0s autopkgtest [12:32:09]: starting date and time: 2024-03-16 12:32:09+0000 0s autopkgtest [12:32:09]: git checkout: b506e79c ssh-setup/nova: fix ARCH having two lines of data 0s autopkgtest [12:32:09]: host juju-7f2275-prod-proposed-migration-environment-2; command line: /home/ubuntu/autopkgtest/runner/autopkgtest --output-dir /tmp/autopkgtest-work.zsqlzpga/out --timeout-copy=6000 --setup-commands /home/ubuntu/autopkgtest-cloud/worker-config-production/setup-canonical.sh --apt-pocket=proposed=src:sssd,src:curl,src:gnutls28,src:libpsl,src:libtirpc,src:nettle,src:nfs-utils,src:openssl,src:orthanc-python,src:samba,src:tevent --apt-upgrade sssd --timeout-short=300 --timeout-copy=20000 --timeout-build=20000 '--env=ADT_TEST_TRIGGERS=sssd/2.9.4-1.1ubuntu3 curl/8.5.0-2ubuntu7 gnutls28/3.8.3-1.1ubuntu2 libpsl/0.21.2-1.1 libtirpc/1.3.4+ds-1.1 nettle/3.9.1-2.2 nfs-utils/1:2.6.4-3ubuntu3 openssl/3.0.13-0ubuntu1 orthanc-python/4.1+ds-2build3 samba/2:4.19.5+dfsg-4ubuntu3 tevent/0.16.1-2' -- ssh -s /home/ubuntu/autopkgtest/ssh-setup/nova -- --flavor autopkgtest --security-groups autopkgtest-juju-7f2275-prod-proposed-migration-environment-2@bos03-arm64-3.secgroup --name adt-noble-arm64-sssd-20240316-123208-juju-7f2275-prod-proposed-migration-environment-2 --image adt/ubuntu-noble-arm64-server --keyname testbed-juju-7f2275-prod-proposed-migration-environment-2 --net-id=net_prod-proposed-migration -e TERM=linux -e ''"'"'http_proxy=http://squid.internal:3128'"'"'' -e ''"'"'https_proxy=http://squid.internal:3128'"'"'' -e ''"'"'no_proxy=127.0.0.1,127.0.1.1,login.ubuntu.com,localhost,localdomain,novalocal,internal,archive.ubuntu.com,ports.ubuntu.com,security.ubuntu.com,ddebs.ubuntu.com,changelogs.ubuntu.com,launchpadlibrarian.net,launchpadcontent.net,launchpad.net,10.24.0.0/24,keystone.ps5.canonical.com,objectstorage.prodstack5.canonical.com'"'"'' --mirror=http://ftpmaster.internal/ubuntu/ 73s autopkgtest [12:33:22]: testbed dpkg architecture: arm64 73s autopkgtest [12:33:22]: testbed apt version: 2.7.12 73s autopkgtest [12:33:22]: @@@@@@@@@@@@@@@@@@@@ test bed setup 73s Get:1 http://ftpmaster.internal/ubuntu noble-proposed InRelease [117 kB] 74s Get:2 http://ftpmaster.internal/ubuntu noble-proposed/universe Sources [3650 kB] 74s Get:3 http://ftpmaster.internal/ubuntu noble-proposed/multiverse Sources [51.4 kB] 74s Get:4 http://ftpmaster.internal/ubuntu noble-proposed/main Sources [473 kB] 74s Get:5 http://ftpmaster.internal/ubuntu noble-proposed/restricted Sources [6540 B] 74s Get:6 http://ftpmaster.internal/ubuntu noble-proposed/main arm64 Packages [646 kB] 74s Get:7 http://ftpmaster.internal/ubuntu noble-proposed/main arm64 c-n-f Metadata [3144 B] 74s Get:8 http://ftpmaster.internal/ubuntu noble-proposed/restricted arm64 Packages [33.6 kB] 74s Get:9 http://ftpmaster.internal/ubuntu noble-proposed/restricted arm64 c-n-f Metadata [116 B] 74s Get:10 http://ftpmaster.internal/ubuntu noble-proposed/universe arm64 Packages [3974 kB] 74s Get:11 http://ftpmaster.internal/ubuntu noble-proposed/universe arm64 c-n-f Metadata [8528 B] 74s Get:12 http://ftpmaster.internal/ubuntu noble-proposed/multiverse arm64 Packages [55.8 kB] 74s Get:13 http://ftpmaster.internal/ubuntu noble-proposed/multiverse arm64 c-n-f Metadata [116 B] 77s Fetched 9020 kB in 2s (4491 kB/s) 77s Reading package lists... 80s Reading package lists... 81s Building dependency tree... 81s Reading state information... 81s Calculating upgrade... 82s The following packages will be REMOVED: 82s libssl3 82s The following NEW packages will be installed: 82s libssl3t64 82s The following packages have been kept back: 82s curl 82s The following packages will be upgraded: 82s libtirpc-common openssl ubuntu-minimal ubuntu-standard 82s 4 upgraded, 1 newly installed, 1 to remove and 1 not upgraded. 82s Need to get 2783 kB of archives. 82s After this operation, 72.7 kB of additional disk space will be used. 82s Get:1 http://ftpmaster.internal/ubuntu noble-proposed/main arm64 openssl arm64 3.0.13-0ubuntu1 [983 kB] 82s Get:2 http://ftpmaster.internal/ubuntu noble-proposed/main arm64 libssl3t64 arm64 3.0.13-0ubuntu1 [1770 kB] 82s Get:3 http://ftpmaster.internal/ubuntu noble-proposed/main arm64 libtirpc-common all 1.3.4+ds-1.1 [8018 B] 82s Get:4 http://ftpmaster.internal/ubuntu noble/main arm64 ubuntu-minimal arm64 1.536 [10.7 kB] 82s Get:5 http://ftpmaster.internal/ubuntu noble/main arm64 ubuntu-standard arm64 1.536 [10.7 kB] 83s Fetched 2783 kB in 1s (4122 kB/s) 83s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 74758 files and directories currently installed.) 83s Preparing to unpack .../openssl_3.0.13-0ubuntu1_arm64.deb ... 83s Unpacking openssl (3.0.13-0ubuntu1) over (3.0.10-1ubuntu4) ... 83s dpkg: libssl3:arm64: dependency problems, but removing anyway as you requested: 83s wget depends on libssl3 (>= 3.0.0). 83s u-boot-tools depends on libssl3 (>= 3.0.0). 83s tnftp depends on libssl3 (>= 3.0.0). 83s tcpdump depends on libssl3 (>= 3.0.0). 83s systemd-resolved depends on libssl3 (>= 3.0.0). 83s systemd depends on libssl3 (>= 3.0.0). 83s sudo depends on libssl3 (>= 3.0.0). 83s sbsigntool depends on libssl3 (>= 3.0.0). 83s rsync depends on libssl3 (>= 3.0.0). 83s python3-cryptography depends on libssl3 (>= 3.0.0). 83s openssh-server depends on libssl3 (>= 3.0.10). 83s openssh-client depends on libssl3 (>= 3.0.10). 83s mtd-utils depends on libssl3 (>= 3.0.0). 83s mokutil depends on libssl3 (>= 3.0.0). 83s linux-headers-6.8.0-11-generic depends on libssl3 (>= 3.0.0). 83s libsystemd-shared:arm64 depends on libssl3 (>= 3.0.0). 83s libssh-4:arm64 depends on libssl3 (>= 3.0.0). 83s libsasl2-modules:arm64 depends on libssl3 (>= 3.0.0). 83s libsasl2-2:arm64 depends on libssl3 (>= 3.0.0). 83s libpython3.12-minimal:arm64 depends on libssl3 (>= 3.0.0). 83s libnvme1 depends on libssl3 (>= 3.0.0). 83s libkrb5-3:arm64 depends on libssl3 (>= 3.0.0). 83s libkmod2:arm64 depends on libssl3 (>= 3.0.0). 83s libfido2-1:arm64 depends on libssl3 (>= 3.0.0). 83s libcurl4:arm64 depends on libssl3 (>= 3.0.0). 83s libcryptsetup12:arm64 depends on libssl3 (>= 3.0.0). 83s kmod depends on libssl3 (>= 3.0.0). 83s dhcpcd-base depends on libssl3 (>= 3.0.0). 83s bind9-libs:arm64 depends on libssl3 (>= 3.0.0). 83s 83s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 74758 files and directories currently installed.) 83s Removing libssl3:arm64 (3.0.10-1ubuntu4) ... 83s Selecting previously unselected package libssl3t64:arm64. 83s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 74747 files and directories currently installed.) 83s Preparing to unpack .../libssl3t64_3.0.13-0ubuntu1_arm64.deb ... 83s Unpacking libssl3t64:arm64 (3.0.13-0ubuntu1) ... 84s Preparing to unpack .../libtirpc-common_1.3.4+ds-1.1_all.deb ... 84s Unpacking libtirpc-common (1.3.4+ds-1.1) over (1.3.4+ds-1build1) ... 84s Preparing to unpack .../ubuntu-minimal_1.536_arm64.deb ... 84s Unpacking ubuntu-minimal (1.536) over (1.535) ... 84s Preparing to unpack .../ubuntu-standard_1.536_arm64.deb ... 84s Unpacking ubuntu-standard (1.536) over (1.535) ... 84s Setting up ubuntu-minimal (1.536) ... 84s Setting up libssl3t64:arm64 (3.0.13-0ubuntu1) ... 84s Setting up libtirpc-common (1.3.4+ds-1.1) ... 84s Setting up ubuntu-standard (1.536) ... 84s Setting up openssl (3.0.13-0ubuntu1) ... 84s Processing triggers for man-db (2.12.0-3) ... 84s Processing triggers for libc-bin (2.39-0ubuntu2) ... 85s Reading package lists... 85s Building dependency tree... 85s Reading state information... 86s 0 upgraded, 0 newly installed, 0 to remove and 1 not upgraded. 87s Hit:1 http://ftpmaster.internal/ubuntu noble InRelease 87s Hit:2 http://ftpmaster.internal/ubuntu noble-updates InRelease 87s Hit:3 http://ftpmaster.internal/ubuntu noble-security InRelease 87s Hit:4 http://ftpmaster.internal/ubuntu noble-proposed InRelease 88s Reading package lists... 88s Reading package lists... 89s Building dependency tree... 89s Reading state information... 89s Calculating upgrade... 90s The following packages have been kept back: 90s curl 90s 0 upgraded, 0 newly installed, 0 to remove and 1 not upgraded. 90s Reading package lists... 90s Building dependency tree... 90s Reading state information... 91s 0 upgraded, 0 newly installed, 0 to remove and 1 not upgraded. 93s autopkgtest [12:33:42]: testbed running kernel: Linux 6.8.0-11-generic #11-Ubuntu SMP PREEMPT_DYNAMIC Wed Feb 14 02:53:31 UTC 2024 94s autopkgtest [12:33:43]: @@@@@@@@@@@@@@@@@@@@ apt-source sssd 114s Get:1 http://ftpmaster.internal/ubuntu noble-proposed/main sssd 2.9.4-1.1ubuntu3 (dsc) [5319 B] 114s Get:2 http://ftpmaster.internal/ubuntu noble-proposed/main sssd 2.9.4-1.1ubuntu3 (tar) [7983 kB] 114s Get:3 http://ftpmaster.internal/ubuntu noble-proposed/main sssd 2.9.4-1.1ubuntu3 (asc) [833 B] 114s Get:4 http://ftpmaster.internal/ubuntu noble-proposed/main sssd 2.9.4-1.1ubuntu3 (diff) [48.6 kB] 115s gpgv: Signature made Sat Mar 16 07:03:28 2024 UTC 115s gpgv: using RSA key AC483F68DE728F43F2202FCA568D30F321B2133D 115s gpgv: issuer "steve.langasek@ubuntu.com" 115s gpgv: Can't check signature: No public key 115s dpkg-source: warning: cannot verify inline signature for ./sssd_2.9.4-1.1ubuntu3.dsc: no acceptable signature found 116s autopkgtest [12:34:05]: testing package sssd version 2.9.4-1.1ubuntu3 116s autopkgtest [12:34:05]: build not needed 118s autopkgtest [12:34:07]: test ldap-user-group-ldap-auth: preparing testbed 119s Reading package lists... 120s Building dependency tree... 120s Reading state information... 120s Starting pkgProblemResolver with broken count: 0 120s Starting 2 pkgProblemResolver with broken count: 0 120s Done 121s The following additional packages will be installed: 121s curl expect ldap-utils libavahi-client3 libavahi-common-data 121s libavahi-common3 libbasicobjects0t64 libc-ares2 libcollection4t64 libcrack2 121s libcurl4t64 libdhash1t64 libevent-2.1-7 libgnutls30t64 libhogweed6t64 121s libini-config5t64 libipa-hbac-dev libipa-hbac0t64 libjose0 libkrad0 libldb2 121s libltdl7 libnettle8t64 libnfsidmap1 libnss-sss libnss-sudo libodbc2 121s libpam-pwquality libpam-sss libpath-utils1t64 libpsl5t64 libpwquality-common 121s libpwquality1 libref-array1t64 libsmbclient0 libsss-certmap-dev 121s libsss-certmap0 libsss-idmap-dev libsss-idmap0 libsss-nss-idmap-dev 121s libsss-nss-idmap0 libsss-sudo libtalloc2 libtcl8.6 libtdb1 libtevent0t64 121s libtirpc3t64 libverto-libevent1 libverto1 libwbclient0 python3-libipa-hbac 121s python3-libsss-nss-idmap python3-sss samba-libs slapd sssd sssd-ad 121s sssd-ad-common sssd-common sssd-dbus sssd-idp sssd-ipa sssd-kcm sssd-krb5 121s sssd-krb5-common sssd-ldap sssd-passkey sssd-proxy sssd-tools tcl-expect 121s tcl8.6 121s Suggested packages: 121s tk8.6 libsasl2-modules-gssapi-mit | libsasl2-modules-gssapi-heimdal 121s gnutls-bin odbc-postgresql tdsodbc adcli libsasl2-modules-ldap 121s tcl-tclreadline 121s Recommended packages: 121s cracklib-runtime libsasl2-modules-gssapi-mit 121s | libsasl2-modules-gssapi-heimdal 121s The following packages will be REMOVED: 121s libcurl4 libgnutls30 libhogweed6 libnettle8 libpsl5 libtirpc3 121s The following NEW packages will be installed: 121s autopkgtest-satdep expect ldap-utils libavahi-client3 libavahi-common-data 121s libavahi-common3 libbasicobjects0t64 libc-ares2 libcollection4t64 libcrack2 121s libcurl4t64 libdhash1t64 libevent-2.1-7 libgnutls30t64 libhogweed6t64 121s libini-config5t64 libipa-hbac-dev libipa-hbac0t64 libjose0 libkrad0 libldb2 121s libltdl7 libnettle8t64 libnfsidmap1 libnss-sss libnss-sudo libodbc2 121s libpam-pwquality libpam-sss libpath-utils1t64 libpsl5t64 libpwquality-common 121s libpwquality1 libref-array1t64 libsmbclient0 libsss-certmap-dev 121s libsss-certmap0 libsss-idmap-dev libsss-idmap0 libsss-nss-idmap-dev 121s libsss-nss-idmap0 libsss-sudo libtalloc2 libtcl8.6 libtdb1 libtevent0t64 121s libtirpc3t64 libverto-libevent1 libverto1 libwbclient0 python3-libipa-hbac 121s python3-libsss-nss-idmap python3-sss samba-libs slapd sssd sssd-ad 121s sssd-ad-common sssd-common sssd-dbus sssd-idp sssd-ipa sssd-kcm sssd-krb5 121s sssd-krb5-common sssd-ldap sssd-passkey sssd-proxy sssd-tools tcl-expect 121s tcl8.6 121s The following packages will be upgraded: 121s curl 121s 1 upgraded, 71 newly installed, 6 to remove and 0 not upgraded. 121s Need to get 14.8 MB/14.8 MB of archives. 121s After this operation, 60.7 MB of additional disk space will be used. 121s Get:1 /tmp/autopkgtest.vUfYwY/1-autopkgtest-satdep.deb autopkgtest-satdep arm64 0 [868 B] 121s Get:2 http://ftpmaster.internal/ubuntu noble-proposed/main arm64 libpsl5t64 arm64 0.21.2-1.1 [57.4 kB] 121s Get:3 http://ftpmaster.internal/ubuntu noble-proposed/main arm64 curl arm64 8.5.0-2ubuntu7 [222 kB] 121s Get:4 http://ftpmaster.internal/ubuntu noble-proposed/main arm64 libcurl4t64 arm64 8.5.0-2ubuntu7 [332 kB] 121s Get:5 http://ftpmaster.internal/ubuntu noble-proposed/main arm64 libnettle8t64 arm64 3.9.1-2.2 [192 kB] 121s Get:6 http://ftpmaster.internal/ubuntu noble-proposed/main arm64 libhogweed6t64 arm64 3.9.1-2.2 [199 kB] 121s Get:7 http://ftpmaster.internal/ubuntu noble-proposed/main arm64 libgnutls30t64 arm64 3.8.3-1.1ubuntu2 [1042 kB] 121s Get:8 http://ftpmaster.internal/ubuntu noble-proposed/main arm64 libtirpc3t64 arm64 1.3.4+ds-1.1 [83.5 kB] 121s Get:9 http://ftpmaster.internal/ubuntu noble/main arm64 libltdl7 arm64 2.4.7-7 [40.3 kB] 121s Get:10 http://ftpmaster.internal/ubuntu noble/main arm64 libodbc2 arm64 2.3.12-1 [144 kB] 121s Get:11 http://ftpmaster.internal/ubuntu noble/main arm64 slapd arm64 2.6.7+dfsg-1~exp1ubuntu1 [1515 kB] 122s Get:12 http://ftpmaster.internal/ubuntu noble/main arm64 libtcl8.6 arm64 8.6.13+dfsg-2 [980 kB] 122s Get:13 http://ftpmaster.internal/ubuntu noble/main arm64 tcl8.6 arm64 8.6.13+dfsg-2 [14.6 kB] 122s Get:14 http://ftpmaster.internal/ubuntu noble/universe arm64 tcl-expect arm64 5.45.4-2build1 [103 kB] 122s Get:15 http://ftpmaster.internal/ubuntu noble/universe arm64 expect arm64 5.45.4-2build1 [137 kB] 122s Get:16 http://ftpmaster.internal/ubuntu noble/main arm64 ldap-utils arm64 2.6.7+dfsg-1~exp1ubuntu1 [149 kB] 122s Get:17 http://ftpmaster.internal/ubuntu noble/main arm64 libavahi-common-data arm64 0.8-13ubuntu2 [29.5 kB] 122s Get:18 http://ftpmaster.internal/ubuntu noble/main arm64 libavahi-common3 arm64 0.8-13ubuntu2 [23.2 kB] 122s Get:19 http://ftpmaster.internal/ubuntu noble/main arm64 libavahi-client3 arm64 0.8-13ubuntu2 [27.3 kB] 122s Get:20 http://ftpmaster.internal/ubuntu noble/main arm64 libbasicobjects0t64 arm64 0.6.2-2.1 [5868 B] 122s Get:21 http://ftpmaster.internal/ubuntu noble/main arm64 libcollection4t64 arm64 0.6.2-2.1 [23.5 kB] 122s Get:22 http://ftpmaster.internal/ubuntu noble/main arm64 libcrack2 arm64 2.9.6-5.1 [28.7 kB] 122s Get:23 http://ftpmaster.internal/ubuntu noble/main arm64 libdhash1t64 arm64 0.6.2-2.1 [8854 B] 122s Get:24 http://ftpmaster.internal/ubuntu noble/main arm64 libevent-2.1-7 arm64 2.1.12-stable-9 [138 kB] 122s Get:25 http://ftpmaster.internal/ubuntu noble/main arm64 libpath-utils1t64 arm64 0.6.2-2.1 [9090 B] 122s Get:26 http://ftpmaster.internal/ubuntu noble/main arm64 libref-array1t64 arm64 0.6.2-2.1 [7348 B] 122s Get:27 http://ftpmaster.internal/ubuntu noble/main arm64 libini-config5t64 arm64 0.6.2-2.1 [44.6 kB] 122s Get:28 http://ftpmaster.internal/ubuntu noble-proposed/main arm64 libipa-hbac0t64 arm64 2.9.4-1.1ubuntu3 [16.9 kB] 122s Get:29 http://ftpmaster.internal/ubuntu noble/universe arm64 libjose0 arm64 11-3 [44.1 kB] 122s Get:30 http://ftpmaster.internal/ubuntu noble/main arm64 libverto-libevent1 arm64 0.3.1-1ubuntu5 [5848 B] 122s Get:31 http://ftpmaster.internal/ubuntu noble/main arm64 libverto1 arm64 0.3.1-1ubuntu5 [10.2 kB] 122s Get:32 http://ftpmaster.internal/ubuntu noble/main arm64 libkrad0 arm64 1.20.1-5build1 [22.1 kB] 122s Get:33 http://ftpmaster.internal/ubuntu noble/main arm64 libtalloc2 arm64 2.4.2-1 [26.6 kB] 122s Get:34 http://ftpmaster.internal/ubuntu noble/main arm64 libtdb1 arm64 1.4.10-1 [48.4 kB] 122s Get:35 http://ftpmaster.internal/ubuntu noble-proposed/main arm64 libtevent0t64 arm64 0.16.1-2 [42.2 kB] 122s Get:36 http://ftpmaster.internal/ubuntu noble-proposed/main arm64 libldb2 arm64 2:2.8.0+samba4.19.5+dfsg-4ubuntu3 [188 kB] 122s Get:37 http://ftpmaster.internal/ubuntu noble-proposed/main arm64 libnfsidmap1 arm64 1:2.6.4-3ubuntu3 [48.1 kB] 122s Get:38 http://ftpmaster.internal/ubuntu noble/universe arm64 libnss-sudo all 1.9.15p5-3ubuntu1 [14.9 kB] 122s Get:39 http://ftpmaster.internal/ubuntu noble/main arm64 libpwquality-common all 1.4.5-3 [7658 B] 122s Get:40 http://ftpmaster.internal/ubuntu noble/main arm64 libpwquality1 arm64 1.4.5-3 [13.2 kB] 122s Get:41 http://ftpmaster.internal/ubuntu noble/main arm64 libpam-pwquality arm64 1.4.5-3 [11.6 kB] 122s Get:42 http://ftpmaster.internal/ubuntu noble-proposed/main arm64 libwbclient0 arm64 2:4.19.5+dfsg-4ubuntu3 [71.2 kB] 122s Get:43 http://ftpmaster.internal/ubuntu noble-proposed/main arm64 samba-libs arm64 2:4.19.5+dfsg-4ubuntu3 [6061 kB] 122s Get:44 http://ftpmaster.internal/ubuntu noble-proposed/main arm64 libsmbclient0 arm64 2:4.19.5+dfsg-4ubuntu3 [62.1 kB] 122s Get:45 http://ftpmaster.internal/ubuntu noble-proposed/main arm64 libnss-sss arm64 2.9.4-1.1ubuntu3 [31.8 kB] 122s Get:46 http://ftpmaster.internal/ubuntu noble-proposed/main arm64 libpam-sss arm64 2.9.4-1.1ubuntu3 [48.9 kB] 122s Get:47 http://ftpmaster.internal/ubuntu noble-proposed/main arm64 python3-sss arm64 2.9.4-1.1ubuntu3 [46.6 kB] 122s Get:48 http://ftpmaster.internal/ubuntu noble/main arm64 libc-ares2 arm64 1.27.0-1 [74.1 kB] 122s Get:49 http://ftpmaster.internal/ubuntu noble-proposed/main arm64 libsss-certmap0 arm64 2.9.4-1.1ubuntu3 [46.0 kB] 122s Get:50 http://ftpmaster.internal/ubuntu noble-proposed/main arm64 libsss-idmap0 arm64 2.9.4-1.1ubuntu3 [22.0 kB] 122s Get:51 http://ftpmaster.internal/ubuntu noble-proposed/main arm64 libsss-nss-idmap0 arm64 2.9.4-1.1ubuntu3 [30.5 kB] 122s Get:52 http://ftpmaster.internal/ubuntu noble-proposed/main arm64 sssd-common arm64 2.9.4-1.1ubuntu3 [1147 kB] 123s Get:53 http://ftpmaster.internal/ubuntu noble-proposed/universe arm64 sssd-idp arm64 2.9.4-1.1ubuntu3 [27.9 kB] 123s Get:54 http://ftpmaster.internal/ubuntu noble-proposed/universe arm64 sssd-passkey arm64 2.9.4-1.1ubuntu3 [32.7 kB] 123s Get:55 http://ftpmaster.internal/ubuntu noble-proposed/main arm64 sssd-ad-common arm64 2.9.4-1.1ubuntu3 [75.5 kB] 123s Get:56 http://ftpmaster.internal/ubuntu noble-proposed/main arm64 sssd-krb5-common arm64 2.9.4-1.1ubuntu3 [87.8 kB] 123s Get:57 http://ftpmaster.internal/ubuntu noble-proposed/main arm64 sssd-ad arm64 2.9.4-1.1ubuntu3 [134 kB] 123s Get:58 http://ftpmaster.internal/ubuntu noble-proposed/main arm64 sssd-ipa arm64 2.9.4-1.1ubuntu3 [220 kB] 123s Get:59 http://ftpmaster.internal/ubuntu noble-proposed/main arm64 sssd-krb5 arm64 2.9.4-1.1ubuntu3 [14.3 kB] 123s Get:60 http://ftpmaster.internal/ubuntu noble-proposed/main arm64 sssd-ldap arm64 2.9.4-1.1ubuntu3 [31.3 kB] 123s Get:61 http://ftpmaster.internal/ubuntu noble-proposed/main arm64 sssd-proxy arm64 2.9.4-1.1ubuntu3 [44.6 kB] 123s Get:62 http://ftpmaster.internal/ubuntu noble-proposed/main arm64 sssd arm64 2.9.4-1.1ubuntu3 [4120 B] 123s Get:63 http://ftpmaster.internal/ubuntu noble-proposed/main arm64 sssd-dbus arm64 2.9.4-1.1ubuntu3 [103 kB] 123s Get:64 http://ftpmaster.internal/ubuntu noble-proposed/universe arm64 sssd-kcm arm64 2.9.4-1.1ubuntu3 [139 kB] 123s Get:65 http://ftpmaster.internal/ubuntu noble-proposed/main arm64 sssd-tools arm64 2.9.4-1.1ubuntu3 [97.5 kB] 123s Get:66 http://ftpmaster.internal/ubuntu noble-proposed/main arm64 libipa-hbac-dev arm64 2.9.4-1.1ubuntu3 [6668 B] 123s Get:67 http://ftpmaster.internal/ubuntu noble-proposed/main arm64 libsss-certmap-dev arm64 2.9.4-1.1ubuntu3 [5726 B] 123s Get:68 http://ftpmaster.internal/ubuntu noble-proposed/main arm64 libsss-idmap-dev arm64 2.9.4-1.1ubuntu3 [8380 B] 123s Get:69 http://ftpmaster.internal/ubuntu noble-proposed/main arm64 libsss-nss-idmap-dev arm64 2.9.4-1.1ubuntu3 [6710 B] 123s Get:70 http://ftpmaster.internal/ubuntu noble-proposed/universe arm64 libsss-sudo arm64 2.9.4-1.1ubuntu3 [20.5 kB] 123s Get:71 http://ftpmaster.internal/ubuntu noble-proposed/universe arm64 python3-libipa-hbac arm64 2.9.4-1.1ubuntu3 [16.6 kB] 123s Get:72 http://ftpmaster.internal/ubuntu noble-proposed/universe arm64 python3-libsss-nss-idmap arm64 2.9.4-1.1ubuntu3 [9142 B] 123s Preconfiguring packages ... 123s Fetched 14.8 MB in 2s (7551 kB/s) 123s dpkg: libpsl5:arm64: dependency problems, but removing anyway as you requested: 123s wget depends on libpsl5 (>= 0.16.0). 123s libcurl4:arm64 depends on libpsl5 (>= 0.16.0). 123s libcurl3-gnutls:arm64 depends on libpsl5 (>= 0.16.0). 123s 123s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 74760 files and directories currently installed.) 123s Removing libpsl5:arm64 (0.21.2-1build1) ... 123s Selecting previously unselected package libpsl5t64:arm64. 124s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 74755 files and directories currently installed.) 124s Preparing to unpack .../libpsl5t64_0.21.2-1.1_arm64.deb ... 124s Unpacking libpsl5t64:arm64 (0.21.2-1.1) ... 124s Preparing to unpack .../curl_8.5.0-2ubuntu7_arm64.deb ... 124s Unpacking curl (8.5.0-2ubuntu7) over (8.5.0-2ubuntu2) ... 124s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 74761 files and directories currently installed.) 124s Removing libcurl4:arm64 (8.5.0-2ubuntu2) ... 124s Selecting previously unselected package libcurl4t64:arm64. 124s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 74756 files and directories currently installed.) 124s Preparing to unpack .../libcurl4t64_8.5.0-2ubuntu7_arm64.deb ... 124s Unpacking libcurl4t64:arm64 (8.5.0-2ubuntu7) ... 124s dpkg: libnettle8:arm64: dependency problems, but removing anyway as you requested: 124s librtmp1:arm64 depends on libnettle8. 124s libhogweed6:arm64 depends on libnettle8. 124s libgnutls30:arm64 depends on libnettle8 (>= 3.9~). 124s libcurl3-gnutls:arm64 depends on libnettle8. 124s libarchive13:arm64 depends on libnettle8. 124s 124s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 74762 files and directories currently installed.) 124s Removing libnettle8:arm64 (3.9.1-2) ... 124s Selecting previously unselected package libnettle8t64:arm64. 124s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 74755 files and directories currently installed.) 124s Preparing to unpack .../libnettle8t64_3.9.1-2.2_arm64.deb ... 124s Unpacking libnettle8t64:arm64 (3.9.1-2.2) ... 124s dpkg: libhogweed6:arm64: dependency problems, but removing anyway as you requested: 124s librtmp1:arm64 depends on libhogweed6. 124s libjcat1:arm64 depends on libhogweed6. 124s libgnutls30:arm64 depends on libhogweed6 (>= 3.6). 124s 124s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 74763 files and directories currently installed.) 124s Removing libhogweed6:arm64 (3.9.1-2) ... 124s Selecting previously unselected package libhogweed6t64:arm64. 124s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 74758 files and directories currently installed.) 124s Preparing to unpack .../libhogweed6t64_3.9.1-2.2_arm64.deb ... 124s Unpacking libhogweed6t64:arm64 (3.9.1-2.2) ... 124s dpkg: libgnutls30:arm64: dependency problems, but removing anyway as you requested: 124s u-boot-tools depends on libgnutls30 (>= 3.7.3). 124s librtmp1:arm64 depends on libgnutls30 (>= 3.7.2). 124s libldap2:arm64 depends on libgnutls30 (>= 3.8.2). 124s libjcat1:arm64 depends on libgnutls30 (>= 3.7.3). 124s libcurl3-gnutls:arm64 depends on libgnutls30 (>= 3.8.2). 124s fwupd depends on libgnutls30 (>= 3.7.3). 124s dirmngr depends on libgnutls30 (>= 3.8.1). 124s apt depends on libgnutls30 (>= 3.8.1). 124s 124s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 74764 files and directories currently installed.) 124s Removing libgnutls30:arm64 (3.8.3-1ubuntu1) ... 124s Selecting previously unselected package libgnutls30t64:arm64. 124s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 74755 files and directories currently installed.) 124s Preparing to unpack .../libgnutls30t64_3.8.3-1.1ubuntu2_arm64.deb ... 124s Unpacking libgnutls30t64:arm64 (3.8.3-1.1ubuntu2) ... 124s Setting up libnettle8t64:arm64 (3.9.1-2.2) ... 124s Setting up libhogweed6t64:arm64 (3.9.1-2.2) ... 124s Setting up libgnutls30t64:arm64 (3.8.3-1.1ubuntu2) ... 124s dpkg: libtirpc3:arm64: dependency problems, but removing anyway as you requested: 124s lsof depends on libtirpc3 (>= 1.0.2). 124s libpython3.12-stdlib:arm64 depends on libtirpc3 (>= 1.0.2). 124s libnss-nisplus:arm64 depends on libtirpc3 (>= 1.0.2). 124s libnsl2:arm64 depends on libtirpc3 (>= 1.0.2). 124s iproute2 depends on libtirpc3 (>= 1.0.2). 124s 124s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 74783 files and directories currently installed.) 124s Removing libtirpc3:arm64 (1.3.4+ds-1build1) ... 124s Selecting previously unselected package libtirpc3t64:arm64. 124s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 74777 files and directories currently installed.) 124s Preparing to unpack .../00-libtirpc3t64_1.3.4+ds-1.1_arm64.deb ... 124s Adding 'diversion of /lib/aarch64-linux-gnu/libtirpc.so.3 to /lib/aarch64-linux-gnu/libtirpc.so.3.usr-is-merged by libtirpc3t64' 124s Adding 'diversion of /lib/aarch64-linux-gnu/libtirpc.so.3.0.0 to /lib/aarch64-linux-gnu/libtirpc.so.3.0.0.usr-is-merged by libtirpc3t64' 124s Unpacking libtirpc3t64:arm64 (1.3.4+ds-1.1) ... 124s Selecting previously unselected package libltdl7:arm64. 124s Preparing to unpack .../01-libltdl7_2.4.7-7_arm64.deb ... 124s Unpacking libltdl7:arm64 (2.4.7-7) ... 124s Selecting previously unselected package libodbc2:arm64. 124s Preparing to unpack .../02-libodbc2_2.3.12-1_arm64.deb ... 124s Unpacking libodbc2:arm64 (2.3.12-1) ... 124s Selecting previously unselected package slapd. 124s Preparing to unpack .../03-slapd_2.6.7+dfsg-1~exp1ubuntu1_arm64.deb ... 125s Unpacking slapd (2.6.7+dfsg-1~exp1ubuntu1) ... 125s Selecting previously unselected package libtcl8.6:arm64. 125s Preparing to unpack .../04-libtcl8.6_8.6.13+dfsg-2_arm64.deb ... 125s Unpacking libtcl8.6:arm64 (8.6.13+dfsg-2) ... 125s Selecting previously unselected package tcl8.6. 125s Preparing to unpack .../05-tcl8.6_8.6.13+dfsg-2_arm64.deb ... 125s Unpacking tcl8.6 (8.6.13+dfsg-2) ... 125s Selecting previously unselected package tcl-expect:arm64. 125s Preparing to unpack .../06-tcl-expect_5.45.4-2build1_arm64.deb ... 125s Unpacking tcl-expect:arm64 (5.45.4-2build1) ... 125s Selecting previously unselected package expect. 125s Preparing to unpack .../07-expect_5.45.4-2build1_arm64.deb ... 125s Unpacking expect (5.45.4-2build1) ... 125s Selecting previously unselected package ldap-utils. 125s Preparing to unpack .../08-ldap-utils_2.6.7+dfsg-1~exp1ubuntu1_arm64.deb ... 125s Unpacking ldap-utils (2.6.7+dfsg-1~exp1ubuntu1) ... 125s Selecting previously unselected package libavahi-common-data:arm64. 125s Preparing to unpack .../09-libavahi-common-data_0.8-13ubuntu2_arm64.deb ... 125s Unpacking libavahi-common-data:arm64 (0.8-13ubuntu2) ... 125s Selecting previously unselected package libavahi-common3:arm64. 125s Preparing to unpack .../10-libavahi-common3_0.8-13ubuntu2_arm64.deb ... 125s Unpacking libavahi-common3:arm64 (0.8-13ubuntu2) ... 125s Selecting previously unselected package libavahi-client3:arm64. 125s Preparing to unpack .../11-libavahi-client3_0.8-13ubuntu2_arm64.deb ... 125s Unpacking libavahi-client3:arm64 (0.8-13ubuntu2) ... 125s Selecting previously unselected package libbasicobjects0t64:arm64. 125s Preparing to unpack .../12-libbasicobjects0t64_0.6.2-2.1_arm64.deb ... 125s Unpacking libbasicobjects0t64:arm64 (0.6.2-2.1) ... 125s Selecting previously unselected package libcollection4t64:arm64. 125s Preparing to unpack .../13-libcollection4t64_0.6.2-2.1_arm64.deb ... 125s Unpacking libcollection4t64:arm64 (0.6.2-2.1) ... 125s Selecting previously unselected package libcrack2:arm64. 125s Preparing to unpack .../14-libcrack2_2.9.6-5.1_arm64.deb ... 125s Unpacking libcrack2:arm64 (2.9.6-5.1) ... 125s Selecting previously unselected package libdhash1t64:arm64. 125s Preparing to unpack .../15-libdhash1t64_0.6.2-2.1_arm64.deb ... 125s Unpacking libdhash1t64:arm64 (0.6.2-2.1) ... 125s Selecting previously unselected package libevent-2.1-7:arm64. 125s Preparing to unpack .../16-libevent-2.1-7_2.1.12-stable-9_arm64.deb ... 125s Unpacking libevent-2.1-7:arm64 (2.1.12-stable-9) ... 125s Selecting previously unselected package libpath-utils1t64:arm64. 125s Preparing to unpack .../17-libpath-utils1t64_0.6.2-2.1_arm64.deb ... 125s Unpacking libpath-utils1t64:arm64 (0.6.2-2.1) ... 125s Selecting previously unselected package libref-array1t64:arm64. 125s Preparing to unpack .../18-libref-array1t64_0.6.2-2.1_arm64.deb ... 125s Unpacking libref-array1t64:arm64 (0.6.2-2.1) ... 125s Selecting previously unselected package libini-config5t64:arm64. 125s Preparing to unpack .../19-libini-config5t64_0.6.2-2.1_arm64.deb ... 125s Unpacking libini-config5t64:arm64 (0.6.2-2.1) ... 125s Selecting previously unselected package libipa-hbac0t64. 125s Preparing to unpack .../20-libipa-hbac0t64_2.9.4-1.1ubuntu3_arm64.deb ... 125s Unpacking libipa-hbac0t64 (2.9.4-1.1ubuntu3) ... 125s Selecting previously unselected package libjose0:arm64. 125s Preparing to unpack .../21-libjose0_11-3_arm64.deb ... 125s Unpacking libjose0:arm64 (11-3) ... 125s Selecting previously unselected package libverto-libevent1:arm64. 125s Preparing to unpack .../22-libverto-libevent1_0.3.1-1ubuntu5_arm64.deb ... 125s Unpacking libverto-libevent1:arm64 (0.3.1-1ubuntu5) ... 125s Selecting previously unselected package libverto1:arm64. 125s Preparing to unpack .../23-libverto1_0.3.1-1ubuntu5_arm64.deb ... 125s Unpacking libverto1:arm64 (0.3.1-1ubuntu5) ... 125s Selecting previously unselected package libkrad0:arm64. 125s Preparing to unpack .../24-libkrad0_1.20.1-5build1_arm64.deb ... 125s Unpacking libkrad0:arm64 (1.20.1-5build1) ... 126s Selecting previously unselected package libtalloc2:arm64. 126s Preparing to unpack .../25-libtalloc2_2.4.2-1_arm64.deb ... 126s Unpacking libtalloc2:arm64 (2.4.2-1) ... 126s Selecting previously unselected package libtdb1:arm64. 126s Preparing to unpack .../26-libtdb1_1.4.10-1_arm64.deb ... 126s Unpacking libtdb1:arm64 (1.4.10-1) ... 126s Selecting previously unselected package libtevent0t64:arm64. 126s Preparing to unpack .../27-libtevent0t64_0.16.1-2_arm64.deb ... 126s Unpacking libtevent0t64:arm64 (0.16.1-2) ... 126s Selecting previously unselected package libldb2:arm64. 126s Preparing to unpack .../28-libldb2_2%3a2.8.0+samba4.19.5+dfsg-4ubuntu3_arm64.deb ... 126s Unpacking libldb2:arm64 (2:2.8.0+samba4.19.5+dfsg-4ubuntu3) ... 126s Selecting previously unselected package libnfsidmap1:arm64. 126s Preparing to unpack .../29-libnfsidmap1_1%3a2.6.4-3ubuntu3_arm64.deb ... 126s Unpacking libnfsidmap1:arm64 (1:2.6.4-3ubuntu3) ... 126s Selecting previously unselected package libnss-sudo. 126s Preparing to unpack .../30-libnss-sudo_1.9.15p5-3ubuntu1_all.deb ... 126s Unpacking libnss-sudo (1.9.15p5-3ubuntu1) ... 126s Selecting previously unselected package libpwquality-common. 126s Preparing to unpack .../31-libpwquality-common_1.4.5-3_all.deb ... 126s Unpacking libpwquality-common (1.4.5-3) ... 126s Selecting previously unselected package libpwquality1:arm64. 126s Preparing to unpack .../32-libpwquality1_1.4.5-3_arm64.deb ... 126s Unpacking libpwquality1:arm64 (1.4.5-3) ... 126s Selecting previously unselected package libpam-pwquality:arm64. 126s Preparing to unpack .../33-libpam-pwquality_1.4.5-3_arm64.deb ... 126s Unpacking libpam-pwquality:arm64 (1.4.5-3) ... 126s Selecting previously unselected package libwbclient0:arm64. 126s Preparing to unpack .../34-libwbclient0_2%3a4.19.5+dfsg-4ubuntu3_arm64.deb ... 126s Unpacking libwbclient0:arm64 (2:4.19.5+dfsg-4ubuntu3) ... 126s Selecting previously unselected package samba-libs:arm64. 126s Preparing to unpack .../35-samba-libs_2%3a4.19.5+dfsg-4ubuntu3_arm64.deb ... 126s Unpacking samba-libs:arm64 (2:4.19.5+dfsg-4ubuntu3) ... 126s Selecting previously unselected package libsmbclient0:arm64. 126s Preparing to unpack .../36-libsmbclient0_2%3a4.19.5+dfsg-4ubuntu3_arm64.deb ... 126s Unpacking libsmbclient0:arm64 (2:4.19.5+dfsg-4ubuntu3) ... 126s Selecting previously unselected package libnss-sss:arm64. 126s Preparing to unpack .../37-libnss-sss_2.9.4-1.1ubuntu3_arm64.deb ... 126s Unpacking libnss-sss:arm64 (2.9.4-1.1ubuntu3) ... 126s Selecting previously unselected package libpam-sss:arm64. 126s Preparing to unpack .../38-libpam-sss_2.9.4-1.1ubuntu3_arm64.deb ... 126s Unpacking libpam-sss:arm64 (2.9.4-1.1ubuntu3) ... 126s Selecting previously unselected package python3-sss. 126s Preparing to unpack .../39-python3-sss_2.9.4-1.1ubuntu3_arm64.deb ... 126s Unpacking python3-sss (2.9.4-1.1ubuntu3) ... 126s Selecting previously unselected package libc-ares2:arm64. 126s Preparing to unpack .../40-libc-ares2_1.27.0-1_arm64.deb ... 126s Unpacking libc-ares2:arm64 (1.27.0-1) ... 126s Selecting previously unselected package libsss-certmap0. 126s Preparing to unpack .../41-libsss-certmap0_2.9.4-1.1ubuntu3_arm64.deb ... 126s Unpacking libsss-certmap0 (2.9.4-1.1ubuntu3) ... 126s Selecting previously unselected package libsss-idmap0. 126s Preparing to unpack .../42-libsss-idmap0_2.9.4-1.1ubuntu3_arm64.deb ... 126s Unpacking libsss-idmap0 (2.9.4-1.1ubuntu3) ... 126s Selecting previously unselected package libsss-nss-idmap0. 126s Preparing to unpack .../43-libsss-nss-idmap0_2.9.4-1.1ubuntu3_arm64.deb ... 126s Unpacking libsss-nss-idmap0 (2.9.4-1.1ubuntu3) ... 126s Selecting previously unselected package sssd-common. 126s Preparing to unpack .../44-sssd-common_2.9.4-1.1ubuntu3_arm64.deb ... 126s Unpacking sssd-common (2.9.4-1.1ubuntu3) ... 126s Selecting previously unselected package sssd-idp. 126s Preparing to unpack .../45-sssd-idp_2.9.4-1.1ubuntu3_arm64.deb ... 126s Unpacking sssd-idp (2.9.4-1.1ubuntu3) ... 126s Selecting previously unselected package sssd-passkey. 126s Preparing to unpack .../46-sssd-passkey_2.9.4-1.1ubuntu3_arm64.deb ... 126s Unpacking sssd-passkey (2.9.4-1.1ubuntu3) ... 126s Selecting previously unselected package sssd-ad-common. 126s Preparing to unpack .../47-sssd-ad-common_2.9.4-1.1ubuntu3_arm64.deb ... 126s Unpacking sssd-ad-common (2.9.4-1.1ubuntu3) ... 126s Selecting previously unselected package sssd-krb5-common. 127s Preparing to unpack .../48-sssd-krb5-common_2.9.4-1.1ubuntu3_arm64.deb ... 127s Unpacking sssd-krb5-common (2.9.4-1.1ubuntu3) ... 127s Selecting previously unselected package sssd-ad. 127s Preparing to unpack .../49-sssd-ad_2.9.4-1.1ubuntu3_arm64.deb ... 127s Unpacking sssd-ad (2.9.4-1.1ubuntu3) ... 127s Selecting previously unselected package sssd-ipa. 127s Preparing to unpack .../50-sssd-ipa_2.9.4-1.1ubuntu3_arm64.deb ... 127s Unpacking sssd-ipa (2.9.4-1.1ubuntu3) ... 127s Selecting previously unselected package sssd-krb5. 127s Preparing to unpack .../51-sssd-krb5_2.9.4-1.1ubuntu3_arm64.deb ... 127s Unpacking sssd-krb5 (2.9.4-1.1ubuntu3) ... 127s Selecting previously unselected package sssd-ldap. 127s Preparing to unpack .../52-sssd-ldap_2.9.4-1.1ubuntu3_arm64.deb ... 127s Unpacking sssd-ldap (2.9.4-1.1ubuntu3) ... 127s Selecting previously unselected package sssd-proxy. 127s Preparing to unpack .../53-sssd-proxy_2.9.4-1.1ubuntu3_arm64.deb ... 127s Unpacking sssd-proxy (2.9.4-1.1ubuntu3) ... 127s Selecting previously unselected package sssd. 127s Preparing to unpack .../54-sssd_2.9.4-1.1ubuntu3_arm64.deb ... 127s Unpacking sssd (2.9.4-1.1ubuntu3) ... 127s Selecting previously unselected package sssd-dbus. 127s Preparing to unpack .../55-sssd-dbus_2.9.4-1.1ubuntu3_arm64.deb ... 127s Unpacking sssd-dbus (2.9.4-1.1ubuntu3) ... 127s Selecting previously unselected package sssd-kcm. 127s Preparing to unpack .../56-sssd-kcm_2.9.4-1.1ubuntu3_arm64.deb ... 127s Unpacking sssd-kcm (2.9.4-1.1ubuntu3) ... 127s Selecting previously unselected package sssd-tools. 127s Preparing to unpack .../57-sssd-tools_2.9.4-1.1ubuntu3_arm64.deb ... 127s Unpacking sssd-tools (2.9.4-1.1ubuntu3) ... 127s Selecting previously unselected package libipa-hbac-dev. 127s Preparing to unpack .../58-libipa-hbac-dev_2.9.4-1.1ubuntu3_arm64.deb ... 127s Unpacking libipa-hbac-dev (2.9.4-1.1ubuntu3) ... 127s Selecting previously unselected package libsss-certmap-dev. 127s Preparing to unpack .../59-libsss-certmap-dev_2.9.4-1.1ubuntu3_arm64.deb ... 127s Unpacking libsss-certmap-dev (2.9.4-1.1ubuntu3) ... 127s Selecting previously unselected package libsss-idmap-dev. 127s Preparing to unpack .../60-libsss-idmap-dev_2.9.4-1.1ubuntu3_arm64.deb ... 127s Unpacking libsss-idmap-dev (2.9.4-1.1ubuntu3) ... 127s Selecting previously unselected package libsss-nss-idmap-dev. 127s Preparing to unpack .../61-libsss-nss-idmap-dev_2.9.4-1.1ubuntu3_arm64.deb ... 127s Unpacking libsss-nss-idmap-dev (2.9.4-1.1ubuntu3) ... 127s Selecting previously unselected package libsss-sudo. 127s Preparing to unpack .../62-libsss-sudo_2.9.4-1.1ubuntu3_arm64.deb ... 127s Unpacking libsss-sudo (2.9.4-1.1ubuntu3) ... 127s Selecting previously unselected package python3-libipa-hbac. 127s Preparing to unpack .../63-python3-libipa-hbac_2.9.4-1.1ubuntu3_arm64.deb ... 127s Unpacking python3-libipa-hbac (2.9.4-1.1ubuntu3) ... 127s Selecting previously unselected package python3-libsss-nss-idmap. 127s Preparing to unpack .../64-python3-libsss-nss-idmap_2.9.4-1.1ubuntu3_arm64.deb ... 127s Unpacking python3-libsss-nss-idmap (2.9.4-1.1ubuntu3) ... 127s Selecting previously unselected package autopkgtest-satdep. 127s Preparing to unpack .../65-1-autopkgtest-satdep.deb ... 127s Unpacking autopkgtest-satdep (0) ... 127s Setting up libpwquality-common (1.4.5-3) ... 127s Setting up libnfsidmap1:arm64 (1:2.6.4-3ubuntu3) ... 127s Setting up libsss-idmap0 (2.9.4-1.1ubuntu3) ... 127s Setting up libbasicobjects0t64:arm64 (0.6.2-2.1) ... 127s Setting up libipa-hbac0t64 (2.9.4-1.1ubuntu3) ... 127s Setting up libtirpc3t64:arm64 (1.3.4+ds-1.1) ... 127s Setting up libsss-idmap-dev (2.9.4-1.1ubuntu3) ... 127s Setting up libref-array1t64:arm64 (0.6.2-2.1) ... 127s Setting up libipa-hbac-dev (2.9.4-1.1ubuntu3) ... 127s Setting up libtdb1:arm64 (1.4.10-1) ... 127s Setting up libcollection4t64:arm64 (0.6.2-2.1) ... 127s Setting up libpsl5t64:arm64 (0.21.2-1.1) ... 127s Setting up libc-ares2:arm64 (1.27.0-1) ... 127s Setting up ldap-utils (2.6.7+dfsg-1~exp1ubuntu1) ... 127s Setting up libjose0:arm64 (11-3) ... 127s Setting up libwbclient0:arm64 (2:4.19.5+dfsg-4ubuntu3) ... 127s Setting up libtalloc2:arm64 (2.4.2-1) ... 127s Setting up libpath-utils1t64:arm64 (0.6.2-2.1) ... 127s Setting up libavahi-common-data:arm64 (0.8-13ubuntu2) ... 127s Setting up libdhash1t64:arm64 (0.6.2-2.1) ... 127s Setting up libevent-2.1-7:arm64 (2.1.12-stable-9) ... 127s Setting up libtcl8.6:arm64 (8.6.13+dfsg-2) ... 127s Setting up libltdl7:arm64 (2.4.7-7) ... 127s Setting up libcrack2:arm64 (2.9.6-5.1) ... 127s Setting up libodbc2:arm64 (2.3.12-1) ... 127s Setting up python3-libipa-hbac (2.9.4-1.1ubuntu3) ... 127s Setting up libnss-sudo (1.9.15p5-3ubuntu1) ... 127s Setting up libsss-nss-idmap0 (2.9.4-1.1ubuntu3) ... 127s Setting up libini-config5t64:arm64 (0.6.2-2.1) ... 127s Setting up libtevent0t64:arm64 (0.16.1-2) ... 127s Setting up libnss-sss:arm64 (2.9.4-1.1ubuntu3) ... 127s Setting up slapd (2.6.7+dfsg-1~exp1ubuntu1) ... 128s Creating new user openldap... done. 128s Creating initial configuration... done. 128s Creating LDAP directory... done. 129s Setting up tcl8.6 (8.6.13+dfsg-2) ... 129s Setting up libcurl4t64:arm64 (8.5.0-2ubuntu7) ... 129s Setting up libsss-sudo (2.9.4-1.1ubuntu3) ... 129s Setting up libsss-nss-idmap-dev (2.9.4-1.1ubuntu3) ... 129s Setting up libavahi-common3:arm64 (0.8-13ubuntu2) ... 129s Setting up tcl-expect:arm64 (5.45.4-2build1) ... 129s Setting up libsss-certmap0 (2.9.4-1.1ubuntu3) ... 129s Setting up libpwquality1:arm64 (1.4.5-3) ... 129s Setting up python3-libsss-nss-idmap (2.9.4-1.1ubuntu3) ... 129s Setting up curl (8.5.0-2ubuntu7) ... 129s Setting up libldb2:arm64 (2:2.8.0+samba4.19.5+dfsg-4ubuntu3) ... 129s Setting up libavahi-client3:arm64 (0.8-13ubuntu2) ... 129s Setting up expect (5.45.4-2build1) ... 129s Setting up libpam-pwquality:arm64 (1.4.5-3) ... 129s Setting up samba-libs:arm64 (2:4.19.5+dfsg-4ubuntu3) ... 129s Setting up libsss-certmap-dev (2.9.4-1.1ubuntu3) ... 129s Setting up python3-sss (2.9.4-1.1ubuntu3) ... 129s Setting up libsmbclient0:arm64 (2:4.19.5+dfsg-4ubuntu3) ... 129s Setting up libpam-sss:arm64 (2.9.4-1.1ubuntu3) ... 129s Setting up sssd-common (2.9.4-1.1ubuntu3) ... 129s Creating SSSD system user & group... 129s warn: The home directory `/var/lib/sss' already exists. Not touching this directory. 129s warn: Warning: The home directory `/var/lib/sss' does not belong to the user you are currently creating. 129s Warning: found usr.sbin.sssd in /etc/apparmor.d/force-complain, forcing complain mode 129s Warning from /etc/apparmor.d/usr.sbin.sssd (/etc/apparmor.d/usr.sbin.sssd line 63): Caching disabled for: 'usr.sbin.sssd' due to force complain 130s Created symlink /etc/systemd/system/sssd.service.wants/sssd-autofs.socket → /usr/lib/systemd/system/sssd-autofs.socket. 130s Created symlink /etc/systemd/system/sssd.service.wants/sssd-nss.socket → /usr/lib/systemd/system/sssd-nss.socket. 130s Created symlink /etc/systemd/system/sssd.service.wants/sssd-pam-priv.socket → /usr/lib/systemd/system/sssd-pam-priv.socket. 130s Created symlink /etc/systemd/system/sssd.service.wants/sssd-pam.socket → /usr/lib/systemd/system/sssd-pam.socket. 131s Created symlink /etc/systemd/system/sssd.service.wants/sssd-ssh.socket → /usr/lib/systemd/system/sssd-ssh.socket. 131s Created symlink /etc/systemd/system/sssd.service.wants/sssd-sudo.socket → /usr/lib/systemd/system/sssd-sudo.socket. 131s Created symlink /etc/systemd/system/multi-user.target.wants/sssd.service → /usr/lib/systemd/system/sssd.service. 131s sssd-autofs.service is a disabled or a static unit, not starting it. 131s sssd-nss.service is a disabled or a static unit, not starting it. 131s sssd-pam.service is a disabled or a static unit, not starting it. 131s sssd-ssh.service is a disabled or a static unit, not starting it. 131s sssd-sudo.service is a disabled or a static unit, not starting it. 132s Could not execute systemctl: at /usr/bin/deb-systemd-invoke line 148. 132s Setting up sssd-proxy (2.9.4-1.1ubuntu3) ... 132s Setting up sssd-kcm (2.9.4-1.1ubuntu3) ... 132s Created symlink /etc/systemd/system/sockets.target.wants/sssd-kcm.socket → /usr/lib/systemd/system/sssd-kcm.socket. 132s sssd-kcm.service is a disabled or a static unit, not starting it. 132s Setting up sssd-dbus (2.9.4-1.1ubuntu3) ... 132s sssd-ifp.service is a disabled or a static unit, not starting it. 132s Setting up sssd-ad-common (2.9.4-1.1ubuntu3) ... 132s Created symlink /etc/systemd/system/sssd.service.wants/sssd-pac.socket → /usr/lib/systemd/system/sssd-pac.socket. 133s sssd-pac.service is a disabled or a static unit, not starting it. 133s Could not execute systemctl: at /usr/bin/deb-systemd-invoke line 148. 133s Setting up sssd-krb5-common (2.9.4-1.1ubuntu3) ... 133s Setting up sssd-krb5 (2.9.4-1.1ubuntu3) ... 133s Setting up sssd-ldap (2.9.4-1.1ubuntu3) ... 133s Setting up sssd-ad (2.9.4-1.1ubuntu3) ... 133s Setting up sssd-tools (2.9.4-1.1ubuntu3) ... 133s Setting up sssd-ipa (2.9.4-1.1ubuntu3) ... 133s Setting up sssd (2.9.4-1.1ubuntu3) ... 133s Setting up libverto-libevent1:arm64 (0.3.1-1ubuntu5) ... 133s Setting up libverto1:arm64 (0.3.1-1ubuntu5) ... 133s Setting up libkrad0:arm64 (1.20.1-5build1) ... 133s Setting up sssd-passkey (2.9.4-1.1ubuntu3) ... 133s Setting up sssd-idp (2.9.4-1.1ubuntu3) ... 133s Setting up autopkgtest-satdep (0) ... 133s Processing triggers for libc-bin (2.39-0ubuntu2) ... 133s Processing triggers for ufw (0.36.2-5) ... 133s Processing triggers for man-db (2.12.0-3) ... 134s Processing triggers for dbus (1.14.10-4ubuntu1) ... 145s (Reading database ... 76080 files and directories currently installed.) 145s Removing autopkgtest-satdep (0) ... 145s autopkgtest [12:34:34]: test ldap-user-group-ldap-auth: [----------------------- 146s + . debian/tests/util 146s + . debian/tests/common-tests 146s + mydomain=example.com 146s + myhostname=ldap.example.com 146s + mysuffix=dc=example,dc=com 146s + admin_dn=cn=admin,dc=example,dc=com 146s + admin_pw=secret 146s + ldap_user=testuser1 146s + ldap_user_pw=testuser1secret 146s + ldap_group=ldapusers 146s + adjust_hostname ldap.example.com 146s + local myhostname=ldap.example.com 146s + echo ldap.example.com 146s + hostname ldap.example.com 146s + grep -qE ldap.example.com /etc/hosts 146s + echo 127.0.1.10 ldap.example.com 146s + reconfigure_slapd 146s + debconf-set-selections 146s + rm -rf /var/backups/*slapd* /var/backups/unknown*ldapdb 146s + dpkg-reconfigure -fnoninteractive -pcritical slapd 146s Backing up /etc/ldap/slapd.d in /var/backups/slapd-2.6.7+dfsg-1~exp1ubuntu1... done. 146s Moving old database directory to /var/backups: 146s - directory unknown... done. 146s Creating initial configuration... done. 146s Creating LDAP directory... done. 147s + generate_certs ldap.example.com 147s + local cn=ldap.example.com 147s + local cert=/etc/ldap/server.pem 147s + local key=/etc/ldap/server.key 147s + local cnf=/etc/ldap/openssl.cnf 147s + cat 147s + openssl req -new -x509 -nodes -out /etc/ldap/server.pem -keyout /etc/ldap/server.key -config /etc/ldap/openssl.cnf 147s .................................++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 147s ..................++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 147s ----- 147s + chmod 0640 /etc/ldap/server.key 147s + chgrp openldap /etc/ldap/server.key 147s + [ ! -f /etc/ldap/server.pem ] 147s + [ ! -f /etc/ldap/server.key ] 147s + enable_ldap_ssl 147s + cat 147s + cat 147s + ldapmodify -H ldapi:/// -Y EXTERNAL -Q 147s modifying entry "cn=config" 147s 147s + populate_ldap_rfc2307 147s + + cat 147s ldapadd -x -D cn=admin,dc=example,dc=com -w secret 147s adding new entry "ou=People,dc=example,dc=com" 147s 147s adding new entry "ou=Group,dc=example,dc=com" 147s 147s adding new entry "uid=testuser1,ou=People,dc=example,dc=com" 147s 147s adding new entry "cn=testuser1,ou=Group,dc=example,dc=com" 147s 147s adding new entry "cn=ldapusers,ou=Group,dc=example,dc=com" 147s 147s + configure_sssd_ldap_rfc2307 147s + cat 147s + chmod 0600 /etc/sssd/sssd.conf 147s + systemctl restart sssd 147s + enable_pam_mkhomedir 147s + grep -qE ^session.*pam_mkhomedir\.so /etc/pam.d/common-session 147s Assert local user databases do not have our LDAP test data 147s + echo session optional pam_mkhomedir.so 147s + run_common_tests 147s + echo Assert local user databases do not have our LDAP test data 147s + check_local_user testuser1 147s + local local_user=testuser1 147s + grep -q ^testuser1 /etc/passwd 147s + check_local_group testuser1 147s + local local_group=testuser1 147s + grep -q ^testuser1 /etc/group 147s + check_local_group ldapusers 147s + local local_group=ldapusers 147s + grep -q ^ldapusers /etc/group 147s The LDAP user is known to the system via getent 147s + echo The LDAP user is known to the system via getent 147s + check_getent_user testuser1 147s + local getent_user=testuser1 147s + local output 147s + getent passwd testuser1 147s The LDAP user's private group is known to the system via getent 147s + output=testuser1:*:10001:10001:testuser1:/home/testuser1:/bin/bash 147s + [ -z testuser1:*:10001:10001:testuser1:/home/testuser1:/bin/bash ] 147s + echo The LDAP user's private group is known to the system via getent 147s + check_getent_group testuser1 147s + local getent_group=testuser1 147s + local output 147s + getent group testuser1 147s + output=testuser1:*:10001:testuser1 147s + [ -z testuser1:*:10001:testuser1 ] 147s + echo The LDAP group ldapusers is known to the system via getent 147s + check_getent_groupThe LDAP group ldapusers is known to the system via getent 147s ldapusers 147s + local getent_group=ldapusers 147s + local output 147s + getent group ldapusers 147s The id(1) command can resolve the group membership of the LDAP user 147s + output=ldapusers:*:10100:testuser1 147s + [ -z ldapusers:*:10100:testuser1 ] 147s + echo The id(1) command can resolve the group membership of the LDAP user 147s + id -Gn testuser1 147s The LDAP user can login on a terminal 147s + output=testuser1 ldapusers 147s + [ testuser1 ldapusers != testuser1 ldapusers ] 147s + echo The LDAP user can login on a terminal 147s + /usr/bin/expect -f debian/tests/login.exp testuser1 testuser1secret 147s spawn login 147s ldap.example.com login: testuser1 147s Password: 147s Welcome to Ubuntu Noble Numbat (development branch) (GNU/Linux 6.8.0-11-generic aarch64) 147s 147s * Documentation: https://help.ubuntu.com 147s * Management: https://landscape.canonical.com 147s * Support: https://ubuntu.com/pro 147s 147s 147s The programs included with the Ubuntu system are free software; 147s the exact distribution terms for each program are described in the 147s individual files in /usr/share/doc/*/copyright. 147s 147s Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by 147s applicable law. 147s 147s 147s The programs included with the Ubuntu system are free software; 147s the exact distribution terms for each program are described in the 147s individual files in /usr/share/doc/*/copyright. 147s 147s Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by 147s applicable law. 147s 147s Creating directory '/home/testuser1'. 147s [?2004htestuser1@ldap:~$ id -un 147s [?2004l testuser1 148s [?2004htestuser1@ldap:~$ autopkgtest [12:34:37]: test ldap-user-group-ldap-auth: -----------------------] 148s autopkgtest [12:34:37]: test ldap-user-group-ldap-auth: - - - - - - - - - - results - - - - - - - - - - 148s ldap-user-group-ldap-auth PASS 149s autopkgtest [12:34:38]: test ldap-user-group-krb5-auth: preparing testbed 150s Reading package lists... 151s Building dependency tree... 151s Reading state information... 151s Starting pkgProblemResolver with broken count: 0 151s Starting 2 pkgProblemResolver with broken count: 0 151s Done 152s The following additional packages will be installed: 152s krb5-admin-server krb5-config krb5-kdc krb5-user libgssrpc4 152s libkadm5clnt-mit12 libkadm5srv-mit12 libkdb5-10 152s Suggested packages: 152s krb5-kdc-ldap krb5-kpropd krb5-k5tls krb5-doc 152s The following NEW packages will be installed: 152s autopkgtest-satdep krb5-admin-server krb5-config krb5-kdc krb5-user 152s libgssrpc4 libkadm5clnt-mit12 libkadm5srv-mit12 libkdb5-10 152s 0 upgraded, 9 newly installed, 0 to remove and 0 not upgraded. 152s Need to get 594 kB/595 kB of archives. 152s After this operation, 2907 kB of additional disk space will be used. 152s Get:1 /tmp/autopkgtest.vUfYwY/2-autopkgtest-satdep.deb autopkgtest-satdep arm64 0 [888 B] 152s Get:2 http://ftpmaster.internal/ubuntu noble/main arm64 krb5-config all 2.7 [22.0 kB] 152s Get:3 http://ftpmaster.internal/ubuntu noble/main arm64 libgssrpc4 arm64 1.20.1-5build1 [57.4 kB] 152s Get:4 http://ftpmaster.internal/ubuntu noble/main arm64 libkadm5clnt-mit12 arm64 1.20.1-5build1 [39.9 kB] 152s Get:5 http://ftpmaster.internal/ubuntu noble/main arm64 libkdb5-10 arm64 1.20.1-5build1 [39.8 kB] 152s Get:6 http://ftpmaster.internal/ubuntu noble/main arm64 libkadm5srv-mit12 arm64 1.20.1-5build1 [53.2 kB] 152s Get:7 http://ftpmaster.internal/ubuntu noble/universe arm64 krb5-user arm64 1.20.1-5build1 [108 kB] 152s Get:8 http://ftpmaster.internal/ubuntu noble/universe arm64 krb5-kdc arm64 1.20.1-5build1 [180 kB] 152s Get:9 http://ftpmaster.internal/ubuntu noble/universe arm64 krb5-admin-server arm64 1.20.1-5build1 [94.6 kB] 153s Preconfiguring packages ... 154s Fetched 594 kB in 1s (1013 kB/s) 154s Selecting previously unselected package krb5-config. 154s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 76080 files and directories currently installed.) 154s Preparing to unpack .../0-krb5-config_2.7_all.deb ... 154s Unpacking krb5-config (2.7) ... 154s Selecting previously unselected package libgssrpc4:arm64. 154s Preparing to unpack .../1-libgssrpc4_1.20.1-5build1_arm64.deb ... 154s Unpacking libgssrpc4:arm64 (1.20.1-5build1) ... 154s Selecting previously unselected package libkadm5clnt-mit12:arm64. 154s Preparing to unpack .../2-libkadm5clnt-mit12_1.20.1-5build1_arm64.deb ... 154s Unpacking libkadm5clnt-mit12:arm64 (1.20.1-5build1) ... 154s Selecting previously unselected package libkdb5-10:arm64. 154s Preparing to unpack .../3-libkdb5-10_1.20.1-5build1_arm64.deb ... 154s Unpacking libkdb5-10:arm64 (1.20.1-5build1) ... 154s Selecting previously unselected package libkadm5srv-mit12:arm64. 154s Preparing to unpack .../4-libkadm5srv-mit12_1.20.1-5build1_arm64.deb ... 154s Unpacking libkadm5srv-mit12:arm64 (1.20.1-5build1) ... 154s Selecting previously unselected package krb5-user. 155s Preparing to unpack .../5-krb5-user_1.20.1-5build1_arm64.deb ... 155s Unpacking krb5-user (1.20.1-5build1) ... 155s Selecting previously unselected package krb5-kdc. 155s Preparing to unpack .../6-krb5-kdc_1.20.1-5build1_arm64.deb ... 155s Unpacking krb5-kdc (1.20.1-5build1) ... 155s Selecting previously unselected package krb5-admin-server. 155s Preparing to unpack .../7-krb5-admin-server_1.20.1-5build1_arm64.deb ... 155s Unpacking krb5-admin-server (1.20.1-5build1) ... 155s Selecting previously unselected package autopkgtest-satdep. 155s Preparing to unpack .../8-2-autopkgtest-satdep.deb ... 155s Unpacking autopkgtest-satdep (0) ... 155s Setting up libgssrpc4:arm64 (1.20.1-5build1) ... 155s Setting up krb5-config (2.7) ... 156s Setting up libkadm5clnt-mit12:arm64 (1.20.1-5build1) ... 156s Setting up libkdb5-10:arm64 (1.20.1-5build1) ... 156s Setting up libkadm5srv-mit12:arm64 (1.20.1-5build1) ... 156s Setting up krb5-user (1.20.1-5build1) ... 156s update-alternatives: using /usr/bin/kinit.mit to provide /usr/bin/kinit (kinit) in auto mode 156s update-alternatives: using /usr/bin/klist.mit to provide /usr/bin/klist (klist) in auto mode 156s update-alternatives: using /usr/bin/kswitch.mit to provide /usr/bin/kswitch (kswitch) in auto mode 156s update-alternatives: using /usr/bin/ksu.mit to provide /usr/bin/ksu (ksu) in auto mode 156s update-alternatives: using /usr/bin/kpasswd.mit to provide /usr/bin/kpasswd (kpasswd) in auto mode 156s update-alternatives: using /usr/bin/kdestroy.mit to provide /usr/bin/kdestroy (kdestroy) in auto mode 156s update-alternatives: using /usr/bin/kadmin.mit to provide /usr/bin/kadmin (kadmin) in auto mode 156s update-alternatives: using /usr/bin/ktutil.mit to provide /usr/bin/ktutil (ktutil) in auto mode 156s Setting up krb5-kdc (1.20.1-5build1) ... 156s Created symlink /etc/systemd/system/multi-user.target.wants/krb5-kdc.service → /usr/lib/systemd/system/krb5-kdc.service. 156s Could not execute systemctl: at /usr/bin/deb-systemd-invoke line 148. 156s Setting up krb5-admin-server (1.20.1-5build1) ... 157s Created symlink /etc/systemd/system/multi-user.target.wants/krb5-admin-server.service → /usr/lib/systemd/system/krb5-admin-server.service. 157s Setting up autopkgtest-satdep (0) ... 157s Processing triggers for man-db (2.12.0-3) ... 158s Processing triggers for libc-bin (2.39-0ubuntu2) ... 167s (Reading database ... 76173 files and directories currently installed.) 167s Removing autopkgtest-satdep (0) ... 168s autopkgtest [12:34:57]: test ldap-user-group-krb5-auth: [----------------------- 168s + . debian/tests/util 168s + . debian/tests/common-tests 168s + mydomain=example.com 168s + myhostname=ldap.example.com 168s + mysuffix=dc=example,dc=com 168s + myrealm=EXAMPLE.COM 168s + admin_dn=cn=admin,dc=example,dc=com 168s + admin_pw=secret 168s + ldap_user=testuser1 168s + ldap_user_pw=testuser1secret 168s + kerberos_principal_pw=testuser1kerberos 168s + ldap_group=ldapusers 168s + adjust_hostname ldap.example.com 168s + local myhostname=ldap.example.com 168s + echo ldap.example.com 168s + hostname ldap.example.com 168s + grep -qE ldap.example.com /etc/hosts 168s + reconfigure_slapd 168s + debconf-set-selections 168s + rm -rf /var/backups/slapd-2.6.7+dfsg-1~exp1ubuntu1 /var/backups/unknown-2.6.7+dfsg-1~exp1ubuntu1-20240316-123435.ldapdb 168s + dpkg-reconfigure -fnoninteractive -pcritical slapd 169s Backing up /etc/ldap/slapd.d in /var/backups/slapd-2.6.7+dfsg-1~exp1ubuntu1... done. 169s Moving old database directory to /var/backups: 169s - directory unknown... done. 169s Creating initial configuration... done. 169s Creating LDAP directory... done. 170s + generate_certs ldap.example.com 170s + local cn=ldap.example.com 170s + local cert=/etc/ldap/server.pem 170s + local key=/etc/ldap/server.key 170s + local cnf=/etc/ldap/openssl.cnf 170s + cat 170s + openssl req -new -x509 -nodes -out /etc/ldap/server.pem -keyout /etc/ldap/server.key -config /etc/ldap/openssl.cnf 170s ............................++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 170s ............................++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 170s ----- 170s + chmod 0640 /etc/ldap/server.key 170s + chgrp openldap /etc/ldap/server.key 170s + [ ! -f /etc/ldap/server.pem ] 170s + [ ! -f /etc/ldap/server.key ] 170s + enable_ldap_ssl 170s + cat 170s + cat 170s + ldapmodify -H ldapi:/// -Y EXTERNAL -Q 170s modifying entry "cn=config" 170s 170s + populate_ldap_rfc2307 170s + cat 170s + ldapadd -x -D cn=admin,dc=example,dc=com -w secret 170s adding new entry "ou=People,dc=example,dc=com" 170s 170s adding new entry "ou=Group,dc=example,dc=com" 170s 170s adding new entry "uid=testuser1,ou=People,dc=example,dc=com" 170s 170s adding new entry "cn=testuser1,ou=Group,dc=example,dc=com" 170s 170s adding new entry "cn=ldapusers,ou=Group,dc=example,dc=com" 170s 170s + create_realm EXAMPLE.COM ldap.example.com 170s + local realm_name=EXAMPLE.COM 170s + local kerberos_server=ldap.example.com 170s + rm -rf /var/lib/krb5kdc/* 170s + rm -rf /etc/krb5kdc/kdc.conf 170s + rm -f /etc/krb5.keytab 170s + cat 170s + cat 170s + echo # */admin * 170s + kdb5_util create -s -P secretpassword 170s Initializing database '/var/lib/krb5kdc/principal' for realm 'EXAMPLE.COM', 170s master key name 'K/M@EXAMPLE.COM' 170s + systemctl restart krb5-kdc.service krb5-admin-server.service 170s + create_krb_principal testuser1 testuser1kerberos 170s + local principal=testuser1 170s + local password=testuser1kerberos 170s + kadmin.local -q addprinc -pw testuser1kerberos testuser1 170s No policy specified for testuser1@EXAMPLE.COM; defaulting to no policy 170s Authenticating as principal root/admin@EXAMPLE.COM with password. 170s Principal "testuser1@EXAMPLE.COM" created. 170s + configure_sssd_ldap_rfc2307_krb5_auth 170s + cat 170s + chmod 0600 /etc/sssd/sssd.conf 170s + systemctl restart sssd 171s Assert local user databases do not have our LDAP test data 171s + enable_pam_mkhomedir 171s + grep -qE ^session.*pam_mkhomedir\.so /etc/pam.d/common-session 171s + run_common_tests 171s + echo Assert local user databases do not have our LDAP test data 171s + check_local_user testuser1 171s + local local_user=testuser1 171s + grep -q ^testuser1 /etc/passwd 171s + check_local_group testuser1 171s + local local_group=testuser1 171s + grep -q ^testuser1 /etc/group 171s + check_local_group ldapusers 171s + local local_group=ldapusers 171s The LDAP user is known to the system via getent 171s The LDAP user's private group is known to the system via getent 171s + grep -q ^ldapusers /etc/group 171s + echo The LDAP user is known to the system via getent 171s + check_getent_user testuser1 171s + local getent_user=testuser1 171s + local output 171s + getent passwd testuser1 171s + output=testuser1:*:10001:10001:testuser1:/home/testuser1:/bin/bash 171s + [ -z testuser1:*:10001:10001:testuser1:/home/testuser1:/bin/bash ] 171s + echo The LDAP user's private group is known to the system via getent 171s + check_getent_group testuser1 171s + local getent_group=testuser1 171s + local output 171s + getent group testuser1 171s + output=testuser1:*:10001:testuser1 171s + [ -z testuser1:*:10001:testuser1 ] 171s + echo The LDAP group ldapusers is known to the system via getent 171s + check_getent_group ldapusers 171s + local getent_group=ldapusers 171s + local output 171s + getent group ldapusers 171s The LDAP group ldapusers is known to the system via getent 171s The id(1) command can resolve the group membership of the LDAP user 171s + output=ldapusers:*:10100:testuser1 171s + [ -z ldapusers:*:10100:testuser1 ] 171s + echo The id(1) command can resolve the group membership of the LDAP user 171s + id -Gn testuser1 171s + output=testuser1 ldapusers 171s + [The Kerberos principal can login on a terminal 171s testuser1 ldapusers != testuser1 ldapusers ] 171s + echo The Kerberos principal can login on a terminal 171s + kdestroy 171s + /usr/bin/expect -f debian/tests/login.exp testuser1 testuser1kerberos testuser1@EXAMPLE.COM 171s spawn login 171s ldap.example.com login: testuser1 171s Password: 171s Welcome to Ubuntu Noble Numbat (development branch) (GNU/Linux 6.8.0-11-generic aarch64) 171s 171s * Documentation: https://help.ubuntu.com 171s * Management: https://landscape.canonical.com 171s * Support: https://ubuntu.com/pro 171s 171s 171s The programs included with the Ubuntu system are free software; 171s the exact distribution terms for each program are described in the 171s individual files in /usr/share/doc/*/copyright. 171s 171s Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by 171s applicable law. 171s 171s Last login: Sat Mar 16 12:34:36 UTC 2024 on pts/0 171s [?2004htestuser1@ldap:~$ id -un 171s [?2004l testuser1 171s [?2004htestuser1@ldap:~$ klist 171s [?2004l Ticket cache: FILE:/tmp/krb5cc_10001_kaM0V2 171s Default principal: testuser1@EXAMPLE.COM 171s 171s Valid starting Expires Service principal 171s 03/16/24 12:35:00 03/16/24 22:35:00 krbtgt/EXAMPLE.COM@EXAMPLE.COM 171s renew until 03/17/24 12:35:00 172s autopkgtest [12:35:01]: test ldap-user-group-krb5-auth: -----------------------] 172s ldap-user-group-krb5-auth PASS 172s autopkgtest [12:35:01]: test ldap-user-group-krb5-auth: - - - - - - - - - - results - - - - - - - - - - 173s autopkgtest [12:35:02]: test sssd-softhism2-certificates-tests.sh: preparing testbed 270s autopkgtest [12:36:39]: testbed dpkg architecture: arm64 270s autopkgtest [12:36:39]: testbed apt version: 2.7.12 270s autopkgtest [12:36:39]: @@@@@@@@@@@@@@@@@@@@ test bed setup 270s Get:1 http://ftpmaster.internal/ubuntu noble-proposed InRelease [117 kB] 271s Get:2 http://ftpmaster.internal/ubuntu noble-proposed/restricted Sources [6540 B] 271s Get:3 http://ftpmaster.internal/ubuntu noble-proposed/universe Sources [3650 kB] 271s Get:4 http://ftpmaster.internal/ubuntu noble-proposed/main Sources [473 kB] 271s Get:5 http://ftpmaster.internal/ubuntu noble-proposed/multiverse Sources [51.4 kB] 271s Get:6 http://ftpmaster.internal/ubuntu noble-proposed/main arm64 Packages [646 kB] 271s Get:7 http://ftpmaster.internal/ubuntu noble-proposed/main arm64 c-n-f Metadata [3144 B] 271s Get:8 http://ftpmaster.internal/ubuntu noble-proposed/restricted arm64 Packages [33.6 kB] 271s Get:9 http://ftpmaster.internal/ubuntu noble-proposed/restricted arm64 c-n-f Metadata [116 B] 271s Get:10 http://ftpmaster.internal/ubuntu noble-proposed/universe arm64 Packages [3974 kB] 271s Get:11 http://ftpmaster.internal/ubuntu noble-proposed/universe arm64 c-n-f Metadata [8528 B] 271s Get:12 http://ftpmaster.internal/ubuntu noble-proposed/multiverse arm64 Packages [55.8 kB] 271s Get:13 http://ftpmaster.internal/ubuntu noble-proposed/multiverse arm64 c-n-f Metadata [116 B] 273s Fetched 9020 kB in 2s (5412 kB/s) 273s Reading package lists... 276s Reading package lists... 276s Building dependency tree... 276s Reading state information... 277s Calculating upgrade... 277s The following packages will be REMOVED: 277s libssl3 277s The following NEW packages will be installed: 277s libssl3t64 277s The following packages have been kept back: 277s curl 277s The following packages will be upgraded: 277s libtirpc-common openssl ubuntu-minimal ubuntu-standard 277s 4 upgraded, 1 newly installed, 1 to remove and 1 not upgraded. 277s Need to get 2783 kB of archives. 277s After this operation, 72.7 kB of additional disk space will be used. 277s Get:1 http://ftpmaster.internal/ubuntu noble-proposed/main arm64 openssl arm64 3.0.13-0ubuntu1 [983 kB] 278s Get:2 http://ftpmaster.internal/ubuntu noble-proposed/main arm64 libssl3t64 arm64 3.0.13-0ubuntu1 [1770 kB] 278s Get:3 http://ftpmaster.internal/ubuntu noble-proposed/main arm64 libtirpc-common all 1.3.4+ds-1.1 [8018 B] 278s Get:4 http://ftpmaster.internal/ubuntu noble/main arm64 ubuntu-minimal arm64 1.536 [10.7 kB] 278s Get:5 http://ftpmaster.internal/ubuntu noble/main arm64 ubuntu-standard arm64 1.536 [10.7 kB] 278s Fetched 2783 kB in 1s (3218 kB/s) 279s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 74758 files and directories currently installed.) 279s Preparing to unpack .../openssl_3.0.13-0ubuntu1_arm64.deb ... 279s Unpacking openssl (3.0.13-0ubuntu1) over (3.0.10-1ubuntu4) ... 279s dpkg: libssl3:arm64: dependency problems, but removing anyway as you requested: 279s wget depends on libssl3 (>= 3.0.0). 279s u-boot-tools depends on libssl3 (>= 3.0.0). 279s tnftp depends on libssl3 (>= 3.0.0). 279s tcpdump depends on libssl3 (>= 3.0.0). 279s systemd-resolved depends on libssl3 (>= 3.0.0). 279s systemd depends on libssl3 (>= 3.0.0). 279s sudo depends on libssl3 (>= 3.0.0). 279s sbsigntool depends on libssl3 (>= 3.0.0). 279s rsync depends on libssl3 (>= 3.0.0). 279s python3-cryptography depends on libssl3 (>= 3.0.0). 279s openssh-server depends on libssl3 (>= 3.0.10). 279s openssh-client depends on libssl3 (>= 3.0.10). 279s mtd-utils depends on libssl3 (>= 3.0.0). 279s mokutil depends on libssl3 (>= 3.0.0). 279s linux-headers-6.8.0-11-generic depends on libssl3 (>= 3.0.0). 279s libsystemd-shared:arm64 depends on libssl3 (>= 3.0.0). 279s libssh-4:arm64 depends on libssl3 (>= 3.0.0). 279s libsasl2-modules:arm64 depends on libssl3 (>= 3.0.0). 279s libsasl2-2:arm64 depends on libssl3 (>= 3.0.0). 279s libpython3.12-minimal:arm64 depends on libssl3 (>= 3.0.0). 279s libnvme1 depends on libssl3 (>= 3.0.0). 279s libkrb5-3:arm64 depends on libssl3 (>= 3.0.0). 279s libkmod2:arm64 depends on libssl3 (>= 3.0.0). 279s libfido2-1:arm64 depends on libssl3 (>= 3.0.0). 279s libcurl4:arm64 depends on libssl3 (>= 3.0.0). 279s libcryptsetup12:arm64 depends on libssl3 (>= 3.0.0). 279s kmod depends on libssl3 (>= 3.0.0). 279s dhcpcd-base depends on libssl3 (>= 3.0.0). 279s bind9-libs:arm64 depends on libssl3 (>= 3.0.0). 279s 279s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 74758 files and directories currently installed.) 279s Removing libssl3:arm64 (3.0.10-1ubuntu4) ... 279s Selecting previously unselected package libssl3t64:arm64. 279s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 74747 files and directories currently installed.) 279s Preparing to unpack .../libssl3t64_3.0.13-0ubuntu1_arm64.deb ... 279s Unpacking libssl3t64:arm64 (3.0.13-0ubuntu1) ... 279s Preparing to unpack .../libtirpc-common_1.3.4+ds-1.1_all.deb ... 279s Unpacking libtirpc-common (1.3.4+ds-1.1) over (1.3.4+ds-1build1) ... 279s Preparing to unpack .../ubuntu-minimal_1.536_arm64.deb ... 279s Unpacking ubuntu-minimal (1.536) over (1.535) ... 279s Preparing to unpack .../ubuntu-standard_1.536_arm64.deb ... 279s Unpacking ubuntu-standard (1.536) over (1.535) ... 279s Setting up ubuntu-minimal (1.536) ... 279s Setting up libssl3t64:arm64 (3.0.13-0ubuntu1) ... 279s Setting up libtirpc-common (1.3.4+ds-1.1) ... 279s Setting up ubuntu-standard (1.536) ... 279s Setting up openssl (3.0.13-0ubuntu1) ... 279s Processing triggers for man-db (2.12.0-3) ... 280s Processing triggers for libc-bin (2.39-0ubuntu2) ... 280s Reading package lists... 280s Building dependency tree... 280s Reading state information... 281s 0 upgraded, 0 newly installed, 0 to remove and 1 not upgraded. 281s Hit:1 http://ftpmaster.internal/ubuntu noble InRelease 281s Hit:2 http://ftpmaster.internal/ubuntu noble-updates InRelease 281s Hit:3 http://ftpmaster.internal/ubuntu noble-security InRelease 281s Hit:4 http://ftpmaster.internal/ubuntu noble-proposed InRelease 283s Reading package lists... 283s Reading package lists... 283s Building dependency tree... 283s Reading state information... 283s Calculating upgrade... 284s The following packages have been kept back: 284s curl 284s 0 upgraded, 0 newly installed, 0 to remove and 1 not upgraded. 284s Reading package lists... 284s Building dependency tree... 284s Reading state information... 285s 0 upgraded, 0 newly installed, 0 to remove and 1 not upgraded. 288s Reading package lists... 289s Building dependency tree... 289s Reading state information... 289s Starting pkgProblemResolver with broken count: 0 289s Starting 2 pkgProblemResolver with broken count: 0 289s Done 290s The following additional packages will be installed: 290s gnutls-bin libavahi-client3 libavahi-common-data libavahi-common3 290s libbasicobjects0t64 libc-ares2 libcollection4t64 libcrack2 libdhash1t64 290s libevent-2.1-7 libgnutls-dane0t64 libgnutls30t64 libhogweed6t64 290s libini-config5t64 libipa-hbac0t64 libldb2 libnettle8t64 libnfsidmap1 290s libnss-sss libpam-pwquality libpam-sss libpath-utils1t64 libpwquality-common 290s libpwquality1 libref-array1t64 libsmbclient0 libsofthsm2 libsss-certmap0 290s libsss-idmap0 libsss-nss-idmap0 libtalloc2 libtdb1 libtevent0t64 290s libtirpc3t64 libunbound8 libwbclient0 python3-sss samba-libs softhsm2 290s softhsm2-common sssd sssd-ad sssd-ad-common sssd-common sssd-ipa sssd-krb5 290s sssd-krb5-common sssd-ldap sssd-proxy 290s Suggested packages: 290s dns-root-data adcli libsss-sudo sssd-tools libsasl2-modules-ldap 290s Recommended packages: 290s cracklib-runtime libsasl2-modules-gssapi-mit 290s | libsasl2-modules-gssapi-heimdal ldap-utils 290s The following packages will be REMOVED: 290s libgnutls30 libhogweed6 libnettle8 libtirpc3 290s The following NEW packages will be installed: 290s autopkgtest-satdep gnutls-bin libavahi-client3 libavahi-common-data 290s libavahi-common3 libbasicobjects0t64 libc-ares2 libcollection4t64 libcrack2 290s libdhash1t64 libevent-2.1-7 libgnutls-dane0t64 libgnutls30t64 libhogweed6t64 290s libini-config5t64 libipa-hbac0t64 libldb2 libnettle8t64 libnfsidmap1 290s libnss-sss libpam-pwquality libpam-sss libpath-utils1t64 libpwquality-common 290s libpwquality1 libref-array1t64 libsmbclient0 libsofthsm2 libsss-certmap0 290s libsss-idmap0 libsss-nss-idmap0 libtalloc2 libtdb1 libtevent0t64 290s libtirpc3t64 libunbound8 libwbclient0 python3-sss samba-libs softhsm2 290s softhsm2-common sssd sssd-ad sssd-ad-common sssd-common sssd-ipa sssd-krb5 290s sssd-krb5-common sssd-ldap sssd-proxy 290s 0 upgraded, 50 newly installed, 4 to remove and 1 not upgraded. 290s Need to get 11.7 MB/11.7 MB of archives. 290s After this operation, 49.3 MB of additional disk space will be used. 290s Get:1 /tmp/autopkgtest.vUfYwY/3-autopkgtest-satdep.deb autopkgtest-satdep arm64 0 [744 B] 290s Get:2 http://ftpmaster.internal/ubuntu noble-proposed/main arm64 libnettle8t64 arm64 3.9.1-2.2 [192 kB] 290s Get:3 http://ftpmaster.internal/ubuntu noble-proposed/main arm64 libhogweed6t64 arm64 3.9.1-2.2 [199 kB] 290s Get:4 http://ftpmaster.internal/ubuntu noble-proposed/main arm64 libgnutls30t64 arm64 3.8.3-1.1ubuntu2 [1042 kB] 290s Get:5 http://ftpmaster.internal/ubuntu noble-proposed/main arm64 libtirpc3t64 arm64 1.3.4+ds-1.1 [83.5 kB] 290s Get:6 http://ftpmaster.internal/ubuntu noble/main arm64 libevent-2.1-7 arm64 2.1.12-stable-9 [138 kB] 290s Get:7 http://ftpmaster.internal/ubuntu noble/main arm64 libunbound8 arm64 1.19.1-1ubuntu1 [423 kB] 290s Get:8 http://ftpmaster.internal/ubuntu noble-proposed/main arm64 libgnutls-dane0t64 arm64 3.8.3-1.1ubuntu2 [33.0 kB] 290s Get:9 http://ftpmaster.internal/ubuntu noble-proposed/universe arm64 gnutls-bin arm64 3.8.3-1.1ubuntu2 [276 kB] 290s Get:10 http://ftpmaster.internal/ubuntu noble/main arm64 libavahi-common-data arm64 0.8-13ubuntu2 [29.5 kB] 290s Get:11 http://ftpmaster.internal/ubuntu noble/main arm64 libavahi-common3 arm64 0.8-13ubuntu2 [23.2 kB] 290s Get:12 http://ftpmaster.internal/ubuntu noble/main arm64 libavahi-client3 arm64 0.8-13ubuntu2 [27.3 kB] 290s Get:13 http://ftpmaster.internal/ubuntu noble/main arm64 libbasicobjects0t64 arm64 0.6.2-2.1 [5868 B] 290s Get:14 http://ftpmaster.internal/ubuntu noble/main arm64 libcollection4t64 arm64 0.6.2-2.1 [23.5 kB] 291s Get:15 http://ftpmaster.internal/ubuntu noble/main arm64 libcrack2 arm64 2.9.6-5.1 [28.7 kB] 291s Get:16 http://ftpmaster.internal/ubuntu noble/main arm64 libdhash1t64 arm64 0.6.2-2.1 [8854 B] 291s Get:17 http://ftpmaster.internal/ubuntu noble/main arm64 libpath-utils1t64 arm64 0.6.2-2.1 [9090 B] 291s Get:18 http://ftpmaster.internal/ubuntu noble/main arm64 libref-array1t64 arm64 0.6.2-2.1 [7348 B] 291s Get:19 http://ftpmaster.internal/ubuntu noble/main arm64 libini-config5t64 arm64 0.6.2-2.1 [44.6 kB] 291s Get:20 http://ftpmaster.internal/ubuntu noble-proposed/main arm64 libipa-hbac0t64 arm64 2.9.4-1.1ubuntu3 [16.9 kB] 291s Get:21 http://ftpmaster.internal/ubuntu noble/main arm64 libtalloc2 arm64 2.4.2-1 [26.6 kB] 291s Get:22 http://ftpmaster.internal/ubuntu noble/main arm64 libtdb1 arm64 1.4.10-1 [48.4 kB] 291s Get:23 http://ftpmaster.internal/ubuntu noble-proposed/main arm64 libtevent0t64 arm64 0.16.1-2 [42.2 kB] 291s Get:24 http://ftpmaster.internal/ubuntu noble-proposed/main arm64 libldb2 arm64 2:2.8.0+samba4.19.5+dfsg-4ubuntu3 [188 kB] 291s Get:25 http://ftpmaster.internal/ubuntu noble-proposed/main arm64 libnfsidmap1 arm64 1:2.6.4-3ubuntu3 [48.1 kB] 291s Get:26 http://ftpmaster.internal/ubuntu noble/main arm64 libpwquality-common all 1.4.5-3 [7658 B] 291s Get:27 http://ftpmaster.internal/ubuntu noble/main arm64 libpwquality1 arm64 1.4.5-3 [13.2 kB] 291s Get:28 http://ftpmaster.internal/ubuntu noble/main arm64 libpam-pwquality arm64 1.4.5-3 [11.6 kB] 291s Get:29 http://ftpmaster.internal/ubuntu noble-proposed/main arm64 libwbclient0 arm64 2:4.19.5+dfsg-4ubuntu3 [71.2 kB] 291s Get:30 http://ftpmaster.internal/ubuntu noble-proposed/main arm64 samba-libs arm64 2:4.19.5+dfsg-4ubuntu3 [6061 kB] 291s Get:31 http://ftpmaster.internal/ubuntu noble-proposed/main arm64 libsmbclient0 arm64 2:4.19.5+dfsg-4ubuntu3 [62.1 kB] 291s Get:32 http://ftpmaster.internal/ubuntu noble/universe arm64 softhsm2-common arm64 2.6.1-2.2 [5806 B] 291s Get:33 http://ftpmaster.internal/ubuntu noble/universe arm64 libsofthsm2 arm64 2.6.1-2.2 [246 kB] 291s Get:34 http://ftpmaster.internal/ubuntu noble/universe arm64 softhsm2 arm64 2.6.1-2.2 [167 kB] 291s Get:35 http://ftpmaster.internal/ubuntu noble-proposed/main arm64 python3-sss arm64 2.9.4-1.1ubuntu3 [46.6 kB] 291s Get:36 http://ftpmaster.internal/ubuntu noble-proposed/main arm64 libsss-idmap0 arm64 2.9.4-1.1ubuntu3 [22.0 kB] 291s Get:37 http://ftpmaster.internal/ubuntu noble-proposed/main arm64 libnss-sss arm64 2.9.4-1.1ubuntu3 [31.8 kB] 291s Get:38 http://ftpmaster.internal/ubuntu noble-proposed/main arm64 libpam-sss arm64 2.9.4-1.1ubuntu3 [48.9 kB] 291s Get:39 http://ftpmaster.internal/ubuntu noble/main arm64 libc-ares2 arm64 1.27.0-1 [74.1 kB] 291s Get:40 http://ftpmaster.internal/ubuntu noble-proposed/main arm64 libsss-certmap0 arm64 2.9.4-1.1ubuntu3 [46.0 kB] 291s Get:41 http://ftpmaster.internal/ubuntu noble-proposed/main arm64 libsss-nss-idmap0 arm64 2.9.4-1.1ubuntu3 [30.5 kB] 291s Get:42 http://ftpmaster.internal/ubuntu noble-proposed/main arm64 sssd-common arm64 2.9.4-1.1ubuntu3 [1147 kB] 291s Get:43 http://ftpmaster.internal/ubuntu noble-proposed/main arm64 sssd-ad-common arm64 2.9.4-1.1ubuntu3 [75.5 kB] 291s Get:44 http://ftpmaster.internal/ubuntu noble-proposed/main arm64 sssd-krb5-common arm64 2.9.4-1.1ubuntu3 [87.8 kB] 291s Get:45 http://ftpmaster.internal/ubuntu noble-proposed/main arm64 sssd-ad arm64 2.9.4-1.1ubuntu3 [134 kB] 291s Get:46 http://ftpmaster.internal/ubuntu noble-proposed/main arm64 sssd-ipa arm64 2.9.4-1.1ubuntu3 [220 kB] 291s Get:47 http://ftpmaster.internal/ubuntu noble-proposed/main arm64 sssd-krb5 arm64 2.9.4-1.1ubuntu3 [14.3 kB] 291s Get:48 http://ftpmaster.internal/ubuntu noble-proposed/main arm64 sssd-ldap arm64 2.9.4-1.1ubuntu3 [31.3 kB] 291s Get:49 http://ftpmaster.internal/ubuntu noble-proposed/main arm64 sssd-proxy arm64 2.9.4-1.1ubuntu3 [44.6 kB] 291s Get:50 http://ftpmaster.internal/ubuntu noble-proposed/main arm64 sssd arm64 2.9.4-1.1ubuntu3 [4120 B] 292s Fetched 11.7 MB in 1s (9517 kB/s) 292s dpkg: libnettle8:arm64: dependency problems, but removing anyway as you requested: 292s librtmp1:arm64 depends on libnettle8. 292s libhogweed6:arm64 depends on libnettle8. 292s libgnutls30:arm64 depends on libnettle8 (>= 3.9~). 292s libcurl3-gnutls:arm64 depends on libnettle8. 292s libarchive13:arm64 depends on libnettle8. 292s 292s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 74760 files and directories currently installed.) 292s Removing libnettle8:arm64 (3.9.1-2) ... 292s Selecting previously unselected package libnettle8t64:arm64. 292s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 74753 files and directories currently installed.) 292s Preparing to unpack .../libnettle8t64_3.9.1-2.2_arm64.deb ... 292s Unpacking libnettle8t64:arm64 (3.9.1-2.2) ... 292s dpkg: libhogweed6:arm64: dependency problems, but removing anyway as you requested: 292s librtmp1:arm64 depends on libhogweed6. 292s libjcat1:arm64 depends on libhogweed6. 292s libgnutls30:arm64 depends on libhogweed6 (>= 3.6). 292s 292s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 74761 files and directories currently installed.) 292s Removing libhogweed6:arm64 (3.9.1-2) ... 292s Selecting previously unselected package libhogweed6t64:arm64. 292s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 74756 files and directories currently installed.) 292s Preparing to unpack .../libhogweed6t64_3.9.1-2.2_arm64.deb ... 292s Unpacking libhogweed6t64:arm64 (3.9.1-2.2) ... 292s dpkg: libgnutls30:arm64: dependency problems, but removing anyway as you requested: 292s u-boot-tools depends on libgnutls30 (>= 3.7.3). 292s librtmp1:arm64 depends on libgnutls30 (>= 3.7.2). 292s libldap2:arm64 depends on libgnutls30 (>= 3.8.2). 292s libjcat1:arm64 depends on libgnutls30 (>= 3.7.3). 292s libcurl3-gnutls:arm64 depends on libgnutls30 (>= 3.8.2). 292s fwupd depends on libgnutls30 (>= 3.7.3). 292s dirmngr depends on libgnutls30 (>= 3.8.1). 292s apt depends on libgnutls30 (>= 3.8.1). 292s 292s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 74762 files and directories currently installed.) 292s Removing libgnutls30:arm64 (3.8.3-1ubuntu1) ... 292s Selecting previously unselected package libgnutls30t64:arm64. 292s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 74753 files and directories currently installed.) 292s Preparing to unpack .../libgnutls30t64_3.8.3-1.1ubuntu2_arm64.deb ... 292s Unpacking libgnutls30t64:arm64 (3.8.3-1.1ubuntu2) ... 292s Setting up libnettle8t64:arm64 (3.9.1-2.2) ... 292s Setting up libhogweed6t64:arm64 (3.9.1-2.2) ... 292s Setting up libgnutls30t64:arm64 (3.8.3-1.1ubuntu2) ... 292s dpkg: libtirpc3:arm64: dependency problems, but removing anyway as you requested: 292s lsof depends on libtirpc3 (>= 1.0.2). 292s libpython3.12-stdlib:arm64 depends on libtirpc3 (>= 1.0.2). 292s libnss-nisplus:arm64 depends on libtirpc3 (>= 1.0.2). 292s libnsl2:arm64 depends on libtirpc3 (>= 1.0.2). 292s iproute2 depends on libtirpc3 (>= 1.0.2). 292s 292s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 74781 files and directories currently installed.) 292s Removing libtirpc3:arm64 (1.3.4+ds-1build1) ... 292s Selecting previously unselected package libtirpc3t64:arm64. 292s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 74775 files and directories currently installed.) 292s Preparing to unpack .../00-libtirpc3t64_1.3.4+ds-1.1_arm64.deb ... 293s Adding 'diversion of /lib/aarch64-linux-gnu/libtirpc.so.3 to /lib/aarch64-linux-gnu/libtirpc.so.3.usr-is-merged by libtirpc3t64' 293s Adding 'diversion of /lib/aarch64-linux-gnu/libtirpc.so.3.0.0 to /lib/aarch64-linux-gnu/libtirpc.so.3.0.0.usr-is-merged by libtirpc3t64' 293s Unpacking libtirpc3t64:arm64 (1.3.4+ds-1.1) ... 293s Selecting previously unselected package libevent-2.1-7:arm64. 293s Preparing to unpack .../01-libevent-2.1-7_2.1.12-stable-9_arm64.deb ... 293s Unpacking libevent-2.1-7:arm64 (2.1.12-stable-9) ... 293s Selecting previously unselected package libunbound8:arm64. 293s Preparing to unpack .../02-libunbound8_1.19.1-1ubuntu1_arm64.deb ... 293s Unpacking libunbound8:arm64 (1.19.1-1ubuntu1) ... 293s Selecting previously unselected package libgnutls-dane0t64:arm64. 293s Preparing to unpack .../03-libgnutls-dane0t64_3.8.3-1.1ubuntu2_arm64.deb ... 293s Unpacking libgnutls-dane0t64:arm64 (3.8.3-1.1ubuntu2) ... 293s Selecting previously unselected package gnutls-bin. 293s Preparing to unpack .../04-gnutls-bin_3.8.3-1.1ubuntu2_arm64.deb ... 293s Unpacking gnutls-bin (3.8.3-1.1ubuntu2) ... 293s Selecting previously unselected package libavahi-common-data:arm64. 293s Preparing to unpack .../05-libavahi-common-data_0.8-13ubuntu2_arm64.deb ... 293s Unpacking libavahi-common-data:arm64 (0.8-13ubuntu2) ... 293s Selecting previously unselected package libavahi-common3:arm64. 293s Preparing to unpack .../06-libavahi-common3_0.8-13ubuntu2_arm64.deb ... 293s Unpacking libavahi-common3:arm64 (0.8-13ubuntu2) ... 293s Selecting previously unselected package libavahi-client3:arm64. 293s Preparing to unpack .../07-libavahi-client3_0.8-13ubuntu2_arm64.deb ... 293s Unpacking libavahi-client3:arm64 (0.8-13ubuntu2) ... 293s Selecting previously unselected package libbasicobjects0t64:arm64. 293s Preparing to unpack .../08-libbasicobjects0t64_0.6.2-2.1_arm64.deb ... 293s Unpacking libbasicobjects0t64:arm64 (0.6.2-2.1) ... 293s Selecting previously unselected package libcollection4t64:arm64. 293s Preparing to unpack .../09-libcollection4t64_0.6.2-2.1_arm64.deb ... 293s Unpacking libcollection4t64:arm64 (0.6.2-2.1) ... 293s Selecting previously unselected package libcrack2:arm64. 293s Preparing to unpack .../10-libcrack2_2.9.6-5.1_arm64.deb ... 293s Unpacking libcrack2:arm64 (2.9.6-5.1) ... 293s Selecting previously unselected package libdhash1t64:arm64. 293s Preparing to unpack .../11-libdhash1t64_0.6.2-2.1_arm64.deb ... 293s Unpacking libdhash1t64:arm64 (0.6.2-2.1) ... 293s Selecting previously unselected package libpath-utils1t64:arm64. 293s Preparing to unpack .../12-libpath-utils1t64_0.6.2-2.1_arm64.deb ... 293s Unpacking libpath-utils1t64:arm64 (0.6.2-2.1) ... 293s Selecting previously unselected package libref-array1t64:arm64. 293s Preparing to unpack .../13-libref-array1t64_0.6.2-2.1_arm64.deb ... 293s Unpacking libref-array1t64:arm64 (0.6.2-2.1) ... 293s Selecting previously unselected package libini-config5t64:arm64. 294s Preparing to unpack .../14-libini-config5t64_0.6.2-2.1_arm64.deb ... 294s Unpacking libini-config5t64:arm64 (0.6.2-2.1) ... 294s Selecting previously unselected package libipa-hbac0t64. 294s Preparing to unpack .../15-libipa-hbac0t64_2.9.4-1.1ubuntu3_arm64.deb ... 294s Unpacking libipa-hbac0t64 (2.9.4-1.1ubuntu3) ... 294s Selecting previously unselected package libtalloc2:arm64. 294s Preparing to unpack .../16-libtalloc2_2.4.2-1_arm64.deb ... 294s Unpacking libtalloc2:arm64 (2.4.2-1) ... 294s Selecting previously unselected package libtdb1:arm64. 294s Preparing to unpack .../17-libtdb1_1.4.10-1_arm64.deb ... 294s Unpacking libtdb1:arm64 (1.4.10-1) ... 294s Selecting previously unselected package libtevent0t64:arm64. 294s Preparing to unpack .../18-libtevent0t64_0.16.1-2_arm64.deb ... 294s Unpacking libtevent0t64:arm64 (0.16.1-2) ... 294s Selecting previously unselected package libldb2:arm64. 294s Preparing to unpack .../19-libldb2_2%3a2.8.0+samba4.19.5+dfsg-4ubuntu3_arm64.deb ... 294s Unpacking libldb2:arm64 (2:2.8.0+samba4.19.5+dfsg-4ubuntu3) ... 294s Selecting previously unselected package libnfsidmap1:arm64. 294s Preparing to unpack .../20-libnfsidmap1_1%3a2.6.4-3ubuntu3_arm64.deb ... 294s Unpacking libnfsidmap1:arm64 (1:2.6.4-3ubuntu3) ... 294s Selecting previously unselected package libpwquality-common. 294s Preparing to unpack .../21-libpwquality-common_1.4.5-3_all.deb ... 294s Unpacking libpwquality-common (1.4.5-3) ... 294s Selecting previously unselected package libpwquality1:arm64. 294s Preparing to unpack .../22-libpwquality1_1.4.5-3_arm64.deb ... 294s Unpacking libpwquality1:arm64 (1.4.5-3) ... 294s Selecting previously unselected package libpam-pwquality:arm64. 294s Preparing to unpack .../23-libpam-pwquality_1.4.5-3_arm64.deb ... 294s Unpacking libpam-pwquality:arm64 (1.4.5-3) ... 294s Selecting previously unselected package libwbclient0:arm64. 294s Preparing to unpack .../24-libwbclient0_2%3a4.19.5+dfsg-4ubuntu3_arm64.deb ... 294s Unpacking libwbclient0:arm64 (2:4.19.5+dfsg-4ubuntu3) ... 294s Selecting previously unselected package samba-libs:arm64. 294s Preparing to unpack .../25-samba-libs_2%3a4.19.5+dfsg-4ubuntu3_arm64.deb ... 294s Unpacking samba-libs:arm64 (2:4.19.5+dfsg-4ubuntu3) ... 294s Selecting previously unselected package libsmbclient0:arm64. 294s Preparing to unpack .../26-libsmbclient0_2%3a4.19.5+dfsg-4ubuntu3_arm64.deb ... 294s Unpacking libsmbclient0:arm64 (2:4.19.5+dfsg-4ubuntu3) ... 294s Selecting previously unselected package softhsm2-common. 294s Preparing to unpack .../27-softhsm2-common_2.6.1-2.2_arm64.deb ... 294s Unpacking softhsm2-common (2.6.1-2.2) ... 294s Selecting previously unselected package libsofthsm2. 294s Preparing to unpack .../28-libsofthsm2_2.6.1-2.2_arm64.deb ... 294s Unpacking libsofthsm2 (2.6.1-2.2) ... 294s Selecting previously unselected package softhsm2. 294s Preparing to unpack .../29-softhsm2_2.6.1-2.2_arm64.deb ... 294s Unpacking softhsm2 (2.6.1-2.2) ... 294s Selecting previously unselected package python3-sss. 294s Preparing to unpack .../30-python3-sss_2.9.4-1.1ubuntu3_arm64.deb ... 294s Unpacking python3-sss (2.9.4-1.1ubuntu3) ... 294s Selecting previously unselected package libsss-idmap0. 294s Preparing to unpack .../31-libsss-idmap0_2.9.4-1.1ubuntu3_arm64.deb ... 294s Unpacking libsss-idmap0 (2.9.4-1.1ubuntu3) ... 294s Selecting previously unselected package libnss-sss:arm64. 294s Preparing to unpack .../32-libnss-sss_2.9.4-1.1ubuntu3_arm64.deb ... 295s Unpacking libnss-sss:arm64 (2.9.4-1.1ubuntu3) ... 295s Selecting previously unselected package libpam-sss:arm64. 295s Preparing to unpack .../33-libpam-sss_2.9.4-1.1ubuntu3_arm64.deb ... 295s Unpacking libpam-sss:arm64 (2.9.4-1.1ubuntu3) ... 295s Selecting previously unselected package libc-ares2:arm64. 295s Preparing to unpack .../34-libc-ares2_1.27.0-1_arm64.deb ... 295s Unpacking libc-ares2:arm64 (1.27.0-1) ... 295s Selecting previously unselected package libsss-certmap0. 295s Preparing to unpack .../35-libsss-certmap0_2.9.4-1.1ubuntu3_arm64.deb ... 295s Unpacking libsss-certmap0 (2.9.4-1.1ubuntu3) ... 295s Selecting previously unselected package libsss-nss-idmap0. 295s Preparing to unpack .../36-libsss-nss-idmap0_2.9.4-1.1ubuntu3_arm64.deb ... 295s Unpacking libsss-nss-idmap0 (2.9.4-1.1ubuntu3) ... 295s Selecting previously unselected package sssd-common. 295s Preparing to unpack .../37-sssd-common_2.9.4-1.1ubuntu3_arm64.deb ... 295s Unpacking sssd-common (2.9.4-1.1ubuntu3) ... 295s Selecting previously unselected package sssd-ad-common. 295s Preparing to unpack .../38-sssd-ad-common_2.9.4-1.1ubuntu3_arm64.deb ... 295s Unpacking sssd-ad-common (2.9.4-1.1ubuntu3) ... 295s Selecting previously unselected package sssd-krb5-common. 295s Preparing to unpack .../39-sssd-krb5-common_2.9.4-1.1ubuntu3_arm64.deb ... 295s Unpacking sssd-krb5-common (2.9.4-1.1ubuntu3) ... 295s Selecting previously unselected package sssd-ad. 295s Preparing to unpack .../40-sssd-ad_2.9.4-1.1ubuntu3_arm64.deb ... 295s Unpacking sssd-ad (2.9.4-1.1ubuntu3) ... 295s Selecting previously unselected package sssd-ipa. 295s Preparing to unpack .../41-sssd-ipa_2.9.4-1.1ubuntu3_arm64.deb ... 295s Unpacking sssd-ipa (2.9.4-1.1ubuntu3) ... 295s Selecting previously unselected package sssd-krb5. 295s Preparing to unpack .../42-sssd-krb5_2.9.4-1.1ubuntu3_arm64.deb ... 295s Unpacking sssd-krb5 (2.9.4-1.1ubuntu3) ... 295s Selecting previously unselected package sssd-ldap. 295s Preparing to unpack .../43-sssd-ldap_2.9.4-1.1ubuntu3_arm64.deb ... 295s Unpacking sssd-ldap (2.9.4-1.1ubuntu3) ... 295s Selecting previously unselected package sssd-proxy. 295s Preparing to unpack .../44-sssd-proxy_2.9.4-1.1ubuntu3_arm64.deb ... 295s Unpacking sssd-proxy (2.9.4-1.1ubuntu3) ... 295s Selecting previously unselected package sssd. 295s Preparing to unpack .../45-sssd_2.9.4-1.1ubuntu3_arm64.deb ... 295s Unpacking sssd (2.9.4-1.1ubuntu3) ... 295s Selecting previously unselected package autopkgtest-satdep. 295s Preparing to unpack .../46-3-autopkgtest-satdep.deb ... 295s Unpacking autopkgtest-satdep (0) ... 295s Setting up libpwquality-common (1.4.5-3) ... 295s Setting up softhsm2-common (2.6.1-2.2) ... 296s 296s Creating config file /etc/softhsm/softhsm2.conf with new version 296s Setting up libnfsidmap1:arm64 (1:2.6.4-3ubuntu3) ... 296s Setting up libsss-idmap0 (2.9.4-1.1ubuntu3) ... 296s Setting up libbasicobjects0t64:arm64 (0.6.2-2.1) ... 296s Setting up libipa-hbac0t64 (2.9.4-1.1ubuntu3) ... 296s Setting up libtirpc3t64:arm64 (1.3.4+ds-1.1) ... 296s Setting up libref-array1t64:arm64 (0.6.2-2.1) ... 296s Setting up libtdb1:arm64 (1.4.10-1) ... 296s Setting up libcollection4t64:arm64 (0.6.2-2.1) ... 296s Setting up libc-ares2:arm64 (1.27.0-1) ... 296s Setting up libwbclient0:arm64 (2:4.19.5+dfsg-4ubuntu3) ... 296s Setting up libtalloc2:arm64 (2.4.2-1) ... 296s Setting up libpath-utils1t64:arm64 (0.6.2-2.1) ... 296s Setting up libavahi-common-data:arm64 (0.8-13ubuntu2) ... 296s Setting up libdhash1t64:arm64 (0.6.2-2.1) ... 296s Setting up libevent-2.1-7:arm64 (2.1.12-stable-9) ... 296s Setting up libcrack2:arm64 (2.9.6-5.1) ... 296s Setting up libsss-nss-idmap0 (2.9.4-1.1ubuntu3) ... 296s Setting up libini-config5t64:arm64 (0.6.2-2.1) ... 296s Setting up libtevent0t64:arm64 (0.16.1-2) ... 296s Setting up libnss-sss:arm64 (2.9.4-1.1ubuntu3) ... 296s Setting up libsofthsm2 (2.6.1-2.2) ... 296s Setting up softhsm2 (2.6.1-2.2) ... 296s Setting up libavahi-common3:arm64 (0.8-13ubuntu2) ... 296s Setting up libsss-certmap0 (2.9.4-1.1ubuntu3) ... 296s Setting up libunbound8:arm64 (1.19.1-1ubuntu1) ... 296s Setting up libpwquality1:arm64 (1.4.5-3) ... 296s Setting up libgnutls-dane0t64:arm64 (3.8.3-1.1ubuntu2) ... 296s Setting up libldb2:arm64 (2:2.8.0+samba4.19.5+dfsg-4ubuntu3) ... 296s Setting up libavahi-client3:arm64 (0.8-13ubuntu2) ... 296s Setting up gnutls-bin (3.8.3-1.1ubuntu2) ... 296s Setting up libpam-pwquality:arm64 (1.4.5-3) ... 296s Setting up samba-libs:arm64 (2:4.19.5+dfsg-4ubuntu3) ... 296s Setting up python3-sss (2.9.4-1.1ubuntu3) ... 296s Setting up libsmbclient0:arm64 (2:4.19.5+dfsg-4ubuntu3) ... 296s Setting up libpam-sss:arm64 (2.9.4-1.1ubuntu3) ... 296s Setting up sssd-common (2.9.4-1.1ubuntu3) ... 296s Creating SSSD system user & group... 296s warn: The home directory `/var/lib/sss' already exists. Not touching this directory. 296s warn: Warning: The home directory `/var/lib/sss' does not belong to the user you are currently creating. 296s Warning: found usr.sbin.sssd in /etc/apparmor.d/force-complain, forcing complain mode 296s Warning from /etc/apparmor.d/usr.sbin.sssd (/etc/apparmor.d/usr.sbin.sssd line 63): Caching disabled for: 'usr.sbin.sssd' due to force complain 297s Created symlink /etc/systemd/system/sssd.service.wants/sssd-autofs.socket → /usr/lib/systemd/system/sssd-autofs.socket. 297s Created symlink /etc/systemd/system/sssd.service.wants/sssd-nss.socket → /usr/lib/systemd/system/sssd-nss.socket. 297s Created symlink /etc/systemd/system/sssd.service.wants/sssd-pam-priv.socket → /usr/lib/systemd/system/sssd-pam-priv.socket. 297s Created symlink /etc/systemd/system/sssd.service.wants/sssd-pam.socket → /usr/lib/systemd/system/sssd-pam.socket. 298s Created symlink /etc/systemd/system/sssd.service.wants/sssd-ssh.socket → /usr/lib/systemd/system/sssd-ssh.socket. 298s Created symlink /etc/systemd/system/sssd.service.wants/sssd-sudo.socket → /usr/lib/systemd/system/sssd-sudo.socket. 298s Created symlink /etc/systemd/system/multi-user.target.wants/sssd.service → /usr/lib/systemd/system/sssd.service. 298s sssd-autofs.service is a disabled or a static unit, not starting it. 298s sssd-nss.service is a disabled or a static unit, not starting it. 298s sssd-pam.service is a disabled or a static unit, not starting it. 299s sssd-ssh.service is a disabled or a static unit, not starting it. 299s sssd-sudo.service is a disabled or a static unit, not starting it. 299s Could not execute systemctl: at /usr/bin/deb-systemd-invoke line 148. 299s Setting up sssd-proxy (2.9.4-1.1ubuntu3) ... 299s Setting up sssd-ad-common (2.9.4-1.1ubuntu3) ... 299s Created symlink /etc/systemd/system/sssd.service.wants/sssd-pac.socket → /usr/lib/systemd/system/sssd-pac.socket. 299s sssd-pac.service is a disabled or a static unit, not starting it. 299s Could not execute systemctl: at /usr/bin/deb-systemd-invoke line 148. 299s Setting up sssd-krb5-common (2.9.4-1.1ubuntu3) ... 299s Setting up sssd-krb5 (2.9.4-1.1ubuntu3) ... 299s Setting up sssd-ldap (2.9.4-1.1ubuntu3) ... 299s Setting up sssd-ad (2.9.4-1.1ubuntu3) ... 299s Setting up sssd-ipa (2.9.4-1.1ubuntu3) ... 299s Setting up sssd (2.9.4-1.1ubuntu3) ... 299s Setting up autopkgtest-satdep (0) ... 299s Processing triggers for man-db (2.12.0-3) ... 300s Processing triggers for libc-bin (2.39-0ubuntu2) ... 304s (Reading database ... 75382 files and directories currently installed.) 304s Removing autopkgtest-satdep (0) ... 307s autopkgtest [12:37:16]: test sssd-softhism2-certificates-tests.sh: [----------------------- 308s + '[' -z ubuntu ']' 308s + required_tools=(p11tool openssl softhsm2-util) 308s + for cmd in "${required_tools[@]}" 308s + command -v p11tool 308s + for cmd in "${required_tools[@]}" 308s + command -v openssl 308s + for cmd in "${required_tools[@]}" 308s + command -v softhsm2-util 308s + PIN=053350 308s +++ find /usr/lib/softhsm/libsofthsm2.so 308s +++ head -n 1 308s ++ realpath /usr/lib/softhsm/libsofthsm2.so 308s + SOFTHSM2_MODULE=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so 308s + SSSD_P11_CHILD=/usr/libexec/sssd/p11_child 308s + TOKEN_ID=00112233445566778899FFAABBCCDDEEFF012345 308s + '[' '!' -v NO_SSSD_TESTS ']' 308s + '[' '!' -x /usr/libexec/sssd/p11_child ']' 308s + ca_db_arg=ca_db 308s ++ /usr/libexec/sssd/p11_child --help 308s + p11_child_help='Usage: p11_child [OPTION...] 308s -d, --debug-level=INT Debug level 308s --debug-timestamps=INT Add debug timestamps 308s --debug-microseconds=INT Show timestamps with microseconds 308s --dumpable=INT Allow core dumps 308s --debug-fd=INT An open file descriptor for the debug 308s logs 308s --logger=stderr|files|journald Set logger 308s --auth Run in auth mode 308s --pre Run in pre-auth mode 308s --wait_for_card Wait until card is available 308s --verification Run in verification mode 308s --pin Expect PIN on stdin 308s --keypad Expect PIN on keypad 308s --verify=STRING Tune validation 308s --ca_db=STRING CA DB to use 308s --module_name=STRING Module name for authentication 308s --token_name=STRING Token name for authentication 308s --key_id=STRING Key ID for authentication 308s --label=STRING Label for authentication 308s --certificate=STRING certificate to verify, base64 encoded 308s --uri=STRING PKCS#11 URI to restrict selection 308s --chain-id=LONG Tevent chain ID used for logging 308s purposes 308s 308s Help options: 308s -?, --help Show this help message 308s --usage Display brief usage message' 308s + echo 'Usage: p11_child [OPTION...] 308s -d, --debug-level=INT Debug level 308s --debug-timestamps=INT Add debug timestamps 308s --debug-microseconds=INT Show timestamps with microseconds 308s --dumpable=INT Allow core dumps 308s --debug-fd=INT An open file descriptor for the debug 308s logs 308s --logger=stderr|files|journald Set logger 308s --auth Run in auth mode 308s --pre Run in pre-auth mode 308s --wait_for_card Wait until card is available 308s --verification Run in verification mode 308s --pin Expect PIN on stdin 308s --keypad Expect PIN on keypad 308s --verify=STRING Tune validation 308s --ca_db=STRING CA DB to use 308s --module_name=STRING Module name for authentication 308s --token_name=STRING Token name for authentication 308s --key_id=STRING Key ID for authentication 308s --label=STRING Label for authentication 308s --certificate=STRING certificate to verify, base64 encoded 308s --uri=STRING PKCS#11 URI to restrict selection 308s --chain-id=LONG Tevent chain ID used for logging 308s purposes 308s 308s Help options: 308s -?, --help Show this help message 308s --usage Display brief usage message' 308s + grep nssdb -qs 308s + echo 'Usage: p11_child [OPTION...] 308s -d, --debug-level=INT Debug level 308s --debug-timestamps=INT Add debug timestamps 308s --debug-microseconds=INT Show timestamps with microseconds 308s --dumpable=INT Allow core dumps 308s --debug-fd=INT An open file descriptor for the debug 308s logs 308s --logger=stderr|files|journald Set logger 308s --auth Run in auth mode 308s --pre Run in pre-auth mode 308s --wait_for_card Wait until card is available 308s --verification Run in verification mode 308s --pin Expect PIN on stdin 308s --keypad Expect PIN on keypad 308s --verify=STRING Tune validation 308s --ca_db=STRING CA DB to use 308s --module_name=STRING Module name for authentication 308s --token_name=STRING Token name for authentication 308s --key_id=STRING Key ID for authentication 308s --label=STRING Label for authentication 308s --certificate=STRING certificate to verify, base64 encoded 308s --uri=STRING PKCS#11 URI to restrict selection 308s --chain-id=LONG Tevent chain ID used for logging 308s purposes 308s 308s Help options: 308s -?, --help Show this help message 308s --usage Display brief usage message' 308s + grep -qs -- --ca_db 308s + '[' '!' -e /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so ']' 308s ++ mktemp -d -t sssd-softhsm2-XXXXXX 308s + tmpdir=/tmp/sssd-softhsm2-m6N4Q8 308s + keys_size=1024 308s + [[ ! -v KEEP_TEMPORARY_FILES ]] 308s + trap 'rm -rf "$tmpdir"' EXIT 308s + trap 'set +x; echo -e "\nUnexpected failure!!!"' ERR 308s + echo -n 01 308s + touch /tmp/sssd-softhsm2-m6N4Q8/index.txt 308s + mkdir -p /tmp/sssd-softhsm2-m6N4Q8/new_certs 308s + cat 308s + root_ca_key_pass=pass:random-root-CA-password-31367 308s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-m6N4Q8/test-root-CA-key.pem -passout pass:random-root-CA-password-31367 1024 308s + openssl req -passin pass:random-root-CA-password-31367 -batch -config /tmp/sssd-softhsm2-m6N4Q8/test-root-CA.config -x509 -new -nodes -key /tmp/sssd-softhsm2-m6N4Q8/test-root-CA-key.pem -sha256 -days 1024 -set_serial 0 -extensions v3_ca -out /tmp/sssd-softhsm2-m6N4Q8/test-root-CA.pem 308s + openssl x509 -noout -in /tmp/sssd-softhsm2-m6N4Q8/test-root-CA.pem 308s + cat 308s + intermediate_ca_key_pass=pass:random-intermediate-CA-password-28552 308s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-m6N4Q8/test-intermediate-CA-key.pem -passout pass:random-intermediate-CA-password-28552 1024 308s + openssl req -batch -new -nodes -passin pass:random-intermediate-CA-password-28552 -config /tmp/sssd-softhsm2-m6N4Q8/test-intermediate-CA.config -key /tmp/sssd-softhsm2-m6N4Q8/test-intermediate-CA-key.pem -passout pass:random-root-CA-password-31367 -sha256 -extensions v3_ca -out /tmp/sssd-softhsm2-m6N4Q8/test-intermediate-CA-certificate-request.pem 308s + openssl req -text -noout -in /tmp/sssd-softhsm2-m6N4Q8/test-intermediate-CA-certificate-request.pem 308s Certificate Request: 308s Data: 308s Version: 1 (0x0) 308s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 308s Subject Public Key Info: 308s Public Key Algorithm: rsaEncryption 308s Public-Key: (1024 bit) 308s Modulus: 308s 00:be:39:32:ee:93:48:cd:10:fd:af:03:66:70:4f: 308s ce:cf:92:fd:a7:b8:22:69:b7:20:73:cb:5b:fc:a2: 308s 02:72:a8:9f:46:ff:ac:f6:f5:c7:93:fc:c6:61:57: 308s 4d:09:5c:75:fd:54:22:c2:e8:6f:8e:f6:c3:e5:63: 308s 0f:8d:38:67:ed:b8:1e:48:fb:7e:e5:8c:91:e4:fb: 308s c7:92:a5:8a:07:29:ba:46:43:cd:6a:17:13:ba:ec: 308s 34:7f:76:11:36:ce:73:fc:30:62:be:ea:54:15:86: 308s 3a:5b:9e:7d:e0:e4:03:3d:dc:12:df:4f:76:1f:d1: 308s aa:94:f0:c4:ce:76:96:9a:8b 308s Exponent: 65537 (0x10001) 308s Attributes: 308s (none) 308s Requested Extensions: 308s Signature Algorithm: sha256WithRSAEncryption 308s Signature Value: 308s b4:12:09:4d:5c:3b:7d:f3:29:ac:41:34:dc:36:e0:b4:4c:7e: 308s 6f:07:04:e5:66:0f:e9:3f:db:0c:89:f9:5f:90:e5:c2:72:ef: 308s 12:4d:36:c0:ab:e8:86:28:2a:46:08:60:10:e0:f1:25:e9:c6: 308s 5e:f7:b5:a8:53:a3:d2:93:9d:16:31:1c:3d:b4:50:00:ea:6f: 308s 57:fd:b5:ec:ad:75:48:18:e9:f5:a9:f6:ed:95:8e:42:2b:1d: 308s ed:4d:6b:76:32:29:09:83:cc:19:b6:b0:cd:78:6c:1d:97:8b: 308s 1c:9d:43:c0:5a:da:55:61:25:58:4d:2d:f7:9a:04:63:59:c4: 308s e1:e5 308s + openssl ca -batch -notext -config /tmp/sssd-softhsm2-m6N4Q8/test-root-CA.config -passin pass:random-root-CA-password-31367 -keyfile /tmp/sssd-softhsm2-m6N4Q8/test-root-CA-key.pem -in /tmp/sssd-softhsm2-m6N4Q8/test-intermediate-CA-certificate-request.pem -days 365 -extensions v3_intermediate_ca -out /tmp/sssd-softhsm2-m6N4Q8/test-intermediate-CA.pem 308s Using configuration from /tmp/sssd-softhsm2-m6N4Q8/test-root-CA.config 308s Check that the request matches the signature 308s Signature ok 308s Certificate Details: 308s Serial Number: 1 (0x1) 308s Validity 308s Not Before: Mar 16 12:37:17 2024 GMT 308s Not After : Mar 16 12:37:17 2025 GMT 308s Subject: 308s organizationName = Test Organization 308s organizationalUnitName = Test Organization Unit 308s commonName = Test Organization Intermediate CA 308s X509v3 extensions: 308s X509v3 Subject Key Identifier: 308s 95:01:E1:5E:6A:AD:4E:14:90:70:01:A9:C0:A9:94:28:46:F9:B0:AF 308s X509v3 Authority Key Identifier: 308s keyid:55:0F:BB:06:42:FE:AB:4A:81:A0:5B:88:4D:C1:CA:02:E5:4F:76:86 308s DirName:/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root CA 308s serial:00 308s X509v3 Basic Constraints: 308s CA:TRUE 308s X509v3 Key Usage: critical 308s Digital Signature, Certificate Sign, CRL Sign 308s Certificate is to be certified until Mar 16 12:37:17 2025 GMT (365 days) 308s 308s Write out database with 1 new entries 308s Database updated 308s + openssl x509 -noout -in /tmp/sssd-softhsm2-m6N4Q8/test-intermediate-CA.pem 308s + openssl verify -CAfile /tmp/sssd-softhsm2-m6N4Q8/test-root-CA.pem /tmp/sssd-softhsm2-m6N4Q8/test-intermediate-CA.pem 308s /tmp/sssd-softhsm2-m6N4Q8/test-intermediate-CA.pem: OK 308s + cat 308s + sub_intermediate_ca_key_pass=pass:random-sub-intermediate-CA-password-20693 308s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-m6N4Q8/test-sub-intermediate-CA-key.pem -passout pass:random-sub-intermediate-CA-password-20693 1024 308s + openssl req -batch -new -nodes -passin pass:random-sub-intermediate-CA-password-20693 -config /tmp/sssd-softhsm2-m6N4Q8/test-sub-intermediate-CA.config -key /tmp/sssd-softhsm2-m6N4Q8/test-sub-intermediate-CA-key.pem -passout pass:random-intermediate-CA-password-28552 -sha256 -extensions v3_ca -out /tmp/sssd-softhsm2-m6N4Q8/test-sub-intermediate-CA-certificate-request.pem 308s + openssl req -text -noout -in /tmp/sssd-softhsm2-m6N4Q8/test-sub-intermediate-CA-certificate-request.pem 308s Certificate Request: 308s Data: 308s Version: 1 (0x0) 308s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 308s Subject Public Key Info: 308s Public Key Algorithm: rsaEncryption 308s Public-Key: (1024 bit) 308s Modulus: 308s 00:c7:79:59:02:ae:d6:21:64:03:e7:9f:41:05:67: 308s c1:5f:0d:8a:7d:8d:3f:60:4c:61:da:ca:a6:e3:5b: 308s 1c:ed:f1:9e:4b:ae:35:06:69:80:24:8b:19:6e:17: 308s a4:0f:ed:58:d1:c5:62:13:96:8a:dd:e6:00:fd:92: 308s 99:1c:54:a1:7d:12:a8:9b:56:be:e5:3c:f9:d8:ca: 308s f8:4c:31:79:65:40:c1:09:92:70:50:a5:be:5a:22: 308s f7:3e:f8:e0:f0:c5:2e:c2:50:20:55:04:cb:ce:8a: 308s d7:f8:42:d8:bd:87:4b:8f:73:da:5c:7f:2c:f8:d7: 308s f6:d6:48:2c:ae:ba:2c:bc:1d 308s Exponent: 65537 (0x10001) 308s Attributes: 308s (none) 308s Requested Extensions: 308s Signature Algorithm: sha256WithRSAEncryption 308s Signature Value: 308s a4:ef:a8:b8:80:3c:71:4f:5b:bf:cb:18:f6:bf:97:cc:6f:a0: 308s fc:2a:38:18:c3:bf:eb:9b:01:3b:cc:ef:da:d0:3f:2f:4c:cb: 308s 51:8d:04:13:2d:71:3f:05:44:f8:db:2e:7d:4d:0f:ce:1d:fc: 308s 4e:a5:9b:42:80:44:4b:64:a9:97:0c:e9:09:66:44:90:38:a0: 308s c3:1b:2c:26:51:4d:3b:63:e6:60:ab:80:cc:b3:d9:17:7b:65: 308s 62:ae:71:68:95:39:87:42:45:e2:f3:54:a4:d2:54:72:9c:43: 308s 7b:6c:d1:cb:21:55:97:5e:9b:9c:24:7b:bc:66:d5:54:41:fb: 308s 29:82 308s + openssl ca -batch -notext -config /tmp/sssd-softhsm2-m6N4Q8/test-intermediate-CA.config -passin pass:random-intermediate-CA-password-28552 -keyfile /tmp/sssd-softhsm2-m6N4Q8/test-intermediate-CA-key.pem -in /tmp/sssd-softhsm2-m6N4Q8/test-sub-intermediate-CA-certificate-request.pem -days 365 -extensions v3_intermediate_ca -out /tmp/sssd-softhsm2-m6N4Q8/test-sub-intermediate-CA.pem 308s Using configuration from /tmp/sssd-softhsm2-m6N4Q8/test-intermediate-CA.config 308s Check that the request matches the signature 308s Signature ok 308s Certificate Details: 308s Serial Number: 2 (0x2) 308s Validity 308s Not Before: Mar 16 12:37:17 2024 GMT 308s Not After : Mar 16 12:37:17 2025 GMT 308s Subject: 308s organizationName = Test Organization 308s organizationalUnitName = Test Organization Unit 308s commonName = Test Organization Sub Intermediate CA 308s X509v3 extensions: 308s X509v3 Subject Key Identifier: 308s 63:01:13:D6:3C:73:DF:D9:E6:BA:FF:38:95:EF:83:A4:6A:52:CD:F4 308s X509v3 Authority Key Identifier: 308s keyid:95:01:E1:5E:6A:AD:4E:14:90:70:01:A9:C0:A9:94:28:46:F9:B0:AF 308s DirName:/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root CA 308s serial:01 308s X509v3 Basic Constraints: 308s CA:TRUE 308s X509v3 Key Usage: critical 308s Digital Signature, Certificate Sign, CRL Sign 308s Certificate is to be certified until Mar 16 12:37:17 2025 GMT (365 days) 308s 308s Write out database with 1 new entries 308s Database updated 308s + openssl x509 -noout -in /tmp/sssd-softhsm2-m6N4Q8/test-sub-intermediate-CA.pem 308s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-m6N4Q8/test-intermediate-CA.pem /tmp/sssd-softhsm2-m6N4Q8/test-sub-intermediate-CA.pem 308s /tmp/sssd-softhsm2-m6N4Q8/test-sub-intermediate-CA.pem: OK 308s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-m6N4Q8/test-root-CA.pem /tmp/sssd-softhsm2-m6N4Q8/test-sub-intermediate-CA.pem 308s + local cmd=openssl 308s + shift 308s + openssl verify -CAfile /tmp/sssd-softhsm2-m6N4Q8/test-root-CA.pem /tmp/sssd-softhsm2-m6N4Q8/test-sub-intermediate-CA.pem 308s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 308s error 20 at 0 depth lookup: unable to get local issuer certificate 308s error /tmp/sssd-softhsm2-m6N4Q8/test-sub-intermediate-CA.pem: verification failed 308s + cat 308s + root_ca_trusted_cert_0001_key_pass=pass:random-root-ca-trusted-cert-0001-6164 308s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-m6N4Q8/test-root-CA-trusted-certificate-0001-key.pem -passout pass:random-root-ca-trusted-cert-0001-6164 1024 308s + openssl req -new -nodes -reqexts req_exts -passin pass:random-root-ca-trusted-cert-0001-6164 -key /tmp/sssd-softhsm2-m6N4Q8/test-root-CA-trusted-certificate-0001-key.pem -config /tmp/sssd-softhsm2-m6N4Q8/test-root-CA-trusted-certificate-0001.config -out /tmp/sssd-softhsm2-m6N4Q8/test-root-CA-trusted-certificate-0001-request.pem 308s + openssl req -text -noout -in /tmp/sssd-softhsm2-m6N4Q8/test-root-CA-trusted-certificate-0001-request.pem 308s Certificate Request: 308s Data: 308s Version: 1 (0x0) 308s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 308s Subject Public Key Info: 308s Public Key Algorithm: rsaEncryption 308s Public-Key: (1024 bit) 308s Modulus: 308s 00:c3:43:fe:dd:8b:f8:e6:b8:c0:54:28:d2:91:93: 308s 3d:e7:e8:f8:89:b3:d0:b8:d7:4f:92:b5:53:1f:00: 308s 2a:d9:2d:6d:bd:f5:02:57:e3:17:34:70:82:d2:1c: 308s 19:09:32:62:84:1b:ea:1f:2c:2c:12:79:b7:97:db: 308s de:fb:c0:ab:51:d9:a6:6a:1e:57:b1:73:60:93:5f: 308s f5:25:d9:af:20:a9:b5:94:28:22:28:e1:5a:25:88: 308s 0f:25:40:e6:20:e7:af:71:00:f3:3e:98:2b:a7:c5: 308s 59:1d:48:7e:98:29:67:4d:cf:38:53:96:10:c4:73: 308s e6:84:ae:24:1e:45:39:84:fb 308s Exponent: 65537 (0x10001) 308s Attributes: 308s Requested Extensions: 308s X509v3 Basic Constraints: 308s CA:FALSE 308s Netscape Cert Type: 308s SSL Client, S/MIME 308s Netscape Comment: 308s Test Organization Root CA trusted Certificate 308s X509v3 Subject Key Identifier: 308s B1:4F:C0:A5:4F:10:6A:48:52:A7:95:2C:20:7C:07:7E:60:18:14:67 308s X509v3 Key Usage: critical 308s Digital Signature, Non Repudiation, Key Encipherment 308s X509v3 Extended Key Usage: 308s TLS Web Client Authentication, E-mail Protection 308s X509v3 Subject Alternative Name: 308s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 308s Signature Algorithm: sha256WithRSAEncryption 308s Signature Value: 308s 3e:86:51:8b:b5:14:6c:03:ce:46:2a:34:c8:9f:9f:8e:63:98: 308s bb:16:6c:65:e1:99:b5:8f:7f:39:33:79:1e:7b:b4:49:4c:67: 308s d5:dc:40:df:7b:36:18:3e:60:96:63:6d:9f:e6:d7:7c:47:ad: 308s 1d:b1:6f:4f:f1:61:36:17:40:1f:4d:bc:61:e7:62:54:c7:d4: 308s ae:7b:dc:86:87:b5:d9:f8:fb:4f:59:74:c1:11:7e:88:32:24: 308s 94:09:e2:b9:1b:d6:81:15:81:ee:21:cb:11:ae:e3:8e:03:5a: 308s 02:5c:b6:e3:e4:ed:b2:de:4d:af:88:54:5c:d3:98:10:74:e2: 308s 08:a7 308s + openssl ca -batch -notext -config /tmp/sssd-softhsm2-m6N4Q8/test-root-CA.config -passin pass:random-root-CA-password-31367 -keyfile /tmp/sssd-softhsm2-m6N4Q8/test-root-CA-key.pem -in /tmp/sssd-softhsm2-m6N4Q8/test-root-CA-trusted-certificate-0001-request.pem -days 365 -extensions usr_cert -out /tmp/sssd-softhsm2-m6N4Q8/test-root-CA-trusted-certificate-0001.pem 308s Using configuration from /tmp/sssd-softhsm2-m6N4Q8/test-root-CA.config 308s Check that the request matches the signature 308s Signature ok 308s Certificate Details: 308s Serial Number: 3 (0x3) 308s Validity 308s Not Before: Mar 16 12:37:17 2024 GMT 308s Not After : Mar 16 12:37:17 2025 GMT 308s Subject: 308s organizationName = Test Organization 308s organizationalUnitName = Test Organization Unit 308s commonName = Test Organization Root Trusted Certificate 0001 308s X509v3 extensions: 308s X509v3 Authority Key Identifier: 308s 55:0F:BB:06:42:FE:AB:4A:81:A0:5B:88:4D:C1:CA:02:E5:4F:76:86 308s X509v3 Basic Constraints: 308s CA:FALSE 308s Netscape Cert Type: 308s SSL Client, S/MIME 308s Netscape Comment: 308s Test Organization Root CA trusted Certificate 308s X509v3 Subject Key Identifier: 308s B1:4F:C0:A5:4F:10:6A:48:52:A7:95:2C:20:7C:07:7E:60:18:14:67 308s X509v3 Key Usage: critical 308s Digital Signature, Non Repudiation, Key Encipherment 308s X509v3 Extended Key Usage: 308s TLS Web Client Authentication, E-mail Protection 308s X509v3 Subject Alternative Name: 308s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 308s Certificate is to be certified until Mar 16 12:37:17 2025 GMT (365 days) 308s 308s Write out database with 1 new entries 308s Database updated 308s + openssl x509 -noout -in /tmp/sssd-softhsm2-m6N4Q8/test-root-CA-trusted-certificate-0001.pem 308s + openssl verify -CAfile /tmp/sssd-softhsm2-m6N4Q8/test-root-CA.pem /tmp/sssd-softhsm2-m6N4Q8/test-root-CA-trusted-certificate-0001.pem 308s /tmp/sssd-softhsm2-m6N4Q8/test-root-CA-trusted-certificate-0001.pem: OK 308s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-m6N4Q8/test-intermediate-CA.pem /tmp/sssd-softhsm2-m6N4Q8/test-root-CA-trusted-certificate-0001.pem 308s + local cmd=openssl 308s + shift 308s + openssl verify -CAfile /tmp/sssd-softhsm2-m6N4Q8/test-intermediate-CA.pem /tmp/sssd-softhsm2-m6N4Q8/test-root-CA-trusted-certificate-0001.pem 308s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 308s error 20 at 0 depth lookup: unable to get local issuer certificate 308s error /tmp/sssd-softhsm2-m6N4Q8/test-root-CA-trusted-certificate-0001.pem: verification failed 308s + cat 308s + intermediate_ca_trusted_cert_0001_key_pass=pass:random-intermediate-ca-trusted-cert-0001-19449 308s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-m6N4Q8/test-intermediate-CA-trusted-certificate-0001-key.pem -passout pass:random-intermediate-ca-trusted-cert-0001-19449 1024 308s + openssl req -new -nodes -reqexts req_exts -passin pass:random-intermediate-ca-trusted-cert-0001-19449 -key /tmp/sssd-softhsm2-m6N4Q8/test-intermediate-CA-trusted-certificate-0001-key.pem -config /tmp/sssd-softhsm2-m6N4Q8/test-intermediate-CA-trusted-certificate-0001.config -out /tmp/sssd-softhsm2-m6N4Q8/test-intermediate-CA-trusted-certificate-0001-request.pem 308s + openssl req -text -noout -in /tmp/sssd-softhsm2-m6N4Q8/test-intermediate-CA-trusted-certificate-0001-request.pem 308s Certificate Request: 308s Data: 308s Version: 1 (0x0) 308s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 308s Subject Public Key Info: 308s Public Key Algorithm: rsaEncryption 308s Public-Key: (1024 bit) 308s Modulus: 308s 00:a6:a9:64:cc:8c:f0:a3:49:5a:e3:7a:f8:8c:ca: 308s 7b:d6:88:d8:db:c9:98:d5:46:00:eb:6e:34:df:97: 308s 8d:7a:30:fe:01:63:12:2c:81:90:3e:d1:89:6b:5a: 308s 5c:8d:1c:52:fb:3e:79:b2:81:01:4e:60:62:fc:7d: 308s dc:7c:b1:78:a5:7b:20:9a:81:04:0e:f6:b1:b5:ab: 308s 2f:5f:1b:b7:7a:9d:eb:6d:dc:f2:45:48:f2:94:a9: 308s c0:eb:c2:43:7e:9f:cc:04:ae:c7:dd:30:33:8c:32: 308s 74:15:b6:72:17:e0:38:69:73:31:e5:26:9f:3b:4d: 308s 20:0f:ef:27:58:aa:72:ab:41 308s Exponent: 65537 (0x10001) 308s Attributes: 308s Requested Extensions: 308s X509v3 Basic Constraints: 308s CA:FALSE 308s Netscape Cert Type: 308s SSL Client, S/MIME 308s Netscape Comment: 308s Test Organization Intermediate CA trusted Certificate 308s X509v3 Subject Key Identifier: 308s 09:9F:D3:C6:7E:A9:C8:44:85:FE:92:C7:F9:A4:43:F1:B2:06:0B:02 308s X509v3 Key Usage: critical 308s Digital Signature, Non Repudiation, Key Encipherment 308s X509v3 Extended Key Usage: 308s TLS Web Client Authentication, E-mail Protection 308s X509v3 Subject Alternative Name: 308s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 308s Signature Algorithm: sha256WithRSAEncryption 308s Signature Value: 308s 26:cb:f2:c5:1a:93:21:18:fc:b7:33:ed:ec:d3:b6:de:53:59: 308s d2:85:09:b8:91:7f:48:99:9d:59:3e:71:3d:e6:46:92:ac:9f: 308s e7:e6:32:6a:a1:47:f4:70:6b:69:ba:16:f7:e6:f5:47:73:6f: 308s 8f:65:38:3a:22:57:45:42:cf:4b:bc:dc:c1:7f:8f:99:a8:62: 308s 7a:7a:e2:57:0d:7f:62:67:b1:ed:5c:d9:85:30:95:d9:39:56: 308s e0:1e:22:22:6a:c5:0c:4c:cb:93:03:e6:ab:d7:c8:a0:0b:15: 308s c6:ea:1e:a4:0f:a6:20:09:30:d0:40:40:bc:3f:cd:80:13:6a: 308s b5:8e 308s + openssl ca -passin pass:random-intermediate-CA-password-28552 -config /tmp/sssd-softhsm2-m6N4Q8/test-intermediate-CA.config -batch -notext -keyfile /tmp/sssd-softhsm2-m6N4Q8/test-intermediate-CA-key.pem -in /tmp/sssd-softhsm2-m6N4Q8/test-intermediate-CA-trusted-certificate-0001-request.pem -days 365 -extensions usr_cert -out /tmp/sssd-softhsm2-m6N4Q8/test-intermediate-CA-trusted-certificate-0001.pem 308s Using configuration from /tmp/sssd-softhsm2-m6N4Q8/test-intermediate-CA.config 308s Check that the request matches the signature 308s Signature ok 308s Certificate Details: 308s Serial Number: 4 (0x4) 308s Validity 308s Not Before: Mar 16 12:37:17 2024 GMT 308s Not After : Mar 16 12:37:17 2025 GMT 308s Subject: 308s organizationName = Test Organization 308s organizationalUnitName = Test Organization Unit 308s commonName = Test Organization Intermediate Trusted Certificate 0001 308s X509v3 extensions: 308s X509v3 Authority Key Identifier: 308s 95:01:E1:5E:6A:AD:4E:14:90:70:01:A9:C0:A9:94:28:46:F9:B0:AF 308s X509v3 Basic Constraints: 308s CA:FALSE 308s Netscape Cert Type: 308s SSL Client, S/MIME 308s Netscape Comment: 308s Test Organization Intermediate CA trusted Certificate 308s X509v3 Subject Key Identifier: 308s 09:9F:D3:C6:7E:A9:C8:44:85:FE:92:C7:F9:A4:43:F1:B2:06:0B:02 308s X509v3 Key Usage: critical 308s Digital Signature, Non Repudiation, Key Encipherment 308s X509v3 Extended Key Usage: 308s TLS Web Client Authentication, E-mail Protection 308s X509v3 Subject Alternative Name: 308s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 308s Certificate is to be certified until Mar 16 12:37:17 2025 GMT (365 days) 308s 308s Write out database with 1 new entries 308s Database updated 308s + openssl x509 -noout -in /tmp/sssd-softhsm2-m6N4Q8/test-intermediate-CA-trusted-certificate-0001.pem 308s This certificate should not be trusted fully 308s + echo 'This certificate should not be trusted fully' 308s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-m6N4Q8/test-intermediate-CA.pem /tmp/sssd-softhsm2-m6N4Q8/test-intermediate-CA-trusted-certificate-0001.pem 308s + local cmd=openssl 308s + shift 308s + openssl verify -CAfile /tmp/sssd-softhsm2-m6N4Q8/test-intermediate-CA.pem /tmp/sssd-softhsm2-m6N4Q8/test-intermediate-CA-trusted-certificate-0001.pem 308s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 308s error 2 at 1 depth lookup: unable to get issuer certificate 308s error /tmp/sssd-softhsm2-m6N4Q8/test-intermediate-CA-trusted-certificate-0001.pem: verification failed 308s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-m6N4Q8/test-intermediate-CA.pem /tmp/sssd-softhsm2-m6N4Q8/test-intermediate-CA-trusted-certificate-0001.pem 308s /tmp/sssd-softhsm2-m6N4Q8/test-intermediate-CA-trusted-certificate-0001.pem: OK 308s + cat 308s + sub_intermediate_ca_trusted_cert_0001_key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-11008 308s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-m6N4Q8/test-sub-intermediate-CA-trusted-certificate-0001-key.pem -passout pass:random-sub-intermediate-ca-trusted-cert-0001-11008 1024 308s + openssl req -new -nodes -reqexts req_exts -passin pass:random-sub-intermediate-ca-trusted-cert-0001-11008 -key /tmp/sssd-softhsm2-m6N4Q8/test-sub-intermediate-CA-trusted-certificate-0001-key.pem -config /tmp/sssd-softhsm2-m6N4Q8/test-sub-intermediate-CA-trusted-certificate-0001.config -out /tmp/sssd-softhsm2-m6N4Q8/test-sub-intermediate-CA-trusted-certificate-0001-request.pem 308s + openssl req -text -noout -in /tmp/sssd-softhsm2-m6N4Q8/test-sub-intermediate-CA-trusted-certificate-0001-request.pem 308s Certificate Request: 308s Data: 308s Version: 1 (0x0) 308s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 308s Subject Public Key Info: 308s Public Key Algorithm: rsaEncryption 308s Public-Key: (1024 bit) 308s Modulus: 308s 00:ca:bb:63:59:a3:42:3b:55:3e:ed:a4:d9:e8:16: 308s 5e:4b:c8:c3:43:2b:3a:96:d3:e3:5b:2b:ec:30:e7: 308s f2:89:6f:b6:76:b6:9e:0a:86:d3:d6:2f:26:04:5d: 308s 8a:01:88:1c:65:e7:a0:6f:15:6e:8d:94:1d:b5:22: 308s 34:31:ea:7b:fe:6a:5e:45:d1:00:6a:b6:68:dd:2f: 308s cf:10:9e:e2:eb:2a:f8:e2:81:ac:7e:3c:07:a9:14: 308s 77:56:70:4a:1a:42:78:d9:ac:41:a1:1c:24:e6:8b: 308s 9e:4e:0e:fb:5d:8a:ec:44:48:63:48:c7:13:a6:68: 308s de:5d:e9:35:6a:5f:95:b8:73 308s Exponent: 65537 (0x10001) 308s Attributes: 308s Requested Extensions: 308s X509v3 Basic Constraints: 308s CA:FALSE 308s Netscape Cert Type: 308s SSL Client, S/MIME 308s Netscape Comment: 308s Test Organization Sub Intermediate CA trusted Certificate 308s X509v3 Subject Key Identifier: 308s 70:17:4D:BF:9B:AC:82:6D:51:32:9A:FB:72:79:7E:4C:B7:B2:7C:E8 308s X509v3 Key Usage: critical 308s Digital Signature, Non Repudiation, Key Encipherment 308s X509v3 Extended Key Usage: 308s TLS Web Client Authentication, E-mail Protection 308s X509v3 Subject Alternative Name: 308s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 308s Signature Algorithm: sha256WithRSAEncryption 308s Signature Value: 308s 51:2e:86:93:3f:cc:14:25:b1:7d:5a:80:29:62:5b:d8:70:ed: 308s fc:bf:62:b4:04:b5:2e:59:46:cb:8f:86:8e:71:e0:29:31:3b: 308s d8:41:c1:5e:3e:42:02:e7:36:52:80:af:54:81:d7:c9:df:6f: 308s 5f:73:4f:79:f8:2f:0c:c4:79:ea:d3:eb:2d:3b:72:d3:c9:47: 308s a4:f0:8a:ed:9a:9e:83:26:2e:69:c8:b2:f3:05:97:a4:04:60: 308s ec:09:3e:96:dd:3f:4e:bd:77:99:c4:85:e4:46:56:45:b0:a9: 308s e7:8e:a4:6b:a2:9f:f6:7e:da:f7:3d:c8:91:ef:61:3a:00:18: 308s 15:6b 308s + openssl ca -passin pass:random-sub-intermediate-CA-password-20693 -config /tmp/sssd-softhsm2-m6N4Q8/test-sub-intermediate-CA.config -batch -notext -keyfile /tmp/sssd-softhsm2-m6N4Q8/test-sub-intermediate-CA-key.pem -in /tmp/sssd-softhsm2-m6N4Q8/test-sub-intermediate-CA-trusted-certificate-0001-request.pem -days 365 -extensions usr_cert -out /tmp/sssd-softhsm2-m6N4Q8/test-sub-intermediate-CA-trusted-certificate-0001.pem 308s Using configuration from /tmp/sssd-softhsm2-m6N4Q8/test-sub-intermediate-CA.config 308s Check that the request matches the signature 308s Signature ok 308s Certificate Details: 308s Serial Number: 5 (0x5) 308s Validity 308s Not Before: Mar 16 12:37:17 2024 GMT 308s Not After : Mar 16 12:37:17 2025 GMT 308s Subject: 308s organizationName = Test Organization 308s organizationalUnitName = Test Organization Unit 308s commonName = Test Organization Sub Intermediate Trusted Certificate 0001 308s X509v3 extensions: 308s X509v3 Authority Key Identifier: 308s 63:01:13:D6:3C:73:DF:D9:E6:BA:FF:38:95:EF:83:A4:6A:52:CD:F4 308s X509v3 Basic Constraints: 308s CA:FALSE 308s Netscape Cert Type: 308s SSL Client, S/MIME 308s Netscape Comment: 308s Test Organization Sub Intermediate CA trusted Certificate 308s X509v3 Subject Key Identifier: 308s 70:17:4D:BF:9B:AC:82:6D:51:32:9A:FB:72:79:7E:4C:B7:B2:7C:E8 308s X509v3 Key Usage: critical 308s Digital Signature, Non Repudiation, Key Encipherment 308s X509v3 Extended Key Usage: 308s TLS Web Client Authentication, E-mail Protection 308s X509v3 Subject Alternative Name: 308s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 308s Certificate is to be certified until Mar 16 12:37:17 2025 GMT (365 days) 308s 308s Write out database with 1 new entries 308s Database updated 308s + openssl x509 -noout -in /tmp/sssd-softhsm2-m6N4Q8/test-sub-intermediate-CA-trusted-certificate-0001.pem 309s This certificate should not be trusted fully 309s + echo 'This certificate should not be trusted fully' 309s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-m6N4Q8/test-sub-intermediate-CA.pem /tmp/sssd-softhsm2-m6N4Q8/test-sub-intermediate-CA-trusted-certificate-0001.pem 309s + local cmd=openssl 309s + shift 309s + openssl verify -CAfile /tmp/sssd-softhsm2-m6N4Q8/test-sub-intermediate-CA.pem /tmp/sssd-softhsm2-m6N4Q8/test-sub-intermediate-CA-trusted-certificate-0001.pem 309s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 309s error 2 at 1 depth lookup: unable to get issuer certificate 309s error /tmp/sssd-softhsm2-m6N4Q8/test-sub-intermediate-CA-trusted-certificate-0001.pem: verification failed 309s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-m6N4Q8/test-intermediate-CA.pem /tmp/sssd-softhsm2-m6N4Q8/test-sub-intermediate-CA-trusted-certificate-0001.pem 309s + local cmd=openssl 309s + shift 309s + openssl verify -CAfile /tmp/sssd-softhsm2-m6N4Q8/test-intermediate-CA.pem /tmp/sssd-softhsm2-m6N4Q8/test-sub-intermediate-CA-trusted-certificate-0001.pem 309s O = Test O/tmp/sssd-softhsm2-m6N4Q8/test-sub-intermediate-CA-trusted-certificate-0001.pem: OK 309s rganization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 309s error 20 at 0 depth lookup: unable to get local issuer certificate 309s error /tmp/sssd-softhsm2-m6N4Q8/test-sub-intermediate-CA-trusted-certificate-0001.pem: verification failed 309s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-m6N4Q8/test-sub-intermediate-CA.pem /tmp/sssd-softhsm2-m6N4Q8/test-sub-intermediate-CA-trusted-certificate-0001.pem 309s + expect_fail openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-m6N4Q8/test-intermediate-CA.pem /tmp/sssd-softhsm2-m6N4Q8/test-sub-intermediate-CA-trusted-certificate-0001.pem 309s + local cmd=openssl 309s + shift 309s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-m6N4Q8/test-intermediate-CA.pem /tmp/sssd-softhsm2-m6N4Q8/test-sub-intermediate-CA-trusted-certificate-0001.pem 309s O = Test Organization, OU = Test Organization Unit, CN = Test OrganizatBuilding a the full-chain CA file... 309s ion Sub Intermediate Trusted Certificate 0001 309s error 20 at 0 depth lookup: unable to get local issuer certificate 309s error /tmp/sssd-softhsm2-m6N4Q8/test-sub-intermediate-CA-trusted-certificate-0001.pem: verification failed 309s + echo 'Building a the full-chain CA file...' 309s + cat /tmp/sssd-softhsm2-m6N4Q8/test-root-CA.pem /tmp/sssd-softhsm2-m6N4Q8/test-intermediate-CA.pem /tmp/sssd-softhsm2-m6N4Q8/test-sub-intermediate-CA.pem 309s + cat /tmp/sssd-softhsm2-m6N4Q8/test-root-CA.pem /tmp/sssd-softhsm2-m6N4Q8/test-intermediate-CA.pem 309s + cat /tmp/sssd-softhsm2-m6N4Q8/test-intermediate-CA.pem /tmp/sssd-softhsm2-m6N4Q8/test-sub-intermediate-CA.pem 309s + openssl crl2pkcs7 -nocrl -certfile /tmp/sssd-softhsm2-m6N4Q8/test-full-chain-CA.pem 309s + openssl pkcs7 -print_certs -noout 309s subject=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 309s issuer=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 309s 309s subject=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 309s issuer=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 309s 309s subject=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 309s issuer=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 309s 309s + openssl verify -CAfile /tmp/sssd-softhsm2-m6N4Q8/test-full-chain-CA.pem /tmp/sssd-softhsm2-m6N4Q8/test-intermediate-CA.pem 309s /tmp/sssd-softhsm2-m6N4Q8/test-intermediate-CA.pem: OK 309s + openssl verify -CAfile /tmp/sssd-softhsm2-m6N4Q8/test-full-chain-CA.pem /tmp/sssd-softhsm2-m6N4Q8/test-root-CA-trusted-certificate-0001.pem 309s /tmp/sssd-softhsm2-m6N4Q8/test-root-CA-trusted-certificate-0001.pem: OK 309s + openssl verify -CAfile /tmp/sssd-softhsm2-m6N4Q8/test-full-chain-CA.pem /tmp/sssd-softhsm2-m6N4Q8/test-intermediate-CA-trusted-certificate-0001.pem 309s /tmp/sssd-softhsm2-m6N4Q8/test-intermediate-CA-trusted-certificate-0001.pem: OK 309s + openssl verify -CAfile /tmp/sssd-softhsm2-m6N4Q8/test-full-chain-CA.pem /tmp/sssd-softhsm2-m6N4Q8/test-root-intermediate-chain-CA.pem 309s /tmp/sssd-softhsm2-m6N4Q8/test-root-intermediate-chain-CA.pem: OK 309s + openssl verify -CAfile /tmp/sssd-softhsm2-m6N4Q8/test-full-chain-CA.pem /tmp/sssd-softhsm2-m6N4Q8/test-sub-intermediate-CA-trusted-certificate-0001.pem 309s /tmp/sssd-softhsm2-m6N4Q8/test-sub-intermediate-CA-trusted-certificate-0001.pem: OK 309s + echo 'Certificates generation completed!' 309s Certificates generation completed! 309s + [[ -v NO_SSSD_TESTS ]] 309s + invalid_certificate /tmp/sssd-softhsm2-m6N4Q8/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-6164 /dev/null 309s + check_certificate /tmp/sssd-softhsm2-m6N4Q8/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-6164 /dev/null 309s + local certificate=/tmp/sssd-softhsm2-m6N4Q8/test-root-CA-trusted-certificate-0001.pem 309s + local key_pass=pass:random-root-ca-trusted-cert-0001-6164 309s + local key_ring=/dev/null 309s + local verify_option= 309s + prepare_softhsm2_card /tmp/sssd-softhsm2-m6N4Q8/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-6164 309s + local certificate=/tmp/sssd-softhsm2-m6N4Q8/test-root-CA-trusted-certificate-0001.pem 309s + local key_pass=pass:random-root-ca-trusted-cert-0001-6164 309s + local key_cn 309s + local key_name 309s + local tokens_dir 309s + local output_cert_file 309s + token_name= 309s ++ basename /tmp/sssd-softhsm2-m6N4Q8/test-root-CA-trusted-certificate-0001.pem .pem 309s + key_name=test-root-CA-trusted-certificate-0001 309s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-m6N4Q8/test-root-CA-trusted-certificate-0001.pem 309s ++ sed -n 's/ *commonName *= //p' 309s + key_cn='Test Organization Root Trusted Certificate 0001' 309s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 309s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-m6N4Q8/softhsm2-test-root-CA-trusted-certificate-0001.conf 309s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-m6N4Q8/softhsm2-test-root-CA-trusted-certificate-0001.conf 309s ++ basename /tmp/sssd-softhsm2-m6N4Q8/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 309s + tokens_dir=/tmp/sssd-softhsm2-m6N4Q8/softhsm2-test-root-CA-trusted-certificate-0001 309s + token_name='Test Organization Root Tr Token' 309s + '[' '!' -e /tmp/sssd-softhsm2-m6N4Q8/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 309s + local key_file 309s + local decrypted_key 309s + mkdir -p /tmp/sssd-softhsm2-m6N4Q8/softhsm2-test-root-CA-trusted-certificate-0001 309s + key_file=/tmp/sssd-softhsm2-m6N4Q8/test-root-CA-trusted-certificate-0001-key.pem 309s + decrypted_key=/tmp/sssd-softhsm2-m6N4Q8/test-root-CA-trusted-certificate-0001-key-decrypted.pem 309s + cat 309s + softhsm2-util --init-token --label 'Test Organization Root Tr Token' --pin 053350 --so-pin 053350 --free 309s Slot 0 has a free/uninitialized token. 309s The token has been initialized and is reassigned to slot 1009590592 309s + softhsm2-util --show-slots 309s Available slots: 309s Slot 1009590592 309s Slot info: 309s Description: SoftHSM slot ID 0x3c2d2140 309s Manufacturer ID: SoftHSM project 309s Hardware version: 2.6 309s Firmware version: 2.6 309s Token present: yes 309s Token info: 309s Manufacturer ID: SoftHSM project 309s Model: SoftHSM v2 309s Hardware version: 2.6 309s Firmware version: 2.6 309s Serial number: 0b432a833c2d2140 309s Initialized: yes 309s User PIN init.: yes 309s Label: Test Organization Root Tr Token 309s Slot 1 309s Slot info: 309s Description: SoftHSM slot ID 0x1 309s Manufacturer ID: SoftHSM project 309s Hardware version: 2.6 309s Firmware version: 2.6 309s Token present: yes 309s Token info: 309s Manufacturer ID: SoftHSM project 309s Model: SoftHSM v2 309s Hardware version: 2.6 309s Firmware version: 2.6 309s Serial number: 309s Initialized: no 309s User PIN init.: no 309s Label: 309s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=/tmp/sssd-softhsm2-m6N4Q8/test-root-CA-trusted-certificate-0001.pem --login --set-pin=053350 --label 'Test Organization Root Trusted Certificate 0001' --id 00112233445566778899FFAABBCCDDEEFF012345 309s + openssl rsa -passin pass:random-root-ca-trusted-cert-0001-6164 -in /tmp/sssd-softhsm2-m6N4Q8/test-root-CA-trusted-certificate-0001-key.pem -out /tmp/sssd-softhsm2-m6N4Q8/test-root-CA-trusted-certificate-0001-key-decrypted.pem 309s writing RSA key 309s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --write --load-privkey=/tmp/sssd-softhsm2-m6N4Q8/test-root-CA-trusted-certificate-0001-key-decrypted.pem --login --set-pin=053350 --label 'Test Organization Root Trusted Certificate 0001 Key' --id 00112233445566778899FFAABBCCDDEEFF012345 309s + rm /tmp/sssd-softhsm2-m6N4Q8/test-root-CA-trusted-certificate-0001-key-decrypted.pem 309s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --list-all 309s Object 0: 309s URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=0b432a833c2d2140;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert 309s Type: X.509 Certificate (RSA-1024) 309s Expires: Sun Mar 16 12:37:17 2025 309s Label: Test Organization Root Trusted Certificate 0001 309s ID: 00:11:22:33:44:55:66:77:88:99:ff:aa:bb:cc:dd:ee:ff:01:23:45 309s 309s Test Organization Root Tr Token 309s + echo 'Test Organization Root Tr Token' 309s + '[' -n '' ']' 309s + local output_base_name=SSSD-child-30340 309s + local output_file=/tmp/sssd-softhsm2-m6N4Q8/SSSD-child-30340.output 309s + output_cert_file=/tmp/sssd-softhsm2-m6N4Q8/SSSD-child-30340.pem 309s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/dev/null 309s [p11_child[3180]] [main] (0x0400): p11_child started. 309s [p11_child[3180]] [main] (0x2000): Running in [pre-auth] mode. 309s [p11_child[3180]] [main] (0x2000): Running with effective IDs: [0][0]. 309s [p11_child[3180]] [main] (0x2000): Running with real IDs [0][0]. 309s [p11_child[3180]] [init_verification] (0x0040): X509_LOOKUP_load_file [/dev/null] failed [92274824][error:05800088:x509 certificate routines::no certificate or crl found]. 309s [p11_child[3180]] [do_work] (0x0040): init_verification failed. 309s [p11_child[3180]] [main] (0x0020): p11_child failed (5) 309s + return 2 309s + valid_certificate /tmp/sssd-softhsm2-m6N4Q8/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-6164 /dev/null no_verification 309s + check_certificate /tmp/sssd-softhsm2-m6N4Q8/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-6164 /dev/null no_verification 309s + local certificate=/tmp/sssd-softhsm2-m6N4Q8/test-root-CA-trusted-certificate-0001.pem 309s + local key_pass=pass:random-root-ca-trusted-cert-0001-6164 309s + local key_ring=/dev/null 309s + local verify_option=no_verification 309s + prepare_softhsm2_card /tmp/sssd-softhsm2-m6N4Q8/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-6164 309s + local certificate=/tmp/sssd-softhsm2-m6N4Q8/test-root-CA-trusted-certificate-0001.pem 309s + local key_pass=pass:random-root-ca-trusted-cert-0001-6164 309s + local key_cn 309s + local key_name 309s + local tokens_dir 309s + local output_cert_file 309s + token_name= 309s ++ basename /tmp/sssd-softhsm2-m6N4Q8/test-root-CA-trusted-certificate-0001.pem .pem 309s + key_name=test-root-CA-trusted-certificate-0001 309s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-m6N4Q8/test-root-CA-trusted-certificate-0001.pem 309s ++ sed -n 's/ *commonName *= //p' 309s + key_cn='Test Organization Root Trusted Certificate 0001' 309s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 309s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-m6N4Q8/softhsm2-test-root-CA-trusted-certificate-0001.conf 309s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-m6N4Q8/softhsm2-test-root-CA-trusted-certificate-0001.conf 309s ++ basename /tmp/sssd-softhsm2-m6N4Q8/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 309s Test Organization Root Tr Token 309s + tokens_dir=/tmp/sssd-softhsm2-m6N4Q8/softhsm2-test-root-CA-trusted-certificate-0001 309s + token_name='Test Organization Root Tr Token' 309s + '[' '!' -e /tmp/sssd-softhsm2-m6N4Q8/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 309s + '[' '!' -d /tmp/sssd-softhsm2-m6N4Q8/softhsm2-test-root-CA-trusted-certificate-0001 ']' 309s + echo 'Test Organization Root Tr Token' 309s + '[' -n no_verification ']' 309s + local verify_arg=--verify=no_verification 309s + local output_base_name=SSSD-child-12722 309s + local output_file=/tmp/sssd-softhsm2-m6N4Q8/SSSD-child-12722.output 309s + output_cert_file=/tmp/sssd-softhsm2-m6N4Q8/SSSD-child-12722.pem 309s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --verify=no_verification --ca_db=/dev/null 309s [p11_child[3186]] [main] (0x0400): p11_child started. 309s [p11_child[3186]] [main] (0x2000): Running in [pre-auth] mode. 309s [p11_child[3186]] [main] (0x2000): Running with effective IDs: [0][0]. 309s [p11_child[3186]] [main] (0x2000): Running with real IDs [0][0]. 309s [p11_child[3186]] [parse_cert_verify_opts] (0x0020): Found 'no_verification' option, disabling verification completely. This should not be used in production. 309s [p11_child[3186]] [do_card] (0x4000): Module List: 309s [p11_child[3186]] [do_card] (0x4000): common name: [softhsm2]. 309s [p11_child[3186]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 309s [p11_child[3186]] [do_card] (0x4000): Description [SoftHSM slot ID 0x3c2d2140] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 309s [p11_child[3186]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 309s [p11_child[3186]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x3c2d2140][1009590592] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 309s [p11_child[3186]] [do_card] (0x4000): Login NOT required. 309s [p11_child[3186]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 309s [p11_child[3186]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Root Tr Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 309s [p11_child[3186]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x3c2d2140;slot-manufacturer=SoftHSM%20project;slot-id=1009590592;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=0b432a833c2d2140;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 309s [p11_child[3186]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 309s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-m6N4Q8/SSSD-child-12722.output 309s + echo '-----BEGIN CERTIFICATE-----' 309s + tail -n1 /tmp/sssd-softhsm2-m6N4Q8/SSSD-child-12722.output 309s + echo '-----END CERTIFICATE-----' 309s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-m6N4Q8/SSSD-child-12722.pem 309s Certificate: 309s Data: 309s Version: 3 (0x2) 309s Serial Number: 3 (0x3) 309s Signature Algorithm: sha256WithRSAEncryption 309s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 309s Validity 309s Not Before: Mar 16 12:37:17 2024 GMT 309s Not After : Mar 16 12:37:17 2025 GMT 309s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 309s Subject Public Key Info: 309s Public Key Algorithm: rsaEncryption 309s Public-Key: (1024 bit) 309s Modulus: 309s 00:c3:43:fe:dd:8b:f8:e6:b8:c0:54:28:d2:91:93: 309s 3d:e7:e8:f8:89:b3:d0:b8:d7:4f:92:b5:53:1f:00: 309s 2a:d9:2d:6d:bd:f5:02:57:e3:17:34:70:82:d2:1c: 309s 19:09:32:62:84:1b:ea:1f:2c:2c:12:79:b7:97:db: 309s de:fb:c0:ab:51:d9:a6:6a:1e:57:b1:73:60:93:5f: 309s f5:25:d9:af:20:a9:b5:94:28:22:28:e1:5a:25:88: 309s 0f:25:40:e6:20:e7:af:71:00:f3:3e:98:2b:a7:c5: 309s 59:1d:48:7e:98:29:67:4d:cf:38:53:96:10:c4:73: 309s e6:84:ae:24:1e:45:39:84:fb 309s Exponent: 65537 (0x10001) 309s X509v3 extensions: 309s X509v3 Authority Key Identifier: 309s 55:0F:BB:06:42:FE:AB:4A:81:A0:5B:88:4D:C1:CA:02:E5:4F:76:86 309s X509v3 Basic Constraints: 309s CA:FALSE 309s Netscape Cert Type: 309s SSL Client, S/MIME 309s Netscape Comment: 309s Test Organization Root CA trusted Certificate 309s X509v3 Subject Key Identifier: 309s B1:4F:C0:A5:4F:10:6A:48:52:A7:95:2C:20:7C:07:7E:60:18:14:67 309s X509v3 Key Usage: critical 309s Digital Signature, Non Repudiation, Key Encipherment 309s X509v3 Extended Key Usage: 309s TLS Web Client Authentication, E-mail Protection 309s X509v3 Subject Alternative Name: 309s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 309s Signature Algorithm: sha256WithRSAEncryption 309s Signature Value: 309s 0a:fa:93:1a:f7:56:02:08:2f:b6:c1:a3:1f:29:e1:a7:3f:a1: 309s dd:58:27:52:bb:ea:7a:5e:e3:4a:21:17:61:f9:05:65:fa:8c: 309s 3f:df:e7:e8:7d:c3:0e:2f:fb:e9:e0:8e:d7:0f:64:dc:b8:89: 309s 36:db:a2:cc:5b:e5:3f:8f:6f:b0:d4:eb:f6:a0:c4:7c:8d:9b: 309s a5:40:1c:3d:ee:b1:7b:cd:aa:ca:f1:bf:cf:fd:09:3e:ac:6b: 309s 44:77:60:ba:3a:e9:39:91:fd:5b:86:03:46:b6:fd:65:30:37: 309s 9a:bc:d4:db:a6:d7:52:f7:2d:c6:99:31:a9:3b:ab:ca:d7:2b: 309s 73:0a 309s + local found_md5 expected_md5 309s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-m6N4Q8/test-root-CA-trusted-certificate-0001.pem 309s + expected_md5=Modulus=C343FEDD8BF8E6B8C05428D291933DE7E8F889B3D0B8D74F92B5531F002AD92D6DBDF50257E317347082D21C19093262841BEA1F2C2C1279B797DBDEFBC0AB51D9A66A1E57B17360935FF525D9AF20A9B594282228E15A25880F2540E620E7AF7100F33E982BA7C5591D487E9829674DCF38539610C473E684AE241E453984FB 309s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-m6N4Q8/SSSD-child-12722.pem 309s + found_md5=Modulus=C343FEDD8BF8E6B8C05428D291933DE7E8F889B3D0B8D74F92B5531F002AD92D6DBDF50257E317347082D21C19093262841BEA1F2C2C1279B797DBDEFBC0AB51D9A66A1E57B17360935FF525D9AF20A9B594282228E15A25880F2540E620E7AF7100F33E982BA7C5591D487E9829674DCF38539610C473E684AE241E453984FB 309s + '[' Modulus=C343FEDD8BF8E6B8C05428D291933DE7E8F889B3D0B8D74F92B5531F002AD92D6DBDF50257E317347082D21C19093262841BEA1F2C2C1279B797DBDEFBC0AB51D9A66A1E57B17360935FF525D9AF20A9B594282228E15A25880F2540E620E7AF7100F33E982BA7C5591D487E9829674DCF38539610C473E684AE241E453984FB '!=' Modulus=C343FEDD8BF8E6B8C05428D291933DE7E8F889B3D0B8D74F92B5531F002AD92D6DBDF50257E317347082D21C19093262841BEA1F2C2C1279B797DBDEFBC0AB51D9A66A1E57B17360935FF525D9AF20A9B594282228E15A25880F2540E620E7AF7100F33E982BA7C5591D487E9829674DCF38539610C473E684AE241E453984FB ']' 309s + output_file=/tmp/sssd-softhsm2-m6N4Q8/SSSD-child-12722-auth.output 309s ++ basename /tmp/sssd-softhsm2-m6N4Q8/SSSD-child-12722-auth.output .output 309s + output_cert_file=/tmp/sssd-softhsm2-m6N4Q8/SSSD-child-12722-auth.pem 309s + echo -n 053350 309s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/dev/null --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=no_verification --token_name 'Test Organization Root Tr Token' --module_name /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so 309s [p11_child[3194]] [main] (0x0400): p11_child started. 309s [p11_child[3194]] [main] (0x2000): Running in [auth] mode. 309s [p11_child[3194]] [main] (0x2000): Running with effective IDs: [0][0]. 309s [p11_child[3194]] [main] (0x2000): Running with real IDs [0][0]. 309s [p11_child[3194]] [parse_cert_verify_opts] (0x0020): Found 'no_verification' option, disabling verification completely. This should not be used in production. 309s [p11_child[3194]] [do_card] (0x4000): Module List: 309s [p11_child[3194]] [do_card] (0x4000): common name: [softhsm2]. 309s [p11_child[3194]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 309s [p11_child[3194]] [do_card] (0x4000): Description [SoftHSM slot ID 0x3c2d2140] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 309s [p11_child[3194]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 309s [p11_child[3194]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x3c2d2140][1009590592] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 309s [p11_child[3194]] [do_card] (0x4000): Login required. 309s [p11_child[3194]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 309s [p11_child[3194]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so Test Organization Root Tr Token Test Organization Root Tr Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 309s [p11_child[3194]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x3c2d2140;slot-manufacturer=SoftHSM%20project;slot-id=1009590592;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=0b432a833c2d2140;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 309s [p11_child[3194]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 309s [p11_child[3194]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 309s [p11_child[3194]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 309s [p11_child[3194]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 309s [p11_child[3194]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 309s [p11_child[3194]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 309s [p11_child[3194]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 309s [p11_child[3194]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 309s [p11_child[3194]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 309s [p11_child[3194]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 309s [p11_child[3194]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 309s [p11_child[3194]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 309s [p11_child[3194]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 309s [p11_child[3194]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 309s [p11_child[3194]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 309s [p11_child[3194]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 309s [p11_child[3194]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 309s [p11_child[3194]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 309s [p11_child[3194]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 309s [p11_child[3194]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 309s [p11_child[3194]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 309s [p11_child[3194]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 309s [p11_child[3194]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 309s [p11_child[3194]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 309s [p11_child[3194]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 309s [p11_child[3194]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 309s [p11_child[3194]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 309s [p11_child[3194]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 309s [p11_child[3194]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 309s [p11_child[3194]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 309s [p11_child[3194]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 309s [p11_child[3194]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 309s [p11_child[3194]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 309s [p11_child[3194]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 309s [p11_child[3194]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 309s [p11_child[3194]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 309s [p11_child[3194]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 309s [p11_child[3194]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 309s [p11_child[3194]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 309s [p11_child[3194]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 309s [p11_child[3194]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 309s [p11_child[3194]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 309s [p11_child[3194]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 309s [p11_child[3194]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 309s [p11_child[3194]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 309s [p11_child[3194]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 309s [p11_child[3194]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 309s [p11_child[3194]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 309s [p11_child[3194]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 309s [p11_child[3194]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 309s [p11_child[3194]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 309s [p11_child[3194]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 309s [p11_child[3194]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 309s [p11_child[3194]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 309s [p11_child[3194]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 309s [p11_child[3194]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 309s [p11_child[3194]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 309s [p11_child[3194]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 309s [p11_child[3194]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 309s [p11_child[3194]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 309s [p11_child[3194]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 309s [p11_child[3194]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 309s [p11_child[3194]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 309s [p11_child[3194]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 309s [p11_child[3194]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 309s [p11_child[3194]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 309s [p11_child[3194]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 309s [p11_child[3194]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 309s [p11_child[3194]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 309s [p11_child[3194]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 309s [p11_child[3194]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 309s [p11_child[3194]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 309s [p11_child[3194]] [do_card] (0x4000): Certificate verified and validated. 309s [p11_child[3194]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 309s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-m6N4Q8/SSSD-child-12722-auth.output 309s + echo '-----BEGIN CERTIFICATE-----' 309s + tail -n1 /tmp/sssd-softhsm2-m6N4Q8/SSSD-child-12722-auth.output 309s + echo '-----END CERTIFICATE-----' 309s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-m6N4Q8/SSSD-child-12722-auth.pem 309s Certificate: 309s Data: 309s Version: 3 (0x2) 309s Serial Number: 3 (0x3) 309s Signature Algorithm: sha256WithRSAEncryption 309s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 309s Validity 309s Not Before: Mar 16 12:37:17 2024 GMT 309s Not After : Mar 16 12:37:17 2025 GMT 309s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 309s Subject Public Key Info: 309s Public Key Algorithm: rsaEncryption 309s Public-Key: (1024 bit) 309s Modulus: 309s 00:c3:43:fe:dd:8b:f8:e6:b8:c0:54:28:d2:91:93: 309s 3d:e7:e8:f8:89:b3:d0:b8:d7:4f:92:b5:53:1f:00: 309s 2a:d9:2d:6d:bd:f5:02:57:e3:17:34:70:82:d2:1c: 309s 19:09:32:62:84:1b:ea:1f:2c:2c:12:79:b7:97:db: 309s de:fb:c0:ab:51:d9:a6:6a:1e:57:b1:73:60:93:5f: 309s f5:25:d9:af:20:a9:b5:94:28:22:28:e1:5a:25:88: 309s 0f:25:40:e6:20:e7:af:71:00:f3:3e:98:2b:a7:c5: 309s 59:1d:48:7e:98:29:67:4d:cf:38:53:96:10:c4:73: 309s e6:84:ae:24:1e:45:39:84:fb 309s Exponent: 65537 (0x10001) 309s X509v3 extensions: 309s X509v3 Authority Key Identifier: 309s 55:0F:BB:06:42:FE:AB:4A:81:A0:5B:88:4D:C1:CA:02:E5:4F:76:86 309s X509v3 Basic Constraints: 309s CA:FALSE 309s Netscape Cert Type: 309s SSL Client, S/MIME 309s Netscape Comment: 309s Test Organization Root CA trusted Certificate 309s X509v3 Subject Key Identifier: 309s B1:4F:C0:A5:4F:10:6A:48:52:A7:95:2C:20:7C:07:7E:60:18:14:67 309s X509v3 Key Usage: critical 309s Digital Signature, Non Repudiation, Key Encipherment 309s X509v3 Extended Key Usage: 309s TLS Web Client Authentication, E-mail Protection 309s X509v3 Subject Alternative Name: 309s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 309s Signature Algorithm: sha256WithRSAEncryption 309s Signature Value: 309s 0a:fa:93:1a:f7:56:02:08:2f:b6:c1:a3:1f:29:e1:a7:3f:a1: 309s dd:58:27:52:bb:ea:7a:5e:e3:4a:21:17:61:f9:05:65:fa:8c: 309s 3f:df:e7:e8:7d:c3:0e:2f:fb:e9:e0:8e:d7:0f:64:dc:b8:89: 309s 36:db:a2:cc:5b:e5:3f:8f:6f:b0:d4:eb:f6:a0:c4:7c:8d:9b: 309s a5:40:1c:3d:ee:b1:7b:cd:aa:ca:f1:bf:cf:fd:09:3e:ac:6b: 309s 44:77:60:ba:3a:e9:39:91:fd:5b:86:03:46:b6:fd:65:30:37: 309s 9a:bc:d4:db:a6:d7:52:f7:2d:c6:99:31:a9:3b:ab:ca:d7:2b: 309s 73:0a 309s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-m6N4Q8/SSSD-child-12722-auth.pem 309s + found_md5=Modulus=C343FEDD8BF8E6B8C05428D291933DE7E8F889B3D0B8D74F92B5531F002AD92D6DBDF50257E317347082D21C19093262841BEA1F2C2C1279B797DBDEFBC0AB51D9A66A1E57B17360935FF525D9AF20A9B594282228E15A25880F2540E620E7AF7100F33E982BA7C5591D487E9829674DCF38539610C473E684AE241E453984FB 309s + '[' Modulus=C343FEDD8BF8E6B8C05428D291933DE7E8F889B3D0B8D74F92B5531F002AD92D6DBDF50257E317347082D21C19093262841BEA1F2C2C1279B797DBDEFBC0AB51D9A66A1E57B17360935FF525D9AF20A9B594282228E15A25880F2540E620E7AF7100F33E982BA7C5591D487E9829674DCF38539610C473E684AE241E453984FB '!=' Modulus=C343FEDD8BF8E6B8C05428D291933DE7E8F889B3D0B8D74F92B5531F002AD92D6DBDF50257E317347082D21C19093262841BEA1F2C2C1279B797DBDEFBC0AB51D9A66A1E57B17360935FF525D9AF20A9B594282228E15A25880F2540E620E7AF7100F33E982BA7C5591D487E9829674DCF38539610C473E684AE241E453984FB ']' 309s + valid_certificate /tmp/sssd-softhsm2-m6N4Q8/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-6164 /tmp/sssd-softhsm2-m6N4Q8/test-root-CA.pem 309s + check_certificate /tmp/sssd-softhsm2-m6N4Q8/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-6164 /tmp/sssd-softhsm2-m6N4Q8/test-root-CA.pem 309s + local certificate=/tmp/sssd-softhsm2-m6N4Q8/test-root-CA-trusted-certificate-0001.pem 309s + local key_pass=pass:random-root-ca-trusted-cert-0001-6164 309s + local key_ring=/tmp/sssd-softhsm2-m6N4Q8/test-root-CA.pem 309s + local verify_option= 309s + prepare_softhsm2_card /tmp/sssd-softhsm2-m6N4Q8/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-6164 309s + local certificate=/tmp/sssd-softhsm2-m6N4Q8/test-root-CA-trusted-certificate-0001.pem 309s + local key_pass=pass:random-root-ca-trusted-cert-0001-6164 309s + local key_cn 309s + local key_name 309s + local tokens_dir 309s + local output_cert_file 309s + token_name= 309s ++ basename /tmp/sssd-softhsm2-m6N4Q8/test-root-CA-trusted-certificate-0001.pem .pem 309s + key_name=test-root-CA-trusted-certificate-0001 309s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-m6N4Q8/test-root-CA-trusted-certificate-0001.pem 309s ++ sed -n 's/ *commonName *= //p' 309s + key_cn='Test Organization Root Trusted Certificate 0001' 309s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 309s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-m6N4Q8/softhsm2-test-root-CA-trusted-certificate-0001.conf 309s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-m6N4Q8/softhsm2-test-root-CA-trusted-certificate-0001.conf 309s ++ basename /tmp/sssd-softhsm2-m6N4Q8/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 309s + tokens_dir=/tmp/sssd-softhsm2-m6N4Q8/softhsm2-test-root-CA-trusted-certificate-0001 309s + token_name='Test Organization Root Tr Token' 309s + '[' '!' -e /tmp/sssd-softhsm2-m6N4Q8/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 309s + '[' '!' -d /tmp/sssd-softhsm2-m6N4Q8/softhsm2-test-root-CA-trusted-certificate-0001 ']' 309s + echo 'Test Organization Root Tr Token' 309s + '[' -n '' ']' 309s + local output_base_name=SSSD-child-7089 309s + local output_file=/tmp/sssd-softhsm2-m6N4Q8/SSSD-child-7089.output 309s + output_cert_file=/tmp/sssd-softhsm2-m6N4Q8/SSSD-child-7089.pem 309s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-m6N4Q8/test-root-CA.pem 309s Test Organization Root Tr Token 309s [p11_child[3204]] [main] (0x0400): p11_child started. 309s [p11_child[3204]] [main] (0x2000): Running in [pre-auth] mode. 309s [p11_child[3204]] [main] (0x2000): Running with effective IDs: [0][0]. 309s [p11_child[3204]] [main] (0x2000): Running with real IDs [0][0]. 309s [p11_child[3204]] [do_card] (0x4000): Module List: 309s [p11_child[3204]] [do_card] (0x4000): common name: [softhsm2]. 309s [p11_child[3204]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 309s [p11_child[3204]] [do_card] (0x4000): Description [SoftHSM slot ID 0x3c2d2140] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 309s [p11_child[3204]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 309s [p11_child[3204]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x3c2d2140][1009590592] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 309s [p11_child[3204]] [do_card] (0x4000): Login NOT required. 309s [p11_child[3204]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 309s [p11_child[3204]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 309s [p11_child[3204]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Root Tr Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 309s [p11_child[3204]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x3c2d2140;slot-manufacturer=SoftHSM%20project;slot-id=1009590592;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=0b432a833c2d2140;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 309s [p11_child[3204]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 309s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-m6N4Q8/SSSD-child-7089.output 309s + echo '-----BEGIN CERTIFICATE-----' 309s + tail -n1 /tmp/sssd-softhsm2-m6N4Q8/SSSD-child-7089.output 309s + echo '-----END CERTIFICATE-----' 309s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-m6N4Q8/SSSD-child-7089.pem 309s Certificate: 309s Data: 309s Version: 3 (0x2) 309s Serial Number: 3 (0x3) 309s Signature Algorithm: sha256WithRSAEncryption 309s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 309s Validity 309s Not Before: Mar 16 12:37:17 2024 GMT 309s Not After : Mar 16 12:37:17 2025 GMT 309s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 309s Subject Public Key Info: 309s Public Key Algorithm: rsaEncryption 309s Public-Key: (1024 bit) 309s Modulus: 309s 00:c3:43:fe:dd:8b:f8:e6:b8:c0:54:28:d2:91:93: 309s 3d:e7:e8:f8:89:b3:d0:b8:d7:4f:92:b5:53:1f:00: 309s 2a:d9:2d:6d:bd:f5:02:57:e3:17:34:70:82:d2:1c: 309s 19:09:32:62:84:1b:ea:1f:2c:2c:12:79:b7:97:db: 309s de:fb:c0:ab:51:d9:a6:6a:1e:57:b1:73:60:93:5f: 309s f5:25:d9:af:20:a9:b5:94:28:22:28:e1:5a:25:88: 309s 0f:25:40:e6:20:e7:af:71:00:f3:3e:98:2b:a7:c5: 309s 59:1d:48:7e:98:29:67:4d:cf:38:53:96:10:c4:73: 309s e6:84:ae:24:1e:45:39:84:fb 309s Exponent: 65537 (0x10001) 309s X509v3 extensions: 309s X509v3 Authority Key Identifier: 309s 55:0F:BB:06:42:FE:AB:4A:81:A0:5B:88:4D:C1:CA:02:E5:4F:76:86 309s X509v3 Basic Constraints: 309s CA:FALSE 309s Netscape Cert Type: 309s SSL Client, S/MIME 309s Netscape Comment: 309s Test Organization Root CA trusted Certificate 309s X509v3 Subject Key Identifier: 309s B1:4F:C0:A5:4F:10:6A:48:52:A7:95:2C:20:7C:07:7E:60:18:14:67 309s X509v3 Key Usage: critical 309s Digital Signature, Non Repudiation, Key Encipherment 309s X509v3 Extended Key Usage: 309s TLS Web Client Authentication, E-mail Protection 309s X509v3 Subject Alternative Name: 309s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 309s Signature Algorithm: sha256WithRSAEncryption 309s Signature Value: 309s 0a:fa:93:1a:f7:56:02:08:2f:b6:c1:a3:1f:29:e1:a7:3f:a1: 309s dd:58:27:52:bb:ea:7a:5e:e3:4a:21:17:61:f9:05:65:fa:8c: 309s 3f:df:e7:e8:7d:c3:0e:2f:fb:e9:e0:8e:d7:0f:64:dc:b8:89: 309s 36:db:a2:cc:5b:e5:3f:8f:6f:b0:d4:eb:f6:a0:c4:7c:8d:9b: 309s a5:40:1c:3d:ee:b1:7b:cd:aa:ca:f1:bf:cf:fd:09:3e:ac:6b: 309s 44:77:60:ba:3a:e9:39:91:fd:5b:86:03:46:b6:fd:65:30:37: 309s 9a:bc:d4:db:a6:d7:52:f7:2d:c6:99:31:a9:3b:ab:ca:d7:2b: 309s 73:0a 309s + local found_md5 expected_md5 309s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-m6N4Q8/test-root-CA-trusted-certificate-0001.pem 309s + expected_md5=Modulus=C343FEDD8BF8E6B8C05428D291933DE7E8F889B3D0B8D74F92B5531F002AD92D6DBDF50257E317347082D21C19093262841BEA1F2C2C1279B797DBDEFBC0AB51D9A66A1E57B17360935FF525D9AF20A9B594282228E15A25880F2540E620E7AF7100F33E982BA7C5591D487E9829674DCF38539610C473E684AE241E453984FB 309s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-m6N4Q8/SSSD-child-7089.pem 309s + found_md5=Modulus=C343FEDD8BF8E6B8C05428D291933DE7E8F889B3D0B8D74F92B5531F002AD92D6DBDF50257E317347082D21C19093262841BEA1F2C2C1279B797DBDEFBC0AB51D9A66A1E57B17360935FF525D9AF20A9B594282228E15A25880F2540E620E7AF7100F33E982BA7C5591D487E9829674DCF38539610C473E684AE241E453984FB 309s + '[' Modulus=C343FEDD8BF8E6B8C05428D291933DE7E8F889B3D0B8D74F92B5531F002AD92D6DBDF50257E317347082D21C19093262841BEA1F2C2C1279B797DBDEFBC0AB51D9A66A1E57B17360935FF525D9AF20A9B594282228E15A25880F2540E620E7AF7100F33E982BA7C5591D487E9829674DCF38539610C473E684AE241E453984FB '!=' Modulus=C343FEDD8BF8E6B8C05428D291933DE7E8F889B3D0B8D74F92B5531F002AD92D6DBDF50257E317347082D21C19093262841BEA1F2C2C1279B797DBDEFBC0AB51D9A66A1E57B17360935FF525D9AF20A9B594282228E15A25880F2540E620E7AF7100F33E982BA7C5591D487E9829674DCF38539610C473E684AE241E453984FB ']' 309s + output_file=/tmp/sssd-softhsm2-m6N4Q8/SSSD-child-7089-auth.output 309s ++ basename /tmp/sssd-softhsm2-m6N4Q8/SSSD-child-7089-auth.output .output 309s + output_cert_file=/tmp/sssd-softhsm2-m6N4Q8/SSSD-child-7089-auth.pem 309s + echo -n 053350 309s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-m6N4Q8/test-root-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 '' --token_name 'Test Organization Root Tr Token' --module_name /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so 309s [p11_child[3212]] [main] (0x0400): p11_child started. 309s [p11_child[3212]] [main] (0x2000): Running in [auth] mode. 309s [p11_child[3212]] [main] (0x2000): Running with effective IDs: [0][0]. 309s [p11_child[3212]] [main] (0x2000): Running with real IDs [0][0]. 309s [p11_child[3212]] [do_card] (0x4000): Module List: 309s [p11_child[3212]] [do_card] (0x4000): common name: [softhsm2]. 309s [p11_child[3212]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 309s [p11_child[3212]] [do_card] (0x4000): Description [SoftHSM slot ID 0x3c2d2140] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 309s [p11_child[3212]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 309s [p11_child[3212]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x3c2d2140][1009590592] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 309s [p11_child[3212]] [do_card] (0x4000): Login required. 309s [p11_child[3212]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 309s [p11_child[3212]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 309s [p11_child[3212]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so Test Organization Root Tr Token Test Organization Root Tr Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 309s [p11_child[3212]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x3c2d2140;slot-manufacturer=SoftHSM%20project;slot-id=1009590592;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=0b432a833c2d2140;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 309s [p11_child[3212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 309s [p11_child[3212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 309s [p11_child[3212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 309s [p11_child[3212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 309s [p11_child[3212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 309s [p11_child[3212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 309s [p11_child[3212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 309s [p11_child[3212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 309s [p11_child[3212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 309s [p11_child[3212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 309s [p11_child[3212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 309s [p11_child[3212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 309s [p11_child[3212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 309s [p11_child[3212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 309s [p11_child[3212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 309s [p11_child[3212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 309s [p11_child[3212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 309s [p11_child[3212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 309s [p11_child[3212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 309s [p11_child[3212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 309s [p11_child[3212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 309s [p11_child[3212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 309s [p11_child[3212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 309s [p11_child[3212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 309s [p11_child[3212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 309s [p11_child[3212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 309s [p11_child[3212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 309s [p11_child[3212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 309s [p11_child[3212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 309s [p11_child[3212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 309s [p11_child[3212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 309s [p11_child[3212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 309s [p11_child[3212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 309s [p11_child[3212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 309s [p11_child[3212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 309s [p11_child[3212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 309s [p11_child[3212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 309s [p11_child[3212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 309s [p11_child[3212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 309s [p11_child[3212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 309s [p11_child[3212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 309s [p11_child[3212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 309s [p11_child[3212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 309s [p11_child[3212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 309s [p11_child[3212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 309s [p11_child[3212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 309s [p11_child[3212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 309s [p11_child[3212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 309s [p11_child[3212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 309s [p11_child[3212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 309s [p11_child[3212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 309s [p11_child[3212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 309s [p11_child[3212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 309s [p11_child[3212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 309s [p11_child[3212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 309s [p11_child[3212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 309s [p11_child[3212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 309s [p11_child[3212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 309s [p11_child[3212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 309s [p11_child[3212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 309s [p11_child[3212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 309s [p11_child[3212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 309s [p11_child[3212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 309s [p11_child[3212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 309s [p11_child[3212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 309s [p11_child[3212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 309s [p11_child[3212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 309s [p11_child[3212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 309s [p11_child[3212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 309s [p11_child[3212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 309s [p11_child[3212]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 309s [p11_child[3212]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 309s [p11_child[3212]] [do_card] (0x4000): Certificate verified and validated. 309s [p11_child[3212]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 309s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-m6N4Q8/SSSD-child-7089-auth.output 309s + echo '-----BEGIN CERTIFICATE-----' 309s + tail -n1 /tmp/sssd-softhsm2-m6N4Q8/SSSD-child-7089-auth.output 309s + echo '-----END CERTIFICATE-----' 309s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-m6N4Q8/SSSD-child-7089-auth.pem 309s Certificate: 309s Data: 309s Version: 3 (0x2) 309s Serial Number: 3 (0x3) 309s Signature Algorithm: sha256WithRSAEncryption 309s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 309s Validity 309s Not Before: Mar 16 12:37:17 2024 GMT 309s Not After : Mar 16 12:37:17 2025 GMT 309s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 309s Subject Public Key Info: 309s Public Key Algorithm: rsaEncryption 309s Public-Key: (1024 bit) 309s Modulus: 309s 00:c3:43:fe:dd:8b:f8:e6:b8:c0:54:28:d2:91:93: 309s 3d:e7:e8:f8:89:b3:d0:b8:d7:4f:92:b5:53:1f:00: 309s 2a:d9:2d:6d:bd:f5:02:57:e3:17:34:70:82:d2:1c: 309s 19:09:32:62:84:1b:ea:1f:2c:2c:12:79:b7:97:db: 309s de:fb:c0:ab:51:d9:a6:6a:1e:57:b1:73:60:93:5f: 309s f5:25:d9:af:20:a9:b5:94:28:22:28:e1:5a:25:88: 309s 0f:25:40:e6:20:e7:af:71:00:f3:3e:98:2b:a7:c5: 309s 59:1d:48:7e:98:29:67:4d:cf:38:53:96:10:c4:73: 309s e6:84:ae:24:1e:45:39:84:fb 309s Exponent: 65537 (0x10001) 309s X509v3 extensions: 309s X509v3 Authority Key Identifier: 309s 55:0F:BB:06:42:FE:AB:4A:81:A0:5B:88:4D:C1:CA:02:E5:4F:76:86 309s X509v3 Basic Constraints: 309s CA:FALSE 309s Netscape Cert Type: 309s SSL Client, S/MIME 309s Netscape Comment: 309s Test Organization Root CA trusted Certificate 309s X509v3 Subject Key Identifier: 309s B1:4F:C0:A5:4F:10:6A:48:52:A7:95:2C:20:7C:07:7E:60:18:14:67 309s X509v3 Key Usage: critical 309s Digital Signature, Non Repudiation, Key Encipherment 309s X509v3 Extended Key Usage: 309s TLS Web Client Authentication, E-mail Protection 309s X509v3 Subject Alternative Name: 309s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 309s Signature Algorithm: sha256WithRSAEncryption 309s Signature Value: 309s 0a:fa:93:1a:f7:56:02:08:2f:b6:c1:a3:1f:29:e1:a7:3f:a1: 309s dd:58:27:52:bb:ea:7a:5e:e3:4a:21:17:61:f9:05:65:fa:8c: 309s 3f:df:e7:e8:7d:c3:0e:2f:fb:e9:e0:8e:d7:0f:64:dc:b8:89: 309s 36:db:a2:cc:5b:e5:3f:8f:6f:b0:d4:eb:f6:a0:c4:7c:8d:9b: 309s a5:40:1c:3d:ee:b1:7b:cd:aa:ca:f1:bf:cf:fd:09:3e:ac:6b: 309s 44:77:60:ba:3a:e9:39:91:fd:5b:86:03:46:b6:fd:65:30:37: 309s 9a:bc:d4:db:a6:d7:52:f7:2d:c6:99:31:a9:3b:ab:ca:d7:2b: 309s 73:0a 309s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-m6N4Q8/SSSD-child-7089-auth.pem 309s + found_md5=Modulus=C343FEDD8BF8E6B8C05428D291933DE7E8F889B3D0B8D74F92B5531F002AD92D6DBDF50257E317347082D21C19093262841BEA1F2C2C1279B797DBDEFBC0AB51D9A66A1E57B17360935FF525D9AF20A9B594282228E15A25880F2540E620E7AF7100F33E982BA7C5591D487E9829674DCF38539610C473E684AE241E453984FB 309s + '[' Modulus=C343FEDD8BF8E6B8C05428D291933DE7E8F889B3D0B8D74F92B5531F002AD92D6DBDF50257E317347082D21C19093262841BEA1F2C2C1279B797DBDEFBC0AB51D9A66A1E57B17360935FF525D9AF20A9B594282228E15A25880F2540E620E7AF7100F33E982BA7C5591D487E9829674DCF38539610C473E684AE241E453984FB '!=' Modulus=C343FEDD8BF8E6B8C05428D291933DE7E8F889B3D0B8D74F92B5531F002AD92D6DBDF50257E317347082D21C19093262841BEA1F2C2C1279B797DBDEFBC0AB51D9A66A1E57B17360935FF525D9AF20A9B594282228E15A25880F2540E620E7AF7100F33E982BA7C5591D487E9829674DCF38539610C473E684AE241E453984FB ']' 309s + valid_certificate /tmp/sssd-softhsm2-m6N4Q8/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-6164 /tmp/sssd-softhsm2-m6N4Q8/test-root-CA.pem partial_chain 309s + check_certificate /tmp/sssd-softhsm2-m6N4Q8/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-6164 /tmp/sssd-softhsm2-m6N4Q8/test-root-CA.pem partial_chain 309s + local certificate=/tmp/sssd-softhsm2-m6N4Q8/test-root-CA-trusted-certificate-0001.pem 309s + local key_pass=pass:random-root-ca-trusted-cert-0001-6164 309s + local key_ring=/tmp/sssd-softhsm2-m6N4Q8/test-root-CA.pem 309s + local verify_option=partial_chain 309s + prepare_softhsm2_card /tmp/sssd-softhsm2-m6N4Q8/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-6164 309s + local certificate=/tmp/sssd-softhsm2-m6N4Q8/test-root-CA-trusted-certificate-0001.pem 309s + local key_pass=pass:random-root-ca-trusted-cert-0001-6164 309s + local key_cn 309s + local key_name 309s + local tokens_dir 309s + local output_cert_file 309s + token_name= 309s ++ basename /tmp/sssd-softhsm2-m6N4Q8/test-root-CA-trusted-certificate-0001.pem .pem 309s + key_name=test-root-CA-trusted-certificate-0001 309s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-m6N4Q8/test-root-CA-trusted-certificate-0001.pem 309s ++ sed -n 's/ *commonName *= //p' 309s + key_cn='Test Organization Root Trusted Certificate 0001' 309s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 309s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-m6N4Q8/softhsm2-test-root-CA-trusted-certificate-0001.conf 309s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-m6N4Q8/softhsm2-test-root-CA-trusted-certificate-0001.conf 309s ++ basename /tmp/sssd-softhsm2-m6N4Q8/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 309s + tokens_dir=/tmp/sssd-softhsm2-m6N4Q8/softhsm2-test-root-CA-trusted-certificate-0001 309s + token_name='Test Organization Root Tr Token' 309s + '[' '!' -e /tmp/sssd-softhsm2-m6N4Q8/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 309s Test Organization Root Tr Token 309s + '[' '!' -d /tmp/sssd-softhsm2-m6N4Q8/softhsm2-test-root-CA-trusted-certificate-0001 ']' 309s + echo 'Test Organization Root Tr Token' 309s + '[' -n partial_chain ']' 309s + local verify_arg=--verify=partial_chain 309s + local output_base_name=SSSD-child-24825 309s + local output_file=/tmp/sssd-softhsm2-m6N4Q8/SSSD-child-24825.output 309s + output_cert_file=/tmp/sssd-softhsm2-m6N4Q8/SSSD-child-24825.pem 309s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-m6N4Q8/test-root-CA.pem 309s [p11_child[3222]] [main] (0x0400): p11_child started. 309s [p11_child[3222]] [main] (0x2000): Running in [pre-auth] mode. 309s [p11_child[3222]] [main] (0x2000): Running with effective IDs: [0][0]. 309s [p11_child[3222]] [main] (0x2000): Running with real IDs [0][0]. 309s [p11_child[3222]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 309s [p11_child[3222]] [do_card] (0x4000): Module List: 309s [p11_child[3222]] [do_card] (0x4000): common name: [softhsm2]. 309s [p11_child[3222]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 309s [p11_child[3222]] [do_card] (0x4000): Description [SoftHSM slot ID 0x3c2d2140] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 309s [p11_child[3222]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 309s [p11_child[3222]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x3c2d2140][1009590592] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 309s [p11_child[3222]] [do_card] (0x4000): Login NOT required. 309s [p11_child[3222]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 309s [p11_child[3222]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 309s [p11_child[3222]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Root Tr Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 309s [p11_child[3222]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x3c2d2140;slot-manufacturer=SoftHSM%20project;slot-id=1009590592;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=0b432a833c2d2140;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 309s [p11_child[3222]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 309s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-m6N4Q8/SSSD-child-24825.output 309s + echo '-----BEGIN CERTIFICATE-----' 309s + tail -n1 /tmp/sssd-softhsm2-m6N4Q8/SSSD-child-24825.output 309s + echo '-----END CERTIFICATE-----' 309s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-m6N4Q8/SSSD-child-24825.pem 310s Certificate: 310s Data: 310s Version: 3 (0x2) 310s Serial Number: 3 (0x3) 310s Signature Algorithm: sha256WithRSAEncryption 310s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 310s Validity 310s Not Before: Mar 16 12:37:17 2024 GMT 310s Not After : Mar 16 12:37:17 2025 GMT 310s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 310s Subject Public Key Info: 310s Public Key Algorithm: rsaEncryption 310s Public-Key: (1024 bit) 310s Modulus: 310s 00:c3:43:fe:dd:8b:f8:e6:b8:c0:54:28:d2:91:93: 310s 3d:e7:e8:f8:89:b3:d0:b8:d7:4f:92:b5:53:1f:00: 310s 2a:d9:2d:6d:bd:f5:02:57:e3:17:34:70:82:d2:1c: 310s 19:09:32:62:84:1b:ea:1f:2c:2c:12:79:b7:97:db: 310s de:fb:c0:ab:51:d9:a6:6a:1e:57:b1:73:60:93:5f: 310s f5:25:d9:af:20:a9:b5:94:28:22:28:e1:5a:25:88: 310s 0f:25:40:e6:20:e7:af:71:00:f3:3e:98:2b:a7:c5: 310s 59:1d:48:7e:98:29:67:4d:cf:38:53:96:10:c4:73: 310s e6:84:ae:24:1e:45:39:84:fb 310s Exponent: 65537 (0x10001) 310s X509v3 extensions: 310s X509v3 Authority Key Identifier: 310s 55:0F:BB:06:42:FE:AB:4A:81:A0:5B:88:4D:C1:CA:02:E5:4F:76:86 310s X509v3 Basic Constraints: 310s CA:FALSE 310s Netscape Cert Type: 310s SSL Client, S/MIME 310s Netscape Comment: 310s Test Organization Root CA trusted Certificate 310s X509v3 Subject Key Identifier: 310s B1:4F:C0:A5:4F:10:6A:48:52:A7:95:2C:20:7C:07:7E:60:18:14:67 310s X509v3 Key Usage: critical 310s Digital Signature, Non Repudiation, Key Encipherment 310s X509v3 Extended Key Usage: 310s TLS Web Client Authentication, E-mail Protection 310s X509v3 Subject Alternative Name: 310s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 310s Signature Algorithm: sha256WithRSAEncryption 310s Signature Value: 310s 0a:fa:93:1a:f7:56:02:08:2f:b6:c1:a3:1f:29:e1:a7:3f:a1: 310s dd:58:27:52:bb:ea:7a:5e:e3:4a:21:17:61:f9:05:65:fa:8c: 310s 3f:df:e7:e8:7d:c3:0e:2f:fb:e9:e0:8e:d7:0f:64:dc:b8:89: 310s 36:db:a2:cc:5b:e5:3f:8f:6f:b0:d4:eb:f6:a0:c4:7c:8d:9b: 310s a5:40:1c:3d:ee:b1:7b:cd:aa:ca:f1:bf:cf:fd:09:3e:ac:6b: 310s 44:77:60:ba:3a:e9:39:91:fd:5b:86:03:46:b6:fd:65:30:37: 310s 9a:bc:d4:db:a6:d7:52:f7:2d:c6:99:31:a9:3b:ab:ca:d7:2b: 310s 73:0a 310s + local found_md5 expected_md5 310s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-m6N4Q8/test-root-CA-trusted-certificate-0001.pem 310s + expected_md5=Modulus=C343FEDD8BF8E6B8C05428D291933DE7E8F889B3D0B8D74F92B5531F002AD92D6DBDF50257E317347082D21C19093262841BEA1F2C2C1279B797DBDEFBC0AB51D9A66A1E57B17360935FF525D9AF20A9B594282228E15A25880F2540E620E7AF7100F33E982BA7C5591D487E9829674DCF38539610C473E684AE241E453984FB 310s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-m6N4Q8/SSSD-child-24825.pem 310s + found_md5=Modulus=C343FEDD8BF8E6B8C05428D291933DE7E8F889B3D0B8D74F92B5531F002AD92D6DBDF50257E317347082D21C19093262841BEA1F2C2C1279B797DBDEFBC0AB51D9A66A1E57B17360935FF525D9AF20A9B594282228E15A25880F2540E620E7AF7100F33E982BA7C5591D487E9829674DCF38539610C473E684AE241E453984FB 310s + '[' Modulus=C343FEDD8BF8E6B8C05428D291933DE7E8F889B3D0B8D74F92B5531F002AD92D6DBDF50257E317347082D21C19093262841BEA1F2C2C1279B797DBDEFBC0AB51D9A66A1E57B17360935FF525D9AF20A9B594282228E15A25880F2540E620E7AF7100F33E982BA7C5591D487E9829674DCF38539610C473E684AE241E453984FB '!=' Modulus=C343FEDD8BF8E6B8C05428D291933DE7E8F889B3D0B8D74F92B5531F002AD92D6DBDF50257E317347082D21C19093262841BEA1F2C2C1279B797DBDEFBC0AB51D9A66A1E57B17360935FF525D9AF20A9B594282228E15A25880F2540E620E7AF7100F33E982BA7C5591D487E9829674DCF38539610C473E684AE241E453984FB ']' 310s + output_file=/tmp/sssd-softhsm2-m6N4Q8/SSSD-child-24825-auth.output 310s ++ basename /tmp/sssd-softhsm2-m6N4Q8/SSSD-child-24825-auth.output .output 310s + output_cert_file=/tmp/sssd-softhsm2-m6N4Q8/SSSD-child-24825-auth.pem 310s + echo -n 053350 310s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-m6N4Q8/test-root-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Root Tr Token' --module_name /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so 310s [p11_child[3230]] [main] (0x0400): p11_child started. 310s [p11_child[3230]] [main] (0x2000): Running in [auth] mode. 310s [p11_child[3230]] [main] (0x2000): Running with effective IDs: [0][0]. 310s [p11_child[3230]] [main] (0x2000): Running with real IDs [0][0]. 310s [p11_child[3230]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 310s [p11_child[3230]] [do_card] (0x4000): Module List: 310s [p11_child[3230]] [do_card] (0x4000): common name: [softhsm2]. 310s [p11_child[3230]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 310s [p11_child[3230]] [do_card] (0x4000): Description [SoftHSM slot ID 0x3c2d2140] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 310s [p11_child[3230]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 310s [p11_child[3230]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x3c2d2140][1009590592] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 310s [p11_child[3230]] [do_card] (0x4000): Login required. 310s [p11_child[3230]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 310s [p11_child[3230]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 310s [p11_child[3230]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so Test Organization Root Tr Token Test Organization Root Tr Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 310s [p11_child[3230]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x3c2d2140;slot-manufacturer=SoftHSM%20project;slot-id=1009590592;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=0b432a833c2d2140;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 310s [p11_child[3230]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 310s [p11_child[3230]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 310s [p11_child[3230]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 310s [p11_child[3230]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 310s [p11_child[3230]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 310s [p11_child[3230]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 310s [p11_child[3230]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 310s [p11_child[3230]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 310s [p11_child[3230]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 310s [p11_child[3230]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 310s [p11_child[3230]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 310s [p11_child[3230]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 310s [p11_child[3230]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 310s [p11_child[3230]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 310s [p11_child[3230]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 310s [p11_child[3230]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 310s [p11_child[3230]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 310s [p11_child[3230]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 310s [p11_child[3230]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 310s [p11_child[3230]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 310s [p11_child[3230]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 310s [p11_child[3230]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 310s [p11_child[3230]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 310s [p11_child[3230]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 310s [p11_child[3230]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 310s [p11_child[3230]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 310s [p11_child[3230]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 310s [p11_child[3230]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 310s [p11_child[3230]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 310s [p11_child[3230]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 310s [p11_child[3230]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 310s [p11_child[3230]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 310s [p11_child[3230]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 310s [p11_child[3230]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 310s [p11_child[3230]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 310s [p11_child[3230]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 310s [p11_child[3230]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 310s [p11_child[3230]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 310s [p11_child[3230]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 310s [p11_child[3230]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 310s [p11_child[3230]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 310s [p11_child[3230]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 310s [p11_child[3230]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 310s [p11_child[3230]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 310s [p11_child[3230]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 310s [p11_child[3230]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 310s [p11_child[3230]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 310s [p11_child[3230]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 310s [p11_child[3230]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 310s [p11_child[3230]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 310s [p11_child[3230]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 310s [p11_child[3230]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 310s [p11_child[3230]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 310s [p11_child[3230]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 310s [p11_child[3230]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 310s [p11_child[3230]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 310s [p11_child[3230]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 310s [p11_child[3230]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 310s [p11_child[3230]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 310s [p11_child[3230]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 310s [p11_child[3230]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 310s [p11_child[3230]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 310s [p11_child[3230]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 310s [p11_child[3230]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 310s [p11_child[3230]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 310s [p11_child[3230]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 310s [p11_child[3230]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 310s [p11_child[3230]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 310s [p11_child[3230]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 310s [p11_child[3230]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 310s [p11_child[3230]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 310s [p11_child[3230]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 310s [p11_child[3230]] [do_card] (0x4000): Certificate verified and validated. 310s [p11_child[3230]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 310s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-m6N4Q8/SSSD-child-24825-auth.output 310s + echo '-----BEGIN CERTIFICATE-----' 310s + tail -n1 /tmp/sssd-softhsm2-m6N4Q8/SSSD-child-24825-auth.output 310s + echo '-----END CERTIFICATE-----' 310s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-m6N4Q8/SSSD-child-24825-auth.pem 310s Certificate: 310s Data: 310s Version: 3 (0x2) 310s Serial Number: 3 (0x3) 310s Signature Algorithm: sha256WithRSAEncryption 310s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 310s Validity 310s Not Before: Mar 16 12:37:17 2024 GMT 310s Not After : Mar 16 12:37:17 2025 GMT 310s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 310s Subject Public Key Info: 310s Public Key Algorithm: rsaEncryption 310s Public-Key: (1024 bit) 310s Modulus: 310s 00:c3:43:fe:dd:8b:f8:e6:b8:c0:54:28:d2:91:93: 310s 3d:e7:e8:f8:89:b3:d0:b8:d7:4f:92:b5:53:1f:00: 310s 2a:d9:2d:6d:bd:f5:02:57:e3:17:34:70:82:d2:1c: 310s 19:09:32:62:84:1b:ea:1f:2c:2c:12:79:b7:97:db: 310s de:fb:c0:ab:51:d9:a6:6a:1e:57:b1:73:60:93:5f: 310s f5:25:d9:af:20:a9:b5:94:28:22:28:e1:5a:25:88: 310s 0f:25:40:e6:20:e7:af:71:00:f3:3e:98:2b:a7:c5: 310s 59:1d:48:7e:98:29:67:4d:cf:38:53:96:10:c4:73: 310s e6:84:ae:24:1e:45:39:84:fb 310s Exponent: 65537 (0x10001) 310s X509v3 extensions: 310s X509v3 Authority Key Identifier: 310s 55:0F:BB:06:42:FE:AB:4A:81:A0:5B:88:4D:C1:CA:02:E5:4F:76:86 310s X509v3 Basic Constraints: 310s CA:FALSE 310s Netscape Cert Type: 310s SSL Client, S/MIME 310s Netscape Comment: 310s Test Organization Root CA trusted Certificate 310s X509v3 Subject Key Identifier: 310s B1:4F:C0:A5:4F:10:6A:48:52:A7:95:2C:20:7C:07:7E:60:18:14:67 310s X509v3 Key Usage: critical 310s Digital Signature, Non Repudiation, Key Encipherment 310s X509v3 Extended Key Usage: 310s TLS Web Client Authentication, E-mail Protection 310s X509v3 Subject Alternative Name: 310s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 310s Signature Algorithm: sha256WithRSAEncryption 310s Signature Value: 310s 0a:fa:93:1a:f7:56:02:08:2f:b6:c1:a3:1f:29:e1:a7:3f:a1: 310s dd:58:27:52:bb:ea:7a:5e:e3:4a:21:17:61:f9:05:65:fa:8c: 310s 3f:df:e7:e8:7d:c3:0e:2f:fb:e9:e0:8e:d7:0f:64:dc:b8:89: 310s 36:db:a2:cc:5b:e5:3f:8f:6f:b0:d4:eb:f6:a0:c4:7c:8d:9b: 310s a5:40:1c:3d:ee:b1:7b:cd:aa:ca:f1:bf:cf:fd:09:3e:ac:6b: 310s 44:77:60:ba:3a:e9:39:91:fd:5b:86:03:46:b6:fd:65:30:37: 310s 9a:bc:d4:db:a6:d7:52:f7:2d:c6:99:31:a9:3b:ab:ca:d7:2b: 310s 73:0a 310s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-m6N4Q8/SSSD-child-24825-auth.pem 310s + found_md5=Modulus=C343FEDD8BF8E6B8C05428D291933DE7E8F889B3D0B8D74F92B5531F002AD92D6DBDF50257E317347082D21C19093262841BEA1F2C2C1279B797DBDEFBC0AB51D9A66A1E57B17360935FF525D9AF20A9B594282228E15A25880F2540E620E7AF7100F33E982BA7C5591D487E9829674DCF38539610C473E684AE241E453984FB 310s + '[' Modulus=C343FEDD8BF8E6B8C05428D291933DE7E8F889B3D0B8D74F92B5531F002AD92D6DBDF50257E317347082D21C19093262841BEA1F2C2C1279B797DBDEFBC0AB51D9A66A1E57B17360935FF525D9AF20A9B594282228E15A25880F2540E620E7AF7100F33E982BA7C5591D487E9829674DCF38539610C473E684AE241E453984FB '!=' Modulus=C343FEDD8BF8E6B8C05428D291933DE7E8F889B3D0B8D74F92B5531F002AD92D6DBDF50257E317347082D21C19093262841BEA1F2C2C1279B797DBDEFBC0AB51D9A66A1E57B17360935FF525D9AF20A9B594282228E15A25880F2540E620E7AF7100F33E982BA7C5591D487E9829674DCF38539610C473E684AE241E453984FB ']' 310s + valid_certificate /tmp/sssd-softhsm2-m6N4Q8/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-6164 /tmp/sssd-softhsm2-m6N4Q8/test-full-chain-CA.pem 310s + check_certificate /tmp/sssd-softhsm2-m6N4Q8/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-6164 /tmp/sssd-softhsm2-m6N4Q8/test-full-chain-CA.pem 310s + local certificate=/tmp/sssd-softhsm2-m6N4Q8/test-root-CA-trusted-certificate-0001.pem 310s + local key_pass=pass:random-root-ca-trusted-cert-0001-6164 310s + local key_ring=/tmp/sssd-softhsm2-m6N4Q8/test-full-chain-CA.pem 310s + local verify_option= 310s + prepare_softhsm2_card /tmp/sssd-softhsm2-m6N4Q8/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-6164 310s + local certificate=/tmp/sssd-softhsm2-m6N4Q8/test-root-CA-trusted-certificate-0001.pem 310s + local key_pass=pass:random-root-ca-trusted-cert-0001-6164 310s + local key_cn 310s + local key_name 310s + local tokens_dir 310s + local output_cert_file 310s + token_name= 310s ++ basename /tmp/sssd-softhsm2-m6N4Q8/test-root-CA-trusted-certificate-0001.pem .pem 310s + key_name=test-root-CA-trusted-certificate-0001 310s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-m6N4Q8/test-root-CA-trusted-certificate-0001.pem 310s ++ sed -n 's/ *commonName *= //p' 310s + key_cn='Test Organization Root Trusted Certificate 0001' 310s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 310s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-m6N4Q8/softhsm2-test-root-CA-trusted-certificate-0001.conf 310s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-m6N4Q8/softhsm2-test-root-CA-trusted-certificate-0001.conf 310s ++ basename /tmp/sssd-softhsm2-m6N4Q8/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 310s + tokens_dir=/tmp/sssd-softhsm2-m6N4Q8/softhsm2-test-root-CA-trusted-certificate-0001 310s + token_name='Test Organization Root Tr Token' 310s Test Organization Root Tr Token 310s + '[' '!' -e /tmp/sssd-softhsm2-m6N4Q8/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 310s + '[' '!' -d /tmp/sssd-softhsm2-m6N4Q8/softhsm2-test-root-CA-trusted-certificate-0001 ']' 310s + echo 'Test Organization Root Tr Token' 310s + '[' -n '' ']' 310s + local output_base_name=SSSD-child-4832 310s + local output_file=/tmp/sssd-softhsm2-m6N4Q8/SSSD-child-4832.output 310s + output_cert_file=/tmp/sssd-softhsm2-m6N4Q8/SSSD-child-4832.pem 310s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-m6N4Q8/test-full-chain-CA.pem 310s [p11_child[3240]] [main] (0x0400): p11_child started. 310s [p11_child[3240]] [main] (0x2000): Running in [pre-auth] mode. 310s [p11_child[3240]] [main] (0x2000): Running with effective IDs: [0][0]. 310s [p11_child[3240]] [main] (0x2000): Running with real IDs [0][0]. 310s [p11_child[3240]] [do_card] (0x4000): Module List: 310s [p11_child[3240]] [do_card] (0x4000): common name: [softhsm2]. 310s [p11_child[3240]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 310s [p11_child[3240]] [do_card] (0x4000): Description [SoftHSM slot ID 0x3c2d2140] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 310s [p11_child[3240]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 310s [p11_child[3240]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x3c2d2140][1009590592] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 310s [p11_child[3240]] [do_card] (0x4000): Login NOT required. 310s [p11_child[3240]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 310s [p11_child[3240]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 310s [p11_child[3240]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Root Tr Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 310s [p11_child[3240]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x3c2d2140;slot-manufacturer=SoftHSM%20project;slot-id=1009590592;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=0b432a833c2d2140;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 310s [p11_child[3240]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 310s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-m6N4Q8/SSSD-child-4832.output 310s + echo '-----BEGIN CERTIFICATE-----' 310s + tail -n1 /tmp/sssd-softhsm2-m6N4Q8/SSSD-child-4832.output 310s + echo '-----END CERTIFICATE-----' 310s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-m6N4Q8/SSSD-child-4832.pem 310s Certificate: 310s Data: 310s Version: 3 (0x2) 310s Serial Number: 3 (0x3) 310s Signature Algorithm: sha256WithRSAEncryption 310s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 310s Validity 310s Not Before: Mar 16 12:37:17 2024 GMT 310s Not After : Mar 16 12:37:17 2025 GMT 310s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 310s Subject Public Key Info: 310s Public Key Algorithm: rsaEncryption 310s Public-Key: (1024 bit) 310s Modulus: 310s 00:c3:43:fe:dd:8b:f8:e6:b8:c0:54:28:d2:91:93: 310s 3d:e7:e8:f8:89:b3:d0:b8:d7:4f:92:b5:53:1f:00: 310s 2a:d9:2d:6d:bd:f5:02:57:e3:17:34:70:82:d2:1c: 310s 19:09:32:62:84:1b:ea:1f:2c:2c:12:79:b7:97:db: 310s de:fb:c0:ab:51:d9:a6:6a:1e:57:b1:73:60:93:5f: 310s f5:25:d9:af:20:a9:b5:94:28:22:28:e1:5a:25:88: 310s 0f:25:40:e6:20:e7:af:71:00:f3:3e:98:2b:a7:c5: 310s 59:1d:48:7e:98:29:67:4d:cf:38:53:96:10:c4:73: 310s e6:84:ae:24:1e:45:39:84:fb 310s Exponent: 65537 (0x10001) 310s X509v3 extensions: 310s X509v3 Authority Key Identifier: 310s 55:0F:BB:06:42:FE:AB:4A:81:A0:5B:88:4D:C1:CA:02:E5:4F:76:86 310s X509v3 Basic Constraints: 310s CA:FALSE 310s Netscape Cert Type: 310s SSL Client, S/MIME 310s Netscape Comment: 310s Test Organization Root CA trusted Certificate 310s X509v3 Subject Key Identifier: 310s B1:4F:C0:A5:4F:10:6A:48:52:A7:95:2C:20:7C:07:7E:60:18:14:67 310s X509v3 Key Usage: critical 310s Digital Signature, Non Repudiation, Key Encipherment 310s X509v3 Extended Key Usage: 310s TLS Web Client Authentication, E-mail Protection 310s X509v3 Subject Alternative Name: 310s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 310s Signature Algorithm: sha256WithRSAEncryption 310s Signature Value: 310s 0a:fa:93:1a:f7:56:02:08:2f:b6:c1:a3:1f:29:e1:a7:3f:a1: 310s dd:58:27:52:bb:ea:7a:5e:e3:4a:21:17:61:f9:05:65:fa:8c: 310s 3f:df:e7:e8:7d:c3:0e:2f:fb:e9:e0:8e:d7:0f:64:dc:b8:89: 310s 36:db:a2:cc:5b:e5:3f:8f:6f:b0:d4:eb:f6:a0:c4:7c:8d:9b: 310s a5:40:1c:3d:ee:b1:7b:cd:aa:ca:f1:bf:cf:fd:09:3e:ac:6b: 310s 44:77:60:ba:3a:e9:39:91:fd:5b:86:03:46:b6:fd:65:30:37: 310s 9a:bc:d4:db:a6:d7:52:f7:2d:c6:99:31:a9:3b:ab:ca:d7:2b: 310s 73:0a 310s + local found_md5 expected_md5 310s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-m6N4Q8/test-root-CA-trusted-certificate-0001.pem 310s + expected_md5=Modulus=C343FEDD8BF8E6B8C05428D291933DE7E8F889B3D0B8D74F92B5531F002AD92D6DBDF50257E317347082D21C19093262841BEA1F2C2C1279B797DBDEFBC0AB51D9A66A1E57B17360935FF525D9AF20A9B594282228E15A25880F2540E620E7AF7100F33E982BA7C5591D487E9829674DCF38539610C473E684AE241E453984FB 310s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-m6N4Q8/SSSD-child-4832.pem 310s + found_md5=Modulus=C343FEDD8BF8E6B8C05428D291933DE7E8F889B3D0B8D74F92B5531F002AD92D6DBDF50257E317347082D21C19093262841BEA1F2C2C1279B797DBDEFBC0AB51D9A66A1E57B17360935FF525D9AF20A9B594282228E15A25880F2540E620E7AF7100F33E982BA7C5591D487E9829674DCF38539610C473E684AE241E453984FB 310s + '[' Modulus=C343FEDD8BF8E6B8C05428D291933DE7E8F889B3D0B8D74F92B5531F002AD92D6DBDF50257E317347082D21C19093262841BEA1F2C2C1279B797DBDEFBC0AB51D9A66A1E57B17360935FF525D9AF20A9B594282228E15A25880F2540E620E7AF7100F33E982BA7C5591D487E9829674DCF38539610C473E684AE241E453984FB '!=' Modulus=C343FEDD8BF8E6B8C05428D291933DE7E8F889B3D0B8D74F92B5531F002AD92D6DBDF50257E317347082D21C19093262841BEA1F2C2C1279B797DBDEFBC0AB51D9A66A1E57B17360935FF525D9AF20A9B594282228E15A25880F2540E620E7AF7100F33E982BA7C5591D487E9829674DCF38539610C473E684AE241E453984FB ']' 310s + output_file=/tmp/sssd-softhsm2-m6N4Q8/SSSD-child-4832-auth.output 310s ++ basename /tmp/sssd-softhsm2-m6N4Q8/SSSD-child-4832-auth.output .output 310s + output_cert_file=/tmp/sssd-softhsm2-m6N4Q8/SSSD-child-4832-auth.pem 310s + echo -n 053350 310s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-m6N4Q8/test-full-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 '' --token_name 'Test Organization Root Tr Token' --module_name /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so 310s [p11_child[3248]] [main] (0x0400): p11_child started. 310s [p11_child[3248]] [main] (0x2000): Running in [auth] mode. 310s [p11_child[3248]] [main] (0x2000): Running with effective IDs: [0][0]. 310s [p11_child[3248]] [main] (0x2000): Running with real IDs [0][0]. 310s [p11_child[3248]] [do_card] (0x4000): Module List: 310s [p11_child[3248]] [do_card] (0x4000): common name: [softhsm2]. 310s [p11_child[3248]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 310s [p11_child[3248]] [do_card] (0x4000): Description [SoftHSM slot ID 0x3c2d2140] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 310s [p11_child[3248]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 310s [p11_child[3248]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x3c2d2140][1009590592] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 310s [p11_child[3248]] [do_card] (0x4000): Login required. 310s [p11_child[3248]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 310s [p11_child[3248]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 310s [p11_child[3248]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so Test Organization Root Tr Token Test Organization Root Tr Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 310s [p11_child[3248]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x3c2d2140;slot-manufacturer=SoftHSM%20project;slot-id=1009590592;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=0b432a833c2d2140;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 310s [p11_child[3248]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 310s [p11_child[3248]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 310s [p11_child[3248]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 310s [p11_child[3248]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 310s [p11_child[3248]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 310s [p11_child[3248]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 310s [p11_child[3248]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 310s [p11_child[3248]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 310s [p11_child[3248]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 310s [p11_child[3248]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 310s [p11_child[3248]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 310s [p11_child[3248]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 310s [p11_child[3248]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 310s [p11_child[3248]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 310s [p11_child[3248]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 310s [p11_child[3248]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 310s [p11_child[3248]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 310s [p11_child[3248]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 310s [p11_child[3248]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 310s [p11_child[3248]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 310s [p11_child[3248]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 310s [p11_child[3248]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 310s [p11_child[3248]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 310s [p11_child[3248]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 310s [p11_child[3248]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 310s [p11_child[3248]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 310s [p11_child[3248]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 310s [p11_child[3248]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 310s [p11_child[3248]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 310s [p11_child[3248]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 310s [p11_child[3248]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 310s [p11_child[3248]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 310s [p11_child[3248]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 310s [p11_child[3248]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 310s [p11_child[3248]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 310s [p11_child[3248]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 310s [p11_child[3248]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 310s [p11_child[3248]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 310s [p11_child[3248]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 310s [p11_child[3248]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 310s [p11_child[3248]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 310s [p11_child[3248]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 310s [p11_child[3248]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 310s [p11_child[3248]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 310s [p11_child[3248]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 310s [p11_child[3248]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 310s [p11_child[3248]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 310s [p11_child[3248]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 310s [p11_child[3248]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 310s [p11_child[3248]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 310s [p11_child[3248]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 310s [p11_child[3248]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 310s [p11_child[3248]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 310s [p11_child[3248]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 310s [p11_child[3248]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 310s [p11_child[3248]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 310s [p11_child[3248]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 310s [p11_child[3248]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 310s [p11_child[3248]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 310s [p11_child[3248]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 310s [p11_child[3248]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 310s [p11_child[3248]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 310s [p11_child[3248]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 310s [p11_child[3248]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 310s [p11_child[3248]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 310s [p11_child[3248]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 310s [p11_child[3248]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 310s [p11_child[3248]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 310s [p11_child[3248]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 310s [p11_child[3248]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 310s [p11_child[3248]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 310s [p11_child[3248]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 310s [p11_child[3248]] [do_card] (0x4000): Certificate verified and validated. 310s [p11_child[3248]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 310s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-m6N4Q8/SSSD-child-4832-auth.output 310s + echo '-----BEGIN CERTIFICATE-----' 310s + tail -n1 /tmp/sssd-softhsm2-m6N4Q8/SSSD-child-4832-auth.output 310s + echo '-----END CERTIFICATE-----' 310s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-m6N4Q8/SSSD-child-4832-auth.pem 310s Certificate: 310s Data: 310s Version: 3 (0x2) 310s Serial Number: 3 (0x3) 310s Signature Algorithm: sha256WithRSAEncryption 310s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 310s Validity 310s Not Before: Mar 16 12:37:17 2024 GMT 310s Not After : Mar 16 12:37:17 2025 GMT 310s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 310s Subject Public Key Info: 310s Public Key Algorithm: rsaEncryption 310s Public-Key: (1024 bit) 310s Modulus: 310s 00:c3:43:fe:dd:8b:f8:e6:b8:c0:54:28:d2:91:93: 310s 3d:e7:e8:f8:89:b3:d0:b8:d7:4f:92:b5:53:1f:00: 310s 2a:d9:2d:6d:bd:f5:02:57:e3:17:34:70:82:d2:1c: 310s 19:09:32:62:84:1b:ea:1f:2c:2c:12:79:b7:97:db: 310s de:fb:c0:ab:51:d9:a6:6a:1e:57:b1:73:60:93:5f: 310s f5:25:d9:af:20:a9:b5:94:28:22:28:e1:5a:25:88: 310s 0f:25:40:e6:20:e7:af:71:00:f3:3e:98:2b:a7:c5: 310s 59:1d:48:7e:98:29:67:4d:cf:38:53:96:10:c4:73: 310s e6:84:ae:24:1e:45:39:84:fb 310s Exponent: 65537 (0x10001) 310s X509v3 extensions: 310s X509v3 Authority Key Identifier: 310s 55:0F:BB:06:42:FE:AB:4A:81:A0:5B:88:4D:C1:CA:02:E5:4F:76:86 310s X509v3 Basic Constraints: 310s CA:FALSE 310s Netscape Cert Type: 310s SSL Client, S/MIME 310s Netscape Comment: 310s Test Organization Root CA trusted Certificate 310s X509v3 Subject Key Identifier: 310s B1:4F:C0:A5:4F:10:6A:48:52:A7:95:2C:20:7C:07:7E:60:18:14:67 310s X509v3 Key Usage: critical 310s Digital Signature, Non Repudiation, Key Encipherment 310s X509v3 Extended Key Usage: 310s TLS Web Client Authentication, E-mail Protection 310s X509v3 Subject Alternative Name: 310s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 310s Signature Algorithm: sha256WithRSAEncryption 310s Signature Value: 310s 0a:fa:93:1a:f7:56:02:08:2f:b6:c1:a3:1f:29:e1:a7:3f:a1: 310s dd:58:27:52:bb:ea:7a:5e:e3:4a:21:17:61:f9:05:65:fa:8c: 310s 3f:df:e7:e8:7d:c3:0e:2f:fb:e9:e0:8e:d7:0f:64:dc:b8:89: 310s 36:db:a2:cc:5b:e5:3f:8f:6f:b0:d4:eb:f6:a0:c4:7c:8d:9b: 310s a5:40:1c:3d:ee:b1:7b:cd:aa:ca:f1:bf:cf:fd:09:3e:ac:6b: 310s 44:77:60:ba:3a:e9:39:91:fd:5b:86:03:46:b6:fd:65:30:37: 310s 9a:bc:d4:db:a6:d7:52:f7:2d:c6:99:31:a9:3b:ab:ca:d7:2b: 310s 73:0a 310s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-m6N4Q8/SSSD-child-4832-auth.pem 310s + found_md5=Modulus=C343FEDD8BF8E6B8C05428D291933DE7E8F889B3D0B8D74F92B5531F002AD92D6DBDF50257E317347082D21C19093262841BEA1F2C2C1279B797DBDEFBC0AB51D9A66A1E57B17360935FF525D9AF20A9B594282228E15A25880F2540E620E7AF7100F33E982BA7C5591D487E9829674DCF38539610C473E684AE241E453984FB 310s + '[' Modulus=C343FEDD8BF8E6B8C05428D291933DE7E8F889B3D0B8D74F92B5531F002AD92D6DBDF50257E317347082D21C19093262841BEA1F2C2C1279B797DBDEFBC0AB51D9A66A1E57B17360935FF525D9AF20A9B594282228E15A25880F2540E620E7AF7100F33E982BA7C5591D487E9829674DCF38539610C473E684AE241E453984FB '!=' Modulus=C343FEDD8BF8E6B8C05428D291933DE7E8F889B3D0B8D74F92B5531F002AD92D6DBDF50257E317347082D21C19093262841BEA1F2C2C1279B797DBDEFBC0AB51D9A66A1E57B17360935FF525D9AF20A9B594282228E15A25880F2540E620E7AF7100F33E982BA7C5591D487E9829674DCF38539610C473E684AE241E453984FB ']' 310s + valid_certificate /tmp/sssd-softhsm2-m6N4Q8/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-6164 /tmp/sssd-softhsm2-m6N4Q8/test-full-chain-CA.pem partial_chain 310s + check_certificate /tmp/sssd-softhsm2-m6N4Q8/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-6164 /tmp/sssd-softhsm2-m6N4Q8/test-full-chain-CA.pem partial_chain 310s + local certificate=/tmp/sssd-softhsm2-m6N4Q8/test-root-CA-trusted-certificate-0001.pem 310s + local key_pass=pass:random-root-ca-trusted-cert-0001-6164 310s + local key_ring=/tmp/sssd-softhsm2-m6N4Q8/test-full-chain-CA.pem 310s + local verify_option=partial_chain 310s + prepare_softhsm2_card /tmp/sssd-softhsm2-m6N4Q8/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-6164 310s + local certificate=/tmp/sssd-softhsm2-m6N4Q8/test-root-CA-trusted-certificate-0001.pem 310s + local key_pass=pass:random-root-ca-trusted-cert-0001-6164 310s + local key_cn 310s + local key_name 310s + local tokens_dir 310s + local output_cert_file 310s + token_name= 310s ++ basename /tmp/sssd-softhsm2-m6N4Q8/test-root-CA-trusted-certificate-0001.pem .pem 310s + key_name=test-root-CA-trusted-certificate-0001 310s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-m6N4Q8/test-root-CA-trusted-certificate-0001.pem 310s ++ sed -n 's/ *commonName *= //p' 310s + key_cn='Test Organization Root Trusted Certificate 0001' 310s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 310s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-m6N4Q8/softhsm2-test-root-CA-trusted-certificate-0001.conf 310s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-m6N4Q8/softhsm2-test-root-CA-trusted-certificate-0001.conf 310s ++ basename /tmp/sssd-softhsm2-m6N4Q8/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 310s + tokens_dir=/tmp/sssd-softhsm2-m6N4Q8/softhsm2-test-root-CA-trusted-certificate-0001 310s + token_name='Test Organization Root Tr Token' 310s Test Organization Root Tr Token 310s + '[' '!' -e /tmp/sssd-softhsm2-m6N4Q8/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 310s + '[' '!' -d /tmp/sssd-softhsm2-m6N4Q8/softhsm2-test-root-CA-trusted-certificate-0001 ']' 310s + echo 'Test Organization Root Tr Token' 310s + '[' -n partial_chain ']' 310s + local verify_arg=--verify=partial_chain 310s + local output_base_name=SSSD-child-12063 310s + local output_file=/tmp/sssd-softhsm2-m6N4Q8/SSSD-child-12063.output 310s + output_cert_file=/tmp/sssd-softhsm2-m6N4Q8/SSSD-child-12063.pem 310s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-m6N4Q8/test-full-chain-CA.pem 310s [p11_child[3258]] [main] (0x0400): p11_child started. 310s [p11_child[3258]] [main] (0x2000): Running in [pre-auth] mode. 310s [p11_child[3258]] [main] (0x2000): Running with effective IDs: [0][0]. 310s [p11_child[3258]] [main] (0x2000): Running with real IDs [0][0]. 310s [p11_child[3258]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 310s [p11_child[3258]] [do_card] (0x4000): Module List: 310s [p11_child[3258]] [do_card] (0x4000): common name: [softhsm2]. 310s [p11_child[3258]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 310s [p11_child[3258]] [do_card] (0x4000): Description [SoftHSM slot ID 0x3c2d2140] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 310s [p11_child[3258]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 310s [p11_child[3258]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x3c2d2140][1009590592] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 310s [p11_child[3258]] [do_card] (0x4000): Login NOT required. 310s [p11_child[3258]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 310s [p11_child[3258]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 310s [p11_child[3258]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Root Tr Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 310s [p11_child[3258]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x3c2d2140;slot-manufacturer=SoftHSM%20project;slot-id=1009590592;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=0b432a833c2d2140;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 310s [p11_child[3258]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 310s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-m6N4Q8/SSSD-child-12063.output 310s + echo '-----BEGIN CERTIFICATE-----' 310s + tail -n1 /tmp/sssd-softhsm2-m6N4Q8/SSSD-child-12063.output 310s + echo '-----END CERTIFICATE-----' 310s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-m6N4Q8/SSSD-child-12063.pem 310s Certificate: 310s Data: 310s Version: 3 (0x2) 310s Serial Number: 3 (0x3) 310s Signature Algorithm: sha256WithRSAEncryption 310s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 310s Validity 310s Not Before: Mar 16 12:37:17 2024 GMT 310s Not After : Mar 16 12:37:17 2025 GMT 310s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 310s Subject Public Key Info: 310s Public Key Algorithm: rsaEncryption 310s Public-Key: (1024 bit) 310s Modulus: 310s 00:c3:43:fe:dd:8b:f8:e6:b8:c0:54:28:d2:91:93: 310s 3d:e7:e8:f8:89:b3:d0:b8:d7:4f:92:b5:53:1f:00: 310s 2a:d9:2d:6d:bd:f5:02:57:e3:17:34:70:82:d2:1c: 310s 19:09:32:62:84:1b:ea:1f:2c:2c:12:79:b7:97:db: 310s de:fb:c0:ab:51:d9:a6:6a:1e:57:b1:73:60:93:5f: 310s f5:25:d9:af:20:a9:b5:94:28:22:28:e1:5a:25:88: 310s 0f:25:40:e6:20:e7:af:71:00:f3:3e:98:2b:a7:c5: 310s 59:1d:48:7e:98:29:67:4d:cf:38:53:96:10:c4:73: 310s e6:84:ae:24:1e:45:39:84:fb 310s Exponent: 65537 (0x10001) 310s X509v3 extensions: 310s X509v3 Authority Key Identifier: 310s 55:0F:BB:06:42:FE:AB:4A:81:A0:5B:88:4D:C1:CA:02:E5:4F:76:86 310s X509v3 Basic Constraints: 310s CA:FALSE 310s Netscape Cert Type: 310s SSL Client, S/MIME 310s Netscape Comment: 310s Test Organization Root CA trusted Certificate 310s X509v3 Subject Key Identifier: 310s B1:4F:C0:A5:4F:10:6A:48:52:A7:95:2C:20:7C:07:7E:60:18:14:67 310s X509v3 Key Usage: critical 310s Digital Signature, Non Repudiation, Key Encipherment 310s X509v3 Extended Key Usage: 310s TLS Web Client Authentication, E-mail Protection 310s X509v3 Subject Alternative Name: 310s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 310s Signature Algorithm: sha256WithRSAEncryption 310s Signature Value: 310s 0a:fa:93:1a:f7:56:02:08:2f:b6:c1:a3:1f:29:e1:a7:3f:a1: 310s dd:58:27:52:bb:ea:7a:5e:e3:4a:21:17:61:f9:05:65:fa:8c: 310s 3f:df:e7:e8:7d:c3:0e:2f:fb:e9:e0:8e:d7:0f:64:dc:b8:89: 310s 36:db:a2:cc:5b:e5:3f:8f:6f:b0:d4:eb:f6:a0:c4:7c:8d:9b: 310s a5:40:1c:3d:ee:b1:7b:cd:aa:ca:f1:bf:cf:fd:09:3e:ac:6b: 310s 44:77:60:ba:3a:e9:39:91:fd:5b:86:03:46:b6:fd:65:30:37: 310s 9a:bc:d4:db:a6:d7:52:f7:2d:c6:99:31:a9:3b:ab:ca:d7:2b: 310s 73:0a 310s + local found_md5 expected_md5 310s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-m6N4Q8/test-root-CA-trusted-certificate-0001.pem 310s + expected_md5=Modulus=C343FEDD8BF8E6B8C05428D291933DE7E8F889B3D0B8D74F92B5531F002AD92D6DBDF50257E317347082D21C19093262841BEA1F2C2C1279B797DBDEFBC0AB51D9A66A1E57B17360935FF525D9AF20A9B594282228E15A25880F2540E620E7AF7100F33E982BA7C5591D487E9829674DCF38539610C473E684AE241E453984FB 310s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-m6N4Q8/SSSD-child-12063.pem 310s + found_md5=Modulus=C343FEDD8BF8E6B8C05428D291933DE7E8F889B3D0B8D74F92B5531F002AD92D6DBDF50257E317347082D21C19093262841BEA1F2C2C1279B797DBDEFBC0AB51D9A66A1E57B17360935FF525D9AF20A9B594282228E15A25880F2540E620E7AF7100F33E982BA7C5591D487E9829674DCF38539610C473E684AE241E453984FB 310s + '[' Modulus=C343FEDD8BF8E6B8C05428D291933DE7E8F889B3D0B8D74F92B5531F002AD92D6DBDF50257E317347082D21C19093262841BEA1F2C2C1279B797DBDEFBC0AB51D9A66A1E57B17360935FF525D9AF20A9B594282228E15A25880F2540E620E7AF7100F33E982BA7C5591D487E9829674DCF38539610C473E684AE241E453984FB '!=' Modulus=C343FEDD8BF8E6B8C05428D291933DE7E8F889B3D0B8D74F92B5531F002AD92D6DBDF50257E317347082D21C19093262841BEA1F2C2C1279B797DBDEFBC0AB51D9A66A1E57B17360935FF525D9AF20A9B594282228E15A25880F2540E620E7AF7100F33E982BA7C5591D487E9829674DCF38539610C473E684AE241E453984FB ']' 310s + output_file=/tmp/sssd-softhsm2-m6N4Q8/SSSD-child-12063-auth.output 310s ++ basename /tmp/sssd-softhsm2-m6N4Q8/SSSD-child-12063-auth.output .output 310s + output_cert_file=/tmp/sssd-softhsm2-m6N4Q8/SSSD-child-12063-auth.pem 310s + echo -n 053350 310s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-m6N4Q8/test-full-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Root Tr Token' --module_name /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so 310s [p11_child[3266]] [main] (0x0400): p11_child started. 310s [p11_child[3266]] [main] (0x2000): Running in [auth] mode. 310s [p11_child[3266]] [main] (0x2000): Running with effective IDs: [0][0]. 310s [p11_child[3266]] [main] (0x2000): Running with real IDs [0][0]. 310s [p11_child[3266]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 310s [p11_child[3266]] [do_card] (0x4000): Module List: 310s [p11_child[3266]] [do_card] (0x4000): common name: [softhsm2]. 310s [p11_child[3266]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 310s [p11_child[3266]] [do_card] (0x4000): Description [SoftHSM slot ID 0x3c2d2140] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 310s [p11_child[3266]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 310s [p11_child[3266]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x3c2d2140][1009590592] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 310s [p11_child[3266]] [do_card] (0x4000): Login required. 310s [p11_child[3266]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 310s [p11_child[3266]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 310s [p11_child[3266]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so Test Organization Root Tr Token Test Organization Root Tr Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 310s [p11_child[3266]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x3c2d2140;slot-manufacturer=SoftHSM%20project;slot-id=1009590592;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=0b432a833c2d2140;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 310s [p11_child[3266]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 310s [p11_child[3266]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 310s [p11_child[3266]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 310s [p11_child[3266]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 310s [p11_child[3266]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 310s [p11_child[3266]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 310s [p11_child[3266]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 310s [p11_child[3266]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 310s [p11_child[3266]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 310s [p11_child[3266]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 310s [p11_child[3266]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 310s [p11_child[3266]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 310s [p11_child[3266]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 310s [p11_child[3266]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 310s [p11_child[3266]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 310s [p11_child[3266]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 310s [p11_child[3266]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 310s [p11_child[3266]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 310s [p11_child[3266]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 310s [p11_child[3266]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 310s [p11_child[3266]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 310s [p11_child[3266]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 310s [p11_child[3266]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 310s [p11_child[3266]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 310s [p11_child[3266]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 310s [p11_child[3266]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 310s [p11_child[3266]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 310s [p11_child[3266]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 310s [p11_child[3266]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 310s [p11_child[3266]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 310s [p11_child[3266]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 310s [p11_child[3266]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 310s [p11_child[3266]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 310s [p11_child[3266]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 310s [p11_child[3266]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 310s [p11_child[3266]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 310s [p11_child[3266]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 310s [p11_child[3266]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 310s [p11_child[3266]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 310s [p11_child[3266]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 310s [p11_child[3266]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 310s [p11_child[3266]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 310s [p11_child[3266]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 310s [p11_child[3266]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 310s [p11_child[3266]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 310s [p11_child[3266]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 310s [p11_child[3266]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 310s [p11_child[3266]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 310s [p11_child[3266]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 310s [p11_child[3266]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 310s [p11_child[3266]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 310s [p11_child[3266]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 310s [p11_child[3266]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 310s [p11_child[3266]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 310s [p11_child[3266]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 310s [p11_child[3266]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 310s [p11_child[3266]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 310s [p11_child[3266]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 310s [p11_child[3266]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 310s [p11_child[3266]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 310s [p11_child[3266]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 310s [p11_child[3266]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 310s [p11_child[3266]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 310s [p11_child[3266]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 310s [p11_child[3266]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 310s [p11_child[3266]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 310s [p11_child[3266]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 310s [p11_child[3266]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 310s [p11_child[3266]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 310s [p11_child[3266]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 310s [p11_child[3266]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 310s [p11_child[3266]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 310s [p11_child[3266]] [do_card] (0x4000): Certificate verified and validated. 310s [p11_child[3266]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 310s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-m6N4Q8/SSSD-child-12063-auth.output 310s + echo '-----BEGIN CERTIFICATE-----' 310s + tail -n1 /tmp/sssd-softhsm2-m6N4Q8/SSSD-child-12063-auth.output 310s + echo '-----END CERTIFICATE-----' 310s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-m6N4Q8/SSSD-child-12063-auth.pem 310s Certificate: 310s Data: 310s Version: 3 (0x2) 310s Serial Number: 3 (0x3) 310s Signature Algorithm: sha256WithRSAEncryption 310s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 310s Validity 310s Not Before: Mar 16 12:37:17 2024 GMT 310s Not After : Mar 16 12:37:17 2025 GMT 310s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 310s Subject Public Key Info: 310s Public Key Algorithm: rsaEncryption 310s Public-Key: (1024 bit) 310s Modulus: 310s 00:c3:43:fe:dd:8b:f8:e6:b8:c0:54:28:d2:91:93: 310s 3d:e7:e8:f8:89:b3:d0:b8:d7:4f:92:b5:53:1f:00: 310s 2a:d9:2d:6d:bd:f5:02:57:e3:17:34:70:82:d2:1c: 310s 19:09:32:62:84:1b:ea:1f:2c:2c:12:79:b7:97:db: 310s de:fb:c0:ab:51:d9:a6:6a:1e:57:b1:73:60:93:5f: 310s f5:25:d9:af:20:a9:b5:94:28:22:28:e1:5a:25:88: 310s 0f:25:40:e6:20:e7:af:71:00:f3:3e:98:2b:a7:c5: 310s 59:1d:48:7e:98:29:67:4d:cf:38:53:96:10:c4:73: 310s e6:84:ae:24:1e:45:39:84:fb 310s Exponent: 65537 (0x10001) 310s X509v3 extensions: 310s X509v3 Authority Key Identifier: 310s 55:0F:BB:06:42:FE:AB:4A:81:A0:5B:88:4D:C1:CA:02:E5:4F:76:86 310s X509v3 Basic Constraints: 310s CA:FALSE 310s Netscape Cert Type: 310s SSL Client, S/MIME 310s Netscape Comment: 310s Test Organization Root CA trusted Certificate 310s X509v3 Subject Key Identifier: 310s B1:4F:C0:A5:4F:10:6A:48:52:A7:95:2C:20:7C:07:7E:60:18:14:67 310s X509v3 Key Usage: critical 310s Digital Signature, Non Repudiation, Key Encipherment 310s X509v3 Extended Key Usage: 310s TLS Web Client Authentication, E-mail Protection 310s X509v3 Subject Alternative Name: 310s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 310s Signature Algorithm: sha256WithRSAEncryption 310s Signature Value: 310s 0a:fa:93:1a:f7:56:02:08:2f:b6:c1:a3:1f:29:e1:a7:3f:a1: 310s dd:58:27:52:bb:ea:7a:5e:e3:4a:21:17:61:f9:05:65:fa:8c: 310s 3f:df:e7:e8:7d:c3:0e:2f:fb:e9:e0:8e:d7:0f:64:dc:b8:89: 310s 36:db:a2:cc:5b:e5:3f:8f:6f:b0:d4:eb:f6:a0:c4:7c:8d:9b: 310s a5:40:1c:3d:ee:b1:7b:cd:aa:ca:f1:bf:cf:fd:09:3e:ac:6b: 310s 44:77:60:ba:3a:e9:39:91:fd:5b:86:03:46:b6:fd:65:30:37: 310s 9a:bc:d4:db:a6:d7:52:f7:2d:c6:99:31:a9:3b:ab:ca:d7:2b: 310s 73:0a 310s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-m6N4Q8/SSSD-child-12063-auth.pem 310s + found_md5=Modulus=C343FEDD8BF8E6B8C05428D291933DE7E8F889B3D0B8D74F92B5531F002AD92D6DBDF50257E317347082D21C19093262841BEA1F2C2C1279B797DBDEFBC0AB51D9A66A1E57B17360935FF525D9AF20A9B594282228E15A25880F2540E620E7AF7100F33E982BA7C5591D487E9829674DCF38539610C473E684AE241E453984FB 310s + '[' Modulus=C343FEDD8BF8E6B8C05428D291933DE7E8F889B3D0B8D74F92B5531F002AD92D6DBDF50257E317347082D21C19093262841BEA1F2C2C1279B797DBDEFBC0AB51D9A66A1E57B17360935FF525D9AF20A9B594282228E15A25880F2540E620E7AF7100F33E982BA7C5591D487E9829674DCF38539610C473E684AE241E453984FB '!=' Modulus=C343FEDD8BF8E6B8C05428D291933DE7E8F889B3D0B8D74F92B5531F002AD92D6DBDF50257E317347082D21C19093262841BEA1F2C2C1279B797DBDEFBC0AB51D9A66A1E57B17360935FF525D9AF20A9B594282228E15A25880F2540E620E7AF7100F33E982BA7C5591D487E9829674DCF38539610C473E684AE241E453984FB ']' 310s + invalid_certificate /tmp/sssd-softhsm2-m6N4Q8/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-6164 /tmp/sssd-softhsm2-m6N4Q8/test-intermediate-CA.pem 310s + check_certificate /tmp/sssd-softhsm2-m6N4Q8/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-6164 /tmp/sssd-softhsm2-m6N4Q8/test-intermediate-CA.pem 310s + local certificate=/tmp/sssd-softhsm2-m6N4Q8/test-root-CA-trusted-certificate-0001.pem 310s + local key_pass=pass:random-root-ca-trusted-cert-0001-6164 310s + local key_ring=/tmp/sssd-softhsm2-m6N4Q8/test-intermediate-CA.pem 310s + local verify_option= 310s + prepare_softhsm2_card /tmp/sssd-softhsm2-m6N4Q8/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-6164 310s + local certificate=/tmp/sssd-softhsm2-m6N4Q8/test-root-CA-trusted-certificate-0001.pem 310s + local key_pass=pass:random-root-ca-trusted-cert-0001-6164 310s + local key_cn 310s + local key_name 310s + local tokens_dir 310s + local output_cert_file 310s + token_name= 310s ++ basename /tmp/sssd-softhsm2-m6N4Q8/test-root-CA-trusted-certificate-0001.pem .pem 310s + key_name=test-root-CA-trusted-certificate-0001 310s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-m6N4Q8/test-root-CA-trusted-certificate-0001.pem 310s ++ sed -n 's/ *commonName *= //p' 310s + key_cn='Test Organization Root Trusted Certificate 0001' 310s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 310s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-m6N4Q8/softhsm2-test-root-CA-trusted-certificate-0001.conf 310s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-m6N4Q8/softhsm2-test-root-CA-trusted-certificate-0001.conf 310s ++ basename /tmp/sssd-softhsm2-m6N4Q8/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 310s + tokens_dir=/tmp/sssd-softhsm2-m6N4Q8/softhsm2-test-root-CA-trusted-certificate-0001 310s + token_name='Test Organization Root Tr Token' 310s + '[' '!' -e /tmp/sssd-softhsm2-m6N4Q8/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 310s + '[' '!' -d /tmp/sssd-softhsm2-m6N4Q8/softhsm2-test-root-CA-trusted-certificate-0001 ']' 310s Test Organization Root Tr Token 310s + echo 'Test Organization Root Tr Token' 310s + '[' -n '' ']' 310s + local output_base_name=SSSD-child-25552 310s + local output_file=/tmp/sssd-softhsm2-m6N4Q8/SSSD-child-25552.output 310s + output_cert_file=/tmp/sssd-softhsm2-m6N4Q8/SSSD-child-25552.pem 310s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-m6N4Q8/test-intermediate-CA.pem 310s [p11_child[3276]] [main] (0x0400): p11_child started. 310s [p11_child[3276]] [main] (0x2000): Running in [pre-auth] mode. 310s [p11_child[3276]] [main] (0x2000): Running with effective IDs: [0][0]. 310s [p11_child[3276]] [main] (0x2000): Running with real IDs [0][0]. 310s [p11_child[3276]] [do_card] (0x4000): Module List: 310s [p11_child[3276]] [do_card] (0x4000): common name: [softhsm2]. 310s [p11_child[3276]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 310s [p11_child[3276]] [do_card] (0x4000): Description [SoftHSM slot ID 0x3c2d2140] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 310s [p11_child[3276]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 310s [p11_child[3276]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x3c2d2140][1009590592] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 310s [p11_child[3276]] [do_card] (0x4000): Login NOT required. 310s [p11_child[3276]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 310s [p11_child[3276]] [do_verification] (0x0040): X509_verify_cert failed [0]. 310s [p11_child[3276]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 310s [p11_child[3276]] [read_certs] (0x0040): Certificate [Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] not valid, skipping. 310s [p11_child[3276]] [do_card] (0x4000): No certificate found. 310s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-m6N4Q8/SSSD-child-25552.output 310s + return 2 310s + invalid_certificate /tmp/sssd-softhsm2-m6N4Q8/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-6164 /tmp/sssd-softhsm2-m6N4Q8/test-intermediate-CA.pem partial_chain 310s + check_certificate /tmp/sssd-softhsm2-m6N4Q8/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-6164 /tmp/sssd-softhsm2-m6N4Q8/test-intermediate-CA.pem partial_chain 310s + local certificate=/tmp/sssd-softhsm2-m6N4Q8/test-root-CA-trusted-certificate-0001.pem 310s + local key_pass=pass:random-root-ca-trusted-cert-0001-6164 310s + local key_ring=/tmp/sssd-softhsm2-m6N4Q8/test-intermediate-CA.pem 310s + local verify_option=partial_chain 310s + prepare_softhsm2_card /tmp/sssd-softhsm2-m6N4Q8/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-6164 310s + local certificate=/tmp/sssd-softhsm2-m6N4Q8/test-root-CA-trusted-certificate-0001.pem 310s + local key_pass=pass:random-root-ca-trusted-cert-0001-6164 310s + local key_cn 310s + local key_name 310s + local tokens_dir 310s + local output_cert_file 310s + token_name= 310s ++ basename /tmp/sssd-softhsm2-m6N4Q8/test-root-CA-trusted-certificate-0001.pem .pem 310s + key_name=test-root-CA-trusted-certificate-0001 310s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-m6N4Q8/test-root-CA-trusted-certificate-0001.pem 310s ++ sed -n 's/ *commonName *= //p' 310s + key_cn='Test Organization Root Trusted Certificate 0001' 310s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 310s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-m6N4Q8/softhsm2-test-root-CA-trusted-certificate-0001.conf 310s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-m6N4Q8/softhsm2-test-root-CA-trusted-certificate-0001.conf 310s ++ basename /tmp/sssd-softhsm2-m6N4Q8/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 310s + tokens_dir=/tmp/sssd-softhsm2-m6N4Q8/softhsm2-test-root-CA-trusted-certificate-0001 310s + token_name='Test Organization Root Tr Token' 310s + '[' '!' -e /tmp/sssd-softhsm2-m6N4Q8/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 310s + '[' '!' -d /tmp/sssd-softhsm2-m6N4Q8/softhsm2-test-root-CA-trusted-certificate-0001 ']' 310s + echo 'Test Organization Root Tr Token' 310s + '[' -n partial_chain ']' 310s + local verify_arg=--verify=partial_chain 310s + local output_base_name=SSSD-child-31338 310s + local output_file=/tmp/sssd-softhsm2-m6N4Q8/SSSD-child-31338.output 310s + output_cert_file=/tmp/sssd-softhsm2-m6N4Q8/SSSD-child-31338.pem 310s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-m6N4Q8/test-intermediate-CA.pem 310s Test Organization Root Tr Token 310s [p11_child[3283]] [main] (0x0400): p11_child started. 310s [p11_child[3283]] [main] (0x2000): Running in [pre-auth] mode. 310s [p11_child[3283]] [main] (0x2000): Running with effective IDs: [0][0]. 310s [p11_child[3283]] [main] (0x2000): Running with real IDs [0][0]. 310s [p11_child[3283]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 310s [p11_child[3283]] [do_card] (0x4000): Module List: 310s [p11_child[3283]] [do_card] (0x4000): common name: [softhsm2]. 310s [p11_child[3283]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 310s [p11_child[3283]] [do_card] (0x4000): Description [SoftHSM slot ID 0x3c2d2140] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 310s [p11_child[3283]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 310s [p11_child[3283]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x3c2d2140][1009590592] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 310s [p11_child[3283]] [do_card] (0x4000): Login NOT required. 310s [p11_child[3283]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 310s [p11_child[3283]] [do_verification] (0x0040): X509_verify_cert failed [0]. 310s [p11_child[3283]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 310s [p11_child[3283]] [read_certs] (0x0040): Certificate [Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] not valid, skipping. 310s [p11_child[3283]] [do_card] (0x4000): No certificate found. 310s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-m6N4Q8/SSSD-child-31338.output 310s + return 2 310s + invalid_certificate /tmp/sssd-softhsm2-m6N4Q8/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-19449 /dev/null 310s + check_certificate /tmp/sssd-softhsm2-m6N4Q8/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-19449 /dev/null 310s + local certificate=/tmp/sssd-softhsm2-m6N4Q8/test-intermediate-CA-trusted-certificate-0001.pem 310s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-19449 310s + local key_ring=/dev/null 310s + local verify_option= 310s + prepare_softhsm2_card /tmp/sssd-softhsm2-m6N4Q8/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-19449 310s + local certificate=/tmp/sssd-softhsm2-m6N4Q8/test-intermediate-CA-trusted-certificate-0001.pem 310s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-19449 310s + local key_cn 310s + local key_name 310s + local tokens_dir 310s + local output_cert_file 310s + token_name= 310s ++ basename /tmp/sssd-softhsm2-m6N4Q8/test-intermediate-CA-trusted-certificate-0001.pem .pem 310s + key_name=test-intermediate-CA-trusted-certificate-0001 310s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-m6N4Q8/test-intermediate-CA-trusted-certificate-0001.pem 310s ++ sed -n 's/ *commonName *= //p' 310s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 310s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 310s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-m6N4Q8/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 310s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-m6N4Q8/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 310s ++ basename /tmp/sssd-softhsm2-m6N4Q8/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 310s + tokens_dir=/tmp/sssd-softhsm2-m6N4Q8/softhsm2-test-intermediate-CA-trusted-certificate-0001 310s + token_name='Test Organization Interme Token' 310s + '[' '!' -e /tmp/sssd-softhsm2-m6N4Q8/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 310s + local key_file 310s + local decrypted_key 310s + mkdir -p /tmp/sssd-softhsm2-m6N4Q8/softhsm2-test-intermediate-CA-trusted-certificate-0001 310s + key_file=/tmp/sssd-softhsm2-m6N4Q8/test-intermediate-CA-trusted-certificate-0001-key.pem 310s + decrypted_key=/tmp/sssd-softhsm2-m6N4Q8/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 310s + cat 310s + softhsm2-util --init-token --label 'Test Organization Interme Token' --pin 053350 --so-pin 053350 --free 310s Slot 0 has a free/uninitialized token. 310s The token has been initialized and is reassigned to slot 1860482032 310s + softhsm2-util --show-slots 310s Available slots: 310s Slot 1860482032 310s Slot info: 310s Description: SoftHSM slot ID 0x6ee4b3f0 310s Manufacturer ID: SoftHSM project 310s Hardware version: 2.6 310s Firmware version: 2.6 310s Token present: yes 310s Token info: 310s Manufacturer ID: SoftHSM project 310s Model: SoftHSM v2 310s Hardware version: 2.6 310s Firmware version: 2.6 310s Serial number: 67048c9ceee4b3f0 310s Initialized: yes 310s User PIN init.: yes 310s Label: Test Organization Interme Token 310s Slot 1 310s Slot info: 310s Description: SoftHSM slot ID 0x1 310s Manufacturer ID: SoftHSM project 310s Hardware version: 2.6 310s Firmware version: 2.6 310s Token present: yes 310s Token info: 310s Manufacturer ID: SoftHSM project 310s Model: SoftHSM v2 310s Hardware version: 2.6 310s Firmware version: 2.6 310s Serial number: 310s Initialized: no 310s User PIN init.: no 310s Label: 310s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=/tmp/sssd-softhsm2-m6N4Q8/test-intermediate-CA-trusted-certificate-0001.pem --login --set-pin=053350 --label 'Test Organization Intermediate Trusted Certificate 0001' --id 00112233445566778899FFAABBCCDDEEFF012345 310s + openssl rsa -passin pass:random-intermediate-ca-trusted-cert-0001-19449 -in /tmp/sssd-softhsm2-m6N4Q8/test-intermediate-CA-trusted-certificate-0001-key.pem -out /tmp/sssd-softhsm2-m6N4Q8/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 310s writing RSA key 310s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --write --load-privkey=/tmp/sssd-softhsm2-m6N4Q8/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem --login --set-pin=053350 --label 'Test Organization Intermediate Trusted Certificate 0001 Key' --id 00112233445566778899FFAABBCCDDEEFF012345 310s + rm /tmp/sssd-softhsm2-m6N4Q8/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 310s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --list-all 310s Object 0: 310s URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=67048c9ceee4b3f0;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert 310s Type: X.509 Certificate (RSA-1024) 310s Expires: Sun Mar 16 12:37:17 2025 310s Label: Test Organization Intermediate Trusted Certificate 0001 310s ID: 00:11:22:33:44:55:66:77:88:99:ff:aa:bb:cc:dd:ee:ff:01:23:45 310s 310s Test Organization Interme Token 310s + echo 'Test Organization Interme Token' 310s + '[' -n '' ']' 310s + local output_base_name=SSSD-child-21428 310s + local output_file=/tmp/sssd-softhsm2-m6N4Q8/SSSD-child-21428.output 310s + output_cert_file=/tmp/sssd-softhsm2-m6N4Q8/SSSD-child-21428.pem 310s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/dev/null 310s [p11_child[3299]] [main] (0x0400): p11_child started. 310s [p11_child[3299]] [main] (0x2000): Running in [pre-auth] mode. 310s [p11_child[3299]] [main] (0x2000): Running with effective IDs: [0][0]. 310s [p11_child[3299]] [main] (0x2000): Running with real IDs [0][0]. 310s [p11_child[3299]] [init_verification] (0x0040): X509_LOOKUP_load_file [/dev/null] failed [92274824][error:05800088:x509 certificate routines::no certificate or crl found]. 310s [p11_child[3299]] [do_work] (0x0040): init_verification failed. 310s [p11_child[3299]] [main] (0x0020): p11_child failed (5) 310s + return 2 310s + valid_certificate /tmp/sssd-softhsm2-m6N4Q8/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-19449 /dev/null no_verification 310s + check_certificate /tmp/sssd-softhsm2-m6N4Q8/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-19449 /dev/null no_verification 310s + local certificate=/tmp/sssd-softhsm2-m6N4Q8/test-intermediate-CA-trusted-certificate-0001.pem 310s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-19449 310s + local key_ring=/dev/null 310s + local verify_option=no_verification 310s + prepare_softhsm2_card /tmp/sssd-softhsm2-m6N4Q8/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-19449 310s + local certificate=/tmp/sssd-softhsm2-m6N4Q8/test-intermediate-CA-trusted-certificate-0001.pem 310s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-19449 310s + local key_cn 310s + local key_name 310s + local tokens_dir 310s + local output_cert_file 310s + token_name= 310s ++ basename /tmp/sssd-softhsm2-m6N4Q8/test-intermediate-CA-trusted-certificate-0001.pem .pem 310s + key_name=test-intermediate-CA-trusted-certificate-0001 310s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-m6N4Q8/test-intermediate-CA-trusted-certificate-0001.pem 310s ++ sed -n 's/ *commonName *= //p' 310s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 310s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 310s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-m6N4Q8/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 310s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-m6N4Q8/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 310s ++ basename /tmp/sssd-softhsm2-m6N4Q8/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 310s + tokens_dir=/tmp/sssd-softhsm2-m6N4Q8/softhsm2-test-intermediate-CA-trusted-certificate-0001 310s + token_name='Test Organization Interme Token' 310s + '[' '!' -e /tmp/sssd-softhsm2-m6N4Q8/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 310s + '[' '!' -d /tmp/sssd-softhsm2-m6N4Q8/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 310s + echo 'Test Organization Interme Token' 310s + '[' -n no_verification ']' 310s + local verify_arg=--verify=no_verification 310s + local output_base_name=SSSD-child-18784 310s Test Organization Interme Token 310s + local output_file=/tmp/sssd-softhsm2-m6N4Q8/SSSD-child-18784.output 310s + output_cert_file=/tmp/sssd-softhsm2-m6N4Q8/SSSD-child-18784.pem 310s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --verify=no_verification --ca_db=/dev/null 310s [p11_child[3305]] [main] (0x0400): p11_child started. 310s [p11_child[3305]] [main] (0x2000): Running in [pre-auth] mode. 310s [p11_child[3305]] [main] (0x2000): Running with effective IDs: [0][0]. 310s [p11_child[3305]] [main] (0x2000): Running with real IDs [0][0]. 310s [p11_child[3305]] [parse_cert_verify_opts] (0x0020): Found 'no_verification' option, disabling verification completely. This should not be used in production. 310s [p11_child[3305]] [do_card] (0x4000): Module List: 310s [p11_child[3305]] [do_card] (0x4000): common name: [softhsm2]. 310s [p11_child[3305]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 310s [p11_child[3305]] [do_card] (0x4000): Description [SoftHSM slot ID 0x6ee4b3f0] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 310s [p11_child[3305]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 310s [p11_child[3305]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x6ee4b3f0][1860482032] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 310s [p11_child[3305]] [do_card] (0x4000): Login NOT required. 310s [p11_child[3305]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 310s [p11_child[3305]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Interme Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 310s [p11_child[3305]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x6ee4b3f0;slot-manufacturer=SoftHSM%20project;slot-id=1860482032;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=67048c9ceee4b3f0;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 310s [p11_child[3305]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 310s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-m6N4Q8/SSSD-child-18784.output 310s + echo '-----BEGIN CERTIFICATE-----' 310s + tail -n1 /tmp/sssd-softhsm2-m6N4Q8/SSSD-child-18784.output 310s + echo '-----END CERTIFICATE-----' 310s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-m6N4Q8/SSSD-child-18784.pem 310s Certificate: 310s Data: 310s Version: 3 (0x2) 310s Serial Number: 4 (0x4) 310s Signature Algorithm: sha256WithRSAEncryption 310s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 310s Validity 310s Not Before: Mar 16 12:37:17 2024 GMT 310s Not After : Mar 16 12:37:17 2025 GMT 310s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 310s Subject Public Key Info: 310s Public Key Algorithm: rsaEncryption 310s Public-Key: (1024 bit) 310s Modulus: 310s 00:a6:a9:64:cc:8c:f0:a3:49:5a:e3:7a:f8:8c:ca: 310s 7b:d6:88:d8:db:c9:98:d5:46:00:eb:6e:34:df:97: 310s 8d:7a:30:fe:01:63:12:2c:81:90:3e:d1:89:6b:5a: 310s 5c:8d:1c:52:fb:3e:79:b2:81:01:4e:60:62:fc:7d: 310s dc:7c:b1:78:a5:7b:20:9a:81:04:0e:f6:b1:b5:ab: 310s 2f:5f:1b:b7:7a:9d:eb:6d:dc:f2:45:48:f2:94:a9: 310s c0:eb:c2:43:7e:9f:cc:04:ae:c7:dd:30:33:8c:32: 310s 74:15:b6:72:17:e0:38:69:73:31:e5:26:9f:3b:4d: 310s 20:0f:ef:27:58:aa:72:ab:41 310s Exponent: 65537 (0x10001) 310s X509v3 extensions: 310s X509v3 Authority Key Identifier: 310s 95:01:E1:5E:6A:AD:4E:14:90:70:01:A9:C0:A9:94:28:46:F9:B0:AF 310s X509v3 Basic Constraints: 310s CA:FALSE 310s Netscape Cert Type: 310s SSL Client, S/MIME 310s Netscape Comment: 310s Test Organization Intermediate CA trusted Certificate 310s X509v3 Subject Key Identifier: 310s 09:9F:D3:C6:7E:A9:C8:44:85:FE:92:C7:F9:A4:43:F1:B2:06:0B:02 310s X509v3 Key Usage: critical 310s Digital Signature, Non Repudiation, Key Encipherment 310s X509v3 Extended Key Usage: 310s TLS Web Client Authentication, E-mail Protection 310s X509v3 Subject Alternative Name: 310s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 310s Signature Algorithm: sha256WithRSAEncryption 310s Signature Value: 310s 6e:66:38:6e:5e:77:41:45:61:61:df:58:7b:d6:13:4f:91:b5: 310s 96:42:2f:17:65:25:3b:e2:d4:50:b4:14:84:2d:54:eb:d0:55: 310s 4b:d3:3e:9c:d4:0a:45:b1:37:5c:f8:24:a5:39:69:4b:cc:af: 310s d9:7b:b5:45:ee:d4:cc:6a:d2:48:c0:ce:f7:c5:7e:65:99:57: 310s 67:ae:9f:00:b3:80:7c:8d:56:82:79:22:37:ed:59:95:cf:d6: 310s 50:6e:7e:7a:6a:55:93:66:d6:72:e7:41:2f:1e:e1:ac:bd:f4: 310s 84:3b:96:2a:0d:e5:df:38:c5:87:bf:87:47:32:70:a2:98:7d: 310s 91:ec 310s + local found_md5 expected_md5 310s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-m6N4Q8/test-intermediate-CA-trusted-certificate-0001.pem 310s + expected_md5=Modulus=A6A964CC8CF0A3495AE37AF88CCA7BD688D8DBC998D54600EB6E34DF978D7A30FE0163122C81903ED1896B5A5C8D1C52FB3E79B281014E6062FC7DDC7CB178A57B209A81040EF6B1B5AB2F5F1BB77A9DEB6DDCF24548F294A9C0EBC2437E9FCC04AEC7DD30338C327415B67217E038697331E5269F3B4D200FEF2758AA72AB41 310s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-m6N4Q8/SSSD-child-18784.pem 310s + found_md5=Modulus=A6A964CC8CF0A3495AE37AF88CCA7BD688D8DBC998D54600EB6E34DF978D7A30FE0163122C81903ED1896B5A5C8D1C52FB3E79B281014E6062FC7DDC7CB178A57B209A81040EF6B1B5AB2F5F1BB77A9DEB6DDCF24548F294A9C0EBC2437E9FCC04AEC7DD30338C327415B67217E038697331E5269F3B4D200FEF2758AA72AB41 310s + '[' Modulus=A6A964CC8CF0A3495AE37AF88CCA7BD688D8DBC998D54600EB6E34DF978D7A30FE0163122C81903ED1896B5A5C8D1C52FB3E79B281014E6062FC7DDC7CB178A57B209A81040EF6B1B5AB2F5F1BB77A9DEB6DDCF24548F294A9C0EBC2437E9FCC04AEC7DD30338C327415B67217E038697331E5269F3B4D200FEF2758AA72AB41 '!=' Modulus=A6A964CC8CF0A3495AE37AF88CCA7BD688D8DBC998D54600EB6E34DF978D7A30FE0163122C81903ED1896B5A5C8D1C52FB3E79B281014E6062FC7DDC7CB178A57B209A81040EF6B1B5AB2F5F1BB77A9DEB6DDCF24548F294A9C0EBC2437E9FCC04AEC7DD30338C327415B67217E038697331E5269F3B4D200FEF2758AA72AB41 ']' 310s + output_file=/tmp/sssd-softhsm2-m6N4Q8/SSSD-child-18784-auth.output 310s ++ basename /tmp/sssd-softhsm2-m6N4Q8/SSSD-child-18784-auth.output .output 310s + output_cert_file=/tmp/sssd-softhsm2-m6N4Q8/SSSD-child-18784-auth.pem 310s + echo -n 053350 310s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/dev/null --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=no_verification --token_name 'Test Organization Interme Token' --module_name /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so 310s [p11_child[3313]] [main] (0x0400): p11_child started. 310s [p11_child[3313]] [main] (0x2000): Running in [auth] mode. 310s [p11_child[3313]] [main] (0x2000): Running with effective IDs: [0][0]. 310s [p11_child[3313]] [main] (0x2000): Running with real IDs [0][0]. 310s [p11_child[3313]] [parse_cert_verify_opts] (0x0020): Found 'no_verification' option, disabling verification completely. This should not be used in production. 310s [p11_child[3313]] [do_card] (0x4000): Module List: 310s [p11_child[3313]] [do_card] (0x4000): common name: [softhsm2]. 310s [p11_child[3313]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 310s [p11_child[3313]] [do_card] (0x4000): Description [SoftHSM slot ID 0x6ee4b3f0] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 310s [p11_child[3313]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 310s [p11_child[3313]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x6ee4b3f0][1860482032] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 310s [p11_child[3313]] [do_card] (0x4000): Login required. 310s [p11_child[3313]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 310s [p11_child[3313]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so Test Organization Interme Token Test Organization Interme Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 310s [p11_child[3313]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x6ee4b3f0;slot-manufacturer=SoftHSM%20project;slot-id=1860482032;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=67048c9ceee4b3f0;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 310s [p11_child[3313]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 310s [p11_child[3313]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 310s [p11_child[3313]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 310s [p11_child[3313]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 310s [p11_child[3313]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 310s [p11_child[3313]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 310s [p11_child[3313]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 310s [p11_child[3313]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 310s [p11_child[3313]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 310s [p11_child[3313]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 310s [p11_child[3313]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 310s [p11_child[3313]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 310s [p11_child[3313]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 310s [p11_child[3313]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 310s [p11_child[3313]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 310s [p11_child[3313]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 310s [p11_child[3313]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 310s [p11_child[3313]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 310s [p11_child[3313]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 310s [p11_child[3313]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 310s [p11_child[3313]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 310s [p11_child[3313]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 310s [p11_child[3313]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 310s [p11_child[3313]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 310s [p11_child[3313]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 310s [p11_child[3313]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 310s [p11_child[3313]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 310s [p11_child[3313]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 310s [p11_child[3313]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 310s [p11_child[3313]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 310s [p11_child[3313]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 310s [p11_child[3313]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 310s [p11_child[3313]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 310s [p11_child[3313]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 310s [p11_child[3313]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 310s [p11_child[3313]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 310s [p11_child[3313]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 310s [p11_child[3313]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 310s [p11_child[3313]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 310s [p11_child[3313]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 310s [p11_child[3313]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 310s [p11_child[3313]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 310s [p11_child[3313]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 310s [p11_child[3313]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 310s [p11_child[3313]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 310s [p11_child[3313]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 310s [p11_child[3313]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 310s [p11_child[3313]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 310s [p11_child[3313]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 310s [p11_child[3313]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 310s [p11_child[3313]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 310s [p11_child[3313]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 310s [p11_child[3313]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 310s [p11_child[3313]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 310s [p11_child[3313]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 310s [p11_child[3313]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 310s [p11_child[3313]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 310s [p11_child[3313]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 310s [p11_child[3313]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 310s [p11_child[3313]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 310s [p11_child[3313]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 310s [p11_child[3313]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 310s [p11_child[3313]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 310s [p11_child[3313]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 310s [p11_child[3313]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 310s [p11_child[3313]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 310s [p11_child[3313]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 310s [p11_child[3313]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 310s [p11_child[3313]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 310s [p11_child[3313]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 310s [p11_child[3313]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 310s [p11_child[3313]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 310s [p11_child[3313]] [do_card] (0x4000): Certificate verified and validated. 310s [p11_child[3313]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 310s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-m6N4Q8/SSSD-child-18784-auth.output 310s + echo '-----BEGIN CERTIFICATE-----' 310s + tail -n1 /tmp/sssd-softhsm2-m6N4Q8/SSSD-child-18784-auth.output 310s + echo '-----END CERTIFICATE-----' 310s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-m6N4Q8/SSSD-child-18784-auth.pem 311s Certificate: 311s Data: 311s Version: 3 (0x2) 311s Serial Number: 4 (0x4) 311s Signature Algorithm: sha256WithRSAEncryption 311s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 311s Validity 311s Not Before: Mar 16 12:37:17 2024 GMT 311s Not After : Mar 16 12:37:17 2025 GMT 311s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 311s Subject Public Key Info: 311s Public Key Algorithm: rsaEncryption 311s Public-Key: (1024 bit) 311s Modulus: 311s 00:a6:a9:64:cc:8c:f0:a3:49:5a:e3:7a:f8:8c:ca: 311s 7b:d6:88:d8:db:c9:98:d5:46:00:eb:6e:34:df:97: 311s 8d:7a:30:fe:01:63:12:2c:81:90:3e:d1:89:6b:5a: 311s 5c:8d:1c:52:fb:3e:79:b2:81:01:4e:60:62:fc:7d: 311s dc:7c:b1:78:a5:7b:20:9a:81:04:0e:f6:b1:b5:ab: 311s 2f:5f:1b:b7:7a:9d:eb:6d:dc:f2:45:48:f2:94:a9: 311s c0:eb:c2:43:7e:9f:cc:04:ae:c7:dd:30:33:8c:32: 311s 74:15:b6:72:17:e0:38:69:73:31:e5:26:9f:3b:4d: 311s 20:0f:ef:27:58:aa:72:ab:41 311s Exponent: 65537 (0x10001) 311s X509v3 extensions: 311s X509v3 Authority Key Identifier: 311s 95:01:E1:5E:6A:AD:4E:14:90:70:01:A9:C0:A9:94:28:46:F9:B0:AF 311s X509v3 Basic Constraints: 311s CA:FALSE 311s Netscape Cert Type: 311s SSL Client, S/MIME 311s Netscape Comment: 311s Test Organization Intermediate CA trusted Certificate 311s X509v3 Subject Key Identifier: 311s 09:9F:D3:C6:7E:A9:C8:44:85:FE:92:C7:F9:A4:43:F1:B2:06:0B:02 311s X509v3 Key Usage: critical 311s Digital Signature, Non Repudiation, Key Encipherment 311s X509v3 Extended Key Usage: 311s TLS Web Client Authentication, E-mail Protection 311s X509v3 Subject Alternative Name: 311s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 311s Signature Algorithm: sha256WithRSAEncryption 311s Signature Value: 311s 6e:66:38:6e:5e:77:41:45:61:61:df:58:7b:d6:13:4f:91:b5: 311s 96:42:2f:17:65:25:3b:e2:d4:50:b4:14:84:2d:54:eb:d0:55: 311s 4b:d3:3e:9c:d4:0a:45:b1:37:5c:f8:24:a5:39:69:4b:cc:af: 311s d9:7b:b5:45:ee:d4:cc:6a:d2:48:c0:ce:f7:c5:7e:65:99:57: 311s 67:ae:9f:00:b3:80:7c:8d:56:82:79:22:37:ed:59:95:cf:d6: 311s 50:6e:7e:7a:6a:55:93:66:d6:72:e7:41:2f:1e:e1:ac:bd:f4: 311s 84:3b:96:2a:0d:e5:df:38:c5:87:bf:87:47:32:70:a2:98:7d: 311s 91:ec 311s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-m6N4Q8/SSSD-child-18784-auth.pem 311s + found_md5=Modulus=A6A964CC8CF0A3495AE37AF88CCA7BD688D8DBC998D54600EB6E34DF978D7A30FE0163122C81903ED1896B5A5C8D1C52FB3E79B281014E6062FC7DDC7CB178A57B209A81040EF6B1B5AB2F5F1BB77A9DEB6DDCF24548F294A9C0EBC2437E9FCC04AEC7DD30338C327415B67217E038697331E5269F3B4D200FEF2758AA72AB41 311s + '[' Modulus=A6A964CC8CF0A3495AE37AF88CCA7BD688D8DBC998D54600EB6E34DF978D7A30FE0163122C81903ED1896B5A5C8D1C52FB3E79B281014E6062FC7DDC7CB178A57B209A81040EF6B1B5AB2F5F1BB77A9DEB6DDCF24548F294A9C0EBC2437E9FCC04AEC7DD30338C327415B67217E038697331E5269F3B4D200FEF2758AA72AB41 '!=' Modulus=A6A964CC8CF0A3495AE37AF88CCA7BD688D8DBC998D54600EB6E34DF978D7A30FE0163122C81903ED1896B5A5C8D1C52FB3E79B281014E6062FC7DDC7CB178A57B209A81040EF6B1B5AB2F5F1BB77A9DEB6DDCF24548F294A9C0EBC2437E9FCC04AEC7DD30338C327415B67217E038697331E5269F3B4D200FEF2758AA72AB41 ']' 311s + invalid_certificate /tmp/sssd-softhsm2-m6N4Q8/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-19449 /tmp/sssd-softhsm2-m6N4Q8/test-root-CA.pem 311s + check_certificate /tmp/sssd-softhsm2-m6N4Q8/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-19449 /tmp/sssd-softhsm2-m6N4Q8/test-root-CA.pem 311s + local certificate=/tmp/sssd-softhsm2-m6N4Q8/test-intermediate-CA-trusted-certificate-0001.pem 311s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-19449 311s + local key_ring=/tmp/sssd-softhsm2-m6N4Q8/test-root-CA.pem 311s + local verify_option= 311s + prepare_softhsm2_card /tmp/sssd-softhsm2-m6N4Q8/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-19449 311s + local certificate=/tmp/sssd-softhsm2-m6N4Q8/test-intermediate-CA-trusted-certificate-0001.pem 311s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-19449 311s + local key_cn 311s + local key_name 311s + local tokens_dir 311s + local output_cert_file 311s + token_name= 311s ++ basename /tmp/sssd-softhsm2-m6N4Q8/test-intermediate-CA-trusted-certificate-0001.pem .pem 311s + key_name=test-intermediate-CA-trusted-certificate-0001 311s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-m6N4Q8/test-intermediate-CA-trusted-certificate-0001.pem 311s ++ sed -n 's/ *commonName *= //p' 311s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 311s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 311s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-m6N4Q8/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 311s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-m6N4Q8/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 311s ++ basename /tmp/sssd-softhsm2-m6N4Q8/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 311s + tokens_dir=/tmp/sssd-softhsm2-m6N4Q8/softhsm2-test-intermediate-CA-trusted-certificate-0001 311s + token_name='Test Organization Interme Token' 311s + '[' '!' -e /tmp/sssd-softhsm2-m6N4Q8/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 311s + '[' '!' -d /tmp/sssd-softhsm2-m6N4Q8/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 311s Test Organization Interme Token 311s + echo 'Test Organization Interme Token' 311s + '[' -n '' ']' 311s + local output_base_name=SSSD-child-24387 311s + local output_file=/tmp/sssd-softhsm2-m6N4Q8/SSSD-child-24387.output 311s + output_cert_file=/tmp/sssd-softhsm2-m6N4Q8/SSSD-child-24387.pem 311s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-m6N4Q8/test-root-CA.pem 311s [p11_child[3323]] [main] (0x0400): p11_child started. 311s [p11_child[3323]] [main] (0x2000): Running in [pre-auth] mode. 311s [p11_child[3323]] [main] (0x2000): Running with effective IDs: [0][0]. 311s [p11_child[3323]] [main] (0x2000): Running with real IDs [0][0]. 311s [p11_child[3323]] [do_card] (0x4000): Module List: 311s [p11_child[3323]] [do_card] (0x4000): common name: [softhsm2]. 311s [p11_child[3323]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 311s [p11_child[3323]] [do_card] (0x4000): Description [SoftHSM slot ID 0x6ee4b3f0] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 311s [p11_child[3323]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 311s [p11_child[3323]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x6ee4b3f0][1860482032] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 311s [p11_child[3323]] [do_card] (0x4000): Login NOT required. 311s [p11_child[3323]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 311s [p11_child[3323]] [do_verification] (0x0040): X509_verify_cert failed [0]. 311s [p11_child[3323]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 311s [p11_child[3323]] [read_certs] (0x0040): Certificate [Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] not valid, skipping. 311s [p11_child[3323]] [do_card] (0x4000): No certificate found. 311s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-m6N4Q8/SSSD-child-24387.output 311s + return 2 311s + invalid_certificate /tmp/sssd-softhsm2-m6N4Q8/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-19449 /tmp/sssd-softhsm2-m6N4Q8/test-root-CA.pem partial_chain 311s + check_certificate /tmp/sssd-softhsm2-m6N4Q8/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-19449 /tmp/sssd-softhsm2-m6N4Q8/test-root-CA.pem partial_chain 311s + local certificate=/tmp/sssd-softhsm2-m6N4Q8/test-intermediate-CA-trusted-certificate-0001.pem 311s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-19449 311s + local key_ring=/tmp/sssd-softhsm2-m6N4Q8/test-root-CA.pem 311s + local verify_option=partial_chain 311s + prepare_softhsm2_card /tmp/sssd-softhsm2-m6N4Q8/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-19449 311s + local certificate=/tmp/sssd-softhsm2-m6N4Q8/test-intermediate-CA-trusted-certificate-0001.pem 311s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-19449 311s + local key_cn 311s + local key_name 311s + local tokens_dir 311s + local output_cert_file 311s + token_name= 311s ++ basename /tmp/sssd-softhsm2-m6N4Q8/test-intermediate-CA-trusted-certificate-0001.pem .pem 311s + key_name=test-intermediate-CA-trusted-certificate-0001 311s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-m6N4Q8/test-intermediate-CA-trusted-certificate-0001.pem 311s ++ sed -n 's/ *commonName *= //p' 311s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 311s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 311s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-m6N4Q8/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 311s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-m6N4Q8/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 311s ++ basename /tmp/sssd-softhsm2-m6N4Q8/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 311s + tokens_dir=/tmp/sssd-softhsm2-m6N4Q8/softhsm2-test-intermediate-CA-trusted-certificate-0001 311s + token_name='Test Organization Interme Token' 311s + '[' '!' -e /tmp/sssd-softhsm2-m6N4Q8/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 311s + '[' '!' -d /tmp/sssd-softhsm2-m6N4Q8/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 311s + echo 'Test Organization Interme Token' 311s + '[' -n partial_chain ']' 311s + local verify_arg=--verify=partial_chain 311s + local output_base_name=SSSD-child-26557 311s + local output_file=/tmp/sssd-softhsm2-m6N4Q8/SSSD-child-26557.output 311s + output_cert_file=/tmp/sssd-softhsm2-m6N4Q8/SSSD-child-26557.pem 311s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-m6N4Q8/test-root-CA.pem 311s Test Organization Interme Token 311s [p11_child[3330]] [main] (0x0400): p11_child started. 311s [p11_child[3330]] [main] (0x2000): Running in [pre-auth] mode. 311s [p11_child[3330]] [main] (0x2000): Running with effective IDs: [0][0]. 311s [p11_child[3330]] [main] (0x2000): Running with real IDs [0][0]. 311s [p11_child[3330]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 311s [p11_child[3330]] [do_card] (0x4000): Module List: 311s [p11_child[3330]] [do_card] (0x4000): common name: [softhsm2]. 311s [p11_child[3330]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 311s [p11_child[3330]] [do_card] (0x4000): Description [SoftHSM slot ID 0x6ee4b3f0] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 311s [p11_child[3330]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 311s [p11_child[3330]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x6ee4b3f0][1860482032] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 311s [p11_child[3330]] [do_card] (0x4000): Login NOT required. 311s [p11_child[3330]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 311s [p11_child[3330]] [do_verification] (0x0040): X509_verify_cert failed [0]. 311s [p11_child[3330]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 311s [p11_child[3330]] [read_certs] (0x0040): Certificate [Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] not valid, skipping. 311s [p11_child[3330]] [do_card] (0x4000): No certificate found. 311s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-m6N4Q8/SSSD-child-26557.output 311s + return 2 311s + valid_certificate /tmp/sssd-softhsm2-m6N4Q8/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-19449 /tmp/sssd-softhsm2-m6N4Q8/test-full-chain-CA.pem 311s + check_certificate /tmp/sssd-softhsm2-m6N4Q8/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-19449 /tmp/sssd-softhsm2-m6N4Q8/test-full-chain-CA.pem 311s + local certificate=/tmp/sssd-softhsm2-m6N4Q8/test-intermediate-CA-trusted-certificate-0001.pem 311s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-19449 311s + local key_ring=/tmp/sssd-softhsm2-m6N4Q8/test-full-chain-CA.pem 311s + local verify_option= 311s + prepare_softhsm2_card /tmp/sssd-softhsm2-m6N4Q8/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-19449 311s + local certificate=/tmp/sssd-softhsm2-m6N4Q8/test-intermediate-CA-trusted-certificate-0001.pem 311s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-19449 311s + local key_cn 311s + local key_name 311s + local tokens_dir 311s + local output_cert_file 311s + token_name= 311s ++ basename /tmp/sssd-softhsm2-m6N4Q8/test-intermediate-CA-trusted-certificate-0001.pem .pem 311s + key_name=test-intermediate-CA-trusted-certificate-0001 311s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-m6N4Q8/test-intermediate-CA-trusted-certificate-0001.pem 311s ++ sed -n 's/ *commonName *= //p' 311s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 311s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 311s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-m6N4Q8/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 311s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-m6N4Q8/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 311s ++ basename /tmp/sssd-softhsm2-m6N4Q8/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 311s + tokens_dir=/tmp/sssd-softhsm2-m6N4Q8/softhsm2-test-intermediate-CA-trusted-certificate-0001 311s + token_name='Test Organization Interme Token' 311s Test Organization Interme Token 311s + '[' '!' -e /tmp/sssd-softhsm2-m6N4Q8/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 311s + '[' '!' -d /tmp/sssd-softhsm2-m6N4Q8/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 311s + echo 'Test Organization Interme Token' 311s + '[' -n '' ']' 311s + local output_base_name=SSSD-child-20326 311s + local output_file=/tmp/sssd-softhsm2-m6N4Q8/SSSD-child-20326.output 311s + output_cert_file=/tmp/sssd-softhsm2-m6N4Q8/SSSD-child-20326.pem 311s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-m6N4Q8/test-full-chain-CA.pem 311s [p11_child[3337]] [main] (0x0400): p11_child started. 311s [p11_child[3337]] [main] (0x2000): Running in [pre-auth] mode. 311s [p11_child[3337]] [main] (0x2000): Running with effective IDs: [0][0]. 311s [p11_child[3337]] [main] (0x2000): Running with real IDs [0][0]. 311s [p11_child[3337]] [do_card] (0x4000): Module List: 311s [p11_child[3337]] [do_card] (0x4000): common name: [softhsm2]. 311s [p11_child[3337]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 311s [p11_child[3337]] [do_card] (0x4000): Description [SoftHSM slot ID 0x6ee4b3f0] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 311s [p11_child[3337]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 311s [p11_child[3337]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x6ee4b3f0][1860482032] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 311s [p11_child[3337]] [do_card] (0x4000): Login NOT required. 311s [p11_child[3337]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 311s [p11_child[3337]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 311s [p11_child[3337]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Interme Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 311s [p11_child[3337]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x6ee4b3f0;slot-manufacturer=SoftHSM%20project;slot-id=1860482032;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=67048c9ceee4b3f0;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 311s [p11_child[3337]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 311s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-m6N4Q8/SSSD-child-20326.output 311s + echo '-----BEGIN CERTIFICATE-----' 311s + tail -n1 /tmp/sssd-softhsm2-m6N4Q8/SSSD-child-20326.output 311s + echo '-----END CERTIFICATE-----' 311s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-m6N4Q8/SSSD-child-20326.pem 311s Certificate: 311s Data: 311s Version: 3 (0x2) 311s Serial Number: 4 (0x4) 311s Signature Algorithm: sha256WithRSAEncryption 311s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 311s Validity 311s Not Before: Mar 16 12:37:17 2024 GMT 311s Not After : Mar 16 12:37:17 2025 GMT 311s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 311s Subject Public Key Info: 311s Public Key Algorithm: rsaEncryption 311s Public-Key: (1024 bit) 311s Modulus: 311s 00:a6:a9:64:cc:8c:f0:a3:49:5a:e3:7a:f8:8c:ca: 311s 7b:d6:88:d8:db:c9:98:d5:46:00:eb:6e:34:df:97: 311s 8d:7a:30:fe:01:63:12:2c:81:90:3e:d1:89:6b:5a: 311s 5c:8d:1c:52:fb:3e:79:b2:81:01:4e:60:62:fc:7d: 311s dc:7c:b1:78:a5:7b:20:9a:81:04:0e:f6:b1:b5:ab: 311s 2f:5f:1b:b7:7a:9d:eb:6d:dc:f2:45:48:f2:94:a9: 311s c0:eb:c2:43:7e:9f:cc:04:ae:c7:dd:30:33:8c:32: 311s 74:15:b6:72:17:e0:38:69:73:31:e5:26:9f:3b:4d: 311s 20:0f:ef:27:58:aa:72:ab:41 311s Exponent: 65537 (0x10001) 311s X509v3 extensions: 311s X509v3 Authority Key Identifier: 311s 95:01:E1:5E:6A:AD:4E:14:90:70:01:A9:C0:A9:94:28:46:F9:B0:AF 311s X509v3 Basic Constraints: 311s CA:FALSE 311s Netscape Cert Type: 311s SSL Client, S/MIME 311s Netscape Comment: 311s Test Organization Intermediate CA trusted Certificate 311s X509v3 Subject Key Identifier: 311s 09:9F:D3:C6:7E:A9:C8:44:85:FE:92:C7:F9:A4:43:F1:B2:06:0B:02 311s X509v3 Key Usage: critical 311s Digital Signature, Non Repudiation, Key Encipherment 311s X509v3 Extended Key Usage: 311s TLS Web Client Authentication, E-mail Protection 311s X509v3 Subject Alternative Name: 311s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 311s Signature Algorithm: sha256WithRSAEncryption 311s Signature Value: 311s 6e:66:38:6e:5e:77:41:45:61:61:df:58:7b:d6:13:4f:91:b5: 311s 96:42:2f:17:65:25:3b:e2:d4:50:b4:14:84:2d:54:eb:d0:55: 311s 4b:d3:3e:9c:d4:0a:45:b1:37:5c:f8:24:a5:39:69:4b:cc:af: 311s d9:7b:b5:45:ee:d4:cc:6a:d2:48:c0:ce:f7:c5:7e:65:99:57: 311s 67:ae:9f:00:b3:80:7c:8d:56:82:79:22:37:ed:59:95:cf:d6: 311s 50:6e:7e:7a:6a:55:93:66:d6:72:e7:41:2f:1e:e1:ac:bd:f4: 311s 84:3b:96:2a:0d:e5:df:38:c5:87:bf:87:47:32:70:a2:98:7d: 311s 91:ec 311s + local found_md5 expected_md5 311s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-m6N4Q8/test-intermediate-CA-trusted-certificate-0001.pem 311s + expected_md5=Modulus=A6A964CC8CF0A3495AE37AF88CCA7BD688D8DBC998D54600EB6E34DF978D7A30FE0163122C81903ED1896B5A5C8D1C52FB3E79B281014E6062FC7DDC7CB178A57B209A81040EF6B1B5AB2F5F1BB77A9DEB6DDCF24548F294A9C0EBC2437E9FCC04AEC7DD30338C327415B67217E038697331E5269F3B4D200FEF2758AA72AB41 311s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-m6N4Q8/SSSD-child-20326.pem 311s + found_md5=Modulus=A6A964CC8CF0A3495AE37AF88CCA7BD688D8DBC998D54600EB6E34DF978D7A30FE0163122C81903ED1896B5A5C8D1C52FB3E79B281014E6062FC7DDC7CB178A57B209A81040EF6B1B5AB2F5F1BB77A9DEB6DDCF24548F294A9C0EBC2437E9FCC04AEC7DD30338C327415B67217E038697331E5269F3B4D200FEF2758AA72AB41 311s + '[' Modulus=A6A964CC8CF0A3495AE37AF88CCA7BD688D8DBC998D54600EB6E34DF978D7A30FE0163122C81903ED1896B5A5C8D1C52FB3E79B281014E6062FC7DDC7CB178A57B209A81040EF6B1B5AB2F5F1BB77A9DEB6DDCF24548F294A9C0EBC2437E9FCC04AEC7DD30338C327415B67217E038697331E5269F3B4D200FEF2758AA72AB41 '!=' Modulus=A6A964CC8CF0A3495AE37AF88CCA7BD688D8DBC998D54600EB6E34DF978D7A30FE0163122C81903ED1896B5A5C8D1C52FB3E79B281014E6062FC7DDC7CB178A57B209A81040EF6B1B5AB2F5F1BB77A9DEB6DDCF24548F294A9C0EBC2437E9FCC04AEC7DD30338C327415B67217E038697331E5269F3B4D200FEF2758AA72AB41 ']' 311s + output_file=/tmp/sssd-softhsm2-m6N4Q8/SSSD-child-20326-auth.output 311s ++ basename /tmp/sssd-softhsm2-m6N4Q8/SSSD-child-20326-auth.output .output 311s + output_cert_file=/tmp/sssd-softhsm2-m6N4Q8/SSSD-child-20326-auth.pem 311s + echo -n 053350 311s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-m6N4Q8/test-full-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 '' --token_name 'Test Organization Interme Token' --module_name /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so 311s [p11_child[3345]] [main] (0x0400): p11_child started. 311s [p11_child[3345]] [main] (0x2000): Running in [auth] mode. 311s [p11_child[3345]] [main] (0x2000): Running with effective IDs: [0][0]. 311s [p11_child[3345]] [main] (0x2000): Running with real IDs [0][0]. 311s [p11_child[3345]] [do_card] (0x4000): Module List: 311s [p11_child[3345]] [do_card] (0x4000): common name: [softhsm2]. 311s [p11_child[3345]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 311s [p11_child[3345]] [do_card] (0x4000): Description [SoftHSM slot ID 0x6ee4b3f0] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 311s [p11_child[3345]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 311s [p11_child[3345]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x6ee4b3f0][1860482032] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 311s [p11_child[3345]] [do_card] (0x4000): Login required. 311s [p11_child[3345]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 311s [p11_child[3345]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 311s [p11_child[3345]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so Test Organization Interme Token Test Organization Interme Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 311s [p11_child[3345]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x6ee4b3f0;slot-manufacturer=SoftHSM%20project;slot-id=1860482032;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=67048c9ceee4b3f0;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 311s [p11_child[3345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 311s [p11_child[3345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 311s [p11_child[3345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 311s [p11_child[3345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 311s [p11_child[3345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 311s [p11_child[3345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 311s [p11_child[3345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 311s [p11_child[3345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 311s [p11_child[3345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 311s [p11_child[3345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 311s [p11_child[3345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 311s [p11_child[3345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 311s [p11_child[3345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 311s [p11_child[3345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 311s [p11_child[3345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 311s [p11_child[3345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 311s [p11_child[3345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 311s [p11_child[3345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 311s [p11_child[3345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 311s [p11_child[3345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 311s [p11_child[3345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 311s [p11_child[3345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 311s [p11_child[3345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 311s [p11_child[3345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 311s [p11_child[3345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 311s [p11_child[3345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 311s [p11_child[3345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 311s [p11_child[3345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 311s [p11_child[3345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 311s [p11_child[3345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 311s [p11_child[3345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 311s [p11_child[3345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 311s [p11_child[3345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 311s [p11_child[3345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 311s [p11_child[3345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 311s [p11_child[3345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 311s [p11_child[3345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 311s [p11_child[3345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 311s [p11_child[3345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 311s [p11_child[3345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 311s [p11_child[3345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 311s [p11_child[3345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 311s [p11_child[3345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 311s [p11_child[3345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 311s [p11_child[3345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 311s [p11_child[3345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 311s [p11_child[3345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 311s [p11_child[3345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 311s [p11_child[3345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 311s [p11_child[3345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 311s [p11_child[3345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 311s [p11_child[3345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 311s [p11_child[3345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 311s [p11_child[3345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 311s [p11_child[3345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 311s [p11_child[3345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 311s [p11_child[3345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 311s [p11_child[3345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 311s [p11_child[3345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 311s [p11_child[3345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 311s [p11_child[3345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 311s [p11_child[3345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 311s [p11_child[3345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 311s [p11_child[3345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 311s [p11_child[3345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 311s [p11_child[3345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 311s [p11_child[3345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 311s [p11_child[3345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 311s [p11_child[3345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 311s [p11_child[3345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 311s [p11_child[3345]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 311s [p11_child[3345]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 311s [p11_child[3345]] [do_card] (0x4000): Certificate verified and validated. 311s [p11_child[3345]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 311s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-m6N4Q8/SSSD-child-20326-auth.output 311s + echo '-----BEGIN CERTIFICATE-----' 311s + tail -n1 /tmp/sssd-softhsm2-m6N4Q8/SSSD-child-20326-auth.output 311s + echo '-----END CERTIFICATE-----' 311s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-m6N4Q8/SSSD-child-20326-auth.pem 311s Certificate: 311s Data: 311s Version: 3 (0x2) 311s Serial Number: 4 (0x4) 311s Signature Algorithm: sha256WithRSAEncryption 311s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 311s Validity 311s Not Before: Mar 16 12:37:17 2024 GMT 311s Not After : Mar 16 12:37:17 2025 GMT 311s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 311s Subject Public Key Info: 311s Public Key Algorithm: rsaEncryption 311s Public-Key: (1024 bit) 311s Modulus: 311s 00:a6:a9:64:cc:8c:f0:a3:49:5a:e3:7a:f8:8c:ca: 311s 7b:d6:88:d8:db:c9:98:d5:46:00:eb:6e:34:df:97: 311s 8d:7a:30:fe:01:63:12:2c:81:90:3e:d1:89:6b:5a: 311s 5c:8d:1c:52:fb:3e:79:b2:81:01:4e:60:62:fc:7d: 311s dc:7c:b1:78:a5:7b:20:9a:81:04:0e:f6:b1:b5:ab: 311s 2f:5f:1b:b7:7a:9d:eb:6d:dc:f2:45:48:f2:94:a9: 311s c0:eb:c2:43:7e:9f:cc:04:ae:c7:dd:30:33:8c:32: 311s 74:15:b6:72:17:e0:38:69:73:31:e5:26:9f:3b:4d: 311s 20:0f:ef:27:58:aa:72:ab:41 311s Exponent: 65537 (0x10001) 311s X509v3 extensions: 311s X509v3 Authority Key Identifier: 311s 95:01:E1:5E:6A:AD:4E:14:90:70:01:A9:C0:A9:94:28:46:F9:B0:AF 311s X509v3 Basic Constraints: 311s CA:FALSE 311s Netscape Cert Type: 311s SSL Client, S/MIME 311s Netscape Comment: 311s Test Organization Intermediate CA trusted Certificate 311s X509v3 Subject Key Identifier: 311s 09:9F:D3:C6:7E:A9:C8:44:85:FE:92:C7:F9:A4:43:F1:B2:06:0B:02 311s X509v3 Key Usage: critical 311s Digital Signature, Non Repudiation, Key Encipherment 311s X509v3 Extended Key Usage: 311s TLS Web Client Authentication, E-mail Protection 311s X509v3 Subject Alternative Name: 311s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 311s Signature Algorithm: sha256WithRSAEncryption 311s Signature Value: 311s 6e:66:38:6e:5e:77:41:45:61:61:df:58:7b:d6:13:4f:91:b5: 311s 96:42:2f:17:65:25:3b:e2:d4:50:b4:14:84:2d:54:eb:d0:55: 311s 4b:d3:3e:9c:d4:0a:45:b1:37:5c:f8:24:a5:39:69:4b:cc:af: 311s d9:7b:b5:45:ee:d4:cc:6a:d2:48:c0:ce:f7:c5:7e:65:99:57: 311s 67:ae:9f:00:b3:80:7c:8d:56:82:79:22:37:ed:59:95:cf:d6: 311s 50:6e:7e:7a:6a:55:93:66:d6:72:e7:41:2f:1e:e1:ac:bd:f4: 311s 84:3b:96:2a:0d:e5:df:38:c5:87:bf:87:47:32:70:a2:98:7d: 311s 91:ec 311s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-m6N4Q8/SSSD-child-20326-auth.pem 311s + found_md5=Modulus=A6A964CC8CF0A3495AE37AF88CCA7BD688D8DBC998D54600EB6E34DF978D7A30FE0163122C81903ED1896B5A5C8D1C52FB3E79B281014E6062FC7DDC7CB178A57B209A81040EF6B1B5AB2F5F1BB77A9DEB6DDCF24548F294A9C0EBC2437E9FCC04AEC7DD30338C327415B67217E038697331E5269F3B4D200FEF2758AA72AB41 311s + '[' Modulus=A6A964CC8CF0A3495AE37AF88CCA7BD688D8DBC998D54600EB6E34DF978D7A30FE0163122C81903ED1896B5A5C8D1C52FB3E79B281014E6062FC7DDC7CB178A57B209A81040EF6B1B5AB2F5F1BB77A9DEB6DDCF24548F294A9C0EBC2437E9FCC04AEC7DD30338C327415B67217E038697331E5269F3B4D200FEF2758AA72AB41 '!=' Modulus=A6A964CC8CF0A3495AE37AF88CCA7BD688D8DBC998D54600EB6E34DF978D7A30FE0163122C81903ED1896B5A5C8D1C52FB3E79B281014E6062FC7DDC7CB178A57B209A81040EF6B1B5AB2F5F1BB77A9DEB6DDCF24548F294A9C0EBC2437E9FCC04AEC7DD30338C327415B67217E038697331E5269F3B4D200FEF2758AA72AB41 ']' 311s + valid_certificate /tmp/sssd-softhsm2-m6N4Q8/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-19449 /tmp/sssd-softhsm2-m6N4Q8/test-full-chain-CA.pem partial_chain 311s + check_certificate /tmp/sssd-softhsm2-m6N4Q8/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-19449 /tmp/sssd-softhsm2-m6N4Q8/test-full-chain-CA.pem partial_chain 311s + local certificate=/tmp/sssd-softhsm2-m6N4Q8/test-intermediate-CA-trusted-certificate-0001.pem 311s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-19449 311s + local key_ring=/tmp/sssd-softhsm2-m6N4Q8/test-full-chain-CA.pem 311s + local verify_option=partial_chain 311s + prepare_softhsm2_card /tmp/sssd-softhsm2-m6N4Q8/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-19449 311s + local certificate=/tmp/sssd-softhsm2-m6N4Q8/test-intermediate-CA-trusted-certificate-0001.pem 311s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-19449 311s + local key_cn 311s + local key_name 311s + local tokens_dir 311s + local output_cert_file 311s + token_name= 311s ++ basename /tmp/sssd-softhsm2-m6N4Q8/test-intermediate-CA-trusted-certificate-0001.pem .pem 311s + key_name=test-intermediate-CA-trusted-certificate-0001 311s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-m6N4Q8/test-intermediate-CA-trusted-certificate-0001.pem 311s ++ sed -n 's/ *commonName *= //p' 311s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 311s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 311s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-m6N4Q8/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 311s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-m6N4Q8/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 311s ++ basename /tmp/sssd-softhsm2-m6N4Q8/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 311s + tokens_dir=/tmp/sssd-softhsm2-m6N4Q8/softhsm2-test-intermediate-CA-trusted-certificate-0001 311s + token_name='Test Organization Interme Token' 311s + '[' '!' -e /tmp/sssd-softhsm2-m6N4Q8/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 311s + '[' '!' -d /tmp/sssd-softhsm2-m6N4Q8/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 311s + echo 'Test Organization Interme Token' 311s + '[' -n partial_chain ']' 311s + local verify_arg=--verify=partial_chain 311s + local output_base_name=SSSD-child-5257 311s + local output_file=/tmp/sssd-softhsm2-m6N4Q8/SSSD-child-5257.output 311s + output_cert_file=/tmp/sssd-softhsm2-m6N4Q8/SSSD-child-5257.pem 311s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-m6N4Q8/test-full-chain-CA.pem 311s Test Organization Interme Token 311s [p11_child[3355]] [main] (0x0400): p11_child started. 311s [p11_child[3355]] [main] (0x2000): Running in [pre-auth] mode. 311s [p11_child[3355]] [main] (0x2000): Running with effective IDs: [0][0]. 311s [p11_child[3355]] [main] (0x2000): Running with real IDs [0][0]. 311s [p11_child[3355]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 311s [p11_child[3355]] [do_card] (0x4000): Module List: 311s [p11_child[3355]] [do_card] (0x4000): common name: [softhsm2]. 311s [p11_child[3355]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 311s [p11_child[3355]] [do_card] (0x4000): Description [SoftHSM slot ID 0x6ee4b3f0] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 311s [p11_child[3355]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 311s [p11_child[3355]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x6ee4b3f0][1860482032] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 311s [p11_child[3355]] [do_card] (0x4000): Login NOT required. 311s [p11_child[3355]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 311s [p11_child[3355]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 311s [p11_child[3355]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Interme Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 311s [p11_child[3355]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x6ee4b3f0;slot-manufacturer=SoftHSM%20project;slot-id=1860482032;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=67048c9ceee4b3f0;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 311s [p11_child[3355]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 311s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-m6N4Q8/SSSD-child-5257.output 311s + echo '-----BEGIN CERTIFICATE-----' 311s + tail -n1 /tmp/sssd-softhsm2-m6N4Q8/SSSD-child-5257.output 311s + echo '-----END CERTIFICATE-----' 311s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-m6N4Q8/SSSD-child-5257.pem 311s Certificate: 311s Data: 311s Version: 3 (0x2) 311s Serial Number: 4 (0x4) 311s Signature Algorithm: sha256WithRSAEncryption 311s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 311s Validity 311s Not Before: Mar 16 12:37:17 2024 GMT 311s Not After : Mar 16 12:37:17 2025 GMT 311s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 311s Subject Public Key Info: 311s Public Key Algorithm: rsaEncryption 311s Public-Key: (1024 bit) 311s Modulus: 311s 00:a6:a9:64:cc:8c:f0:a3:49:5a:e3:7a:f8:8c:ca: 311s 7b:d6:88:d8:db:c9:98:d5:46:00:eb:6e:34:df:97: 311s 8d:7a:30:fe:01:63:12:2c:81:90:3e:d1:89:6b:5a: 311s 5c:8d:1c:52:fb:3e:79:b2:81:01:4e:60:62:fc:7d: 311s dc:7c:b1:78:a5:7b:20:9a:81:04:0e:f6:b1:b5:ab: 311s 2f:5f:1b:b7:7a:9d:eb:6d:dc:f2:45:48:f2:94:a9: 311s c0:eb:c2:43:7e:9f:cc:04:ae:c7:dd:30:33:8c:32: 311s 74:15:b6:72:17:e0:38:69:73:31:e5:26:9f:3b:4d: 311s 20:0f:ef:27:58:aa:72:ab:41 311s Exponent: 65537 (0x10001) 311s X509v3 extensions: 311s X509v3 Authority Key Identifier: 311s 95:01:E1:5E:6A:AD:4E:14:90:70:01:A9:C0:A9:94:28:46:F9:B0:AF 311s X509v3 Basic Constraints: 311s CA:FALSE 311s Netscape Cert Type: 311s SSL Client, S/MIME 311s Netscape Comment: 311s Test Organization Intermediate CA trusted Certificate 311s X509v3 Subject Key Identifier: 311s 09:9F:D3:C6:7E:A9:C8:44:85:FE:92:C7:F9:A4:43:F1:B2:06:0B:02 311s X509v3 Key Usage: critical 311s Digital Signature, Non Repudiation, Key Encipherment 311s X509v3 Extended Key Usage: 311s TLS Web Client Authentication, E-mail Protection 311s X509v3 Subject Alternative Name: 311s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 311s Signature Algorithm: sha256WithRSAEncryption 311s Signature Value: 311s 6e:66:38:6e:5e:77:41:45:61:61:df:58:7b:d6:13:4f:91:b5: 311s 96:42:2f:17:65:25:3b:e2:d4:50:b4:14:84:2d:54:eb:d0:55: 311s 4b:d3:3e:9c:d4:0a:45:b1:37:5c:f8:24:a5:39:69:4b:cc:af: 311s d9:7b:b5:45:ee:d4:cc:6a:d2:48:c0:ce:f7:c5:7e:65:99:57: 311s 67:ae:9f:00:b3:80:7c:8d:56:82:79:22:37:ed:59:95:cf:d6: 311s 50:6e:7e:7a:6a:55:93:66:d6:72:e7:41:2f:1e:e1:ac:bd:f4: 311s 84:3b:96:2a:0d:e5:df:38:c5:87:bf:87:47:32:70:a2:98:7d: 311s 91:ec 311s + local found_md5 expected_md5 311s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-m6N4Q8/test-intermediate-CA-trusted-certificate-0001.pem 311s + expected_md5=Modulus=A6A964CC8CF0A3495AE37AF88CCA7BD688D8DBC998D54600EB6E34DF978D7A30FE0163122C81903ED1896B5A5C8D1C52FB3E79B281014E6062FC7DDC7CB178A57B209A81040EF6B1B5AB2F5F1BB77A9DEB6DDCF24548F294A9C0EBC2437E9FCC04AEC7DD30338C327415B67217E038697331E5269F3B4D200FEF2758AA72AB41 311s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-m6N4Q8/SSSD-child-5257.pem 311s + found_md5=Modulus=A6A964CC8CF0A3495AE37AF88CCA7BD688D8DBC998D54600EB6E34DF978D7A30FE0163122C81903ED1896B5A5C8D1C52FB3E79B281014E6062FC7DDC7CB178A57B209A81040EF6B1B5AB2F5F1BB77A9DEB6DDCF24548F294A9C0EBC2437E9FCC04AEC7DD30338C327415B67217E038697331E5269F3B4D200FEF2758AA72AB41 311s + '[' Modulus=A6A964CC8CF0A3495AE37AF88CCA7BD688D8DBC998D54600EB6E34DF978D7A30FE0163122C81903ED1896B5A5C8D1C52FB3E79B281014E6062FC7DDC7CB178A57B209A81040EF6B1B5AB2F5F1BB77A9DEB6DDCF24548F294A9C0EBC2437E9FCC04AEC7DD30338C327415B67217E038697331E5269F3B4D200FEF2758AA72AB41 '!=' Modulus=A6A964CC8CF0A3495AE37AF88CCA7BD688D8DBC998D54600EB6E34DF978D7A30FE0163122C81903ED1896B5A5C8D1C52FB3E79B281014E6062FC7DDC7CB178A57B209A81040EF6B1B5AB2F5F1BB77A9DEB6DDCF24548F294A9C0EBC2437E9FCC04AEC7DD30338C327415B67217E038697331E5269F3B4D200FEF2758AA72AB41 ']' 311s + output_file=/tmp/sssd-softhsm2-m6N4Q8/SSSD-child-5257-auth.output 311s ++ basename /tmp/sssd-softhsm2-m6N4Q8/SSSD-child-5257-auth.output .output 311s + output_cert_file=/tmp/sssd-softhsm2-m6N4Q8/SSSD-child-5257-auth.pem 311s + echo -n 053350 311s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-m6N4Q8/test-full-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Interme Token' --module_name /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so 311s [p11_child[3363]] [main] (0x0400): p11_child started. 311s [p11_child[3363]] [main] (0x2000): Running in [auth] mode. 311s [p11_child[3363]] [main] (0x2000): Running with effective IDs: [0][0]. 311s [p11_child[3363]] [main] (0x2000): Running with real IDs [0][0]. 311s [p11_child[3363]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 311s [p11_child[3363]] [do_card] (0x4000): Module List: 311s [p11_child[3363]] [do_card] (0x4000): common name: [softhsm2]. 311s [p11_child[3363]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 311s [p11_child[3363]] [do_card] (0x4000): Description [SoftHSM slot ID 0x6ee4b3f0] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 311s [p11_child[3363]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 311s [p11_child[3363]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x6ee4b3f0][1860482032] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 311s [p11_child[3363]] [do_card] (0x4000): Login required. 311s [p11_child[3363]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 311s [p11_child[3363]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 311s [p11_child[3363]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so Test Organization Interme Token Test Organization Interme Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 311s [p11_child[3363]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x6ee4b3f0;slot-manufacturer=SoftHSM%20project;slot-id=1860482032;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=67048c9ceee4b3f0;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 311s [p11_child[3363]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 311s [p11_child[3363]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 311s [p11_child[3363]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 311s [p11_child[3363]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 311s [p11_child[3363]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 311s [p11_child[3363]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 311s [p11_child[3363]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 311s [p11_child[3363]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 311s [p11_child[3363]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 311s [p11_child[3363]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 311s [p11_child[3363]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 311s [p11_child[3363]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 311s [p11_child[3363]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 311s [p11_child[3363]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 311s [p11_child[3363]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 311s [p11_child[3363]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 311s [p11_child[3363]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 311s [p11_child[3363]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 311s [p11_child[3363]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 311s [p11_child[3363]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 311s [p11_child[3363]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 311s [p11_child[3363]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 311s [p11_child[3363]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 311s [p11_child[3363]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 311s [p11_child[3363]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 311s [p11_child[3363]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 311s [p11_child[3363]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 311s [p11_child[3363]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 311s [p11_child[3363]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 311s [p11_child[3363]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 311s [p11_child[3363]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 311s [p11_child[3363]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 311s [p11_child[3363]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 311s [p11_child[3363]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 311s [p11_child[3363]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 311s [p11_child[3363]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 311s [p11_child[3363]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 311s [p11_child[3363]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 311s [p11_child[3363]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 311s [p11_child[3363]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 311s [p11_child[3363]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 311s [p11_child[3363]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 311s [p11_child[3363]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 311s [p11_child[3363]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 311s [p11_child[3363]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 311s [p11_child[3363]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 311s [p11_child[3363]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 311s [p11_child[3363]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 311s [p11_child[3363]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 311s [p11_child[3363]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 311s [p11_child[3363]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 311s [p11_child[3363]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 311s [p11_child[3363]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 311s [p11_child[3363]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 311s [p11_child[3363]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 311s [p11_child[3363]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 311s [p11_child[3363]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 311s [p11_child[3363]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 311s [p11_child[3363]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 311s [p11_child[3363]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 311s [p11_child[3363]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 311s [p11_child[3363]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 311s [p11_child[3363]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 311s [p11_child[3363]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 311s [p11_child[3363]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 311s [p11_child[3363]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 311s [p11_child[3363]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 311s [p11_child[3363]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 311s [p11_child[3363]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 311s [p11_child[3363]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 311s [p11_child[3363]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 311s [p11_child[3363]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 311s [p11_child[3363]] [do_card] (0x4000): Certificate verified and validated. 311s [p11_child[3363]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 311s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-m6N4Q8/SSSD-child-5257-auth.output 311s + echo '-----BEGIN CERTIFICATE-----' 311s + tail -n1 /tmp/sssd-softhsm2-m6N4Q8/SSSD-child-5257-auth.output 311s + echo '-----END CERTIFICATE-----' 311s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-m6N4Q8/SSSD-child-5257-auth.pem 311s Certificate: 311s Data: 311s Version: 3 (0x2) 311s Serial Number: 4 (0x4) 311s Signature Algorithm: sha256WithRSAEncryption 311s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 311s Validity 311s Not Before: Mar 16 12:37:17 2024 GMT 311s Not After : Mar 16 12:37:17 2025 GMT 311s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 311s Subject Public Key Info: 311s Public Key Algorithm: rsaEncryption 311s Public-Key: (1024 bit) 311s Modulus: 311s 00:a6:a9:64:cc:8c:f0:a3:49:5a:e3:7a:f8:8c:ca: 311s 7b:d6:88:d8:db:c9:98:d5:46:00:eb:6e:34:df:97: 311s 8d:7a:30:fe:01:63:12:2c:81:90:3e:d1:89:6b:5a: 311s 5c:8d:1c:52:fb:3e:79:b2:81:01:4e:60:62:fc:7d: 311s dc:7c:b1:78:a5:7b:20:9a:81:04:0e:f6:b1:b5:ab: 311s 2f:5f:1b:b7:7a:9d:eb:6d:dc:f2:45:48:f2:94:a9: 311s c0:eb:c2:43:7e:9f:cc:04:ae:c7:dd:30:33:8c:32: 311s 74:15:b6:72:17:e0:38:69:73:31:e5:26:9f:3b:4d: 311s 20:0f:ef:27:58:aa:72:ab:41 311s Exponent: 65537 (0x10001) 311s X509v3 extensions: 311s X509v3 Authority Key Identifier: 311s 95:01:E1:5E:6A:AD:4E:14:90:70:01:A9:C0:A9:94:28:46:F9:B0:AF 311s X509v3 Basic Constraints: 311s CA:FALSE 311s Netscape Cert Type: 311s SSL Client, S/MIME 311s Netscape Comment: 311s Test Organization Intermediate CA trusted Certificate 311s X509v3 Subject Key Identifier: 311s 09:9F:D3:C6:7E:A9:C8:44:85:FE:92:C7:F9:A4:43:F1:B2:06:0B:02 311s X509v3 Key Usage: critical 311s Digital Signature, Non Repudiation, Key Encipherment 311s X509v3 Extended Key Usage: 311s TLS Web Client Authentication, E-mail Protection 311s X509v3 Subject Alternative Name: 311s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 311s Signature Algorithm: sha256WithRSAEncryption 311s Signature Value: 311s 6e:66:38:6e:5e:77:41:45:61:61:df:58:7b:d6:13:4f:91:b5: 311s 96:42:2f:17:65:25:3b:e2:d4:50:b4:14:84:2d:54:eb:d0:55: 311s 4b:d3:3e:9c:d4:0a:45:b1:37:5c:f8:24:a5:39:69:4b:cc:af: 311s d9:7b:b5:45:ee:d4:cc:6a:d2:48:c0:ce:f7:c5:7e:65:99:57: 311s 67:ae:9f:00:b3:80:7c:8d:56:82:79:22:37:ed:59:95:cf:d6: 311s 50:6e:7e:7a:6a:55:93:66:d6:72:e7:41:2f:1e:e1:ac:bd:f4: 311s 84:3b:96:2a:0d:e5:df:38:c5:87:bf:87:47:32:70:a2:98:7d: 311s 91:ec 311s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-m6N4Q8/SSSD-child-5257-auth.pem 311s + found_md5=Modulus=A6A964CC8CF0A3495AE37AF88CCA7BD688D8DBC998D54600EB6E34DF978D7A30FE0163122C81903ED1896B5A5C8D1C52FB3E79B281014E6062FC7DDC7CB178A57B209A81040EF6B1B5AB2F5F1BB77A9DEB6DDCF24548F294A9C0EBC2437E9FCC04AEC7DD30338C327415B67217E038697331E5269F3B4D200FEF2758AA72AB41 311s + '[' Modulus=A6A964CC8CF0A3495AE37AF88CCA7BD688D8DBC998D54600EB6E34DF978D7A30FE0163122C81903ED1896B5A5C8D1C52FB3E79B281014E6062FC7DDC7CB178A57B209A81040EF6B1B5AB2F5F1BB77A9DEB6DDCF24548F294A9C0EBC2437E9FCC04AEC7DD30338C327415B67217E038697331E5269F3B4D200FEF2758AA72AB41 '!=' Modulus=A6A964CC8CF0A3495AE37AF88CCA7BD688D8DBC998D54600EB6E34DF978D7A30FE0163122C81903ED1896B5A5C8D1C52FB3E79B281014E6062FC7DDC7CB178A57B209A81040EF6B1B5AB2F5F1BB77A9DEB6DDCF24548F294A9C0EBC2437E9FCC04AEC7DD30338C327415B67217E038697331E5269F3B4D200FEF2758AA72AB41 ']' 311s + invalid_certificate /tmp/sssd-softhsm2-m6N4Q8/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-19449 /tmp/sssd-softhsm2-m6N4Q8/test-intermediate-CA.pem 311s + check_certificate /tmp/sssd-softhsm2-m6N4Q8/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-19449 /tmp/sssd-softhsm2-m6N4Q8/test-intermediate-CA.pem 311s + local certificate=/tmp/sssd-softhsm2-m6N4Q8/test-intermediate-CA-trusted-certificate-0001.pem 311s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-19449 311s + local key_ring=/tmp/sssd-softhsm2-m6N4Q8/test-intermediate-CA.pem 311s + local verify_option= 311s + prepare_softhsm2_card /tmp/sssd-softhsm2-m6N4Q8/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-19449 311s + local certificate=/tmp/sssd-softhsm2-m6N4Q8/test-intermediate-CA-trusted-certificate-0001.pem 311s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-19449 311s + local key_cn 311s + local key_name 311s + local tokens_dir 311s + local output_cert_file 311s + token_name= 311s ++ basename /tmp/sssd-softhsm2-m6N4Q8/test-intermediate-CA-trusted-certificate-0001.pem .pem 311s + key_name=test-intermediate-CA-trusted-certificate-0001 311s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-m6N4Q8/test-intermediate-CA-trusted-certificate-0001.pem 311s ++ sed -n 's/ *commonName *= //p' 311s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 311s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 311s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-m6N4Q8/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 311s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-m6N4Q8/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 311s ++ basename /tmp/sssd-softhsm2-m6N4Q8/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 311s Test Organization Interme Token 311s + tokens_dir=/tmp/sssd-softhsm2-m6N4Q8/softhsm2-test-intermediate-CA-trusted-certificate-0001 311s + token_name='Test Organization Interme Token' 311s + '[' '!' -e /tmp/sssd-softhsm2-m6N4Q8/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 311s + '[' '!' -d /tmp/sssd-softhsm2-m6N4Q8/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 311s + echo 'Test Organization Interme Token' 311s + '[' -n '' ']' 311s + local output_base_name=SSSD-child-7854 311s + local output_file=/tmp/sssd-softhsm2-m6N4Q8/SSSD-child-7854.output 311s + output_cert_file=/tmp/sssd-softhsm2-m6N4Q8/SSSD-child-7854.pem 311s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-m6N4Q8/test-intermediate-CA.pem 311s [p11_child[3373]] [main] (0x0400): p11_child started. 311s [p11_child[3373]] [main] (0x2000): Running in [pre-auth] mode. 311s [p11_child[3373]] [main] (0x2000): Running with effective IDs: [0][0]. 311s [p11_child[3373]] [main] (0x2000): Running with real IDs [0][0]. 311s [p11_child[3373]] [do_card] (0x4000): Module List: 311s [p11_child[3373]] [do_card] (0x4000): common name: [softhsm2]. 311s [p11_child[3373]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 311s [p11_child[3373]] [do_card] (0x4000): Description [SoftHSM slot ID 0x6ee4b3f0] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 311s [p11_child[3373]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 311s [p11_child[3373]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x6ee4b3f0][1860482032] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 311s [p11_child[3373]] [do_card] (0x4000): Login NOT required. 311s [p11_child[3373]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 311s [p11_child[3373]] [do_verification] (0x0040): X509_verify_cert failed [0]. 311s [p11_child[3373]] [do_verification] (0x0040): X509_verify_cert failed [2][unable to get issuer certificate]. 311s [p11_child[3373]] [read_certs] (0x0040): Certificate [Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] not valid, skipping. 311s [p11_child[3373]] [do_card] (0x4000): No certificate found. 311s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-m6N4Q8/SSSD-child-7854.output 311s + return 2 311s + valid_certificate /tmp/sssd-softhsm2-m6N4Q8/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-19449 /tmp/sssd-softhsm2-m6N4Q8/test-intermediate-CA.pem partial_chain 311s + check_certificate /tmp/sssd-softhsm2-m6N4Q8/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-19449 /tmp/sssd-softhsm2-m6N4Q8/test-intermediate-CA.pem partial_chain 311s + local certificate=/tmp/sssd-softhsm2-m6N4Q8/test-intermediate-CA-trusted-certificate-0001.pem 311s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-19449 311s + local key_ring=/tmp/sssd-softhsm2-m6N4Q8/test-intermediate-CA.pem 311s + local verify_option=partial_chain 311s + prepare_softhsm2_card /tmp/sssd-softhsm2-m6N4Q8/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-19449 311s + local certificate=/tmp/sssd-softhsm2-m6N4Q8/test-intermediate-CA-trusted-certificate-0001.pem 311s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-19449 311s + local key_cn 311s + local key_name 311s + local tokens_dir 311s + local output_cert_file 311s + token_name= 311s ++ basename /tmp/sssd-softhsm2-m6N4Q8/test-intermediate-CA-trusted-certificate-0001.pem .pem 311s + key_name=test-intermediate-CA-trusted-certificate-0001 311s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-m6N4Q8/test-intermediate-CA-trusted-certificate-0001.pem 311s ++ sed -n 's/ *commonName *= //p' 311s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 311s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 311s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-m6N4Q8/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 311s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-m6N4Q8/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 311s ++ basename /tmp/sssd-softhsm2-m6N4Q8/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 311s + tokens_dir=/tmp/sssd-softhsm2-m6N4Q8/softhsm2-test-intermediate-CA-trusted-certificate-0001 311s + token_name='Test Organization Interme Token' 311s + '[' '!' -e /tmp/sssd-softhsm2-m6N4Q8/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 311s + '[' '!' -d /tmp/sssd-softhsm2-m6N4Q8/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 311s + echo 'Test Organization Interme Token' 311s + '[' -n partial_chain ']' 311s + local verify_arg=--verify=partial_chain 311s + local output_base_name=SSSD-child-23598 311s + local output_file=/tmp/sssd-softhsm2-m6N4Q8/SSSD-child-23598.output 311s + output_cert_file=/tmp/sssd-softhsm2-m6N4Q8/SSSD-child-23598.pem 311s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-m6N4Q8/test-intermediate-CA.pem 311s Test Organization Interme Token 311s [p11_child[3380]] [main] (0x0400): p11_child started. 311s [p11_child[3380]] [main] (0x2000): Running in [pre-auth] mode. 311s [p11_child[3380]] [main] (0x2000): Running with effective IDs: [0][0]. 311s [p11_child[3380]] [main] (0x2000): Running with real IDs [0][0]. 311s [p11_child[3380]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 311s [p11_child[3380]] [do_card] (0x4000): Module List: 311s [p11_child[3380]] [do_card] (0x4000): common name: [softhsm2]. 311s [p11_child[3380]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 311s [p11_child[3380]] [do_card] (0x4000): Description [SoftHSM slot ID 0x6ee4b3f0] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 311s [p11_child[3380]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 311s [p11_child[3380]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x6ee4b3f0][1860482032] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 311s [p11_child[3380]] [do_card] (0x4000): Login NOT required. 311s [p11_child[3380]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 311s [p11_child[3380]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 311s [p11_child[3380]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Interme Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 311s [p11_child[3380]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x6ee4b3f0;slot-manufacturer=SoftHSM%20project;slot-id=1860482032;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=67048c9ceee4b3f0;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 311s [p11_child[3380]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 311s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-m6N4Q8/SSSD-child-23598.output 311s + echo '-----BEGIN CERTIFICATE-----' 311s + tail -n1 /tmp/sssd-softhsm2-m6N4Q8/SSSD-child-23598.output 311s + echo '-----END CERTIFICATE-----' 311s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-m6N4Q8/SSSD-child-23598.pem 311s Certificate: 311s Data: 311s Version: 3 (0x2) 311s Serial Number: 4 (0x4) 311s Signature Algorithm: sha256WithRSAEncryption 311s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 311s Validity 311s Not Before: Mar 16 12:37:17 2024 GMT 311s Not After : Mar 16 12:37:17 2025 GMT 311s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 311s Subject Public Key Info: 311s Public Key Algorithm: rsaEncryption 311s Public-Key: (1024 bit) 311s Modulus: 311s 00:a6:a9:64:cc:8c:f0:a3:49:5a:e3:7a:f8:8c:ca: 311s 7b:d6:88:d8:db:c9:98:d5:46:00:eb:6e:34:df:97: 311s 8d:7a:30:fe:01:63:12:2c:81:90:3e:d1:89:6b:5a: 311s 5c:8d:1c:52:fb:3e:79:b2:81:01:4e:60:62:fc:7d: 311s dc:7c:b1:78:a5:7b:20:9a:81:04:0e:f6:b1:b5:ab: 311s 2f:5f:1b:b7:7a:9d:eb:6d:dc:f2:45:48:f2:94:a9: 311s c0:eb:c2:43:7e:9f:cc:04:ae:c7:dd:30:33:8c:32: 311s 74:15:b6:72:17:e0:38:69:73:31:e5:26:9f:3b:4d: 311s 20:0f:ef:27:58:aa:72:ab:41 311s Exponent: 65537 (0x10001) 311s X509v3 extensions: 311s X509v3 Authority Key Identifier: 311s 95:01:E1:5E:6A:AD:4E:14:90:70:01:A9:C0:A9:94:28:46:F9:B0:AF 311s X509v3 Basic Constraints: 311s CA:FALSE 311s Netscape Cert Type: 311s SSL Client, S/MIME 311s Netscape Comment: 311s Test Organization Intermediate CA trusted Certificate 311s X509v3 Subject Key Identifier: 311s 09:9F:D3:C6:7E:A9:C8:44:85:FE:92:C7:F9:A4:43:F1:B2:06:0B:02 311s X509v3 Key Usage: critical 311s Digital Signature, Non Repudiation, Key Encipherment 311s X509v3 Extended Key Usage: 311s TLS Web Client Authentication, E-mail Protection 311s X509v3 Subject Alternative Name: 311s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 311s Signature Algorithm: sha256WithRSAEncryption 311s Signature Value: 311s 6e:66:38:6e:5e:77:41:45:61:61:df:58:7b:d6:13:4f:91:b5: 311s 96:42:2f:17:65:25:3b:e2:d4:50:b4:14:84:2d:54:eb:d0:55: 311s 4b:d3:3e:9c:d4:0a:45:b1:37:5c:f8:24:a5:39:69:4b:cc:af: 311s d9:7b:b5:45:ee:d4:cc:6a:d2:48:c0:ce:f7:c5:7e:65:99:57: 311s 67:ae:9f:00:b3:80:7c:8d:56:82:79:22:37:ed:59:95:cf:d6: 311s 50:6e:7e:7a:6a:55:93:66:d6:72:e7:41:2f:1e:e1:ac:bd:f4: 311s 84:3b:96:2a:0d:e5:df:38:c5:87:bf:87:47:32:70:a2:98:7d: 311s 91:ec 311s + local found_md5 expected_md5 311s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-m6N4Q8/test-intermediate-CA-trusted-certificate-0001.pem 311s + expected_md5=Modulus=A6A964CC8CF0A3495AE37AF88CCA7BD688D8DBC998D54600EB6E34DF978D7A30FE0163122C81903ED1896B5A5C8D1C52FB3E79B281014E6062FC7DDC7CB178A57B209A81040EF6B1B5AB2F5F1BB77A9DEB6DDCF24548F294A9C0EBC2437E9FCC04AEC7DD30338C327415B67217E038697331E5269F3B4D200FEF2758AA72AB41 311s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-m6N4Q8/SSSD-child-23598.pem 311s + found_md5=Modulus=A6A964CC8CF0A3495AE37AF88CCA7BD688D8DBC998D54600EB6E34DF978D7A30FE0163122C81903ED1896B5A5C8D1C52FB3E79B281014E6062FC7DDC7CB178A57B209A81040EF6B1B5AB2F5F1BB77A9DEB6DDCF24548F294A9C0EBC2437E9FCC04AEC7DD30338C327415B67217E038697331E5269F3B4D200FEF2758AA72AB41 311s + '[' Modulus=A6A964CC8CF0A3495AE37AF88CCA7BD688D8DBC998D54600EB6E34DF978D7A30FE0163122C81903ED1896B5A5C8D1C52FB3E79B281014E6062FC7DDC7CB178A57B209A81040EF6B1B5AB2F5F1BB77A9DEB6DDCF24548F294A9C0EBC2437E9FCC04AEC7DD30338C327415B67217E038697331E5269F3B4D200FEF2758AA72AB41 '!=' Modulus=A6A964CC8CF0A3495AE37AF88CCA7BD688D8DBC998D54600EB6E34DF978D7A30FE0163122C81903ED1896B5A5C8D1C52FB3E79B281014E6062FC7DDC7CB178A57B209A81040EF6B1B5AB2F5F1BB77A9DEB6DDCF24548F294A9C0EBC2437E9FCC04AEC7DD30338C327415B67217E038697331E5269F3B4D200FEF2758AA72AB41 ']' 311s + output_file=/tmp/sssd-softhsm2-m6N4Q8/SSSD-child-23598-auth.output 311s ++ basename /tmp/sssd-softhsm2-m6N4Q8/SSSD-child-23598-auth.output .output 311s + output_cert_file=/tmp/sssd-softhsm2-m6N4Q8/SSSD-child-23598-auth.pem 311s + echo -n 053350 311s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-m6N4Q8/test-intermediate-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Interme Token' --module_name /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so 311s [p11_child[3388]] [main] (0x0400): p11_child started. 311s [p11_child[3388]] [main] (0x2000): Running in [auth] mode. 311s [p11_child[3388]] [main] (0x2000): Running with effective IDs: [0][0]. 311s [p11_child[3388]] [main] (0x2000): Running with real IDs [0][0]. 311s [p11_child[3388]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 311s [p11_child[3388]] [do_card] (0x4000): Module List: 311s [p11_child[3388]] [do_card] (0x4000): common name: [softhsm2]. 311s [p11_child[3388]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 311s [p11_child[3388]] [do_card] (0x4000): Description [SoftHSM slot ID 0x6ee4b3f0] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 311s [p11_child[3388]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 311s [p11_child[3388]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x6ee4b3f0][1860482032] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 311s [p11_child[3388]] [do_card] (0x4000): Login required. 311s [p11_child[3388]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 311s [p11_child[3388]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 311s [p11_child[3388]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so Test Organization Interme Token Test Organization Interme Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 311s [p11_child[3388]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x6ee4b3f0;slot-manufacturer=SoftHSM%20project;slot-id=1860482032;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=67048c9ceee4b3f0;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 311s [p11_child[3388]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 311s [p11_child[3388]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 311s [p11_child[3388]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 311s [p11_child[3388]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 311s [p11_child[3388]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 311s [p11_child[3388]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 311s [p11_child[3388]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 311s [p11_child[3388]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 311s [p11_child[3388]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 311s [p11_child[3388]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 311s [p11_child[3388]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 311s [p11_child[3388]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 311s [p11_child[3388]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 311s [p11_child[3388]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 311s [p11_child[3388]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 311s [p11_child[3388]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 311s [p11_child[3388]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 311s [p11_child[3388]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 311s [p11_child[3388]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 311s [p11_child[3388]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 311s [p11_child[3388]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 311s [p11_child[3388]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 311s [p11_child[3388]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 311s [p11_child[3388]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 311s [p11_child[3388]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 311s [p11_child[3388]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 311s [p11_child[3388]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 311s [p11_child[3388]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 311s [p11_child[3388]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 311s [p11_child[3388]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 311s [p11_child[3388]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 311s [p11_child[3388]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 311s [p11_child[3388]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 311s [p11_child[3388]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 311s [p11_child[3388]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 311s [p11_child[3388]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 311s [p11_child[3388]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 311s [p11_child[3388]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 311s [p11_child[3388]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 311s [p11_child[3388]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 311s [p11_child[3388]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 311s [p11_child[3388]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 311s [p11_child[3388]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 311s [p11_child[3388]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 311s [p11_child[3388]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 311s [p11_child[3388]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 311s [p11_child[3388]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 311s [p11_child[3388]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 311s [p11_child[3388]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 311s [p11_child[3388]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 311s [p11_child[3388]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 311s [p11_child[3388]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 311s [p11_child[3388]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 311s [p11_child[3388]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 311s [p11_child[3388]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 311s [p11_child[3388]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 311s [p11_child[3388]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 311s [p11_child[3388]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 311s [p11_child[3388]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 311s [p11_child[3388]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 311s [p11_child[3388]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 311s [p11_child[3388]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 311s [p11_child[3388]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 311s [p11_child[3388]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 311s [p11_child[3388]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 311s [p11_child[3388]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 311s [p11_child[3388]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 311s [p11_child[3388]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 311s [p11_child[3388]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 311s [p11_child[3388]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 311s [p11_child[3388]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 311s [p11_child[3388]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 311s [p11_child[3388]] [do_card] (0x4000): Certificate verified and validated. 311s [p11_child[3388]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 311s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-m6N4Q8/SSSD-child-23598-auth.output 311s + echo '-----BEGIN CERTIFICATE-----' 311s + tail -n1 /tmp/sssd-softhsm2-m6N4Q8/SSSD-child-23598-auth.output 311s + echo '-----END CERTIFICATE-----' 311s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-m6N4Q8/SSSD-child-23598-auth.pem 311s Certificate: 311s Data: 311s Version: 3 (0x2) 311s Serial Number: 4 (0x4) 311s Signature Algorithm: sha256WithRSAEncryption 311s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 311s Validity 311s Not Before: Mar 16 12:37:17 2024 GMT 311s Not After : Mar 16 12:37:17 2025 GMT 311s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 311s Subject Public Key Info: 311s Public Key Algorithm: rsaEncryption 311s Public-Key: (1024 bit) 311s Modulus: 311s 00:a6:a9:64:cc:8c:f0:a3:49:5a:e3:7a:f8:8c:ca: 311s 7b:d6:88:d8:db:c9:98:d5:46:00:eb:6e:34:df:97: 311s 8d:7a:30:fe:01:63:12:2c:81:90:3e:d1:89:6b:5a: 311s 5c:8d:1c:52:fb:3e:79:b2:81:01:4e:60:62:fc:7d: 311s dc:7c:b1:78:a5:7b:20:9a:81:04:0e:f6:b1:b5:ab: 311s 2f:5f:1b:b7:7a:9d:eb:6d:dc:f2:45:48:f2:94:a9: 311s c0:eb:c2:43:7e:9f:cc:04:ae:c7:dd:30:33:8c:32: 311s 74:15:b6:72:17:e0:38:69:73:31:e5:26:9f:3b:4d: 311s 20:0f:ef:27:58:aa:72:ab:41 311s Exponent: 65537 (0x10001) 311s X509v3 extensions: 311s X509v3 Authority Key Identifier: 311s 95:01:E1:5E:6A:AD:4E:14:90:70:01:A9:C0:A9:94:28:46:F9:B0:AF 311s X509v3 Basic Constraints: 311s CA:FALSE 311s Netscape Cert Type: 311s SSL Client, S/MIME 311s Netscape Comment: 311s Test Organization Intermediate CA trusted Certificate 311s X509v3 Subject Key Identifier: 311s 09:9F:D3:C6:7E:A9:C8:44:85:FE:92:C7:F9:A4:43:F1:B2:06:0B:02 311s X509v3 Key Usage: critical 311s Digital Signature, Non Repudiation, Key Encipherment 311s X509v3 Extended Key Usage: 311s TLS Web Client Authentication, E-mail Protection 311s X509v3 Subject Alternative Name: 311s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 311s Signature Algorithm: sha256WithRSAEncryption 311s Signature Value: 311s 6e:66:38:6e:5e:77:41:45:61:61:df:58:7b:d6:13:4f:91:b5: 311s 96:42:2f:17:65:25:3b:e2:d4:50:b4:14:84:2d:54:eb:d0:55: 311s 4b:d3:3e:9c:d4:0a:45:b1:37:5c:f8:24:a5:39:69:4b:cc:af: 311s d9:7b:b5:45:ee:d4:cc:6a:d2:48:c0:ce:f7:c5:7e:65:99:57: 311s 67:ae:9f:00:b3:80:7c:8d:56:82:79:22:37:ed:59:95:cf:d6: 311s 50:6e:7e:7a:6a:55:93:66:d6:72:e7:41:2f:1e:e1:ac:bd:f4: 311s 84:3b:96:2a:0d:e5:df:38:c5:87:bf:87:47:32:70:a2:98:7d: 311s 91:ec 311s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-m6N4Q8/SSSD-child-23598-auth.pem 311s + found_md5=Modulus=A6A964CC8CF0A3495AE37AF88CCA7BD688D8DBC998D54600EB6E34DF978D7A30FE0163122C81903ED1896B5A5C8D1C52FB3E79B281014E6062FC7DDC7CB178A57B209A81040EF6B1B5AB2F5F1BB77A9DEB6DDCF24548F294A9C0EBC2437E9FCC04AEC7DD30338C327415B67217E038697331E5269F3B4D200FEF2758AA72AB41 311s + '[' Modulus=A6A964CC8CF0A3495AE37AF88CCA7BD688D8DBC998D54600EB6E34DF978D7A30FE0163122C81903ED1896B5A5C8D1C52FB3E79B281014E6062FC7DDC7CB178A57B209A81040EF6B1B5AB2F5F1BB77A9DEB6DDCF24548F294A9C0EBC2437E9FCC04AEC7DD30338C327415B67217E038697331E5269F3B4D200FEF2758AA72AB41 '!=' Modulus=A6A964CC8CF0A3495AE37AF88CCA7BD688D8DBC998D54600EB6E34DF978D7A30FE0163122C81903ED1896B5A5C8D1C52FB3E79B281014E6062FC7DDC7CB178A57B209A81040EF6B1B5AB2F5F1BB77A9DEB6DDCF24548F294A9C0EBC2437E9FCC04AEC7DD30338C327415B67217E038697331E5269F3B4D200FEF2758AA72AB41 ']' 311s + invalid_certificate /tmp/sssd-softhsm2-m6N4Q8/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-11008 /tmp/sssd-softhsm2-m6N4Q8/test-root-CA.pem 311s + check_certificate /tmp/sssd-softhsm2-m6N4Q8/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-11008 /tmp/sssd-softhsm2-m6N4Q8/test-root-CA.pem 311s + local certificate=/tmp/sssd-softhsm2-m6N4Q8/test-sub-intermediate-CA-trusted-certificate-0001.pem 311s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-11008 311s + local key_ring=/tmp/sssd-softhsm2-m6N4Q8/test-root-CA.pem 311s + local verify_option= 311s + prepare_softhsm2_card /tmp/sssd-softhsm2-m6N4Q8/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-11008 311s + local certificate=/tmp/sssd-softhsm2-m6N4Q8/test-sub-intermediate-CA-trusted-certificate-0001.pem 311s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-11008 311s + local key_cn 311s + local key_name 311s + local tokens_dir 311s + local output_cert_file 311s + token_name= 311s ++ basename /tmp/sssd-softhsm2-m6N4Q8/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 311s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 311s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-m6N4Q8/test-sub-intermediate-CA-trusted-certificate-0001.pem 311s ++ sed -n 's/ *commonName *= //p' 311s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 311s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 311s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-m6N4Q8/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 311s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-m6N4Q8/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 311s ++ basename /tmp/sssd-softhsm2-m6N4Q8/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 311s + tokens_dir=/tmp/sssd-softhsm2-m6N4Q8/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 311s + token_name='Test Organization Sub Int Token' 311s + '[' '!' -e /tmp/sssd-softhsm2-m6N4Q8/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 311s + local key_file 311s + local decrypted_key 311s + mkdir -p /tmp/sssd-softhsm2-m6N4Q8/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 311s + key_file=/tmp/sssd-softhsm2-m6N4Q8/test-sub-intermediate-CA-trusted-certificate-0001-key.pem 311s + decrypted_key=/tmp/sssd-softhsm2-m6N4Q8/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 311s + cat 311s + softhsm2-util --init-token --label 'Test Organization Sub Int Token' --pin 053350 --so-pin 053350 --free 311s Slot 0 has a free/uninitialized token. 311s The token has been initialized and is reassigned to slot 884699791 311s + softhsm2-util --show-slots 311s Available slots: 311s Slot 884699791 311s Slot info: 311s Description: SoftHSM slot ID 0x34bb728f 311s Manufacturer ID: SoftHSM project 311s Hardware version: 2.6 311s Firmware version: 2.6 311s Token present: yes 311s Token info: 311s Manufacturer ID: SoftHSM project 311s Model: SoftHSM v2 311s Hardware version: 2.6 311s Firmware version: 2.6 311s Serial number: 1347ea7e34bb728f 311s Initialized: yes 311s User PIN init.: yes 311s Label: Test Organization Sub Int Token 311s Slot 1 311s Slot info: 311s Description: SoftHSM slot ID 0x1 311s Manufacturer ID: SoftHSM project 311s Hardware version: 2.6 311s Firmware version: 2.6 311s Token present: yes 311s Token info: 311s Manufacturer ID: SoftHSM project 311s Model: SoftHSM v2 311s Hardware version: 2.6 311s Firmware version: 2.6 311s Serial number: 311s Initialized: no 311s User PIN init.: no 311s Label: 311s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=/tmp/sssd-softhsm2-m6N4Q8/test-sub-intermediate-CA-trusted-certificate-0001.pem --login --set-pin=053350 --label 'Test Organization Sub Intermediate Trusted Certificate 0001' --id 00112233445566778899FFAABBCCDDEEFF012345 311s + openssl rsa -passin pass:random-sub-intermediate-ca-trusted-cert-0001-11008 -in /tmp/sssd-softhsm2-m6N4Q8/test-sub-intermediate-CA-trusted-certificate-0001-key.pem -out /tmp/sssd-softhsm2-m6N4Q8/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 311s writing RSA key 311s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --write --load-privkey=/tmp/sssd-softhsm2-m6N4Q8/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem --login --set-pin=053350 --label 'Test Organization Sub Intermediate Trusted Certificate 0001 Key' --id 00112233445566778899FFAABBCCDDEEFF012345 311s + rm /tmp/sssd-softhsm2-m6N4Q8/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 311s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --list-all 311s Object 0: 311s URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=1347ea7e34bb728f;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert 311s Type: X.509 Certificate (RSA-1024) 311s Expires: Sun Mar 16 12:37:17 2025 311s Label: Test Organization Sub Intermediate Trusted Certificate 0001 311s ID: 00:11:22:33:44:55:66:77:88:99:ff:aa:bb:cc:dd:ee:ff:01:23:45 311s 311s Test Organization Sub Int Token 311s + echo 'Test Organization Sub Int Token' 311s + '[' -n '' ']' 311s + local output_base_name=SSSD-child-26306 311s + local output_file=/tmp/sssd-softhsm2-m6N4Q8/SSSD-child-26306.output 311s + output_cert_file=/tmp/sssd-softhsm2-m6N4Q8/SSSD-child-26306.pem 311s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-m6N4Q8/test-root-CA.pem 311s [p11_child[3407]] [main] (0x0400): p11_child started. 311s [p11_child[3407]] [main] (0x2000): Running in [pre-auth] mode. 311s [p11_child[3407]] [main] (0x2000): Running with effective IDs: [0][0]. 311s [p11_child[3407]] [main] (0x2000): Running with real IDs [0][0]. 312s [p11_child[3407]] [do_card] (0x4000): Module List: 312s [p11_child[3407]] [do_card] (0x4000): common name: [softhsm2]. 312s [p11_child[3407]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 312s [p11_child[3407]] [do_card] (0x4000): Description [SoftHSM slot ID 0x34bb728f] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 312s [p11_child[3407]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 312s [p11_child[3407]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x34bb728f][884699791] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 312s [p11_child[3407]] [do_card] (0x4000): Login NOT required. 312s [p11_child[3407]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 312s [p11_child[3407]] [do_verification] (0x0040): X509_verify_cert failed [0]. 312s [p11_child[3407]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 312s [p11_child[3407]] [read_certs] (0x0040): Certificate [Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] not valid, skipping. 312s [p11_child[3407]] [do_card] (0x4000): No certificate found. 312s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-m6N4Q8/SSSD-child-26306.output 312s + return 2 312s + invalid_certificate /tmp/sssd-softhsm2-m6N4Q8/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-11008 /tmp/sssd-softhsm2-m6N4Q8/test-root-CA.pem partial_chain 312s + check_certificate /tmp/sssd-softhsm2-m6N4Q8/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-11008 /tmp/sssd-softhsm2-m6N4Q8/test-root-CA.pem partial_chain 312s + local certificate=/tmp/sssd-softhsm2-m6N4Q8/test-sub-intermediate-CA-trusted-certificate-0001.pem 312s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-11008 312s + local key_ring=/tmp/sssd-softhsm2-m6N4Q8/test-root-CA.pem 312s + local verify_option=partial_chain 312s + prepare_softhsm2_card /tmp/sssd-softhsm2-m6N4Q8/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-11008 312s + local certificate=/tmp/sssd-softhsm2-m6N4Q8/test-sub-intermediate-CA-trusted-certificate-0001.pem 312s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-11008 312s + local key_cn 312s + local key_name 312s + local tokens_dir 312s + local output_cert_file 312s + token_name= 312s ++ basename /tmp/sssd-softhsm2-m6N4Q8/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 312s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 312s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-m6N4Q8/test-sub-intermediate-CA-trusted-certificate-0001.pem 312s ++ sed -n 's/ *commonName *= //p' 312s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 312s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 312s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-m6N4Q8/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 312s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-m6N4Q8/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 312s ++ basename /tmp/sssd-softhsm2-m6N4Q8/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 312s Test Organization Sub Int Token 312s + tokens_dir=/tmp/sssd-softhsm2-m6N4Q8/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 312s + token_name='Test Organization Sub Int Token' 312s + '[' '!' -e /tmp/sssd-softhsm2-m6N4Q8/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 312s + '[' '!' -d /tmp/sssd-softhsm2-m6N4Q8/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 312s + echo 'Test Organization Sub Int Token' 312s + '[' -n partial_chain ']' 312s + local verify_arg=--verify=partial_chain 312s + local output_base_name=SSSD-child-28920 312s + local output_file=/tmp/sssd-softhsm2-m6N4Q8/SSSD-child-28920.output 312s + output_cert_file=/tmp/sssd-softhsm2-m6N4Q8/SSSD-child-28920.pem 312s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-m6N4Q8/test-root-CA.pem 312s [p11_child[3414]] [main] (0x0400): p11_child started. 312s [p11_child[3414]] [main] (0x2000): Running in [pre-auth] mode. 312s [p11_child[3414]] [main] (0x2000): Running with effective IDs: [0][0]. 312s [p11_child[3414]] [main] (0x2000): Running with real IDs [0][0]. 312s [p11_child[3414]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 312s [p11_child[3414]] [do_card] (0x4000): Module List: 312s [p11_child[3414]] [do_card] (0x4000): common name: [softhsm2]. 312s [p11_child[3414]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 312s [p11_child[3414]] [do_card] (0x4000): Description [SoftHSM slot ID 0x34bb728f] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 312s [p11_child[3414]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 312s [p11_child[3414]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x34bb728f][884699791] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 312s [p11_child[3414]] [do_card] (0x4000): Login NOT required. 312s [p11_child[3414]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 312s [p11_child[3414]] [do_verification] (0x0040): X509_verify_cert failed [0]. 312s [p11_child[3414]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 312s [p11_child[3414]] [read_certs] (0x0040): Certificate [Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] not valid, skipping. 312s [p11_child[3414]] [do_card] (0x4000): No certificate found. 312s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-m6N4Q8/SSSD-child-28920.output 312s + return 2 312s + valid_certificate /tmp/sssd-softhsm2-m6N4Q8/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-11008 /tmp/sssd-softhsm2-m6N4Q8/test-full-chain-CA.pem 312s + check_certificate /tmp/sssd-softhsm2-m6N4Q8/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-11008 /tmp/sssd-softhsm2-m6N4Q8/test-full-chain-CA.pem 312s + local certificate=/tmp/sssd-softhsm2-m6N4Q8/test-sub-intermediate-CA-trusted-certificate-0001.pem 312s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-11008 312s + local key_ring=/tmp/sssd-softhsm2-m6N4Q8/test-full-chain-CA.pem 312s + local verify_option= 312s + prepare_softhsm2_card /tmp/sssd-softhsm2-m6N4Q8/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-11008 312s + local certificate=/tmp/sssd-softhsm2-m6N4Q8/test-sub-intermediate-CA-trusted-certificate-0001.pem 312s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-11008 312s + local key_cn 312s + local key_name 312s + local tokens_dir 312s + local output_cert_file 312s + token_name= 312s ++ basename /tmp/sssd-softhsm2-m6N4Q8/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 312s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 312s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-m6N4Q8/test-sub-intermediate-CA-trusted-certificate-0001.pem 312s ++ sed -n 's/ *commonName *= //p' 312s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 312s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 312s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-m6N4Q8/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 312s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-m6N4Q8/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 312s ++ basename /tmp/sssd-softhsm2-m6N4Q8/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 312s + tokens_dir=/tmp/sssd-softhsm2-m6N4Q8/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 312s + token_name='Test Organization Sub Int Token' 312s + '[' '!' -e /tmp/sssd-softhsm2-m6N4Q8/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 312s + '[' '!' -d /tmp/sssd-softhsm2-m6N4Q8/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 312s + echo 'Test Organization Sub Int Token' 312s + '[' -n '' ']' 312s + local output_base_name=SSSD-child-25765 312s Test Organization Sub Int Token 312s + local output_file=/tmp/sssd-softhsm2-m6N4Q8/SSSD-child-25765.output 312s + output_cert_file=/tmp/sssd-softhsm2-m6N4Q8/SSSD-child-25765.pem 312s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-m6N4Q8/test-full-chain-CA.pem 312s [p11_child[3421]] [main] (0x0400): p11_child started. 312s [p11_child[3421]] [main] (0x2000): Running in [pre-auth] mode. 312s [p11_child[3421]] [main] (0x2000): Running with effective IDs: [0][0]. 312s [p11_child[3421]] [main] (0x2000): Running with real IDs [0][0]. 312s [p11_child[3421]] [do_card] (0x4000): Module List: 312s [p11_child[3421]] [do_card] (0x4000): common name: [softhsm2]. 312s [p11_child[3421]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 312s [p11_child[3421]] [do_card] (0x4000): Description [SoftHSM slot ID 0x34bb728f] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 312s [p11_child[3421]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 312s [p11_child[3421]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x34bb728f][884699791] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 312s [p11_child[3421]] [do_card] (0x4000): Login NOT required. 312s [p11_child[3421]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 312s [p11_child[3421]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 312s [p11_child[3421]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Sub Int Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 312s [p11_child[3421]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x34bb728f;slot-manufacturer=SoftHSM%20project;slot-id=884699791;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=1347ea7e34bb728f;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 312s [p11_child[3421]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 312s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-m6N4Q8/SSSD-child-25765.output 312s + echo '-----BEGIN CERTIFICATE-----' 312s + tail -n1 /tmp/sssd-softhsm2-m6N4Q8/SSSD-child-25765.output 312s + echo '-----END CERTIFICATE-----' 312s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-m6N4Q8/SSSD-child-25765.pem 312s Certificate: 312s Data: 312s Version: 3 (0x2) 312s Serial Number: 5 (0x5) 312s Signature Algorithm: sha256WithRSAEncryption 312s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 312s Validity 312s Not Before: Mar 16 12:37:17 2024 GMT 312s Not After : Mar 16 12:37:17 2025 GMT 312s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 312s Subject Public Key Info: 312s Public Key Algorithm: rsaEncryption 312s Public-Key: (1024 bit) 312s Modulus: 312s 00:ca:bb:63:59:a3:42:3b:55:3e:ed:a4:d9:e8:16: 312s 5e:4b:c8:c3:43:2b:3a:96:d3:e3:5b:2b:ec:30:e7: 312s f2:89:6f:b6:76:b6:9e:0a:86:d3:d6:2f:26:04:5d: 312s 8a:01:88:1c:65:e7:a0:6f:15:6e:8d:94:1d:b5:22: 312s 34:31:ea:7b:fe:6a:5e:45:d1:00:6a:b6:68:dd:2f: 312s cf:10:9e:e2:eb:2a:f8:e2:81:ac:7e:3c:07:a9:14: 312s 77:56:70:4a:1a:42:78:d9:ac:41:a1:1c:24:e6:8b: 312s 9e:4e:0e:fb:5d:8a:ec:44:48:63:48:c7:13:a6:68: 312s de:5d:e9:35:6a:5f:95:b8:73 312s Exponent: 65537 (0x10001) 312s X509v3 extensions: 312s X509v3 Authority Key Identifier: 312s 63:01:13:D6:3C:73:DF:D9:E6:BA:FF:38:95:EF:83:A4:6A:52:CD:F4 312s X509v3 Basic Constraints: 312s CA:FALSE 312s Netscape Cert Type: 312s SSL Client, S/MIME 312s Netscape Comment: 312s Test Organization Sub Intermediate CA trusted Certificate 312s X509v3 Subject Key Identifier: 312s 70:17:4D:BF:9B:AC:82:6D:51:32:9A:FB:72:79:7E:4C:B7:B2:7C:E8 312s X509v3 Key Usage: critical 312s Digital Signature, Non Repudiation, Key Encipherment 312s X509v3 Extended Key Usage: 312s TLS Web Client Authentication, E-mail Protection 312s X509v3 Subject Alternative Name: 312s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 312s Signature Algorithm: sha256WithRSAEncryption 312s Signature Value: 312s 48:9b:bf:b1:d8:a5:36:1f:2b:e9:b0:ca:92:c1:39:4b:c9:eb: 312s cc:4f:cb:0a:d5:b1:3c:fe:61:a0:04:70:1f:a0:ac:50:f8:c2: 312s b6:9a:83:9c:5b:c6:97:bf:a1:7c:51:c2:f9:b3:c9:9d:ad:18: 312s ca:ba:50:96:96:e6:c6:64:91:1c:c0:33:62:4f:fa:b4:a6:dc: 312s e5:2c:49:25:d3:8f:4d:50:73:bb:11:12:4f:d3:81:93:2e:03: 312s f8:db:33:cf:46:a4:ad:69:90:14:cf:36:fe:bb:66:48:e2:f6: 312s a1:e5:e9:14:98:2e:d3:5e:8b:77:e4:06:7c:a2:99:08:54:93: 312s 8e:d4 312s + local found_md5 expected_md5 312s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-m6N4Q8/test-sub-intermediate-CA-trusted-certificate-0001.pem 312s + expected_md5=Modulus=CABB6359A3423B553EEDA4D9E8165E4BC8C3432B3A96D3E35B2BEC30E7F2896FB676B69E0A86D3D62F26045D8A01881C65E7A06F156E8D941DB5223431EA7BFE6A5E45D1006AB668DD2FCF109EE2EB2AF8E281AC7E3C07A9147756704A1A4278D9AC41A11C24E68B9E4E0EFB5D8AEC44486348C713A668DE5DE9356A5F95B873 312s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-m6N4Q8/SSSD-child-25765.pem 312s + found_md5=Modulus=CABB6359A3423B553EEDA4D9E8165E4BC8C3432B3A96D3E35B2BEC30E7F2896FB676B69E0A86D3D62F26045D8A01881C65E7A06F156E8D941DB5223431EA7BFE6A5E45D1006AB668DD2FCF109EE2EB2AF8E281AC7E3C07A9147756704A1A4278D9AC41A11C24E68B9E4E0EFB5D8AEC44486348C713A668DE5DE9356A5F95B873 312s + '[' Modulus=CABB6359A3423B553EEDA4D9E8165E4BC8C3432B3A96D3E35B2BEC30E7F2896FB676B69E0A86D3D62F26045D8A01881C65E7A06F156E8D941DB5223431EA7BFE6A5E45D1006AB668DD2FCF109EE2EB2AF8E281AC7E3C07A9147756704A1A4278D9AC41A11C24E68B9E4E0EFB5D8AEC44486348C713A668DE5DE9356A5F95B873 '!=' Modulus=CABB6359A3423B553EEDA4D9E8165E4BC8C3432B3A96D3E35B2BEC30E7F2896FB676B69E0A86D3D62F26045D8A01881C65E7A06F156E8D941DB5223431EA7BFE6A5E45D1006AB668DD2FCF109EE2EB2AF8E281AC7E3C07A9147756704A1A4278D9AC41A11C24E68B9E4E0EFB5D8AEC44486348C713A668DE5DE9356A5F95B873 ']' 312s + output_file=/tmp/sssd-softhsm2-m6N4Q8/SSSD-child-25765-auth.output 312s ++ basename /tmp/sssd-softhsm2-m6N4Q8/SSSD-child-25765-auth.output .output 312s + output_cert_file=/tmp/sssd-softhsm2-m6N4Q8/SSSD-child-25765-auth.pem 312s + echo -n 053350 312s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-m6N4Q8/test-full-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 '' --token_name 'Test Organization Sub Int Token' --module_name /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so 312s [p11_child[3429]] [main] (0x0400): p11_child started. 312s [p11_child[3429]] [main] (0x2000): Running in [auth] mode. 312s [p11_child[3429]] [main] (0x2000): Running with effective IDs: [0][0]. 312s [p11_child[3429]] [main] (0x2000): Running with real IDs [0][0]. 312s [p11_child[3429]] [do_card] (0x4000): Module List: 312s [p11_child[3429]] [do_card] (0x4000): common name: [softhsm2]. 312s [p11_child[3429]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 312s [p11_child[3429]] [do_card] (0x4000): Description [SoftHSM slot ID 0x34bb728f] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 312s [p11_child[3429]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 312s [p11_child[3429]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x34bb728f][884699791] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 312s [p11_child[3429]] [do_card] (0x4000): Login required. 312s [p11_child[3429]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 312s [p11_child[3429]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 312s [p11_child[3429]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so Test Organization Sub Int Token Test Organization Sub Int Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 312s [p11_child[3429]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x34bb728f;slot-manufacturer=SoftHSM%20project;slot-id=884699791;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=1347ea7e34bb728f;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 312s [p11_child[3429]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 312s [p11_child[3429]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 312s [p11_child[3429]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 312s [p11_child[3429]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 312s [p11_child[3429]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 312s [p11_child[3429]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 312s [p11_child[3429]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 312s [p11_child[3429]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 312s [p11_child[3429]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 312s [p11_child[3429]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 312s [p11_child[3429]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 312s [p11_child[3429]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 312s [p11_child[3429]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 312s [p11_child[3429]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 312s [p11_child[3429]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 312s [p11_child[3429]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 312s [p11_child[3429]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 312s [p11_child[3429]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 312s [p11_child[3429]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 312s [p11_child[3429]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 312s [p11_child[3429]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 312s [p11_child[3429]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 312s [p11_child[3429]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 312s [p11_child[3429]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 312s [p11_child[3429]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 312s [p11_child[3429]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 312s [p11_child[3429]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 312s [p11_child[3429]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 312s [p11_child[3429]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 312s [p11_child[3429]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 312s [p11_child[3429]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 312s [p11_child[3429]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 312s [p11_child[3429]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 312s [p11_child[3429]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 312s [p11_child[3429]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 312s [p11_child[3429]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 312s [p11_child[3429]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 312s [p11_child[3429]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 312s [p11_child[3429]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 312s [p11_child[3429]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 312s [p11_child[3429]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 312s [p11_child[3429]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 312s [p11_child[3429]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 312s [p11_child[3429]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 312s [p11_child[3429]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 312s [p11_child[3429]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 312s [p11_child[3429]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 312s [p11_child[3429]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 312s [p11_child[3429]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 312s [p11_child[3429]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 312s [p11_child[3429]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 312s [p11_child[3429]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 312s [p11_child[3429]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 312s [p11_child[3429]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 312s [p11_child[3429]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 312s [p11_child[3429]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 312s [p11_child[3429]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 312s [p11_child[3429]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 312s [p11_child[3429]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 312s [p11_child[3429]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 312s [p11_child[3429]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 312s [p11_child[3429]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 312s [p11_child[3429]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 312s [p11_child[3429]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 312s [p11_child[3429]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 312s [p11_child[3429]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 312s [p11_child[3429]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 312s [p11_child[3429]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 312s [p11_child[3429]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 312s [p11_child[3429]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 312s [p11_child[3429]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 312s [p11_child[3429]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 312s [p11_child[3429]] [do_card] (0x4000): Certificate verified and validated. 312s [p11_child[3429]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 312s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-m6N4Q8/SSSD-child-25765-auth.output 312s + echo '-----BEGIN CERTIFICATE-----' 312s + tail -n1 /tmp/sssd-softhsm2-m6N4Q8/SSSD-child-25765-auth.output 312s + echo '-----END CERTIFICATE-----' 312s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-m6N4Q8/SSSD-child-25765-auth.pem 312s Certificate: 312s Data: 312s Version: 3 (0x2) 312s Serial Number: 5 (0x5) 312s Signature Algorithm: sha256WithRSAEncryption 312s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 312s Validity 312s Not Before: Mar 16 12:37:17 2024 GMT 312s Not After : Mar 16 12:37:17 2025 GMT 312s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 312s Subject Public Key Info: 312s Public Key Algorithm: rsaEncryption 312s Public-Key: (1024 bit) 312s Modulus: 312s 00:ca:bb:63:59:a3:42:3b:55:3e:ed:a4:d9:e8:16: 312s 5e:4b:c8:c3:43:2b:3a:96:d3:e3:5b:2b:ec:30:e7: 312s f2:89:6f:b6:76:b6:9e:0a:86:d3:d6:2f:26:04:5d: 312s 8a:01:88:1c:65:e7:a0:6f:15:6e:8d:94:1d:b5:22: 312s 34:31:ea:7b:fe:6a:5e:45:d1:00:6a:b6:68:dd:2f: 312s cf:10:9e:e2:eb:2a:f8:e2:81:ac:7e:3c:07:a9:14: 312s 77:56:70:4a:1a:42:78:d9:ac:41:a1:1c:24:e6:8b: 312s 9e:4e:0e:fb:5d:8a:ec:44:48:63:48:c7:13:a6:68: 312s de:5d:e9:35:6a:5f:95:b8:73 312s Exponent: 65537 (0x10001) 312s X509v3 extensions: 312s X509v3 Authority Key Identifier: 312s 63:01:13:D6:3C:73:DF:D9:E6:BA:FF:38:95:EF:83:A4:6A:52:CD:F4 312s X509v3 Basic Constraints: 312s CA:FALSE 312s Netscape Cert Type: 312s SSL Client, S/MIME 312s Netscape Comment: 312s Test Organization Sub Intermediate CA trusted Certificate 312s X509v3 Subject Key Identifier: 312s 70:17:4D:BF:9B:AC:82:6D:51:32:9A:FB:72:79:7E:4C:B7:B2:7C:E8 312s X509v3 Key Usage: critical 312s Digital Signature, Non Repudiation, Key Encipherment 312s X509v3 Extended Key Usage: 312s TLS Web Client Authentication, E-mail Protection 312s X509v3 Subject Alternative Name: 312s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 312s Signature Algorithm: sha256WithRSAEncryption 312s Signature Value: 312s 48:9b:bf:b1:d8:a5:36:1f:2b:e9:b0:ca:92:c1:39:4b:c9:eb: 312s cc:4f:cb:0a:d5:b1:3c:fe:61:a0:04:70:1f:a0:ac:50:f8:c2: 312s b6:9a:83:9c:5b:c6:97:bf:a1:7c:51:c2:f9:b3:c9:9d:ad:18: 312s ca:ba:50:96:96:e6:c6:64:91:1c:c0:33:62:4f:fa:b4:a6:dc: 312s e5:2c:49:25:d3:8f:4d:50:73:bb:11:12:4f:d3:81:93:2e:03: 312s f8:db:33:cf:46:a4:ad:69:90:14:cf:36:fe:bb:66:48:e2:f6: 312s a1:e5:e9:14:98:2e:d3:5e:8b:77:e4:06:7c:a2:99:08:54:93: 312s 8e:d4 312s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-m6N4Q8/SSSD-child-25765-auth.pem 312s + found_md5=Modulus=CABB6359A3423B553EEDA4D9E8165E4BC8C3432B3A96D3E35B2BEC30E7F2896FB676B69E0A86D3D62F26045D8A01881C65E7A06F156E8D941DB5223431EA7BFE6A5E45D1006AB668DD2FCF109EE2EB2AF8E281AC7E3C07A9147756704A1A4278D9AC41A11C24E68B9E4E0EFB5D8AEC44486348C713A668DE5DE9356A5F95B873 312s + '[' Modulus=CABB6359A3423B553EEDA4D9E8165E4BC8C3432B3A96D3E35B2BEC30E7F2896FB676B69E0A86D3D62F26045D8A01881C65E7A06F156E8D941DB5223431EA7BFE6A5E45D1006AB668DD2FCF109EE2EB2AF8E281AC7E3C07A9147756704A1A4278D9AC41A11C24E68B9E4E0EFB5D8AEC44486348C713A668DE5DE9356A5F95B873 '!=' Modulus=CABB6359A3423B553EEDA4D9E8165E4BC8C3432B3A96D3E35B2BEC30E7F2896FB676B69E0A86D3D62F26045D8A01881C65E7A06F156E8D941DB5223431EA7BFE6A5E45D1006AB668DD2FCF109EE2EB2AF8E281AC7E3C07A9147756704A1A4278D9AC41A11C24E68B9E4E0EFB5D8AEC44486348C713A668DE5DE9356A5F95B873 ']' 312s + valid_certificate /tmp/sssd-softhsm2-m6N4Q8/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-11008 /tmp/sssd-softhsm2-m6N4Q8/test-full-chain-CA.pem partial_chain 312s + check_certificate /tmp/sssd-softhsm2-m6N4Q8/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-11008 /tmp/sssd-softhsm2-m6N4Q8/test-full-chain-CA.pem partial_chain 312s + local certificate=/tmp/sssd-softhsm2-m6N4Q8/test-sub-intermediate-CA-trusted-certificate-0001.pem 312s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-11008 312s + local key_ring=/tmp/sssd-softhsm2-m6N4Q8/test-full-chain-CA.pem 312s + local verify_option=partial_chain 312s + prepare_softhsm2_card /tmp/sssd-softhsm2-m6N4Q8/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-11008 312s + local certificate=/tmp/sssd-softhsm2-m6N4Q8/test-sub-intermediate-CA-trusted-certificate-0001.pem 312s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-11008 312s + local key_cn 312s + local key_name 312s + local tokens_dir 312s + local output_cert_file 312s + token_name= 312s ++ basename /tmp/sssd-softhsm2-m6N4Q8/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 312s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 312s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-m6N4Q8/test-sub-intermediate-CA-trusted-certificate-0001.pem 312s ++ sed -n 's/ *commonName *= //p' 312s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 312s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 312s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-m6N4Q8/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 312s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-m6N4Q8/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 312s ++ basename /tmp/sssd-softhsm2-m6N4Q8/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 312s Test Organization Sub Int Token 312s + tokens_dir=/tmp/sssd-softhsm2-m6N4Q8/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 312s + token_name='Test Organization Sub Int Token' 312s + '[' '!' -e /tmp/sssd-softhsm2-m6N4Q8/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 312s + '[' '!' -d /tmp/sssd-softhsm2-m6N4Q8/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 312s + echo 'Test Organization Sub Int Token' 312s + '[' -n partial_chain ']' 312s + local verify_arg=--verify=partial_chain 312s + local output_base_name=SSSD-child-10189 312s + local output_file=/tmp/sssd-softhsm2-m6N4Q8/SSSD-child-10189.output 312s + output_cert_file=/tmp/sssd-softhsm2-m6N4Q8/SSSD-child-10189.pem 312s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-m6N4Q8/test-full-chain-CA.pem 312s [p11_child[3439]] [main] (0x0400): p11_child started. 312s [p11_child[3439]] [main] (0x2000): Running in [pre-auth] mode. 312s [p11_child[3439]] [main] (0x2000): Running with effective IDs: [0][0]. 312s [p11_child[3439]] [main] (0x2000): Running with real IDs [0][0]. 312s [p11_child[3439]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 312s [p11_child[3439]] [do_card] (0x4000): Module List: 312s [p11_child[3439]] [do_card] (0x4000): common name: [softhsm2]. 312s [p11_child[3439]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 312s [p11_child[3439]] [do_card] (0x4000): Description [SoftHSM slot ID 0x34bb728f] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 312s [p11_child[3439]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 312s [p11_child[3439]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x34bb728f][884699791] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 312s [p11_child[3439]] [do_card] (0x4000): Login NOT required. 312s [p11_child[3439]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 312s [p11_child[3439]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 312s [p11_child[3439]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Sub Int Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 312s [p11_child[3439]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x34bb728f;slot-manufacturer=SoftHSM%20project;slot-id=884699791;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=1347ea7e34bb728f;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 312s [p11_child[3439]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 312s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-m6N4Q8/SSSD-child-10189.output 312s + echo '-----BEGIN CERTIFICATE-----' 312s + tail -n1 /tmp/sssd-softhsm2-m6N4Q8/SSSD-child-10189.output 312s + echo '-----END CERTIFICATE-----' 312s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-m6N4Q8/SSSD-child-10189.pem 312s Certificate: 312s Data: 312s Version: 3 (0x2) 312s Serial Number: 5 (0x5) 312s Signature Algorithm: sha256WithRSAEncryption 312s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 312s Validity 312s Not Before: Mar 16 12:37:17 2024 GMT 312s Not After : Mar 16 12:37:17 2025 GMT 312s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 312s Subject Public Key Info: 312s Public Key Algorithm: rsaEncryption 312s Public-Key: (1024 bit) 312s Modulus: 312s 00:ca:bb:63:59:a3:42:3b:55:3e:ed:a4:d9:e8:16: 312s 5e:4b:c8:c3:43:2b:3a:96:d3:e3:5b:2b:ec:30:e7: 312s f2:89:6f:b6:76:b6:9e:0a:86:d3:d6:2f:26:04:5d: 312s 8a:01:88:1c:65:e7:a0:6f:15:6e:8d:94:1d:b5:22: 312s 34:31:ea:7b:fe:6a:5e:45:d1:00:6a:b6:68:dd:2f: 312s cf:10:9e:e2:eb:2a:f8:e2:81:ac:7e:3c:07:a9:14: 312s 77:56:70:4a:1a:42:78:d9:ac:41:a1:1c:24:e6:8b: 312s 9e:4e:0e:fb:5d:8a:ec:44:48:63:48:c7:13:a6:68: 312s de:5d:e9:35:6a:5f:95:b8:73 312s Exponent: 65537 (0x10001) 312s X509v3 extensions: 312s X509v3 Authority Key Identifier: 312s 63:01:13:D6:3C:73:DF:D9:E6:BA:FF:38:95:EF:83:A4:6A:52:CD:F4 312s X509v3 Basic Constraints: 312s CA:FALSE 312s Netscape Cert Type: 312s SSL Client, S/MIME 312s Netscape Comment: 312s Test Organization Sub Intermediate CA trusted Certificate 312s X509v3 Subject Key Identifier: 312s 70:17:4D:BF:9B:AC:82:6D:51:32:9A:FB:72:79:7E:4C:B7:B2:7C:E8 312s X509v3 Key Usage: critical 312s Digital Signature, Non Repudiation, Key Encipherment 312s X509v3 Extended Key Usage: 312s TLS Web Client Authentication, E-mail Protection 312s X509v3 Subject Alternative Name: 312s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 312s Signature Algorithm: sha256WithRSAEncryption 312s Signature Value: 312s 48:9b:bf:b1:d8:a5:36:1f:2b:e9:b0:ca:92:c1:39:4b:c9:eb: 312s cc:4f:cb:0a:d5:b1:3c:fe:61:a0:04:70:1f:a0:ac:50:f8:c2: 312s b6:9a:83:9c:5b:c6:97:bf:a1:7c:51:c2:f9:b3:c9:9d:ad:18: 312s ca:ba:50:96:96:e6:c6:64:91:1c:c0:33:62:4f:fa:b4:a6:dc: 312s e5:2c:49:25:d3:8f:4d:50:73:bb:11:12:4f:d3:81:93:2e:03: 312s f8:db:33:cf:46:a4:ad:69:90:14:cf:36:fe:bb:66:48:e2:f6: 312s a1:e5:e9:14:98:2e:d3:5e:8b:77:e4:06:7c:a2:99:08:54:93: 312s 8e:d4 312s + local found_md5 expected_md5 312s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-m6N4Q8/test-sub-intermediate-CA-trusted-certificate-0001.pem 312s + expected_md5=Modulus=CABB6359A3423B553EEDA4D9E8165E4BC8C3432B3A96D3E35B2BEC30E7F2896FB676B69E0A86D3D62F26045D8A01881C65E7A06F156E8D941DB5223431EA7BFE6A5E45D1006AB668DD2FCF109EE2EB2AF8E281AC7E3C07A9147756704A1A4278D9AC41A11C24E68B9E4E0EFB5D8AEC44486348C713A668DE5DE9356A5F95B873 312s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-m6N4Q8/SSSD-child-10189.pem 312s + found_md5=Modulus=CABB6359A3423B553EEDA4D9E8165E4BC8C3432B3A96D3E35B2BEC30E7F2896FB676B69E0A86D3D62F26045D8A01881C65E7A06F156E8D941DB5223431EA7BFE6A5E45D1006AB668DD2FCF109EE2EB2AF8E281AC7E3C07A9147756704A1A4278D9AC41A11C24E68B9E4E0EFB5D8AEC44486348C713A668DE5DE9356A5F95B873 312s + '[' Modulus=CABB6359A3423B553EEDA4D9E8165E4BC8C3432B3A96D3E35B2BEC30E7F2896FB676B69E0A86D3D62F26045D8A01881C65E7A06F156E8D941DB5223431EA7BFE6A5E45D1006AB668DD2FCF109EE2EB2AF8E281AC7E3C07A9147756704A1A4278D9AC41A11C24E68B9E4E0EFB5D8AEC44486348C713A668DE5DE9356A5F95B873 '!=' Modulus=CABB6359A3423B553EEDA4D9E8165E4BC8C3432B3A96D3E35B2BEC30E7F2896FB676B69E0A86D3D62F26045D8A01881C65E7A06F156E8D941DB5223431EA7BFE6A5E45D1006AB668DD2FCF109EE2EB2AF8E281AC7E3C07A9147756704A1A4278D9AC41A11C24E68B9E4E0EFB5D8AEC44486348C713A668DE5DE9356A5F95B873 ']' 312s + output_file=/tmp/sssd-softhsm2-m6N4Q8/SSSD-child-10189-auth.output 312s ++ basename /tmp/sssd-softhsm2-m6N4Q8/SSSD-child-10189-auth.output .output 312s + output_cert_file=/tmp/sssd-softhsm2-m6N4Q8/SSSD-child-10189-auth.pem 312s + echo -n 053350 312s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-m6N4Q8/test-full-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Sub Int Token' --module_name /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so 312s [p11_child[3447]] [main] (0x0400): p11_child started. 312s [p11_child[3447]] [main] (0x2000): Running in [auth] mode. 312s [p11_child[3447]] [main] (0x2000): Running with effective IDs: [0][0]. 312s [p11_child[3447]] [main] (0x2000): Running with real IDs [0][0]. 312s [p11_child[3447]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 312s [p11_child[3447]] [do_card] (0x4000): Module List: 312s [p11_child[3447]] [do_card] (0x4000): common name: [softhsm2]. 312s [p11_child[3447]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 312s [p11_child[3447]] [do_card] (0x4000): Description [SoftHSM slot ID 0x34bb728f] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 312s [p11_child[3447]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 312s [p11_child[3447]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x34bb728f][884699791] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 312s [p11_child[3447]] [do_card] (0x4000): Login required. 312s [p11_child[3447]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 312s [p11_child[3447]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 312s [p11_child[3447]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so Test Organization Sub Int Token Test Organization Sub Int Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 312s [p11_child[3447]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x34bb728f;slot-manufacturer=SoftHSM%20project;slot-id=884699791;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=1347ea7e34bb728f;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 312s [p11_child[3447]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 312s [p11_child[3447]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 312s [p11_child[3447]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 312s [p11_child[3447]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 312s [p11_child[3447]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 312s [p11_child[3447]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 312s [p11_child[3447]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 312s [p11_child[3447]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 312s [p11_child[3447]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 312s [p11_child[3447]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 312s [p11_child[3447]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 312s [p11_child[3447]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 312s [p11_child[3447]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 312s [p11_child[3447]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 312s [p11_child[3447]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 312s [p11_child[3447]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 312s [p11_child[3447]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 312s [p11_child[3447]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 312s [p11_child[3447]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 312s [p11_child[3447]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 312s [p11_child[3447]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 312s [p11_child[3447]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 312s [p11_child[3447]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 312s [p11_child[3447]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 312s [p11_child[3447]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 312s [p11_child[3447]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 312s [p11_child[3447]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 312s [p11_child[3447]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 312s [p11_child[3447]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 312s [p11_child[3447]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 312s [p11_child[3447]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 312s [p11_child[3447]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 312s [p11_child[3447]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 312s [p11_child[3447]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 312s [p11_child[3447]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 312s [p11_child[3447]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 312s [p11_child[3447]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 312s [p11_child[3447]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 312s [p11_child[3447]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 312s [p11_child[3447]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 312s [p11_child[3447]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 312s [p11_child[3447]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 312s [p11_child[3447]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 312s [p11_child[3447]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 312s [p11_child[3447]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 312s [p11_child[3447]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 312s [p11_child[3447]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 312s [p11_child[3447]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 312s [p11_child[3447]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 312s [p11_child[3447]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 312s [p11_child[3447]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 312s [p11_child[3447]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 312s [p11_child[3447]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 312s [p11_child[3447]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 312s [p11_child[3447]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 312s [p11_child[3447]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 312s [p11_child[3447]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 312s [p11_child[3447]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 312s [p11_child[3447]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 312s [p11_child[3447]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 312s [p11_child[3447]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 312s [p11_child[3447]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 312s [p11_child[3447]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 312s [p11_child[3447]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 312s [p11_child[3447]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 312s [p11_child[3447]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 312s [p11_child[3447]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 312s [p11_child[3447]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 312s [p11_child[3447]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 312s [p11_child[3447]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 312s [p11_child[3447]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 312s [p11_child[3447]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 312s [p11_child[3447]] [do_card] (0x4000): Certificate verified and validated. 312s [p11_child[3447]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 312s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-m6N4Q8/SSSD-child-10189-auth.output 312s + echo '-----BEGIN CERTIFICATE-----' 312s + tail -n1 /tmp/sssd-softhsm2-m6N4Q8/SSSD-child-10189-auth.output 312s + echo '-----END CERTIFICATE-----' 312s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-m6N4Q8/SSSD-child-10189-auth.pem 312s Certificate: 312s Data: 312s Version: 3 (0x2) 312s Serial Number: 5 (0x5) 312s Signature Algorithm: sha256WithRSAEncryption 312s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 312s Validity 312s Not Before: Mar 16 12:37:17 2024 GMT 312s Not After : Mar 16 12:37:17 2025 GMT 312s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 312s Subject Public Key Info: 312s Public Key Algorithm: rsaEncryption 312s Public-Key: (1024 bit) 312s Modulus: 312s 00:ca:bb:63:59:a3:42:3b:55:3e:ed:a4:d9:e8:16: 312s 5e:4b:c8:c3:43:2b:3a:96:d3:e3:5b:2b:ec:30:e7: 312s f2:89:6f:b6:76:b6:9e:0a:86:d3:d6:2f:26:04:5d: 312s 8a:01:88:1c:65:e7:a0:6f:15:6e:8d:94:1d:b5:22: 312s 34:31:ea:7b:fe:6a:5e:45:d1:00:6a:b6:68:dd:2f: 312s cf:10:9e:e2:eb:2a:f8:e2:81:ac:7e:3c:07:a9:14: 312s 77:56:70:4a:1a:42:78:d9:ac:41:a1:1c:24:e6:8b: 312s 9e:4e:0e:fb:5d:8a:ec:44:48:63:48:c7:13:a6:68: 312s de:5d:e9:35:6a:5f:95:b8:73 312s Exponent: 65537 (0x10001) 312s X509v3 extensions: 312s X509v3 Authority Key Identifier: 312s 63:01:13:D6:3C:73:DF:D9:E6:BA:FF:38:95:EF:83:A4:6A:52:CD:F4 312s X509v3 Basic Constraints: 312s CA:FALSE 312s Netscape Cert Type: 312s SSL Client, S/MIME 312s Netscape Comment: 312s Test Organization Sub Intermediate CA trusted Certificate 312s X509v3 Subject Key Identifier: 312s 70:17:4D:BF:9B:AC:82:6D:51:32:9A:FB:72:79:7E:4C:B7:B2:7C:E8 312s X509v3 Key Usage: critical 312s Digital Signature, Non Repudiation, Key Encipherment 312s X509v3 Extended Key Usage: 312s TLS Web Client Authentication, E-mail Protection 312s X509v3 Subject Alternative Name: 312s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 312s Signature Algorithm: sha256WithRSAEncryption 312s Signature Value: 312s 48:9b:bf:b1:d8:a5:36:1f:2b:e9:b0:ca:92:c1:39:4b:c9:eb: 312s cc:4f:cb:0a:d5:b1:3c:fe:61:a0:04:70:1f:a0:ac:50:f8:c2: 312s b6:9a:83:9c:5b:c6:97:bf:a1:7c:51:c2:f9:b3:c9:9d:ad:18: 312s ca:ba:50:96:96:e6:c6:64:91:1c:c0:33:62:4f:fa:b4:a6:dc: 312s e5:2c:49:25:d3:8f:4d:50:73:bb:11:12:4f:d3:81:93:2e:03: 312s f8:db:33:cf:46:a4:ad:69:90:14:cf:36:fe:bb:66:48:e2:f6: 312s a1:e5:e9:14:98:2e:d3:5e:8b:77:e4:06:7c:a2:99:08:54:93: 312s 8e:d4 312s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-m6N4Q8/SSSD-child-10189-auth.pem 312s + found_md5=Modulus=CABB6359A3423B553EEDA4D9E8165E4BC8C3432B3A96D3E35B2BEC30E7F2896FB676B69E0A86D3D62F26045D8A01881C65E7A06F156E8D941DB5223431EA7BFE6A5E45D1006AB668DD2FCF109EE2EB2AF8E281AC7E3C07A9147756704A1A4278D9AC41A11C24E68B9E4E0EFB5D8AEC44486348C713A668DE5DE9356A5F95B873 312s + '[' Modulus=CABB6359A3423B553EEDA4D9E8165E4BC8C3432B3A96D3E35B2BEC30E7F2896FB676B69E0A86D3D62F26045D8A01881C65E7A06F156E8D941DB5223431EA7BFE6A5E45D1006AB668DD2FCF109EE2EB2AF8E281AC7E3C07A9147756704A1A4278D9AC41A11C24E68B9E4E0EFB5D8AEC44486348C713A668DE5DE9356A5F95B873 '!=' Modulus=CABB6359A3423B553EEDA4D9E8165E4BC8C3432B3A96D3E35B2BEC30E7F2896FB676B69E0A86D3D62F26045D8A01881C65E7A06F156E8D941DB5223431EA7BFE6A5E45D1006AB668DD2FCF109EE2EB2AF8E281AC7E3C07A9147756704A1A4278D9AC41A11C24E68B9E4E0EFB5D8AEC44486348C713A668DE5DE9356A5F95B873 ']' 312s + invalid_certificate /tmp/sssd-softhsm2-m6N4Q8/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-11008 /tmp/sssd-softhsm2-m6N4Q8/test-sub-intermediate-CA.pem 312s + check_certificate /tmp/sssd-softhsm2-m6N4Q8/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-11008 /tmp/sssd-softhsm2-m6N4Q8/test-sub-intermediate-CA.pem 312s + local certificate=/tmp/sssd-softhsm2-m6N4Q8/test-sub-intermediate-CA-trusted-certificate-0001.pem 312s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-11008 312s + local key_ring=/tmp/sssd-softhsm2-m6N4Q8/test-sub-intermediate-CA.pem 312s + local verify_option= 312s + prepare_softhsm2_card /tmp/sssd-softhsm2-m6N4Q8/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-11008 312s + local certificate=/tmp/sssd-softhsm2-m6N4Q8/test-sub-intermediate-CA-trusted-certificate-0001.pem 312s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-11008 312s + local key_cn 312s + local key_name 312s + local tokens_dir 312s + local output_cert_file 312s + token_name= 312s ++ basename /tmp/sssd-softhsm2-m6N4Q8/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 312s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 312s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-m6N4Q8/test-sub-intermediate-CA-trusted-certificate-0001.pem 312s ++ sed -n 's/ *commonName *= //p' 312s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 312s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 312s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-m6N4Q8/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 312s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-m6N4Q8/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 312s ++ basename /tmp/sssd-softhsm2-m6N4Q8/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 312s + tokens_dir=/tmp/sssd-softhsm2-m6N4Q8/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 312s + token_name='Test Organization Sub Int Token' 312s Test Organization Sub Int Token 312s + '[' '!' -e /tmp/sssd-softhsm2-m6N4Q8/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 312s + '[' '!' -d /tmp/sssd-softhsm2-m6N4Q8/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 312s + echo 'Test Organization Sub Int Token' 312s + '[' -n '' ']' 312s + local output_base_name=SSSD-child-2217 312s + local output_file=/tmp/sssd-softhsm2-m6N4Q8/SSSD-child-2217.output 312s + output_cert_file=/tmp/sssd-softhsm2-m6N4Q8/SSSD-child-2217.pem 312s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-m6N4Q8/test-sub-intermediate-CA.pem 312s [p11_child[3457]] [main] (0x0400): p11_child started. 312s [p11_child[3457]] [main] (0x2000): Running in [pre-auth] mode. 312s [p11_child[3457]] [main] (0x2000): Running with effective IDs: [0][0]. 312s [p11_child[3457]] [main] (0x2000): Running with real IDs [0][0]. 312s [p11_child[3457]] [do_card] (0x4000): Module List: 312s [p11_child[3457]] [do_card] (0x4000): common name: [softhsm2]. 312s [p11_child[3457]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 312s [p11_child[3457]] [do_card] (0x4000): Description [SoftHSM slot ID 0x34bb728f] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 312s [p11_child[3457]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 312s [p11_child[3457]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x34bb728f][884699791] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 312s [p11_child[3457]] [do_card] (0x4000): Login NOT required. 312s [p11_child[3457]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 312s [p11_child[3457]] [do_verification] (0x0040): X509_verify_cert failed [0]. 312s [p11_child[3457]] [do_verification] (0x0040): X509_verify_cert failed [2][unable to get issuer certificate]. 312s [p11_child[3457]] [read_certs] (0x0040): Certificate [Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] not valid, skipping. 312s [p11_child[3457]] [do_card] (0x4000): No certificate found. 312s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-m6N4Q8/SSSD-child-2217.output 312s + return 2 312s + invalid_certificate /tmp/sssd-softhsm2-m6N4Q8/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-11008 /tmp/sssd-softhsm2-m6N4Q8/test-root-intermediate-chain-CA.pem partial_chain 312s + check_certificate /tmp/sssd-softhsm2-m6N4Q8/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-11008 /tmp/sssd-softhsm2-m6N4Q8/test-root-intermediate-chain-CA.pem partial_chain 312s + local certificate=/tmp/sssd-softhsm2-m6N4Q8/test-sub-intermediate-CA-trusted-certificate-0001.pem 312s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-11008 312s + local key_ring=/tmp/sssd-softhsm2-m6N4Q8/test-root-intermediate-chain-CA.pem 312s + local verify_option=partial_chain 312s + prepare_softhsm2_card /tmp/sssd-softhsm2-m6N4Q8/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-11008 312s + local certificate=/tmp/sssd-softhsm2-m6N4Q8/test-sub-intermediate-CA-trusted-certificate-0001.pem 312s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-11008 312s + local key_cn 312s + local key_name 312s + local tokens_dir 312s + local output_cert_file 312s + token_name= 312s ++ basename /tmp/sssd-softhsm2-m6N4Q8/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 312s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 312s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-m6N4Q8/test-sub-intermediate-CA-trusted-certificate-0001.pem 312s ++ sed -n 's/ *commonName *= //p' 312s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 312s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 312s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-m6N4Q8/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 312s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-m6N4Q8/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 312s ++ basename /tmp/sssd-softhsm2-m6N4Q8/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 312s + tokens_dir=/tmp/sssd-softhsm2-m6N4Q8/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 312s + token_name='Test Organization Sub Int Token' 312s + '[' '!' -e /tmp/sssd-softhsm2-m6N4Q8/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 312s + '[' '!' -d /tmp/sssd-softhsm2-m6N4Q8/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 312s + echo 'Test Organization Sub Int Token' 312s + '[' -n partial_chain ']' 312s + local verify_arg=--verify=partial_chain 312s + local output_base_name=SSSD-child-3453 312s + local output_file=/tmp/sssd-softhsm2-m6N4Q8/SSSD-child-3453.output 312s + output_cert_file=/tmp/sssd-softhsm2-m6N4Q8/SSSD-child-3453.pem 312s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-m6N4Q8/test-root-intermediate-chain-CA.pem 312s Test Organization Sub Int Token 312s [p11_child[3464]] [main] (0x0400): p11_child started. 312s [p11_child[3464]] [main] (0x2000): Running in [pre-auth] mode. 312s [p11_child[3464]] [main] (0x2000): Running with effective IDs: [0][0]. 312s [p11_child[3464]] [main] (0x2000): Running with real IDs [0][0]. 312s [p11_child[3464]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 312s [p11_child[3464]] [do_card] (0x4000): Module List: 312s [p11_child[3464]] [do_card] (0x4000): common name: [softhsm2]. 312s [p11_child[3464]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 312s [p11_child[3464]] [do_card] (0x4000): Description [SoftHSM slot ID 0x34bb728f] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 312s [p11_child[3464]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 312s [p11_child[3464]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x34bb728f][884699791] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 312s [p11_child[3464]] [do_card] (0x4000): Login NOT required. 312s [p11_child[3464]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 312s [p11_child[3464]] [do_verification] (0x0040): X509_verify_cert failed [0]. 312s [p11_child[3464]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 312s [p11_child[3464]] [read_certs] (0x0040): Certificate [Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] not valid, skipping. 312s [p11_child[3464]] [do_card] (0x4000): No certificate found. 312s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-m6N4Q8/SSSD-child-3453.output 312s + return 2 312s + valid_certificate /tmp/sssd-softhsm2-m6N4Q8/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-11008 /tmp/sssd-softhsm2-m6N4Q8/test-sub-intermediate-CA.pem partial_chain 312s + check_certificate /tmp/sssd-softhsm2-m6N4Q8/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-11008 /tmp/sssd-softhsm2-m6N4Q8/test-sub-intermediate-CA.pem partial_chain 312s + local certificate=/tmp/sssd-softhsm2-m6N4Q8/test-sub-intermediate-CA-trusted-certificate-0001.pem 312s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-11008 312s + local key_ring=/tmp/sssd-softhsm2-m6N4Q8/test-sub-intermediate-CA.pem 312s + local verify_option=partial_chain 312s + prepare_softhsm2_card /tmp/sssd-softhsm2-m6N4Q8/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-11008 312s + local certificate=/tmp/sssd-softhsm2-m6N4Q8/test-sub-intermediate-CA-trusted-certificate-0001.pem 312s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-11008 312s + local key_cn 312s + local key_name 312s + local tokens_dir 312s + local output_cert_file 312s + token_name= 312s ++ basename /tmp/sssd-softhsm2-m6N4Q8/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 312s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 312s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-m6N4Q8/test-sub-intermediate-CA-trusted-certificate-0001.pem 312s ++ sed -n 's/ *commonName *= //p' 312s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 312s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 312s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-m6N4Q8/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 312s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-m6N4Q8/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 312s ++ basename /tmp/sssd-softhsm2-m6N4Q8/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 312s + tokens_dir=/tmp/sssd-softhsm2-m6N4Q8/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 312s + token_name='Test Organization Sub Int Token' 312s + '[' '!' -e /tmp/sssd-softhsm2-m6N4Q8/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 312s + '[' '!' -d /tmp/sssd-softhsm2-m6N4Q8/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 312s + echo 'Test Organization Sub Int Token' 312s + '[' -n partial_chain ']' 312s + local verify_arg=--verify=partial_chain 312s + local output_base_name=SSSD-child-20989 312s Test Organization Sub Int Token 312s + local output_file=/tmp/sssd-softhsm2-m6N4Q8/SSSD-child-20989.output 312s + output_cert_file=/tmp/sssd-softhsm2-m6N4Q8/SSSD-child-20989.pem 312s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-m6N4Q8/test-sub-intermediate-CA.pem 312s [p11_child[3471]] [main] (0x0400): p11_child started. 312s [p11_child[3471]] [main] (0x2000): Running in [pre-auth] mode. 312s [p11_child[3471]] [main] (0x2000): Running with effective IDs: [0][0]. 312s [p11_child[3471]] [main] (0x2000): Running with real IDs [0][0]. 312s [p11_child[3471]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 312s [p11_child[3471]] [do_card] (0x4000): Module List: 312s [p11_child[3471]] [do_card] (0x4000): common name: [softhsm2]. 312s [p11_child[3471]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 312s [p11_child[3471]] [do_card] (0x4000): Description [SoftHSM slot ID 0x34bb728f] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 312s [p11_child[3471]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 312s [p11_child[3471]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x34bb728f][884699791] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 312s [p11_child[3471]] [do_card] (0x4000): Login NOT required. 312s [p11_child[3471]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 312s [p11_child[3471]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 312s [p11_child[3471]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Sub Int Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 312s [p11_child[3471]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x34bb728f;slot-manufacturer=SoftHSM%20project;slot-id=884699791;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=1347ea7e34bb728f;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 312s [p11_child[3471]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 312s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-m6N4Q8/SSSD-child-20989.output 312s + echo '-----BEGIN CERTIFICATE-----' 312s + tail -n1 /tmp/sssd-softhsm2-m6N4Q8/SSSD-child-20989.output 312s + echo '-----END CERTIFICATE-----' 312s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-m6N4Q8/SSSD-child-20989.pem 312s Certificate: 312s Data: 312s Version: 3 (0x2) 312s Serial Number: 5 (0x5) 312s Signature Algorithm: sha256WithRSAEncryption 312s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 312s Validity 312s Not Before: Mar 16 12:37:17 2024 GMT 312s Not After : Mar 16 12:37:17 2025 GMT 312s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 312s Subject Public Key Info: 312s Public Key Algorithm: rsaEncryption 312s Public-Key: (1024 bit) 312s Modulus: 312s 00:ca:bb:63:59:a3:42:3b:55:3e:ed:a4:d9:e8:16: 312s 5e:4b:c8:c3:43:2b:3a:96:d3:e3:5b:2b:ec:30:e7: 312s f2:89:6f:b6:76:b6:9e:0a:86:d3:d6:2f:26:04:5d: 312s 8a:01:88:1c:65:e7:a0:6f:15:6e:8d:94:1d:b5:22: 312s 34:31:ea:7b:fe:6a:5e:45:d1:00:6a:b6:68:dd:2f: 312s cf:10:9e:e2:eb:2a:f8:e2:81:ac:7e:3c:07:a9:14: 312s 77:56:70:4a:1a:42:78:d9:ac:41:a1:1c:24:e6:8b: 312s 9e:4e:0e:fb:5d:8a:ec:44:48:63:48:c7:13:a6:68: 312s de:5d:e9:35:6a:5f:95:b8:73 312s Exponent: 65537 (0x10001) 312s X509v3 extensions: 312s X509v3 Authority Key Identifier: 312s 63:01:13:D6:3C:73:DF:D9:E6:BA:FF:38:95:EF:83:A4:6A:52:CD:F4 312s X509v3 Basic Constraints: 312s CA:FALSE 312s Netscape Cert Type: 312s SSL Client, S/MIME 312s Netscape Comment: 312s Test Organization Sub Intermediate CA trusted Certificate 312s X509v3 Subject Key Identifier: 312s 70:17:4D:BF:9B:AC:82:6D:51:32:9A:FB:72:79:7E:4C:B7:B2:7C:E8 312s X509v3 Key Usage: critical 312s Digital Signature, Non Repudiation, Key Encipherment 312s X509v3 Extended Key Usage: 312s TLS Web Client Authentication, E-mail Protection 312s X509v3 Subject Alternative Name: 312s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 312s Signature Algorithm: sha256WithRSAEncryption 312s Signature Value: 312s 48:9b:bf:b1:d8:a5:36:1f:2b:e9:b0:ca:92:c1:39:4b:c9:eb: 312s cc:4f:cb:0a:d5:b1:3c:fe:61:a0:04:70:1f:a0:ac:50:f8:c2: 312s b6:9a:83:9c:5b:c6:97:bf:a1:7c:51:c2:f9:b3:c9:9d:ad:18: 312s ca:ba:50:96:96:e6:c6:64:91:1c:c0:33:62:4f:fa:b4:a6:dc: 312s e5:2c:49:25:d3:8f:4d:50:73:bb:11:12:4f:d3:81:93:2e:03: 312s f8:db:33:cf:46:a4:ad:69:90:14:cf:36:fe:bb:66:48:e2:f6: 312s a1:e5:e9:14:98:2e:d3:5e:8b:77:e4:06:7c:a2:99:08:54:93: 312s 8e:d4 312s + local found_md5 expected_md5 312s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-m6N4Q8/test-sub-intermediate-CA-trusted-certificate-0001.pem 312s + expected_md5=Modulus=CABB6359A3423B553EEDA4D9E8165E4BC8C3432B3A96D3E35B2BEC30E7F2896FB676B69E0A86D3D62F26045D8A01881C65E7A06F156E8D941DB5223431EA7BFE6A5E45D1006AB668DD2FCF109EE2EB2AF8E281AC7E3C07A9147756704A1A4278D9AC41A11C24E68B9E4E0EFB5D8AEC44486348C713A668DE5DE9356A5F95B873 312s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-m6N4Q8/SSSD-child-20989.pem 312s + found_md5=Modulus=CABB6359A3423B553EEDA4D9E8165E4BC8C3432B3A96D3E35B2BEC30E7F2896FB676B69E0A86D3D62F26045D8A01881C65E7A06F156E8D941DB5223431EA7BFE6A5E45D1006AB668DD2FCF109EE2EB2AF8E281AC7E3C07A9147756704A1A4278D9AC41A11C24E68B9E4E0EFB5D8AEC44486348C713A668DE5DE9356A5F95B873 312s + '[' Modulus=CABB6359A3423B553EEDA4D9E8165E4BC8C3432B3A96D3E35B2BEC30E7F2896FB676B69E0A86D3D62F26045D8A01881C65E7A06F156E8D941DB5223431EA7BFE6A5E45D1006AB668DD2FCF109EE2EB2AF8E281AC7E3C07A9147756704A1A4278D9AC41A11C24E68B9E4E0EFB5D8AEC44486348C713A668DE5DE9356A5F95B873 '!=' Modulus=CABB6359A3423B553EEDA4D9E8165E4BC8C3432B3A96D3E35B2BEC30E7F2896FB676B69E0A86D3D62F26045D8A01881C65E7A06F156E8D941DB5223431EA7BFE6A5E45D1006AB668DD2FCF109EE2EB2AF8E281AC7E3C07A9147756704A1A4278D9AC41A11C24E68B9E4E0EFB5D8AEC44486348C713A668DE5DE9356A5F95B873 ']' 312s + output_file=/tmp/sssd-softhsm2-m6N4Q8/SSSD-child-20989-auth.output 312s ++ basename /tmp/sssd-softhsm2-m6N4Q8/SSSD-child-20989-auth.output .output 312s + output_cert_file=/tmp/sssd-softhsm2-m6N4Q8/SSSD-child-20989-auth.pem 312s + echo -n 053350 312s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-m6N4Q8/test-sub-intermediate-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Sub Int Token' --module_name /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so 312s [p11_child[3479]] [main] (0x0400): p11_child started. 312s [p11_child[3479]] [main] (0x2000): Running in [auth] mode. 312s [p11_child[3479]] [main] (0x2000): Running with effective IDs: [0][0]. 312s [p11_child[3479]] [main] (0x2000): Running with real IDs [0][0]. 312s [p11_child[3479]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 312s [p11_child[3479]] [do_card] (0x4000): Module List: 312s [p11_child[3479]] [do_card] (0x4000): common name: [softhsm2]. 312s [p11_child[3479]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 312s [p11_child[3479]] [do_card] (0x4000): Description [SoftHSM slot ID 0x34bb728f] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 312s [p11_child[3479]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 312s [p11_child[3479]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x34bb728f][884699791] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 312s [p11_child[3479]] [do_card] (0x4000): Login required. 312s [p11_child[3479]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 312s [p11_child[3479]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 312s [p11_child[3479]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so Test Organization Sub Int Token Test Organization Sub Int Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 312s [p11_child[3479]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x34bb728f;slot-manufacturer=SoftHSM%20project;slot-id=884699791;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=1347ea7e34bb728f;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 312s [p11_child[3479]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 312s [p11_child[3479]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 312s [p11_child[3479]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 312s [p11_child[3479]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 312s [p11_child[3479]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 312s [p11_child[3479]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 312s [p11_child[3479]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 312s [p11_child[3479]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 312s [p11_child[3479]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 312s [p11_child[3479]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 312s [p11_child[3479]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 312s [p11_child[3479]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 312s [p11_child[3479]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 312s [p11_child[3479]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 312s [p11_child[3479]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 312s [p11_child[3479]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 312s [p11_child[3479]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 312s [p11_child[3479]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 312s [p11_child[3479]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 312s [p11_child[3479]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 312s [p11_child[3479]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 312s [p11_child[3479]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 312s [p11_child[3479]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 312s [p11_child[3479]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 312s [p11_child[3479]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 312s [p11_child[3479]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 312s [p11_child[3479]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 312s [p11_child[3479]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 312s [p11_child[3479]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 312s [p11_child[3479]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 312s [p11_child[3479]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 312s [p11_child[3479]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 312s [p11_child[3479]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 312s [p11_child[3479]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 312s [p11_child[3479]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 312s [p11_child[3479]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 312s [p11_child[3479]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 312s [p11_child[3479]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 312s [p11_child[3479]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 312s [p11_child[3479]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 312s [p11_child[3479]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 312s [p11_child[3479]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 312s [p11_child[3479]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 312s [p11_child[3479]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 312s [p11_child[3479]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 312s [p11_child[3479]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 312s [p11_child[3479]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 312s [p11_child[3479]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 312s [p11_child[3479]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 312s [p11_child[3479]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 312s [p11_child[3479]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 312s [p11_child[3479]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 312s [p11_child[3479]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 312s [p11_child[3479]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 312s [p11_child[3479]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 312s [p11_child[3479]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 312s [p11_child[3479]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 312s [p11_child[3479]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 312s [p11_child[3479]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 312s [p11_child[3479]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 312s [p11_child[3479]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 312s [p11_child[3479]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 312s [p11_child[3479]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 312s [p11_child[3479]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 312s [p11_child[3479]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 312s [p11_child[3479]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 312s [p11_child[3479]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 312s [p11_child[3479]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 312s [p11_child[3479]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 312s [p11_child[3479]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 312s [p11_child[3479]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 312s [p11_child[3479]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 312s [p11_child[3479]] [do_card] (0x4000): Certificate verified and validated. 312s [p11_child[3479]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 312s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-m6N4Q8/SSSD-child-20989-auth.output 312s + echo '-----BEGIN CERTIFICATE-----' 312s + tail -n1 /tmp/sssd-softhsm2-m6N4Q8/SSSD-child-20989-auth.output 312s + echo '-----END CERTIFICATE-----' 312s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-m6N4Q8/SSSD-child-20989-auth.pem 312s Certificate: 312s Data: 312s Version: 3 (0x2) 312s Serial Number: 5 (0x5) 312s Signature Algorithm: sha256WithRSAEncryption 312s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 312s Validity 312s Not Before: Mar 16 12:37:17 2024 GMT 312s Not After : Mar 16 12:37:17 2025 GMT 312s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 312s Subject Public Key Info: 312s Public Key Algorithm: rsaEncryption 312s Public-Key: (1024 bit) 312s Modulus: 312s 00:ca:bb:63:59:a3:42:3b:55:3e:ed:a4:d9:e8:16: 312s 5e:4b:c8:c3:43:2b:3a:96:d3:e3:5b:2b:ec:30:e7: 312s f2:89:6f:b6:76:b6:9e:0a:86:d3:d6:2f:26:04:5d: 312s 8a:01:88:1c:65:e7:a0:6f:15:6e:8d:94:1d:b5:22: 312s 34:31:ea:7b:fe:6a:5e:45:d1:00:6a:b6:68:dd:2f: 312s cf:10:9e:e2:eb:2a:f8:e2:81:ac:7e:3c:07:a9:14: 312s 77:56:70:4a:1a:42:78:d9:ac:41:a1:1c:24:e6:8b: 312s 9e:4e:0e:fb:5d:8a:ec:44:48:63:48:c7:13:a6:68: 312s de:5d:e9:35:6a:5f:95:b8:73 312s Exponent: 65537 (0x10001) 312s X509v3 extensions: 312s X509v3 Authority Key Identifier: 312s 63:01:13:D6:3C:73:DF:D9:E6:BA:FF:38:95:EF:83:A4:6A:52:CD:F4 312s X509v3 Basic Constraints: 312s CA:FALSE 312s Netscape Cert Type: 312s SSL Client, S/MIME 312s Netscape Comment: 312s Test Organization Sub Intermediate CA trusted Certificate 312s X509v3 Subject Key Identifier: 312s 70:17:4D:BF:9B:AC:82:6D:51:32:9A:FB:72:79:7E:4C:B7:B2:7C:E8 312s X509v3 Key Usage: critical 312s Digital Signature, Non Repudiation, Key Encipherment 312s X509v3 Extended Key Usage: 312s TLS Web Client Authentication, E-mail Protection 312s X509v3 Subject Alternative Name: 312s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 312s Signature Algorithm: sha256WithRSAEncryption 312s Signature Value: 312s 48:9b:bf:b1:d8:a5:36:1f:2b:e9:b0:ca:92:c1:39:4b:c9:eb: 312s cc:4f:cb:0a:d5:b1:3c:fe:61:a0:04:70:1f:a0:ac:50:f8:c2: 312s b6:9a:83:9c:5b:c6:97:bf:a1:7c:51:c2:f9:b3:c9:9d:ad:18: 312s ca:ba:50:96:96:e6:c6:64:91:1c:c0:33:62:4f:fa:b4:a6:dc: 312s e5:2c:49:25:d3:8f:4d:50:73:bb:11:12:4f:d3:81:93:2e:03: 312s f8:db:33:cf:46:a4:ad:69:90:14:cf:36:fe:bb:66:48:e2:f6: 312s a1:e5:e9:14:98:2e:d3:5e:8b:77:e4:06:7c:a2:99:08:54:93: 312s 8e:d4 312s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-m6N4Q8/SSSD-child-20989-auth.pem 312s + found_md5=Modulus=CABB6359A3423B553EEDA4D9E8165E4BC8C3432B3A96D3E35B2BEC30E7F2896FB676B69E0A86D3D62F26045D8A01881C65E7A06F156E8D941DB5223431EA7BFE6A5E45D1006AB668DD2FCF109EE2EB2AF8E281AC7E3C07A9147756704A1A4278D9AC41A11C24E68B9E4E0EFB5D8AEC44486348C713A668DE5DE9356A5F95B873 312s + '[' Modulus=CABB6359A3423B553EEDA4D9E8165E4BC8C3432B3A96D3E35B2BEC30E7F2896FB676B69E0A86D3D62F26045D8A01881C65E7A06F156E8D941DB5223431EA7BFE6A5E45D1006AB668DD2FCF109EE2EB2AF8E281AC7E3C07A9147756704A1A4278D9AC41A11C24E68B9E4E0EFB5D8AEC44486348C713A668DE5DE9356A5F95B873 '!=' Modulus=CABB6359A3423B553EEDA4D9E8165E4BC8C3432B3A96D3E35B2BEC30E7F2896FB676B69E0A86D3D62F26045D8A01881C65E7A06F156E8D941DB5223431EA7BFE6A5E45D1006AB668DD2FCF109EE2EB2AF8E281AC7E3C07A9147756704A1A4278D9AC41A11C24E68B9E4E0EFB5D8AEC44486348C713A668DE5DE9356A5F95B873 ']' 312s + valid_certificate /tmp/sssd-softhsm2-m6N4Q8/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-11008 /tmp/sssd-softhsm2-m6N4Q8/test-intermediate-sub-chain-CA.pem partial_chain 312s + check_certificate /tmp/sssd-softhsm2-m6N4Q8/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-11008 /tmp/sssd-softhsm2-m6N4Q8/test-intermediate-sub-chain-CA.pem partial_chain 312s + local certificate=/tmp/sssd-softhsm2-m6N4Q8/test-sub-intermediate-CA-trusted-certificate-0001.pem 312s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-11008 312s + local key_ring=/tmp/sssd-softhsm2-m6N4Q8/test-intermediate-sub-chain-CA.pem 312s + local verify_option=partial_chain 312s + prepare_softhsm2_card /tmp/sssd-softhsm2-m6N4Q8/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-11008 312s + local certificate=/tmp/sssd-softhsm2-m6N4Q8/test-sub-intermediate-CA-trusted-certificate-0001.pem 312s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-11008 312s + local key_cn 312s + local key_name 312s + local tokens_dir 312s + local output_cert_file 312s + token_name= 312s ++ basename /tmp/sssd-softhsm2-m6N4Q8/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 312s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 312s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-m6N4Q8/test-sub-intermediate-CA-trusted-certificate-0001.pem 312s ++ sed -n 's/ *commonName *= //p' 312s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 312s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 312s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-m6N4Q8/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 312s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-m6N4Q8/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 312s ++ basename /tmp/sssd-softhsm2-m6N4Q8/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 312s + tokens_dir=/tmp/sssd-softhsm2-m6N4Q8/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 312s + token_name='Test Organization Sub Int Token' 312s + '[' '!' -e /tmp/sssd-softhsm2-m6N4Q8/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 312s + '[' '!' -d /tmp/sssd-softhsm2-m6N4Q8/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 312s + echo 'Test Organization Sub Int Token' 312s + '[' -n partial_chain ']' 312s + local verify_arg=--verify=partial_chain 312s Test Organization Sub Int Token 312s + local output_base_name=SSSD-child-31115 312s + local output_file=/tmp/sssd-softhsm2-m6N4Q8/SSSD-child-31115.output 312s + output_cert_file=/tmp/sssd-softhsm2-m6N4Q8/SSSD-child-31115.pem 312s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-m6N4Q8/test-intermediate-sub-chain-CA.pem 312s [p11_child[3489]] [main] (0x0400): p11_child started. 312s [p11_child[3489]] [main] (0x2000): Running in [pre-auth] mode. 312s [p11_child[3489]] [main] (0x2000): Running with effective IDs: [0][0]. 312s [p11_child[3489]] [main] (0x2000): Running with real IDs [0][0]. 312s [p11_child[3489]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 312s [p11_child[3489]] [do_card] (0x4000): Module List: 312s [p11_child[3489]] [do_card] (0x4000): common name: [softhsm2]. 312s [p11_child[3489]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 312s [p11_child[3489]] [do_card] (0x4000): Description [SoftHSM slot ID 0x34bb728f] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 312s [p11_child[3489]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 312s [p11_child[3489]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x34bb728f][884699791] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 312s [p11_child[3489]] [do_card] (0x4000): Login NOT required. 312s [p11_child[3489]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 312s [p11_child[3489]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 312s [p11_child[3489]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Sub Int Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 312s [p11_child[3489]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x34bb728f;slot-manufacturer=SoftHSM%20project;slot-id=884699791;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=1347ea7e34bb728f;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 312s [p11_child[3489]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 312s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-m6N4Q8/SSSD-child-31115.output 312s + echo '-----BEGIN CERTIFICATE-----' 312s + tail -n1 /tmp/sssd-softhsm2-m6N4Q8/SSSD-child-31115.output 312s + echo '-----END CERTIFICATE-----' 312s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-m6N4Q8/SSSD-child-31115.pem 312s Certificate: 312s Data: 312s Version: 3 (0x2) 312s Serial Number: 5 (0x5) 312s Signature Algorithm: sha256WithRSAEncryption 312s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 312s Validity 312s Not Before: Mar 16 12:37:17 2024 GMT 312s Not After : Mar 16 12:37:17 2025 GMT 312s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 312s Subject Public Key Info: 312s Public Key Algorithm: rsaEncryption 312s Public-Key: (1024 bit) 312s Modulus: 312s 00:ca:bb:63:59:a3:42:3b:55:3e:ed:a4:d9:e8:16: 312s 5e:4b:c8:c3:43:2b:3a:96:d3:e3:5b:2b:ec:30:e7: 312s f2:89:6f:b6:76:b6:9e:0a:86:d3:d6:2f:26:04:5d: 312s 8a:01:88:1c:65:e7:a0:6f:15:6e:8d:94:1d:b5:22: 312s 34:31:ea:7b:fe:6a:5e:45:d1:00:6a:b6:68:dd:2f: 312s cf:10:9e:e2:eb:2a:f8:e2:81:ac:7e:3c:07:a9:14: 312s 77:56:70:4a:1a:42:78:d9:ac:41:a1:1c:24:e6:8b: 312s 9e:4e:0e:fb:5d:8a:ec:44:48:63:48:c7:13:a6:68: 312s de:5d:e9:35:6a:5f:95:b8:73 312s Exponent: 65537 (0x10001) 312s X509v3 extensions: 312s X509v3 Authority Key Identifier: 312s 63:01:13:D6:3C:73:DF:D9:E6:BA:FF:38:95:EF:83:A4:6A:52:CD:F4 312s X509v3 Basic Constraints: 312s CA:FALSE 312s Netscape Cert Type: 312s SSL Client, S/MIME 312s Netscape Comment: 312s Test Organization Sub Intermediate CA trusted Certificate 312s X509v3 Subject Key Identifier: 312s 70:17:4D:BF:9B:AC:82:6D:51:32:9A:FB:72:79:7E:4C:B7:B2:7C:E8 312s X509v3 Key Usage: critical 312s Digital Signature, Non Repudiation, Key Encipherment 312s X509v3 Extended Key Usage: 312s TLS Web Client Authentication, E-mail Protection 312s X509v3 Subject Alternative Name: 312s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 312s Signature Algorithm: sha256WithRSAEncryption 312s Signature Value: 312s 48:9b:bf:b1:d8:a5:36:1f:2b:e9:b0:ca:92:c1:39:4b:c9:eb: 312s cc:4f:cb:0a:d5:b1:3c:fe:61:a0:04:70:1f:a0:ac:50:f8:c2: 312s b6:9a:83:9c:5b:c6:97:bf:a1:7c:51:c2:f9:b3:c9:9d:ad:18: 312s ca:ba:50:96:96:e6:c6:64:91:1c:c0:33:62:4f:fa:b4:a6:dc: 312s e5:2c:49:25:d3:8f:4d:50:73:bb:11:12:4f:d3:81:93:2e:03: 312s f8:db:33:cf:46:a4:ad:69:90:14:cf:36:fe:bb:66:48:e2:f6: 312s a1:e5:e9:14:98:2e:d3:5e:8b:77:e4:06:7c:a2:99:08:54:93: 312s 8e:d4 312s + local found_md5 expected_md5 312s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-m6N4Q8/test-sub-intermediate-CA-trusted-certificate-0001.pem 313s + expected_md5=Modulus=CABB6359A3423B553EEDA4D9E8165E4BC8C3432B3A96D3E35B2BEC30E7F2896FB676B69E0A86D3D62F26045D8A01881C65E7A06F156E8D941DB5223431EA7BFE6A5E45D1006AB668DD2FCF109EE2EB2AF8E281AC7E3C07A9147756704A1A4278D9AC41A11C24E68B9E4E0EFB5D8AEC44486348C713A668DE5DE9356A5F95B873 313s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-m6N4Q8/SSSD-child-31115.pem 313s + found_md5=Modulus=CABB6359A3423B553EEDA4D9E8165E4BC8C3432B3A96D3E35B2BEC30E7F2896FB676B69E0A86D3D62F26045D8A01881C65E7A06F156E8D941DB5223431EA7BFE6A5E45D1006AB668DD2FCF109EE2EB2AF8E281AC7E3C07A9147756704A1A4278D9AC41A11C24E68B9E4E0EFB5D8AEC44486348C713A668DE5DE9356A5F95B873 313s + '[' Modulus=CABB6359A3423B553EEDA4D9E8165E4BC8C3432B3A96D3E35B2BEC30E7F2896FB676B69E0A86D3D62F26045D8A01881C65E7A06F156E8D941DB5223431EA7BFE6A5E45D1006AB668DD2FCF109EE2EB2AF8E281AC7E3C07A9147756704A1A4278D9AC41A11C24E68B9E4E0EFB5D8AEC44486348C713A668DE5DE9356A5F95B873 '!=' Modulus=CABB6359A3423B553EEDA4D9E8165E4BC8C3432B3A96D3E35B2BEC30E7F2896FB676B69E0A86D3D62F26045D8A01881C65E7A06F156E8D941DB5223431EA7BFE6A5E45D1006AB668DD2FCF109EE2EB2AF8E281AC7E3C07A9147756704A1A4278D9AC41A11C24E68B9E4E0EFB5D8AEC44486348C713A668DE5DE9356A5F95B873 ']' 313s + output_file=/tmp/sssd-softhsm2-m6N4Q8/SSSD-child-31115-auth.output 313s ++ basename /tmp/sssd-softhsm2-m6N4Q8/SSSD-child-31115-auth.output .output 313s + output_cert_file=/tmp/sssd-softhsm2-m6N4Q8/SSSD-child-31115-auth.pem 313s + echo -n 053350 313s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-m6N4Q8/test-intermediate-sub-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Sub Int Token' --module_name /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so 313s [p11_child[3497]] [main] (0x0400): p11_child started. 313s [p11_child[3497]] [main] (0x2000): Running in [auth] mode. 313s [p11_child[3497]] [main] (0x2000): Running with effective IDs: [0][0]. 313s [p11_child[3497]] [main] (0x2000): Running with real IDs [0][0]. 313s [p11_child[3497]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 313s [p11_child[3497]] [do_card] (0x4000): Module List: 313s [p11_child[3497]] [do_card] (0x4000): common name: [softhsm2]. 313s [p11_child[3497]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 313s [p11_child[3497]] [do_card] (0x4000): Description [SoftHSM slot ID 0x34bb728f] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 313s [p11_child[3497]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 313s [p11_child[3497]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x34bb728f][884699791] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 313s [p11_child[3497]] [do_card] (0x4000): Login required. 313s [p11_child[3497]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 313s [p11_child[3497]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 313s [p11_child[3497]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so Test Organization Sub Int Token Test Organization Sub Int Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 313s [p11_child[3497]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x34bb728f;slot-manufacturer=SoftHSM%20project;slot-id=884699791;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=1347ea7e34bb728f;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 313s [p11_child[3497]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 313s [p11_child[3497]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 313s [p11_child[3497]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 313s [p11_child[3497]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 313s [p11_child[3497]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 313s [p11_child[3497]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 313s [p11_child[3497]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 313s [p11_child[3497]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 313s [p11_child[3497]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 313s [p11_child[3497]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 313s [p11_child[3497]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 313s [p11_child[3497]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 313s [p11_child[3497]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 313s [p11_child[3497]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 313s [p11_child[3497]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 313s [p11_child[3497]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 313s [p11_child[3497]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 313s [p11_child[3497]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 313s [p11_child[3497]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 313s [p11_child[3497]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 313s [p11_child[3497]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 313s [p11_child[3497]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 313s [p11_child[3497]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 313s [p11_child[3497]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 313s [p11_child[3497]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 313s [p11_child[3497]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 313s [p11_child[3497]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 313s [p11_child[3497]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 313s [p11_child[3497]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 313s [p11_child[3497]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 313s [p11_child[3497]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 313s [p11_child[3497]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 313s [p11_child[3497]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 313s [p11_child[3497]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 313s [p11_child[3497]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 313s [p11_child[3497]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 313s [p11_child[3497]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 313s [p11_child[3497]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 313s [p11_child[3497]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 313s [p11_child[3497]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 313s [p11_child[3497]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 313s [p11_child[3497]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 313s [p11_child[3497]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 313s [p11_child[3497]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 313s [p11_child[3497]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 313s [p11_child[3497]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 313s [p11_child[3497]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 313s [p11_child[3497]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 313s [p11_child[3497]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 313s [p11_child[3497]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 313s [p11_child[3497]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 313s [p11_child[3497]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 313s [p11_child[3497]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 313s [p11_child[3497]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 313s [p11_child[3497]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 313s [p11_child[3497]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 313s [p11_child[3497]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 313s [p11_child[3497]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 313s [p11_child[3497]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 313s [p11_child[3497]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 313s [p11_child[3497]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 313s [p11_child[3497]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 313s [p11_child[3497]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 313s [p11_child[3497]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 313s [p11_child[3497]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 313s [p11_child[3497]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 313s [p11_child[3497]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 313s [p11_child[3497]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 313s [p11_child[3497]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 313s [p11_child[3497]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 313s [p11_child[3497]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 313s [p11_child[3497]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 313s [p11_child[3497]] [do_card] (0x4000): Certificate verified and validated. 313s [p11_child[3497]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 313s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-m6N4Q8/SSSD-child-31115-auth.output 313s + echo '-----BEGIN CERTIFICATE-----' 313s + tail -n1 /tmp/sssd-softhsm2-m6N4Q8/SSSD-child-31115-auth.output 313s + echo '-----END CERTIFICATE-----' 313s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-m6N4Q8/SSSD-child-31115-auth.pem 313s Certificate: 313s Data: 313s Version: 3 (0x2) 313s Serial Number: 5 (0x5) 313s Signature Algorithm: sha256WithRSAEncryption 313s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 313s Validity 313s Not Before: Mar 16 12:37:17 2024 GMT 313s Not After : Mar 16 12:37:17 2025 GMT 313s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 313s Subject Public Key Info: 313s Public Key Algorithm: rsaEncryption 313s Public-Key: (1024 bit) 313s Modulus: 313s 00:ca:bb:63:59:a3:42:3b:55:3e:ed:a4:d9:e8:16: 313s 5e:4b:c8:c3:43:2b:3a:96:d3:e3:5b:2b:ec:30:e7: 313s f2:89:6f:b6:76:b6:9e:0a:86:d3:d6:2f:26:04:5d: 313s 8a:01:88:1c:65:e7:a0:6f:15:6e:8d:94:1d:b5:22: 313s 34:31:ea:7b:fe:6a:5e:45:d1:00:6a:b6:68:dd:2f: 313s cf:10:9e:e2:eb:2a:f8:e2:81:ac:7e:3c:07:a9:14: 313s 77:56:70:4a:1a:42:78:d9:ac:41:a1:1c:24:e6:8b: 313s 9e:4e:0e:fb:5d:8a:ec:44:48:63:48:c7:13:a6:68: 313s de:5d:e9:35:6a:5f:95:b8:73 313s Exponent: 65537 (0x10001) 313s X509v3 extensions: 313s X509v3 Authority Key Identifier: 313s 63:01:13:D6:3C:73:DF:D9:E6:BA:FF:38:95:EF:83:A4:6A:52:CD:F4 313s X509v3 Basic Constraints: 313s CA:FALSE 313s Netscape Cert Type: 313s SSL Client, S/MIME 313s Netscape Comment: 313s Test Organization Sub Intermediate CA trusted Certificate 313s X509v3 Subject Key Identifier: 313s 70:17:4D:BF:9B:AC:82:6D:51:32:9A:FB:72:79:7E:4C:B7:B2:7C:E8 313s X509v3 Key Usage: critical 313s Digital Signature, Non Repudiation, Key Encipherment 313s X509v3 Extended Key Usage: 313s TLS Web Client Authentication, E-mail Protection 313s X509v3 Subject Alternative Name: 313s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 313s Signature Algorithm: sha256WithRSAEncryption 313s Signature Value: 313s 48:9b:bf:b1:d8:a5:36:1f:2b:e9:b0:ca:92:c1:39:4b:c9:eb: 313s cc:4f:cb:0a:d5:b1:3c:fe:61:a0:04:70:1f:a0:ac:50:f8:c2: 313s b6:9a:83:9c:5b:c6:97:bf:a1:7c:51:c2:f9:b3:c9:9d:ad:18: 313s ca:ba:50:96:96:e6:c6:64:91:1c:c0:33:62:4f:fa:b4:a6:dc: 313s e5:2c:49:25:d3:8f:4d:50:73:bb:11:12:4f:d3:81:93:2e:03: 313s f8:db:33:cf:46:a4:ad:69:90:14:cf:36:fe:bb:66:48:e2:f6: 313s a1:e5:e9:14:98:2e:d3:5e:8b:77:e4:06:7c:a2:99:08:54:93: 313s 8e:d4 313s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-m6N4Q8/SSSD-child-31115-auth.pem 313s 313s Test completed, Root CA and intermediate issued certificates verified! 313s + found_md5=Modulus=CABB6359A3423B553EEDA4D9E8165E4BC8C3432B3A96D3E35B2BEC30E7F2896FB676B69E0A86D3D62F26045D8A01881C65E7A06F156E8D941DB5223431EA7BFE6A5E45D1006AB668DD2FCF109EE2EB2AF8E281AC7E3C07A9147756704A1A4278D9AC41A11C24E68B9E4E0EFB5D8AEC44486348C713A668DE5DE9356A5F95B873 313s + '[' Modulus=CABB6359A3423B553EEDA4D9E8165E4BC8C3432B3A96D3E35B2BEC30E7F2896FB676B69E0A86D3D62F26045D8A01881C65E7A06F156E8D941DB5223431EA7BFE6A5E45D1006AB668DD2FCF109EE2EB2AF8E281AC7E3C07A9147756704A1A4278D9AC41A11C24E68B9E4E0EFB5D8AEC44486348C713A668DE5DE9356A5F95B873 '!=' Modulus=CABB6359A3423B553EEDA4D9E8165E4BC8C3432B3A96D3E35B2BEC30E7F2896FB676B69E0A86D3D62F26045D8A01881C65E7A06F156E8D941DB5223431EA7BFE6A5E45D1006AB668DD2FCF109EE2EB2AF8E281AC7E3C07A9147756704A1A4278D9AC41A11C24E68B9E4E0EFB5D8AEC44486348C713A668DE5DE9356A5F95B873 ']' 313s + set +x 313s autopkgtest [12:37:22]: test sssd-softhism2-certificates-tests.sh: -----------------------] 314s autopkgtest [12:37:23]: test sssd-softhism2-certificates-tests.sh: - - - - - - - - - - results - - - - - - - - - - 314s sssd-softhism2-certificates-tests.sh PASS 314s autopkgtest [12:37:23]: test sssd-smart-card-pam-auth-configs: preparing testbed 316s Reading package lists... 316s Building dependency tree... 316s Reading state information... 317s Starting pkgProblemResolver with broken count: 0 317s Starting 2 pkgProblemResolver with broken count: 0 317s Done 317s The following additional packages will be installed: 317s pamtester 317s The following NEW packages will be installed: 317s autopkgtest-satdep pamtester 317s 0 upgraded, 2 newly installed, 0 to remove and 1 not upgraded. 317s Need to get 12.3 kB/13.0 kB of archives. 317s After this operation, 36.9 kB of additional disk space will be used. 317s Get:1 /tmp/autopkgtest.vUfYwY/4-autopkgtest-satdep.deb autopkgtest-satdep arm64 0 [760 B] 317s Get:2 http://ftpmaster.internal/ubuntu noble/universe arm64 pamtester arm64 0.1.2-4 [12.3 kB] 318s Fetched 12.3 kB in 0s (60.6 kB/s) 318s Selecting previously unselected package pamtester. 318s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 75383 files and directories currently installed.) 318s Preparing to unpack .../pamtester_0.1.2-4_arm64.deb ... 318s Unpacking pamtester (0.1.2-4) ... 318s Selecting previously unselected package autopkgtest-satdep. 318s Preparing to unpack .../4-autopkgtest-satdep.deb ... 318s Unpacking autopkgtest-satdep (0) ... 318s Setting up pamtester (0.1.2-4) ... 318s Setting up autopkgtest-satdep (0) ... 318s Processing triggers for man-db (2.12.0-3) ... 321s (Reading database ... 75389 files and directories currently installed.) 321s Removing autopkgtest-satdep (0) ... 322s autopkgtest [12:37:31]: test sssd-smart-card-pam-auth-configs: env OFFLINE_MODE=1 bash debian/tests/sssd-smart-card-pam-auth-configs-tester.sh 322s autopkgtest [12:37:31]: test sssd-smart-card-pam-auth-configs: [----------------------- 322s + '[' -z ubuntu ']' 322s + export DEBIAN_FRONTEND=noninteractive 322s + DEBIAN_FRONTEND=noninteractive 322s + required_tools=(pamtester softhsm2-util sssd) 322s + [[ ! -v OFFLINE_MODE ]] 322s + for cmd in "${required_tools[@]}" 322s + command -v pamtester 322s + for cmd in "${required_tools[@]}" 322s + command -v softhsm2-util 322s + for cmd in "${required_tools[@]}" 322s + command -v sssd 322s + PIN=123456 322s ++ mktemp -d -t sssd-softhsm2-certs-XXXXXX 322s + tmpdir=/tmp/sssd-softhsm2-certs-Wo8EpY 322s + backupsdir= 322s + alternative_pam_configs=(sss-smart-card-optional sss-smart-card-required) 322s + declare -a restore_paths 322s + declare -a delete_paths 322s + trap handle_exit EXIT 322s ++ dirname debian/tests/sssd-smart-card-pam-auth-configs-tester.sh 322s + tester=debian/tests/sssd-softhism2-certificates-tests.sh 322s + '[' '!' -e debian/tests/sssd-softhism2-certificates-tests.sh ']' 322s + '[' '!' -e debian/tests/sssd-softhism2-certificates-tests.sh ']' 322s + export PIN TEST_TMPDIR=/tmp/sssd-softhsm2-certs-Wo8EpY GENERATE_SMART_CARDS=1 KEEP_TEMPORARY_FILES=1 NO_SSSD_TESTS=1 322s + TEST_TMPDIR=/tmp/sssd-softhsm2-certs-Wo8EpY 322s + GENERATE_SMART_CARDS=1 322s + KEEP_TEMPORARY_FILES=1 322s + NO_SSSD_TESTS=1 322s + bash debian/tests/sssd-softhism2-certificates-tests.sh 322s + '[' -z ubuntu ']' 322s + required_tools=(p11tool openssl softhsm2-util) 322s + for cmd in "${required_tools[@]}" 322s + command -v p11tool 322s + for cmd in "${required_tools[@]}" 322s + command -v openssl 322s + for cmd in "${required_tools[@]}" 322s + command -v softhsm2-util 322s + PIN=123456 322s +++ find /usr/lib/softhsm/libsofthsm2.so 322s +++ head -n 1 322s ++ realpath /usr/lib/softhsm/libsofthsm2.so 322s + SOFTHSM2_MODULE=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so 322s + SSSD_P11_CHILD=/usr/libexec/sssd/p11_child 322s + TOKEN_ID=00112233445566778899FFAABBCCDDEEFF012345 322s + '[' '!' -v NO_SSSD_TESTS ']' 322s + '[' '!' -e /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so ']' 322s + tmpdir=/tmp/sssd-softhsm2-certs-Wo8EpY 322s + keys_size=1024 322s + [[ ! -v KEEP_TEMPORARY_FILES ]] 322s + trap 'set +x; echo -e "\nUnexpected failure!!!"' ERR 322s + echo -n 01 322s + touch /tmp/sssd-softhsm2-certs-Wo8EpY/index.txt 322s + mkdir -p /tmp/sssd-softhsm2-certs-Wo8EpY/new_certs 322s + cat 322s + root_ca_key_pass=pass:random-root-CA-password-29016 322s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-certs-Wo8EpY/test-root-CA-key.pem -passout pass:random-root-CA-password-29016 1024 322s + openssl req -passin pass:random-root-CA-password-29016 -batch -config /tmp/sssd-softhsm2-certs-Wo8EpY/test-root-CA.config -x509 -new -nodes -key /tmp/sssd-softhsm2-certs-Wo8EpY/test-root-CA-key.pem -sha256 -days 1024 -set_serial 0 -extensions v3_ca -out /tmp/sssd-softhsm2-certs-Wo8EpY/test-root-CA.pem 322s + openssl x509 -noout -in /tmp/sssd-softhsm2-certs-Wo8EpY/test-root-CA.pem 322s + cat 322s + intermediate_ca_key_pass=pass:random-intermediate-CA-password-22834 322s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-certs-Wo8EpY/test-intermediate-CA-key.pem -passout pass:random-intermediate-CA-password-22834 1024 322s + openssl req -batch -new -nodes -passin pass:random-intermediate-CA-password-22834 -config /tmp/sssd-softhsm2-certs-Wo8EpY/test-intermediate-CA.config -key /tmp/sssd-softhsm2-certs-Wo8EpY/test-intermediate-CA-key.pem -passout pass:random-root-CA-password-29016 -sha256 -extensions v3_ca -out /tmp/sssd-softhsm2-certs-Wo8EpY/test-intermediate-CA-certificate-request.pem 322s + openssl req -text -noout -in /tmp/sssd-softhsm2-certs-Wo8EpY/test-intermediate-CA-certificate-request.pem 322s Certificate Request: 322s Data: 322s Version: 1 (0x0) 322s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 322s Subject Public Key Info: 322s Public Key Algorithm: rsaEncryption 322s Public-Key: (1024 bit) 322s Modulus: 322s 00:dc:67:37:bf:85:4d:46:7a:11:4b:ce:52:10:73: 322s f1:df:b7:70:aa:31:87:00:e7:02:1b:42:74:db:e6: 322s 19:78:04:7a:d4:94:c5:60:3d:b3:69:91:fc:f3:e3: 322s ff:e4:44:8a:71:28:a2:8a:33:cd:d3:33:1c:25:d2: 322s af:ce:27:99:a2:09:51:ca:d9:e3:c5:ea:1c:b0:75: 322s 8e:96:cc:f9:d7:dd:6f:34:cd:a5:74:1b:8d:96:68: 322s 5f:57:73:6a:92:9f:4f:6d:86:13:9f:9e:b5:db:1e: 322s 80:80:02:1e:38:94:4d:1b:8c:19:1f:ec:85:2d:ab: 322s b1:45:18:e3:13:2e:b7:03:ef 322s Exponent: 65537 (0x10001) 322s Attributes: 322s (none) 322s Requested Extensions: 322s Signature Algorithm: sha256WithRSAEncryption 322s Signature Value: 322s 86:e2:5f:4d:a8:74:f1:5f:e4:ff:6f:29:ac:90:4b:fe:7e:b1: 322s f9:06:d0:c9:ca:bd:0d:63:7a:d6:86:65:10:83:1c:14:01:7e: 322s 8a:38:e7:12:5e:9e:68:20:c7:c8:1b:a5:8a:a1:cd:45:b0:92: 322s 88:69:69:81:5b:12:76:6c:f5:75:29:ba:66:dc:eb:dc:5d:f9: 322s fb:65:52:1f:ba:35:e9:a2:19:90:7d:38:03:9b:0b:8f:80:18: 322s 33:eb:b4:54:9e:51:19:5f:82:eb:ed:34:eb:96:a2:4d:0d:96: 322s 7c:ad:4d:b5:ce:2e:bf:cd:91:88:cf:5d:96:02:98:f5:f8:ec: 322s 24:f0 322s + openssl ca -batch -notext -config /tmp/sssd-softhsm2-certs-Wo8EpY/test-root-CA.config -passin pass:random-root-CA-password-29016 -keyfile /tmp/sssd-softhsm2-certs-Wo8EpY/test-root-CA-key.pem -in /tmp/sssd-softhsm2-certs-Wo8EpY/test-intermediate-CA-certificate-request.pem -days 365 -extensions v3_intermediate_ca -out /tmp/sssd-softhsm2-certs-Wo8EpY/test-intermediate-CA.pem 322s Using configuration from /tmp/sssd-softhsm2-certs-Wo8EpY/test-root-CA.config 322s Check that the request matches the signature 322s Signature ok 322s Certificate Details: 322s Serial Number: 1 (0x1) 322s Validity 322s Not Before: Mar 16 12:37:31 2024 GMT 322s Not After : Mar 16 12:37:31 2025 GMT 322s Subject: 322s organizationName = Test Organization 322s organizationalUnitName = Test Organization Unit 322s commonName = Test Organization Intermediate CA 322s X509v3 extensions: 322s X509v3 Subject Key Identifier: 322s 1D:0A:81:92:A9:66:AF:73:7B:66:57:55:D7:8E:E9:A7:04:5B:C5:2F 322s X509v3 Authority Key Identifier: 322s keyid:40:23:91:33:F8:CE:EE:C6:ED:BD:59:EF:2F:EE:77:11:D2:A6:96:FF 322s DirName:/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root CA 322s serial:00 322s X509v3 Basic Constraints: 322s CA:TRUE 322s X509v3 Key Usage: critical 322s Digital Signature, Certificate Sign, CRL Sign 322s Certificate is to be certified until Mar 16 12:37:31 2025 GMT (365 days) 322s 322s Write out database with 1 new entries 322s Database updated 322s + openssl x509 -noout -in /tmp/sssd-softhsm2-certs-Wo8EpY/test-intermediate-CA.pem 322s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-Wo8EpY/test-root-CA.pem /tmp/sssd-softhsm2-certs-Wo8EpY/test-intermediate-CA.pem 322s /tmp/sssd-softhsm2-certs-Wo8EpY/test-intermediate-CA.pem: OK 322s + cat 322s + sub_intermediate_ca_key_pass=pass:random-sub-intermediate-CA-password-32416 322s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-certs-Wo8EpY/test-sub-intermediate-CA-key.pem -passout pass:random-sub-intermediate-CA-password-32416 1024 322s + openssl req -batch -new -nodes -passin pass:random-sub-intermediate-CA-password-32416 -config /tmp/sssd-softhsm2-certs-Wo8EpY/test-sub-intermediate-CA.config -key /tmp/sssd-softhsm2-certs-Wo8EpY/test-sub-intermediate-CA-key.pem -passout pass:random-intermediate-CA-password-22834 -sha256 -extensions v3_ca -out /tmp/sssd-softhsm2-certs-Wo8EpY/test-sub-intermediate-CA-certificate-request.pem 322s + openssl req -text -noout -in /tmp/sssd-softhsm2-certs-Wo8EpY/test-sub-intermediate-CA-certificate-request.pem 322s Certificate Request: 322s Data: 322s Version: 1 (0x0) 322s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 322s Subject Public Key Info: 322s Public Key Algorithm: rsaEncryption 322s Public-Key: (1024 bit) 322s Modulus: 322s 00:c7:75:b9:00:99:00:f2:3c:82:42:01:5a:56:66: 322s 28:7d:e0:da:e9:d7:d0:00:62:f5:e8:23:af:0a:fb: 322s 69:29:cf:84:af:9b:25:33:6d:37:42:22:e9:6a:de: 322s 46:98:da:86:66:ad:c5:35:e3:ec:c8:a7:a0:82:df: 322s d2:67:73:4c:98:c6:c4:80:e6:9a:77:b4:cc:d7:f5: 322s 55:93:35:7b:b5:88:2f:fd:fd:bb:11:93:5f:96:22: 322s e9:ca:4d:ca:c3:56:19:0c:21:c6:fe:62:f1:f7:3f: 322s e6:cf:02:4e:57:e9:2a:97:17:ff:10:14:b1:4f:0a: 322s 44:43:89:f4:95:d3:95:7e:53 322s Exponent: 65537 (0x10001) 322s Attributes: 322s (none) 322s Requested Extensions: 322s Signature Algorithm: sha256WithRSAEncryption 322s Signature Value: 322s 29:01:08:97:a2:b4:20:f6:44:4f:67:17:a2:2b:be:30:8b:ab: 322s a2:a9:2e:8a:4a:a2:25:1b:b2:ad:50:9b:41:15:2a:75:4b:d7: 322s a7:7f:f8:3a:84:d7:7e:48:9a:8c:83:62:ba:82:07:ab:5d:cd: 322s 9e:e3:97:22:e6:71:d2:3b:cd:58:1a:70:df:d0:e4:3a:3f:87: 322s 70:4c:9b:6a:09:04:c1:b2:2e:d2:94:f2:99:b4:89:0d:8b:cd: 322s 32:e0:3e:07:f0:cb:5d:fb:21:03:ac:36:08:a1:f5:f5:2f:f8: 322s b5:91:4d:e1:75:63:d2:dd:4f:d7:ee:7b:47:97:9c:e0:20:84: 322s 1f:f2 322s + openssl ca -batch -notext -config /tmp/sssd-softhsm2-certs-Wo8EpY/test-intermediate-CA.config -passin pass:random-intermediate-CA-password-22834 -keyfile /tmp/sssd-softhsm2-certs-Wo8EpY/test-intermediate-CA-key.pem -in /tmp/sssd-softhsm2-certs-Wo8EpY/test-sub-intermediate-CA-certificate-request.pem -days 365 -extensions v3_intermediate_ca -out /tmp/sssd-softhsm2-certs-Wo8EpY/test-sub-intermediate-CA.pem 322s Using configuration from /tmp/sssd-softhsm2-certs-Wo8EpY/test-intermediate-CA.config 323s Check that the request matches the signature 323s Signature ok 323s Certificate Details: 323s Serial Number: 2 (0x2) 323s Validity 323s Not Before: Mar 16 12:37:31 2024 GMT 323s Not After : Mar 16 12:37:31 2025 GMT 323s Subject: 323s organizationName = Test Organization 323s organizationalUnitName = Test Organization Unit 323s commonName = Test Organization Sub Intermediate CA 323s X509v3 extensions: 323s X509v3 Subject Key Identifier: 323s 5C:F4:18:E0:8F:6D:AB:F8:0A:C5:7B:8A:48:8D:9E:3F:16:E3:2F:BA 323s X509v3 Authority Key Identifier: 323s keyid:1D:0A:81:92:A9:66:AF:73:7B:66:57:55:D7:8E:E9:A7:04:5B:C5:2F 323s DirName:/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root CA 323s serial:01 323s X509v3 Basic Constraints: 323s CA:TRUE 323s X509v3 Key Usage: critical 323s Digital Signature, Certificate Sign, CRL Sign 323s Certificate is to be certified until Mar 16 12:37:31 2025 GMT (365 days) 323s 323s Write out database with 1 new entries 323s Database updated 323s + openssl x509 -noout -in /tmp/sssd-softhsm2-certs-Wo8EpY/test-sub-intermediate-CA.pem 323s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-certs-Wo8EpY/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-Wo8EpY/test-sub-intermediate-CA.pem 323s /tmp/sssd-softhsm2-certs-Wo8EpY/test-sub-intermediate-CA.pem: OK 323s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-certs-Wo8EpY/test-root-CA.pem /tmp/sssd-softhsm2-certs-Wo8EpY/test-sub-intermediate-CA.pem 323s + local cmd=openssl 323s + shift 323s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-Wo8EpY/test-root-CA.pem /tmp/sssd-softhsm2-certs-Wo8EpY/test-sub-intermediate-CA.pem 323s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 323s error 20 at 0 depth lookup: unable to get local issuer certificate 323s error /tmp/sssd-softhsm2-certs-Wo8EpY/test-sub-intermediate-CA.pem: verification failed 323s + cat 323s + root_ca_trusted_cert_0001_key_pass=pass:random-root-ca-trusted-cert-0001-26786 323s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-certs-Wo8EpY/test-root-CA-trusted-certificate-0001-key.pem -passout pass:random-root-ca-trusted-cert-0001-26786 1024 323s + openssl req -new -nodes -reqexts req_exts -passin pass:random-root-ca-trusted-cert-0001-26786 -key /tmp/sssd-softhsm2-certs-Wo8EpY/test-root-CA-trusted-certificate-0001-key.pem -config /tmp/sssd-softhsm2-certs-Wo8EpY/test-root-CA-trusted-certificate-0001.config -out /tmp/sssd-softhsm2-certs-Wo8EpY/test-root-CA-trusted-certificate-0001-request.pem 323s + openssl req -text -noout -in /tmp/sssd-softhsm2-certs-Wo8EpY/test-root-CA-trusted-certificate-0001-request.pem 323s Certificate Request: 323s Data: 323s Version: 1 (0x0) 323s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 323s Subject Public Key Info: 323s Public Key Algorithm: rsaEncryption 323s Public-Key: (1024 bit) 323s Modulus: 323s 00:c0:d5:e6:5a:02:a1:98:b9:2a:3c:bb:6b:72:d4: 323s a8:8d:c7:2f:8a:19:15:23:39:17:06:d9:39:85:42: 323s 2e:a4:49:55:3f:c7:d3:fd:e9:03:9a:04:87:56:21: 323s ad:73:04:97:0e:1d:03:6b:c1:fb:a6:29:aa:7a:2b: 323s b4:d6:c7:29:8b:8d:82:ab:63:9d:fa:04:eb:62:52: 323s e9:2a:85:d6:53:5a:aa:a5:7f:ca:9b:57:99:45:2b: 323s 49:b7:74:00:50:dc:b6:7e:57:48:64:45:bd:96:04: 323s f3:b4:d1:42:60:18:e3:a9:bd:d2:c9:51:57:5a:6f: 323s 2d:6d:08:ce:6b:1d:6a:22:47 323s Exponent: 65537 (0x10001) 323s Attributes: 323s Requested Extensions: 323s X509v3 Basic Constraints: 323s CA:FALSE 323s Netscape Cert Type: 323s SSL Client, S/MIME 323s Netscape Comment: 323s Test Organization Root CA trusted Certificate 323s X509v3 Subject Key Identifier: 323s 6E:77:C9:78:B4:25:21:6E:82:EC:A3:E3:47:40:77:03:40:63:C9:31 323s X509v3 Key Usage: critical 323s Digital Signature, Non Repudiation, Key Encipherment 323s X509v3 Extended Key Usage: 323s TLS Web Client Authentication, E-mail Protection 323s X509v3 Subject Alternative Name: 323s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 323s Signature Algorithm: sha256WithRSAEncryption 323s Signature Value: 323s 3a:3a:ad:13:45:b0:48:cc:66:4e:83:9b:d5:52:5d:d6:5e:b9: 323s 6d:c9:ad:35:be:c0:79:5c:6a:fb:65:3e:d2:d9:88:69:b6:ec: 323s 90:fd:14:be:69:6c:50:e1:d2:cb:be:f9:eb:6c:26:a2:87:0f: 323s 72:8f:c7:96:c9:25:71:e7:d8:68:98:a9:1d:be:17:fa:2d:da: 323s da:71:f6:02:97:02:d9:4c:72:0f:b1:3f:bd:1c:ce:87:c6:71: 323s 27:ce:ff:11:00:03:8c:5c:32:32:bd:15:40:23:4b:1b:4f:f0: 323s c4:ba:2a:44:cd:2d:62:e6:db:ed:f9:f7:b8:ac:c0:0b:fb:64: 323s ea:90 323s + openssl ca -batch -notext -config /tmp/sssd-softhsm2-certs-Wo8EpY/test-root-CA.config -passin pass:random-root-CA-password-29016 -keyfile /tmp/sssd-softhsm2-certs-Wo8EpY/test-root-CA-key.pem -in /tmp/sssd-softhsm2-certs-Wo8EpY/test-root-CA-trusted-certificate-0001-request.pem -days 365 -extensions usr_cert -out /tmp/sssd-softhsm2-certs-Wo8EpY/test-root-CA-trusted-certificate-0001.pem 323s Using configuration from /tmp/sssd-softhsm2-certs-Wo8EpY/test-root-CA.config 323s Check that the request matches the signature 323s Signature ok 323s Certificate Details: 323s Serial Number: 3 (0x3) 323s Validity 323s Not Before: Mar 16 12:37:32 2024 GMT 323s Not After : Mar 16 12:37:32 2025 GMT 323s Subject: 323s organizationName = Test Organization 323s organizationalUnitName = Test Organization Unit 323s commonName = Test Organization Root Trusted Certificate 0001 323s X509v3 extensions: 323s X509v3 Authority Key Identifier: 323s 40:23:91:33:F8:CE:EE:C6:ED:BD:59:EF:2F:EE:77:11:D2:A6:96:FF 323s X509v3 Basic Constraints: 323s CA:FALSE 323s Netscape Cert Type: 323s SSL Client, S/MIME 323s Netscape Comment: 323s Test Organization Root CA trusted Certificate 323s X509v3 Subject Key Identifier: 323s 6E:77:C9:78:B4:25:21:6E:82:EC:A3:E3:47:40:77:03:40:63:C9:31 323s X509v3 Key Usage: critical 323s Digital Signature, Non Repudiation, Key Encipherment 323s X509v3 Extended Key Usage: 323s TLS Web Client Authentication, E-mail Protection 323s X509v3 Subject Alternative Name: 323s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 323s Certificate is to be certified until Mar 16 12:37:32 2025 GMT (365 days) 323s 323s Write out database with 1 new entries 323s Database updated 323s + openssl x509 -noout -in /tmp/sssd-softhsm2-certs-Wo8EpY/test-root-CA-trusted-certificate-0001.pem 323s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-Wo8EpY/test-root-CA.pem /tmp/sssd-softhsm2-certs-Wo8EpY/test-root-CA-trusted-certificate-0001.pem 323s /tmp/sssd-softhsm2-certs-Wo8EpY/test-root-CA-trusted-certificate-0001.pem: OK 323s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-certs-Wo8EpY/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-Wo8EpY/test-root-CA-trusted-certificate-0001.pem 323s + local cmd=openssl 323s + shift 323s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-Wo8EpY/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-Wo8EpY/test-root-CA-trusted-certificate-0001.pem 323s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 323s error 20 at 0 depth lookup: unable to get local issuer certificate 323s error /tmp/sssd-softhsm2-certs-Wo8EpY/test-root-CA-trusted-certificate-0001.pem: verification failed 323s + cat 323s + intermediate_ca_trusted_cert_0001_key_pass=pass:random-intermediate-ca-trusted-cert-0001-16097 323s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-certs-Wo8EpY/test-intermediate-CA-trusted-certificate-0001-key.pem -passout pass:random-intermediate-ca-trusted-cert-0001-16097 1024 323s + openssl req -new -nodes -reqexts req_exts -passin pass:random-intermediate-ca-trusted-cert-0001-16097 -key /tmp/sssd-softhsm2-certs-Wo8EpY/test-intermediate-CA-trusted-certificate-0001-key.pem -config /tmp/sssd-softhsm2-certs-Wo8EpY/test-intermediate-CA-trusted-certificate-0001.config -out /tmp/sssd-softhsm2-certs-Wo8EpY/test-intermediate-CA-trusted-certificate-0001-request.pem 323s + openssl req -text -noout -in /tmp/sssd-softhsm2-certs-Wo8EpY/test-intermediate-CA-trusted-certificate-0001-request.pem 323s Certificate Request: 323s Data: 323s Version: 1 (0x0) 323s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 323s Subject Public Key Info: 323s Public Key Algorithm: rsaEncryption 323s Public-Key: (1024 bit) 323s Modulus: 323s 00:b2:f5:e1:7f:25:e2:7f:0f:6d:3a:94:87:57:07: 323s fc:f9:a4:aa:41:81:ee:71:88:eb:cd:c4:f9:07:8c: 323s 31:28:34:5d:74:93:d9:58:75:c3:89:9c:6d:06:ed: 323s b3:c1:bd:e6:ce:02:08:37:fe:44:d9:45:32:47:19: 323s 3e:69:d0:d4:04:78:1d:7c:f0:04:a4:82:6a:0f:be: 323s 8f:63:0d:df:fa:03:5d:91:c9:54:2e:75:89:9e:c1: 323s 5a:7c:2b:58:15:97:ec:3a:8e:f5:5d:da:f4:38:93: 323s 20:26:54:37:16:48:f0:11:97:16:52:fe:c8:8c:65: 323s 01:78:a4:5a:02:4a:aa:0a:4f 323s Exponent: 65537 (0x10001) 323s Attributes: 323s Requested Extensions: 323s X509v3 Basic Constraints: 323s CA:FALSE 323s Netscape Cert Type: 323s SSL Client, S/MIME 323s Netscape Comment: 323s Test Organization Intermediate CA trusted Certificate 323s X509v3 Subject Key Identifier: 323s 66:51:AD:1C:5A:0A:AF:D3:CF:A9:2E:1A:82:EE:46:6B:C7:65:D4:2A 323s X509v3 Key Usage: critical 323s Digital Signature, Non Repudiation, Key Encipherment 323s X509v3 Extended Key Usage: 323s TLS Web Client Authentication, E-mail Protection 323s X509v3 Subject Alternative Name: 323s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 323s Signature Algorithm: sha256WithRSAEncryption 323s Signature Value: 323s 63:b1:56:9e:f8:27:e5:ee:62:17:4f:6c:8e:ce:00:64:9a:59: 323s 08:8f:ec:fa:2b:81:4c:4f:b1:a4:74:b0:18:48:01:f1:be:21: 323s 91:48:e1:87:b8:db:18:af:c9:d9:f0:18:22:c4:91:09:74:a2: 323s c0:a0:80:ee:c6:33:48:49:20:dd:44:2f:b6:09:e9:75:98:2f: 323s 08:49:c9:58:44:8f:91:5b:c8:7d:ac:cb:02:bb:f2:3b:24:ac: 323s 0e:9e:62:9c:90:0d:3a:bf:ea:ab:c8:0c:7e:ca:34:97:fd:09: 323s 80:05:db:53:ad:f3:ff:17:b0:be:be:f0:fa:da:eb:e8:15:08: 323s df:ee 323s + openssl ca -passin pass:random-intermediate-CA-password-22834 -config /tmp/sssd-softhsm2-certs-Wo8EpY/test-intermediate-CA.config -batch -notext -keyfile /tmp/sssd-softhsm2-certs-Wo8EpY/test-intermediate-CA-key.pem -in /tmp/sssd-softhsm2-certs-Wo8EpY/test-intermediate-CA-trusted-certificate-0001-request.pem -days 365 -extensions usr_cert -out /tmp/sssd-softhsm2-certs-Wo8EpY/test-intermediate-CA-trusted-certificate-0001.pem 323s Using configuration from /tmp/sssd-softhsm2-certs-Wo8EpY/test-intermediate-CA.config 323s Check that the request matches the signature 323s Signature ok 323s Certificate Details: 323s Serial Number: 4 (0x4) 323s Validity 323s Not Before: Mar 16 12:37:32 2024 GMT 323s Not After : Mar 16 12:37:32 2025 GMT 323s Subject: 323s organizationName = Test Organization 323s organizationalUnitName = Test Organization Unit 323s commonName = Test Organization Intermediate Trusted Certificate 0001 323s X509v3 extensions: 323s X509v3 Authority Key Identifier: 323s 1D:0A:81:92:A9:66:AF:73:7B:66:57:55:D7:8E:E9:A7:04:5B:C5:2F 323s X509v3 Basic Constraints: 323s CA:FALSE 323s Netscape Cert Type: 323s SSL Client, S/MIME 323s Netscape Comment: 323s Test Organization Intermediate CA trusted Certificate 323s X509v3 Subject Key Identifier: 323s 66:51:AD:1C:5A:0A:AF:D3:CF:A9:2E:1A:82:EE:46:6B:C7:65:D4:2A 323s X509v3 Key Usage: critical 323s Digital Signature, Non Repudiation, Key Encipherment 323s X509v3 Extended Key Usage: 323s TLS Web Client Authentication, E-mail Protection 323s X509v3 Subject Alternative Name: 323s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 323s Certificate is to be certified until Mar 16 12:37:32 2025 GMT (365 days) 323s 323s Write out database with 1 new entries 323s Database updated 323s + openssl x509 -noout -in /tmp/sssd-softhsm2-certs-Wo8EpY/test-intermediate-CA-trusted-certificate-0001.pem 323s + echo 'This certificate should not be trusted fully' 323s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-certs-Wo8EpY/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-Wo8EpY/test-intermediate-CA-trusted-certificate-0001.pem 323s + local cmd=openssl 323s + shift 323s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-Wo8EpY/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-Wo8EpY/test-intermediate-CA-trusted-certificate-0001.pem 323s This certificate should not be trusted fully 323s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 323s error 2 at 1 depth lookup: unable to get issuer certificate 323s error /tmp/sssd-softhsm2-certs-Wo8EpY/test-intermediate-CA-trusted-certificate-0001.pem: verification failed 323s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-certs-Wo8EpY/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-Wo8EpY/test-intermediate-CA-trusted-certificate-0001.pem 323s /tmp/sssd-softhsm2-certs-Wo8EpY/test-intermediate-CA-trusted-certificate-0001.pem: OK 323s + cat 323s + sub_intermediate_ca_trusted_cert_0001_key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-15101 323s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-certs-Wo8EpY/test-sub-intermediate-CA-trusted-certificate-0001-key.pem -passout pass:random-sub-intermediate-ca-trusted-cert-0001-15101 1024 323s + openssl req -new -nodes -reqexts req_exts -passin pass:random-sub-intermediate-ca-trusted-cert-0001-15101 -key /tmp/sssd-softhsm2-certs-Wo8EpY/test-sub-intermediate-CA-trusted-certificate-0001-key.pem -config /tmp/sssd-softhsm2-certs-Wo8EpY/test-sub-intermediate-CA-trusted-certificate-0001.config -out /tmp/sssd-softhsm2-certs-Wo8EpY/test-sub-intermediate-CA-trusted-certificate-0001-request.pem 323s + openssl req -text -noout -in /tmp/sssd-softhsm2-certs-Wo8EpY/test-sub-intermediate-CA-trusted-certificate-0001-request.pem 323s Certificate Request: 323s Data: 323s Version: 1 (0x0) 323s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 323s Subject Public Key Info: 323s Public Key Algorithm: rsaEncryption 323s Public-Key: (1024 bit) 323s Modulus: 323s 00:c4:58:05:50:6d:2d:0d:60:cf:9a:03:88:cd:f2: 323s b2:1b:10:b6:49:fd:19:dd:36:94:73:68:55:d6:c4: 323s e4:ad:70:44:b9:1f:96:77:ee:26:c9:39:59:9f:ed: 323s f1:50:28:e7:d4:e2:70:f9:ec:89:b3:25:bf:da:00: 323s 58:45:0c:e8:23:12:ba:34:31:0b:4e:c2:5e:08:41: 323s 59:1e:02:e3:3d:ed:25:a7:7e:95:75:05:90:69:60: 323s df:b4:c3:d0:a4:74:2e:8f:e4:b8:1e:99:d1:35:c9: 323s 2c:ac:21:48:e0:cb:ff:1c:f5:ce:2f:05:3b:5d:98: 323s d7:20:c5:7f:f9:bc:87:4c:7f 323s Exponent: 65537 (0x10001) 323s Attributes: 323s Requested Extensions: 323s X509v3 Basic Constraints: 323s CA:FALSE 323s Netscape Cert Type: 323s SSL Client, S/MIME 323s Netscape Comment: 323s Test Organization Sub Intermediate CA trusted Certificate 323s X509v3 Subject Key Identifier: 323s 26:A8:AE:72:C7:FA:2F:41:87:66:4F:B8:46:94:D0:18:82:4B:28:98 323s X509v3 Key Usage: critical 323s Digital Signature, Non Repudiation, Key Encipherment 323s X509v3 Extended Key Usage: 323s TLS Web Client Authentication, E-mail Protection 323s X509v3 Subject Alternative Name: 323s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 323s Signature Algorithm: sha256WithRSAEncryption 323s Signature Value: 323s 70:0a:e3:cd:42:54:c1:c2:b9:19:b7:45:cd:ae:e6:65:03:30: 323s 75:be:93:2a:3e:e7:84:e9:52:a5:a4:76:1d:22:45:1a:e3:79: 323s f5:57:83:07:76:a7:04:e1:c7:ce:71:2d:c5:6f:b9:ab:2b:49: 323s 02:ce:53:be:1e:2a:ce:f4:57:5a:6d:26:06:0d:58:e0:51:ce: 323s 37:3b:ca:6e:1e:7f:c4:84:70:34:3a:4d:ef:ba:76:63:28:17: 323s 4e:e2:8e:2b:5b:f7:42:79:6c:92:86:d6:14:cc:20:38:f4:f4: 323s c6:02:c1:e3:d5:74:77:00:4d:78:2e:91:2c:0c:48:fb:19:82: 323s e7:89 323s + openssl ca -passin pass:random-sub-intermediate-CA-password-32416 -config /tmp/sssd-softhsm2-certs-Wo8EpY/test-sub-intermediate-CA.config -batch -notext -keyfile /tmp/sssd-softhsm2-certs-Wo8EpY/test-sub-intermediate-CA-key.pem -in /tmp/sssd-softhsm2-certs-Wo8EpY/test-sub-intermediate-CA-trusted-certificate-0001-request.pem -days 365 -extensions usr_cert -out /tmp/sssd-softhsm2-certs-Wo8EpY/test-sub-intermediate-CA-trusted-certificate-0001.pem 323s Using configuration from /tmp/sssd-softhsm2-certs-Wo8EpY/test-sub-intermediate-CA.config 323s Check that the request matches the signature 323s Signature ok 323s Certificate Details: 323s Serial Number: 5 (0x5) 323s Validity 323s Not Before: Mar 16 12:37:32 2024 GMT 323s Not After : Mar 16 12:37:32 2025 GMT 323s Subject: 323s organizationName = Test Organization 323s organizationalUnitName = Test Organization Unit 323s commonName = Test Organization Sub Intermediate Trusted Certificate 0001 323s X509v3 extensions: 323s X509v3 Authority Key Identifier: 323s 5C:F4:18:E0:8F:6D:AB:F8:0A:C5:7B:8A:48:8D:9E:3F:16:E3:2F:BA 323s X509v3 Basic Constraints: 323s CA:FALSE 323s Netscape Cert Type: 323s SSL Client, S/MIME 323s Netscape Comment: 323s Test Organization Sub Intermediate CA trusted Certificate 323s X509v3 Subject Key Identifier: 323s 26:A8:AE:72:C7:FA:2F:41:87:66:4F:B8:46:94:D0:18:82:4B:28:98 323s X509v3 Key Usage: critical 323s Digital Signature, Non Repudiation, Key Encipherment 323s X509v3 Extended Key Usage: 323s TLS Web Client Authentication, E-mail Protection 323s X509v3 Subject Alternative Name: 323s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 323s Certificate is to be certified until Mar 16 12:37:32 2025 GMT (365 days) 323s 323s Write out database with 1 new entries 323s Database updated 323s + openssl x509 -noout -in /tmp/sssd-softhsm2-certs-Wo8EpY/test-sub-intermediate-CA-trusted-certificate-0001.pem 323s This certificate should not be trusted fully 323s + echo 'This certificate should not be trusted fully' 323s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-certs-Wo8EpY/test-sub-intermediate-CA.pem /tmp/sssd-softhsm2-certs-Wo8EpY/test-sub-intermediate-CA-trusted-certificate-0001.pem 323s + local cmd=openssl 323s + shift 323s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-Wo8EpY/test-sub-intermediate-CA.pem /tmp/sssd-softhsm2-certs-Wo8EpY/test-sub-intermediate-CA-trusted-certificate-0001.pem 323s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 323s error 2 at 1 depth lookup: unable to get issuer certificate 323s error /tmp/sssd-softhsm2-certs-Wo8EpY/test-sub-intermediate-CA-trusted-certificate-0001.pem: verification failed 323s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-certs-Wo8EpY/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-Wo8EpY/test-sub-intermediate-CA-trusted-certificate-0001.pem 323s + local cmd=openssl 323s + shift 323s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-Wo8EpY/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-Wo8EpY/test-sub-intermediate-CA-trusted-certificate-0001.pem 323s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 323s error 20 at 0 depth lookup: unable to get local issuer certificate 323s error /tmp/sssd-softhsm2-certs-Wo8EpY/test-sub-intermediate-CA-trusted-certificate-0001.pem: verification failed 323s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-certs-Wo8EpY/test-sub-intermediate-CA.pem /tmp/sssd-softhsm2-certs-Wo8EpY/test-sub-intermediate-CA-trusted-certificate-0001.pem 323s /tmp/sssd-softhsm2-certs-Wo8EpY/test-sub-intermediate-CA-trusted-certificate-0001.pem: OK 323s Building a the full-chain CA file... 323s + expect_fail openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-certs-Wo8EpY/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-Wo8EpY/test-sub-intermediate-CA-trusted-certificate-0001.pem 323s + local cmd=openssl 323s + shift 323s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-certs-Wo8EpY/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-Wo8EpY/test-sub-intermediate-CA-trusted-certificate-0001.pem 323s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 323s error 20 at 0 depth lookup: unable to get local issuer certificate 323s error /tmp/sssd-softhsm2-certs-Wo8EpY/test-sub-intermediate-CA-trusted-certificate-0001.pem: verification failed 323s + echo 'Building a the full-chain CA file...' 323s + cat /tmp/sssd-softhsm2-certs-Wo8EpY/test-root-CA.pem /tmp/sssd-softhsm2-certs-Wo8EpY/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-Wo8EpY/test-sub-intermediate-CA.pem 323s + cat /tmp/sssd-softhsm2-certs-Wo8EpY/test-root-CA.pem /tmp/sssd-softhsm2-certs-Wo8EpY/test-intermediate-CA.pem 323s + cat /tmp/sssd-softhsm2-certs-Wo8EpY/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-Wo8EpY/test-sub-intermediate-CA.pem 323s + openssl crl2pkcs7 -nocrl -certfile /tmp/sssd-softhsm2-certs-Wo8EpY/test-full-chain-CA.pem 323s + openssl pkcs7 -print_certs -noout 323s subject=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 323s issuer=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 323s 323s subject=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 323s issuer=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 323s 323s subject=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 323s issuer=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 323s 323s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-Wo8EpY/test-full-chain-CA.pem /tmp/sssd-softhsm2-certs-Wo8EpY/test-intermediate-CA.pem 323s /tmp/sssd-softhsm2-certs-Wo8EpY/test-intermediate-CA.pem: OK 323s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-Wo8EpY/test-full-chain-CA.pem /tmp/sssd-softhsm2-certs-Wo8EpY/test-root-CA-trusted-certificate-0001.pem 323s /tmp/sssd-softhsm2-certs-Wo8EpY/test-root-CA-trusted-certificate-0001.pem: OK 323s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-Wo8EpY/test-full-chain-CA.pem /tmp/sssd-softhsm2-certs-Wo8EpY/test-intermediate-CA-trusted-certificate-0001.pem 323s /tmp/sssd-softhsm2-certs-Wo8EpY/test-intermediate-CA-trusted-certificate-0001.pem: OK 323s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-Wo8EpY/test-full-chain-CA.pem /tmp/sssd-softhsm2-certs-Wo8EpY/test-root-intermediate-chain-CA.pem 323s /tmp/sssd-softhsm2-certs-Wo8EpY/test-root-intermediate-chain-CA.pem: OK 323s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-Wo8EpY/test-full-chain-CA.pem /tmp/sssd-softhsm2-certs-Wo8EpY/test-sub-intermediate-CA-trusted-certificate-0001.pem 323s /tmp/sssd-softhsm2-certs-Wo8EpY/test-sub-intermediate-CA-trusted-certificate-0001.pem: OK 323s + echo 'Certificates generation completed!' 323s + [[ -v NO_SSSD_TESTS ]] 323s + [[ -v GENERATE_SMART_CARDS ]] 323s + prepare_softhsm2_card /tmp/sssd-softhsm2-certs-Wo8EpY/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-26786 323s + local certificate=/tmp/sssd-softhsm2-certs-Wo8EpY/test-root-CA-trusted-certificate-0001.pem 323s Certificates generation completed! 323s + local key_pass=pass:random-root-ca-trusted-cert-0001-26786 323s + local key_cn 323s + local key_name 323s + local tokens_dir 323s + local output_cert_file 323s + token_name= 323s ++ basename /tmp/sssd-softhsm2-certs-Wo8EpY/test-root-CA-trusted-certificate-0001.pem .pem 323s + key_name=test-root-CA-trusted-certificate-0001 323s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-certs-Wo8EpY/test-root-CA-trusted-certificate-0001.pem 323s ++ sed -n 's/ *commonName *= //p' 323s + key_cn='Test Organization Root Trusted Certificate 0001' 323s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 323s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-certs-Wo8EpY/softhsm2-test-root-CA-trusted-certificate-0001.conf 323s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-certs-Wo8EpY/softhsm2-test-root-CA-trusted-certificate-0001.conf 323s ++ basename /tmp/sssd-softhsm2-certs-Wo8EpY/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 323s + tokens_dir=/tmp/sssd-softhsm2-certs-Wo8EpY/softhsm2-test-root-CA-trusted-certificate-0001 323s + token_name='Test Organization Root Tr Token' 323s + '[' '!' -e /tmp/sssd-softhsm2-certs-Wo8EpY/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 323s + local key_file 323s + local decrypted_key 323s + mkdir -p /tmp/sssd-softhsm2-certs-Wo8EpY/softhsm2-test-root-CA-trusted-certificate-0001 323s + key_file=/tmp/sssd-softhsm2-certs-Wo8EpY/test-root-CA-trusted-certificate-0001-key.pem 323s + decrypted_key=/tmp/sssd-softhsm2-certs-Wo8EpY/test-root-CA-trusted-certificate-0001-key-decrypted.pem 323s + cat 323s + softhsm2-util --init-token --label 'Test Organization Root Tr Token' --pin 123456 --so-pin 123456 --free 323s Slot 0 has a free/uninitialized token. 323s The token has been initialized and is reassigned to slot 1248039326 323s + softhsm2-util --show-slots 323s Available slots: 323s Slot 1248039326 323s Slot info: 323s Description: SoftHSM slot ID 0x4a63919e 323s Manufacturer ID: SoftHSM project 323s Hardware version: 2.6 323s Firmware version: 2.6 323s Token present: yes 323s Token info: 323s Manufacturer ID: SoftHSM project 323s Model: SoftHSM v2 323s Hardware version: 2.6 323s Firmware version: 2.6 323s Serial number: 9410eeb94a63919e 323s Initialized: yes 323s User PIN init.: yes 323s Label: Test Organization Root Tr Token 323s Slot 1 323s Slot info: 323s Description: SoftHSM slot ID 0x1 323s Manufacturer ID: SoftHSM project 323s Hardware version: 2.6 323s Firmware version: 2.6 323s Token present: yes 323s Token info: 323s Manufacturer ID: SoftHSM project 323s Model: SoftHSM v2 323s Hardware version: 2.6 323s Firmware version: 2.6 323s Serial number: 323s Initialized: no 323s User PIN init.: no 323s Label: 323s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=/tmp/sssd-softhsm2-certs-Wo8EpY/test-root-CA-trusted-certificate-0001.pem --login --set-pin=123456 --label 'Test Organization Root Trusted Certificate 0001' --id 00112233445566778899FFAABBCCDDEEFF012345 323s + openssl rsa -passin pass:random-root-ca-trusted-cert-0001-26786 -in /tmp/sssd-softhsm2-certs-Wo8EpY/test-root-CA-trusted-certificate-0001-key.pem -out /tmp/sssd-softhsm2-certs-Wo8EpY/test-root-CA-trusted-certificate-0001-key-decrypted.pem 323s writing RSA key 323s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --write --load-privkey=/tmp/sssd-softhsm2-certs-Wo8EpY/test-root-CA-trusted-certificate-0001-key-decrypted.pem --login --set-pin=123456 --label 'Test Organization Root Trusted Certificate 0001 Key' --id 00112233445566778899FFAABBCCDDEEFF012345 323s + rm /tmp/sssd-softhsm2-certs-Wo8EpY/test-root-CA-trusted-certificate-0001-key-decrypted.pem 323s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --list-all 323s Object 0: 323s URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=9410eeb94a63919e;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert 323s Type: X.509 Certificate (RSA-1024) 323s Expires: Sun Mar 16 12:37:32 2025 323s Label: Test Organization Root Trusted Certificate 0001 323s ID: 00:11:22:33:44:55:66:77:88:99:ff:aa:bb:cc:dd:ee:ff:01:23:45 323s 323s Test Organization Root Tr Token 323s + echo 'Test Organization Root Tr Token' 323s + prepare_softhsm2_card /tmp/sssd-softhsm2-certs-Wo8EpY/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-16097 323s + local certificate=/tmp/sssd-softhsm2-certs-Wo8EpY/test-intermediate-CA-trusted-certificate-0001.pem 323s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-16097 323s + local key_cn 323s + local key_name 323s + local tokens_dir 323s + local output_cert_file 323s + token_name= 323s ++ basename /tmp/sssd-softhsm2-certs-Wo8EpY/test-intermediate-CA-trusted-certificate-0001.pem .pem 323s + key_name=test-intermediate-CA-trusted-certificate-0001 323s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-certs-Wo8EpY/test-intermediate-CA-trusted-certificate-0001.pem 323s ++ sed -n 's/ *commonName *= //p' 323s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 323s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 323s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-certs-Wo8EpY/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 323s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-certs-Wo8EpY/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 323s ++ basename /tmp/sssd-softhsm2-certs-Wo8EpY/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 323s + tokens_dir=/tmp/sssd-softhsm2-certs-Wo8EpY/softhsm2-test-intermediate-CA-trusted-certificate-0001 323s + token_name='Test Organization Interme Token' 323s + '[' '!' -e /tmp/sssd-softhsm2-certs-Wo8EpY/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 323s + local key_file 323s + local decrypted_key 323s + mkdir -p /tmp/sssd-softhsm2-certs-Wo8EpY/softhsm2-test-intermediate-CA-trusted-certificate-0001 323s + key_file=/tmp/sssd-softhsm2-certs-Wo8EpY/test-intermediate-CA-trusted-certificate-0001-key.pem 323s + decrypted_key=/tmp/sssd-softhsm2-certs-Wo8EpY/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 323s + cat 323s + softhsm2-util --init-token --label 'Test Organization Interme Token' --pin 123456 --so-pin 123456 --free 323s Slot 0 has a free/uninitialized token. 323s The token has been initialized and is reassigned to slot 1377170673 323s + softhsm2-util --show-slots 323s Available slots: 323s Slot 1377170673 323s Slot info: 323s Description: SoftHSM slot ID 0x5215f4f1 323s Manufacturer ID: SoftHSM project 323s Hardware version: 2.6 323s Firmware version: 2.6 323s Token present: yes 323s Token info: 323s Manufacturer ID: SoftHSM project 323s Model: SoftHSM v2 323s Hardware version: 2.6 323s Firmware version: 2.6 323s Serial number: 19a473fcd215f4f1 323s Initialized: yes 323s User PIN init.: yes 323s Label: Test Organization Interme Token 323s Slot 1 323s Slot info: 323s Description: SoftHSM slot ID 0x1 323s Manufacturer ID: SoftHSM project 323s Hardware version: 2.6 323s Firmware version: 2.6 323s Token present: yes 323s Token info: 323s Manufacturer ID: SoftHSM project 323s Model: SoftHSM v2 323s Hardware version: 2.6 323s Firmware version: 2.6 323s Serial number: 323s Initialized: no 323s User PIN init.: no 323s Label: 323s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=/tmp/sssd-softhsm2-certs-Wo8EpY/test-intermediate-CA-trusted-certificate-0001.pem --login --set-pin=123456 --label 'Test Organization Intermediate Trusted Certificate 0001' --id 00112233445566778899FFAABBCCDDEEFF012345 323s + openssl rsa -passin pass:random-intermediate-ca-trusted-cert-0001-16097 -in /tmp/sssd-softhsm2-certs-Wo8EpY/test-intermediate-CA-trusted-certificate-0001-key.pem -out /tmp/sssd-softhsm2-certs-Wo8EpY/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 323s writing RSA key 323s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --write --load-privkey=/tmp/sssd-softhsm2-certs-Wo8EpY/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem --login --set-pin=123456 --label 'Test Organization Intermediate Trusted Certificate 0001 Key' --id 00112233445566778899FFAABBCCDDEEFF012345 323s + rm /tmp/sssd-softhsm2-certs-Wo8EpY/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 323s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --list-all 323s Object 0: 323s URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=19a473fcd215f4f1;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert 323s Type: X.509 Certificate (RSA-1024) 323s Expires: Sun Mar 16 12:37:32 2025 323s Label: Test Organization Intermediate Trusted Certificate 0001 323s ID: 00:11:22:33:44:55:66:77:88:99:ff:aa:bb:cc:dd:ee:ff:01:23:45 323s 323s Test Organization Interme Token 323s + echo 'Test Organization Interme Token' 323s + prepare_softhsm2_card /tmp/sssd-softhsm2-certs-Wo8EpY/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-15101 323s + local certificate=/tmp/sssd-softhsm2-certs-Wo8EpY/test-sub-intermediate-CA-trusted-certificate-0001.pem 323s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-15101 323s + local key_cn 323s + local key_name 323s + local tokens_dir 323s + local output_cert_file 323s + token_name= 323s ++ basename /tmp/sssd-softhsm2-certs-Wo8EpY/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 323s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 323s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-certs-Wo8EpY/test-sub-intermediate-CA-trusted-certificate-0001.pem 323s ++ sed -n 's/ *commonName *= //p' 323s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 323s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 323s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-certs-Wo8EpY/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 323s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-certs-Wo8EpY/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 323s ++ basename /tmp/sssd-softhsm2-certs-Wo8EpY/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 323s + tokens_dir=/tmp/sssd-softhsm2-certs-Wo8EpY/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 323s + token_name='Test Organization Sub Int Token' 323s + '[' '!' -e /tmp/sssd-softhsm2-certs-Wo8EpY/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 323s + local key_file 323s + local decrypted_key 323s + mkdir -p /tmp/sssd-softhsm2-certs-Wo8EpY/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 323s + key_file=/tmp/sssd-softhsm2-certs-Wo8EpY/test-sub-intermediate-CA-trusted-certificate-0001-key.pem 323s + decrypted_key=/tmp/sssd-softhsm2-certs-Wo8EpY/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 323s + cat 323s + softhsm2-util --init-token --label 'Test Organization Sub Int Token' --pin 123456 --so-pin 123456 --free 323s Slot 0 has a free/uninitialized token. 323s The token has been initialized and is reassigned to slot 1551836663 323s + softhsm2-util --show-slots 323s Available slots: 323s Slot 1551836663 323s Slot info: 323s Description: SoftHSM slot ID 0x5c7f25f7 323s Manufacturer ID: SoftHSM project 323s Hardware version: 2.6 323s Firmware version: 2.6 323s Token present: yes 323s Token info: 323s Manufacturer ID: SoftHSM project 323s Model: SoftHSM v2 323s Hardware version: 2.6 323s Firmware version: 2.6 323s Serial number: 5d2679eadc7f25f7 323s Initialized: yes 323s User PIN init.: yes 323s Label: Test Organization Sub Int Token 323s Slot 1 323s Slot info: 323s Description: SoftHSM slot ID 0x1 323s Manufacturer ID: SoftHSM project 323s Hardware version: 2.6 323s Firmware version: 2.6 323s Token present: yes 323s Token info: 323s Manufacturer ID: SoftHSM project 323s Model: SoftHSM v2 323s Hardware version: 2.6 323s Firmware version: 2.6 323s Serial number: 323s Initialized: no 323s User PIN init.: no 323s Label: 323s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=/tmp/sssd-softhsm2-certs-Wo8EpY/test-sub-intermediate-CA-trusted-certificate-0001.pem --login --set-pin=123456 --label 'Test Organization Sub Intermediate Trusted Certificate 0001' --id 00112233445566778899FFAABBCCDDEEFF012345 323s + openssl rsa -passin pass:random-sub-intermediate-ca-trusted-cert-0001-15101 -in /tmp/sssd-softhsm2-certs-Wo8EpY/test-sub-intermediate-CA-trusted-certificate-0001-key.pem -out /tmp/sssd-softhsm2-certs-Wo8EpY/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 323s writing RSA key 323s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --write --load-privkey=/tmp/sssd-softhsm2-certs-Wo8EpY/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem --login --set-pin=123456 --label 'Test Organization Sub Intermediate Trusted Certificate 0001 Key' --id 00112233445566778899FFAABBCCDDEEFF012345 323s + rm /tmp/sssd-softhsm2-certs-Wo8EpY/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 323s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --list-all 323s Object 0: 323s URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=5d2679eadc7f25f7;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert 323s Type: X.509 Certificate (RSA-1024) 323s Expires: Sun Mar 16 12:37:32 2025 323s Label: Test Organization Sub Intermediate Trusted Certificate 0001 323s ID: 00:11:22:33:44:55:66:77:88:99:ff:aa:bb:cc:dd:ee:ff:01:23:45 323s 323s + echo 'Test Organization Sub Int Token' 323s + echo 'Certificates generation completed!' 323s + exit 0 323s Test Organization Sub Int Token 323s Certificates generation completed! 323s + find /tmp/sssd-softhsm2-certs-Wo8EpY -type d -exec chmod 777 '{}' ';' 323s + find /tmp/sssd-softhsm2-certs-Wo8EpY -type f -exec chmod 666 '{}' ';' 323s + backup_file /etc/sssd/sssd.conf 323s + '[' -z '' ']' 323s ++ mktemp -d -t sssd-softhsm2-backups-XXXXXX 323s + backupsdir=/tmp/sssd-softhsm2-backups-Gh89re 323s + '[' -e /etc/sssd/sssd.conf ']' 323s + delete_paths+=("$1") 323s + rm -f /etc/sssd/sssd.conf 323s ++ runuser -u ubuntu -- sh -c 'echo ~' 323s + user_home=/home/ubuntu 323s + mkdir -p /home/ubuntu 323s + chown ubuntu:ubuntu /home/ubuntu 323s ++ runuser -u ubuntu -- sh -c 'echo ${XDG_CONFIG_HOME:-~/.config}' 323s + user_config=/home/ubuntu/.config 323s + system_config=/etc 323s + softhsm2_conf_paths=("${AUTOPKGTEST_NORMAL_USER}:$user_config/softhsm2/softhsm2.conf" "root:$system_config/softhsm/softhsm2.conf") 323s + for path_pair in "${softhsm2_conf_paths[@]}" 323s + IFS=: 323s + read -r -a path 323s + path=/home/ubuntu/.config/softhsm2/softhsm2.conf 323s + backup_file /home/ubuntu/.config/softhsm2/softhsm2.conf 323s + '[' -z /tmp/sssd-softhsm2-backups-Gh89re ']' 323s + '[' -e /home/ubuntu/.config/softhsm2/softhsm2.conf ']' 323s + delete_paths+=("$1") 323s + rm -f /home/ubuntu/.config/softhsm2/softhsm2.conf 323s + for path_pair in "${softhsm2_conf_paths[@]}" 323s + IFS=: 323s + read -r -a path 323s + path=/etc/softhsm/softhsm2.conf 323s + backup_file /etc/softhsm/softhsm2.conf 323s + '[' -z /tmp/sssd-softhsm2-backups-Gh89re ']' 323s + '[' -e /etc/softhsm/softhsm2.conf ']' 323s ++ dirname /etc/softhsm/softhsm2.conf 323s + local back_dir=/tmp/sssd-softhsm2-backups-Gh89re//etc/softhsm 323s ++ basename /etc/softhsm/softhsm2.conf 323s + local back_path=/tmp/sssd-softhsm2-backups-Gh89re//etc/softhsm/softhsm2.conf 323s + '[' '!' -e /tmp/sssd-softhsm2-backups-Gh89re//etc/softhsm/softhsm2.conf ']' 323s + mkdir -p /tmp/sssd-softhsm2-backups-Gh89re//etc/softhsm 323s + cp -a /etc/softhsm/softhsm2.conf /tmp/sssd-softhsm2-backups-Gh89re//etc/softhsm/softhsm2.conf 323s + restore_paths+=("$back_path") 323s + rm -f /etc/softhsm/softhsm2.conf 323s + test_authentication login /tmp/sssd-softhsm2-certs-Wo8EpY/softhsm2-test-root-CA-trusted-certificate-0001.conf /tmp/sssd-softhsm2-certs-Wo8EpY/test-full-chain-CA.pem 323s + pam_service=login 323s + certificate_config=/tmp/sssd-softhsm2-certs-Wo8EpY/softhsm2-test-root-CA-trusted-certificate-0001.conf 323s + ca_db=/tmp/sssd-softhsm2-certs-Wo8EpY/test-full-chain-CA.pem 323s + verification_options= 323s + mkdir -p -m 700 /etc/sssd 323s Using CA DB '/tmp/sssd-softhsm2-certs-Wo8EpY/test-full-chain-CA.pem' with verification options: '' 323s + echo 'Using CA DB '\''/tmp/sssd-softhsm2-certs-Wo8EpY/test-full-chain-CA.pem'\'' with verification options: '\'''\''' 323s + cat 323s + chmod 600 /etc/sssd/sssd.conf 323s + for path_pair in "${softhsm2_conf_paths[@]}" 323s + IFS=: 323s + read -r -a path 323s + user=ubuntu 323s + path=/home/ubuntu/.config/softhsm2/softhsm2.conf 323s ++ dirname /home/ubuntu/.config/softhsm2/softhsm2.conf 323s + runuser -u ubuntu -- mkdir -p /home/ubuntu/.config/softhsm2 323s + runuser -u ubuntu -- ln -sf /tmp/sssd-softhsm2-certs-Wo8EpY/softhsm2-test-root-CA-trusted-certificate-0001.conf /home/ubuntu/.config/softhsm2/softhsm2.conf 323s + runuser -u ubuntu -- softhsm2-util --show-slots 323s + grep 'Test Organization' 323s Label: Test Organization Root Tr Token 323s + for path_pair in "${softhsm2_conf_paths[@]}" 323s + IFS=: 323s + read -r -a path 323s + user=root 323s + path=/etc/softhsm/softhsm2.conf 323s ++ dirname /etc/softhsm/softhsm2.conf 323s + runuser -u root -- mkdir -p /etc/softhsm 323s + runuser -u root -- ln -sf /tmp/sssd-softhsm2-certs-Wo8EpY/softhsm2-test-root-CA-trusted-certificate-0001.conf /etc/softhsm/softhsm2.conf 323s + runuser -u root -- softhsm2-util --show-slots 323s + grep 'Test Organization' 323s Label: Test Organization Root Tr Token 323s + systemctl restart sssd 324s + pam-auth-update --disable sss-smart-card-optional sss-smart-card-required 324s + for alternative in "${alternative_pam_configs[@]}" 324s + pam-auth-update --enable sss-smart-card-optional 324s + cat /etc/pam.d/common-auth 324s + echo -n -e 123456 324s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 324s # 324s # /etc/pam.d/common-auth - authentication settings common to all services 324s # 324s # This file is included from other service-specific PAM config files, 324s # and should contain a list of the authentication modules that define 324s # the central authentication scheme for use on the system 324s # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the 324s # traditional Unix authentication mechanisms. 324s # 324s # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. 324s # To take advantage of this, it is recommended that you configure any 324s # local modules either before or after the default block, and use 324s # pam-auth-update to manage selection of other modules. See 324s # pam-auth-update(8) for details. 324s 324s # here are the per-package modules (the "Primary" block) 324s auth [success=3 default=ignore] pam_sss.so allow_missing_name try_cert_auth 324s auth [success=2 default=ignore] pam_unix.so nullok try_first_pass 324s auth [success=1 default=ignore] pam_sss.so use_first_pass 324s # here's the fallback if no module succeeds 324s auth requisite pam_deny.so 324s # prime the stack with a positive return value if there isn't one already; 324s # this avoids us returning an error just because nothing sets a success code 324s # since the modules above will each just jump around 324s auth required pam_permit.so 324s # and here are more per-package modules (the "Additional" block) 324s auth optional pam_cap.so 324s # end of pam-auth-update config 324s pamtester: invoking pam_start(login, ubuntu, ...) 324s pamtester: performing operation - authenticate 324s PIN for Test Organization Root Tr Token: pamtester: successfully authenticated 324s + echo -n -e 123456 324s + runuser -u ubuntu -- pamtester -v login '' authenticate 324s pamtester: invoking pam_start(login, , ...) 324s pamtester: performing operation - authenticate 324s PIN for Test Organization Root Tr Token: pamtester: successfully authenticated 324s + echo -n -e wrong123456 324s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 324s pamtester: invoking pam_start(login, ubuntu, ...) 324s pamtester: performing operation - authenticate 327s PIN for Test Organization Root Tr Token: Password: pamtester: Authentication failure 327s + echo -n -e wrong123456 327s + runuser -u ubuntu -- pamtester -v login '' authenticate 327s pamtester: invoking pam_start(login, , ...) 327s pamtester: performing operation - authenticate 329s PIN for Test Organization Root Tr Token: Password: pamtester: Authentication failure 329s + echo -n -e 123456 329s + pamtester -v login root authenticate 329s pamtester: invoking pam_start(login, root, ...) 329s pamtester: performing operation - authenticate 333s Password: pamtester: Authentication failure 333s + for alternative in "${alternative_pam_configs[@]}" 333s + pam-auth-update --enable sss-smart-card-required 333s PAM configuration 333s ----------------- 333s 333s Incompatible PAM profiles selected. 333s 333s The following PAM profiles cannot be used together: 333s 333s SSS required smart card authentication, SSS optional smart card 333s authentication 333s 333s Please select a different set of modules to enable. 333s 333s + cat /etc/pam.d/common-auth 333s # 333s # /etc/pam.d/common-auth - authentication settings common to all services 333s # 333s # This file is included from other service-specific PAM config files, 333s # and should contain a list of the authentication modules that define 333s # the central authentication scheme for use on the system 333s # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the 333s # traditional Unix authentication mechanisms. 333s # 333s # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. 333s # To take advantage of this, it is recommended that you configure any 333s # local modules either before or after the default block, and use 333s # pam-auth-update to manage selection of other modules. See 333s # pam-auth-update(8) for details. 333s 333s # here are the per-package modules (the "Primary" block) 333s auth [success=3 ignore=ignore default=die] pam_sss.so allow_missing_name require_cert_auth 333s auth [success=2 default=ignore] pam_unix.so nullok try_first_pass 333s auth [success=1 default=ignore] pam_sss.so use_first_pass 333s # here's the fallback if no module succeeds 333s auth requisite pam_deny.so 333s # prime the stack with a positive return value if there isn't one already; 333s # this avoids us returning an error just because nothing sets a success code 333s # since the modules above will each just jump around 333s auth required pam_permit.so 333s # and here are more per-package modules (the "Additional" block) 333s auth optional pam_cap.so 333s # end of pam-auth-update config 333s + echo -n -e 123456 333s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 334s pamtester: invoking pam_start(login, ubuntu, ...) 334s pamtester: performing operation - authenticate 334s PIN for Test Organization Root Tr Token: pamtester: successfully authenticated 334s + echo -n -e 123456 334s + runuser -u ubuntu -- pamtester -v login '' authenticate 334s pamtester: invoking pam_start(login, , ...) 334s pamtester: performing operation - authenticate 334s PIN for Test Organization Root Tr Token: pamtester: successfully authenticated 334s + echo -n -e wrong123456 334s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 334s pamtester: invoking pam_start(login, ubuntu, ...) 334s pamtester: performing operation - authenticate 337s PIN for Test Organization Root Tr Token: pamtester: Authentication failure 337s + echo -n -e wrong123456 337s + runuser -u ubuntu -- pamtester -v login '' authenticate 337s pamtester: invoking pam_start(login, , ...) 337s pamtester: performing operation - authenticate 340s PIN for Test Organization Root Tr Token: pamtester: Authentication failure 340s + echo -n -e 123456 340s + pamtester -v login root authenticate 340s pamtester: invoking pam_start(login, root, ...) 340s pamtester: performing operation - authenticate 343s pamtester: Authentication service cannot retrieve authentication info 343s + test_authentication login /tmp/sssd-softhsm2-certs-Wo8EpY/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf /tmp/sssd-softhsm2-certs-Wo8EpY/test-full-chain-CA.pem 343s + pam_service=login 343s + certificate_config=/tmp/sssd-softhsm2-certs-Wo8EpY/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 343s + ca_db=/tmp/sssd-softhsm2-certs-Wo8EpY/test-full-chain-CA.pem 343s + verification_options= 343s + mkdir -p -m 700 /etc/sssd 343s Using CA DB '/tmp/sssd-softhsm2-certs-Wo8EpY/test-full-chain-CA.pem' with verification options: '' 343s + echo 'Using CA DB '\''/tmp/sssd-softhsm2-certs-Wo8EpY/test-full-chain-CA.pem'\'' with verification options: '\'''\''' 343s + cat 343s + chmod 600 /etc/sssd/sssd.conf 343s + for path_pair in "${softhsm2_conf_paths[@]}" 343s + IFS=: 343s + read -r -a path 343s + user=ubuntu 343s + path=/home/ubuntu/.config/softhsm2/softhsm2.conf 343s ++ dirname /home/ubuntu/.config/softhsm2/softhsm2.conf 343s + runuser -u ubuntu -- mkdir -p /home/ubuntu/.config/softhsm2 343s + runuser -u ubuntu -- ln -sf /tmp/sssd-softhsm2-certs-Wo8EpY/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf /home/ubuntu/.config/softhsm2/softhsm2.conf 343s + runuser -u ubuntu -- softhsm2-util --show-slots 343s + grep 'Test Organization' 343s Label: Test Organization Sub Int Token 343s + for path_pair in "${softhsm2_conf_paths[@]}" 343s + IFS=: 343s + read -r -a path 343s + user=root 343s + path=/etc/softhsm/softhsm2.conf 343s ++ dirname /etc/softhsm/softhsm2.conf 343s + runuser -u root -- mkdir -p /etc/softhsm 343s + runuser -u root -- ln -sf /tmp/sssd-softhsm2-certs-Wo8EpY/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf /etc/softhsm/softhsm2.conf 343s + runuser -u root -- softhsm2-util --show-slots 343s + grep 'Test Organization' 343s Label: Test Organization Sub Int Token 343s + systemctl restart sssd 343s + pam-auth-update --disable sss-smart-card-optional sss-smart-card-required 344s + for alternative in "${alternative_pam_configs[@]}" 344s + pam-auth-update --enable sss-smart-card-optional 344s + cat /etc/pam.d/common-auth 344s # 344s # /etc/pam.d/common-auth - authentication settings common to all services 344s # 344s # This file is included from other service-specific PAM config files, 344s # and should contain a list of the authentication modules that define 344s # the central authentication scheme for use on the system 344s # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the 344s # traditional Unix authentication mechanisms. 344s # 344s # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. 344s # To take advantage of this, it is recommended that you configure any 344s # local modules either before or after the default block, and use 344s # pam-auth-update to manage selection of other modules. See 344s # pam-auth-update(8) for details. 344s 344s # here are the per-package modules (the "Primary" block) 344s auth [success=3 default=ignore] pam_sss.so allow_missing_name try_cert_auth 344s auth [success=2 default=ignore] pam_unix.so nullok try_first_pass 344s auth [success=1 default=ignore] pam_sss.so use_first_pass 344s # here's the fallback if no module succeeds 344s auth requisite pam_deny.so 344s # prime the stack with a positive return value if there isn't one already; 344s # this avoids us returning an error just because nothing sets a success code 344s # since the modules above will each just jump around 344s auth required pam_permit.so 344s # and here are more per-package modules (the "Additional" block) 344s auth optional pam_cap.so 344s # end of pam-auth-update config 344s + echo -n -e 123456 344s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 344s pamtester: invoking pam_start(login, ubuntu, ...) 344s pamtester: performing operation - authenticate 344s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 344s + echo -n -e 123456 344s + runuser -u ubuntu -- pamtester -v login '' authenticate 344s pamtester: invoking pam_start(login, , ...) 344s pamtester: performing operation - authenticate 344s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 344s + echo -n -e wrong123456 344s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 344s pamtester: invoking pam_start(login, ubuntu, ...) 344s pamtester: performing operation - authenticate 346s PIN for Test Organization Sub Int Token: Password: pamtester: Authentication failure 346s + echo -n -e wrong123456 346s + runuser -u ubuntu -- pamtester -v login '' authenticate 346s pamtester: invoking pam_start(login, , ...) 346s pamtester: performing operation - authenticate 349s PIN for Test Organization Sub Int Token: Password: pamtester: Authentication failure 349s + echo -n -e 123456 349s + pamtester -v login root authenticate 349s pamtester: invoking pam_start(login, root, ...) 349s pamtester: performing operation - authenticate 352s Password: pamtester: Authentication failure 352s + for alternative in "${alternative_pam_configs[@]}" 352s + pam-auth-update --enable sss-smart-card-required 352s PAM configuration 352s ----------------- 352s 352s Incompatible PAM profiles selected. 352s 352s The following PAM profiles cannot be used together: 352s 352s SSS required smart card authentication, SSS optional smart card 352s authentication 352s 352s Please select a different set of modules to enable. 352s 352s + cat /etc/pam.d/common-auth 352s # 352s # /etc/pam.d/common-auth - authentication settings common to all services 352s # 352s # This file is included from other service-specific PAM config files, 352s # and should contain a list of the authentication modules that define 352s # the central authentication scheme for use on the system 352s # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the 352s # traditional Unix authentication mechanisms. 352s # 352s # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. 352s # To take advantage of this, it is recommended that you configure any 352s # local modules either before or after the default block, and use 352s # pam-auth-update to manage selection of other modules. See 352s # pam-auth-update(8) for details. 352s 352s # here are the per-package modules (the "Primary" block) 352s auth [success=3 ignore=ignore default=die] pam_sss.so allow_missing_name require_cert_auth 352s auth [success=2 default=ignore] pam_unix.so nullok try_first_pass 352s auth [success=1 default=ignore] pam_sss.so use_first_pass 352s # here's the fallback if no module succeeds 352s auth requisite pam_deny.so 352s # prime the stack with a positive return value if there isn't one already; 352s # this avoids us returning an error just because nothing sets a success code 352s # since the modules above will each just jump around 352s auth required pam_permit.so 352s # and here are more per-package modules (the "Additional" block) 352s auth optional pam_cap.so 352s # end of pam-auth-update config 352s + echo -n -e 123456 352s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 352s pamtester: invoking pam_start(login, ubuntu, ...) 352s pamtester: performing operation - authenticate 352s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 352s + echo -n -e 123456 352s + runuser -u ubuntu -- pamtester -v login '' authenticate 352s pamtester: invoking pam_start(login, , ...) 352s pamtester: performing operation - authenticate 352s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 352s + echo -n -e wrong123456 352s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 352s pamtester: invoking pam_start(login, ubuntu, ...) 352s pamtester: performing operation - authenticate 355s PIN for Test Organization Sub Int Token: pamtester: Authentication failure 356s + echo -n -e wrong123456 356s + runuser -u ubuntu -- pamtester -v login '' authenticate 356s pamtester: invoking pam_start(login, , ...) 356s pamtester: performing operation - authenticate 359s PIN for Test Organization Sub Int Token: pamtester: Authentication failure 359s + echo -n -e 123456 359s + pamtester -v login root authenticate 359s pamtester: invoking pam_start(login, root, ...) 359s pamtester: performing operation - authenticate 361s pamtester: Authentication service cannot retrieve authentication info 361s + test_authentication login /tmp/sssd-softhsm2-certs-Wo8EpY/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf /tmp/sssd-softhsm2-certs-Wo8EpY/test-sub-intermediate-CA.pem partial_chain 361s + pam_service=login 361s + certificate_config=/tmp/sssd-softhsm2-certs-Wo8EpY/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 361s + ca_db=/tmp/sssd-softhsm2-certs-Wo8EpY/test-sub-intermediate-CA.pem 361s + verification_options=partial_chain 361s + mkdir -p -m 700 /etc/sssd 361s Using CA DB '/tmp/sssd-softhsm2-certs-Wo8EpY/test-sub-intermediate-CA.pem' with verification options: 'partial_chain' 361s + echo 'Using CA DB '\''/tmp/sssd-softhsm2-certs-Wo8EpY/test-sub-intermediate-CA.pem'\'' with verification options: '\''partial_chain'\''' 361s + cat 361s + chmod 600 /etc/sssd/sssd.conf 361s + for path_pair in "${softhsm2_conf_paths[@]}" 361s + IFS=: 361s + read -r -a path 361s + user=ubuntu 361s Label: Test Organization Sub Int Token 361s + path=/home/ubuntu/.config/softhsm2/softhsm2.conf 361s ++ dirname /home/ubuntu/.config/softhsm2/softhsm2.conf 361s + runuser -u ubuntu -- mkdir -p /home/ubuntu/.config/softhsm2 361s + runuser -u ubuntu -- ln -sf /tmp/sssd-softhsm2-certs-Wo8EpY/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf /home/ubuntu/.config/softhsm2/softhsm2.conf 361s + runuser -u ubuntu -- softhsm2-util --show-slots 361s + grep 'Test Organization' 361s + for path_pair in "${softhsm2_conf_paths[@]}" 361s + IFS=: 361s + read -r -a path 361s + user=root 361s + path=/etc/softhsm/softhsm2.conf 361s ++ dirname /etc/softhsm/softhsm2.conf 361s + runuser -u root -- mkdir -p /etc/softhsm 362s + runuser -u root -- ln -sf /tmp/sssd-softhsm2-certs-Wo8EpY/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf /etc/softhsm/softhsm2.conf 362s + runuser -u root -- softhsm2-util --show-slots 362s + grep 'Test Organization' 362s Label: Test Organization Sub Int Token 362s + systemctl restart sssd 362s + pam-auth-update --disable sss-smart-card-optional sss-smart-card-required 362s + for alternative in "${alternative_pam_configs[@]}" 362s + pam-auth-update --enable sss-smart-card-optional 362s # 362s # /etc/pam.d/common-auth - authentication settings common to all services 362s # 362s # This file is included from other service-specific PAM config files, 362s # and should contain a list of the authentication modules that define 362s # the central authentication scheme for use on the system 362s # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the 362s # traditional Unix authentication mechanisms. 362s # 362s # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. 362s # To take advantage of this, it is recommended that you configure any 362s # local modules either before or after the default block, and use 362s # pam-auth-update to manage selection of other modules. See 362s # pam-auth-update(8) for details. 362s 362s # here are the per-package modules (the "Primary" block) 362s auth [success=3 default=ignore] pam_sss.so allow_missing_name try_cert_auth 362s auth [success=2 default=ignore] pam_unix.so nullok try_first_pass 362s auth [success=1 default=ignore] pam_sss.so use_first_pass 362s # here's the fallback if no module succeeds 362s auth requisite pam_deny.so 362s # prime the stack with a positive return value if there isn't one already; 362s # this avoids us returning an error just because nothing sets a success code 362s # since the modules above will each just jump around 362s auth required pam_permit.so 362s # and here are more per-package modules (the "Additional" block) 362s auth optional pam_cap.so 362s # end of pam-auth-update config 362s + cat /etc/pam.d/common-auth 362s + echo -n -e 123456 362s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 362s pamtester: invoking pam_start(login, ubuntu, ...) 362s pamtester: performing operation - authenticate 362s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 362s + echo -n -e 123456 362s + runuser -u ubuntu -- pamtester -v login '' authenticate 362s pamtester: invoking pam_start(login, , ...) 362s pamtester: performing operation - authenticate 362s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 362s + echo -n -e wrong123456 362s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 362s pamtester: invoking pam_start(login, ubuntu, ...) 362s pamtester: performing operation - authenticate 365s PIN for Test Organization Sub Int Token: Password: pamtester: Authentication failure 365s + echo -n -e wrong123456 365s + runuser -u ubuntu -- pamtester -v login '' authenticate 365s pamtester: invoking pam_start(login, , ...) 365s pamtester: performing operation - authenticate 368s PIN for Test Organization Sub Int Token: Password: pamtester: Authentication failure 368s + echo -n -e 123456 368s + pamtester -v login root authenticate 368s pamtester: invoking pam_start(login, root, ...) 368s pamtester: performing operation - authenticate 371s Password: pamtester: Authentication failure 371s + for alternative in "${alternative_pam_configs[@]}" 371s + pam-auth-update --enable sss-smart-card-required 371s PAM configuration 371s ----------------- 371s 371s Incompatible PAM profiles selected. 371s 371s The following PAM profiles cannot be used together: 371s 371s SSS required smart card authentication, SSS optional smart card 371s authentication 371s 371s Please select a different set of modules to enable. 371s 371s + cat /etc/pam.d/common-auth 371s # 371s # /etc/pam.d/common-auth - authentication settings common to all services 371s # 371s # This file is included from other service-specific PAM config files, 371s # and should contain a list of the authentication modules that define 371s # the central authentication scheme for use on the system 371s # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the 371s # traditional Unix authentication mechanisms. 371s # 371s # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. 371s # To take advantage of this, it is recommended that you configure any 371s # local modules either before or after the default block, and use 371s # pam-auth-update to manage selection of other modules. See 371s # pam-auth-update(8) for details. 371s 371s # here are the per-package modules (the "Primary" block) 371s auth [success=3 ignore=ignore default=die] pam_sss.so allow_missing_name require_cert_auth 371s auth [success=2 default=ignore] pam_unix.so nullok try_first_pass 371s auth [success=1 default=ignore] pam_sss.so use_first_pass 371s # here's the fallback if no module succeeds 371s auth requisite pam_deny.so 371s # prime the stack with a positive return value if there isn't one already; 371s # this avoids us returning an error just because nothing sets a success code 371s # since the modules above will each just jump around 371s auth required pam_permit.so 371s # and here are more per-package modules (the "Additional" block) 371s auth optional pam_cap.so 371s # end of pam-auth-update config 371s + echo -n -e 123456 371s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 371s pamtester: invoking pam_start(login, ubuntu, ...) 371s pamtester: performing operation - authenticate 371s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 371s + echo -n -e 123456 371s + runuser -u ubuntu -- pamtester -v login '' authenticate 371s pamtester: invoking pam_start(login, , ...) 371s pamtester: performing operation - authenticate 372s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 372s + echo -n -e wrong123456 372s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 372s pamtester: invoking pam_start(login, ubuntu, ...) 372s pamtester: performing operation - authenticate 375s PIN for Test Organization Sub Int Token: pamtester: Authentication failure 375s + echo -n -e wrong123456 375s + runuser -u ubuntu -- pamtester -v login '' authenticate 375s pamtester: invoking pam_start(login, , ...) 375s pamtester: performing operation - authenticate 378s PIN for Test Organization Sub Int Token: pamtester: Authentication failure 378s + echo -n -e 123456 378s + pamtester -v login root authenticate 378s pamtester: invoking pam_start(login, root, ...) 378s pamtester: performing operation - authenticate 380s pamtester: Authentication service cannot retrieve authentication info 380s + handle_exit 380s + exit_code=0 380s + restore_changes 380s + for path in "${restore_paths[@]}" 380s + local original_path 380s ++ realpath --strip --relative-base=/tmp/sssd-softhsm2-backups-Gh89re /tmp/sssd-softhsm2-backups-Gh89re//etc/softhsm/softhsm2.conf 380s + original_path=/etc/softhsm/softhsm2.conf 380s + rm /etc/softhsm/softhsm2.conf 380s + mv /tmp/sssd-softhsm2-backups-Gh89re//etc/softhsm/softhsm2.conf /etc/softhsm/softhsm2.conf 380s + for path in "${delete_paths[@]}" 380s + rm -f /etc/sssd/sssd.conf 380s + for path in "${delete_paths[@]}" 380s + rm -f /home/ubuntu/.config/softhsm2/softhsm2.conf 380s + pam-auth-update --disable sss-smart-card-optional sss-smart-card-required 381s + '[' -e /etc/sssd/sssd.conf ']' 381s + systemctl stop sssd 381s + '[' -e /etc/softhsm/softhsm2.conf ']' 381s + chmod 600 /etc/softhsm/softhsm2.conf 381s + rm -rf /tmp/sssd-softhsm2-certs-Wo8EpY 381s + '[' 0 = 0 ']' 381s + rm -rf /tmp/sssd-softhsm2-backups-Gh89re 381s + set +x 381s Script completed successfully! 381s autopkgtest [12:38:30]: test sssd-smart-card-pam-auth-configs: -----------------------] 382s autopkgtest [12:38:31]: test sssd-smart-card-pam-auth-configs: - - - - - - - - - - results - - - - - - - - - - 382s sssd-smart-card-pam-auth-configs PASS 382s autopkgtest [12:38:31]: @@@@@@@@@@@@@@@@@@@@ summary 382s ldap-user-group-ldap-auth PASS 382s ldap-user-group-krb5-auth PASS 382s sssd-softhism2-certificates-tests.sh PASS 382s sssd-smart-card-pam-auth-configs PASS 394s Creating nova instance adt-noble-arm64-sssd-20240316-123208-juju-7f2275-prod-proposed-migration-environment-2 from image adt/ubuntu-noble-arm64-server-20240314.img (UUID 7faf5f09-d335-4346-a441-4eab2f9c04fe)... 394s Creating nova instance adt-noble-arm64-sssd-20240316-123208-juju-7f2275-prod-proposed-migration-environment-2 from image adt/ubuntu-noble-arm64-server-20240314.img (UUID 7faf5f09-d335-4346-a441-4eab2f9c04fe)...