp/sssd-softhsm2-rsACTo/test-intermediate-CA-trusted-certificate-0001-key.pem -out /tmp/sssd-softhsm2-rsACTo/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 667s writing RSA key 667s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --write --load-privkey=/tmp/sssd-softhsm2-rsACTo/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem --login --set-pin=053350 --label 'Test Organization Intermediate Trusted Certificate 0001 Key' --id 00112233445566778899FFAABBCCDDEEFF012345 667s + rm /tmp/sssd-softhsm2-rsACTo/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 667s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --list-all 667s Object 0: 667s URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=defa04e76f2003d2;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert 667s Type: X.509 Certificate (RSA-1024) 667s Expires: Wed Mar 5 00:32:59 2025 667s Label: Test Organization Intermediate Trusted Certificate 0001 667s ID: 00:11:22:33:44:55:66:77:88:99:ff:aa:bb:cc:dd:ee:ff:01:23:45 667s 667s + echo 'Test Organization Interme Token' 667s Test Organization Interme Token 667s + '[' -n '' ']' 667s + local output_base_name=SSSD-child-13606 667s + local output_file=/tmp/sssd-softhsm2-rsACTo/SSSD-child-13606.output 667s + output_cert_file=/tmp/sssd-softhsm2-rsACTo/SSSD-child-13606.pem 667s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/dev/null 667s [p11_child[2132]] [main] (0x0400): p11_child started. 667s [p11_child[2132]] [main] (0x2000): Running in [pre-auth] mode. 667s [p11_child[2132]] [main] (0x2000): Running with effective IDs: [0][0]. 667s [p11_child[2132]] [main] (0x2000): Running with real IDs [0][0]. 667s [p11_child[2132]] [init_verification] (0x0040): X509_LOOKUP_load_file [/dev/null] failed [92274824][error:05800088:x509 certificate routines::no certificate or crl found]. 667s [p11_child[2132]] [do_work] (0x0040): init_verification failed. 667s [p11_child[2132]] [main] (0x0020): p11_child failed (5) 667s + return 2 667s + valid_certificate /tmp/sssd-softhsm2-rsACTo/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-25038 /dev/null no_verification 667s + check_certificate /tmp/sssd-softhsm2-rsACTo/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-25038 /dev/null no_verification 667s + local certificate=/tmp/sssd-softhsm2-rsACTo/test-intermediate-CA-trusted-certificate-0001.pem 667s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-25038 667s + local key_ring=/dev/null 667s + local verify_option=no_verification 667s + prepare_softhsm2_card /tmp/sssd-softhsm2-rsACTo/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-25038 667s + local certificate=/tmp/sssd-softhsm2-rsACTo/test-intermediate-CA-trusted-certificate-0001.pem 667s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-25038 667s + local key_cn 667s + local key_name 667s + local tokens_dir 667s + local output_cert_file 667s + token_name= 667s ++ basename /tmp/sssd-softhsm2-rsACTo/test-intermediate-CA-trusted-certificate-0001.pem .pem 667s + key_name=test-intermediate-CA-trusted-certificate-0001 667s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-rsACTo/test-intermediate-CA-trusted-certificate-0001.pem 667s ++ sed -n 's/ *commonName *= //p' 667s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 667s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 667s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-rsACTo/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 667s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-rsACTo/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 667s ++ basename /tmp/sssd-softhsm2-rsACTo/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 667s + tokens_dir=/tmp/sssd-softhsm2-rsACTo/softhsm2-test-intermediate-CA-trusted-certificate-0001 667s + token_name='Test Organization Interme Token' 667s + '[' '!' -e /tmp/sssd-softhsm2-rsACTo/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 667s Test Organization Interme Token 667s + '[' '!' -d /tmp/sssd-softhsm2-rsACTo/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 667s + echo 'Test Organization Interme Token' 667s + '[' -n no_verification ']' 667s + local verify_arg=--verify=no_verification 667s + local output_base_name=SSSD-child-24813 667s + local output_file=/tmp/sssd-softhsm2-rsACTo/SSSD-child-24813.output 667s + output_cert_file=/tmp/sssd-softhsm2-rsACTo/SSSD-child-24813.pem 667s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --verify=no_verification --ca_db=/dev/null 667s [p11_child[2138]] [main] (0x0400): p11_child started. 667s [p11_child[2138]] [main] (0x2000): Running in [pre-auth] mode. 667s [p11_child[2138]] [main] (0x2000): Running with effective IDs: [0][0]. 667s [p11_child[2138]] [main] (0x2000): Running with real IDs [0][0]. 667s [p11_child[2138]] [parse_cert_verify_opts] (0x0020): Found 'no_verification' option, disabling verification completely. This should not be used in production. 667s [p11_child[2138]] [do_card] (0x4000): Module List: 667s [p11_child[2138]] [do_card] (0x4000): common name: [softhsm2]. 667s [p11_child[2138]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 667s [p11_child[2138]] [do_card] (0x4000): Description [SoftHSM slot ID 0x6f2003d2] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 667s [p11_child[2138]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 667s [p11_child[2138]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x6f2003d2][1864369106] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 667s [p11_child[2138]] [do_card] (0x4000): Login NOT required. 667s [p11_child[2138]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 667s [p11_child[2138]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Interme Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 667s [p11_child[2138]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x6f2003d2;slot-manufacturer=SoftHSM%20project;slot-id=1864369106;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=defa04e76f2003d2;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 667s [p11_child[2138]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 667s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-rsACTo/SSSD-child-24813.output 667s + echo '-----BEGIN CERTIFICATE-----' 667s + tail -n1 /tmp/sssd-softhsm2-rsACTo/SSSD-child-24813.output 667s + echo '-----END CERTIFICATE-----' 667s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-rsACTo/SSSD-child-24813.pem 667s + local found_md5 expected_md5 667s Certificate: 667s Data: 667s Version: 3 (0x2) 667s Serial Number: 4 (0x4) 667s Signature Algorithm: sha256WithRSAEncryption 667s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 667s Validity 667s Not Before: Mar 5 00:32:59 2024 GMT 667s Not After : Mar 5 00:32:59 2025 GMT 667s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 667s Subject Public Key Info: 667s Public Key Algorithm: rsaEncryption 667s Public-Key: (1024 bit) 667s Modulus: 667s 00:b2:e5:97:f3:72:5f:52:96:66:7b:72:41:eb:e3: 667s 5d:00:35:ef:71:f0:0f:6b:b7:ed:44:98:85:54:ef: 667s cd:fa:a3:11:71:48:f9:16:06:59:fc:d8:e3:9d:9f: 667s c4:c9:46:11:8c:8e:85:17:89:be:fe:ee:f2:38:f6: 667s 06:f3:f3:72:63:68:b0:bf:36:35:54:3c:b2:a7:be: 667s 50:63:f0:97:0d:0a:65:65:30:a7:7f:1e:aa:60:cb: 667s 92:16:b7:61:0d:9b:64:6f:9d:a0:8e:53:a5:2d:15: 667s 09:5a:69:a7:76:dd:1a:a9:b7:46:c0:1d:2b:41:d4: 667s 74:d9:db:7c:d3:97:9a:cb:ff 667s Exponent: 65537 (0x10001) 667s X509v3 extensions: 667s X509v3 Authority Key Identifier: 667s 8A:C7:FC:AC:82:67:46:7B:93:36:0A:20:20:0A:A3:19:AA:B1:69:AB 667s X509v3 Basic Constraints: 667s CA:FALSE 667s Netscape Cert Type: 667s SSL Client, S/MIME 667s Netscape Comment: 667s Test Organization Intermediate CA trusted Certificate 667s X509v3 Subject Key Identifier: 667s 68:86:F2:0F:B1:52:B4:97:09:64:D9:49:BB:CC:4E:00:3A:73:9E:A1 667s X509v3 Key Usage: critical 667s Digital Signature, Non Repudiation, Key Encipherment 667s X509v3 Extended Key Usage: 667s TLS Web Client Authentication, E-mail Protection 667s X509v3 Subject Alternative Name: 667s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 667s Signature Algorithm: sha256WithRSAEncryption 667s Signature Value: 667s 46:2c:3b:cc:b5:f4:b1:85:1d:e1:03:51:2a:4c:25:df:2b:bc: 667s 37:97:fc:3e:b9:b6:43:cc:de:1d:dd:16:e3:4c:ee:72:e6:2b: 667s e8:07:02:80:8b:7e:17:df:7f:50:51:ed:5f:de:1f:6c:ce:03: 667s 5d:75:34:8f:5a:c5:09:d1:92:cd:72:38:40:57:d5:5e:4a:6b: 667s f8:4d:4c:84:b9:13:0e:45:4c:02:c9:36:4f:b0:c3:66:8c:0e: 667s c6:63:b9:30:15:0a:da:c4:12:da:51:7f:06:a5:cc:70:04:51: 667s df:de:36:a7:7b:24:b8:c8:f9:19:a3:43:34:bc:b2:69:c9:29: 667s 65:c2 667s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-rsACTo/test-intermediate-CA-trusted-certificate-0001.pem 667s + expected_md5=Modulus=B2E597F3725F5296667B7241EBE35D0035EF71F00F6BB7ED44988554EFCDFAA3117148F9160659FCD8E39D9FC4C946118C8E851789BEFEEEF238F606F3F3726368B0BF3635543CB2A7BE5063F0970D0A656530A77F1EAA60CB9216B7610D9B646F9DA08E53A52D15095A69A776DD1AA9B746C01D2B41D474D9DB7CD3979ACBFF 667s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-rsACTo/SSSD-child-24813.pem 667s + found_md5=Modulus=B2E597F3725F5296667B7241EBE35D0035EF71F00F6BB7ED44988554EFCDFAA3117148F9160659FCD8E39D9FC4C946118C8E851789BEFEEEF238F606F3F3726368B0BF3635543CB2A7BE5063F0970D0A656530A77F1EAA60CB9216B7610D9B646F9DA08E53A52D15095A69A776DD1AA9B746C01D2B41D474D9DB7CD3979ACBFF 667s + '[' Modulus=B2E597F3725F5296667B7241EBE35D0035EF71F00F6BB7ED44988554EFCDFAA3117148F9160659FCD8E39D9FC4C946118C8E851789BEFEEEF238F606F3F3726368B0BF3635543CB2A7BE5063F0970D0A656530A77F1EAA60CB9216B7610D9B646F9DA08E53A52D15095A69A776DD1AA9B746C01D2B41D474D9DB7CD3979ACBFF '!=' Modulus=B2E597F3725F5296667B7241EBE35D0035EF71F00F6BB7ED44988554EFCDFAA3117148F9160659FCD8E39D9FC4C946118C8E851789BEFEEEF238F606F3F3726368B0BF3635543CB2A7BE5063F0970D0A656530A77F1EAA60CB9216B7610D9B646F9DA08E53A52D15095A69A776DD1AA9B746C01D2B41D474D9DB7CD3979ACBFF ']' 667s + output_file=/tmp/sssd-softhsm2-rsACTo/SSSD-child-24813-auth.output 667s ++ basename /tmp/sssd-softhsm2-rsACTo/SSSD-child-24813-auth.output .output 667s + output_cert_file=/tmp/sssd-softhsm2-rsACTo/SSSD-child-24813-auth.pem 667s + echo -n 053350 667s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/dev/null --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=no_verification --token_name 'Test Organization Interme Token' --module_name /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so 667s [p11_child[2146]] [main] (0x0400): p11_child started. 667s [p11_child[2146]] [main] (0x2000): Running in [auth] mode. 667s [p11_child[2146]] [main] (0x2000): Running with effective IDs: [0][0]. 667s [p11_child[2146]] [main] (0x2000): Running with real IDs [0][0]. 667s [p11_child[2146]] [parse_cert_verify_opts] (0x0020): Found 'no_verification' option, disabling verification completely. This should not be used in production. 667s [p11_child[2146]] [do_card] (0x4000): Module List: 667s [p11_child[2146]] [do_card] (0x4000): common name: [softhsm2]. 667s [p11_child[2146]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 667s [p11_child[2146]] [do_card] (0x4000): Description [SoftHSM slot ID 0x6f2003d2] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 667s [p11_child[2146]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 667s [p11_child[2146]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x6f2003d2][1864369106] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 667s [p11_child[2146]] [do_card] (0x4000): Login required. 667s [p11_child[2146]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 667s [p11_child[2146]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so Test Organization Interme Token Test Organization Interme Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 667s [p11_child[2146]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x6f2003d2;slot-manufacturer=SoftHSM%20project;slot-id=1864369106;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=defa04e76f2003d2;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 667s [p11_child[2146]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 667s [p11_child[2146]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 667s [p11_child[2146]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 667s [p11_child[2146]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 667s [p11_child[2146]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 667s [p11_child[2146]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 667s [p11_child[2146]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 667s [p11_child[2146]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 667s [p11_child[2146]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 667s [p11_child[2146]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 667s [p11_child[2146]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 667s [p11_child[2146]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 667s [p11_child[2146]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 667s [p11_child[2146]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 667s [p11_child[2146]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 667s [p11_child[2146]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 667s [p11_child[2146]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 667s [p11_child[2146]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 667s [p11_child[2146]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 667s [p11_child[2146]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 667s [p11_child[2146]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 667s [p11_child[2146]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 667s [p11_child[2146]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 667s [p11_child[2146]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 667s [p11_child[2146]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 667s [p11_child[2146]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 667s [p11_child[2146]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 667s [p11_child[2146]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 667s [p11_child[2146]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 667s [p11_child[2146]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 667s [p11_child[2146]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 667s [p11_child[2146]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 667s [p11_child[2146]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 667s [p11_child[2146]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 667s [p11_child[2146]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 667s [p11_child[2146]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 667s [p11_child[2146]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 667s [p11_child[2146]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 667s [p11_child[2146]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 667s [p11_child[2146]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 667s [p11_child[2146]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 667s [p11_child[2146]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 667s [p11_child[2146]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 667s [p11_child[2146]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 667s [p11_child[2146]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 667s [p11_child[2146]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 667s [p11_child[2146]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 667s [p11_child[2146]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 667s [p11_child[2146]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 667s [p11_child[2146]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 667s [p11_child[2146]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 667s [p11_child[2146]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 667s [p11_child[2146]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 667s [p11_child[2146]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 667s [p11_child[2146]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 667s [p11_child[2146]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 667s [p11_child[2146]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 667s [p11_child[2146]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 667s [p11_child[2146]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 667s [p11_child[2146]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 667s [p11_child[2146]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 667s [p11_child[2146]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 667s [p11_child[2146]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 667s [p11_child[2146]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 667s [p11_child[2146]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 667s [p11_child[2146]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 667s [p11_child[2146]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 667s [p11_child[2146]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 667s [p11_child[2146]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 667s [p11_child[2146]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 667s [p11_child[2146]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 667s [p11_child[2146]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 667s [p11_child[2146]] [do_card] (0x4000): Certificate verified and validated. 667s [p11_child[2146]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 667s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-rsACTo/SSSD-child-24813-auth.output 667s + echo '-----BEGIN CERTIFICATE-----' 667s + tail -n1 /tmp/sssd-softhsm2-rsACTo/SSSD-child-24813-auth.output 667s + echo '-----END CERTIFICATE-----' 667s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-rsACTo/SSSD-child-24813-auth.pem 667s Certificate: 667s Data: 667s Version: 3 (0x2) 667s Serial Number: 4 (0x4) 667s Signature Algorithm: sha256WithRSAEncryption 667s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 667s Validity 667s Not Before: Mar 5 00:32:59 2024 GMT 667s Not After : Mar 5 00:32:59 2025 GMT 667s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 667s Subject Public Key Info: 667s Public Key Algorithm: rsaEncryption 667s Public-Key: (1024 bit) 667s Modulus: 667s 00:b2:e5:97:f3:72:5f:52:96:66:7b:72:41:eb:e3: 667s 5d:00:35:ef:71:f0:0f:6b:b7:ed:44:98:85:54:ef: 667s cd:fa:a3:11:71:48:f9:16:06:59:fc:d8:e3:9d:9f: 667s c4:c9:46:11:8c:8e:85:17:89:be:fe:ee:f2:38:f6: 667s 06:f3:f3:72:63:68:b0:bf:36:35:54:3c:b2:a7:be: 667s 50:63:f0:97:0d:0a:65:65:30:a7:7f:1e:aa:60:cb: 667s 92:16:b7:61:0d:9b:64:6f:9d:a0:8e:53:a5:2d:15: 667s 09:5a:69:a7:76:dd:1a:a9:b7:46:c0:1d:2b:41:d4: 667s 74:d9:db:7c:d3:97:9a:cb:ff 667s Exponent: 65537 (0x10001) 667s X509v3 extensions: 667s X509v3 Authority Key Identifier: 667s 8A:C7:FC:AC:82:67:46:7B:93:36:0A:20:20:0A:A3:19:AA:B1:69:AB 667s X509v3 Basic Constraints: 667s CA:FALSE 667s Netscape Cert Type: 667s SSL Client, S/MIME 667s Netscape Comment: 667s Test Organization Intermediate CA trusted Certificate 667s X509v3 Subject Key Identifier: 667s 68:86:F2:0F:B1:52:B4:97:09:64:D9:49:BB:CC:4E:00:3A:73:9E:A1 667s X509v3 Key Usage: critical 667s Digital Signature, Non Repudiation, Key Encipherment 667s X509v3 Extended Key Usage: 667s TLS Web Client Authentication, E-mail Protection 667s X509v3 Subject Alternative Name: 667s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 667s Signature Algorithm: sha256WithRSAEncryption 667s Signature Value: 667s 46:2c:3b:cc:b5:f4:b1:85:1d:e1:03:51:2a:4c:25:df:2b:bc: 667s 37:97:fc:3e:b9:b6:43:cc:de:1d:dd:16:e3:4c:ee:72:e6:2b: 667s e8:07:02:80:8b:7e:17:df:7f:50:51:ed:5f:de:1f:6c:ce:03: 667s 5d:75:34:8f:5a:c5:09:d1:92:cd:72:38:40:57:d5:5e:4a:6b: 667s f8:4d:4c:84:b9:13:0e:45:4c:02:c9:36:4f:b0:c3:66:8c:0e: 667s c6:63:b9:30:15:0a:da:c4:12:da:51:7f:06:a5:cc:70:04:51: 667s df:de:36:a7:7b:24:b8:c8:f9:19:a3:43:34:bc:b2:69:c9:29: 667s 65:c2 667s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-rsACTo/SSSD-child-24813-auth.pem 667s + found_md5=Modulus=B2E597F3725F5296667B7241EBE35D0035EF71F00F6BB7ED44988554EFCDFAA3117148F9160659FCD8E39D9FC4C946118C8E851789BEFEEEF238F606F3F3726368B0BF3635543CB2A7BE5063F0970D0A656530A77F1EAA60CB9216B7610D9B646F9DA08E53A52D15095A69A776DD1AA9B746C01D2B41D474D9DB7CD3979ACBFF 667s + '[' Modulus=B2E597F3725F5296667B7241EBE35D0035EF71F00F6BB7ED44988554EFCDFAA3117148F9160659FCD8E39D9FC4C946118C8E851789BEFEEEF238F606F3F3726368B0BF3635543CB2A7BE5063F0970D0A656530A77F1EAA60CB9216B7610D9B646F9DA08E53A52D15095A69A776DD1AA9B746C01D2B41D474D9DB7CD3979ACBFF '!=' Modulus=B2E597F3725F5296667B7241EBE35D0035EF71F00F6BB7ED44988554EFCDFAA3117148F9160659FCD8E39D9FC4C946118C8E851789BEFEEEF238F606F3F3726368B0BF3635543CB2A7BE5063F0970D0A656530A77F1EAA60CB9216B7610D9B646F9DA08E53A52D15095A69A776DD1AA9B746C01D2B41D474D9DB7CD3979ACBFF ']' 667s + invalid_certificate /tmp/sssd-softhsm2-rsACTo/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-25038 /tmp/sssd-softhsm2-rsACTo/test-root-CA.pem 667s + check_certificate /tmp/sssd-softhsm2-rsACTo/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-25038 /tmp/sssd-softhsm2-rsACTo/test-root-CA.pem 667s + local certificate=/tmp/sssd-softhsm2-rsACTo/test-intermediate-CA-trusted-certificate-0001.pem 667s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-25038 667s + local key_ring=/tmp/sssd-softhsm2-rsACTo/test-root-CA.pem 667s + local verify_option= 667s + prepare_softhsm2_card /tmp/sssd-softhsm2-rsACTo/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-25038 667s + local certificate=/tmp/sssd-softhsm2-rsACTo/test-intermediate-CA-trusted-certificate-0001.pem 667s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-25038 667s + local key_cn 667s + local key_name 667s + local tokens_dir 667s + local output_cert_file 667s + token_name= 667s ++ basename /tmp/sssd-softhsm2-rsACTo/test-intermediate-CA-trusted-certificate-0001.pem .pem 667s + key_name=test-intermediate-CA-trusted-certificate-0001 667s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-rsACTo/test-intermediate-CA-trusted-certificate-0001.pem 667s ++ sed -n 's/ *commonName *= //p' 667s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 667s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 667s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-rsACTo/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 667s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-rsACTo/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 667s Test Organization Interme Token 667s ++ basename /tmp/sssd-softhsm2-rsACTo/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 667s + tokens_dir=/tmp/sssd-softhsm2-rsACTo/softhsm2-test-intermediate-CA-trusted-certificate-0001 667s + token_name='Test Organization Interme Token' 667s + '[' '!' -e /tmp/sssd-softhsm2-rsACTo/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 667s + '[' '!' -d /tmp/sssd-softhsm2-rsACTo/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 667s + echo 'Test Organization Interme Token' 667s + '[' -n '' ']' 667s + local output_base_name=SSSD-child-6861 667s + local output_file=/tmp/sssd-softhsm2-rsACTo/SSSD-child-6861.output 667s + output_cert_file=/tmp/sssd-softhsm2-rsACTo/SSSD-child-6861.pem 667s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-rsACTo/test-root-CA.pem 668s [p11_child[2156]] [main] (0x0400): p11_child started. 668s [p11_child[2156]] [main] (0x2000): Running in [pre-auth] mode. 668s [p11_child[2156]] [main] (0x2000): Running with effective IDs: [0][0]. 668s [p11_child[2156]] [main] (0x2000): Running with real IDs [0][0]. 668s [p11_child[2156]] [do_card] (0x4000): Module List: 668s [p11_child[2156]] [do_card] (0x4000): common name: [softhsm2]. 668s [p11_child[2156]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 668s [p11_child[2156]] [do_card] (0x4000): Description [SoftHSM slot ID 0x6f2003d2] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 668s [p11_child[2156]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 668s [p11_child[2156]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x6f2003d2][1864369106] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 668s [p11_child[2156]] [do_card] (0x4000): Login NOT required. 668s [p11_child[2156]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 668s [p11_child[2156]] [do_verification] (0x0040): X509_verify_cert failed [0]. 668s [p11_child[2156]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 668s [p11_child[2156]] [read_certs] (0x0040): Certificate [Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] not valid, skipping. 668s [p11_child[2156]] [do_card] (0x4000): No certificate found. 668s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-rsACTo/SSSD-child-6861.output 668s + return 2 668s + invalid_certificate /tmp/sssd-softhsm2-rsACTo/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-25038 /tmp/sssd-softhsm2-rsACTo/test-root-CA.pem partial_chain 668s + check_certificate /tmp/sssd-softhsm2-rsACTo/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-25038 /tmp/sssd-softhsm2-rsACTo/test-root-CA.pem partial_chain 668s + local certificate=/tmp/sssd-softhsm2-rsACTo/test-intermediate-CA-trusted-certificate-0001.pem 668s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-25038 668s + local key_ring=/tmp/sssd-softhsm2-rsACTo/test-root-CA.pem 668s + local verify_option=partial_chain 668s + prepare_softhsm2_card /tmp/sssd-softhsm2-rsACTo/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-25038 668s + local certificate=/tmp/sssd-softhsm2-rsACTo/test-intermediate-CA-trusted-certificate-0001.pem 668s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-25038 668s + local key_cn 668s + local key_name 668s + local tokens_dir 668s + local output_cert_file 668s + token_name= 668s ++ basename /tmp/sssd-softhsm2-rsACTo/test-intermediate-CA-trusted-certificate-0001.pem .pem 668s + key_name=test-intermediate-CA-trusted-certificate-0001 668s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-rsACTo/test-intermediate-CA-trusted-certificate-0001.pem 668s ++ sed -n 's/ *commonName *= //p' 668s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 668s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 668s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-rsACTo/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 668s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-rsACTo/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 668s ++ basename /tmp/sssd-softhsm2-rsACTo/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 668s + tokens_dir=/tmp/sssd-softhsm2-rsACTo/softhsm2-test-intermediate-CA-trusted-certificate-0001 668s + token_name='Test Organization Interme Token' 668s + '[' '!' -e /tmp/sssd-softhsm2-rsACTo/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 668s + '[' '!' -d /tmp/sssd-softhsm2-rsACTo/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 668s + echo 'Test Organization Interme Token' 668s + '[' -n partial_chain ']' 668s + local verify_arg=--verify=partial_chain 668s + local output_base_name=SSSD-child-15088 668s + local output_file=/tmp/sssd-softhsm2-rsACTo/SSSD-child-15088.output 668s + output_cert_file=/tmp/sssd-softhsm2-rsACTo/SSSD-child-15088.pem 668s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-rsACTo/test-root-CA.pem 668s Test Organization Interme Token 668s [p11_child[2163]] [main] (0x0400): p11_child started. 668s [p11_child[2163]] [main] (0x2000): Running in [pre-auth] mode. 668s [p11_child[2163]] [main] (0x2000): Running with effective IDs: [0][0]. 668s [p11_child[2163]] [main] (0x2000): Running with real IDs [0][0]. 668s [p11_child[2163]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 668s [p11_child[2163]] [do_card] (0x4000): Module List: 668s [p11_child[2163]] [do_card] (0x4000): common name: [softhsm2]. 668s [p11_child[2163]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 668s [p11_child[2163]] [do_card] (0x4000): Description [SoftHSM slot ID 0x6f2003d2] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 668s [p11_child[2163]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 668s [p11_child[2163]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x6f2003d2][1864369106] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 668s [p11_child[2163]] [do_card] (0x4000): Login NOT required. 668s [p11_child[2163]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 668s [p11_child[2163]] [do_verification] (0x0040): X509_verify_cert failed [0]. 668s [p11_child[2163]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 668s [p11_child[2163]] [read_certs] (0x0040): Certificate [Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] not valid, skipping. 668s [p11_child[2163]] [do_card] (0x4000): No certificate found. 668s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-rsACTo/SSSD-child-15088.output 668s + return 2 668s + valid_certificate /tmp/sssd-softhsm2-rsACTo/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-25038 /tmp/sssd-softhsm2-rsACTo/test-full-chain-CA.pem 668s + check_certificate /tmp/sssd-softhsm2-rsACTo/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-25038 /tmp/sssd-softhsm2-rsACTo/test-full-chain-CA.pem 668s + local certificate=/tmp/sssd-softhsm2-rsACTo/test-intermediate-CA-trusted-certificate-0001.pem 668s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-25038 668s + local key_ring=/tmp/sssd-softhsm2-rsACTo/test-full-chain-CA.pem 668s + local verify_option= 668s + prepare_softhsm2_card /tmp/sssd-softhsm2-rsACTo/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-25038 668s + local certificate=/tmp/sssd-softhsm2-rsACTo/test-intermediate-CA-trusted-certificate-0001.pem 668s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-25038 668s + local key_cn 668s + local key_name 668s + local tokens_dir 668s + local output_cert_file 668s + token_name= 668s ++ basename /tmp/sssd-softhsm2-rsACTo/test-intermediate-CA-trusted-certificate-0001.pem .pem 668s + key_name=test-intermediate-CA-trusted-certificate-0001 668s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-rsACTo/test-intermediate-CA-trusted-certificate-0001.pem 668s ++ sed -n 's/ *commonName *= //p' 668s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 668s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 668s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-rsACTo/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 668s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-rsACTo/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 668s ++ basename /tmp/sssd-softhsm2-rsACTo/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 668s + tokens_dir=/tmp/sssd-softhsm2-rsACTo/softhsm2-test-intermediate-CA-trusted-certificate-0001 668s + token_name='Test Organization Interme Token' 668s + '[' '!' -e /tmp/sssd-softhsm2-rsACTo/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 668s + '[' '!' -d /tmp/sssd-softhsm2-rsACTo/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 668s + echo 'Test Organization Interme Token' 668s + '[' -n '' ']' 668s + local output_base_name=SSSD-child-28135 668s + local output_file=/tmp/sssd-softhsm2-rsACTo/SSSD-child-28135.output 668s + output_cert_file=/tmp/sssd-softhsm2-rsACTo/SSSD-child-28135.pem 668s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-rsACTo/test-full-chain-CA.pem 668s [p11_child[2170]] [main] (0x0400): p11_child started. 668s [p11_child[2170]] [main] (0x2000): Running in [pre-auth] mode. 668s [p11_child[2170]] [main] (0x2000): Running with effective IDs: [0][0]. 668s [p11_child[2170]] [main] (0x2000): Running with real IDs [0][0]. 668s Test Organization Interme Token 668s [p11_child[2170]] [do_card] (0x4000): Module List: 668s [p11_child[2170]] [do_card] (0x4000): common name: [softhsm2]. 668s [p11_child[2170]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 668s [p11_child[2170]] [do_card] (0x4000): Description [SoftHSM slot ID 0x6f2003d2] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 668s [p11_child[2170]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 668s [p11_child[2170]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x6f2003d2][1864369106] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 668s [p11_child[2170]] [do_card] (0x4000): Login NOT required. 668s [p11_child[2170]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 668s [p11_child[2170]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 668s [p11_child[2170]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Interme Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 668s [p11_child[2170]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x6f2003d2;slot-manufacturer=SoftHSM%20project;slot-id=1864369106;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=defa04e76f2003d2;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 668s [p11_child[2170]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 668s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-rsACTo/SSSD-child-28135.output 668s + echo '-----BEGIN CERTIFICATE-----' 668s + tail -n1 /tmp/sssd-softhsm2-rsACTo/SSSD-child-28135.output 668s + echo '-----END CERTIFICATE-----' 668s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-rsACTo/SSSD-child-28135.pem 668s + local found_md5 expected_md5 668s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-rsACTo/test-intermediate-CA-trusted-certificate-0001.pem 668s Certificate: 668s Data: 668s Version: 3 (0x2) 668s Serial Number: 4 (0x4) 668s Signature Algorithm: sha256WithRSAEncryption 668s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 668s Validity 668s Not Before: Mar 5 00:32:59 2024 GMT 668s Not After : Mar 5 00:32:59 2025 GMT 668s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 668s Subject Public Key Info: 668s Public Key Algorithm: rsaEncryption 668s Public-Key: (1024 bit) 668s Modulus: 668s 00:b2:e5:97:f3:72:5f:52:96:66:7b:72:41:eb:e3: 668s 5d:00:35:ef:71:f0:0f:6b:b7:ed:44:98:85:54:ef: 668s cd:fa:a3:11:71:48:f9:16:06:59:fc:d8:e3:9d:9f: 668s c4:c9:46:11:8c:8e:85:17:89:be:fe:ee:f2:38:f6: 668s 06:f3:f3:72:63:68:b0:bf:36:35:54:3c:b2:a7:be: 668s 50:63:f0:97:0d:0a:65:65:30:a7:7f:1e:aa:60:cb: 668s 92:16:b7:61:0d:9b:64:6f:9d:a0:8e:53:a5:2d:15: 668s 09:5a:69:a7:76:dd:1a:a9:b7:46:c0:1d:2b:41:d4: 668s 74:d9:db:7c:d3:97:9a:cb:ff 668s Exponent: 65537 (0x10001) 668s X509v3 extensions: 668s X509v3 Authority Key Identifier: 668s 8A:C7:FC:AC:82:67:46:7B:93:36:0A:20:20:0A:A3:19:AA:B1:69:AB 668s X509v3 Basic Constraints: 668s CA:FALSE 668s Netscape Cert Type: 668s SSL Client, S/MIME 668s Netscape Comment: 668s Test Organization Intermediate CA trusted Certificate 668s X509v3 Subject Key Identifier: 668s 68:86:F2:0F:B1:52:B4:97:09:64:D9:49:BB:CC:4E:00:3A:73:9E:A1 668s X509v3 Key Usage: critical 668s Digital Signature, Non Repudiation, Key Encipherment 668s X509v3 Extended Key Usage: 668s TLS Web Client Authentication, E-mail Protection 668s X509v3 Subject Alternative Name: 668s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 668s Signature Algorithm: sha256WithRSAEncryption 668s Signature Value: 668s 46:2c:3b:cc:b5:f4:b1:85:1d:e1:03:51:2a:4c:25:df:2b:bc: 668s 37:97:fc:3e:b9:b6:43:cc:de:1d:dd:16:e3:4c:ee:72:e6:2b: 668s e8:07:02:80:8b:7e:17:df:7f:50:51:ed:5f:de:1f:6c:ce:03: 668s 5d:75:34:8f:5a:c5:09:d1:92:cd:72:38:40:57:d5:5e:4a:6b: 668s f8:4d:4c:84:b9:13:0e:45:4c:02:c9:36:4f:b0:c3:66:8c:0e: 668s c6:63:b9:30:15:0a:da:c4:12:da:51:7f:06:a5:cc:70:04:51: 668s df:de:36:a7:7b:24:b8:c8:f9:19:a3:43:34:bc:b2:69:c9:29: 668s 65:c2 668s + expected_md5=Modulus=B2E597F3725F5296667B7241EBE35D0035EF71F00F6BB7ED44988554EFCDFAA3117148F9160659FCD8E39D9FC4C946118C8E851789BEFEEEF238F606F3F3726368B0BF3635543CB2A7BE5063F0970D0A656530A77F1EAA60CB9216B7610D9B646F9DA08E53A52D15095A69A776DD1AA9B746C01D2B41D474D9DB7CD3979ACBFF 668s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-rsACTo/SSSD-child-28135.pem 668s + found_md5=Modulus=B2E597F3725F5296667B7241EBE35D0035EF71F00F6BB7ED44988554EFCDFAA3117148F9160659FCD8E39D9FC4C946118C8E851789BEFEEEF238F606F3F3726368B0BF3635543CB2A7BE5063F0970D0A656530A77F1EAA60CB9216B7610D9B646F9DA08E53A52D15095A69A776DD1AA9B746C01D2B41D474D9DB7CD3979ACBFF 668s + '[' Modulus=B2E597F3725F5296667B7241EBE35D0035EF71F00F6BB7ED44988554EFCDFAA3117148F9160659FCD8E39D9FC4C946118C8E851789BEFEEEF238F606F3F3726368B0BF3635543CB2A7BE5063F0970D0A656530A77F1EAA60CB9216B7610D9B646F9DA08E53A52D15095A69A776DD1AA9B746C01D2B41D474D9DB7CD3979ACBFF '!=' Modulus=B2E597F3725F5296667B7241EBE35D0035EF71F00F6BB7ED44988554EFCDFAA3117148F9160659FCD8E39D9FC4C946118C8E851789BEFEEEF238F606F3F3726368B0BF3635543CB2A7BE5063F0970D0A656530A77F1EAA60CB9216B7610D9B646F9DA08E53A52D15095A69A776DD1AA9B746C01D2B41D474D9DB7CD3979ACBFF ']' 668s + output_file=/tmp/sssd-softhsm2-rsACTo/SSSD-child-28135-auth.output 668s ++ basename /tmp/sssd-softhsm2-rsACTo/SSSD-child-28135-auth.output .output 668s + output_cert_file=/tmp/sssd-softhsm2-rsACTo/SSSD-child-28135-auth.pem 668s + echo -n 053350 668s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-rsACTo/test-full-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 '' --token_name 'Test Organization Interme Token' --module_name /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so 668s [p11_child[2178]] [main] (0x0400): p11_child started. 668s [p11_child[2178]] [main] (0x2000): Running in [auth] mode. 668s [p11_child[2178]] [main] (0x2000): Running with effective IDs: [0][0]. 668s [p11_child[2178]] [main] (0x2000): Running with real IDs [0][0]. 668s [p11_child[2178]] [do_card] (0x4000): Module List: 668s [p11_child[2178]] [do_card] (0x4000): common name: [softhsm2]. 668s [p11_child[2178]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 668s [p11_child[2178]] [do_card] (0x4000): Description [SoftHSM slot ID 0x6f2003d2] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 668s [p11_child[2178]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 668s [p11_child[2178]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x6f2003d2][1864369106] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 668s [p11_child[2178]] [do_card] (0x4000): Login required. 668s [p11_child[2178]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 668s [p11_child[2178]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 668s [p11_child[2178]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so Test Organization Interme Token Test Organization Interme Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 668s [p11_child[2178]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x6f2003d2;slot-manufacturer=SoftHSM%20project;slot-id=1864369106;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=defa04e76f2003d2;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 668s [p11_child[2178]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 668s [p11_child[2178]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 668s [p11_child[2178]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 668s [p11_child[2178]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 668s [p11_child[2178]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 668s [p11_child[2178]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 668s [p11_child[2178]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 668s [p11_child[2178]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 668s [p11_child[2178]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 668s [p11_child[2178]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 668s [p11_child[2178]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 668s [p11_child[2178]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 668s [p11_child[2178]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 668s [p11_child[2178]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 668s [p11_child[2178]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 668s [p11_child[2178]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 668s [p11_child[2178]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 668s [p11_child[2178]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 668s [p11_child[2178]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 668s [p11_child[2178]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 668s [p11_child[2178]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 668s [p11_child[2178]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 668s [p11_child[2178]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 668s [p11_child[2178]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 668s [p11_child[2178]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 668s [p11_child[2178]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 668s [p11_child[2178]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 668s [p11_child[2178]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 668s [p11_child[2178]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 668s [p11_child[2178]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 668s [p11_child[2178]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 668s [p11_child[2178]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 668s [p11_child[2178]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 668s [p11_child[2178]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 668s [p11_child[2178]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 668s [p11_child[2178]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 668s [p11_child[2178]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 668s [p11_child[2178]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 668s [p11_child[2178]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 668s [p11_child[2178]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 668s [p11_child[2178]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 668s [p11_child[2178]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 668s [p11_child[2178]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 668s [p11_child[2178]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 668s [p11_child[2178]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 668s [p11_child[2178]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 668s [p11_child[2178]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 668s [p11_child[2178]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 668s [p11_child[2178]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 668s [p11_child[2178]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 668s [p11_child[2178]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 668s [p11_child[2178]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 668s [p11_child[2178]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 668s [p11_child[2178]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 668s [p11_child[2178]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 668s [p11_child[2178]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 668s [p11_child[2178]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 668s [p11_child[2178]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 668s [p11_child[2178]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 668s [p11_child[2178]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 668s [p11_child[2178]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 668s [p11_child[2178]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 668s [p11_child[2178]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 668s [p11_child[2178]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 668s [p11_child[2178]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 668s [p11_child[2178]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 668s [p11_child[2178]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 668s [p11_child[2178]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 668s [p11_child[2178]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 668s [p11_child[2178]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 668s [p11_child[2178]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 668s [p11_child[2178]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 668s [p11_child[2178]] [do_card] (0x4000): Certificate verified and validated. 668s [p11_child[2178]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 668s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-rsACTo/SSSD-child-28135-auth.output 668s + echo '-----BEGIN CERTIFICATE-----' 668s + tail -n1 /tmp/sssd-softhsm2-rsACTo/SSSD-child-28135-auth.output 668s + echo '-----END CERTIFICATE-----' 668s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-rsACTo/SSSD-child-28135-auth.pem 668s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-rsACTo/SSSD-child-28135-auth.pem 668s Certificate: 668s Data: 668s Version: 3 (0x2) 668s Serial Number: 4 (0x4) 668s Signature Algorithm: sha256WithRSAEncryption 668s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 668s Validity 668s Not Before: Mar 5 00:32:59 2024 GMT 668s Not After : Mar 5 00:32:59 2025 GMT 668s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 668s Subject Public Key Info: 668s Public Key Algorithm: rsaEncryption 668s Public-Key: (1024 bit) 668s Modulus: 668s 00:b2:e5:97:f3:72:5f:52:96:66:7b:72:41:eb:e3: 668s 5d:00:35:ef:71:f0:0f:6b:b7:ed:44:98:85:54:ef: 668s cd:fa:a3:11:71:48:f9:16:06:59:fc:d8:e3:9d:9f: 668s c4:c9:46:11:8c:8e:85:17:89:be:fe:ee:f2:38:f6: 668s 06:f3:f3:72:63:68:b0:bf:36:35:54:3c:b2:a7:be: 668s 50:63:f0:97:0d:0a:65:65:30:a7:7f:1e:aa:60:cb: 668s 92:16:b7:61:0d:9b:64:6f:9d:a0:8e:53:a5:2d:15: 668s 09:5a:69:a7:76:dd:1a:a9:b7:46:c0:1d:2b:41:d4: 668s 74:d9:db:7c:d3:97:9a:cb:ff 668s Exponent: 65537 (0x10001) 668s X509v3 extensions: 668s X509v3 Authority Key Identifier: 668s 8A:C7:FC:AC:82:67:46:7B:93:36:0A:20:20:0A:A3:19:AA:B1:69:AB 668s X509v3 Basic Constraints: 668s CA:FALSE 668s Netscape Cert Type: 668s SSL Client, S/MIME 668s Netscape Comment: 668s Test Organization Intermediate CA trusted Certificate 668s X509v3 Subject Key Identifier: 668s 68:86:F2:0F:B1:52:B4:97:09:64:D9:49:BB:CC:4E:00:3A:73:9E:A1 668s X509v3 Key Usage: critical 668s Digital Signature, Non Repudiation, Key Encipherment 668s X509v3 Extended Key Usage: 668s TLS Web Client Authentication, E-mail Protection 668s X509v3 Subject Alternative Name: 668s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 668s Signature Algorithm: sha256WithRSAEncryption 668s Signature Value: 668s 46:2c:3b:cc:b5:f4:b1:85:1d:e1:03:51:2a:4c:25:df:2b:bc: 668s 37:97:fc:3e:b9:b6:43:cc:de:1d:dd:16:e3:4c:ee:72:e6:2b: 668s e8:07:02:80:8b:7e:17:df:7f:50:51:ed:5f:de:1f:6c:ce:03: 668s 5d:75:34:8f:5a:c5:09:d1:92:cd:72:38:40:57:d5:5e:4a:6b: 668s f8:4d:4c:84:b9:13:0e:45:4c:02:c9:36:4f:b0:c3:66:8c:0e: 668s c6:63:b9:30:15:0a:da:c4:12:da:51:7f:06:a5:cc:70:04:51: 668s df:de:36:a7:7b:24:b8:c8:f9:19:a3:43:34:bc:b2:69:c9:29: 668s 65:c2 668s + found_md5=Modulus=B2E597F3725F5296667B7241EBE35D0035EF71F00F6BB7ED44988554EFCDFAA3117148F9160659FCD8E39D9FC4C946118C8E851789BEFEEEF238F606F3F3726368B0BF3635543CB2A7BE5063F0970D0A656530A77F1EAA60CB9216B7610D9B646F9DA08E53A52D15095A69A776DD1AA9B746C01D2B41D474D9DB7CD3979ACBFF 668s + '[' Modulus=B2E597F3725F5296667B7241EBE35D0035EF71F00F6BB7ED44988554EFCDFAA3117148F9160659FCD8E39D9FC4C946118C8E851789BEFEEEF238F606F3F3726368B0BF3635543CB2A7BE5063F0970D0A656530A77F1EAA60CB9216B7610D9B646F9DA08E53A52D15095A69A776DD1AA9B746C01D2B41D474D9DB7CD3979ACBFF '!=' Modulus=B2E597F3725F5296667B7241EBE35D0035EF71F00F6BB7ED44988554EFCDFAA3117148F9160659FCD8E39D9FC4C946118C8E851789BEFEEEF238F606F3F3726368B0BF3635543CB2A7BE5063F0970D0A656530A77F1EAA60CB9216B7610D9B646F9DA08E53A52D15095A69A776DD1AA9B746C01D2B41D474D9DB7CD3979ACBFF ']' 668s + valid_certificate /tmp/sssd-softhsm2-rsACTo/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-25038 /tmp/sssd-softhsm2-rsACTo/test-full-chain-CA.pem partial_chain 668s + check_certificate /tmp/sssd-softhsm2-rsACTo/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-25038 /tmp/sssd-softhsm2-rsACTo/test-full-chain-CA.pem partial_chain 668s + local certificate=/tmp/sssd-softhsm2-rsACTo/test-intermediate-CA-trusted-certificate-0001.pem 668s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-25038 668s + local key_ring=/tmp/sssd-softhsm2-rsACTo/test-full-chain-CA.pem 668s + local verify_option=partial_chain 668s + prepare_softhsm2_card /tmp/sssd-softhsm2-rsACTo/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-25038 668s + local certificate=/tmp/sssd-softhsm2-rsACTo/test-intermediate-CA-trusted-certificate-0001.pem 668s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-25038 668s + local key_cn 668s + local key_name 668s + local tokens_dir 668s + local output_cert_file 668s + token_name= 668s Test Organization Interme Token 668s ++ basename /tmp/sssd-softhsm2-rsACTo/test-intermediate-CA-trusted-certificate-0001.pem .pem 668s + key_name=test-intermediate-CA-trusted-certificate-0001 668s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-rsACTo/test-intermediate-CA-trusted-certificate-0001.pem 668s ++ sed -n 's/ *commonName *= //p' 668s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 668s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 668s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-rsACTo/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 668s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-rsACTo/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 668s ++ basename /tmp/sssd-softhsm2-rsACTo/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 668s + tokens_dir=/tmp/sssd-softhsm2-rsACTo/softhsm2-test-intermediate-CA-trusted-certificate-0001 668s + token_name='Test Organization Interme Token' 668s + '[' '!' -e /tmp/sssd-softhsm2-rsACTo/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 668s + '[' '!' -d /tmp/sssd-softhsm2-rsACTo/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 668s + echo 'Test Organization Interme Token' 668s + '[' -n partial_chain ']' 668s + local verify_arg=--verify=partial_chain 668s + local output_base_name=SSSD-child-5154 668s + local output_file=/tmp/sssd-softhsm2-rsACTo/SSSD-child-5154.output 668s + output_cert_file=/tmp/sssd-softhsm2-rsACTo/SSSD-child-5154.pem 668s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-rsACTo/test-full-chain-CA.pem 668s [p11_child[2188]] [main] (0x0400): p11_child started. 668s [p11_child[2188]] [main] (0x2000): Running in [pre-auth] mode. 668s [p11_child[2188]] [main] (0x2000): Running with effective IDs: [0][0]. 668s [p11_child[2188]] [main] (0x2000): Running with real IDs [0][0]. 668s [p11_child[2188]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 668s [p11_child[2188]] [do_card] (0x4000): Module List: 668s [p11_child[2188]] [do_card] (0x4000): common name: [softhsm2]. 668s [p11_child[2188]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 668s [p11_child[2188]] [do_card] (0x4000): Description [SoftHSM slot ID 0x6f2003d2] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 668s [p11_child[2188]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 668s [p11_child[2188]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x6f2003d2][1864369106] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 668s [p11_child[2188]] [do_card] (0x4000): Login NOT required. 668s [p11_child[2188]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 668s [p11_child[2188]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 668s [p11_child[2188]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Interme Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 668s [p11_child[2188]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x6f2003d2;slot-manufacturer=SoftHSM%20project;slot-id=1864369106;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=defa04e76f2003d2;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 668s [p11_child[2188]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 668s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-rsACTo/SSSD-child-5154.output 668s + echo '-----BEGIN CERTIFICATE-----' 668s + tail -n1 /tmp/sssd-softhsm2-rsACTo/SSSD-child-5154.output 668s + echo '-----END CERTIFICATE-----' 668s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-rsACTo/SSSD-child-5154.pem 668s Certificate: 668s Data: 668s Version: 3 (0x2) 668s Serial Number: 4 (0x4) 668s Signature Algorithm: sha256WithRSAEncryption 668s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 668s Validity 668s Not Before: Mar 5 00:32:59 2024 GMT 668s Not After : Mar 5 00:32:59 2025 GMT 668s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 668s Subject Public Key Info: 668s Public Key Algorithm: rsaEncryption 668s Public-Key: (1024 bit) 668s Modulus: 668s 00:b2:e5:97:f3:72:5f:52:96:66:7b:72:41:eb:e3: 668s 5d:00:35:ef:71:f0:0f:6b:b7:ed:44:98:85:54:ef: 668s cd:fa:a3:11:71:48:f9:16:06:59:fc:d8:e3:9d:9f: 668s c4:c9:46:11:8c:8e:85:17:89:be:fe:ee:f2:38:f6: 668s 06:f3:f3:72:63:68:b0:bf:36:35:54:3c:b2:a7:be: 668s 50:63:f0:97:0d:0a:65:65:30:a7:7f:1e:aa:60:cb: 668s 92:16:b7:61:0d:9b:64:6f:9d:a0:8e:53:a5:2d:15: 668s 09:5a:69:a7:76:dd:1a:a9:b7:46:c0:1d:2b:41:d4: 668s 74:d9:db:7c:d3:97:9a:cb:ff 668s Exponent: 65537 (0x10001) 668s X509v3 extensions: 668s X509v3 Authority Key Identifier: 668s 8A:C7:FC:AC:82:67:46:7B:93:36:0A:20:20:0A:A3:19:AA:B1:69:AB 668s X509v3 Basic Constraints: 668s CA:FALSE 668s Netscape Cert Type: 668s SSL Client, S/MIME 668s Netscape Comment: 668s Test Organization Intermediate CA trusted Certificate 668s X509v3 Subject Key Identifier: 668s 68:86:F2:0F:B1:52:B4:97:09:64:D9:49:BB:CC:4E:00:3A:73:9E:A1 668s X509v3 Key Usage: critical 668s Digital Signature, Non Repudiation, Key Encipherment 668s X509v3 Extended Key Usage: 668s TLS Web Client Authentication, E-mail Protection 668s X509v3 Subject Alternative Name: 668s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 668s Signature Algorithm: sha256WithRSAEncryption 668s Signature Value: 668s 46:2c:3b:cc:b5:f4:b1:85:1d:e1:03:51:2a:4c:25:df:2b:bc: 668s 37:97:fc:3e:b9:b6:43:cc:de:1d:dd:16:e3:4c:ee:72:e6:2b: 668s e8:07:02:80:8b:7e:17:df:7f:50:51:ed:5f:de:1f:6c:ce:03: 668s 5d:75:34:8f:5a:c5:09:d1:92:cd:72:38:40:57:d5:5e:4a:6b: 668s f8:4d:4c:84:b9:13:0e:45:4c:02:c9:36:4f:b0:c3:66:8c:0e: 668s c6:63:b9:30:15:0a:da:c4:12:da:51:7f:06:a5:cc:70:04:51: 668s df:de:36:a7:7b:24:b8:c8:f9:19:a3:43:34:bc:b2:69:c9:29: 668s 65:c2 668s + local found_md5 expected_md5 668s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-rsACTo/test-intermediate-CA-trusted-certificate-0001.pem 668s + expected_md5=Modulus=B2E597F3725F5296667B7241EBE35D0035EF71F00F6BB7ED44988554EFCDFAA3117148F9160659FCD8E39D9FC4C946118C8E851789BEFEEEF238F606F3F3726368B0BF3635543CB2A7BE5063F0970D0A656530A77F1EAA60CB9216B7610D9B646F9DA08E53A52D15095A69A776DD1AA9B746C01D2B41D474D9DB7CD3979ACBFF 668s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-rsACTo/SSSD-child-5154.pem 668s + found_md5=Modulus=B2E597F3725F5296667B7241EBE35D0035EF71F00F6BB7ED44988554EFCDFAA3117148F9160659FCD8E39D9FC4C946118C8E851789BEFEEEF238F606F3F3726368B0BF3635543CB2A7BE5063F0970D0A656530A77F1EAA60CB9216B7610D9B646F9DA08E53A52D15095A69A776DD1AA9B746C01D2B41D474D9DB7CD3979ACBFF 668s + '[' Modulus=B2E597F3725F5296667B7241EBE35D0035EF71F00F6BB7ED44988554EFCDFAA3117148F9160659FCD8E39D9FC4C946118C8E851789BEFEEEF238F606F3F3726368B0BF3635543CB2A7BE5063F0970D0A656530A77F1EAA60CB9216B7610D9B646F9DA08E53A52D15095A69A776DD1AA9B746C01D2B41D474D9DB7CD3979ACBFF '!=' Modulus=B2E597F3725F5296667B7241EBE35D0035EF71F00F6BB7ED44988554EFCDFAA3117148F9160659FCD8E39D9FC4C946118C8E851789BEFEEEF238F606F3F3726368B0BF3635543CB2A7BE5063F0970D0A656530A77F1EAA60CB9216B7610D9B646F9DA08E53A52D15095A69A776DD1AA9B746C01D2B41D474D9DB7CD3979ACBFF ']' 668s + output_file=/tmp/sssd-softhsm2-rsACTo/SSSD-child-5154-auth.output 668s ++ basename /tmp/sssd-softhsm2-rsACTo/SSSD-child-5154-auth.output .output 668s + output_cert_file=/tmp/sssd-softhsm2-rsACTo/SSSD-child-5154-auth.pem 668s + echo -n 053350 668s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-rsACTo/test-full-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Interme Token' --module_name /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so 668s [p11_child[2196]] [main] (0x0400): p11_child started. 668s [p11_child[2196]] [main] (0x2000): Running in [auth] mode. 668s [p11_child[2196]] [main] (0x2000): Running with effective IDs: [0][0]. 668s [p11_child[2196]] [main] (0x2000): Running with real IDs [0][0]. 668s [p11_child[2196]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 668s [p11_child[2196]] [do_card] (0x4000): Module List: 668s [p11_child[2196]] [do_card] (0x4000): common name: [softhsm2]. 668s [p11_child[2196]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 668s [p11_child[2196]] [do_card] (0x4000): Description [SoftHSM slot ID 0x6f2003d2] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 668s [p11_child[2196]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 668s [p11_child[2196]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x6f2003d2][1864369106] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 668s [p11_child[2196]] [do_card] (0x4000): Login required. 668s [p11_child[2196]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 668s [p11_child[2196]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 668s [p11_child[2196]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so Test Organization Interme Token Test Organization Interme Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 668s [p11_child[2196]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x6f2003d2;slot-manufacturer=SoftHSM%20project;slot-id=1864369106;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=defa04e76f2003d2;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 668s [p11_child[2196]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 668s [p11_child[2196]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 668s [p11_child[2196]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 668s [p11_child[2196]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 668s [p11_child[2196]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 668s [p11_child[2196]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 668s [p11_child[2196]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 668s [p11_child[2196]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 668s [p11_child[2196]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 668s [p11_child[2196]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 668s [p11_child[2196]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 668s [p11_child[2196]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 668s [p11_child[2196]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 668s [p11_child[2196]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 668s [p11_child[2196]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 668s [p11_child[2196]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 668s [p11_child[2196]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 668s [p11_child[2196]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 668s [p11_child[2196]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 668s [p11_child[2196]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 668s [p11_child[2196]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 668s [p11_child[2196]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 668s [p11_child[2196]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 668s [p11_child[2196]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 668s [p11_child[2196]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 668s [p11_child[2196]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 668s [p11_child[2196]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 668s [p11_child[2196]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 668s [p11_child[2196]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 668s [p11_child[2196]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 668s [p11_child[2196]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 668s [p11_child[2196]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 668s [p11_child[2196]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 668s [p11_child[2196]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 668s [p11_child[2196]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 668s [p11_child[2196]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 668s [p11_child[2196]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 668s [p11_child[2196]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 668s [p11_child[2196]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 668s [p11_child[2196]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 668s [p11_child[2196]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 668s [p11_child[2196]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 668s [p11_child[2196]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 668s [p11_child[2196]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 668s [p11_child[2196]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 668s [p11_child[2196]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 668s [p11_child[2196]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 668s [p11_child[2196]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 668s [p11_child[2196]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 668s [p11_child[2196]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 668s [p11_child[2196]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 668s [p11_child[2196]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 668s [p11_child[2196]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 668s [p11_child[2196]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 668s [p11_child[2196]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 668s [p11_child[2196]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 668s [p11_child[2196]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 668s [p11_child[2196]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 668s [p11_child[2196]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 668s [p11_child[2196]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 668s [p11_child[2196]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 668s [p11_child[2196]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 668s [p11_child[2196]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 668s [p11_child[2196]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 668s [p11_child[2196]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 668s [p11_child[2196]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 668s [p11_child[2196]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 668s [p11_child[2196]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 668s [p11_child[2196]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 668s [p11_child[2196]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 668s [p11_child[2196]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 668s [p11_child[2196]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 668s [p11_child[2196]] [do_card] (0x4000): Certificate verified and validated. 668s [p11_child[2196]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 668s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-rsACTo/SSSD-child-5154-auth.output 668s + echo '-----BEGIN CERTIFICATE-----' 668s + tail -n1 /tmp/sssd-softhsm2-rsACTo/SSSD-child-5154-auth.output 668s + echo '-----END CERTIFICATE-----' 668s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-rsACTo/SSSD-child-5154-auth.pem 668s Certificate: 668s Data: 668s Version: 3 (0x2) 668s Serial Number: 4 (0x4) 668s Signature Algorithm: sha256WithRSAEncryption 668s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 668s Validity 668s Not Before: Mar 5 00:32:59 2024 GMT 668s Not After : Mar 5 00:32:59 2025 GMT 668s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 668s Subject Public Key Info: 668s Public Key Algorithm: rsaEncryption 668s Public-Key: (1024 bit) 668s Modulus: 668s 00:b2:e5:97:f3:72:5f:52:96:66:7b:72:41:eb:e3: 668s 5d:00:35:ef:71:f0:0f:6b:b7:ed:44:98:85:54:ef: 668s cd:fa:a3:11:71:48:f9:16:06:59:fc:d8:e3:9d:9f: 668s c4:c9:46:11:8c:8e:85:17:89:be:fe:ee:f2:38:f6: 668s 06:f3:f3:72:63:68:b0:bf:36:35:54:3c:b2:a7:be: 668s 50:63:f0:97:0d:0a:65:65:30:a7:7f:1e:aa:60:cb: 668s 92:16:b7:61:0d:9b:64:6f:9d:a0:8e:53:a5:2d:15: 668s 09:5a:69:a7:76:dd:1a:a9:b7:46:c0:1d:2b:41:d4: 668s 74:d9:db:7c:d3:97:9a:cb:ff 668s Exponent: 65537 (0x10001) 668s X509v3 extensions: 668s X509v3 Authority Key Identifier: 668s 8A:C7:FC:AC:82:67:46:7B:93:36:0A:20:20:0A:A3:19:AA:B1:69:AB 668s X509v3 Basic Constraints: 668s CA:FALSE 668s Netscape Cert Type: 668s SSL Client, S/MIME 668s Netscape Comment: 668s Test Organization Intermediate CA trusted Certificate 668s X509v3 Subject Key Identifier: 668s 68:86:F2:0F:B1:52:B4:97:09:64:D9:49:BB:CC:4E:00:3A:73:9E:A1 668s X509v3 Key Usage: critical 668s Digital Signature, Non Repudiation, Key Encipherment 668s X509v3 Extended Key Usage: 668s TLS Web Client Authentication, E-mail Protection 668s X509v3 Subject Alternative Name: 668s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 668s Signature Algorithm: sha256WithRSAEncryption 668s Signature Value: 668s 46:2c:3b:cc:b5:f4:b1:85:1d:e1:03:51:2a:4c:25:df:2b:bc: 668s 37:97:fc:3e:b9:b6:43:cc:de:1d:dd:16:e3:4c:ee:72:e6:2b: 668s e8:07:02:80:8b:7e:17:df:7f:50:51:ed:5f:de:1f:6c:ce:03: 668s 5d:75:34:8f:5a:c5:09:d1:92:cd:72:38:40:57:d5:5e:4a:6b: 668s f8:4d:4c:84:b9:13:0e:45:4c:02:c9:36:4f:b0:c3:66:8c:0e: 668s c6:63:b9:30:15:0a:da:c4:12:da:51:7f:06:a5:cc:70:04:51: 668s df:de:36:a7:7b:24:b8:c8:f9:19:a3:43:34:bc:b2:69:c9:29: 668s 65:c2 668s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-rsACTo/SSSD-child-5154-auth.pem 668s + found_md5=Modulus=B2E597F3725F5296667B7241EBE35D0035EF71F00F6BB7ED44988554EFCDFAA3117148F9160659FCD8E39D9FC4C946118C8E851789BEFEEEF238F606F3F3726368B0BF3635543CB2A7BE5063F0970D0A656530A77F1EAA60CB9216B7610D9B646F9DA08E53A52D15095A69A776DD1AA9B746C01D2B41D474D9DB7CD3979ACBFF 668s + '[' Modulus=B2E597F3725F5296667B7241EBE35D0035EF71F00F6BB7ED44988554EFCDFAA3117148F9160659FCD8E39D9FC4C946118C8E851789BEFEEEF238F606F3F3726368B0BF3635543CB2A7BE5063F0970D0A656530A77F1EAA60CB9216B7610D9B646F9DA08E53A52D15095A69A776DD1AA9B746C01D2B41D474D9DB7CD3979ACBFF '!=' Modulus=B2E597F3725F5296667B7241EBE35D0035EF71F00F6BB7ED44988554EFCDFAA3117148F9160659FCD8E39D9FC4C946118C8E851789BEFEEEF238F606F3F3726368B0BF3635543CB2A7BE5063F0970D0A656530A77F1EAA60CB9216B7610D9B646F9DA08E53A52D15095A69A776DD1AA9B746C01D2B41D474D9DB7CD3979ACBFF ']' 668s + invalid_certificate /tmp/sssd-softhsm2-rsACTo/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-25038 /tmp/sssd-softhsm2-rsACTo/test-intermediate-CA.pem 668s + check_certificate /tmp/sssd-softhsm2-rsACTo/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-25038 /tmp/sssd-softhsm2-rsACTo/test-intermediate-CA.pem 668s + local certificate=/tmp/sssd-softhsm2-rsACTo/test-intermediate-CA-trusted-certificate-0001.pem 668s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-25038 668s + local key_ring=/tmp/sssd-softhsm2-rsACTo/test-intermediate-CA.pem 668s + local verify_option= 668s + prepare_softhsm2_card /tmp/sssd-softhsm2-rsACTo/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-25038 668s + local certificate=/tmp/sssd-softhsm2-rsACTo/test-intermediate-CA-trusted-certificate-0001.pem 668s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-25038 668s + local key_cn 668s + local key_name 668s + local tokens_dir 668s + local output_cert_file 668s + token_name= 668s ++ basename /tmp/sssd-softhsm2-rsACTo/test-intermediate-CA-trusted-certificate-0001.pem .pem 668s + key_name=test-intermediate-CA-trusted-certificate-0001 668s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-rsACTo/test-intermediate-CA-trusted-certificate-0001.pem 668s ++ sed -n 's/ *commonName *= //p' 668s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 668s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 668s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-rsACTo/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 668s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-rsACTo/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 668s ++ basename /tmp/sssd-softhsm2-rsACTo/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 668s + tokens_dir=/tmp/sssd-softhsm2-rsACTo/softhsm2-test-intermediate-CA-trusted-certificate-0001 668s + token_name='Test Organization Interme Token' 668s + '[' '!' -e /tmp/sssd-softhsm2-rsACTo/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 668s + '[' '!' -d /tmp/sssd-softhsm2-rsACTo/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 668s + echo 'Test Organization Interme Token' 668s + '[' -n '' ']' 668s + local output_base_name=SSSD-child-17243 668s + local output_file=/tmp/sssd-softhsm2-rsACTo/SSSD-child-17243.output 668s + output_cert_file=/tmp/sssd-softhsm2-rsACTo/SSSD-child-17243.pem 668s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-rsACTo/test-intermediate-CA.pem 668s Test Organization Interme Token 668s [p11_child[2206]] [main] (0x0400): p11_child started. 668s [p11_child[2206]] [main] (0x2000): Running in [pre-auth] mode. 668s [p11_child[2206]] [main] (0x2000): Running with effective IDs: [0][0]. 668s [p11_child[2206]] [main] (0x2000): Running with real IDs [0][0]. 668s [p11_child[2206]] [do_card] (0x4000): Module List: 668s [p11_child[2206]] [do_card] (0x4000): common name: [softhsm2]. 668s [p11_child[2206]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 668s [p11_child[2206]] [do_card] (0x4000): Description [SoftHSM slot ID 0x6f2003d2] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 668s [p11_child[2206]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 668s [p11_child[2206]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x6f2003d2][1864369106] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 668s [p11_child[2206]] [do_card] (0x4000): Login NOT required. 668s [p11_child[2206]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 668s [p11_child[2206]] [do_verification] (0x0040): X509_verify_cert failed [0]. 668s [p11_child[2206]] [do_verification] (0x0040): X509_verify_cert failed [2][unable to get issuer certificate]. 668s [p11_child[2206]] [read_certs] (0x0040): Certificate [Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] not valid, skipping. 668s [p11_child[2206]] [do_card] (0x4000): No certificate found. 668s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-rsACTo/SSSD-child-17243.output 668s + return 2 668s + valid_certificate /tmp/sssd-softhsm2-rsACTo/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-25038 /tmp/sssd-softhsm2-rsACTo/test-intermediate-CA.pem partial_chain 668s + check_certificate /tmp/sssd-softhsm2-rsACTo/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-25038 /tmp/sssd-softhsm2-rsACTo/test-intermediate-CA.pem partial_chain 668s + local certificate=/tmp/sssd-softhsm2-rsACTo/test-intermediate-CA-trusted-certificate-0001.pem 668s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-25038 668s + local key_ring=/tmp/sssd-softhsm2-rsACTo/test-intermediate-CA.pem 668s + local verify_option=partial_chain 668s + prepare_softhsm2_card /tmp/sssd-softhsm2-rsACTo/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-25038 668s + local certificate=/tmp/sssd-softhsm2-rsACTo/test-intermediate-CA-trusted-certificate-0001.pem 668s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-25038 668s + local key_cn 668s + local key_name 668s + local tokens_dir 668s + local output_cert_file 668s + token_name= 668s ++ basename /tmp/sssd-softhsm2-rsACTo/test-intermediate-CA-trusted-certificate-0001.pem .pem 668s + key_name=test-intermediate-CA-trusted-certificate-0001 668s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-rsACTo/test-intermediate-CA-trusted-certificate-0001.pem 668s ++ sed -n 's/ *commonName *= //p' 668s Test Organization Interme Token 668s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 668s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 668s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-rsACTo/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 668s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-rsACTo/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 668s ++ basename /tmp/sssd-softhsm2-rsACTo/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 668s + tokens_dir=/tmp/sssd-softhsm2-rsACTo/softhsm2-test-intermediate-CA-trusted-certificate-0001 668s + token_name='Test Organization Interme Token' 668s + '[' '!' -e /tmp/sssd-softhsm2-rsACTo/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 668s + '[' '!' -d /tmp/sssd-softhsm2-rsACTo/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 668s + echo 'Test Organization Interme Token' 668s + '[' -n partial_chain ']' 668s + local verify_arg=--verify=partial_chain 668s + local output_base_name=SSSD-child-14923 668s + local output_file=/tmp/sssd-softhsm2-rsACTo/SSSD-child-14923.output 668s + output_cert_file=/tmp/sssd-softhsm2-rsACTo/SSSD-child-14923.pem 668s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-rsACTo/test-intermediate-CA.pem 668s [p11_child[2213]] [main] (0x0400): p11_child started. 668s [p11_child[2213]] [main] (0x2000): Running in [pre-auth] mode. 668s [p11_child[2213]] [main] (0x2000): Running with effective IDs: [0][0]. 668s [p11_child[2213]] [main] (0x2000): Running with real IDs [0][0]. 668s [p11_child[2213]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 668s [p11_child[2213]] [do_card] (0x4000): Module List: 668s [p11_child[2213]] [do_card] (0x4000): common name: [softhsm2]. 668s [p11_child[2213]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 668s [p11_child[2213]] [do_card] (0x4000): Description [SoftHSM slot ID 0x6f2003d2] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 668s [p11_child[2213]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 668s [p11_child[2213]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x6f2003d2][1864369106] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 668s [p11_child[2213]] [do_card] (0x4000): Login NOT required. 668s [p11_child[2213]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 668s [p11_child[2213]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 668s [p11_child[2213]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Interme Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 668s [p11_child[2213]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x6f2003d2;slot-manufacturer=SoftHSM%20project;slot-id=1864369106;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=defa04e76f2003d2;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 668s [p11_child[2213]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 668s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-rsACTo/SSSD-child-14923.output 668s + echo '-----BEGIN CERTIFICATE-----' 668s + tail -n1 /tmp/sssd-softhsm2-rsACTo/SSSD-child-14923.output 668s + echo '-----END CERTIFICATE-----' 668s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-rsACTo/SSSD-child-14923.pem 668s Certificate: 668s Data: 668s Version: 3 (0x2) 668s Serial Number: 4 (0x4) 668s Signature Algorithm: sha256WithRSAEncryption 668s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 668s Validity 668s Not Before: Mar 5 00:32:59 2024 GMT 668s Not After : Mar 5 00:32:59 2025 GMT 668s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 668s Subject Public Key Info: 668s Public Key Algorithm: rsaEncryption 668s Public-Key: (1024 bit) 668s Modulus: 668s 00:b2:e5:97:f3:72:5f:52:96:66:7b:72:41:eb:e3: 668s 5d:00:35:ef:71:f0:0f:6b:b7:ed:44:98:85:54:ef: 668s cd:fa:a3:11:71:48:f9:16:06:59:fc:d8:e3:9d:9f: 668s c4:c9:46:11:8c:8e:85:17:89:be:fe:ee:f2:38:f6: 668s 06:f3:f3:72:63:68:b0:bf:36:35:54:3c:b2:a7:be: 668s 50:63:f0:97:0d:0a:65:65:30:a7:7f:1e:aa:60:cb: 668s 92:16:b7:61:0d:9b:64:6f:9d:a0:8e:53:a5:2d:15: 668s 09:5a:69:a7:76:dd:1a:a9:b7:46:c0:1d:2b:41:d4: 668s 74:d9:db:7c:d3:97:9a:cb:ff 668s Exponent: 65537 (0x10001) 668s X509v3 extensions: 668s X509v3 Authority Key Identifier: 668s 8A:C7:FC:AC:82:67:46:7B:93:36:0A:20:20:0A:A3:19:AA:B1:69:AB 668s X509v3 Basic Constraints: 668s CA:FALSE 668s Netscape Cert Type: 668s SSL Client, S/MIME 668s Netscape Comment: 668s Test Organization Intermediate CA trusted Certificate 668s X509v3 Subject Key Identifier: 668s 68:86:F2:0F:B1:52:B4:97:09:64:D9:49:BB:CC:4E:00:3A:73:9E:A1 668s X509v3 Key Usage: critical 668s Digital Signature, Non Repudiation, Key Encipherment 668s X509v3 Extended Key Usage: 668s TLS Web Client Authentication, E-mail Protection 668s X509v3 Subject Alternative Name: 668s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 668s Signature Algorithm: sha256WithRSAEncryption 668s Signature Value: 668s 46:2c:3b:cc:b5:f4:b1:85:1d:e1:03:51:2a:4c:25:df:2b:bc: 668s 37:97:fc:3e:b9:b6:43:cc:de:1d:dd:16:e3:4c:ee:72:e6:2b: 668s e8:07:02:80:8b:7e:17:df:7f:50:51:ed:5f:de:1f:6c:ce:03: 668s 5d:75:34:8f:5a:c5:09:d1:92:cd:72:38:40:57:d5:5e:4a:6b: 668s f8:4d:4c:84:b9:13:0e:45:4c:02:c9:36:4f:b0:c3:66:8c:0e: 668s c6:63:b9:30:15:0a:da:c4:12:da:51:7f:06:a5:cc:70:04:51: 668s df:de:36:a7:7b:24:b8:c8:f9:19:a3:43:34:bc:b2:69:c9:29: 668s 65:c2 668s + local found_md5 expected_md5 668s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-rsACTo/test-intermediate-CA-trusted-certificate-0001.pem 668s + expected_md5=Modulus=B2E597F3725F5296667B7241EBE35D0035EF71F00F6BB7ED44988554EFCDFAA3117148F9160659FCD8E39D9FC4C946118C8E851789BEFEEEF238F606F3F3726368B0BF3635543CB2A7BE5063F0970D0A656530A77F1EAA60CB9216B7610D9B646F9DA08E53A52D15095A69A776DD1AA9B746C01D2B41D474D9DB7CD3979ACBFF 668s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-rsACTo/SSSD-child-14923.pem 668s + found_md5=Modulus=B2E597F3725F5296667B7241EBE35D0035EF71F00F6BB7ED44988554EFCDFAA3117148F9160659FCD8E39D9FC4C946118C8E851789BEFEEEF238F606F3F3726368B0BF3635543CB2A7BE5063F0970D0A656530A77F1EAA60CB9216B7610D9B646F9DA08E53A52D15095A69A776DD1AA9B746C01D2B41D474D9DB7CD3979ACBFF 668s + '[' Modulus=B2E597F3725F5296667B7241EBE35D0035EF71F00F6BB7ED44988554EFCDFAA3117148F9160659FCD8E39D9FC4C946118C8E851789BEFEEEF238F606F3F3726368B0BF3635543CB2A7BE5063F0970D0A656530A77F1EAA60CB9216B7610D9B646F9DA08E53A52D15095A69A776DD1AA9B746C01D2B41D474D9DB7CD3979ACBFF '!=' Modulus=B2E597F3725F5296667B7241EBE35D0035EF71F00F6BB7ED44988554EFCDFAA3117148F9160659FCD8E39D9FC4C946118C8E851789BEFEEEF238F606F3F3726368B0BF3635543CB2A7BE5063F0970D0A656530A77F1EAA60CB9216B7610D9B646F9DA08E53A52D15095A69A776DD1AA9B746C01D2B41D474D9DB7CD3979ACBFF ']' 668s + output_file=/tmp/sssd-softhsm2-rsACTo/SSSD-child-14923-auth.output 668s ++ basename /tmp/sssd-softhsm2-rsACTo/SSSD-child-14923-auth.output .output 668s + output_cert_file=/tmp/sssd-softhsm2-rsACTo/SSSD-child-14923-auth.pem 668s + echo -n 053350 668s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-rsACTo/test-intermediate-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Interme Token' --module_name /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so 668s [p11_child[2221]] [main] (0x0400): p11_child started. 668s [p11_child[2221]] [main] (0x2000): Running in [auth] mode. 668s [p11_child[2221]] [main] (0x2000): Running with effective IDs: [0][0]. 668s [p11_child[2221]] [main] (0x2000): Running with real IDs [0][0]. 668s [p11_child[2221]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 668s [p11_child[2221]] [do_card] (0x4000): Module List: 668s [p11_child[2221]] [do_card] (0x4000): common name: [softhsm2]. 668s [p11_child[2221]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 668s [p11_child[2221]] [do_card] (0x4000): Description [SoftHSM slot ID 0x6f2003d2] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 668s [p11_child[2221]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 668s [p11_child[2221]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x6f2003d2][1864369106] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 668s [p11_child[2221]] [do_card] (0x4000): Login required. 668s [p11_child[2221]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 668s [p11_child[2221]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 668s [p11_child[2221]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so Test Organization Interme Token Test Organization Interme Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 668s [p11_child[2221]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x6f2003d2;slot-manufacturer=SoftHSM%20project;slot-id=1864369106;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=defa04e76f2003d2;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 668s [p11_child[2221]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 668s [p11_child[2221]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 668s [p11_child[2221]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 668s [p11_child[2221]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 668s [p11_child[2221]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 668s [p11_child[2221]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 668s [p11_child[2221]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 668s [p11_child[2221]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 668s [p11_child[2221]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 668s [p11_child[2221]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 668s [p11_child[2221]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 668s [p11_child[2221]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 668s [p11_child[2221]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 668s [p11_child[2221]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 668s [p11_child[2221]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 668s [p11_child[2221]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 668s [p11_child[2221]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 668s [p11_child[2221]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 668s [p11_child[2221]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 668s [p11_child[2221]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 668s [p11_child[2221]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 668s [p11_child[2221]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 668s [p11_child[2221]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 668s [p11_child[2221]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 668s [p11_child[2221]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 668s [p11_child[2221]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 668s [p11_child[2221]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 668s [p11_child[2221]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 668s [p11_child[2221]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 668s [p11_child[2221]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 668s [p11_child[2221]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 668s [p11_child[2221]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 668s [p11_child[2221]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 668s [p11_child[2221]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 668s [p11_child[2221]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 668s [p11_child[2221]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 668s [p11_child[2221]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 668s [p11_child[2221]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 668s [p11_child[2221]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 668s [p11_child[2221]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 668s [p11_child[2221]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 668s [p11_child[2221]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 668s [p11_child[2221]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 668s [p11_child[2221]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 668s [p11_child[2221]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 668s [p11_child[2221]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 668s [p11_child[2221]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 668s [p11_child[2221]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 668s [p11_child[2221]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 668s [p11_child[2221]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 668s [p11_child[2221]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 668s [p11_child[2221]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 668s [p11_child[2221]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 668s [p11_child[2221]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 668s [p11_child[2221]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 668s [p11_child[2221]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 668s [p11_child[2221]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 668s [p11_child[2221]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 668s [p11_child[2221]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 668s [p11_child[2221]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 668s [p11_child[2221]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 668s [p11_child[2221]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 668s [p11_child[2221]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 668s [p11_child[2221]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 668s [p11_child[2221]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 668s [p11_child[2221]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 668s [p11_child[2221]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 668s [p11_child[2221]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 668s [p11_child[2221]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 668s [p11_child[2221]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 668s [p11_child[2221]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 668s [p11_child[2221]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 668s [p11_child[2221]] [do_card] (0x4000): Certificate verified and validated. 668s [p11_child[2221]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 668s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-rsACTo/SSSD-child-14923-auth.output 668s + echo '-----BEGIN CERTIFICATE-----' 668s + tail -n1 /tmp/sssd-softhsm2-rsACTo/SSSD-child-14923-auth.output 668s + echo '-----END CERTIFICATE-----' 668s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-rsACTo/SSSD-child-14923-auth.pem 668s Certificate: 668s Data: 668s Version: 3 (0x2) 668s Serial Number: 4 (0x4) 668s Signature Algorithm: sha256WithRSAEncryption 668s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 668s Validity 668s Not Before: Mar 5 00:32:59 2024 GMT 668s Not After : Mar 5 00:32:59 2025 GMT 668s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 668s Subject Public Key Info: 668s Public Key Algorithm: rsaEncryption 668s Public-Key: (1024 bit) 668s Modulus: 668s 00:b2:e5:97:f3:72:5f:52:96:66:7b:72:41:eb:e3: 668s 5d:00:35:ef:71:f0:0f:6b:b7:ed:44:98:85:54:ef: 668s cd:fa:a3:11:71:48:f9:16:06:59:fc:d8:e3:9d:9f: 668s c4:c9:46:11:8c:8e:85:17:89:be:fe:ee:f2:38:f6: 668s 06:f3:f3:72:63:68:b0:bf:36:35:54:3c:b2:a7:be: 668s 50:63:f0:97:0d:0a:65:65:30:a7:7f:1e:aa:60:cb: 668s 92:16:b7:61:0d:9b:64:6f:9d:a0:8e:53:a5:2d:15: 668s 09:5a:69:a7:76:dd:1a:a9:b7:46:c0:1d:2b:41:d4: 668s 74:d9:db:7c:d3:97:9a:cb:ff 668s Exponent: 65537 (0x10001) 668s X509v3 extensions: 668s X509v3 Authority Key Identifier: 668s 8A:C7:FC:AC:82:67:46:7B:93:36:0A:20:20:0A:A3:19:AA:B1:69:AB 668s X509v3 Basic Constraints: 668s CA:FALSE 668s Netscape Cert Type: 668s SSL Client, S/MIME 668s Netscape Comment: 668s Test Organization Intermediate CA trusted Certificate 668s X509v3 Subject Key Identifier: 668s 68:86:F2:0F:B1:52:B4:97:09:64:D9:49:BB:CC:4E:00:3A:73:9E:A1 668s X509v3 Key Usage: critical 668s Digital Signature, Non Repudiation, Key Encipherment 668s X509v3 Extended Key Usage: 668s TLS Web Client Authentication, E-mail Protection 668s X509v3 Subject Alternative Name: 668s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 668s Signature Algorithm: sha256WithRSAEncryption 668s Signature Value: 668s 46:2c:3b:cc:b5:f4:b1:85:1d:e1:03:51:2a:4c:25:df:2b:bc: 668s 37:97:fc:3e:b9:b6:43:cc:de:1d:dd:16:e3:4c:ee:72:e6:2b: 668s e8:07:02:80:8b:7e:17:df:7f:50:51:ed:5f:de:1f:6c:ce:03: 668s 5d:75:34:8f:5a:c5:09:d1:92:cd:72:38:40:57:d5:5e:4a:6b: 668s f8:4d:4c:84:b9:13:0e:45:4c:02:c9:36:4f:b0:c3:66:8c:0e: 668s c6:63:b9:30:15:0a:da:c4:12:da:51:7f:06:a5:cc:70:04:51: 668s df:de:36:a7:7b:24:b8:c8:f9:19:a3:43:34:bc:b2:69:c9:29: 668s 65:c2 668s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-rsACTo/SSSD-child-14923-auth.pem 668s + found_md5=Modulus=B2E597F3725F5296667B7241EBE35D0035EF71F00F6BB7ED44988554EFCDFAA3117148F9160659FCD8E39D9FC4C946118C8E851789BEFEEEF238F606F3F3726368B0BF3635543CB2A7BE5063F0970D0A656530A77F1EAA60CB9216B7610D9B646F9DA08E53A52D15095A69A776DD1AA9B746C01D2B41D474D9DB7CD3979ACBFF 668s + '[' Modulus=B2E597F3725F5296667B7241EBE35D0035EF71F00F6BB7ED44988554EFCDFAA3117148F9160659FCD8E39D9FC4C946118C8E851789BEFEEEF238F606F3F3726368B0BF3635543CB2A7BE5063F0970D0A656530A77F1EAA60CB9216B7610D9B646F9DA08E53A52D15095A69A776DD1AA9B746C01D2B41D474D9DB7CD3979ACBFF '!=' Modulus=B2E597F3725F5296667B7241EBE35D0035EF71F00F6BB7ED44988554EFCDFAA3117148F9160659FCD8E39D9FC4C946118C8E851789BEFEEEF238F606F3F3726368B0BF3635543CB2A7BE5063F0970D0A656530A77F1EAA60CB9216B7610D9B646F9DA08E53A52D15095A69A776DD1AA9B746C01D2B41D474D9DB7CD3979ACBFF ']' 668s + invalid_certificate /tmp/sssd-softhsm2-rsACTo/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-16541 /tmp/sssd-softhsm2-rsACTo/test-root-CA.pem 668s + check_certificate /tmp/sssd-softhsm2-rsACTo/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-16541 /tmp/sssd-softhsm2-rsACTo/test-root-CA.pem 668s + local certificate=/tmp/sssd-softhsm2-rsACTo/test-sub-intermediate-CA-trusted-certificate-0001.pem 668s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-16541 668s + local key_ring=/tmp/sssd-softhsm2-rsACTo/test-root-CA.pem 668s + local verify_option= 668s + prepare_softhsm2_card /tmp/sssd-softhsm2-rsACTo/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-16541 668s + local certificate=/tmp/sssd-softhsm2-rsACTo/test-sub-intermediate-CA-trusted-certificate-0001.pem 668s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-16541 668s + local key_cn 668s + local key_name 668s + local tokens_dir 668s + local output_cert_file 668s + token_name= 668s ++ basename /tmp/sssd-softhsm2-rsACTo/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 668s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 668s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-rsACTo/test-sub-intermediate-CA-trusted-certificate-0001.pem 668s ++ sed -n 's/ *commonName *= //p' 668s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 668s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 668s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-rsACTo/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 668s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-rsACTo/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 668s ++ basename /tmp/sssd-softhsm2-rsACTo/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 668s + tokens_dir=/tmp/sssd-softhsm2-rsACTo/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 668s + token_name='Test Organization Sub Int Token' 668s + '[' '!' -e /tmp/sssd-softhsm2-rsACTo/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 668s + local key_file 668s + local decrypted_key 668s + mkdir -p /tmp/sssd-softhsm2-rsACTo/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 668s + key_file=/tmp/sssd-softhsm2-rsACTo/test-sub-intermediate-CA-trusted-certificate-0001-key.pem 668s + decrypted_key=/tmp/sssd-softhsm2-rsACTo/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 668s + cat 668s + softhsm2-util --init-token --label 'Test Organization Sub Int Token' --pin 053350 --so-pin 053350 --free 668s Slot 0 has a free/uninitialized token. 668s The token has been initialized and is reassigned to slot 955889221 668s + softhsm2-util --show-slots 668s Available slots: 668s Slot 955889221 668s Slot info: 668s Description: SoftHSM slot ID 0x38f9b645 668s Manufacturer ID: SoftHSM project 668s Hardware version: 2.6 668s Firmware version: 2.6 668s Token present: yes 668s Token info: 668s Manufacturer ID: SoftHSM project 668s Model: SoftHSM v2 668s Hardware version: 2.6 668s Firmware version: 2.6 668s Serial number: 7d5ffa3bb8f9b645 668s Initialized: yes 668s User PIN init.: yes 668s Label: Test Organization Sub Int Token 668s Slot 1 668s Slot info: 668s Description: SoftHSM slot ID 0x1 668s Manufacturer ID: SoftHSM project 668s Hardware version: 2.6 668s Firmware version: 2.6 668s Token present: yes 668s Token info: 668s Manufacturer ID: SoftHSM project 668s Model: SoftHSM v2 668s Hardware version: 2.6 668s Firmware version: 2.6 668s Serial number: 668s Initialized: no 668s User PIN init.: no 668s Label: 668s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=/tmp/sssd-softhsm2-rsACTo/test-sub-intermediate-CA-trusted-certificate-0001.pem --login --set-pin=053350 --label 'Test Organization Sub Intermediate Trusted Certificate 0001' --id 00112233445566778899FFAABBCCDDEEFF012345 668s + openssl rsa -passin pass:random-sub-intermediate-ca-trusted-cert-0001-16541 -in /tmp/sssd-softhsm2-rsACTo/test-sub-intermediate-CA-trusted-certificate-0001-key.pem -out /tmp/sssd-softhsm2-rsACTo/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 668s writing RSA key 668s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --write --load-privkey=/tmp/sssd-softhsm2-rsACTo/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem --login --set-pin=053350 --label 'Test Organization Sub Intermediate Trusted Certificate 0001 Key' --id 00112233445566778899FFAABBCCDDEEFF012345 668s + rm /tmp/sssd-softhsm2-rsACTo/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 668s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --list-all 668s + echo 'Test Organization Sub Int Token' 668s + '[' -n '' ']' 668s + local output_base_name=SSSD-child-29774 668s + local output_file=/tmp/sssd-softhsm2-rsACTo/SSSD-child-29774.output 668s + output_cert_file=/tmp/sssd-softhsm2-rsACTo/SSSD-child-29774.pem 668s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-rsACTo/test-root-CA.pem 668s Object 0: 668s URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=7d5ffa3bb8f9b645;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert 668s Type: X.509 Certificate (RSA-1024) 668s Expires: Wed Mar 5 00:32:59 2025 668s Label: Test Organization Sub Intermediate Trusted Certificate 0001 668s ID: 00:11:22:33:44:55:66:77:88:99:ff:aa:bb:cc:dd:ee:ff:01:23:45 668s 668s Test Organization Sub Int Token 668s [p11_child[2240]] [main] (0x0400): p11_child started. 668s [p11_child[2240]] [main] (0x2000): Running in [pre-auth] mode. 668s [p11_child[2240]] [main] (0x2000): Running with effective IDs: [0][0]. 668s [p11_child[2240]] [main] (0x2000): Running with real IDs [0][0]. 668s [p11_child[2240]] [do_card] (0x4000): Module List: 668s [p11_child[2240]] [do_card] (0x4000): common name: [softhsm2]. 668s [p11_child[2240]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 668s [p11_child[2240]] [do_card] (0x4000): Description [SoftHSM slot ID 0x38f9b645] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 668s [p11_child[2240]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 668s [p11_child[2240]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x38f9b645][955889221] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 668s [p11_child[2240]] [do_card] (0x4000): Login NOT required. 668s [p11_child[2240]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 668s [p11_child[2240]] [do_verification] (0x0040): X509_verify_cert failed [0]. 668s [p11_child[2240]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 668s [p11_child[2240]] [read_certs] (0x0040): Certificate [Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] not valid, skipping. 668s [p11_child[2240]] [do_card] (0x4000): No certificate found. 668s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-rsACTo/SSSD-child-29774.output 668s + return 2 668s + invalid_certificate /tmp/sssd-softhsm2-rsACTo/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-16541 /tmp/sssd-softhsm2-rsACTo/test-root-CA.pem partial_chain 668s + check_certificate /tmp/sssd-softhsm2-rsACTo/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-16541 /tmp/sssd-softhsm2-rsACTo/test-root-CA.pem partial_chain 668s + local certificate=/tmp/sssd-softhsm2-rsACTo/test-sub-intermediate-CA-trusted-certificate-0001.pem 668s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-16541 668s + local key_ring=/tmp/sssd-softhsm2-rsACTo/test-root-CA.pem 668s + local verify_option=partial_chain 668s + prepare_softhsm2_card /tmp/sssd-softhsm2-rsACTo/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-16541 668s + local certificate=/tmp/sssd-softhsm2-rsACTo/test-sub-intermediate-CA-trusted-certificate-0001.pem 668s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-16541 668s + local key_cn 668s + local key_name 668s + local tokens_dir 668s + local output_cert_file 668s + token_name= 668s ++ basename /tmp/sssd-softhsm2-rsACTo/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 668s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 668s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-rsACTo/test-sub-intermediate-CA-trusted-certificate-0001.pem 668s ++ sed -n 's/ *commonName *= //p' 668s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 668s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 668s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-rsACTo/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 668s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-rsACTo/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 668s ++ basename /tmp/sssd-softhsm2-rsACTo/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 668s + tokens_dir=/tmp/sssd-softhsm2-rsACTo/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 668s + token_name='Test Organization Sub Int Token' 668s + '[' '!' -e /tmp/sssd-softhsm2-rsACTo/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 668s + '[' '!' -d /tmp/sssd-softhsm2-rsACTo/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 668s + echo 'Test Organization Sub Int Token' 668s + '[' -n partial_chain ']' 668s + local verify_arg=--verify=partial_chain 668s + local output_base_name=SSSD-child-8080 668s + local output_file=/tmp/sssd-softhsm2-rsACTo/SSSD-child-8080.output 668s + output_cert_file=/tmp/sssd-softhsm2-rsACTo/SSSD-child-8080.pem 668s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-rsACTo/test-root-CA.pem 668s [p11_child[2247]] [main] (0x0400): p11_child started. 668s [p11_child[2247]] [main] (0x2000): Running in [pre-auth] mode. 668s [p11_child[2247]] [main] (0x2000): Running with effective IDs: [0][0]. 668s [p11_child[2247]] [main] (0x2000): Running with real IDs [0][0]. 668s [p11_child[2247]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 668s Test Organization Sub Int Token 668s [p11_child[2247]] [do_card] (0x4000): Module List: 668s [p11_child[2247]] [do_card] (0x4000): common name: [softhsm2]. 668s [p11_child[2247]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 668s [p11_child[2247]] [do_card] (0x4000): Description [SoftHSM slot ID 0x38f9b645] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 668s [p11_child[2247]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 668s [p11_child[2247]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x38f9b645][955889221] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 668s [p11_child[2247]] [do_card] (0x4000): Login NOT required. 668s [p11_child[2247]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 668s [p11_child[2247]] [do_verification] (0x0040): X509_verify_cert failed [0]. 668s [p11_child[2247]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 668s [p11_child[2247]] [read_certs] (0x0040): Certificate [Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] not valid, skipping. 668s [p11_child[2247]] [do_card] (0x4000): No certificate found. 668s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-rsACTo/SSSD-child-8080.output 668s + return 2 668s + valid_certificate /tmp/sssd-softhsm2-rsACTo/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-16541 /tmp/sssd-softhsm2-rsACTo/test-full-chain-CA.pem 668s + check_certificate /tmp/sssd-softhsm2-rsACTo/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-16541 /tmp/sssd-softhsm2-rsACTo/test-full-chain-CA.pem 668s + local certificate=/tmp/sssd-softhsm2-rsACTo/test-sub-intermediate-CA-trusted-certificate-0001.pem 668s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-16541 668s + local key_ring=/tmp/sssd-softhsm2-rsACTo/test-full-chain-CA.pem 668s + local verify_option= 668s + prepare_softhsm2_card /tmp/sssd-softhsm2-rsACTo/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-16541 668s + local certificate=/tmp/sssd-softhsm2-rsACTo/test-sub-intermediate-CA-trusted-certificate-0001.pem 668s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-16541 668s + local key_cn 668s + local key_name 668s + local tokens_dir 668s + local output_cert_file 668s + token_name= 668s ++ basename /tmp/sssd-softhsm2-rsACTo/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 668s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 668s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-rsACTo/test-sub-intermediate-CA-trusted-certificate-0001.pem 668s ++ sed -n 's/ *commonName *= //p' 668s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 668s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 668s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-rsACTo/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 668s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-rsACTo/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 668s ++ basename /tmp/sssd-softhsm2-rsACTo/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 668s + tokens_dir=/tmp/sssd-softhsm2-rsACTo/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 668s + token_name='Test Organization Sub Int Token' 668s + '[' '!' -e /tmp/sssd-softhsm2-rsACTo/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 668s Test Organization Sub Int Token 668s + '[' '!' -d /tmp/sssd-softhsm2-rsACTo/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 668s + echo 'Test Organization Sub Int Token' 668s + '[' -n '' ']' 668s + local output_base_name=SSSD-child-30965 668s + local output_file=/tmp/sssd-softhsm2-rsACTo/SSSD-child-30965.output 668s + output_cert_file=/tmp/sssd-softhsm2-rsACTo/SSSD-child-30965.pem 668s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-rsACTo/test-full-chain-CA.pem 668s [p11_child[2254]] [main] (0x0400): p11_child started. 668s [p11_child[2254]] [main] (0x2000): Running in [pre-auth] mode. 668s [p11_child[2254]] [main] (0x2000): Running with effective IDs: [0][0]. 668s [p11_child[2254]] [main] (0x2000): Running with real IDs [0][0]. 668s [p11_child[2254]] [do_card] (0x4000): Module List: 668s [p11_child[2254]] [do_card] (0x4000): common name: [softhsm2]. 668s [p11_child[2254]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 668s [p11_child[2254]] [do_card] (0x4000): Description [SoftHSM slot ID 0x38f9b645] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 668s [p11_child[2254]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 668s [p11_child[2254]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x38f9b645][955889221] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 668s [p11_child[2254]] [do_card] (0x4000): Login NOT required. 668s [p11_child[2254]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 668s [p11_child[2254]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 668s [p11_child[2254]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Sub Int Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 668s [p11_child[2254]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x38f9b645;slot-manufacturer=SoftHSM%20project;slot-id=955889221;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=7d5ffa3bb8f9b645;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 668s [p11_child[2254]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 668s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-rsACTo/SSSD-child-30965.output 668s + echo '-----BEGIN CERTIFICATE-----' 668s + tail -n1 /tmp/sssd-softhsm2-rsACTo/SSSD-child-30965.output 668s + echo '-----END CERTIFICATE-----' 668s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-rsACTo/SSSD-child-30965.pem 669s + local found_md5 expected_md5 669s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-rsACTo/test-sub-intermediate-CA-trusted-certificate-0001.pem 669s Certificate: 669s Data: 669s Version: 3 (0x2) 669s Serial Number: 5 (0x5) 669s Signature Algorithm: sha256WithRSAEncryption 669s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 669s Validity 669s Not Before: Mar 5 00:32:59 2024 GMT 669s Not After : Mar 5 00:32:59 2025 GMT 669s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 669s Subject Public Key Info: 669s Public Key Algorithm: rsaEncryption 669s Public-Key: (1024 bit) 669s Modulus: 669s 00:d4:ae:a2:c4:27:56:00:8c:88:a2:90:98:61:ba: 669s e5:a7:f8:c9:8b:55:08:1b:8c:7b:fc:fc:37:d9:77: 669s 7b:d5:b5:31:60:ce:f0:44:11:76:4f:17:b8:1d:91: 669s c9:06:14:06:e4:f3:52:5a:f1:1f:34:2b:19:bd:87: 669s 01:5d:be:bd:22:2d:fc:b9:a9:ed:38:7f:ff:fc:7f: 669s 94:92:a3:f8:e8:20:77:6e:b8:36:b3:75:b4:3f:09: 669s 7d:38:0c:cd:c6:de:13:c1:c1:92:d9:12:59:9b:81: 669s e7:40:83:3f:c1:05:8a:64:da:70:fe:02:05:7e:f1: 669s 20:0e:dc:a3:a6:f0:a3:5e:6d 669s Exponent: 65537 (0x10001) 669s X509v3 extensions: 669s X509v3 Authority Key Identifier: 669s 89:DB:63:36:EB:0A:59:7A:4A:CB:80:BA:E4:4D:32:2F:2A:E5:24:F8 669s X509v3 Basic Constraints: 669s CA:FALSE 669s Netscape Cert Type: 669s SSL Client, S/MIME 669s Netscape Comment: 669s Test Organization Sub Intermediate CA trusted Certificate 669s X509v3 Subject Key Identifier: 669s 6B:FD:2E:10:70:3A:18:D8:63:A7:8F:3E:30:1C:F2:A1:FD:A6:00:4E 669s X509v3 Key Usage: critical 669s Digital Signature, Non Repudiation, Key Encipherment 669s X509v3 Extended Key Usage: 669s TLS Web Client Authentication, E-mail Protection 669s X509v3 Subject Alternative Name: 669s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 669s Signature Algorithm: sha256WithRSAEncryption 669s Signature Value: 669s 45:8d:d2:91:4a:16:e2:e8:d5:06:09:35:0c:36:6e:76:65:05: 669s 24:2a:43:f5:ca:4d:c1:c4:c0:22:67:e8:c2:b4:bc:71:d5:b8: 669s 19:f5:04:09:bd:ab:75:60:d2:a6:62:27:9b:70:4a:bf:bd:ca: 669s 61:7a:7d:e9:a5:fb:79:a5:4f:29:8a:78:90:16:08:98:0d:20: 669s 27:36:40:6e:29:30:e4:97:a4:33:d2:7b:8e:e4:3d:50:d7:71: 669s 34:b2:29:fc:4e:f5:41:d6:5f:40:2e:d3:19:8a:5e:66:4f:e7: 669s dc:2e:bc:ee:a7:dc:1c:7f:06:a2:c8:a2:81:0b:91:c4:56:b0: 669s 42:9f 669s + expected_md5=Modulus=D4AEA2C42756008C88A2909861BAE5A7F8C98B55081B8C7BFCFC37D9777BD5B53160CEF04411764F17B81D91C9061406E4F3525AF11F342B19BD87015DBEBD222DFCB9A9ED387FFFFC7F9492A3F8E820776EB836B375B43F097D380CCDC6DE13C1C192D912599B81E740833FC1058A64DA70FE02057EF1200EDCA3A6F0A35E6D 669s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-rsACTo/SSSD-child-30965.pem 669s + found_md5=Modulus=D4AEA2C42756008C88A2909861BAE5A7F8C98B55081B8C7BFCFC37D9777BD5B53160CEF04411764F17B81D91C9061406E4F3525AF11F342B19BD87015DBEBD222DFCB9A9ED387FFFFC7F9492A3F8E820776EB836B375B43F097D380CCDC6DE13C1C192D912599B81E740833FC1058A64DA70FE02057EF1200EDCA3A6F0A35E6D 669s + '[' Modulus=D4AEA2C42756008C88A2909861BAE5A7F8C98B55081B8C7BFCFC37D9777BD5B53160CEF04411764F17B81D91C9061406E4F3525AF11F342B19BD87015DBEBD222DFCB9A9ED387FFFFC7F9492A3F8E820776EB836B375B43F097D380CCDC6DE13C1C192D912599B81E740833FC1058A64DA70FE02057EF1200EDCA3A6F0A35E6D '!=' Modulus=D4AEA2C42756008C88A2909861BAE5A7F8C98B55081B8C7BFCFC37D9777BD5B53160CEF04411764F17B81D91C9061406E4F3525AF11F342B19BD87015DBEBD222DFCB9A9ED387FFFFC7F9492A3F8E820776EB836B375B43F097D380CCDC6DE13C1C192D912599B81E740833FC1058A64DA70FE02057EF1200EDCA3A6F0A35E6D ']' 669s + output_file=/tmp/sssd-softhsm2-rsACTo/SSSD-child-30965-auth.output 669s ++ basename /tmp/sssd-softhsm2-rsACTo/SSSD-child-30965-auth.output .output 669s + output_cert_file=/tmp/sssd-softhsm2-rsACTo/SSSD-child-30965-auth.pem 669s + echo -n 053350 669s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-rsACTo/test-full-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 '' --token_name 'Test Organization Sub Int Token' --module_name /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so 669s [p11_child[2262]] [main] (0x0400): p11_child started. 669s [p11_child[2262]] [main] (0x2000): Running in [auth] mode. 669s [p11_child[2262]] [main] (0x2000): Running with effective IDs: [0][0]. 669s [p11_child[2262]] [main] (0x2000): Running with real IDs [0][0]. 669s [p11_child[2262]] [do_card] (0x4000): Module List: 669s [p11_child[2262]] [do_card] (0x4000): common name: [softhsm2]. 669s [p11_child[2262]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 669s [p11_child[2262]] [do_card] (0x4000): Description [SoftHSM slot ID 0x38f9b645] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 669s [p11_child[2262]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 669s [p11_child[2262]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x38f9b645][955889221] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 669s [p11_child[2262]] [do_card] (0x4000): Login required. 669s [p11_child[2262]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 669s [p11_child[2262]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 669s [p11_child[2262]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so Test Organization Sub Int Token Test Organization Sub Int Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 669s [p11_child[2262]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x38f9b645;slot-manufacturer=SoftHSM%20project;slot-id=955889221;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=7d5ffa3bb8f9b645;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 669s [p11_child[2262]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 669s [p11_child[2262]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 669s [p11_child[2262]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 669s [p11_child[2262]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 669s [p11_child[2262]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 669s [p11_child[2262]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 669s [p11_child[2262]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 669s [p11_child[2262]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 669s [p11_child[2262]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 669s [p11_child[2262]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 669s [p11_child[2262]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 669s [p11_child[2262]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 669s [p11_child[2262]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 669s [p11_child[2262]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 669s [p11_child[2262]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 669s [p11_child[2262]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 669s [p11_child[2262]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 669s [p11_child[2262]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 669s [p11_child[2262]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 669s [p11_child[2262]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 669s [p11_child[2262]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 669s [p11_child[2262]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 669s [p11_child[2262]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 669s [p11_child[2262]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 669s [p11_child[2262]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 669s [p11_child[2262]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 669s [p11_child[2262]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 669s [p11_child[2262]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 669s [p11_child[2262]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 669s [p11_child[2262]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 669s [p11_child[2262]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 669s [p11_child[2262]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 669s [p11_child[2262]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 669s [p11_child[2262]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 669s [p11_child[2262]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 669s [p11_child[2262]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 669s [p11_child[2262]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 669s [p11_child[2262]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 669s [p11_child[2262]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 669s [p11_child[2262]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 669s [p11_child[2262]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 669s [p11_child[2262]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 669s [p11_child[2262]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 669s [p11_child[2262]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 669s [p11_child[2262]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 669s [p11_child[2262]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 669s [p11_child[2262]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 669s [p11_child[2262]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 669s [p11_child[2262]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 669s [p11_child[2262]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 669s [p11_child[2262]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 669s [p11_child[2262]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 669s [p11_child[2262]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 669s [p11_child[2262]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 669s [p11_child[2262]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 669s [p11_child[2262]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 669s [p11_child[2262]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 669s [p11_child[2262]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 669s [p11_child[2262]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 669s [p11_child[2262]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 669s [p11_child[2262]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 669s [p11_child[2262]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 669s [p11_child[2262]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 669s [p11_child[2262]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 669s [p11_child[2262]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 669s [p11_child[2262]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 669s [p11_child[2262]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 669s [p11_child[2262]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 669s [p11_child[2262]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 669s [p11_child[2262]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 669s [p11_child[2262]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 669s [p11_child[2262]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 669s [p11_child[2262]] [do_card] (0x4000): Certificate verified and validated. 669s [p11_child[2262]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 669s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-rsACTo/SSSD-child-30965-auth.output 669s + echo '-----BEGIN CERTIFICATE-----' 669s + tail -n1 /tmp/sssd-softhsm2-rsACTo/SSSD-child-30965-auth.output 669s + echo '-----END CERTIFICATE-----' 669s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-rsACTo/SSSD-child-30965-auth.pem 669s Certificate: 669s Data: 669s Version: 3 (0x2) 669s Serial Number: 5 (0x5) 669s Signature Algorithm: sha256WithRSAEncryption 669s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 669s Validity 669s Not Before: Mar 5 00:32:59 2024 GMT 669s Not After : Mar 5 00:32:59 2025 GMT 669s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 669s Subject Public Key Info: 669s Public Key Algorithm: rsaEncryption 669s Public-Key: (1024 bit) 669s Modulus: 669s 00:d4:ae:a2:c4:27:56:00:8c:88:a2:90:98:61:ba: 669s e5:a7:f8:c9:8b:55:08:1b:8c:7b:fc:fc:37:d9:77: 669s 7b:d5:b5:31:60:ce:f0:44:11:76:4f:17:b8:1d:91: 669s c9:06:14:06:e4:f3:52:5a:f1:1f:34:2b:19:bd:87: 669s 01:5d:be:bd:22:2d:fc:b9:a9:ed:38:7f:ff:fc:7f: 669s 94:92:a3:f8:e8:20:77:6e:b8:36:b3:75:b4:3f:09: 669s 7d:38:0c:cd:c6:de:13:c1:c1:92:d9:12:59:9b:81: 669s e7:40:83:3f:c1:05:8a:64:da:70:fe:02:05:7e:f1: 669s 20:0e:dc:a3:a6:f0:a3:5e:6d 669s Exponent: 65537 (0x10001) 669s X509v3 extensions: 669s X509v3 Authority Key Identifier: 669s 89:DB:63:36:EB:0A:59:7A:4A:CB:80:BA:E4:4D:32:2F:2A:E5:24:F8 669s X509v3 Basic Constraints: 669s CA:FALSE 669s Netscape Cert Type: 669s SSL Client, S/MIME 669s Netscape Comment: 669s Test Organization Sub Intermediate CA trusted Certificate 669s X509v3 Subject Key Identifier: 669s 6B:FD:2E:10:70:3A:18:D8:63:A7:8F:3E:30:1C:F2:A1:FD:A6:00:4E 669s X509v3 Key Usage: critical 669s Digital Signature, Non Repudiation, Key Encipherment 669s X509v3 Extended Key Usage: 669s TLS Web Client Authentication, E-mail Protection 669s X509v3 Subject Alternative Name: 669s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 669s Signature Algorithm: sha256WithRSAEncryption 669s Signature Value: 669s 45:8d:d2:91:4a:16:e2:e8:d5:06:09:35:0c:36:6e:76:65:05: 669s 24:2a:43:f5:ca:4d:c1:c4:c0:22:67:e8:c2:b4:bc:71:d5:b8: 669s 19:f5:04:09:bd:ab:75:60:d2:a6:62:27:9b:70:4a:bf:bd:ca: 669s 61:7a:7d:e9:a5:fb:79:a5:4f:29:8a:78:90:16:08:98:0d:20: 669s 27:36:40:6e:29:30:e4:97:a4:33:d2:7b:8e:e4:3d:50:d7:71: 669s 34:b2:29:fc:4e:f5:41:d6:5f:40:2e:d3:19:8a:5e:66:4f:e7: 669s dc:2e:bc:ee:a7:dc:1c:7f:06:a2:c8:a2:81:0b:91:c4:56:b0: 669s 42:9f 669s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-rsACTo/SSSD-child-30965-auth.pem 669s + found_md5=Modulus=D4AEA2C42756008C88A2909861BAE5A7F8C98B55081B8C7BFCFC37D9777BD5B53160CEF04411764F17B81D91C9061406E4F3525AF11F342B19BD87015DBEBD222DFCB9A9ED387FFFFC7F9492A3F8E820776EB836B375B43F097D380CCDC6DE13C1C192D912599B81E740833FC1058A64DA70FE02057EF1200EDCA3A6F0A35E6D 669s + '[' Modulus=D4AEA2C42756008C88A2909861BAE5A7F8C98B55081B8C7BFCFC37D9777BD5B53160CEF04411764F17B81D91C9061406E4F3525AF11F342B19BD87015DBEBD222DFCB9A9ED387FFFFC7F9492A3F8E820776EB836B375B43F097D380CCDC6DE13C1C192D912599B81E740833FC1058A64DA70FE02057EF1200EDCA3A6F0A35E6D '!=' Modulus=D4AEA2C42756008C88A2909861BAE5A7F8C98B55081B8C7BFCFC37D9777BD5B53160CEF04411764F17B81D91C9061406E4F3525AF11F342B19BD87015DBEBD222DFCB9A9ED387FFFFC7F9492A3F8E820776EB836B375B43F097D380CCDC6DE13C1C192D912599B81E740833FC1058A64DA70FE02057EF1200EDCA3A6F0A35E6D ']' 669s + valid_certificate /tmp/sssd-softhsm2-rsACTo/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-16541 /tmp/sssd-softhsm2-rsACTo/test-full-chain-CA.pem partial_chain 669s + check_certificate /tmp/sssd-softhsm2-rsACTo/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-16541 /tmp/sssd-softhsm2-rsACTo/test-full-chain-CA.pem partial_chain 669s + local certificate=/tmp/sssd-softhsm2-rsACTo/test-sub-intermediate-CA-trusted-certificate-0001.pem 669s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-16541 669s + local key_ring=/tmp/sssd-softhsm2-rsACTo/test-full-chain-CA.pem 669s + local verify_option=partial_chain 669s + prepare_softhsm2_card /tmp/sssd-softhsm2-rsACTo/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-16541 669s + local certificate=/tmp/sssd-softhsm2-rsACTo/test-sub-intermediate-CA-trusted-certificate-0001.pem 669s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-16541 669s + local key_cn 669s + local key_name 669s + local tokens_dir 669s + local output_cert_file 669s + token_name= 669s ++ basename /tmp/sssd-softhsm2-rsACTo/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 669s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 669s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-rsACTo/test-sub-intermediate-CA-trusted-certificate-0001.pem 669s ++ sed -n 's/ *commonName *= //p' 669s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 669s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 669s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-rsACTo/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 669s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-rsACTo/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 669s ++ basename /tmp/sssd-softhsm2-rsACTo/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 669s + tokens_dir=/tmp/sssd-softhsm2-rsACTo/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 669s + token_name='Test Organization Sub Int Token' 669s + '[' '!' -e /tmp/sssd-softhsm2-rsACTo/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 669s + '[' '!' -d /tmp/sssd-softhsm2-rsACTo/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 669s + echo 'Test Organization Sub Int Token' 669s + '[' -n partial_chain ']' 669s + local verify_arg=--verify=partial_chain 669s + local output_base_name=SSSD-child-18618 669s + local output_file=/tmp/sssd-softhsm2-rsACTo/SSSD-child-18618.output 669s + output_cert_file=/tmp/sssd-softhsm2-rsACTo/SSSD-child-18618.pem 669s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-rsACTo/test-full-chain-CA.pem 669s Test Organization Sub Int Token 669s [p11_child[2272]] [main] (0x0400): p11_child started. 669s [p11_child[2272]] [main] (0x2000): Running in [pre-auth] mode. 669s [p11_child[2272]] [main] (0x2000): Running with effective IDs: [0][0]. 669s [p11_child[2272]] [main] (0x2000): Running with real IDs [0][0]. 669s [p11_child[2272]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 669s [p11_child[2272]] [do_card] (0x4000): Module List: 669s [p11_child[2272]] [do_card] (0x4000): common name: [softhsm2]. 669s [p11_child[2272]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 669s [p11_child[2272]] [do_card] (0x4000): Description [SoftHSM slot ID 0x38f9b645] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 669s [p11_child[2272]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 669s [p11_child[2272]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x38f9b645][955889221] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 669s [p11_child[2272]] [do_card] (0x4000): Login NOT required. 669s [p11_child[2272]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 669s [p11_child[2272]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 669s [p11_child[2272]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Sub Int Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 669s [p11_child[2272]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x38f9b645;slot-manufacturer=SoftHSM%20project;slot-id=955889221;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=7d5ffa3bb8f9b645;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 669s [p11_child[2272]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 669s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-rsACTo/SSSD-child-18618.output 669s + echo '-----BEGIN CERTIFICATE-----' 669s + tail -n1 /tmp/sssd-softhsm2-rsACTo/SSSD-child-18618.output 669s + echo '-----END CERTIFICATE-----' 669s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-rsACTo/SSSD-child-18618.pem 669s Certificate: 669s Data: 669s Version: 3 (0x2) 669s Serial Number: 5 (0x5) 669s Signature Algorithm: sha256WithRSAEncryption 669s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 669s Validity 669s Not Before: Mar 5 00:32:59 2024 GMT 669s Not After : Mar 5 00:32:59 2025 GMT 669s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 669s Subject Public Key Info: 669s Public Key Algorithm: rsaEncryption 669s Public-Key: (1024 bit) 669s Modulus: 669s 00:d4:ae:a2:c4:27:56:00:8c:88:a2:90:98:61:ba: 669s e5:a7:f8:c9:8b:55:08:1b:8c:7b:fc:fc:37:d9:77: 669s 7b:d5:b5:31:60:ce:f0:44:11:76:4f:17:b8:1d:91: 669s c9:06:14:06:e4:f3:52:5a:f1:1f:34:2b:19:bd:87: 669s 01:5d:be:bd:22:2d:fc:b9:a9:ed:38:7f:ff:fc:7f: 669s 94:92:a3:f8:e8:20:77:6e:b8:36:b3:75:b4:3f:09: 669s 7d:38:0c:cd:c6:de:13:c1:c1:92:d9:12:59:9b:81: 669s e7:40:83:3f:c1:05:8a:64:da:70:fe:02:05:7e:f1: 669s 20:0e:dc:a3:a6:f0:a3:5e:6d 669s Exponent: 65537 (0x10001) 669s X509v3 extensions: 669s X509v3 Authority Key Identifier: 669s 89:DB:63:36:EB:0A:59:7A:4A:CB:80:BA:E4:4D:32:2F:2A:E5:24:F8 669s X509v3 Basic Constraints: 669s CA:FALSE 669s Netscape Cert Type: 669s SSL Client, S/MIME 669s Netscape Comment: 669s Test Organization Sub Intermediate CA trusted Certificate 669s X509v3 Subject Key Identifier: 669s 6B:FD:2E:10:70:3A:18:D8:63:A7:8F:3E:30:1C:F2:A1:FD:A6:00:4E 669s X509v3 Key Usage: critical 669s Digital Signature, Non Repudiation, Key Encipherment 669s X509v3 Extended Key Usage: 669s TLS Web Client Authentication, E-mail Protection 669s X509v3 Subject Alternative Name: 669s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 669s Signature Algorithm: sha256WithRSAEncryption 669s Signature Value: 669s 45:8d:d2:91:4a:16:e2:e8:d5:06:09:35:0c:36:6e:76:65:05: 669s 24:2a:43:f5:ca:4d:c1:c4:c0:22:67:e8:c2:b4:bc:71:d5:b8: 669s 19:f5:04:09:bd:ab:75:60:d2:a6:62:27:9b:70:4a:bf:bd:ca: 669s 61:7a:7d:e9:a5:fb:79:a5:4f:29:8a:78:90:16:08:98:0d:20: 669s 27:36:40:6e:29:30:e4:97:a4:33:d2:7b:8e:e4:3d:50:d7:71: 669s 34:b2:29:fc:4e:f5:41:d6:5f:40:2e:d3:19:8a:5e:66:4f:e7: 669s dc:2e:bc:ee:a7:dc:1c:7f:06:a2:c8:a2:81:0b:91:c4:56:b0: 669s 42:9f 669s + local found_md5 expected_md5 669s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-rsACTo/test-sub-intermediate-CA-trusted-certificate-0001.pem 669s + expected_md5=Modulus=D4AEA2C42756008C88A2909861BAE5A7F8C98B55081B8C7BFCFC37D9777BD5B53160CEF04411764F17B81D91C9061406E4F3525AF11F342B19BD87015DBEBD222DFCB9A9ED387FFFFC7F9492A3F8E820776EB836B375B43F097D380CCDC6DE13C1C192D912599B81E740833FC1058A64DA70FE02057EF1200EDCA3A6F0A35E6D 669s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-rsACTo/SSSD-child-18618.pem 669s + found_md5=Modulus=D4AEA2C42756008C88A2909861BAE5A7F8C98B55081B8C7BFCFC37D9777BD5B53160CEF04411764F17B81D91C9061406E4F3525AF11F342B19BD87015DBEBD222DFCB9A9ED387FFFFC7F9492A3F8E820776EB836B375B43F097D380CCDC6DE13C1C192D912599B81E740833FC1058A64DA70FE02057EF1200EDCA3A6F0A35E6D 669s + '[' Modulus=D4AEA2C42756008C88A2909861BAE5A7F8C98B55081B8C7BFCFC37D9777BD5B53160CEF04411764F17B81D91C9061406E4F3525AF11F342B19BD87015DBEBD222DFCB9A9ED387FFFFC7F9492A3F8E820776EB836B375B43F097D380CCDC6DE13C1C192D912599B81E740833FC1058A64DA70FE02057EF1200EDCA3A6F0A35E6D '!=' Modulus=D4AEA2C42756008C88A2909861BAE5A7F8C98B55081B8C7BFCFC37D9777BD5B53160CEF04411764F17B81D91C9061406E4F3525AF11F342B19BD87015DBEBD222DFCB9A9ED387FFFFC7F9492A3F8E820776EB836B375B43F097D380CCDC6DE13C1C192D912599B81E740833FC1058A64DA70FE02057EF1200EDCA3A6F0A35E6D ']' 669s + output_file=/tmp/sssd-softhsm2-rsACTo/SSSD-child-18618-auth.output 669s ++ basename /tmp/sssd-softhsm2-rsACTo/SSSD-child-18618-auth.output .output 669s + output_cert_file=/tmp/sssd-softhsm2-rsACTo/SSSD-child-18618-auth.pem 669s + echo -n 053350 669s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-rsACTo/test-full-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Sub Int Token' --module_name /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so 669s [p11_child[2280]] [main] (0x0400): p11_child started. 669s [p11_child[2280]] [main] (0x2000): Running in [auth] mode. 669s [p11_child[2280]] [main] (0x2000): Running with effective IDs: [0][0]. 669s [p11_child[2280]] [main] (0x2000): Running with real IDs [0][0]. 669s [p11_child[2280]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 669s [p11_child[2280]] [do_card] (0x4000): Module List: 669s [p11_child[2280]] [do_card] (0x4000): common name: [softhsm2]. 669s [p11_child[2280]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 669s [p11_child[2280]] [do_card] (0x4000): Description [SoftHSM slot ID 0x38f9b645] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 669s [p11_child[2280]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 669s [p11_child[2280]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x38f9b645][955889221] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 669s [p11_child[2280]] [do_card] (0x4000): Login required. 669s [p11_child[2280]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 669s [p11_child[2280]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 669s [p11_child[2280]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so Test Organization Sub Int Token Test Organization Sub Int Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 669s [p11_child[2280]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x38f9b645;slot-manufacturer=SoftHSM%20project;slot-id=955889221;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=7d5ffa3bb8f9b645;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 669s [p11_child[2280]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 669s [p11_child[2280]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 669s [p11_child[2280]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 669s [p11_child[2280]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 669s [p11_child[2280]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 669s [p11_child[2280]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 669s [p11_child[2280]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 669s [p11_child[2280]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 669s [p11_child[2280]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 669s [p11_child[2280]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 669s [p11_child[2280]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 669s [p11_child[2280]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 669s [p11_child[2280]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 669s [p11_child[2280]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 669s [p11_child[2280]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 669s [p11_child[2280]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 669s [p11_child[2280]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 669s [p11_child[2280]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 669s [p11_child[2280]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 669s [p11_child[2280]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 669s [p11_child[2280]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 669s [p11_child[2280]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 669s [p11_child[2280]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 669s [p11_child[2280]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 669s [p11_child[2280]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 669s [p11_child[2280]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 669s [p11_child[2280]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 669s [p11_child[2280]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 669s [p11_child[2280]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 669s [p11_child[2280]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 669s [p11_child[2280]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 669s [p11_child[2280]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 669s [p11_child[2280]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 669s [p11_child[2280]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 669s [p11_child[2280]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 669s [p11_child[2280]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 669s [p11_child[2280]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 669s [p11_child[2280]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 669s [p11_child[2280]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 669s [p11_child[2280]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 669s [p11_child[2280]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 669s [p11_child[2280]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 669s [p11_child[2280]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 669s [p11_child[2280]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 669s [p11_child[2280]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 669s [p11_child[2280]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 669s [p11_child[2280]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 669s [p11_child[2280]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 669s [p11_child[2280]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 669s [p11_child[2280]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 669s [p11_child[2280]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 669s [p11_child[2280]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 669s [p11_child[2280]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 669s [p11_child[2280]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 669s [p11_child[2280]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 669s [p11_child[2280]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 669s [p11_child[2280]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 669s [p11_child[2280]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 669s [p11_child[2280]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 669s [p11_child[2280]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 669s [p11_child[2280]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 669s [p11_child[2280]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 669s [p11_child[2280]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 669s [p11_child[2280]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 669s [p11_child[2280]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 669s [p11_child[2280]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 669s [p11_child[2280]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 669s [p11_child[2280]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 669s [p11_child[2280]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 669s [p11_child[2280]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 669s [p11_child[2280]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 669s [p11_child[2280]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 669s [p11_child[2280]] [do_card] (0x4000): Certificate verified and validated. 669s [p11_child[2280]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 669s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-rsACTo/SSSD-child-18618-auth.output 669s + echo '-----BEGIN CERTIFICATE-----' 669s + tail -n1 /tmp/sssd-softhsm2-rsACTo/SSSD-child-18618-auth.output 669s + echo '-----END CERTIFICATE-----' 669s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-rsACTo/SSSD-child-18618-auth.pem 669s Certificate: 669s Data: 669s Version: 3 (0x2) 669s Serial Number: 5 (0x5) 669s Signature Algorithm: sha256WithRSAEncryption 669s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 669s Validity 669s Not Before: Mar 5 00:32:59 2024 GMT 669s Not After : Mar 5 00:32:59 2025 GMT 669s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 669s Subject Public Key Info: 669s Public Key Algorithm: rsaEncryption 669s Public-Key: (1024 bit) 669s Modulus: 669s 00:d4:ae:a2:c4:27:56:00:8c:88:a2:90:98:61:ba: 669s e5:a7:f8:c9:8b:55:08:1b:8c:7b:fc:fc:37:d9:77: 669s 7b:d5:b5:31:60:ce:f0:44:11:76:4f:17:b8:1d:91: 669s c9:06:14:06:e4:f3:52:5a:f1:1f:34:2b:19:bd:87: 669s 01:5d:be:bd:22:2d:fc:b9:a9:ed:38:7f:ff:fc:7f: 669s 94:92:a3:f8:e8:20:77:6e:b8:36:b3:75:b4:3f:09: 669s 7d:38:0c:cd:c6:de:13:c1:c1:92:d9:12:59:9b:81: 669s e7:40:83:3f:c1:05:8a:64:da:70:fe:02:05:7e:f1: 669s 20:0e:dc:a3:a6:f0:a3:5e:6d 669s Exponent: 65537 (0x10001) 669s X509v3 extensions: 669s X509v3 Authority Key Identifier: 669s 89:DB:63:36:EB:0A:59:7A:4A:CB:80:BA:E4:4D:32:2F:2A:E5:24:F8 669s X509v3 Basic Constraints: 669s CA:FALSE 669s Netscape Cert Type: 669s SSL Client, S/MIME 669s Netscape Comment: 669s Test Organization Sub Intermediate CA trusted Certificate 669s X509v3 Subject Key Identifier: 669s 6B:FD:2E:10:70:3A:18:D8:63:A7:8F:3E:30:1C:F2:A1:FD:A6:00:4E 669s X509v3 Key Usage: critical 669s Digital Signature, Non Repudiation, Key Encipherment 669s X509v3 Extended Key Usage: 669s TLS Web Client Authentication, E-mail Protection 669s X509v3 Subject Alternative Name: 669s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 669s Signature Algorithm: sha256WithRSAEncryption 669s Signature Value: 669s 45:8d:d2:91:4a:16:e2:e8:d5:06:09:35:0c:36:6e:76:65:05: 669s 24:2a:43:f5:ca:4d:c1:c4:c0:22:67:e8:c2:b4:bc:71:d5:b8: 669s 19:f5:04:09:bd:ab:75:60:d2:a6:62:27:9b:70:4a:bf:bd:ca: 669s 61:7a:7d:e9:a5:fb:79:a5:4f:29:8a:78:90:16:08:98:0d:20: 669s 27:36:40:6e:29:30:e4:97:a4:33:d2:7b:8e:e4:3d:50:d7:71: 669s 34:b2:29:fc:4e:f5:41:d6:5f:40:2e:d3:19:8a:5e:66:4f:e7: 669s dc:2e:bc:ee:a7:dc:1c:7f:06:a2:c8:a2:81:0b:91:c4:56:b0: 669s 42:9f 669s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-rsACTo/SSSD-child-18618-auth.pem 669s + found_md5=Modulus=D4AEA2C42756008C88A2909861BAE5A7F8C98B55081B8C7BFCFC37D9777BD5B53160CEF04411764F17B81D91C9061406E4F3525AF11F342B19BD87015DBEBD222DFCB9A9ED387FFFFC7F9492A3F8E820776EB836B375B43F097D380CCDC6DE13C1C192D912599B81E740833FC1058A64DA70FE02057EF1200EDCA3A6F0A35E6D 669s + '[' Modulus=D4AEA2C42756008C88A2909861BAE5A7F8C98B55081B8C7BFCFC37D9777BD5B53160CEF04411764F17B81D91C9061406E4F3525AF11F342B19BD87015DBEBD222DFCB9A9ED387FFFFC7F9492A3F8E820776EB836B375B43F097D380CCDC6DE13C1C192D912599B81E740833FC1058A64DA70FE02057EF1200EDCA3A6F0A35E6D '!=' Modulus=D4AEA2C42756008C88A2909861BAE5A7F8C98B55081B8C7BFCFC37D9777BD5B53160CEF04411764F17B81D91C9061406E4F3525AF11F342B19BD87015DBEBD222DFCB9A9ED387FFFFC7F9492A3F8E820776EB836B375B43F097D380CCDC6DE13C1C192D912599B81E740833FC1058A64DA70FE02057EF1200EDCA3A6F0A35E6D ']' 669s + invalid_certificate /tmp/sssd-softhsm2-rsACTo/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-16541 /tmp/sssd-softhsm2-rsACTo/test-sub-intermediate-CA.pem 669s + check_certificate /tmp/sssd-softhsm2-rsACTo/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-16541 /tmp/sssd-softhsm2-rsACTo/test-sub-intermediate-CA.pem 669s + local certificate=/tmp/sssd-softhsm2-rsACTo/test-sub-intermediate-CA-trusted-certificate-0001.pem 669s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-16541 669s + local key_ring=/tmp/sssd-softhsm2-rsACTo/test-sub-intermediate-CA.pem 669s + local verify_option= 669s + prepare_softhsm2_card /tmp/sssd-softhsm2-rsACTo/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-16541 669s + local certificate=/tmp/sssd-softhsm2-rsACTo/test-sub-intermediate-CA-trusted-certificate-0001.pem 669s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-16541 669s + local key_cn 669s + local key_name 669s + local tokens_dir 669s + local output_cert_file 669s + token_name= 669s ++ basename /tmp/sssd-softhsm2-rsACTo/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 669s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 669s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-rsACTo/test-sub-intermediate-CA-trusted-certificate-0001.pem 669s ++ sed -n 's/ *commonName *= //p' 669s Test Organization Sub Int Token 669s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 669s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 669s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-rsACTo/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 669s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-rsACTo/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 669s ++ basename /tmp/sssd-softhsm2-rsACTo/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 669s + tokens_dir=/tmp/sssd-softhsm2-rsACTo/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 669s + token_name='Test Organization Sub Int Token' 669s + '[' '!' -e /tmp/sssd-softhsm2-rsACTo/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 669s + '[' '!' -d /tmp/sssd-softhsm2-rsACTo/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 669s + echo 'Test Organization Sub Int Token' 669s + '[' -n '' ']' 669s + local output_base_name=SSSD-child-974 669s + local output_file=/tmp/sssd-softhsm2-rsACTo/SSSD-child-974.output 669s + output_cert_file=/tmp/sssd-softhsm2-rsACTo/SSSD-child-974.pem 669s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-rsACTo/test-sub-intermediate-CA.pem 669s [p11_child[2290]] [main] (0x0400): p11_child started. 669s [p11_child[2290]] [main] (0x2000): Running in [pre-auth] mode. 669s [p11_child[2290]] [main] (0x2000): Running with effective IDs: [0][0]. 669s [p11_child[2290]] [main] (0x2000): Running with real IDs [0][0]. 669s [p11_child[2290]] [do_card] (0x4000): Module List: 669s [p11_child[2290]] [do_card] (0x4000): common name: [softhsm2]. 669s [p11_child[2290]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 669s [p11_child[2290]] [do_card] (0x4000): Description [SoftHSM slot ID 0x38f9b645] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 669s [p11_child[2290]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 669s [p11_child[2290]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x38f9b645][955889221] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 669s [p11_child[2290]] [do_card] (0x4000): Login NOT required. 669s [p11_child[2290]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 669s [p11_child[2290]] [do_verification] (0x0040): X509_verify_cert failed [0]. 669s [p11_child[2290]] [do_verification] (0x0040): X509_verify_cert failed [2][unable to get issuer certificate]. 669s [p11_child[2290]] [read_certs] (0x0040): Certificate [Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] not valid, skipping. 669s [p11_child[2290]] [do_card] (0x4000): No certificate found. 669s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-rsACTo/SSSD-child-974.output 669s + return 2 669s + invalid_certificate /tmp/sssd-softhsm2-rsACTo/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-16541 /tmp/sssd-softhsm2-rsACTo/test-root-intermediate-chain-CA.pem partial_chain 669s + check_certificate /tmp/sssd-softhsm2-rsACTo/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-16541 /tmp/sssd-softhsm2-rsACTo/test-root-intermediate-chain-CA.pem partial_chain 669s + local certificate=/tmp/sssd-softhsm2-rsACTo/test-sub-intermediate-CA-trusted-certificate-0001.pem 669s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-16541 669s + local key_ring=/tmp/sssd-softhsm2-rsACTo/test-root-intermediate-chain-CA.pem 669s + local verify_option=partial_chain 669s + prepare_softhsm2_card /tmp/sssd-softhsm2-rsACTo/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-16541 669s + local certificate=/tmp/sssd-softhsm2-rsACTo/test-sub-intermediate-CA-trusted-certificate-0001.pem 669s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-16541 669s + local key_cn 669s + local key_name 669s + local tokens_dir 669s + local output_cert_file 669s + token_name= 669s ++ basename /tmp/sssd-softhsm2-rsACTo/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 669s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 669s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-rsACTo/test-sub-intermediate-CA-trusted-certificate-0001.pem 669s ++ sed -n 's/ *commonName *= //p' 669s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 669s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 669s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-rsACTo/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 669s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-rsACTo/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 669s ++ basename /tmp/sssd-softhsm2-rsACTo/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 669s Test Organization Sub Int Token 669s + tokens_dir=/tmp/sssd-softhsm2-rsACTo/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 669s + token_name='Test Organization Sub Int Token' 669s + '[' '!' -e /tmp/sssd-softhsm2-rsACTo/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 669s + '[' '!' -d /tmp/sssd-softhsm2-rsACTo/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 669s + echo 'Test Organization Sub Int Token' 669s + '[' -n partial_chain ']' 669s + local verify_arg=--verify=partial_chain 669s + local output_base_name=SSSD-child-30271 669s + local output_file=/tmp/sssd-softhsm2-rsACTo/SSSD-child-30271.output 669s + output_cert_file=/tmp/sssd-softhsm2-rsACTo/SSSD-child-30271.pem 669s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-rsACTo/test-root-intermediate-chain-CA.pem 669s [p11_child[2297]] [main] (0x0400): p11_child started. 669s [p11_child[2297]] [main] (0x2000): Running in [pre-auth] mode. 669s [p11_child[2297]] [main] (0x2000): Running with effective IDs: [0][0]. 669s [p11_child[2297]] [main] (0x2000): Running with real IDs [0][0]. 669s [p11_child[2297]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 669s [p11_child[2297]] [do_card] (0x4000): Module List: 669s [p11_child[2297]] [do_card] (0x4000): common name: [softhsm2]. 669s [p11_child[2297]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 669s [p11_child[2297]] [do_card] (0x4000): Description [SoftHSM slot ID 0x38f9b645] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 669s [p11_child[2297]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 669s [p11_child[2297]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x38f9b645][955889221] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 669s [p11_child[2297]] [do_card] (0x4000): Login NOT required. 669s [p11_child[2297]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 669s [p11_child[2297]] [do_verification] (0x0040): X509_verify_cert failed [0]. 669s [p11_child[2297]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 669s [p11_child[2297]] [read_certs] (0x0040): Certificate [Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] not valid, skipping. 669s [p11_child[2297]] [do_card] (0x4000): No certificate found. 669s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-rsACTo/SSSD-child-30271.output 669s + return 2 669s + valid_certificate /tmp/sssd-softhsm2-rsACTo/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-16541 /tmp/sssd-softhsm2-rsACTo/test-sub-intermediate-CA.pem partial_chain 669s + check_certificate /tmp/sssd-softhsm2-rsACTo/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-16541 /tmp/sssd-softhsm2-rsACTo/test-sub-intermediate-CA.pem partial_chain 669s + local certificate=/tmp/sssd-softhsm2-rsACTo/test-sub-intermediate-CA-trusted-certificate-0001.pem 669s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-16541 669s + local key_ring=/tmp/sssd-softhsm2-rsACTo/test-sub-intermediate-CA.pem 669s + local verify_option=partial_chain 669s + prepare_softhsm2_card /tmp/sssd-softhsm2-rsACTo/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-16541 669s + local certificate=/tmp/sssd-softhsm2-rsACTo/test-sub-intermediate-CA-trusted-certificate-0001.pem 669s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-16541 669s + local key_cn 669s + local key_name 669s + local tokens_dir 669s + local output_cert_file 669s + token_name= 669s ++ basename /tmp/sssd-softhsm2-rsACTo/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 669s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 669s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-rsACTo/test-sub-intermediate-CA-trusted-certificate-0001.pem 669s ++ sed -n 's/ *commonName *= //p' 669s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 669s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 669s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-rsACTo/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 669s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-rsACTo/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 669s ++ basename /tmp/sssd-softhsm2-rsACTo/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 669s + tokens_dir=/tmp/sssd-softhsm2-rsACTo/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 669s + token_name='Test Organization Sub Int Token' 669s + '[' '!' -e /tmp/sssd-softhsm2-rsACTo/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 669s + '[' '!' -d /tmp/sssd-softhsm2-rsACTo/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 669s + echo 'Test Organization Sub Int Token' 669s + '[' -n partial_chain ']' 669s + local verify_arg=--verify=partial_chain 669s + local output_base_name=SSSD-child-26921 669s + local output_file=/tmp/sssd-softhsm2-rsACTo/SSSD-child-26921.output 669s + output_cert_file=/tmp/sssd-softhsm2-rsACTo/SSSD-child-26921.pem 669s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-rsACTo/test-sub-intermediate-CA.pem 669s [p11_child[2304]] [main] (0x0400): p11_child started. 669s [p11_child[2304]] [main] (0x2000): Running in [pre-auth] mode. 669s [p11_child[2304]] [main] (0x2000): Running with effective IDs: [0][0]. 669s [p11_child[2304]] [main] (0x2000): Running with real IDs [0][0]. 669s [p11_child[2304]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 669s [p11_child[2304]] [do_card] (0x4000): Module List: 669s [p11_child[2304]] [do_card] (0x4000): common name: [softhsm2]. 669s [p11_child[2304]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 669s [p11_child[2304]] [do_card] (0x4000): Description [SoftHSM slot ID 0x38f9b645] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 669s [p11_child[2304]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 669s [p11_child[2304]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x38f9b645][955889221] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 669s [p11_child[2304]] [do_card] (0x4000): Login NOT required. 669s [p11_child[2304]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 669s [p11_child[2304]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 669s [p11_child[2304]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Sub Int Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 669s [p11_child[2304]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x38f9b645;slot-manufacturer=SoftHSM%20project;slot-id=955889221;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=7d5ffa3bb8f9b645;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 669s [p11_child[2304]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 669s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-rsACTo/SSSD-child-26921.output 669s + echo '-----BEGIN CERTIFICATE-----' 669s + tail -n1 /tmp/sssd-softhsm2-rsACTo/SSSD-child-26921.output 669s + echo '-----END CERTIFICATE-----' 669s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-rsACTo/SSSD-child-26921.pem 669s Test Organization Sub Int Token 669s Certificate: 669s Data: 669s Version: 3 (0x2) 669s Serial Number: 5 (0x5) 669s Signature Algorithm: sha256WithRSAEncryption 669s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 669s Validity 669s Not Before: Mar 5 00:32:59 2024 GMT 669s Not After : Mar 5 00:32:59 2025 GMT 669s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 669s Subject Public Key Info: 669s Public Key Algorithm: rsaEncryption 669s Public-Key: (1024 bit) 669s Modulus: 669s 00:d4:ae:a2:c4:27:56:00:8c:88:a2:90:98:61:ba: 669s e5:a7:f8:c9:8b:55:08:1b:8c:7b:fc:fc:37:d9:77: 669s 7b:d5:b5:31:60:ce:f0:44:11:76:4f:17:b8:1d:91: 669s c9:06:14:06:e4:f3:52:5a:f1:1f:34:2b:19:bd:87: 669s 01:5d:be:bd:22:2d:fc:b9:a9:ed:38:7f:ff:fc:7f: 669s 94:92:a3:f8:e8:20:77:6e:b8:36:b3:75:b4:3f:09: 669s 7d:38:0c:cd:c6:de:13:c1:c1:92:d9:12:59:9b:81: 669s e7:40:83:3f:c1:05:8a:64:da:70:fe:02:05:7e:f1: 669s 20:0e:dc:a3:a6:f0:a3:5e:6d 669s Exponent: 65537 (0x10001) 669s X509v3 extensions: 669s X509v3 Authority Key Identifier: 669s 89:DB:63:36:EB:0A:59:7A:4A:CB:80:BA:E4:4D:32:2F:2A:E5:24:F8 669s X509v3 Basic Constraints: 669s CA:FALSE 669s Netscape Cert Type: 669s SSL Client, S/MIME 669s Netscape Comment: 669s Test Organization Sub Intermediate CA trusted Certificate 669s X509v3 Subject Key Identifier: 669s 6B:FD:2E:10:70:3A:18:D8:63:A7:8F:3E:30:1C:F2:A1:FD:A6:00:4E 669s X509v3 Key Usage: critical 669s Digital Signature, Non Repudiation, Key Encipherment 669s X509v3 Extended Key Usage: 669s TLS Web Client Authentication, E-mail Protection 669s X509v3 Subject Alternative Name: 669s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 669s Signature Algorithm: sha256WithRSAEncryption 669s Signature Value: 669s 45:8d:d2:91:4a:16:e2:e8:d5:06:09:35:0c:36:6e:76:65:05: 669s 24:2a:43:f5:ca:4d:c1:c4:c0:22:67:e8:c2:b4:bc:71:d5:b8: 669s 19:f5:04:09:bd:ab:75:60:d2:a6:62:27:9b:70:4a:bf:bd:ca: 669s 61:7a:7d:e9:a5:fb:79:a5:4f:29:8a:78:90:16:08:98:0d:20: 669s 27:36:40:6e:29:30:e4:97:a4:33:d2:7b:8e:e4:3d:50:d7:71: 669s 34:b2:29:fc:4e:f5:41:d6:5f:40:2e:d3:19:8a:5e:66:4f:e7: 669s dc:2e:bc:ee:a7:dc:1c:7f:06:a2:c8:a2:81:0b:91:c4:56:b0: 669s 42:9f 669s + local found_md5 expected_md5 669s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-rsACTo/test-sub-intermediate-CA-trusted-certificate-0001.pem 669s + expected_md5=Modulus=D4AEA2C42756008C88A2909861BAE5A7F8C98B55081B8C7BFCFC37D9777BD5B53160CEF04411764F17B81D91C9061406E4F3525AF11F342B19BD87015DBEBD222DFCB9A9ED387FFFFC7F9492A3F8E820776EB836B375B43F097D380CCDC6DE13C1C192D912599B81E740833FC1058A64DA70FE02057EF1200EDCA3A6F0A35E6D 669s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-rsACTo/SSSD-child-26921.pem 669s + found_md5=Modulus=D4AEA2C42756008C88A2909861BAE5A7F8C98B55081B8C7BFCFC37D9777BD5B53160CEF04411764F17B81D91C9061406E4F3525AF11F342B19BD87015DBEBD222DFCB9A9ED387FFFFC7F9492A3F8E820776EB836B375B43F097D380CCDC6DE13C1C192D912599B81E740833FC1058A64DA70FE02057EF1200EDCA3A6F0A35E6D 669s + '[' Modulus=D4AEA2C42756008C88A2909861BAE5A7F8C98B55081B8C7BFCFC37D9777BD5B53160CEF04411764F17B81D91C9061406E4F3525AF11F342B19BD87015DBEBD222DFCB9A9ED387FFFFC7F9492A3F8E820776EB836B375B43F097D380CCDC6DE13C1C192D912599B81E740833FC1058A64DA70FE02057EF1200EDCA3A6F0A35E6D '!=' Modulus=D4AEA2C42756008C88A2909861BAE5A7F8C98B55081B8C7BFCFC37D9777BD5B53160CEF04411764F17B81D91C9061406E4F3525AF11F342B19BD87015DBEBD222DFCB9A9ED387FFFFC7F9492A3F8E820776EB836B375B43F097D380CCDC6DE13C1C192D912599B81E740833FC1058A64DA70FE02057EF1200EDCA3A6F0A35E6D ']' 669s + output_file=/tmp/sssd-softhsm2-rsACTo/SSSD-child-26921-auth.output 669s ++ basename /tmp/sssd-softhsm2-rsACTo/SSSD-child-26921-auth.output .output 669s + output_cert_file=/tmp/sssd-softhsm2-rsACTo/SSSD-child-26921-auth.pem 669s + echo -n 053350 669s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-rsACTo/test-sub-intermediate-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Sub Int Token' --module_name /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so 669s [p11_child[2312]] [main] (0x0400): p11_child started. 669s [p11_child[2312]] [main] (0x2000): Running in [auth] mode. 669s [p11_child[2312]] [main] (0x2000): Running with effective IDs: [0][0]. 669s [p11_child[2312]] [main] (0x2000): Running with real IDs [0][0]. 669s [p11_child[2312]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 669s [p11_child[2312]] [do_card] (0x4000): Module List: 669s [p11_child[2312]] [do_card] (0x4000): common name: [softhsm2]. 669s [p11_child[2312]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 669s [p11_child[2312]] [do_card] (0x4000): Description [SoftHSM slot ID 0x38f9b645] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 669s [p11_child[2312]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 669s [p11_child[2312]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x38f9b645][955889221] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 669s [p11_child[2312]] [do_card] (0x4000): Login required. 669s [p11_child[2312]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 669s [p11_child[2312]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 669s [p11_child[2312]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so Test Organization Sub Int Token Test Organization Sub Int Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 669s [p11_child[2312]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x38f9b645;slot-manufacturer=SoftHSM%20project;slot-id=955889221;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=7d5ffa3bb8f9b645;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 669s [p11_child[2312]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 669s [p11_child[2312]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 669s [p11_child[2312]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 669s [p11_child[2312]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 669s [p11_child[2312]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 669s [p11_child[2312]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 669s [p11_child[2312]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 669s [p11_child[2312]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 669s [p11_child[2312]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 669s [p11_child[2312]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 669s [p11_child[2312]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 669s [p11_child[2312]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 669s [p11_child[2312]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 669s [p11_child[2312]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 669s [p11_child[2312]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 669s [p11_child[2312]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 669s [p11_child[2312]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 669s [p11_child[2312]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 669s [p11_child[2312]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 669s [p11_child[2312]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 669s [p11_child[2312]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 669s [p11_child[2312]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 669s [p11_child[2312]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 669s [p11_child[2312]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 669s [p11_child[2312]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 669s [p11_child[2312]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 669s [p11_child[2312]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 669s [p11_child[2312]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 669s [p11_child[2312]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 669s [p11_child[2312]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 669s [p11_child[2312]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 669s [p11_child[2312]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 669s [p11_child[2312]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 669s [p11_child[2312]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 669s [p11_child[2312]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 669s [p11_child[2312]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 669s [p11_child[2312]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 669s [p11_child[2312]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 669s [p11_child[2312]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 669s [p11_child[2312]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 669s [p11_child[2312]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 669s [p11_child[2312]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 669s [p11_child[2312]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 669s [p11_child[2312]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 669s [p11_child[2312]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 669s [p11_child[2312]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 669s [p11_child[2312]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 669s [p11_child[2312]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 669s [p11_child[2312]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 669s [p11_child[2312]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 669s [p11_child[2312]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 669s [p11_child[2312]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 669s [p11_child[2312]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 669s [p11_child[2312]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 669s [p11_child[2312]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 669s [p11_child[2312]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 669s [p11_child[2312]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 669s [p11_child[2312]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 669s [p11_child[2312]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 669s [p11_child[2312]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 669s [p11_child[2312]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 669s [p11_child[2312]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 669s [p11_child[2312]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 669s [p11_child[2312]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 669s [p11_child[2312]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 669s [p11_child[2312]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 669s [p11_child[2312]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 669s [p11_child[2312]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 669s [p11_child[2312]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 669s [p11_child[2312]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 669s [p11_child[2312]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 669s [p11_child[2312]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 669s [p11_child[2312]] [do_card] (0x4000): Certificate verified and validated. 669s [p11_child[2312]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 669s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-rsACTo/SSSD-child-26921-auth.output 669s + echo '-----BEGIN CERTIFICATE-----' 669s + tail -n1 /tmp/sssd-softhsm2-rsACTo/SSSD-child-26921-auth.output 669s + echo '-----END CERTIFICATE-----' 669s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-rsACTo/SSSD-child-26921-auth.pem 669s Certificate: 669s Data: 669s Version: 3 (0x2) 669s Serial Number: 5 (0x5) 669s Signature Algorithm: sha256WithRSAEncryption 669s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 669s Validity 669s Not Before: Mar 5 00:32:59 2024 GMT 669s Not After : Mar 5 00:32:59 2025 GMT 669s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 669s Subject Public Key Info: 669s Public Key Algorithm: rsaEncryption 669s Public-Key: (1024 bit) 669s Modulus: 669s 00:d4:ae:a2:c4:27:56:00:8c:88:a2:90:98:61:ba: 669s e5:a7:f8:c9:8b:55:08:1b:8c:7b:fc:fc:37:d9:77: 669s 7b:d5:b5:31:60:ce:f0:44:11:76:4f:17:b8:1d:91: 669s c9:06:14:06:e4:f3:52:5a:f1:1f:34:2b:19:bd:87: 669s 01:5d:be:bd:22:2d:fc:b9:a9:ed:38:7f:ff:fc:7f: 669s 94:92:a3:f8:e8:20:77:6e:b8:36:b3:75:b4:3f:09: 669s 7d:38:0c:cd:c6:de:13:c1:c1:92:d9:12:59:9b:81: 669s e7:40:83:3f:c1:05:8a:64:da:70:fe:02:05:7e:f1: 669s 20:0e:dc:a3:a6:f0:a3:5e:6d 669s Exponent: 65537 (0x10001) 669s X509v3 extensions: 669s X509v3 Authority Key Identifier: 669s 89:DB:63:36:EB:0A:59:7A:4A:CB:80:BA:E4:4D:32:2F:2A:E5:24:F8 669s X509v3 Basic Constraints: 669s CA:FALSE 669s Netscape Cert Type: 669s SSL Client, S/MIME 669s Netscape Comment: 669s Test Organization Sub Intermediate CA trusted Certificate 669s X509v3 Subject Key Identifier: 669s 6B:FD:2E:10:70:3A:18:D8:63:A7:8F:3E:30:1C:F2:A1:FD:A6:00:4E 669s X509v3 Key Usage: critical 669s Digital Signature, Non Repudiation, Key Encipherment 669s X509v3 Extended Key Usage: 669s TLS Web Client Authentication, E-mail Protection 669s X509v3 Subject Alternative Name: 669s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 669s Signature Algorithm: sha256WithRSAEncryption 669s Signature Value: 669s 45:8d:d2:91:4a:16:e2:e8:d5:06:09:35:0c:36:6e:76:65:05: 669s 24:2a:43:f5:ca:4d:c1:c4:c0:22:67:e8:c2:b4:bc:71:d5:b8: 669s 19:f5:04:09:bd:ab:75:60:d2:a6:62:27:9b:70:4a:bf:bd:ca: 669s 61:7a:7d:e9:a5:fb:79:a5:4f:29:8a:78:90:16:08:98:0d:20: 669s 27:36:40:6e:29:30:e4:97:a4:33:d2:7b:8e:e4:3d:50:d7:71: 669s 34:b2:29:fc:4e:f5:41:d6:5f:40:2e:d3:19:8a:5e:66:4f:e7: 669s dc:2e:bc:ee:a7:dc:1c:7f:06:a2:c8:a2:81:0b:91:c4:56:b0: 669s 42:9f 669s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-rsACTo/SSSD-child-26921-auth.pem 669s + found_md5=Modulus=D4AEA2C42756008C88A2909861BAE5A7F8C98B55081B8C7BFCFC37D9777BD5B53160CEF04411764F17B81D91C9061406E4F3525AF11F342B19BD87015DBEBD222DFCB9A9ED387FFFFC7F9492A3F8E820776EB836B375B43F097D380CCDC6DE13C1C192D912599B81E740833FC1058A64DA70FE02057EF1200EDCA3A6F0A35E6D 669s + '[' Modulus=D4AEA2C42756008C88A2909861BAE5A7F8C98B55081B8C7BFCFC37D9777BD5B53160CEF04411764F17B81D91C9061406E4F3525AF11F342B19BD87015DBEBD222DFCB9A9ED387FFFFC7F9492A3F8E820776EB836B375B43F097D380CCDC6DE13C1C192D912599B81E740833FC1058A64DA70FE02057EF1200EDCA3A6F0A35E6D '!=' Modulus=D4AEA2C42756008C88A2909861BAE5A7F8C98B55081B8C7BFCFC37D9777BD5B53160CEF04411764F17B81D91C9061406E4F3525AF11F342B19BD87015DBEBD222DFCB9A9ED387FFFFC7F9492A3F8E820776EB836B375B43F097D380CCDC6DE13C1C192D912599B81E740833FC1058A64DA70FE02057EF1200EDCA3A6F0A35E6D ']' 669s + valid_certificate /tmp/sssd-softhsm2-rsACTo/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-16541 /tmp/sssd-softhsm2-rsACTo/test-intermediate-sub-chain-CA.pem partial_chain 669s + check_certificate /tmp/sssd-softhsm2-rsACTo/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-16541 /tmp/sssd-softhsm2-rsACTo/test-intermediate-sub-chain-CA.pem partial_chain 669s + local certificate=/tmp/sssd-softhsm2-rsACTo/test-sub-intermediate-CA-trusted-certificate-0001.pem 669s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-16541 669s + local key_ring=/tmp/sssd-softhsm2-rsACTo/test-intermediate-sub-chain-CA.pem 669s + local verify_option=partial_chain 669s + prepare_softhsm2_card /tmp/sssd-softhsm2-rsACTo/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-16541 669s + local certificate=/tmp/sssd-softhsm2-rsACTo/test-sub-intermediate-CA-trusted-certificate-0001.pem 669s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-16541 669s + local key_cn 669s + local key_name 669s + local tokens_dir 669s + local output_cert_file 669s + token_name= 669s ++ basename /tmp/sssd-softhsm2-rsACTo/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 669s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 669s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-rsACTo/test-sub-intermediate-CA-trusted-certificate-0001.pem 669s ++ sed -n 's/ *commonName *= //p' 669s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 669s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 669s Test Organization Sub Int Token 669s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-rsACTo/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 669s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-rsACTo/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 669s ++ basename /tmp/sssd-softhsm2-rsACTo/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 669s + tokens_dir=/tmp/sssd-softhsm2-rsACTo/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 669s + token_name='Test Organization Sub Int Token' 669s + '[' '!' -e /tmp/sssd-softhsm2-rsACTo/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 669s + '[' '!' -d /tmp/sssd-softhsm2-rsACTo/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 669s + echo 'Test Organization Sub Int Token' 669s + '[' -n partial_chain ']' 669s + local verify_arg=--verify=partial_chain 669s + local output_base_name=SSSD-child-4170 669s + local output_file=/tmp/sssd-softhsm2-rsACTo/SSSD-child-4170.output 669s + output_cert_file=/tmp/sssd-softhsm2-rsACTo/SSSD-child-4170.pem 669s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-rsACTo/test-intermediate-sub-chain-CA.pem 669s [p11_child[2322]] [main] (0x0400): p11_child started. 669s [p11_child[2322]] [main] (0x2000): Running in [pre-auth] mode. 669s [p11_child[2322]] [main] (0x2000): Running with effective IDs: [0][0]. 669s [p11_child[2322]] [main] (0x2000): Running with real IDs [0][0]. 669s [p11_child[2322]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 669s [p11_child[2322]] [do_card] (0x4000): Module List: 669s [p11_child[2322]] [do_card] (0x4000): common name: [softhsm2]. 669s [p11_child[2322]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 669s [p11_child[2322]] [do_card] (0x4000): Description [SoftHSM slot ID 0x38f9b645] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 669s [p11_child[2322]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 669s [p11_child[2322]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x38f9b645][955889221] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 669s [p11_child[2322]] [do_card] (0x4000): Login NOT required. 669s [p11_child[2322]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 669s [p11_child[2322]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 669s [p11_child[2322]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Sub Int Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 669s [p11_child[2322]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x38f9b645;slot-manufacturer=SoftHSM%20project;slot-id=955889221;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=7d5ffa3bb8f9b645;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 669s [p11_child[2322]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 669s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-rsACTo/SSSD-child-4170.output 669s + echo '-----BEGIN CERTIFICATE-----' 669s + tail -n1 /tmp/sssd-softhsm2-rsACTo/SSSD-child-4170.output 669s + echo '-----END CERTIFICATE-----' 669s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-rsACTo/SSSD-child-4170.pem 669s Certificate: 669s Data: 669s Version: 3 (0x2) 669s Serial Number: 5 (0x5) 669s Signature Algorithm: sha256WithRSAEncryption 669s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 669s Validity 669s Not Before: Mar 5 00:32:59 2024 GMT 669s Not After : Mar 5 00:32:59 2025 GMT 669s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 669s Subject Public Key Info: 669s Public Key Algorithm: rsaEncryption 669s Public-Key: (1024 bit) 669s Modulus: 669s 00:d4:ae:a2:c4:27:56:00:8c:88:a2:90:98:61:ba: 669s e5:a7:f8:c9:8b:55:08:1b:8c:7b:fc:fc:37:d9:77: 669s 7b:d5:b5:31:60:ce:f0:44:11:76:4f:17:b8:1d:91: 669s c9:06:14:06:e4:f3:52:5a:f1:1f:34:2b:19:bd:87: 669s 01:5d:be:bd:22:2d:fc:b9:a9:ed:38:7f:ff:fc:7f: 669s 94:92:a3:f8:e8:20:77:6e:b8:36:b3:75:b4:3f:09: 669s 7d:38:0c:cd:c6:de:13:c1:c1:92:d9:12:59:9b:81: 669s e7:40:83:3f:c1:05:8a:64:da:70:fe:02:05:7e:f1: 669s 20:0e:dc:a3:a6:f0:a3:5e:6d 669s Exponent: 65537 (0x10001) 669s X509v3 extensions: 669s X509v3 Authority Key Identifier: 669s 89:DB:63:36:EB:0A:59:7A:4A:CB:80:BA:E4:4D:32:2F:2A:E5:24:F8 669s X509v3 Basic Constraints: 669s CA:FALSE 669s Netscape Cert Type: 669s SSL Client, S/MIME 669s Netscape Comment: 669s Test Organization Sub Intermediate CA trusted Certificate 669s X509v3 Subject Key Identifier: 669s 6B:FD:2E:10:70:3A:18:D8:63:A7:8F:3E:30:1C:F2:A1:FD:A6:00:4E 669s X509v3 Key Usage: critical 669s Digital Signature, Non Repudiation, Key Encipherment 669s X509v3 Extended Key Usage: 669s TLS Web Client Authentication, E-mail Protection 669s X509v3 Subject Alternative Name: 669s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 669s Signature Algorithm: sha256WithRSAEncryption 669s Signature Value: 669s 45:8d:d2:91:4a:16:e2:e8:d5:06:09:35:0c:36:6e:76:65:05: 669s 24:2a:43:f5:ca:4d:c1:c4:c0:22:67:e8:c2:b4:bc:71:d5:b8: 669s 19:f5:04:09:bd:ab:75:60:d2:a6:62:27:9b:70:4a:bf:bd:ca: 669s 61:7a:7d:e9:a5:fb:79:a5:4f:29:8a:78:90:16:08:98:0d:20: 669s 27:36:40:6e:29:30:e4:97:a4:33:d2:7b:8e:e4:3d:50:d7:71: 669s 34:b2:29:fc:4e:f5:41:d6:5f:40:2e:d3:19:8a:5e:66:4f:e7: 669s dc:2e:bc:ee:a7:dc:1c:7f:06:a2:c8:a2:81:0b:91:c4:56:b0: 669s 42:9f 669s + local found_md5 expected_md5 669s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-rsACTo/test-sub-intermediate-CA-trusted-certificate-0001.pem 669s + expected_md5=Modulus=D4AEA2C42756008C88A2909861BAE5A7F8C98B55081B8C7BFCFC37D9777BD5B53160CEF04411764F17B81D91C9061406E4F3525AF11F342B19BD87015DBEBD222DFCB9A9ED387FFFFC7F9492A3F8E820776EB836B375B43F097D380CCDC6DE13C1C192D912599B81E740833FC1058A64DA70FE02057EF1200EDCA3A6F0A35E6D 669s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-rsACTo/SSSD-child-4170.pem 669s + found_md5=Modulus=D4AEA2C42756008C88A2909861BAE5A7F8C98B55081B8C7BFCFC37D9777BD5B53160CEF04411764F17B81D91C9061406E4F3525AF11F342B19BD87015DBEBD222DFCB9A9ED387FFFFC7F9492A3F8E820776EB836B375B43F097D380CCDC6DE13C1C192D912599B81E740833FC1058A64DA70FE02057EF1200EDCA3A6F0A35E6D 669s + '[' Modulus=D4AEA2C42756008C88A2909861BAE5A7F8C98B55081B8C7BFCFC37D9777BD5B53160CEF04411764F17B81D91C9061406E4F3525AF11F342B19BD87015DBEBD222DFCB9A9ED387FFFFC7F9492A3F8E820776EB836B375B43F097D380CCDC6DE13C1C192D912599B81E740833FC1058A64DA70FE02057EF1200EDCA3A6F0A35E6D '!=' Modulus=D4AEA2C42756008C88A2909861BAE5A7F8C98B55081B8C7BFCFC37D9777BD5B53160CEF04411764F17B81D91C9061406E4F3525AF11F342B19BD87015DBEBD222DFCB9A9ED387FFFFC7F9492A3F8E820776EB836B375B43F097D380CCDC6DE13C1C192D912599B81E740833FC1058A64DA70FE02057EF1200EDCA3A6F0A35E6D ']' 669s + output_file=/tmp/sssd-softhsm2-rsACTo/SSSD-child-4170-auth.output 669s ++ basename /tmp/sssd-softhsm2-rsACTo/SSSD-child-4170-auth.output .output 669s + output_cert_file=/tmp/sssd-softhsm2-rsACTo/SSSD-child-4170-auth.pem 669s + echo -n 053350 669s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-rsACTo/test-intermediate-sub-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Sub Int Token' --module_name /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so 669s [p11_child[2330]] [main] (0x0400): p11_child started. 669s [p11_child[2330]] [main] (0x2000): Running in [auth] mode. 669s [p11_child[2330]] [main] (0x2000): Running with effective IDs: [0][0]. 669s [p11_child[2330]] [main] (0x2000): Running with real IDs [0][0]. 669s [p11_child[2330]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 669s [p11_child[2330]] [do_card] (0x4000): Module List: 669s [p11_child[2330]] [do_card] (0x4000): common name: [softhsm2]. 669s [p11_child[2330]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 669s [p11_child[2330]] [do_card] (0x4000): Description [SoftHSM slot ID 0x38f9b645] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 669s [p11_child[2330]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 669s [p11_child[2330]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x38f9b645][955889221] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 669s [p11_child[2330]] [do_card] (0x4000): Login required. 669s [p11_child[2330]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 669s [p11_child[2330]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 669s [p11_child[2330]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so Test Organization Sub Int Token Test Organization Sub Int Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 669s [p11_child[2330]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x38f9b645;slot-manufacturer=SoftHSM%20project;slot-id=955889221;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=7d5ffa3bb8f9b645;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 669s [p11_child[2330]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 669s [p11_child[2330]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 669s [p11_child[2330]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 669s [p11_child[2330]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 669s [p11_child[2330]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 669s [p11_child[2330]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 669s [p11_child[2330]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 669s [p11_child[2330]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 669s [p11_child[2330]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 669s [p11_child[2330]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 669s [p11_child[2330]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 669s [p11_child[2330]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 669s [p11_child[2330]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 669s [p11_child[2330]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 669s [p11_child[2330]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 669s [p11_child[2330]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 669s [p11_child[2330]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 669s [p11_child[2330]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 669s [p11_child[2330]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 669s [p11_child[2330]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 669s [p11_child[2330]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 669s [p11_child[2330]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 669s [p11_child[2330]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 669s [p11_child[2330]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 669s [p11_child[2330]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 669s [p11_child[2330]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 669s [p11_child[2330]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 669s [p11_child[2330]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 669s [p11_child[2330]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 669s [p11_child[2330]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 669s [p11_child[2330]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 669s [p11_child[2330]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 669s [p11_child[2330]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 669s [p11_child[2330]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 669s [p11_child[2330]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 669s [p11_child[2330]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 669s [p11_child[2330]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 669s [p11_child[2330]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 669s [p11_child[2330]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 669s [p11_child[2330]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 669s [p11_child[2330]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 669s [p11_child[2330]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 669s [p11_child[2330]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 669s [p11_child[2330]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 669s [p11_child[2330]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 669s [p11_child[2330]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 669s [p11_child[2330]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 669s [p11_child[2330]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 669s [p11_child[2330]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 669s [p11_child[2330]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 669s [p11_child[2330]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 669s [p11_child[2330]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 669s [p11_child[2330]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 669s [p11_child[2330]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 669s [p11_child[2330]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 669s [p11_child[2330]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 669s [p11_child[2330]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 669s [p11_child[2330]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 669s [p11_child[2330]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 669s [p11_child[2330]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 669s [p11_child[2330]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 669s [p11_child[2330]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 669s [p11_child[2330]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 669s [p11_child[2330]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 669s [p11_child[2330]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 669s [p11_child[2330]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 669s [p11_child[2330]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 669s [p11_child[2330]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 669s [p11_child[2330]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 669s [p11_child[2330]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 669s [p11_child[2330]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 669s [p11_child[2330]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 669s [p11_child[2330]] [do_card] (0x4000): Certificate verified and validated. 669s [p11_child[2330]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 669s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-rsACTo/SSSD-child-4170-auth.output 669s + echo '-----BEGIN CERTIFICATE-----' 669s + tail -n1 /tmp/sssd-softhsm2-rsACTo/SSSD-child-4170-auth.output 669s + echo '-----END CERTIFICATE-----' 669s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-rsACTo/SSSD-child-4170-auth.pem 669s Certificate: 669s Data: 669s Version: 3 (0x2) 669s Serial Number: 5 (0x5) 669s Signature Algorithm: sha256WithRSAEncryption 669s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 669s Validity 669s Not Before: Mar 5 00:32:59 2024 GMT 669s Not After : Mar 5 00:32:59 2025 GMT 669s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 669s Subject Public Key Info: 669s Public Key Algorithm: rsaEncryption 669s Public-Key: (1024 bit) 669s Modulus: 669s 00:d4:ae:a2:c4:27:56:00:8c:88:a2:90:98:61:ba: 669s e5:a7:f8:c9:8b:55:08:1b:8c:7b:fc:fc:37:d9:77: 669s 7b:d5:b5:31:60:ce:f0:44:11:76:4f:17:b8:1d:91: 669s c9:06:14:06:e4:f3:52:5a:f1:1f:34:2b:19:bd:87: 669s 01:5d:be:bd:22:2d:fc:b9:a9:ed:38:7f:ff:fc:7f: 669s 94:92:a3:f8:e8:20:77:6e:b8:36:b3:75:b4:3f:09: 669s 7d:38:0c:cd:c6:de:13:c1:c1:92:d9:12:59:9b:81: 669s e7:40:83:3f:c1:05:8a:64:da:70:fe:02:05:7e:f1: 669s 20:0e:dc:a3:a6:f0:a3:5e:6d 669s Exponent: 65537 (0x10001) 669s X509v3 extensions: 669s X509v3 Authority Key Identifier: 669s 89:DB:63:36:EB:0A:59:7A:4A:CB:80:BA:E4:4D:32:2F:2A:E5:24:F8 669s X509v3 Basic Constraints: 669s CA:FALSE 669s Netscape Cert Type: 669s SSL Client, S/MIME 669s Netscape Comment: 669s Test Organization Sub Intermediate CA trusted Certificate 669s X509v3 Subject Key Identifier: 669s 6B:FD:2E:10:70:3A:18:D8:63:A7:8F:3E:30:1C:F2:A1:FD:A6:00:4E 669s X509v3 Key Usage: critical 669s Digital Signature, Non Repudiation, Key Encipherment 669s X509v3 Extended Key Usage: 669s TLS Web Client Authentication, E-mail Protection 669s X509v3 Subject Alternative Name: 669s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 669s Signature Algorithm: sha256WithRSAEncryption 669s Signature Value: 669s 45:8d:d2:91:4a:16:e2:e8:d5:06:09:35:0c:36:6e:76:65:05: 669s 24:2a:43:f5:ca:4d:c1:c4:c0:22:67:e8:c2:b4:bc:71:d5:b8: 669s 19:f5:04:09:bd:ab:75:60:d2:a6:62:27:9b:70:4a:bf:bd:ca: 669s 61:7a:7d:e9:a5:fb:79:a5:4f:29:8a:78:90:16:08:98:0d:20: 669s 27:36:40:6e:29:30:e4:97:a4:33:d2:7b:8e:e4:3d:50:d7:71: 669s 34:b2:29:fc:4e:f5:41:d6:5f:40:2e:d3:19:8a:5e:66:4f:e7: 669s dc:2e:bc:ee:a7:dc:1c:7f:06:a2:c8:a2:81:0b:91:c4:56:b0: 669s 42:9f 669s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-rsACTo/SSSD-child-4170-auth.pem 669s 669s Test completed, Root CA and intermediate issued certificates verified! 669s + found_md5=Modulus=D4AEA2C42756008C88A2909861BAE5A7F8C98B55081B8C7BFCFC37D9777BD5B53160CEF04411764F17B81D91C9061406E4F3525AF11F342B19BD87015DBEBD222DFCB9A9ED387FFFFC7F9492A3F8E820776EB836B375B43F097D380CCDC6DE13C1C192D912599B81E740833FC1058A64DA70FE02057EF1200EDCA3A6F0A35E6D 669s + '[' Modulus=D4AEA2C42756008C88A2909861BAE5A7F8C98B55081B8C7BFCFC37D9777BD5B53160CEF04411764F17B81D91C9061406E4F3525AF11F342B19BD87015DBEBD222DFCB9A9ED387FFFFC7F9492A3F8E820776EB836B375B43F097D380CCDC6DE13C1C192D912599B81E740833FC1058A64DA70FE02057EF1200EDCA3A6F0A35E6D '!=' Modulus=D4AEA2C42756008C88A2909861BAE5A7F8C98B55081B8C7BFCFC37D9777BD5B53160CEF04411764F17B81D91C9061406E4F3525AF11F342B19BD87015DBEBD222DFCB9A9ED387FFFFC7F9492A3F8E820776EB836B375B43F097D380CCDC6DE13C1C192D912599B81E740833FC1058A64DA70FE02057EF1200EDCA3A6F0A35E6D ']' 669s + set +x 670s autopkgtest [00:33:04]: test sssd-softhism2-certificates-tests.sh: -----------------------] 670s autopkgtest [00:33:04]: test sssd-softhism2-certificates-tests.sh: - - - - - - - - - - results - - - - - - - - - - 670s sssd-softhism2-certificates-tests.sh PASS 671s autopkgtest [00:33:05]: test sssd-smart-card-pam-auth-configs: preparing testbed 672s Reading package lists... 673s Building dependency tree... 673s Reading state information... 673s Correcting dependencies...Starting pkgProblemResolver with broken count: 0 673s Starting 2 pkgProblemResolver with broken count: 0 673s Done 673s Done 674s Starting pkgProblemResolver with broken count: 0 674s Starting 2 pkgProblemResolver with broken count: 0 674s Done 674s The following additional packages will be installed: 674s pamtester 674s The following NEW packages will be installed: 674s pamtester 675s 0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded. 675s 1 not fully installed or removed. 675s Need to get 12.3 kB of archives. 675s After this operation, 36.9 kB of additional disk space will be used. 675s Get:1 http://ftpmaster.internal/ubuntu noble/universe arm64 pamtester arm64 0.1.2-4 [12.3 kB] 675s Fetched 12.3 kB in 0s (48.5 kB/s) 675s Selecting previously unselected package pamtester. 675s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 74807 files and directories currently installed.) 675s Preparing to unpack .../pamtester_0.1.2-4_arm64.deb ... 675s Unpacking pamtester (0.1.2-4) ... 675s Setting up pamtester (0.1.2-4) ... 675s Setting up autopkgtest-satdep (0) ... 675s Processing triggers for man-db (2.12.0-3) ... 679s (Reading database ... 74813 files and directories currently installed.) 679s Removing autopkgtest-satdep (0) ... 680s autopkgtest [00:33:14]: test sssd-smart-card-pam-auth-configs: env OFFLINE_MODE=1 bash debian/tests/sssd-smart-card-pam-auth-configs-tester.sh 680s autopkgtest [00:33:14]: test sssd-smart-card-pam-auth-configs: [----------------------- 681s + '[' -z ubuntu ']' 681s + export DEBIAN_FRONTEND=noninteractive 681s + DEBIAN_FRONTEND=noninteractive 681s + required_tools=(pamtester softhsm2-util sssd) 681s + [[ ! -v OFFLINE_MODE ]] 681s + for cmd in "${required_tools[@]}" 681s + command -v pamtester 681s + for cmd in "${required_tools[@]}" 681s + command -v softhsm2-util 681s + for cmd in "${required_tools[@]}" 681s + command -v sssd 681s + PIN=123456 681s ++ mktemp -d -t sssd-softhsm2-certs-XXXXXX 681s + tmpdir=/tmp/sssd-softhsm2-certs-ch32yC 681s + backupsdir= 681s + alternative_pam_configs=(sss-smart-card-optional sss-smart-card-required) 681s + declare -a restore_paths 681s + declare -a delete_paths 681s + trap handle_exit EXIT 681s ++ dirname debian/tests/sssd-smart-card-pam-auth-configs-tester.sh 681s + tester=debian/tests/sssd-softhism2-certificates-tests.sh 681s + '[' '!' -e debian/tests/sssd-softhism2-certificates-tests.sh ']' 681s + '[' '!' -e debian/tests/sssd-softhism2-certificates-tests.sh ']' 681s + export PIN TEST_TMPDIR=/tmp/sssd-softhsm2-certs-ch32yC GENERATE_SMART_CARDS=1 KEEP_TEMPORARY_FILES=1 NO_SSSD_TESTS=1 681s + TEST_TMPDIR=/tmp/sssd-softhsm2-certs-ch32yC 681s + GENERATE_SMART_CARDS=1 681s + KEEP_TEMPORARY_FILES=1 681s + NO_SSSD_TESTS=1 681s + bash debian/tests/sssd-softhism2-certificates-tests.sh 681s + '[' -z ubuntu ']' 681s + required_tools=(p11tool openssl softhsm2-util) 681s + for cmd in "${required_tools[@]}" 681s + command -v p11tool 681s + for cmd in "${required_tools[@]}" 681s + command -v openssl 681s + for cmd in "${required_tools[@]}" 681s + command -v softhsm2-util 681s + PIN=123456 681s +++ find /usr/lib/softhsm/libsofthsm2.so 681s +++ head -n 1 681s ++ realpath /usr/lib/softhsm/libsofthsm2.so 681s + SOFTHSM2_MODULE=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so 681s + SSSD_P11_CHILD=/usr/libexec/sssd/p11_child 681s + TOKEN_ID=00112233445566778899FFAABBCCDDEEFF012345 681s + '[' '!' -v NO_SSSD_TESTS ']' 681s + '[' '!' -e /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so ']' 681s + tmpdir=/tmp/sssd-softhsm2-certs-ch32yC 681s + keys_size=1024 681s + [[ ! -v KEEP_TEMPORARY_FILES ]] 681s + trap 'set +x; echo -e "\nUnexpected failure!!!"' ERR 681s + echo -n 01 681s + touch /tmp/sssd-softhsm2-certs-ch32yC/index.txt 681s + mkdir -p /tmp/sssd-softhsm2-certs-ch32yC/new_certs 681s + cat 681s + root_ca_key_pass=pass:random-root-CA-password-10929 681s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-certs-ch32yC/test-root-CA-key.pem -passout pass:random-root-CA-password-10929 1024 681s + openssl req -passin pass:random-root-CA-password-10929 -batch -config /tmp/sssd-softhsm2-certs-ch32yC/test-root-CA.config -x509 -new -nodes -key /tmp/sssd-softhsm2-certs-ch32yC/test-root-CA-key.pem -sha256 -days 1024 -set_serial 0 -extensions v3_ca -out /tmp/sssd-softhsm2-certs-ch32yC/test-root-CA.pem 681s + openssl x509 -noout -in /tmp/sssd-softhsm2-certs-ch32yC/test-root-CA.pem 681s + cat 681s + intermediate_ca_key_pass=pass:random-intermediate-CA-password-27578 681s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-certs-ch32yC/test-intermediate-CA-key.pem -passout pass:random-intermediate-CA-password-27578 1024 681s + openssl req -batch -new -nodes -passin pass:random-intermediate-CA-password-27578 -config /tmp/sssd-softhsm2-certs-ch32yC/test-intermediate-CA.config -key /tmp/sssd-softhsm2-certs-ch32yC/test-intermediate-CA-key.pem -passout pass:random-root-CA-password-10929 -sha256 -extensions v3_ca -out /tmp/sssd-softhsm2-certs-ch32yC/test-intermediate-CA-certificate-request.pem 681s + openssl req -text -noout -in /tmp/sssd-softhsm2-certs-ch32yC/test-intermediate-CA-certificate-request.pem 681s Certificate Request: 681s Data: 681s Version: 1 (0x0) 681s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 681s Subject Public Key Info: 681s Public Key Algorithm: rsaEncryption 681s Public-Key: (1024 bit) 681s Modulus: 681s 00:a5:49:c4:47:83:a9:8c:f4:12:0f:cc:89:0b:29: 681s 83:4e:fa:f6:f7:2b:02:7c:c3:67:7e:b2:be:da:ee: 681s d2:a1:7a:f9:34:36:17:9e:71:df:18:2c:22:d6:76: 681s b3:49:8a:08:80:1a:49:00:37:5b:6e:eb:91:c4:82: 681s 0d:2b:df:84:69:92:de:ca:eb:90:58:47:92:a9:6f: 681s d7:c8:36:bf:e9:0e:49:2a:78:e0:05:35:32:13:07: 681s 7f:ce:24:18:3c:60:72:51:14:a8:a4:a2:b7:ca:c8: 681s 90:a9:c7:61:55:a7:d9:d9:b6:30:54:d1:f7:d2:ed: 681s aa:62:33:fe:35:f4:b5:5c:b7 681s Exponent: 65537 (0x10001) 681s Attributes: 681s (none) 681s Requested Extensions: 681s Signature Algorithm: sha256WithRSAEncryption 681s Signature Value: 681s 46:ce:fb:41:0c:7a:f5:16:08:1e:2a:ee:06:18:60:ce:d5:c5: 681s 14:3d:ef:30:87:ca:bc:0e:5f:23:f7:1e:66:5e:78:de:6f:4b: 681s 98:86:62:ad:38:d0:a5:f3:97:6f:ec:3c:1f:f5:16:7d:bd:7c: 681s 2b:f3:ca:2b:70:cf:82:da:2f:20:1d:ec:e6:1d:c8:38:71:98: 681s 2c:96:f1:9d:1e:9a:08:35:63:bd:4e:73:f1:d4:6c:2c:59:4b: 681s 8a:1f:77:b5:1b:ba:bc:c7:0c:49:c9:64:39:5f:19:2c:3e:f8: 681s 01:fb:c2:f1:68:5b:83:ca:37:3a:8a:78:b7:3b:28:3e:e6:9a: 681s 2f:a2 681s + openssl ca -batch -notext -config /tmp/sssd-softhsm2-certs-ch32yC/test-root-CA.config -passin pass:random-root-CA-password-10929 -keyfile /tmp/sssd-softhsm2-certs-ch32yC/test-root-CA-key.pem -in /tmp/sssd-softhsm2-certs-ch32yC/test-intermediate-CA-certificate-request.pem -days 365 -extensions v3_intermediate_ca -out /tmp/sssd-softhsm2-certs-ch32yC/test-intermediate-CA.pem 681s Using configuration from /tmp/sssd-softhsm2-certs-ch32yC/test-root-CA.config 681s Check that the request matches the signature 681s Signature ok 681s Certificate Details: 681s Serial Number: 1 (0x1) 681s Validity 681s Not Before: Mar 5 00:33:15 2024 GMT 681s Not After : Mar 5 00:33:15 2025 GMT 681s Subject: 681s organizationName = Test Organization 681s organizationalUnitName = Test Organization Unit 681s commonName = Test Organization Intermediate CA 681s X509v3 extensions: 681s X509v3 Subject Key Identifier: 681s 6B:E8:8A:51:A7:C2:F4:7F:7B:99:F9:55:96:34:05:8C:A3:B0:28:E5 681s X509v3 Authority Key Identifier: 681s keyid:35:36:6D:8F:FE:DD:44:10:EE:85:68:F7:3F:A3:A4:7F:D3:66:C7:6B 681s DirName:/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root CA 681s serial:00 681s X509v3 Basic Constraints: 681s CA:TRUE 681s X509v3 Key Usage: critical 681s Digital Signature, Certificate Sign, CRL Sign 681s Certificate is to be certified until Mar 5 00:33:15 2025 GMT (365 days) 681s 681s Write out database with 1 new entries 681s Database updated 681s + openssl x509 -noout -in /tmp/sssd-softhsm2-certs-ch32yC/test-intermediate-CA.pem 681s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-ch32yC/test-root-CA.pem /tmp/sssd-softhsm2-certs-ch32yC/test-intermediate-CA.pem 681s /tmp/sssd-softhsm2-certs-ch32yC/test-intermediate-CA.pem: OK 681s + cat 681s + sub_intermediate_ca_key_pass=pass:random-sub-intermediate-CA-password-1054 681s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-certs-ch32yC/test-sub-intermediate-CA-key.pem -passout pass:random-sub-intermediate-CA-password-1054 1024 681s + openssl req -batch -new -nodes -passin pass:random-sub-intermediate-CA-password-1054 -config /tmp/sssd-softhsm2-certs-ch32yC/test-sub-intermediate-CA.config -key /tmp/sssd-softhsm2-certs-ch32yC/test-sub-intermediate-CA-key.pem -passout pass:random-intermediate-CA-password-27578 -sha256 -extensions v3_ca -out /tmp/sssd-softhsm2-certs-ch32yC/test-sub-intermediate-CA-certificate-request.pem 681s + openssl req -text -noout -in /tmp/sssd-softhsm2-certs-ch32yC/test-sub-intermediate-CA-certificate-request.pem 681s Certificate Request: 681s Data: 681s Version: 1 (0x0) 681s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 681s Subject Public Key Info: 681s Public Key Algorithm: rsaEncryption 681s Public-Key: (1024 bit) 681s Modulus: 681s 00:a1:ca:69:c1:6e:ae:7a:27:09:73:cf:5f:f2:d6: 681s 28:f9:7c:ae:81:c5:d6:55:97:84:14:90:77:4f:3d: 681s 9a:a8:3c:47:3e:bd:29:c5:de:e2:63:fb:4b:cc:43: 681s 09:ee:fc:54:49:a4:29:e5:48:99:7c:ad:19:eb:16: 681s 47:7f:cc:c0:26:2d:82:1a:97:5c:06:93:ab:98:2f: 681s 6c:6f:c8:3c:31:fc:0d:39:80:65:b9:0f:f7:80:6d: 681s 2f:dd:be:47:c0:67:34:95:79:d9:4e:34:0a:23:88: 681s ce:42:48:9d:9b:f9:83:2f:53:de:b3:6f:c9:d0:8e: 681s a0:49:08:7a:b1:ed:e6:6d:1f 681s Exponent: 65537 (0x10001) 681s Attributes: 681s (none) 681s Requested Extensions: 681s Signature Algorithm: sha256WithRSAEncryption 681s Signature Value: 681s 1c:3c:09:a3:c4:86:24:9c:2b:de:80:93:33:bf:d0:fc:76:02: 681s 45:09:02:ca:be:da:d8:fc:05:1b:2c:d7:0d:01:c8:50:44:e5: 681s 0c:73:da:40:23:7a:3d:cc:23:77:88:80:af:17:2a:4c:31:dd: 681s 9b:0a:7d:58:b4:ad:3f:bc:62:8b:f2:a9:bd:8c:fc:ba:b9:be: 681s 78:93:14:0a:a0:7f:3a:91:6e:02:c0:0c:bb:f0:90:e0:26:91: 681s 76:3e:a4:eb:c0:6c:c9:3c:d4:4f:59:ea:a7:f6:70:9b:b0:f4: 681s d0:0f:fa:b6:08:8d:a2:b0:29:0c:b7:6b:6c:81:95:57:17:df: 681s 97:ac 681s + openssl ca -batch -notext -config /tmp/sssd-softhsm2-certs-ch32yC/test-intermediate-CA.config -passin pass:random-intermediate-CA-password-27578 -keyfile /tmp/sssd-softhsm2-certs-ch32yC/test-intermediate-CA-key.pem -in /tmp/sssd-softhsm2-certs-ch32yC/test-sub-intermediate-CA-certificate-request.pem -days 365 -extensions v3_intermediate_ca -out /tmp/sssd-softhsm2-certs-ch32yC/test-sub-intermediate-CA.pem 681s Using configuration from /tmp/sssd-softhsm2-certs-ch32yC/test-intermediate-CA.config 681s Check that the request matches the signature 681s Signature ok 681s Certificate Details: 681s Serial Number: 2 (0x2) 681s Validity 681s Not Before: Mar 5 00:33:15 2024 GMT 681s Not After : Mar 5 00:33:15 2025 GMT 681s Subject: 681s organizationName = Test Organization 681s organizationalUnitName = Test Organization Unit 681s commonName = Test Organization Sub Intermediate CA 681s X509v3 extensions: 681s X509v3 Subject Key Identifier: 681s 2C:EA:79:DC:42:5D:FD:45:FE:A8:14:2D:55:B6:3F:9C:EB:D1:02:33 681s X509v3 Authority Key Identifier: 681s keyid:6B:E8:8A:51:A7:C2:F4:7F:7B:99:F9:55:96:34:05:8C:A3:B0:28:E5 681s DirName:/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root CA 681s serial:01 681s X509v3 Basic Constraints: 681s CA:TRUE 681s X509v3 Key Usage: critical 681s Digital Signature, Certificate Sign, CRL Sign 681s Certificate is to be certified until Mar 5 00:33:15 2025 GMT (365 days) 681s 681s Write out database with 1 new entries 681s Database updated 681s + openssl x509 -noout -in /tmp/sssd-softhsm2-certs-ch32yC/test-sub-intermediate-CA.pem 681s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-certs-ch32yC/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-ch32yC/test-sub-intermediate-CA.pem 681s /tmp/sssd-softhsm2-certs-ch32yC/test-sub-intermediate-CA.pem: OK 681s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-certs-ch32yC/test-root-CA.pem /tmp/sssd-softhsm2-certs-ch32yC/test-sub-intermediate-CA.pem 681s + local cmd=openssl 681s + shift 681s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-ch32yC/test-root-CA.pem /tmp/sssd-softhsm2-certs-ch32yC/test-sub-intermediate-CA.pem 681s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 681s error 20 at 0 depth lookup: unable to get local issuer certificate 681s error /tmp/sssd-softhsm2-certs-ch32yC/test-sub-intermediate-CA.pem: verification failed 681s + cat 681s + root_ca_trusted_cert_0001_key_pass=pass:random-root-ca-trusted-cert-0001-25719 681s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-certs-ch32yC/test-root-CA-trusted-certificate-0001-key.pem -passout pass:random-root-ca-trusted-cert-0001-25719 1024 681s + openssl req -new -nodes -reqexts req_exts -passin pass:random-root-ca-trusted-cert-0001-25719 -key /tmp/sssd-softhsm2-certs-ch32yC/test-root-CA-trusted-certificate-0001-key.pem -config /tmp/sssd-softhsm2-certs-ch32yC/test-root-CA-trusted-certificate-0001.config -out /tmp/sssd-softhsm2-certs-ch32yC/test-root-CA-trusted-certificate-0001-request.pem 681s + openssl req -text -noout -in /tmp/sssd-softhsm2-certs-ch32yC/test-root-CA-trusted-certificate-0001-request.pem 681s Certificate Request: 681s Data: 681s Version: 1 (0x0) 681s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 681s Subject Public Key Info: 681s Public Key Algorithm: rsaEncryption 681s Public-Key: (1024 bit) 681s Modulus: 681s 00:cd:13:92:dd:41:11:48:8f:e3:53:c9:47:9c:bc: 681s a0:bd:e8:1e:66:e7:6a:10:5c:b2:7c:24:0a:69:f0: 681s 65:25:52:85:0a:21:da:e0:13:0d:fc:2e:a3:22:70: 681s c0:72:ef:c6:83:a6:3a:43:24:1e:15:7c:f8:7a:1d: 681s bd:bb:53:68:ea:77:f6:d7:d2:83:fe:04:cf:e6:d8: 681s 7d:bd:14:9f:1b:88:16:48:cc:87:1c:7d:ee:9b:48: 681s ac:28:c7:93:97:13:a7:ef:ad:08:86:2e:68:26:02: 681s a2:29:f4:f1:51:50:cf:11:e6:e8:b0:4c:db:25:07: 681s c9:e7:e3:ae:98:c6:ca:33:ab 681s Exponent: 65537 (0x10001) 681s Attributes: 681s Requested Extensions: 681s X509v3 Basic Constraints: 681s CA:FALSE 681s Netscape Cert Type: 681s SSL Client, S/MIME 681s Netscape Comment: 681s Test Organization Root CA trusted Certificate 681s X509v3 Subject Key Identifier: 681s 7F:26:A9:17:04:F7:24:17:D1:E7:0C:A2:C3:F6:99:A3:18:D6:08:AE 681s X509v3 Key Usage: critical 681s Digital Signature, Non Repudiation, Key Encipherment 681s X509v3 Extended Key Usage: 681s TLS Web Client Authentication, E-mail Protection 681s X509v3 Subject Alternative Name: 681s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 681s Signature Algorithm: sha256WithRSAEncryption 681s Signature Value: 681s 95:91:88:d2:70:0f:f6:81:fe:53:9d:2f:48:40:de:40:86:2c: 681s 94:6a:da:c5:51:fe:c9:b0:38:fc:f9:51:4f:78:0f:10:a7:81: 681s da:7e:50:6f:0d:c3:f7:6c:3e:2b:91:36:ff:3f:3a:a8:a9:6b: 681s 53:85:4b:aa:ec:02:ea:83:92:18:26:80:a3:34:70:d8:ba:18: 681s 80:25:36:ad:96:98:a6:66:3c:3b:e0:ee:cd:98:89:5a:4c:c2: 681s b7:af:9c:53:bc:0e:bb:92:84:9c:df:1e:77:3b:20:fc:b2:78: 681s a4:4a:aa:18:55:f6:4c:16:3b:33:00:b4:53:fd:4f:67:f8:a0: 681s 29:5d 681s + openssl ca -batch -notext -config /tmp/sssd-softhsm2-certs-ch32yC/test-root-CA.config -passin pass:random-root-CA-password-10929 -keyfile /tmp/sssd-softhsm2-certs-ch32yC/test-root-CA-key.pem -in /tmp/sssd-softhsm2-certs-ch32yC/test-root-CA-trusted-certificate-0001-request.pem -days 365 -extensions usr_cert -out /tmp/sssd-softhsm2-certs-ch32yC/test-root-CA-trusted-certificate-0001.pem 681s Using configuration from /tmp/sssd-softhsm2-certs-ch32yC/test-root-CA.config 681s Check that the request matches the signature 681s Signature ok 681s Certificate Details: 681s Serial Number: 3 (0x3) 681s Validity 681s Not Before: Mar 5 00:33:15 2024 GMT 681s Not After : Mar 5 00:33:15 2025 GMT 681s Subject: 681s organizationName = Test Organization 681s organizationalUnitName = Test Organization Unit 681s commonName = Test Organization Root Trusted Certificate 0001 681s X509v3 extensions: 681s X509v3 Authority Key Identifier: 681s 35:36:6D:8F:FE:DD:44:10:EE:85:68:F7:3F:A3:A4:7F:D3:66:C7:6B 681s X509v3 Basic Constraints: 681s CA:FALSE 681s Netscape Cert Type: 681s SSL Client, S/MIME 681s Netscape Comment: 681s Test Organization Root CA trusted Certificate 681s X509v3 Subject Key Identifier: 681s 7F:26:A9:17:04:F7:24:17:D1:E7:0C:A2:C3:F6:99:A3:18:D6:08:AE 681s X509v3 Key Usage: critical 681s Digital Signature, Non Repudiation, Key Encipherment 681s X509v3 Extended Key Usage: 681s TLS Web Client Authentication, E-mail Protection 681s X509v3 Subject Alternative Name: 681s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 681s Certificate is to be certified until Mar 5 00:33:15 2025 GMT (365 days) 681s 681s Write out database with 1 new entries 681s Database updated 681s + openssl x509 -noout -in /tmp/sssd-softhsm2-certs-ch32yC/test-root-CA-trusted-certificate-0001.pem 681s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-ch32yC/test-root-CA.pem /tmp/sssd-softhsm2-certs-ch32yC/test-root-CA-trusted-certificate-0001.pem 681s /tmp/sssd-softhsm2-certs-ch32yC/test-root-CA-trusted-certificate-0001.pem: OK 681s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-certs-ch32yC/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-ch32yC/test-root-CA-trusted-certificate-0001.pem 681s + local cmd=openssl 681s + shift 681s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-ch32yC/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-ch32yC/test-root-CA-trusted-certificate-0001.pem 681s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 681s error 20 at 0 depth lookup: unable to get local issuer certificate 681s error /tmp/sssd-softhsm2-certs-ch32yC/test-root-CA-trusted-certificate-0001.pem: verification failed 681s + cat 681s + intermediate_ca_trusted_cert_0001_key_pass=pass:random-intermediate-ca-trusted-cert-0001-23869 681s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-certs-ch32yC/test-intermediate-CA-trusted-certificate-0001-key.pem -passout pass:random-intermediate-ca-trusted-cert-0001-23869 1024 681s + openssl req -new -nodes -reqexts req_exts -passin pass:random-intermediate-ca-trusted-cert-0001-23869 -key /tmp/sssd-softhsm2-certs-ch32yC/test-intermediate-CA-trusted-certificate-0001-key.pem -config /tmp/sssd-softhsm2-certs-ch32yC/test-intermediate-CA-trusted-certificate-0001.config -out /tmp/sssd-softhsm2-certs-ch32yC/test-intermediate-CA-trusted-certificate-0001-request.pem 681s + openssl req -text -noout -in /tmp/sssd-softhsm2-certs-ch32yC/test-intermediate-CA-trusted-certificate-0001-request.pem 681s + openssl ca -passin pass:random-intermediate-CA-password-27578 -config /tmp/sssd-softhsm2-certs-ch32yC/test-intermediate-CA.config -batch -notext -keyfile /tmp/sssd-softhsm2-certs-ch32yC/test-intermediate-CA-key.pem -in /tmp/sssd-softhsm2-certs-ch32yC/test-intermediate-CA-trusted-certificate-0001-request.pem -days 365 -extensions usr_cert -out /tmp/sssd-softhsm2-certs-ch32yC/test-intermediate-CA-trusted-certificate-0001.pem 681s Certificate Request: 681s Data: 681s Version: 1 (0x0) 681s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 681s Subject Public Key Info: 681s Public Key Algorithm: rsaEncryption 681s Public-Key: (1024 bit) 681s Modulus: 681s 00:9d:77:54:86:7f:53:39:75:55:5b:4f:eb:8f:2c: 681s 2b:50:04:e0:11:16:24:e6:ba:65:d4:43:e6:5b:a6: 681s 97:6f:63:4a:17:06:1c:19:95:6c:91:db:44:3e:c9: 681s d4:2e:da:79:5d:7b:e0:af:32:95:ab:23:fa:88:be: 681s 5a:4d:ca:1c:b4:6a:99:77:53:eb:55:42:23:3d:53: 681s 84:f6:cb:60:c1:b2:0a:bb:8a:66:20:fb:c7:da:ca: 681s 38:27:ca:61:d8:fc:1c:ac:d0:87:18:88:fb:45:4b: 681s c1:c4:52:21:fd:0f:16:28:a9:7e:f1:82:36:3a:79: 681s 9f:d4:ca:fd:b4:cb:9c:7f:1f 681s Exponent: 65537 (0x10001) 681s Attributes: 681s Requested Extensions: 681s X509v3 Basic Constraints: 681s CA:FALSE 681s Netscape Cert Type: 681s SSL Client, S/MIME 681s Netscape Comment: 681s Test Organization Intermediate CA trusted Certificate 681s X509v3 Subject Key Identifier: 681s A5:68:97:3D:DA:98:6B:9C:71:E4:11:5E:20:63:2C:DE:98:71:85:5C 681s X509v3 Key Usage: critical 681s Digital Signature, Non Repudiation, Key Encipherment 681s X509v3 Extended Key Usage: 681s TLS Web Client Authentication, E-mail Protection 681s X509v3 Subject Alternative Name: 681s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 681s Signature Algorithm: sha256WithRSAEncryption 681s Signature Value: 681s 0e:0b:17:b6:84:2e:33:ce:4b:2c:75:a2:77:87:95:9d:75:19: 681s e7:65:e1:cd:22:8d:43:02:33:d3:e8:2a:28:17:0c:a5:63:5a: 681s 87:a0:c6:a1:3e:7c:a6:b9:d0:14:79:49:0e:a8:6d:26:61:16: 681s 8c:88:14:82:6e:2a:37:15:4f:0e:dc:39:b0:91:64:5a:f5:c7: 681s cc:11:26:6c:2e:23:42:ed:2c:90:7b:f7:90:0c:5d:f3:a0:a7: 681s 55:50:2d:8c:d0:3b:0a:d5:69:ed:bc:fb:e1:86:0e:4b:18:58: 681s d3:68:0d:33:3d:06:cf:74:c3:5c:b1:cf:d7:07:cc:28:09:a4: 681s da:1a 681s Using configuration from /tmp/sssd-softhsm2-certs-ch32yC/test-intermediate-CA.config 681s Check that the request matches the signature 681s Signature ok 681s Certificate Details: 681s Serial Number: 4 (0x4) 681s Validity 681s Not Before: Mar 5 00:33:15 2024 GMT 681s Not After : Mar 5 00:33:15 2025 GMT 681s Subject: 681s organizationName = Test Organization 681s organizationalUnitName = Test Organization Unit 681s commonName = Test Organization Intermediate Trusted Certificate 0001 681s X509v3 extensions: 681s X509v3 Authority Key Identifier: 681s 6B:E8:8A:51:A7:C2:F4:7F:7B:99:F9:55:96:34:05:8C:A3:B0:28:E5 681s X509v3 Basic Constraints: 681s CA:FALSE 681s Netscape Cert Type: 681s SSL Client, S/MIME 681s Netscape Comment: 681s Test Organization Intermediate CA trusted Certificate 681s X509v3 Subject Key Identifier: 681s A5:68:97:3D:DA:98:6B:9C:71:E4:11:5E:20:63:2C:DE:98:71:85:5C 681s X509v3 Key Usage: critical 681s Digital Signature, Non Repudiation, Key Encipherment 681s X509v3 Extended Key Usage: 681s TLS Web Client Authentication, E-mail Protection 681s X509v3 Subject Alternative Name: 681s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 681s Certificate is to be certified until Mar 5 00:33:15 2025 GMT (365 days) 681s 681s Write out database with 1 new entries 681s Database updated 681s + openssl x509 -noout -in /tmp/sssd-softhsm2-certs-ch32yC/test-intermediate-CA-trusted-certificate-0001.pem 681s + echo 'This certificate should not be trusted fully' 681s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-certs-ch32yC/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-ch32yC/test-intermediate-CA-trusted-certificate-0001.pem 681s + local cmd=openssl 681s + shift 681s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-ch32yC/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-ch32yC/test-intermediate-CA-trusted-certificate-0001.pem 681s This certificate should not be trusted fully 681s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 681s error 2 at 1 depth lookup: unable to get issuer certificate 681s error /tmp/sssd-softhsm2-certs-ch32yC/test-intermediate-CA-trusted-certificate-0001.pem: verification failed 681s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-certs-ch32yC/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-ch32yC/test-intermediate-CA-trusted-certificate-0001.pem 681s /tmp/sssd-softhsm2-certs-ch32yC/test-intermediate-CA-trusted-certificate-0001.pem: OK 681s + cat 681s + sub_intermediate_ca_trusted_cert_0001_key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-8494 681s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-certs-ch32yC/test-sub-intermediate-CA-trusted-certificate-0001-key.pem -passout pass:random-sub-intermediate-ca-trusted-cert-0001-8494 1024 681s + openssl req -new -nodes -reqexts req_exts -passin pass:random-sub-intermediate-ca-trusted-cert-0001-8494 -key /tmp/sssd-softhsm2-certs-ch32yC/test-sub-intermediate-CA-trusted-certificate-0001-key.pem -config /tmp/sssd-softhsm2-certs-ch32yC/test-sub-intermediate-CA-trusted-certificate-0001.config -out /tmp/sssd-softhsm2-certs-ch32yC/test-sub-intermediate-CA-trusted-certificate-0001-request.pem 681s + openssl req -text -noout -in /tmp/sssd-softhsm2-certs-ch32yC/test-sub-intermediate-CA-trusted-certificate-0001-request.pem 681s Certificate Request: 681s Data: 681s Version: 1 (0x0) 681s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 681s Subject Public Key Info: 681s Public Key Algorithm: rsaEncryption 681s Public-Key: (1024 bit) 681s Modulus: 681s 00:c4:c4:76:bd:82:87:cf:03:e9:29:af:86:df:0a: 681s 20:40:fd:16:e7:44:a3:30:48:a5:c9:7c:1e:a9:f9: 681s 52:5a:64:33:36:7a:e5:35:04:a5:6a:90:0c:27:ea: 681s da:8b:0c:b9:06:71:d3:18:c6:14:c5:c5:5f:a1:09: 681s 74:e4:17:14:1e:d0:94:32:eb:d1:f5:8e:cf:0e:31: 681s e7:c8:7e:a2:e4:8c:3a:95:6c:4c:c7:23:c5:bd:07: 681s 51:b6:eb:0f:5e:d0:94:0e:97:4a:45:80:f0:88:33: 681s de:87:46:86:28:dc:5a:42:5b:7b:ab:d7:79:fe:8c: 681s 32:a4:e0:38:fe:1f:8a:8e:1d 681s Exponent: 65537 (0x10001) 681s Attributes: 681s Requested Extensions: 681s X509v3 Basic Constraints: 681s CA:FALSE 681s Netscape Cert Type: 681s SSL Client, S/MIME 681s Netscape Comment: 681s Test Organization Sub Intermediate CA trusted Certificate 681s X509v3 Subject Key Identifier: 681s A3:73:5A:9B:43:06:BA:98:D1:A4:A7:A7:8C:C8:B9:58:0E:64:8D:FD 681s X509v3 Key Usage: critical 681s Digital Signature, Non Repudiation, Key Encipherment 681s X509v3 Extended Key Usage: 681s TLS Web Client Authentication, E-mail Protection 681s X509v3 Subject Alternative Name: 681s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 681s Signature Algorithm: sha256WithRSAEncryption 681s Signature Value: 681s 60:78:9b:b5:75:32:33:af:36:3f:41:df:de:62:d1:5b:52:9c: 681s 85:ec:48:ec:7e:ab:69:5e:8a:e5:88:bd:90:bb:9b:0b:18:58: 681s bf:ff:c1:30:26:7b:07:e0:3e:07:fc:3b:bb:cc:ea:5f:ac:f0: 681s 55:0a:39:54:37:21:f4:1b:40:52:c4:a1:6e:90:e3:ef:5e:88: 681s d6:c3:cc:48:6f:fc:bb:f2:53:df:35:ac:fb:5f:69:fc:db:d7: 681s bf:d5:52:3a:cf:1a:37:50:d7:ac:ec:1a:6c:9c:64:26:78:06: 681s bb:af:a0:a7:d1:16:08:98:7a:39:d6:3d:5e:d5:e3:87:a4:6c: 681s 5b:0d 681s + openssl ca -passin pass:random-sub-intermediate-CA-password-1054 -config /tmp/sssd-softhsm2-certs-ch32yC/test-sub-intermediate-CA.config -batch -notext -keyfile /tmp/sssd-softhsm2-certs-ch32yC/test-sub-intermediate-CA-key.pem -in /tmp/sssd-softhsm2-certs-ch32yC/test-sub-intermediate-CA-trusted-certificate-0001-request.pem -days 365 -extensions usr_cert -out /tmp/sssd-softhsm2-certs-ch32yC/test-sub-intermediate-CA-trusted-certificate-0001.pem 681s Using configuration from /tmp/sssd-softhsm2-certs-ch32yC/test-sub-intermediate-CA.config 681s Check that the request matches the signature 681s Signature ok 681s Certificate Details: 681s Serial Number: 5 (0x5) 681s Validity 681s Not Before: Mar 5 00:33:15 2024 GMT 681s Not After : Mar 5 00:33:15 2025 GMT 681s Subject: 681s organizationName = Test Organization 681s organizationalUnitName = Test Organization Unit 681s commonName = Test Organization Sub Intermediate Trusted Certificate 0001 681s X509v3 extensions: 681s X509v3 Authority Key Identifier: 681s 2C:EA:79:DC:42:5D:FD:45:FE:A8:14:2D:55:B6:3F:9C:EB:D1:02:33 681s X509v3 Basic Constraints: 681s CA:FALSE 681s Netscape Cert Type: 681s SSL Client, S/MIME 681s Netscape Comment: 681s Test Organization Sub Intermediate CA trusted Certificate 681s X509v3 Subject Key Identifier: 681s A3:73:5A:9B:43:06:BA:98:D1:A4:A7:A7:8C:C8:B9:58:0E:64:8D:FD 681s X509v3 Key Usage: critical 681s Digital Signature, Non Repudiation, Key Encipherment 681s X509v3 Extended Key Usage: 681s TLS Web Client Authentication, E-mail Protection 681s X509v3 Subject Alternative Name: 681s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 681s Certificate is to be certified until Mar 5 00:33:15 2025 GMT (365 days) 681s 681s Write out database with 1 new entries 681s Database updated 681s + openssl x509 -noout -in /tmp/sssd-softhsm2-certs-ch32yC/test-sub-intermediate-CA-trusted-certificate-0001.pem 681s + echo 'This certificate should not be trusted fully' 681s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-certs-ch32yC/test-sub-intermediate-CA.pem /tmp/sssd-softhsm2-certs-ch32yC/test-sub-intermediate-CA-trusted-certificate-0001.pem 681s + local cmd=openssl 681s + shift 681s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-ch32yC/test-sub-intermediate-CA.pem /tmp/sssd-softhsm2-certs-ch32yC/test-sub-intermediate-CA-trusted-certificate-0001.pem 681s This certificate should not be trusted fully 681s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 681s error 2 at 1 depth lookup: unable to get issuer certificate 681s error /tmp/sssd-softhsm2-certs-ch32yC/test-sub-intermediate-CA-trusted-certificate-0001.pem: verification failed 681s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-certs-ch32yC/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-ch32yC/test-sub-intermediate-CA-trusted-certificate-0001.pem 681s + local cmd=openssl 681s + shift 681s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-ch32yC/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-ch32yC/test-sub-intermediate-CA-trusted-certificate-0001.pem 681s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 681s error 20 at 0 depth lookup: unable to get local issuer certificate 681s error /tmp/sssd-softhsm2-certs-ch32yC/test-sub-intermediate-CA-trusted-certificate-0001.pem: verification failed 681s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-certs-ch32yC/test-sub-intermediate-CA.pem /tmp/sssd-softhsm2-certs-ch32yC/test-sub-intermediate-CA-trusted-certificate-0001.pem 681s /tmp/sssd-softhsm2-certs-ch32yC/test-sub-intermediate-CA-trusted-certificate-0001.pem: OK 681s + expect_fail openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-certs-ch32yC/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-ch32yC/test-sub-intermediate-CA-trusted-certificate-0001.pem 681s + local cmd=openssl 681s + shift 681s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-certs-ch32yC/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-ch32yC/test-sub-intermediate-CA-trusted-certificate-0001.pem 681s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 681s error 20 at 0 depth lookup: unable to get local issuer certificate 681s error /tmp/sssd-softhsm2-certs-ch32yC/test-sub-intermediate-CA-trusted-certificate-0001.pem: verification failed 682s Building a the full-chain CA file... 682s + echo 'Building a the full-chain CA file...' 682s + cat /tmp/sssd-softhsm2-certs-ch32yC/test-root-CA.pem /tmp/sssd-softhsm2-certs-ch32yC/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-ch32yC/test-sub-intermediate-CA.pem 682s + cat /tmp/sssd-softhsm2-certs-ch32yC/test-root-CA.pem /tmp/sssd-softhsm2-certs-ch32yC/test-intermediate-CA.pem 682s + cat /tmp/sssd-softhsm2-certs-ch32yC/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-ch32yC/test-sub-intermediate-CA.pem 682s + openssl crl2pkcs7 -nocrl -certfile /tmp/sssd-softhsm2-certs-ch32yC/test-full-chain-CA.pem 682s + openssl pkcs7 -print_certs -noout 682s subject=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 682s issuer=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 682s 682s subject=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 682s issuer=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 682s 682s subject=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 682s issuer=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 682s 682s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-ch32yC/test-full-chain-CA.pem /tmp/sssd-softhsm2-certs-ch32yC/test-intermediate-CA.pem 682s /tmp/sssd-softhsm2-certs-ch32yC/test-intermediate-CA.pem: OK 682s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-ch32yC/test-full-chain-CA.pem /tmp/sssd-softhsm2-certs-ch32yC/test-root-CA-trusted-certificate-0001.pem 682s /tmp/sssd-softhsm2-certs-ch32yC/test-root-CA-trusted-certificate-0001.pem: OK 682s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-ch32yC/test-full-chain-CA.pem /tmp/sssd-softhsm2-certs-ch32yC/test-intermediate-CA-trusted-certificate-0001.pem 682s /tmp/sssd-softhsm2-certs-ch32yC/test-intermediate-CA-trusted-certificate-0001.pem: OK 682s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-ch32yC/test-full-chain-CA.pem /tmp/sssd-softhsm2-certs-ch32yC/test-root-intermediate-chain-CA.pem 682s /tmp/sssd-softhsm2-certs-ch32yC/test-root-intermediate-chain-CA.pem: OK 682s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-ch32yC/test-full-chain-CA.pem /tmp/sssd-softhsm2-certs-ch32yC/test-sub-intermediate-CA-trusted-certificate-0001.pem 682s /tmp/sssd-softhsm2-certs-ch32yC/test-sub-intermediate-CA-trusted-certificate-0001.pem: OK 682s Certificates generation completed! 682s + echo 'Certificates generation completed!' 682s + [[ -v NO_SSSD_TESTS ]] 682s + [[ -v GENERATE_SMART_CARDS ]] 682s + prepare_softhsm2_card /tmp/sssd-softhsm2-certs-ch32yC/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-25719 682s + local certificate=/tmp/sssd-softhsm2-certs-ch32yC/test-root-CA-trusted-certificate-0001.pem 682s + local key_pass=pass:random-root-ca-trusted-cert-0001-25719 682s + local key_cn 682s + local key_name 682s + local tokens_dir 682s + local output_cert_file 682s + token_name= 682s ++ basename /tmp/sssd-softhsm2-certs-ch32yC/test-root-CA-trusted-certificate-0001.pem .pem 682s + key_name=test-root-CA-trusted-certificate-0001 682s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-certs-ch32yC/test-root-CA-trusted-certificate-0001.pem 682s ++ sed -n 's/ *commonName *= //p' 682s + key_cn='Test Organization Root Trusted Certificate 0001' 682s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 682s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-certs-ch32yC/softhsm2-test-root-CA-trusted-certificate-0001.conf 682s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-certs-ch32yC/softhsm2-test-root-CA-trusted-certificate-0001.conf 682s ++ basename /tmp/sssd-softhsm2-certs-ch32yC/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 682s + tokens_dir=/tmp/sssd-softhsm2-certs-ch32yC/softhsm2-test-root-CA-trusted-certificate-0001 682s + token_name='Test Organization Root Tr Token' 682s + '[' '!' -e /tmp/sssd-softhsm2-certs-ch32yC/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 682s + local key_file 682s + local decrypted_key 682s + mkdir -p /tmp/sssd-softhsm2-certs-ch32yC/softhsm2-test-root-CA-trusted-certificate-0001 682s + key_file=/tmp/sssd-softhsm2-certs-ch32yC/test-root-CA-trusted-certificate-0001-key.pem 682s + decrypted_key=/tmp/sssd-softhsm2-certs-ch32yC/test-root-CA-trusted-certificate-0001-key-decrypted.pem 682s + cat 682s + softhsm2-util --init-token --label 'Test Organization Root Tr Token' --pin 123456 --so-pin 123456 --free 682s Slot 0 has a free/uninitialized token. 682s The token has been initialized and is reassigned to slot 365029140 682s + softhsm2-util --show-slots 682s Available slots: 682s Slot 365029140 682s Slot info: 682s Description: SoftHSM slot ID 0x15c1e714 682s Manufacturer ID: SoftHSM project 682s Hardware version: 2.6 682s Firmware version: 2.6 682s Token present: yes 682s Token info: 682s Manufacturer ID: SoftHSM project 682s Model: SoftHSM v2 682s Hardware version: 2.6 682s Firmware version: 2.6 682s Serial number: ce0a87e295c1e714 682s Initialized: yes 682s User PIN init.: yes 682s Label: Test Organization Root Tr Token 682s Slot 1 682s Slot info: 682s Description: SoftHSM slot ID 0x1 682s Manufacturer ID: SoftHSM project 682s Hardware version: 2.6 682s Firmware version: 2.6 682s Token present: yes 682s Token info: 682s Manufacturer ID: SoftHSM project 682s Model: SoftHSM v2 682s Hardware version: 2.6 682s Firmware version: 2.6 682s Serial number: 682s Initialized: no 682s User PIN init.: no 682s Label: 682s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=/tmp/sssd-softhsm2-certs-ch32yC/test-root-CA-trusted-certificate-0001.pem --login --set-pin=123456 --label 'Test Organization Root Trusted Certificate 0001' --id 00112233445566778899FFAABBCCDDEEFF012345 682s + openssl rsa -passin pass:random-root-ca-trusted-cert-0001-25719 -in /tmp/sssd-softhsm2-certs-ch32yC/test-root-CA-trusted-certificate-0001-key.pem -out /tmp/sssd-softhsm2-certs-ch32yC/test-root-CA-trusted-certificate-0001-key-decrypted.pem 682s writing RSA key 682s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --write --load-privkey=/tmp/sssd-softhsm2-certs-ch32yC/test-root-CA-trusted-certificate-0001-key-decrypted.pem --login --set-pin=123456 --label 'Test Organization Root Trusted Certificate 0001 Key' --id 00112233445566778899FFAABBCCDDEEFF012345 682s + rm /tmp/sssd-softhsm2-certs-ch32yC/test-root-CA-trusted-certificate-0001-key-decrypted.pem 682s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --list-all 682s Object 0: 682s URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=ce0a87e295c1e714;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert 682s Type: X.509 Certificate (RSA-1024) 682s Expires: Wed Mar 5 00:33:15 2025 682s Label: Test Organization Root Trusted Certificate 0001 682s ID: 00:11:22:33:44:55:66:77:88:99:ff:aa:bb:cc:dd:ee:ff:01:23:45 682s 682s + echo 'Test Organization Root Tr Token' 682s Test Organization Root Tr Token 682s + prepare_softhsm2_card /tmp/sssd-softhsm2-certs-ch32yC/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-23869 682s + local certificate=/tmp/sssd-softhsm2-certs-ch32yC/test-intermediate-CA-trusted-certificate-0001.pem 682s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-23869 682s + local key_cn 682s + local key_name 682s + local tokens_dir 682s + local output_cert_file 682s + token_name= 682s ++ basename /tmp/sssd-softhsm2-certs-ch32yC/test-intermediate-CA-trusted-certificate-0001.pem .pem 682s + key_name=test-intermediate-CA-trusted-certificate-0001 682s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-certs-ch32yC/test-intermediate-CA-trusted-certificate-0001.pem 682s ++ sed -n 's/ *commonName *= //p' 682s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 682s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 682s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-certs-ch32yC/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 682s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-certs-ch32yC/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 682s ++ basename /tmp/sssd-softhsm2-certs-ch32yC/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 682s + tokens_dir=/tmp/sssd-softhsm2-certs-ch32yC/softhsm2-test-intermediate-CA-trusted-certificate-0001 682s + token_name='Test Organization Interme Token' 682s + '[' '!' -e /tmp/sssd-softhsm2-certs-ch32yC/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 682s + local key_file 682s + local decrypted_key 682s + mkdir -p /tmp/sssd-softhsm2-certs-ch32yC/softhsm2-test-intermediate-CA-trusted-certificate-0001 682s + key_file=/tmp/sssd-softhsm2-certs-ch32yC/test-intermediate-CA-trusted-certificate-0001-key.pem 682s + decrypted_key=/tmp/sssd-softhsm2-certs-ch32yC/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 682s + cat 682s + softhsm2-util --init-token --label 'Test Organization Interme Token' --pin 123456 --so-pin 123456 --free 682s Slot 0 has a free/uninitialized token. 682s The token has been initialized and is reassigned to slot 632246882 682s + softhsm2-util --show-slots 682s Available slots: 682s Slot 632246882 682s Slot info: 682s Description: SoftHSM slot ID 0x25af5262 682s Manufacturer ID: SoftHSM project 682s Hardware version: 2.6 682s Firmware version: 2.6 682s Token present: yes 682s Token info: 682s Manufacturer ID: SoftHSM project 682s Model: SoftHSM v2 682s Hardware version: 2.6 682s Firmware version: 2.6 682s Serial number: dcd5997b25af5262 682s Initialized: yes 682s User PIN init.: yes 682s Label: Test Organization Interme Token 682s Slot 1 682s Slot info: 682s Description: SoftHSM slot ID 0x1 682s Manufacturer ID: SoftHSM project 682s Hardware version: 2.6 682s Firmware version: 2.6 682s Token present: yes 682s Token info: 682s Manufacturer ID: SoftHSM project 682s Model: SoftHSM v2 682s Hardware version: 2.6 682s Firmware version: 2.6 682s Serial number: 682s Initialized: no 682s User PIN init.: no 682s Label: 682s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=/tmp/sssd-softhsm2-certs-ch32yC/test-intermediate-CA-trusted-certificate-0001.pem --login --set-pin=123456 --label 'Test Organization Intermediate Trusted Certificate 0001' --id 00112233445566778899FFAABBCCDDEEFF012345 682s + openssl rsa -passin pass:random-intermediate-ca-trusted-cert-0001-23869 -in /tmp/sssd-softhsm2-certs-ch32yC/test-intermediate-CA-trusted-certificate-0001-key.pem -out /tmp/sssd-softhsm2-certs-ch32yC/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 682s writing RSA key 682s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --write --load-privkey=/tmp/sssd-softhsm2-certs-ch32yC/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem --login --set-pin=123456 --label 'Test Organization Intermediate Trusted Certificate 0001 Key' --id 00112233445566778899FFAABBCCDDEEFF012345 682s + rm /tmp/sssd-softhsm2-certs-ch32yC/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 682s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --list-all 682s Object 0: 682s URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=dcd5997b25af5262;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert 682s Type: X.509 Certificate (RSA-1024) 682s Expires: Wed Mar 5 00:33:15 2025 682s Label: Test Organization Intermediate Trusted Certificate 0001 682s ID: 00:11:22:33:44:55:66:77:88:99:ff:aa:bb:cc:dd:ee:ff:01:23:45 682s 682s + echo 'Test Organization Interme Token' 682s + prepare_softhsm2_card /tmp/sssd-softhsm2-certs-ch32yC/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-8494 682s + local certificate=/tmp/sssd-softhsm2-certs-ch32yC/test-sub-intermediate-CA-trusted-certificate-0001.pem 682s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-8494 682s + local key_cn 682s Test Organization Interme Token 682s + local key_name 682s + local tokens_dir 682s + local output_cert_file 682s + token_name= 682s ++ basename /tmp/sssd-softhsm2-certs-ch32yC/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 682s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 682s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-certs-ch32yC/test-sub-intermediate-CA-trusted-certificate-0001.pem 682s ++ sed -n 's/ *commonName *= //p' 682s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 682s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 682s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-certs-ch32yC/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 682s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-certs-ch32yC/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 682s ++ basename /tmp/sssd-softhsm2-certs-ch32yC/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 682s + tokens_dir=/tmp/sssd-softhsm2-certs-ch32yC/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 682s + token_name='Test Organization Sub Int Token' 682s + '[' '!' -e /tmp/sssd-softhsm2-certs-ch32yC/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 682s + local key_file 682s + local decrypted_key 682s + mkdir -p /tmp/sssd-softhsm2-certs-ch32yC/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 682s + key_file=/tmp/sssd-softhsm2-certs-ch32yC/test-sub-intermediate-CA-trusted-certificate-0001-key.pem 682s + decrypted_key=/tmp/sssd-softhsm2-certs-ch32yC/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 682s + cat 682s + softhsm2-util --init-token --label 'Test Organization Sub Int Token' --pin 123456 --so-pin 123456 --free 682s Slot 0 has a free/uninitialized token. 682s The token has been initialized and is reassigned to slot 940547412 682s + softhsm2-util --show-slots 682s Available slots: 682s Slot 940547412 682s Slot info: 682s Description: SoftHSM slot ID 0x380f9d54 682s Manufacturer ID: SoftHSM project 682s Hardware version: 2.6 682s Firmware version: 2.6 682s Token present: yes 682s Token info: 682s Manufacturer ID: SoftHSM project 682s Model: SoftHSM v2 682s Hardware version: 2.6 682s Firmware version: 2.6 682s Serial number: 26051f33b80f9d54 682s Initialized: yes 682s User PIN init.: yes 682s Label: Test Organization Sub Int Token 682s Slot 1 682s Slot info: 682s Description: SoftHSM slot ID 0x1 682s Manufacturer ID: SoftHSM project 682s Hardware version: 2.6 682s Firmware version: 2.6 682s Token present: yes 682s Token info: 682s Manufacturer ID: SoftHSM project 682s Model: SoftHSM v2 682s Hardware version: 2.6 682s Firmware version: 2.6 682s Serial number: 682s Initialized: no 682s User PIN init.: no 682s Label: 682s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=/tmp/sssd-softhsm2-certs-ch32yC/test-sub-intermediate-CA-trusted-certificate-0001.pem --login --set-pin=123456 --label 'Test Organization Sub Intermediate Trusted Certificate 0001' --id 00112233445566778899FFAABBCCDDEEFF012345 682s + openssl rsa -passin pass:random-sub-intermediate-ca-trusted-cert-0001-8494 -in /tmp/sssd-softhsm2-certs-ch32yC/test-sub-intermediate-CA-trusted-certificate-0001-key.pem -out /tmp/sssd-softhsm2-certs-ch32yC/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 682s writing RSA key 682s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --write --load-privkey=/tmp/sssd-softhsm2-certs-ch32yC/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem --login --set-pin=123456 --label 'Test Organization Sub Intermediate Trusted Certificate 0001 Key' --id 00112233445566778899FFAABBCCDDEEFF012345 682s + rm /tmp/sssd-softhsm2-certs-ch32yC/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 682s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --list-all 682s Object 0: 682s URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=26051f33b80f9d54;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert 682s Type: X.509 Certificate (RSA-1024) 682s Expires: Wed Mar 5 00:33:15 2025 682s Label: Test Organization Sub Intermediate Trusted Certificate 0001 682s ID: 00:11:22:33:44:55:66:77:88:99:ff:aa:bb:cc:dd:ee:ff:01:23:45 682s 682s Test Organization Sub Int Token 682s Certificates generation completed! 682s + echo 'Test Organization Sub Int Token' 682s + echo 'Certificates generation completed!' 682s + exit 0 682s + find /tmp/sssd-softhsm2-certs-ch32yC -type d -exec chmod 777 '{}' ';' 682s + find /tmp/sssd-softhsm2-certs-ch32yC -type f -exec chmod 666 '{}' ';' 682s + backup_file /etc/sssd/sssd.conf 682s + '[' -z '' ']' 682s ++ mktemp -d -t sssd-softhsm2-backups-XXXXXX 682s + backupsdir=/tmp/sssd-softhsm2-backups-CDBYlb 682s + '[' -e /etc/sssd/sssd.conf ']' 682s + delete_paths+=("$1") 682s + rm -f /etc/sssd/sssd.conf 682s ++ runuser -u ubuntu -- sh -c 'echo ~' 682s + user_home=/home/ubuntu 682s + mkdir -p /home/ubuntu 682s + chown ubuntu:ubuntu /home/ubuntu 682s ++ runuser -u ubuntu -- sh -c 'echo ${XDG_CONFIG_HOME:-~/.config}' 682s + user_config=/home/ubuntu/.config 682s + system_config=/etc 682s + softhsm2_conf_paths=("${AUTOPKGTEST_NORMAL_USER}:$user_config/softhsm2/softhsm2.conf" "root:$system_config/softhsm/softhsm2.conf") 682s + for path_pair in "${softhsm2_conf_paths[@]}" 682s + IFS=: 682s + read -r -a path 682s + path=/home/ubuntu/.config/softhsm2/softhsm2.conf 682s + backup_file /home/ubuntu/.config/softhsm2/softhsm2.conf 682s + '[' -z /tmp/sssd-softhsm2-backups-CDBYlb ']' 682s + '[' -e /home/ubuntu/.config/softhsm2/softhsm2.conf ']' 682s + delete_paths+=("$1") 682s + rm -f /home/ubuntu/.config/softhsm2/softhsm2.conf 682s + for path_pair in "${softhsm2_conf_paths[@]}" 682s + IFS=: 682s + read -r -a path 682s + path=/etc/softhsm/softhsm2.conf 682s + backup_file /etc/softhsm/softhsm2.conf 682s + '[' -z /tmp/sssd-softhsm2-backups-CDBYlb ']' 682s + '[' -e /etc/softhsm/softhsm2.conf ']' 682s ++ dirname /etc/softhsm/softhsm2.conf 682s + local back_dir=/tmp/sssd-softhsm2-backups-CDBYlb//etc/softhsm 682s ++ basename /etc/softhsm/softhsm2.conf 682s + local back_path=/tmp/sssd-softhsm2-backups-CDBYlb//etc/softhsm/softhsm2.conf 682s + '[' '!' -e /tmp/sssd-softhsm2-backups-CDBYlb//etc/softhsm/softhsm2.conf ']' 682s + mkdir -p /tmp/sssd-softhsm2-backups-CDBYlb//etc/softhsm 682s + cp -a /etc/softhsm/softhsm2.conf /tmp/sssd-softhsm2-backups-CDBYlb//etc/softhsm/softhsm2.conf 682s + restore_paths+=("$back_path") 682s + rm -f /etc/softhsm/softhsm2.conf 682s + test_authentication login /tmp/sssd-softhsm2-certs-ch32yC/softhsm2-test-root-CA-trusted-certificate-0001.conf /tmp/sssd-softhsm2-certs-ch32yC/test-full-chain-CA.pem 682s + pam_service=login 682s + certificate_config=/tmp/sssd-softhsm2-certs-ch32yC/softhsm2-test-root-CA-trusted-certificate-0001.conf 682s + ca_db=/tmp/sssd-softhsm2-certs-ch32yC/test-full-chain-CA.pem 682s + verification_options= 682s + mkdir -p -m 700 /etc/sssd 682s Using CA DB '/tmp/sssd-softhsm2-certs-ch32yC/test-full-chain-CA.pem' with verification options: '' 682s + echo 'Using CA DB '\''/tmp/sssd-softhsm2-certs-ch32yC/test-full-chain-CA.pem'\'' with verification options: '\'''\''' 682s + cat 682s + chmod 600 /etc/sssd/sssd.conf 682s + for path_pair in "${softhsm2_conf_paths[@]}" 682s + IFS=: 682s + read -r -a path 682s + user=ubuntu 682s + path=/home/ubuntu/.config/softhsm2/softhsm2.conf 682s ++ dirname /home/ubuntu/.config/softhsm2/softhsm2.conf 682s + runuser -u ubuntu -- mkdir -p /home/ubuntu/.config/softhsm2 682s + runuser -u ubuntu -- ln -sf /tmp/sssd-softhsm2-certs-ch32yC/softhsm2-test-root-CA-trusted-certificate-0001.conf /home/ubuntu/.config/softhsm2/softhsm2.conf 682s + runuser -u ubuntu -- softhsm2-util --show-slots 682s + grep 'Test Organization' 683s Label: Test Organization Root Tr Token 683s + for path_pair in "${softhsm2_conf_paths[@]}" 683s + IFS=: 683s + read -r -a path 683s + user=root 683s + path=/etc/softhsm/softhsm2.conf 683s ++ dirname /etc/softhsm/softhsm2.conf 683s + runuser -u root -- mkdir -p /etc/softhsm 683s + runuser -u root -- ln -sf /tmp/sssd-softhsm2-certs-ch32yC/softhsm2-test-root-CA-trusted-certificate-0001.conf /etc/softhsm/softhsm2.conf 683s Label: Test Organization Root Tr Token 683s + runuser -u root -- softhsm2-util --show-slots 683s + grep 'Test Organization' 683s + systemctl restart sssd 683s + pam-auth-update --disable sss-smart-card-optional sss-smart-card-required 683s + for alternative in "${alternative_pam_configs[@]}" 683s + pam-auth-update --enable sss-smart-card-optional 683s + cat /etc/pam.d/common-auth 683s # 683s # /etc/pam.d/common-auth - authentication settings common to all services 683s # 683s # This file is included from other service-specific PAM config files, 683s # and should contain a list of the authentication modules that define 683s # the central authentication scheme for use on the system 683s # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the 683s # traditional Unix authentication mechanisms. 683s # 683s # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. 683s # To take advantage of this, it is recommended that you configure any 683s # local modules either before or after the default block, and use 683s # pam-auth-update to manage selection of other modules. See 683s # pam-auth-update(8) for details. 683s 683s # here are the per-package modules (the "Primary" block) 683s auth [success=3 default=ignore] pam_sss.so allow_missing_name try_cert_auth 683s auth [success=2 default=ignore] pam_unix.so nullok try_first_pass 683s auth [success=1 default=ignore] pam_sss.so use_first_pass 683s # here's the fallback if no module succeeds 683s auth requisite pam_deny.so 683s # prime the stack with a positive return value if there isn't one already; 683s # this avoids us returning an error just because nothing sets a success code 683s # since the modules above will each just jump around 683s auth required pam_permit.so 683s # and here are more per-package modules (the "Additional" block) 683s auth optional pam_cap.so 683s # end of pam-auth-update config 683s + echo -n -e 123456 683s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 683s pamtester: invoking pam_start(login, ubuntu, ...) 683s pamtester: performing operation - authenticate 684s PIN for Test Organization Root Tr Token: pamtester: successfully authenticated 684s + echo -n -e 123456 684s + runuser -u ubuntu -- pamtester -v login '' authenticate 684s pamtester: invoking pam_start(login, , ...) 684s pamtester: performing operation - authenticate 684s PIN for Test Organization Root Tr Token: pamtester: successfully authenticated 684s + echo -n -e wrong123456 684s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 684s pamtester: invoking pam_start(login, ubuntu, ...) 684s pamtester: performing operation - authenticate 687s PIN for Test Organization Root Tr Token: Password: pamtester: Authentication failure 687s + echo -n -e wrong123456 687s + runuser -u ubuntu -- pamtester -v login '' authenticate 687s pamtester: invoking pam_start(login, , ...) 687s pamtester: performing operation - authenticate 690s PIN for Test Organization Root Tr Token: Password: pamtester: Authentication failure 690s + echo -n -e 123456 690s + pamtester -v login root authenticate 690s pamtester: invoking pam_start(login, root, ...) 690s pamtester: performing operation - authenticate 692s Password: pamtester: Authentication failure 692s + for alternative in "${alternative_pam_configs[@]}" 692s + pam-auth-update --enable sss-smart-card-required 692s PAM configuration 692s ----------------- 692s 692s Incompatible PAM profiles selected. 692s 692s The following PAM profiles cannot be used together: 692s 692s SSS required smart card authentication, SSS optional smart card 692s authentication 692s 692s Please select a different set of modules to enable. 692s 692s + cat /etc/pam.d/common-auth 692s # 692s # /etc/pam.d/common-auth - authentication settings common to all services 692s # 692s # This file is included from other service-specific PAM config files, 692s # and should contain a list of the authentication modules that define 692s # the central authentication scheme for use on the system 692s # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the 692s # traditional Unix authentication mechanisms. 692s # 692s # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. 692s # To take advantage of this, it is recommended that you configure any 692s # local modules either before or after the default block, and use 692s # pam-auth-update to manage selection of other modules. See 692s # pam-auth-update(8) for details. 692s 692s # here are the per-package modules (the "Primary" block) 692s auth [success=3 ignore=ignore default=die] pam_sss.so allow_missing_name require_cert_auth 692s auth [success=2 default=ignore] pam_unix.so nullok try_first_pass 692s auth [success=1 default=ignore] pam_sss.so use_first_pass 692s # here's the fallback if no module succeeds 692s auth requisite pam_deny.so 692s # prime the stack with a positive return value if there isn't one already; 692s # this avoids us returning an error just because nothing sets a success code 692s # since the modules above will each just jump around 692s auth required pam_permit.so 692s # and here are more per-package modules (the "Additional" block) 692s auth optional pam_cap.so 692s # end of pam-auth-update config 692s + echo -n -e 123456 692s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 693s pamtester: invoking pam_start(login, ubuntu, ...) 693s pamtester: performing operation - authenticate 693s PIN for Test Organization Root Tr Token: pamtester: successfully authenticated 693s + echo -n -e 123456 693s + runuser -u ubuntu -- pamtester -v login '' authenticate 693s pamtester: invoking pam_start(login, , ...) 693s pamtester: performing operation - authenticate 693s PIN for Test Organization Root Tr Token: pamtester: successfully authenticated 693s + echo -n -e wrong123456 693s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 693s pamtester: invoking pam_start(login, ubuntu, ...) 693s pamtester: performing operation - authenticate 695s PIN for Test Organization Root Tr Token: pamtester: Authentication failure 695s + echo -n -e wrong123456 695s + runuser -u ubuntu -- pamtester -v login '' authenticate 695s pamtester: invoking pam_start(login, , ...) 695s pamtester: performing operation - authenticate 698s PIN for Test Organization Root Tr Token: pamtester: Authentication failure 698s + pamtester -v login root authenticate 698s + echo -n -e 123456 698s pamtester: invoking pam_start(login, root, ...) 698s pamtester: performing operation - authenticate 701s pamtester: Authentication service cannot retrieve authentication info 701s + test_authentication login /tmp/sssd-softhsm2-certs-ch32yC/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf /tmp/sssd-softhsm2-certs-ch32yC/test-full-chain-CA.pem 701s + pam_service=login 701s + certificate_config=/tmp/sssd-softhsm2-certs-ch32yC/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 701s + ca_db=/tmp/sssd-softhsm2-certs-ch32yC/test-full-chain-CA.pem 701s + verification_options= 701s + mkdir -p -m 700 /etc/sssd 701s Using CA DB '/tmp/sssd-softhsm2-certs-ch32yC/test-full-chain-CA.pem' with verification options: '' 701s + echo 'Using CA DB '\''/tmp/sssd-softhsm2-certs-ch32yC/test-full-chain-CA.pem'\'' with verification options: '\'''\''' 701s + cat 701s + chmod 600 /etc/sssd/sssd.conf 701s + for path_pair in "${softhsm2_conf_paths[@]}" 701s + IFS=: 701s + read -r -a path 701s + user=ubuntu 701s + path=/home/ubuntu/.config/softhsm2/softhsm2.conf 701s ++ dirname /home/ubuntu/.config/softhsm2/softhsm2.conf 701s + runuser -u ubuntu -- mkdir -p /home/ubuntu/.config/softhsm2 701s + runuser -u ubuntu -- ln -sf /tmp/sssd-softhsm2-certs-ch32yC/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf /home/ubuntu/.config/softhsm2/softhsm2.conf 701s + runuser -u ubuntu -- softhsm2-util --show-slots 701s + grep 'Test Organization' 701s Label: Test Organization Sub Int Token 701s + for path_pair in "${softhsm2_conf_paths[@]}" 701s + IFS=: 701s + read -r -a path 701s + user=root 701s + path=/etc/softhsm/softhsm2.conf 701s ++ dirname /etc/softhsm/softhsm2.conf 701s + runuser -u root -- mkdir -p /etc/softhsm 701s + runuser -u root -- ln -sf /tmp/sssd-softhsm2-certs-ch32yC/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf /etc/softhsm/softhsm2.conf 701s + runuser -u root -- softhsm2-util --show-slots 701s + grep 'Test Organization' 701s Label: Test Organization Sub Int Token 701s + systemctl restart sssd 702s + pam-auth-update --disable sss-smart-card-optional sss-smart-card-required 702s + for alternative in "${alternative_pam_configs[@]}" 702s + pam-auth-update --enable sss-smart-card-optional 702s # 702s # /etc/pam.d/common-auth - authentication settings common to all services 702s # 702s # This file is included from other service-specific PAM config files, 702s # and should contain a list of the authentication modules that define 702s # the central authentication scheme for use on the system 702s # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the 702s # traditional Unix authentication mechanisms. 702s # 702s # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. 702s # To take advantage of this, it is recommended that you configure any 702s # local modules either before or after the default block, and use 702s # pam-auth-update to manage selection of other modules. See 702s # pam-auth-update(8) for details. 702s 702s # here are the per-package modules (the "Primary" block) 702s auth [success=3 default=ignore] pam_sss.so allow_missing_name try_cert_auth 702s auth [success=2 default=ignore] pam_unix.so nullok try_first_pass 702s auth [success=1 default=ignore] pam_sss.so use_first_pass 702s # here's the fallback if no module succeeds 702s auth requisite pam_deny.so 702s # prime the stack with a positive return value if there isn't one already; 702s # this avoids us returning an error just because nothing sets a success code 702s # since the modules above will each just jump around 702s auth required pam_permit.so 702s # and here are more per-package modules (the "Additional" block) 702s auth optional pam_cap.so 702s # end of pam-auth-update config 702s + cat /etc/pam.d/common-auth 702s + echo -n -e 123456 702s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 702s pamtester: invoking pam_start(login, ubuntu, ...) 702s pamtester: performing operation - authenticate 702s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 702s + echo -n -e 123456 702s + runuser -u ubuntu -- pamtester -v login '' authenticate 702s pamtester: invoking pam_start(login, , ...) 702s pamtester: performing operation - authenticate 702s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 702s + echo -n -e wrong123456 702s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 702s pamtester: invoking pam_start(login, ubuntu, ...) 702s pamtester: performing operation - authenticate 705s PIN for Test Organization Sub Int Token: Password: pamtester: Authentication failure 705s + echo -n -e wrong123456 705s + runuser -u ubuntu -- pamtester -v login '' authenticate 705s pamtester: invoking pam_start(login, , ...) 705s pamtester: performing operation - authenticate 707s PIN for Test Organization Sub Int Token: Password: pamtester: Authentication failure 707s + echo -n -e 123456 707s + pamtester -v login root authenticate 707s pamtester: invoking pam_start(login, root, ...) 707s pamtester: performing operation - authenticate 711s Password: pamtester: Authentication failure 711s + for alternative in "${alternative_pam_configs[@]}" 711s + pam-auth-update --enable sss-smart-card-required 711s PAM configuration 711s ----------------- 711s 711s Incompatible PAM profiles selected. 711s 711s The following PAM profiles cannot be used together: 711s 711s SSS required smart card authentication, SSS optional smart card 711s authentication 711s 711s Please select a different set of modules to enable. 711s 711s + cat /etc/pam.d/common-auth 711s # 711s # /etc/pam.d/common-auth - authentication settings common to all services 711s # 711s # This file is included from other service-specific PAM config files, 711s # and should contain a list of the authentication modules that define 711s # the central authentication scheme for use on the system 711s # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the 711s # traditional Unix authentication mechanisms. 711s # 711s # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. 711s # To take advantage of this, it is recommended that you configure any 711s # local modules either before or after the default block, and use 711s # pam-auth-update to manage selection of other modules. See 711s # pam-auth-update(8) for details. 711s 711s # here are the per-package modules (the "Primary" block) 711s auth [success=3 ignore=ignore default=die] pam_sss.so allow_missing_name require_cert_auth 711s auth [success=2 default=ignore] pam_unix.so nullok try_first_pass 711s auth [success=1 default=ignore] pam_sss.so use_first_pass 711s # here's the fallback if no module succeeds 711s auth requisite pam_deny.so 711s # prime the stack with a positive return value if there isn't one already; 711s # this avoids us returning an error just because nothing sets a success code 711s # since the modules above will each just jump around 711s auth required pam_permit.so 711s # and here are more per-package modules (the "Additional" block) 711s auth optional pam_cap.so 711s # end of pam-auth-update config 711s + echo -n -e 123456 711s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 711s pamtester: invoking pam_start(login, ubuntu, ...) 711s pamtester: performing operation - authenticate 711s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 711s + echo -n -e 123456 711s + runuser -u ubuntu -- pamtester -v login '' authenticate 711s pamtester: invoking pam_start(login, , ...) 711s pamtester: performing operation - authenticate 711s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 711s + echo -n -e wrong123456 711s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 711s pamtester: invoking pam_start(login, ubuntu, ...) 711s pamtester: performing operation - authenticate 714s PIN for Test Organization Sub Int Token: pamtester: Authentication failure 714s + echo -n -e wrong123456 714s + runuser -u ubuntu -- pamtester -v login '' authenticate 714s pamtester: invoking pam_start(login, , ...) 714s pamtester: performing operation - authenticate 716s PIN for Test Organization Sub Int Token: pamtester: Authentication failure 717s + echo -n -e 123456 717s + pamtester -v login root authenticate 717s pamtester: invoking pam_start(login, root, ...) 717s pamtester: performing operation - authenticate 720s pamtester: Authentication service cannot retrieve authentication info 720s + test_authentication login /tmp/sssd-softhsm2-certs-ch32yC/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf /tmp/sssd-softhsm2-certs-ch32yC/test-sub-intermediate-CA.pem partial_chain 720s + pam_service=login 720s + certificate_config=/tmp/sssd-softhsm2-certs-ch32yC/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 720s + ca_db=/tmp/sssd-softhsm2-certs-ch32yC/test-sub-intermediate-CA.pem 720s + verification_options=partial_chain 720s + mkdir -p -m 700 /etc/sssd 720s Using CA DB '/tmp/sssd-softhsm2-certs-ch32yC/test-sub-intermediate-CA.pem' with verification options: 'partial_chain' 720s + echo 'Using CA DB '\''/tmp/sssd-softhsm2-certs-ch32yC/test-sub-intermediate-CA.pem'\'' with verification options: '\''partial_chain'\''' 720s + cat 720s + chmod 600 /etc/sssd/sssd.conf 720s + for path_pair in "${softhsm2_conf_paths[@]}" 720s + IFS=: 720s + read -r -a path 720s + user=ubuntu 720s + path=/home/ubuntu/.config/softhsm2/softhsm2.conf 720s ++ dirname /home/ubuntu/.config/softhsm2/softhsm2.conf 720s + runuser -u ubuntu -- mkdir -p /home/ubuntu/.config/softhsm2 720s + runuser -u ubuntu -- ln -sf /tmp/sssd-softhsm2-certs-ch32yC/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf /home/ubuntu/.config/softhsm2/softhsm2.conf 720s + runuser -u ubuntu -- softhsm2-util --show-slots 720s + grep 'Test Organization' 720s Label: Test Organization Sub Int Token 720s + for path_pair in "${softhsm2_conf_paths[@]}" 720s + IFS=: 720s + read -r -a path 720s + user=root 720s + path=/etc/softhsm/softhsm2.conf 720s ++ dirname /etc/softhsm/softhsm2.conf 720s + runuser -u root -- mkdir -p /etc/softhsm 720s + runuser -u root -- ln -sf /tmp/sssd-softhsm2-certs-ch32yC/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf /etc/softhsm/softhsm2.conf 720s + runuser -u root -- softhsm2-util --show-slots 720s + grep 'Test Organization' 721s Label: Test Organization Sub Int Token 721s + systemctl restart sssd 721s + pam-auth-update --disable sss-smart-card-optional sss-smart-card-required 722s + for alternative in "${alternative_pam_configs[@]}" 722s + pam-auth-update --enable sss-smart-card-optional 722s + cat /etc/pam.d/common-auth 722s # 722s # /etc/pam.d/common-auth - authentication settings common to all services 722s # 722s # This file is included from other service-specific PAM config files, 722s # and should contain a list of the authentication modules that define 722s # the central authentication scheme for use on the system 722s # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the 722s # traditional Unix authentication mechanisms. 722s # 722s # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. 722s # To take advantage of this, it is recommended that you configure any 722s # local modules either before or after the default block, and use 722s # pam-auth-update to manage selection of other modules. See 722s # pam-auth-update(8) for details. 722s 722s # here are the per-package modules (the "Primary" block) 722s auth [success=3 default=ignore] pam_sss.so allow_missing_name try_cert_auth 722s auth [success=2 default=ignore] pam_unix.so nullok try_first_pass 722s auth [success=1 default=ignore] pam_sss.so use_first_pass 722s # here's the fallback if no module succeeds 722s auth requisite pam_deny.so 722s # prime the stack with a positive return value if there isn't one already; 722s # this avoids us returning an error just because nothing sets a success code 722s # since the modules above will each just jump around 722s auth required pam_permit.so 722s # and here are more per-package modules (the "Additional" block) 722s auth optional pam_cap.so 722s # end of pam-auth-update config 722s + echo -n -e 123456 722s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 722s pamtester: invoking pam_start(login, ubuntu, ...) 722s pamtester: performing operation - authenticate 722s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 722s + echo -n -e 123456 722s + runuser -u ubuntu -- pamtester -v login '' authenticate 722s pamtester: invoking pam_start(login, , ...) 722s pamtester: performing operation - authenticate 722s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 722s + echo -n -e wrong123456 722s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 722s pamtester: invoking pam_start(login, ubuntu, ...) 722s pamtester: performing operation - authenticate 726s PIN for Test Organization Sub Int Token: Password: pamtester: Authentication failure 726s + echo -n -e wrong123456 726s + runuser -u ubuntu -- pamtester -v login '' authenticate 726s pamtester: invoking pam_start(login, , ...) 726s pamtester: performing operation - authenticate 728s PIN for Test Organization Sub Int Token: Password: pamtester: Authentication failure 728s + echo -n -e 123456 728s + pamtester -v login root authenticate 728s pamtester: invoking pam_start(login, root, ...) 728s pamtester: performing operation - authenticate 731s Password: pamtester: Authentication failure 731s + for alternative in "${alternative_pam_configs[@]}" 731s + pam-auth-update --enable sss-smart-card-required 732s PAM configuration 732s ----------------- 732s 732s Incompatible PAM profiles selected. 732s 732s The following PAM profiles cannot be used together: 732s 732s SSS required smart card authentication, SSS optional smart card 732s authentication 732s 732s Please select a different set of modules to enable. 732s 732s + cat /etc/pam.d/common-auth 732s # 732s # /etc/pam.d/common-auth - authentication settings common to all services 732s # 732s # This file is included from other service-specific PAM config files, 732s # and should contain a list of the authentication modules that define 732s # the central authentication scheme for use on the system 732s # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the 732s # traditional Unix authentication mechanisms. 732s # 732s # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. 732s # To take advantage of this, it is recommended that you configure any 732s # local modules either before or after the default block, and use 732s # pam-auth-update to manage selection of other modules. See 732s # pam-auth-update(8) for details. 732s 732s # here are the per-package modules (the "Primary" block) 732s auth [success=3 ignore=ignore default=die] pam_sss.so allow_missing_name require_cert_auth 732s auth [success=2 default=ignore] pam_unix.so nullok try_first_pass 732s auth [success=1 default=ignore] pam_sss.so use_first_pass 732s # here's the fallback if no module succeeds 732s auth requisite pam_deny.so 732s # prime the stack with a positive return value if there isn't one already; 732s # this avoids us returning an error just because nothing sets a success code 732s # since the modules above will each just jump around 732s auth required pam_permit.so 732s # and here are more per-package modules (the "Additional" block) 732s auth optional pam_cap.so 732s # end of pam-auth-update config 732s + echo -n -e 123456 732s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 732s pamtester: invoking pam_start(login, ubuntu, ...) 732s pamtester: performing operation - authenticate 732s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 732s + echo -n -e 123456 732s + runuser -u ubuntu -- pamtester -v login '' authenticate 732s pamtester: invoking pam_start(login, , ...) 732s pamtester: performing operation - authenticate 732s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 732s + echo -n -e wrong123456 732s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 732s pamtester: invoking pam_start(login, ubuntu, ...) 732s pamtester: performing operation - authenticate 734s PIN for Test Organization Sub Int Token: pamtester: Authentication failure 734s + echo -n -e wrong123456 734s + runuser -u ubuntu -- pamtester -v login '' authenticate 734s pamtester: invoking pam_start(login, , ...) 734s pamtester: performing operation - authenticate 738s PIN for Test Organization Sub Int Token: pamtester: Authentication failure 738s + echo -n -e 123456 738s + pamtester -v login root authenticate 738s pamtester: invoking pam_start(login, root, ...) 738s pamtester: performing operation - authenticate 741s pamtester: Authentication service cannot retrieve authentication info 741s + handle_exit 741s + exit_code=0 741s + restore_changes 741s + for path in "${restore_paths[@]}" 741s + local original_path 741s ++ realpath --strip --relative-base=/tmp/sssd-softhsm2-backups-CDBYlb /tmp/sssd-softhsm2-backups-CDBYlb//etc/softhsm/softhsm2.conf 741s + original_path=/etc/softhsm/softhsm2.conf 741s + rm /etc/softhsm/softhsm2.conf 741s + mv /tmp/sssd-softhsm2-backups-CDBYlb//etc/softhsm/softhsm2.conf /etc/softhsm/softhsm2.conf 741s + for path in "${delete_paths[@]}" 741s + rm -f /etc/sssd/sssd.conf 741s + for path in "${delete_paths[@]}" 741s + rm -f /home/ubuntu/.config/softhsm2/softhsm2.conf 741s + pam-auth-update --disable sss-smart-card-optional sss-smart-card-required 742s + '[' -e /etc/sssd/sssd.conf ']' 742s + systemctl stop sssd 742s + '[' -e /etc/softhsm/softhsm2.conf ']' 742s + chmod 600 /etc/softhsm/softhsm2.conf 742s + rm -rf /tmp/sssd-softhsm2-certs-ch32yC 742s + '[' 0 = 0 ']' 742s + rm -rf /tmp/sssd-softhsm2-backups-CDBYlb 742s Script completed successfully! 742s + set +x 742s autopkgtest [00:34:16]: test sssd-smart-card-pam-auth-configs: -----------------------] 743s sssd-smart-card-pam-auth-configs PASS 743s autopkgtest [00:34:17]: test sssd-smart-card-pam-auth-configs: - - - - - - - - - - results - - - - - - - - - - 743s autopkgtest [00:34:17]: @@@@@@@@@@@@@@@@@@@@ summary 743s ldap-user-group-ldap-auth PASS 743s ldap-user-group-krb5-auth PASS 743s sssd-softhism2-certificates-tests.sh PASS 743s sssd-smart-card-pam-auth-configs PASS 748s Creating nova instance adt-noble-arm64-sssd-20240305-002154-juju-7f2275-prod-proposed-migration-environment-2 from image adt/ubuntu-noble-arm64-server-20240302.img (UUID 63f6c6b8-7f45-4d9d-b14c-17d2ba97ab6a)... 748s Creating nova instance adt-noble-arm64-sssd-20240305-002154-juju-7f2275-prod-proposed-migration-environment-2 from image adt/ubuntu-noble-arm64-server-20240302.img (UUID 63f6c6b8-7f45-4d9d-b14c-17d2ba97ab6a)...