0s autopkgtest [17:49:30]: starting date and time: 2024-03-18 17:49:30+0000 0s autopkgtest [17:49:30]: git checkout: b506e79c ssh-setup/nova: fix ARCH having two lines of data 0s autopkgtest [17:49:30]: host juju-7f2275-prod-proposed-migration-environment-2; command line: /home/ubuntu/autopkgtest/runner/autopkgtest --output-dir /tmp/autopkgtest-work.s9buufrt/out --timeout-copy=6000 --setup-commands /home/ubuntu/autopkgtest-cloud/worker-config-production/setup-canonical.sh --apt-pocket=proposed=src:sudo,src:openssl --apt-upgrade sssd --timeout-short=300 --timeout-copy=20000 --timeout-build=20000 '--env=ADT_TEST_TRIGGERS=sudo/1.9.15p5-3ubuntu3 openssl/3.0.13-0ubuntu2' -- ssh -s /home/ubuntu/autopkgtest/ssh-setup/nova -- --flavor autopkgtest --security-groups autopkgtest-juju-7f2275-prod-proposed-migration-environment-2@bos02-arm64-4.secgroup --name adt-noble-arm64-sssd-20240318-174930-juju-7f2275-prod-proposed-migration-environment-2 --image adt/ubuntu-noble-arm64-server --keyname testbed-juju-7f2275-prod-proposed-migration-environment-2 --net-id=net_prod-proposed-migration -e TERM=linux -e ''"'"'http_proxy=http://squid.internal:3128'"'"'' -e ''"'"'https_proxy=http://squid.internal:3128'"'"'' -e ''"'"'no_proxy=127.0.0.1,127.0.1.1,login.ubuntu.com,localhost,localdomain,novalocal,internal,archive.ubuntu.com,ports.ubuntu.com,security.ubuntu.com,ddebs.ubuntu.com,changelogs.ubuntu.com,launchpadlibrarian.net,launchpadcontent.net,launchpad.net,10.24.0.0/24,keystone.ps5.canonical.com,objectstorage.prodstack5.canonical.com'"'"'' --mirror=http://ftpmaster.internal/ubuntu/ 134s autopkgtest [17:51:44]: testbed dpkg architecture: arm64 134s autopkgtest [17:51:44]: testbed apt version: 2.7.12 134s autopkgtest [17:51:44]: @@@@@@@@@@@@@@@@@@@@ test bed setup 135s Get:1 http://ftpmaster.internal/ubuntu noble-proposed InRelease [117 kB] 136s Get:2 http://ftpmaster.internal/ubuntu noble-proposed/restricted Sources [6540 B] 136s Get:3 http://ftpmaster.internal/ubuntu noble-proposed/universe Sources [3728 kB] 137s Get:4 http://ftpmaster.internal/ubuntu noble-proposed/main Sources [485 kB] 137s Get:5 http://ftpmaster.internal/ubuntu noble-proposed/multiverse Sources [52.0 kB] 137s Get:6 http://ftpmaster.internal/ubuntu noble-proposed/main arm64 Packages [654 kB] 137s Get:7 http://ftpmaster.internal/ubuntu noble-proposed/main arm64 c-n-f Metadata [3144 B] 137s Get:8 http://ftpmaster.internal/ubuntu noble-proposed/restricted arm64 Packages [33.6 kB] 137s Get:9 http://ftpmaster.internal/ubuntu noble-proposed/restricted arm64 c-n-f Metadata [116 B] 137s Get:10 http://ftpmaster.internal/ubuntu noble-proposed/universe arm64 Packages [4102 kB] 138s Get:11 http://ftpmaster.internal/ubuntu noble-proposed/universe arm64 c-n-f Metadata [8528 B] 138s Get:12 http://ftpmaster.internal/ubuntu noble-proposed/multiverse arm64 Packages [55.7 kB] 138s Get:13 http://ftpmaster.internal/ubuntu noble-proposed/multiverse arm64 c-n-f Metadata [116 B] 147s Fetched 9246 kB in 5s (1806 kB/s) 148s Reading package lists... 154s Reading package lists... 155s Building dependency tree... 155s Reading state information... 156s Calculating upgrade... 157s The following packages will be REMOVED: 157s libssl3 157s The following NEW packages will be installed: 157s libssl3t64 157s The following packages will be upgraded: 157s openssl sudo 158s 2 upgraded, 1 newly installed, 1 to remove and 0 not upgraded. 158s Need to get 3706 kB of archives. 158s After this operation, 143 kB of additional disk space will be used. 158s Get:1 http://ftpmaster.internal/ubuntu noble-proposed/main arm64 sudo arm64 1.9.15p5-3ubuntu3 [928 kB] 158s Get:2 http://ftpmaster.internal/ubuntu noble-proposed/main arm64 openssl arm64 3.0.13-0ubuntu2 [985 kB] 159s Get:3 http://ftpmaster.internal/ubuntu noble-proposed/main arm64 libssl3t64 arm64 3.0.13-0ubuntu2 [1793 kB] 160s Fetched 3706 kB in 2s (2019 kB/s) 161s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 75850 files and directories currently installed.) 161s Preparing to unpack .../sudo_1.9.15p5-3ubuntu3_arm64.deb ... 161s Unpacking sudo (1.9.15p5-3ubuntu3) over (1.9.15p5-3ubuntu1) ... 161s Preparing to unpack .../openssl_3.0.13-0ubuntu2_arm64.deb ... 161s Unpacking openssl (3.0.13-0ubuntu2) over (3.0.10-1ubuntu4) ... 162s dpkg: libssl3:arm64: dependency problems, but removing anyway as you requested: 162s wget depends on libssl3 (>= 3.0.0). 162s u-boot-tools depends on libssl3 (>= 3.0.0). 162s tnftp depends on libssl3 (>= 3.0.0). 162s tcpdump depends on libssl3 (>= 3.0.0). 162s systemd-resolved depends on libssl3 (>= 3.0.0). 162s systemd depends on libssl3 (>= 3.0.0). 162s sbsigntool depends on libssl3 (>= 3.0.0). 162s rsync depends on libssl3 (>= 3.0.0). 162s python3-cryptography depends on libssl3 (>= 3.0.0). 162s openssh-server depends on libssl3 (>= 3.0.10). 162s openssh-client depends on libssl3 (>= 3.0.10). 162s mtd-utils depends on libssl3 (>= 3.0.0). 162s mokutil depends on libssl3 (>= 3.0.0). 162s linux-headers-6.8.0-11-generic depends on libssl3 (>= 3.0.0). 162s libsystemd-shared:arm64 depends on libssl3 (>= 3.0.0). 162s libssh-4:arm64 depends on libssl3 (>= 3.0.0). 162s libsasl2-modules:arm64 depends on libssl3 (>= 3.0.0). 162s libsasl2-2:arm64 depends on libssl3 (>= 3.0.0). 162s libpython3.12-minimal:arm64 depends on libssl3 (>= 3.0.0). 162s libpython3.11-minimal:arm64 depends on libssl3 (>= 3.0.0). 162s libnvme1 depends on libssl3 (>= 3.0.0). 162s libkrb5-3:arm64 depends on libssl3 (>= 3.0.0). 162s libkmod2:arm64 depends on libssl3 (>= 3.0.0). 162s libfido2-1:arm64 depends on libssl3 (>= 3.0.0). 162s libcurl4:arm64 depends on libssl3 (>= 3.0.0). 162s libcryptsetup12:arm64 depends on libssl3 (>= 3.0.0). 162s kmod depends on libssl3 (>= 3.0.0). 162s dhcpcd-base depends on libssl3 (>= 3.0.0). 162s bind9-libs:arm64 depends on libssl3 (>= 3.0.0). 162s 162s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 75850 files and directories currently installed.) 162s Removing libssl3:arm64 (3.0.10-1ubuntu4) ... 162s Selecting previously unselected package libssl3t64:arm64. 162s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 75839 files and directories currently installed.) 162s Preparing to unpack .../libssl3t64_3.0.13-0ubuntu2_arm64.deb ... 162s Unpacking libssl3t64:arm64 (3.0.13-0ubuntu2) ... 162s Setting up libssl3t64:arm64 (3.0.13-0ubuntu2) ... 162s Setting up sudo (1.9.15p5-3ubuntu3) ... 162s Setting up openssl (3.0.13-0ubuntu2) ... 162s Processing triggers for man-db (2.12.0-3) ... 164s Processing triggers for libc-bin (2.39-0ubuntu2) ... 165s Reading package lists... 166s Building dependency tree... 166s Reading state information... 168s 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 168s Hit:1 http://ftpmaster.internal/ubuntu noble-proposed InRelease 168s Hit:2 http://ftpmaster.internal/ubuntu noble InRelease 169s Hit:3 http://ftpmaster.internal/ubuntu noble-updates InRelease 169s Hit:4 http://ftpmaster.internal/ubuntu noble-security InRelease 174s Reading package lists... 174s Reading package lists... 175s Building dependency tree... 175s Reading state information... 176s Calculating upgrade... 177s 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 178s Reading package lists... 178s Building dependency tree... 178s Reading state information... 180s 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 180s autopkgtest [17:52:30]: rebooting testbed after setup commands that affected boot 346s autopkgtest-virt-ssh: WARNING: ssh connection failed. Retrying in 3 seconds... 355s autopkgtest [17:55:25]: testbed running kernel: Linux 6.8.0-11-generic #11-Ubuntu SMP PREEMPT_DYNAMIC Wed Feb 14 02:53:31 UTC 2024 359s autopkgtest [17:55:29]: @@@@@@@@@@@@@@@@@@@@ apt-source sssd 391s Get:1 http://ftpmaster.internal/ubuntu noble/main sssd 2.9.4-1ubuntu1 (dsc) [5269 B] 391s Get:2 http://ftpmaster.internal/ubuntu noble/main sssd 2.9.4-1ubuntu1 (tar) [7983 kB] 391s Get:3 http://ftpmaster.internal/ubuntu noble/main sssd 2.9.4-1ubuntu1 (asc) [833 B] 391s Get:4 http://ftpmaster.internal/ubuntu noble/main sssd 2.9.4-1ubuntu1 (diff) [48.4 kB] 392s gpgv: Signature made Mon Feb 26 21:56:54 2024 UTC 392s gpgv: using RSA key E92FD0B36B14F1F4D8E0EB2F106DA1C8C3CBBF14 392s gpgv: Can't check signature: No public key 392s dpkg-source: warning: cannot verify inline signature for ./sssd_2.9.4-1ubuntu1.dsc: no acceptable signature found 394s autopkgtest [17:56:04]: testing package sssd version 2.9.4-1ubuntu1 395s autopkgtest [17:56:05]: build not needed 503s autopkgtest [17:57:53]: test ldap-user-group-ldap-auth: preparing testbed 505s Reading package lists... 506s Building dependency tree... 506s Reading state information... 507s Starting pkgProblemResolver with broken count: 0 507s Starting 2 pkgProblemResolver with broken count: 0 507s Done 509s The following additional packages will be installed: 509s expect ldap-utils libavahi-client3 libavahi-common-data libavahi-common3 509s libbasicobjects0 libc-ares2 libcollection4 libcrack2 libdhash1 509s libevent-2.1-7 libini-config5 libipa-hbac-dev libipa-hbac0 libjose0 libkrad0 509s libldb2 libltdl7 libnfsidmap1 libnss-sss libnss-sudo libodbc2 509s libpam-pwquality libpam-sss libpath-utils1 libpwquality-common libpwquality1 509s libref-array1 libsmbclient libsss-certmap-dev libsss-certmap0 509s libsss-idmap-dev libsss-idmap0 libsss-nss-idmap-dev libsss-nss-idmap0 509s libsss-sudo libtalloc2 libtcl8.6 libtdb1 libtevent0 libverto-libevent1 509s libverto1 libwbclient0 python3-libipa-hbac python3-libsss-nss-idmap 509s python3-sss samba-libs slapd sssd sssd-ad sssd-ad-common sssd-common 509s sssd-dbus sssd-idp sssd-ipa sssd-kcm sssd-krb5 sssd-krb5-common sssd-ldap 509s sssd-passkey sssd-proxy sssd-tools tcl-expect tcl8.6 509s Suggested packages: 509s tk8.6 libsasl2-modules-gssapi-mit | libsasl2-modules-gssapi-heimdal 509s odbc-postgresql tdsodbc adcli libsasl2-modules-ldap tcl-tclreadline 509s Recommended packages: 509s cracklib-runtime libsasl2-modules-gssapi-mit 509s | libsasl2-modules-gssapi-heimdal 509s The following NEW packages will be installed: 509s autopkgtest-satdep expect ldap-utils libavahi-client3 libavahi-common-data 509s libavahi-common3 libbasicobjects0 libc-ares2 libcollection4 libcrack2 509s libdhash1 libevent-2.1-7 libini-config5 libipa-hbac-dev libipa-hbac0 509s libjose0 libkrad0 libldb2 libltdl7 libnfsidmap1 libnss-sss libnss-sudo 509s libodbc2 libpam-pwquality libpam-sss libpath-utils1 libpwquality-common 509s libpwquality1 libref-array1 libsmbclient libsss-certmap-dev libsss-certmap0 509s libsss-idmap-dev libsss-idmap0 libsss-nss-idmap-dev libsss-nss-idmap0 509s libsss-sudo libtalloc2 libtcl8.6 libtdb1 libtevent0 libverto-libevent1 509s libverto1 libwbclient0 python3-libipa-hbac python3-libsss-nss-idmap 509s python3-sss samba-libs slapd sssd sssd-ad sssd-ad-common sssd-common 509s sssd-dbus sssd-idp sssd-ipa sssd-kcm sssd-krb5 sssd-krb5-common sssd-ldap 509s sssd-passkey sssd-proxy sssd-tools tcl-expect tcl8.6 509s 0 upgraded, 65 newly installed, 0 to remove and 0 not upgraded. 509s Need to get 12.6 MB/12.6 MB of archives. 509s After this operation, 59.9 MB of additional disk space will be used. 509s Get:1 /tmp/autopkgtest.fO43Gi/1-autopkgtest-satdep.deb autopkgtest-satdep arm64 0 [864 B] 510s Get:2 http://ftpmaster.internal/ubuntu noble/main arm64 libltdl7 arm64 2.4.7-7 [40.3 kB] 510s Get:3 http://ftpmaster.internal/ubuntu noble/main arm64 libodbc2 arm64 2.3.12-1 [144 kB] 510s Get:4 http://ftpmaster.internal/ubuntu noble/main arm64 slapd arm64 2.6.7+dfsg-1~exp1ubuntu1 [1515 kB] 511s Get:5 http://ftpmaster.internal/ubuntu noble/main arm64 libtcl8.6 arm64 8.6.13+dfsg-2 [980 kB] 511s Get:6 http://ftpmaster.internal/ubuntu noble/main arm64 tcl8.6 arm64 8.6.13+dfsg-2 [14.6 kB] 511s Get:7 http://ftpmaster.internal/ubuntu noble/universe arm64 tcl-expect arm64 5.45.4-2build1 [103 kB] 511s Get:8 http://ftpmaster.internal/ubuntu noble/universe arm64 expect arm64 5.45.4-2build1 [137 kB] 511s Get:9 http://ftpmaster.internal/ubuntu noble/main arm64 ldap-utils arm64 2.6.7+dfsg-1~exp1ubuntu1 [149 kB] 511s Get:10 http://ftpmaster.internal/ubuntu noble/main arm64 libavahi-common-data arm64 0.8-13ubuntu2 [29.5 kB] 511s Get:11 http://ftpmaster.internal/ubuntu noble/main arm64 libavahi-common3 arm64 0.8-13ubuntu2 [23.2 kB] 511s Get:12 http://ftpmaster.internal/ubuntu noble/main arm64 libavahi-client3 arm64 0.8-13ubuntu2 [27.3 kB] 511s Get:13 http://ftpmaster.internal/ubuntu noble/main arm64 libcrack2 arm64 2.9.6-5.1 [28.7 kB] 511s Get:14 http://ftpmaster.internal/ubuntu noble/main arm64 libevent-2.1-7 arm64 2.1.12-stable-9 [138 kB] 511s Get:15 http://ftpmaster.internal/ubuntu noble/universe arm64 libjose0 arm64 11-3 [44.1 kB] 511s Get:16 http://ftpmaster.internal/ubuntu noble/main arm64 libverto-libevent1 arm64 0.3.1-1ubuntu5 [5848 B] 511s Get:17 http://ftpmaster.internal/ubuntu noble/main arm64 libverto1 arm64 0.3.1-1ubuntu5 [10.2 kB] 511s Get:18 http://ftpmaster.internal/ubuntu noble/main arm64 libkrad0 arm64 1.20.1-5build1 [22.1 kB] 511s Get:19 http://ftpmaster.internal/ubuntu noble/main arm64 libtalloc2 arm64 2.4.2-1 [26.6 kB] 511s Get:20 http://ftpmaster.internal/ubuntu noble/main arm64 libtdb1 arm64 1.4.10-1 [48.4 kB] 511s Get:21 http://ftpmaster.internal/ubuntu noble/main arm64 libtevent0 arm64 0.16.1-1 [41.8 kB] 511s Get:22 http://ftpmaster.internal/ubuntu noble/main arm64 libldb2 arm64 2:2.8.0+samba4.19.5+dfsg-1ubuntu1 [187 kB] 511s Get:23 http://ftpmaster.internal/ubuntu noble/main arm64 libnfsidmap1 arm64 1:2.6.3-3ubuntu1 [47.1 kB] 511s Get:24 http://ftpmaster.internal/ubuntu noble-proposed/universe arm64 libnss-sudo all 1.9.15p5-3ubuntu3 [15.1 kB] 511s Get:25 http://ftpmaster.internal/ubuntu noble/main arm64 libpwquality-common all 1.4.5-3 [7658 B] 512s Get:26 http://ftpmaster.internal/ubuntu noble/main arm64 libpwquality1 arm64 1.4.5-3 [13.2 kB] 512s Get:27 http://ftpmaster.internal/ubuntu noble/main arm64 libpam-pwquality arm64 1.4.5-3 [11.6 kB] 512s Get:28 http://ftpmaster.internal/ubuntu noble/main arm64 libwbclient0 arm64 2:4.19.5+dfsg-1ubuntu1 [70.6 kB] 512s Get:29 http://ftpmaster.internal/ubuntu noble/main arm64 samba-libs arm64 2:4.19.5+dfsg-1ubuntu1 [6061 kB] 513s Get:30 http://ftpmaster.internal/ubuntu noble/main arm64 libnss-sss arm64 2.9.4-1ubuntu1 [31.7 kB] 513s Get:31 http://ftpmaster.internal/ubuntu noble/main arm64 libpam-sss arm64 2.9.4-1ubuntu1 [48.8 kB] 513s Get:32 http://ftpmaster.internal/ubuntu noble/main arm64 python3-sss arm64 2.9.4-1ubuntu1 [46.5 kB] 513s Get:33 http://ftpmaster.internal/ubuntu noble/main arm64 libc-ares2 arm64 1.27.0-1 [74.1 kB] 513s Get:34 http://ftpmaster.internal/ubuntu noble/main arm64 libdhash1 arm64 0.6.2-2 [8540 B] 513s Get:35 http://ftpmaster.internal/ubuntu noble/main arm64 libbasicobjects0 arm64 0.6.2-2 [5586 B] 513s Get:36 http://ftpmaster.internal/ubuntu noble/main arm64 libcollection4 arm64 0.6.2-2 [23.0 kB] 513s Get:37 http://ftpmaster.internal/ubuntu noble/main arm64 libpath-utils1 arm64 0.6.2-2 [8722 B] 513s Get:38 http://ftpmaster.internal/ubuntu noble/main arm64 libref-array1 arm64 0.6.2-2 [7042 B] 513s Get:39 http://ftpmaster.internal/ubuntu noble/main arm64 libini-config5 arm64 0.6.2-2 [43.7 kB] 513s Get:40 http://ftpmaster.internal/ubuntu noble/main arm64 libsss-certmap0 arm64 2.9.4-1ubuntu1 [45.8 kB] 513s Get:41 http://ftpmaster.internal/ubuntu noble/main arm64 libsss-idmap0 arm64 2.9.4-1ubuntu1 [21.8 kB] 513s Get:42 http://ftpmaster.internal/ubuntu noble/main arm64 libsss-nss-idmap0 arm64 2.9.4-1ubuntu1 [30.3 kB] 513s Get:43 http://ftpmaster.internal/ubuntu noble/main arm64 sssd-common arm64 2.9.4-1ubuntu1 [1147 kB] 513s Get:44 http://ftpmaster.internal/ubuntu noble/universe arm64 sssd-idp arm64 2.9.4-1ubuntu1 [27.9 kB] 513s Get:45 http://ftpmaster.internal/ubuntu noble/universe arm64 sssd-passkey arm64 2.9.4-1ubuntu1 [32.7 kB] 513s Get:46 http://ftpmaster.internal/ubuntu noble/main arm64 sssd-ad-common arm64 2.9.4-1ubuntu1 [75.4 kB] 513s Get:47 http://ftpmaster.internal/ubuntu noble/main arm64 sssd-krb5-common arm64 2.9.4-1ubuntu1 [87.9 kB] 513s Get:48 http://ftpmaster.internal/ubuntu noble/main arm64 libsmbclient arm64 2:4.19.5+dfsg-1ubuntu1 [62.2 kB] 513s Get:49 http://ftpmaster.internal/ubuntu noble/main arm64 sssd-ad arm64 2.9.4-1ubuntu1 [134 kB] 513s Get:50 http://ftpmaster.internal/ubuntu noble/main arm64 libipa-hbac0 arm64 2.9.4-1ubuntu1 [16.7 kB] 513s Get:51 http://ftpmaster.internal/ubuntu noble/main arm64 sssd-ipa arm64 2.9.4-1ubuntu1 [220 kB] 513s Get:52 http://ftpmaster.internal/ubuntu noble/main arm64 sssd-krb5 arm64 2.9.4-1ubuntu1 [14.3 kB] 513s Get:53 http://ftpmaster.internal/ubuntu noble/main arm64 sssd-ldap arm64 2.9.4-1ubuntu1 [31.3 kB] 513s Get:54 http://ftpmaster.internal/ubuntu noble/main arm64 sssd-proxy arm64 2.9.4-1ubuntu1 [44.6 kB] 513s Get:55 http://ftpmaster.internal/ubuntu noble/main arm64 sssd arm64 2.9.4-1ubuntu1 [4120 B] 513s Get:56 http://ftpmaster.internal/ubuntu noble/main arm64 sssd-dbus arm64 2.9.4-1ubuntu1 [103 kB] 513s Get:57 http://ftpmaster.internal/ubuntu noble/universe arm64 sssd-kcm arm64 2.9.4-1ubuntu1 [139 kB] 513s Get:58 http://ftpmaster.internal/ubuntu noble/main arm64 sssd-tools arm64 2.9.4-1ubuntu1 [97.5 kB] 513s Get:59 http://ftpmaster.internal/ubuntu noble/main arm64 libipa-hbac-dev arm64 2.9.4-1ubuntu1 [6660 B] 513s Get:60 http://ftpmaster.internal/ubuntu noble/main arm64 libsss-certmap-dev arm64 2.9.4-1ubuntu1 [5722 B] 513s Get:61 http://ftpmaster.internal/ubuntu noble/main arm64 libsss-idmap-dev arm64 2.9.4-1ubuntu1 [8380 B] 513s Get:62 http://ftpmaster.internal/ubuntu noble/main arm64 libsss-nss-idmap-dev arm64 2.9.4-1ubuntu1 [6714 B] 513s Get:63 http://ftpmaster.internal/ubuntu noble/universe arm64 libsss-sudo arm64 2.9.4-1ubuntu1 [20.4 kB] 513s Get:64 http://ftpmaster.internal/ubuntu noble/universe arm64 python3-libipa-hbac arm64 2.9.4-1ubuntu1 [16.6 kB] 513s Get:65 http://ftpmaster.internal/ubuntu noble/universe arm64 python3-libsss-nss-idmap arm64 2.9.4-1ubuntu1 [9160 B] 515s Preconfiguring packages ... 515s Fetched 12.6 MB in 4s (3133 kB/s) 515s Selecting previously unselected package libltdl7:arm64. 515s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 75852 files and directories currently installed.) 515s Preparing to unpack .../00-libltdl7_2.4.7-7_arm64.deb ... 515s Unpacking libltdl7:arm64 (2.4.7-7) ... 515s Selecting previously unselected package libodbc2:arm64. 515s Preparing to unpack .../01-libodbc2_2.3.12-1_arm64.deb ... 515s Unpacking libodbc2:arm64 (2.3.12-1) ... 516s Selecting previously unselected package slapd. 516s Preparing to unpack .../02-slapd_2.6.7+dfsg-1~exp1ubuntu1_arm64.deb ... 516s Unpacking slapd (2.6.7+dfsg-1~exp1ubuntu1) ... 516s Selecting previously unselected package libtcl8.6:arm64. 516s Preparing to unpack .../03-libtcl8.6_8.6.13+dfsg-2_arm64.deb ... 516s Unpacking libtcl8.6:arm64 (8.6.13+dfsg-2) ... 517s Selecting previously unselected package tcl8.6. 517s Preparing to unpack .../04-tcl8.6_8.6.13+dfsg-2_arm64.deb ... 517s Unpacking tcl8.6 (8.6.13+dfsg-2) ... 517s Selecting previously unselected package tcl-expect:arm64. 517s Preparing to unpack .../05-tcl-expect_5.45.4-2build1_arm64.deb ... 517s Unpacking tcl-expect:arm64 (5.45.4-2build1) ... 517s Selecting previously unselected package expect. 517s Preparing to unpack .../06-expect_5.45.4-2build1_arm64.deb ... 517s Unpacking expect (5.45.4-2build1) ... 517s Selecting previously unselected package ldap-utils. 517s Preparing to unpack .../07-ldap-utils_2.6.7+dfsg-1~exp1ubuntu1_arm64.deb ... 517s Unpacking ldap-utils (2.6.7+dfsg-1~exp1ubuntu1) ... 517s Selecting previously unselected package libavahi-common-data:arm64. 517s Preparing to unpack .../08-libavahi-common-data_0.8-13ubuntu2_arm64.deb ... 517s Unpacking libavahi-common-data:arm64 (0.8-13ubuntu2) ... 517s Selecting previously unselected package libavahi-common3:arm64. 517s Preparing to unpack .../09-libavahi-common3_0.8-13ubuntu2_arm64.deb ... 517s Unpacking libavahi-common3:arm64 (0.8-13ubuntu2) ... 517s Selecting previously unselected package libavahi-client3:arm64. 517s Preparing to unpack .../10-libavahi-client3_0.8-13ubuntu2_arm64.deb ... 517s Unpacking libavahi-client3:arm64 (0.8-13ubuntu2) ... 517s Selecting previously unselected package libcrack2:arm64. 517s Preparing to unpack .../11-libcrack2_2.9.6-5.1_arm64.deb ... 517s Unpacking libcrack2:arm64 (2.9.6-5.1) ... 518s Selecting previously unselected package libevent-2.1-7:arm64. 518s Preparing to unpack .../12-libevent-2.1-7_2.1.12-stable-9_arm64.deb ... 518s Unpacking libevent-2.1-7:arm64 (2.1.12-stable-9) ... 518s Selecting previously unselected package libjose0:arm64. 518s Preparing to unpack .../13-libjose0_11-3_arm64.deb ... 518s Unpacking libjose0:arm64 (11-3) ... 518s Selecting previously unselected package libverto-libevent1:arm64. 518s Preparing to unpack .../14-libverto-libevent1_0.3.1-1ubuntu5_arm64.deb ... 518s Unpacking libverto-libevent1:arm64 (0.3.1-1ubuntu5) ... 518s Selecting previously unselected package libverto1:arm64. 518s Preparing to unpack .../15-libverto1_0.3.1-1ubuntu5_arm64.deb ... 518s Unpacking libverto1:arm64 (0.3.1-1ubuntu5) ... 518s Selecting previously unselected package libkrad0:arm64. 518s Preparing to unpack .../16-libkrad0_1.20.1-5build1_arm64.deb ... 518s Unpacking libkrad0:arm64 (1.20.1-5build1) ... 518s Selecting previously unselected package libtalloc2:arm64. 518s Preparing to unpack .../17-libtalloc2_2.4.2-1_arm64.deb ... 518s Unpacking libtalloc2:arm64 (2.4.2-1) ... 518s Selecting previously unselected package libtdb1:arm64. 518s Preparing to unpack .../18-libtdb1_1.4.10-1_arm64.deb ... 518s Unpacking libtdb1:arm64 (1.4.10-1) ... 518s Selecting previously unselected package libtevent0:arm64. 518s Preparing to unpack .../19-libtevent0_0.16.1-1_arm64.deb ... 518s Unpacking libtevent0:arm64 (0.16.1-1) ... 518s Selecting previously unselected package libldb2:arm64. 518s Preparing to unpack .../20-libldb2_2%3a2.8.0+samba4.19.5+dfsg-1ubuntu1_arm64.deb ... 518s Unpacking libldb2:arm64 (2:2.8.0+samba4.19.5+dfsg-1ubuntu1) ... 518s Selecting previously unselected package libnfsidmap1:arm64. 518s Preparing to unpack .../21-libnfsidmap1_1%3a2.6.3-3ubuntu1_arm64.deb ... 518s Unpacking libnfsidmap1:arm64 (1:2.6.3-3ubuntu1) ... 519s Selecting previously unselected package libnss-sudo. 519s Preparing to unpack .../22-libnss-sudo_1.9.15p5-3ubuntu3_all.deb ... 519s Unpacking libnss-sudo (1.9.15p5-3ubuntu3) ... 519s Selecting previously unselected package libpwquality-common. 519s Preparing to unpack .../23-libpwquality-common_1.4.5-3_all.deb ... 519s Unpacking libpwquality-common (1.4.5-3) ... 519s Selecting previously unselected package libpwquality1:arm64. 519s Preparing to unpack .../24-libpwquality1_1.4.5-3_arm64.deb ... 519s Unpacking libpwquality1:arm64 (1.4.5-3) ... 519s Selecting previously unselected package libpam-pwquality:arm64. 519s Preparing to unpack .../25-libpam-pwquality_1.4.5-3_arm64.deb ... 519s Unpacking libpam-pwquality:arm64 (1.4.5-3) ... 519s Selecting previously unselected package libwbclient0:arm64. 519s Preparing to unpack .../26-libwbclient0_2%3a4.19.5+dfsg-1ubuntu1_arm64.deb ... 519s Unpacking libwbclient0:arm64 (2:4.19.5+dfsg-1ubuntu1) ... 519s Selecting previously unselected package samba-libs:arm64. 519s Preparing to unpack .../27-samba-libs_2%3a4.19.5+dfsg-1ubuntu1_arm64.deb ... 519s Unpacking samba-libs:arm64 (2:4.19.5+dfsg-1ubuntu1) ... 520s Selecting previously unselected package libnss-sss:arm64. 520s Preparing to unpack .../28-libnss-sss_2.9.4-1ubuntu1_arm64.deb ... 520s Unpacking libnss-sss:arm64 (2.9.4-1ubuntu1) ... 520s Selecting previously unselected package libpam-sss:arm64. 520s Preparing to unpack .../29-libpam-sss_2.9.4-1ubuntu1_arm64.deb ... 520s Unpacking libpam-sss:arm64 (2.9.4-1ubuntu1) ... 520s Selecting previously unselected package python3-sss. 520s Preparing to unpack .../30-python3-sss_2.9.4-1ubuntu1_arm64.deb ... 520s Unpacking python3-sss (2.9.4-1ubuntu1) ... 520s Selecting previously unselected package libc-ares2:arm64. 520s Preparing to unpack .../31-libc-ares2_1.27.0-1_arm64.deb ... 520s Unpacking libc-ares2:arm64 (1.27.0-1) ... 520s Selecting previously unselected package libdhash1:arm64. 520s Preparing to unpack .../32-libdhash1_0.6.2-2_arm64.deb ... 520s Unpacking libdhash1:arm64 (0.6.2-2) ... 520s Selecting previously unselected package libbasicobjects0:arm64. 520s Preparing to unpack .../33-libbasicobjects0_0.6.2-2_arm64.deb ... 520s Unpacking libbasicobjects0:arm64 (0.6.2-2) ... 520s Selecting previously unselected package libcollection4:arm64. 520s Preparing to unpack .../34-libcollection4_0.6.2-2_arm64.deb ... 520s Unpacking libcollection4:arm64 (0.6.2-2) ... 521s Selecting previously unselected package libpath-utils1:arm64. 521s Preparing to unpack .../35-libpath-utils1_0.6.2-2_arm64.deb ... 521s Unpacking libpath-utils1:arm64 (0.6.2-2) ... 521s Selecting previously unselected package libref-array1:arm64. 521s Preparing to unpack .../36-libref-array1_0.6.2-2_arm64.deb ... 521s Unpacking libref-array1:arm64 (0.6.2-2) ... 521s Selecting previously unselected package libini-config5:arm64. 521s Preparing to unpack .../37-libini-config5_0.6.2-2_arm64.deb ... 521s Unpacking libini-config5:arm64 (0.6.2-2) ... 521s Selecting previously unselected package libsss-certmap0. 521s Preparing to unpack .../38-libsss-certmap0_2.9.4-1ubuntu1_arm64.deb ... 521s Unpacking libsss-certmap0 (2.9.4-1ubuntu1) ... 521s Selecting previously unselected package libsss-idmap0. 521s Preparing to unpack .../39-libsss-idmap0_2.9.4-1ubuntu1_arm64.deb ... 521s Unpacking libsss-idmap0 (2.9.4-1ubuntu1) ... 521s Selecting previously unselected package libsss-nss-idmap0. 521s Preparing to unpack .../40-libsss-nss-idmap0_2.9.4-1ubuntu1_arm64.deb ... 521s Unpacking libsss-nss-idmap0 (2.9.4-1ubuntu1) ... 521s Selecting previously unselected package sssd-common. 521s Preparing to unpack .../41-sssd-common_2.9.4-1ubuntu1_arm64.deb ... 521s Unpacking sssd-common (2.9.4-1ubuntu1) ... 522s Selecting previously unselected package sssd-idp. 522s Preparing to unpack .../42-sssd-idp_2.9.4-1ubuntu1_arm64.deb ... 522s Unpacking sssd-idp (2.9.4-1ubuntu1) ... 522s Selecting previously unselected package sssd-passkey. 522s Preparing to unpack .../43-sssd-passkey_2.9.4-1ubuntu1_arm64.deb ... 522s Unpacking sssd-passkey (2.9.4-1ubuntu1) ... 522s Selecting previously unselected package sssd-ad-common. 522s Preparing to unpack .../44-sssd-ad-common_2.9.4-1ubuntu1_arm64.deb ... 522s Unpacking sssd-ad-common (2.9.4-1ubuntu1) ... 522s Selecting previously unselected package sssd-krb5-common. 522s Preparing to unpack .../45-sssd-krb5-common_2.9.4-1ubuntu1_arm64.deb ... 522s Unpacking sssd-krb5-common (2.9.4-1ubuntu1) ... 522s Selecting previously unselected package libsmbclient:arm64. 522s Preparing to unpack .../46-libsmbclient_2%3a4.19.5+dfsg-1ubuntu1_arm64.deb ... 522s Unpacking libsmbclient:arm64 (2:4.19.5+dfsg-1ubuntu1) ... 522s Selecting previously unselected package sssd-ad. 522s Preparing to unpack .../47-sssd-ad_2.9.4-1ubuntu1_arm64.deb ... 522s Unpacking sssd-ad (2.9.4-1ubuntu1) ... 522s Selecting previously unselected package libipa-hbac0. 522s Preparing to unpack .../48-libipa-hbac0_2.9.4-1ubuntu1_arm64.deb ... 522s Unpacking libipa-hbac0 (2.9.4-1ubuntu1) ... 522s Selecting previously unselected package sssd-ipa. 522s Preparing to unpack .../49-sssd-ipa_2.9.4-1ubuntu1_arm64.deb ... 522s Unpacking sssd-ipa (2.9.4-1ubuntu1) ... 523s Selecting previously unselected package sssd-krb5. 523s Preparing to unpack .../50-sssd-krb5_2.9.4-1ubuntu1_arm64.deb ... 523s Unpacking sssd-krb5 (2.9.4-1ubuntu1) ... 523s Selecting previously unselected package sssd-ldap. 523s Preparing to unpack .../51-sssd-ldap_2.9.4-1ubuntu1_arm64.deb ... 523s Unpacking sssd-ldap (2.9.4-1ubuntu1) ... 523s Selecting previously unselected package sssd-proxy. 523s Preparing to unpack .../52-sssd-proxy_2.9.4-1ubuntu1_arm64.deb ... 523s Unpacking sssd-proxy (2.9.4-1ubuntu1) ... 523s Selecting previously unselected package sssd. 523s Preparing to unpack .../53-sssd_2.9.4-1ubuntu1_arm64.deb ... 523s Unpacking sssd (2.9.4-1ubuntu1) ... 523s Selecting previously unselected package sssd-dbus. 523s Preparing to unpack .../54-sssd-dbus_2.9.4-1ubuntu1_arm64.deb ... 523s Unpacking sssd-dbus (2.9.4-1ubuntu1) ... 523s Selecting previously unselected package sssd-kcm. 523s Preparing to unpack .../55-sssd-kcm_2.9.4-1ubuntu1_arm64.deb ... 523s Unpacking sssd-kcm (2.9.4-1ubuntu1) ... 523s Selecting previously unselected package sssd-tools. 523s Preparing to unpack .../56-sssd-tools_2.9.4-1ubuntu1_arm64.deb ... 523s Unpacking sssd-tools (2.9.4-1ubuntu1) ... 523s Selecting previously unselected package libipa-hbac-dev. 523s Preparing to unpack .../57-libipa-hbac-dev_2.9.4-1ubuntu1_arm64.deb ... 523s Unpacking libipa-hbac-dev (2.9.4-1ubuntu1) ... 524s Selecting previously unselected package libsss-certmap-dev. 524s Preparing to unpack .../58-libsss-certmap-dev_2.9.4-1ubuntu1_arm64.deb ... 524s Unpacking libsss-certmap-dev (2.9.4-1ubuntu1) ... 524s Selecting previously unselected package libsss-idmap-dev. 524s Preparing to unpack .../59-libsss-idmap-dev_2.9.4-1ubuntu1_arm64.deb ... 524s Unpacking libsss-idmap-dev (2.9.4-1ubuntu1) ... 524s Selecting previously unselected package libsss-nss-idmap-dev. 524s Preparing to unpack .../60-libsss-nss-idmap-dev_2.9.4-1ubuntu1_arm64.deb ... 524s Unpacking libsss-nss-idmap-dev (2.9.4-1ubuntu1) ... 524s Selecting previously unselected package libsss-sudo. 524s Preparing to unpack .../61-libsss-sudo_2.9.4-1ubuntu1_arm64.deb ... 524s Unpacking libsss-sudo (2.9.4-1ubuntu1) ... 524s Selecting previously unselected package python3-libipa-hbac. 524s Preparing to unpack .../62-python3-libipa-hbac_2.9.4-1ubuntu1_arm64.deb ... 524s Unpacking python3-libipa-hbac (2.9.4-1ubuntu1) ... 524s Selecting previously unselected package python3-libsss-nss-idmap. 524s Preparing to unpack .../63-python3-libsss-nss-idmap_2.9.4-1ubuntu1_arm64.deb ... 524s Unpacking python3-libsss-nss-idmap (2.9.4-1ubuntu1) ... 524s Selecting previously unselected package autopkgtest-satdep. 524s Preparing to unpack .../64-1-autopkgtest-satdep.deb ... 524s Unpacking autopkgtest-satdep (0) ... 524s Setting up libpwquality-common (1.4.5-3) ... 524s Setting up libpath-utils1:arm64 (0.6.2-2) ... 524s Setting up libnfsidmap1:arm64 (1:2.6.3-3ubuntu1) ... 524s Setting up libsss-idmap0 (2.9.4-1ubuntu1) ... 524s Setting up libbasicobjects0:arm64 (0.6.2-2) ... 524s Setting up libsss-idmap-dev (2.9.4-1ubuntu1) ... 524s Setting up libtdb1:arm64 (1.4.10-1) ... 524s Setting up libc-ares2:arm64 (1.27.0-1) ... 524s Setting up ldap-utils (2.6.7+dfsg-1~exp1ubuntu1) ... 524s Setting up libjose0:arm64 (11-3) ... 524s Setting up libwbclient0:arm64 (2:4.19.5+dfsg-1ubuntu1) ... 524s Setting up libtalloc2:arm64 (2.4.2-1) ... 524s Setting up libdhash1:arm64 (0.6.2-2) ... 524s Setting up libtevent0:arm64 (0.16.1-1) ... 524s Setting up libavahi-common-data:arm64 (0.8-13ubuntu2) ... 524s Setting up libevent-2.1-7:arm64 (2.1.12-stable-9) ... 524s Setting up libtcl8.6:arm64 (8.6.13+dfsg-2) ... 524s Setting up libltdl7:arm64 (2.4.7-7) ... 524s Setting up libcrack2:arm64 (2.9.6-5.1) ... 524s Setting up libcollection4:arm64 (0.6.2-2) ... 524s Setting up libodbc2:arm64 (2.3.12-1) ... 524s Setting up libipa-hbac0 (2.9.4-1ubuntu1) ... 524s Setting up python3-libipa-hbac (2.9.4-1ubuntu1) ... 524s Setting up libref-array1:arm64 (0.6.2-2) ... 524s Setting up libnss-sudo (1.9.15p5-3ubuntu3) ... 524s Setting up libldb2:arm64 (2:2.8.0+samba4.19.5+dfsg-1ubuntu1) ... 524s Setting up libsss-nss-idmap0 (2.9.4-1ubuntu1) ... 524s Setting up libnss-sss:arm64 (2.9.4-1ubuntu1) ... 525s Setting up slapd (2.6.7+dfsg-1~exp1ubuntu1) ... 526s Creating new user openldap... done. 526s Creating initial configuration... done. 526s Creating LDAP directory... done. 528s Setting up tcl8.6 (8.6.13+dfsg-2) ... 528s Setting up libsss-sudo (2.9.4-1ubuntu1) ... 528s Setting up libsss-nss-idmap-dev (2.9.4-1ubuntu1) ... 528s Setting up libipa-hbac-dev (2.9.4-1ubuntu1) ... 528s Setting up libini-config5:arm64 (0.6.2-2) ... 528s Setting up libavahi-common3:arm64 (0.8-13ubuntu2) ... 528s Setting up tcl-expect:arm64 (5.45.4-2build1) ... 528s Setting up python3-sss (2.9.4-1ubuntu1) ... 529s Setting up libsss-certmap0 (2.9.4-1ubuntu1) ... 529s Setting up libpwquality1:arm64 (1.4.5-3) ... 529s Setting up python3-libsss-nss-idmap (2.9.4-1ubuntu1) ... 529s Setting up libavahi-client3:arm64 (0.8-13ubuntu2) ... 529s Setting up expect (5.45.4-2build1) ... 529s Setting up libpam-pwquality:arm64 (1.4.5-3) ... 530s Setting up samba-libs:arm64 (2:4.19.5+dfsg-1ubuntu1) ... 530s Setting up libsss-certmap-dev (2.9.4-1ubuntu1) ... 530s Setting up libsmbclient:arm64 (2:4.19.5+dfsg-1ubuntu1) ... 530s Setting up libpam-sss:arm64 (2.9.4-1ubuntu1) ... 530s Setting up sssd-common (2.9.4-1ubuntu1) ... 530s Creating SSSD system user & group... 531s warn: The home directory `/var/lib/sss' already exists. Not touching this directory. 531s warn: Warning: The home directory `/var/lib/sss' does not belong to the user you are currently creating. 531s Warning: found usr.sbin.sssd in /etc/apparmor.d/force-complain, forcing complain mode 531s Warning from /etc/apparmor.d/usr.sbin.sssd (/etc/apparmor.d/usr.sbin.sssd line 63): Caching disabled for: 'usr.sbin.sssd' due to force complain 533s Created symlink /etc/systemd/system/sssd.service.wants/sssd-autofs.socket → /usr/lib/systemd/system/sssd-autofs.socket. 534s Created symlink /etc/systemd/system/sssd.service.wants/sssd-nss.socket → /usr/lib/systemd/system/sssd-nss.socket. 535s Created symlink /etc/systemd/system/sssd.service.wants/sssd-pam-priv.socket → /usr/lib/systemd/system/sssd-pam-priv.socket. 536s Created symlink /etc/systemd/system/sssd.service.wants/sssd-pam.socket → /usr/lib/systemd/system/sssd-pam.socket. 537s Created symlink /etc/systemd/system/sssd.service.wants/sssd-ssh.socket → /usr/lib/systemd/system/sssd-ssh.socket. 538s Created symlink /etc/systemd/system/sssd.service.wants/sssd-sudo.socket → /usr/lib/systemd/system/sssd-sudo.socket. 539s Created symlink /etc/systemd/system/multi-user.target.wants/sssd.service → /usr/lib/systemd/system/sssd.service. 541s sssd-autofs.service is a disabled or a static unit, not starting it. 541s sssd-nss.service is a disabled or a static unit, not starting it. 541s sssd-pam.service is a disabled or a static unit, not starting it. 541s sssd-ssh.service is a disabled or a static unit, not starting it. 541s sssd-sudo.service is a disabled or a static unit, not starting it. 542s Could not execute systemctl: at /usr/bin/deb-systemd-invoke line 148. 542s Setting up sssd-proxy (2.9.4-1ubuntu1) ... 542s Setting up sssd-kcm (2.9.4-1ubuntu1) ... 542s Created symlink /etc/systemd/system/sockets.target.wants/sssd-kcm.socket → /usr/lib/systemd/system/sssd-kcm.socket. 545s sssd-kcm.service is a disabled or a static unit, not starting it. 545s Setting up sssd-dbus (2.9.4-1ubuntu1) ... 546s sssd-ifp.service is a disabled or a static unit, not starting it. 546s Setting up sssd-ad-common (2.9.4-1ubuntu1) ... 547s Created symlink /etc/systemd/system/sssd.service.wants/sssd-pac.socket → /usr/lib/systemd/system/sssd-pac.socket. 549s sssd-pac.service is a disabled or a static unit, not starting it. 549s Could not execute systemctl: at /usr/bin/deb-systemd-invoke line 148. 549s Setting up sssd-krb5-common (2.9.4-1ubuntu1) ... 549s Setting up sssd-krb5 (2.9.4-1ubuntu1) ... 549s Setting up sssd-ldap (2.9.4-1ubuntu1) ... 549s Setting up sssd-ad (2.9.4-1ubuntu1) ... 549s Setting up sssd-tools (2.9.4-1ubuntu1) ... 549s Setting up sssd-ipa (2.9.4-1ubuntu1) ... 549s Setting up sssd (2.9.4-1ubuntu1) ... 549s Setting up libverto-libevent1:arm64 (0.3.1-1ubuntu5) ... 549s Setting up libverto1:arm64 (0.3.1-1ubuntu5) ... 549s Setting up libkrad0:arm64 (1.20.1-5build1) ... 549s Setting up sssd-passkey (2.9.4-1ubuntu1) ... 549s Setting up sssd-idp (2.9.4-1ubuntu1) ... 549s Setting up autopkgtest-satdep (0) ... 549s Processing triggers for libc-bin (2.39-0ubuntu2) ... 549s Processing triggers for ufw (0.36.2-5) ... 549s Processing triggers for man-db (2.12.0-3) ... 552s Processing triggers for dbus (1.14.10-4ubuntu1) ... 574s (Reading database ... 77137 files and directories currently installed.) 574s Removing autopkgtest-satdep (0) ... 575s autopkgtest [17:59:05]: test ldap-user-group-ldap-auth: [----------------------- 575s + . debian/tests/util 575s + . debian/tests/common-tests 575s + mydomain=example.com 575s + myhostname=ldap.example.com 575s + mysuffix=dc=example,dc=com 575s + admin_dn=cn=admin,dc=example,dc=com 575s + admin_pw=secret 575s + ldap_user=testuser1 575s + ldap_user_pw=testuser1secret 575s + ldap_group=ldapusers 575s + adjust_hostname ldap.example.com 575s + local myhostname=ldap.example.com 575s + echo ldap.example.com 575s + hostname ldap.example.com 575s + grep -qE ldap.example.com /etc/hosts 575s + echo 127.0.1.10 ldap.example.com 575s + reconfigure_slapd 575s + debconf-set-selections 576s + rm -rf /var/backups/*slapd* /var/backups/unknown*ldapdb 576s + dpkg-reconfigure -fnoninteractive -pcritical slapd 577s Backing up /etc/ldap/slapd.d in /var/backups/slapd-2.6.7+dfsg-1~exp1ubuntu1... done. 577s Moving old database directory to /var/backups: 577s - directory unknown... done. 577s Creating initial configuration... done. 577s Creating LDAP directory... done. 579s + generate_certs ldap.example.com 579s + local cn=ldap.example.com 579s + local cert=/etc/ldap/server.pem 579s + local key=/etc/ldap/server.key 579s + local cnf=/etc/ldap/openssl.cnf 579s + cat 579s + openssl req -new -x509 -nodes -out /etc/ldap/server.pem -keyout /etc/ldap/server.key -config /etc/ldap/openssl.cnf 579s ..++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 579s .............++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 579s ----- 579s + chmod 0640 /etc/ldap/server.key 579s + chgrp openldap /etc/ldap/server.key 579s + [ ! -f /etc/ldap/server.pem ] 579s + [ ! -f /etc/ldap/server.key ] 579s + enable_ldap_ssl 579s + cat 579s + cat 579s + ldapmodify -H ldapi:/// -Y EXTERNAL -Q 579s + populate_ldap_rfc2307 579s + cat 579s + ldapadd -x -D cn=admin,dc=example,dc=com -w secret 579s modifying entry "cn=config" 579s 579s adding new entry "ou=People,dc=example,dc=com" 579s 579s adding new entry "ou=Group,dc=example,dc=com" 579s 579s adding new entry "uid=testuser1,ou=People,dc=example,dc=com" 579s 579s adding new entry "cn=testuser1,ou=Group,dc=example,dc=com" 579s 579s adding new entry "cn=ldapusers,ou=Group,dc=example,dc=com" 579s 579s + configure_sssd_ldap_rfc2307 579s + cat 579s + chmod 0600 /etc/sssd/sssd.conf 579s + systemctl restart sssd 579s + enable_pam_mkhomedir 579s + grep -qE ^session.*pam_mkhomedir\.so /etc/pam.d/common-session 580s Assert local user databases do not have our LDAP test data 580s + echo session optional pam_mkhomedir.so 580s + run_common_tests 580s + echo Assert local user databases do not have our LDAP test data 580s + check_local_user testuser1 580s + local local_user=testuser1 580s + grep -q ^testuser1 /etc/passwd 580s + check_local_group testuser1 580s + local local_group=testuser1 580s + grep -q ^testuser1 /etc/group 580s + check_local_group ldapusers 580s + local local_group=ldapusers 580s + grep -q ^ldapusers /etc/group 580s The LDAP user is known to the system via getent 580s + echo The LDAP user is known to the system via getent 580s + check_getent_user testuser1 580s + local getent_user=testuser1 580s + local output 580s + getent passwd testuser1 580s + output=testuser1:*:10001:10001:testuser1:/home/testuser1:/bin/bash 580s + [ -zThe LDAP user's private group is known to the system via getent 580s testuser1:*:10001:10001:testuser1:/home/testuser1:/bin/bash ] 580s + echo The LDAP user's private group is known to the system via getent 580s + check_getent_group testuser1 580s + local getent_group=testuser1 580s + local output 580s + getent group testuser1 580s + output=testuser1:*:10001:testuser1 580s + [ -z testuser1:*:10001:testuser1 ]The LDAP group ldapusers is known to the system via getent 580s 580s + echo The LDAP group ldapusers is known to the system via getent 580s + check_getent_group ldapusers 580s + local getent_group=ldapusers 580s + local output 580s + getent group ldapusers 580s The id(1) command can resolve the group membership of the LDAP user 580s + output=ldapusers:*:10100:testuser1 580s + [ -z ldapusers:*:10100:testuser1 ] 580s + echo The id(1) command can resolve the group membership of the LDAP user 580s + id -Gn testuser1 580s + output=testuser1 ldapusers 580s + [ testuser1 ldapusers != testuser1 ldapusers ] 580s + echo The LDAP user can login on a terminal 580s + /usr/bin/expect -f debian/tests/login.exp testuser1 testuser1secret 580s The LDAP user can login on a terminal 580s spawn login 580s ldap.example.com login: testuser1 580s Password: 580s Welcome to Ubuntu Noble Numbat (development branch) (GNU/Linux 6.8.0-11-generic aarch64) 580s 580s * Documentation: https://help.ubuntu.com 580s * Management: https://landscape.canonical.com 580s * Support: https://ubuntu.com/pro 580s 580s 580s The programs included with the Ubuntu system are free software; 580s the exact distribution terms for each program are described in the 580s individual files in /usr/share/doc/*/copyright. 580s 580s Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by 580s applicable law. 580s 580s 580s The programs included with the Ubuntu system are free software; 580s the exact distribution terms for each program are described in the 580s individual files in /usr/share/doc/*/copyright. 580s 580s Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by 580s applicable law. 580s 580s Creating directory '/home/testuser1'. 581s [?2004htestuser1@ldap:~$ id -un 581s [?2004l testuser1 581s [?2004htestuser1@ldap:~$ autopkgtest [17:59:11]: test ldap-user-group-ldap-auth: -----------------------] 582s autopkgtest [17:59:12]: test ldap-user-group-ldap-auth: - - - - - - - - - - results - - - - - - - - - - 582s ldap-user-group-ldap-auth PASS 583s autopkgtest [17:59:13]: test ldap-user-group-krb5-auth: preparing testbed 585s Reading package lists... 586s Building dependency tree... 586s Reading state information... 587s Starting pkgProblemResolver with broken count: 0 588s Starting 2 pkgProblemResolver with broken count: 0 588s Done 589s The following additional packages will be installed: 589s krb5-admin-server krb5-config krb5-kdc krb5-user libgssrpc4 589s libkadm5clnt-mit12 libkadm5srv-mit12 libkdb5-10 589s Suggested packages: 589s krb5-kdc-ldap krb5-kpropd krb5-k5tls krb5-doc 590s The following NEW packages will be installed: 590s autopkgtest-satdep krb5-admin-server krb5-config krb5-kdc krb5-user 590s libgssrpc4 libkadm5clnt-mit12 libkadm5srv-mit12 libkdb5-10 590s 0 upgraded, 9 newly installed, 0 to remove and 0 not upgraded. 590s Need to get 594 kB/595 kB of archives. 590s After this operation, 2907 kB of additional disk space will be used. 590s Get:1 /tmp/autopkgtest.fO43Gi/2-autopkgtest-satdep.deb autopkgtest-satdep arm64 0 [884 B] 590s Get:2 http://ftpmaster.internal/ubuntu noble/main arm64 krb5-config all 2.7 [22.0 kB] 590s Get:3 http://ftpmaster.internal/ubuntu noble/main arm64 libgssrpc4 arm64 1.20.1-5build1 [57.4 kB] 590s Get:4 http://ftpmaster.internal/ubuntu noble/main arm64 libkadm5clnt-mit12 arm64 1.20.1-5build1 [39.9 kB] 590s Get:5 http://ftpmaster.internal/ubuntu noble/main arm64 libkdb5-10 arm64 1.20.1-5build1 [39.8 kB] 590s Get:6 http://ftpmaster.internal/ubuntu noble/main arm64 libkadm5srv-mit12 arm64 1.20.1-5build1 [53.2 kB] 590s Get:7 http://ftpmaster.internal/ubuntu noble/universe arm64 krb5-user arm64 1.20.1-5build1 [108 kB] 590s Get:8 http://ftpmaster.internal/ubuntu noble/universe arm64 krb5-kdc arm64 1.20.1-5build1 [180 kB] 590s Get:9 http://ftpmaster.internal/ubuntu noble/universe arm64 krb5-admin-server arm64 1.20.1-5build1 [94.6 kB] 591s Preconfiguring packages ... 593s Fetched 594 kB in 1s (717 kB/s) 593s Selecting previously unselected package krb5-config. 594s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 77137 files and directories currently installed.) 594s Preparing to unpack .../0-krb5-config_2.7_all.deb ... 594s Unpacking krb5-config (2.7) ... 594s Selecting previously unselected package libgssrpc4:arm64. 594s Preparing to unpack .../1-libgssrpc4_1.20.1-5build1_arm64.deb ... 594s Unpacking libgssrpc4:arm64 (1.20.1-5build1) ... 594s Selecting previously unselected package libkadm5clnt-mit12:arm64. 594s Preparing to unpack .../2-libkadm5clnt-mit12_1.20.1-5build1_arm64.deb ... 594s Unpacking libkadm5clnt-mit12:arm64 (1.20.1-5build1) ... 594s Selecting previously unselected package libkdb5-10:arm64. 594s Preparing to unpack .../3-libkdb5-10_1.20.1-5build1_arm64.deb ... 594s Unpacking libkdb5-10:arm64 (1.20.1-5build1) ... 594s Selecting previously unselected package libkadm5srv-mit12:arm64. 594s Preparing to unpack .../4-libkadm5srv-mit12_1.20.1-5build1_arm64.deb ... 594s Unpacking libkadm5srv-mit12:arm64 (1.20.1-5build1) ... 594s Selecting previously unselected package krb5-user. 594s Preparing to unpack .../5-krb5-user_1.20.1-5build1_arm64.deb ... 594s Unpacking krb5-user (1.20.1-5build1) ... 594s Selecting previously unselected package krb5-kdc. 594s Preparing to unpack .../6-krb5-kdc_1.20.1-5build1_arm64.deb ... 594s Unpacking krb5-kdc (1.20.1-5build1) ... 594s Selecting previously unselected package krb5-admin-server. 594s Preparing to unpack .../7-krb5-admin-server_1.20.1-5build1_arm64.deb ... 594s Unpacking krb5-admin-server (1.20.1-5build1) ... 594s Selecting previously unselected package autopkgtest-satdep. 594s Preparing to unpack .../8-2-autopkgtest-satdep.deb ... 594s Unpacking autopkgtest-satdep (0) ... 595s Setting up libgssrpc4:arm64 (1.20.1-5build1) ... 595s Setting up krb5-config (2.7) ... 595s Setting up libkadm5clnt-mit12:arm64 (1.20.1-5build1) ... 595s Setting up libkdb5-10:arm64 (1.20.1-5build1) ... 596s Setting up libkadm5srv-mit12:arm64 (1.20.1-5build1) ... 596s Setting up krb5-user (1.20.1-5build1) ... 596s update-alternatives: using /usr/bin/kinit.mit to provide /usr/bin/kinit (kinit) in auto mode 596s update-alternatives: using /usr/bin/klist.mit to provide /usr/bin/klist (klist) in auto mode 596s update-alternatives: using /usr/bin/kswitch.mit to provide /usr/bin/kswitch (kswitch) in auto mode 596s update-alternatives: using /usr/bin/ksu.mit to provide /usr/bin/ksu (ksu) in auto mode 596s update-alternatives: using /usr/bin/kpasswd.mit to provide /usr/bin/kpasswd (kpasswd) in auto mode 596s update-alternatives: using /usr/bin/kdestroy.mit to provide /usr/bin/kdestroy (kdestroy) in auto mode 596s update-alternatives: using /usr/bin/kadmin.mit to provide /usr/bin/kadmin (kadmin) in auto mode 596s update-alternatives: using /usr/bin/ktutil.mit to provide /usr/bin/ktutil (ktutil) in auto mode 596s Setting up krb5-kdc (1.20.1-5build1) ... 598s Created symlink /etc/systemd/system/multi-user.target.wants/krb5-kdc.service → /usr/lib/systemd/system/krb5-kdc.service. 600s Could not execute systemctl: at /usr/bin/deb-systemd-invoke line 148. 600s Setting up krb5-admin-server (1.20.1-5build1) ... 603s Created symlink /etc/systemd/system/multi-user.target.wants/krb5-admin-server.service → /usr/lib/systemd/system/krb5-admin-server.service. 604s Setting up autopkgtest-satdep (0) ... 604s Processing triggers for man-db (2.12.0-3) ... 606s Processing triggers for libc-bin (2.39-0ubuntu2) ... 624s (Reading database ... 77230 files and directories currently installed.) 624s Removing autopkgtest-satdep (0) ... 625s autopkgtest [17:59:55]: test ldap-user-group-krb5-auth: [----------------------- 626s + . debian/tests/util 626s + . debian/tests/common-tests 626s + mydomain=example.com 626s + myhostname=ldap.example.com 626s + mysuffix=dc=example,dc=com 626s + myrealm=EXAMPLE.COM 626s + admin_dn=cn=admin,dc=example,dc=com 626s + admin_pw=secret 626s + ldap_user=testuser1 626s + ldap_user_pw=testuser1secret 626s + kerberos_principal_pw=testuser1kerberos 626s + ldap_group=ldapusers 626s + adjust_hostname ldap.example.com 626s + local myhostname=ldap.example.com 626s + echo ldap.example.com 626s + hostname ldap.example.com 626s + grep -qE ldap.example.com /etc/hosts 626s + reconfigure_slapd 626s + debconf-set-selections 626s + rm -rf /var/backups/slapd-2.6.7+dfsg-1~exp1ubuntu1 /var/backups/unknown-2.6.7+dfsg-1~exp1ubuntu1-20240318-175907.ldapdb 626s + dpkg-reconfigure -fnoninteractive -pcritical slapd 627s Backing up /etc/ldap/slapd.d in /var/backups/slapd-2.6.7+dfsg-1~exp1ubuntu1... done. 627s Moving old database directory to /var/backups: 627s - directory unknown... done. 627s Creating initial configuration... done. 628s Creating LDAP directory... done. 630s + generate_certs ldap.example.com 630s + local cn=ldap.example.com 630s + local cert=/etc/ldap/server.pem 630s + local key=/etc/ldap/server.key 630s + local cnf=/etc/ldap/openssl.cnf 630s + cat 630s + openssl req -new -x509 -nodes -out /etc/ldap/server.pem -keyout /etc/ldap/server.key -config /etc/ldap/openssl.cnf 630s .............................................................++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 630s ............................................++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 630s ----- 630s + chmod 0640 /etc/ldap/server.key 630s + chgrp openldap /etc/ldap/server.key 630s + [ ! -f /etc/ldap/server.pem ] 630s + [ ! -f /etc/ldap/server.key ] 630s + enable_ldap_ssl 630s + cat 630s + + catldapmodify 630s -H ldapi:/// -Y EXTERNAL -Q 630s + populate_ldap_rfc2307 630s + + modifying entry "cn=config" 630s 630s cat 630s ldapadd -x -D cn=admin,dc=example,dc=com -w secret 630s + create_realm EXAMPLE.COM ldap.example.com 630s + local realm_name=EXAMPLE.COM 630s + local kerberos_server=ldap.example.com 630s + rm -rf /var/lib/krb5kdc/* 630s adding new entry "ou=People,dc=example,dc=com" 630s 630s adding new entry "ou=Group,dc=example,dc=com" 630s 630s adding new entry "uid=testuser1,ou=People,dc=example,dc=com" 630s 630s adding new entry "cn=testuser1,ou=Group,dc=example,dc=com" 630s 630s adding new entry "cn=ldapusers,ou=Group,dc=example,dc=com" 630s 630s + rm -rf /etc/krb5kdc/kdc.conf 630s + rm -f /etc/krb5.keytab 630s + cat 630s + cat 630s + echo # */admin * 630s + kdb5_util create -s -P secretpassword 630s Initializing database '/var/lib/krb5kdc/principal' for realm 'EXAMPLE.COM', 630s master key name 'K/M@EXAMPLE.COM' 630s + systemctl restart krb5-kdc.service krb5-admin-server.service 631s + create_krb_principal testuser1 testuser1kerberos 631s + local principal=testuser1 631s + local password=testuser1kerberos 631s + kadmin.local -q addprinc -pw testuser1kerberos testuser1 631s No policy specified for testuser1@EXAMPLE.COM; defaulting to no policy 631s Authenticating as principal root/admin@EXAMPLE.COM with password. 631s Principal "testuser1@EXAMPLE.COM" created. 631s + configure_sssd_ldap_rfc2307_krb5_auth 631s + cat 631s + chmod 0600 /etc/sssd/sssd.conf 631s + systemctl restart sssd 631s + enable_pam_mkhomedir 631s + grep -qE ^session.*pam_mkhomedir\.so /etc/pam.d/common-session 631s Assert local user databases do not have our LDAP test data 631s + run_common_tests 631s + echo Assert local user databases do not have our LDAP test data 631s + check_local_user testuser1 631s + local local_user=testuser1 631s + grep -q ^testuser1 /etc/passwd 631s + check_local_group testuser1 631s + local local_group=testuser1 631s + grep -q ^testuser1 /etc/group 631s + check_local_group ldapusers 631s + local local_group=ldapusers 631s + grep -q ^ldapusers /etc/group 631s The LDAP user is known to the system via getent 631s + echo The LDAP user is known to the system via getent 631s + check_getent_user testuser1 631s + local getent_user=testuser1 631s + local output 631s + getent passwd testuser1 631s + output=testuser1:*:10001:10001:testuser1:/home/testuser1:/bin/bash 631s + [ -zThe LDAP user's private group is known to the system via getent 631s testuser1:*:10001:10001:testuser1:/home/testuser1:/bin/bash ] 631s + echo The LDAP user's private group is known to the system via getent 631s + check_getent_group testuser1 631s + local getent_group=testuser1 631s + local output 631s + getent group testuser1 631s + output=testuser1:*:10001:testuser1 631s The LDAP group ldapusers is known to the system via getent 631s + [ -z testuser1:*:10001:testuser1 ] 631s + echo The LDAP group ldapusers is known to the system via getent 631s + check_getent_group ldapusers 631s + local getent_group=ldapusers 631s + local output 631s + getent group ldapusers 631s + The id(1) command can resolve the group membership of the LDAP user 631s output=ldapusers:*:10100:testuser1 631s + [ -z ldapusers:*:10100:testuser1 ] 631s + echo The id(1) command can resolve the group membership of the LDAP user 631s + id -Gn testuser1 632s + The Kerberos principal can login on a terminal 632s output=testuser1 ldapusers 632s + [ testuser1 ldapusers != testuser1 ldapusers ] 632s + echo The Kerberos principal can login on a terminal 632s + kdestroy 632s + /usr/bin/expect -f debian/tests/login.exp testuser1 testuser1kerberos testuser1@EXAMPLE.COM 632s spawn login 632s ldap.example.com login: testuser1 632s Password: 633s Welcome to Ubuntu Noble Numbat (development branch) (GNU/Linux 6.8.0-11-generic aarch64) 633s 633s * Documentation: https://help.ubuntu.com 633s * Management: https://landscape.canonical.com 633s * Support: https://ubuntu.com/pro 633s 633s 633s The programs included with the Ubuntu system are free software; 633s the exact distribution terms for each program are described in the 633s individual files in /usr/share/doc/*/copyright. 633s 633s Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by 633s applicable law. 633s 633s Last login: Mon Mar 18 17:59:10 UTC 2024 on pts/0 633s [?2004htestuser1@ldap:~$ id -un 633s [?2004l testuser1 633s [?2004htestuser1@ldap:~$ klist 633s [?2004l Ticket cache: FILE:/tmp/krb5cc_10001_WJkAxl 633s Default principal: testuser1@EXAMPLE.COM 633s 633s Valid starting Expires Service principalautopkgtest [18:00:03]: test ldap-user-group-krb5-auth: -----------------------] 634s autopkgtest [18:00:04]: test ldap-user-group-krb5-auth: - - - - - - - - - - results - - - - - - - - - - 634s ldap-user-group-krb5-auth PASS 635s autopkgtest [18:00:05]: test sssd-softhism2-certificates-tests.sh: preparing testbed 915s autopkgtest [18:04:45]: testbed dpkg architecture: arm64 915s autopkgtest [18:04:45]: testbed apt version: 2.7.12 915s autopkgtest [18:04:45]: @@@@@@@@@@@@@@@@@@@@ test bed setup 917s Get:1 http://ftpmaster.internal/ubuntu noble-proposed InRelease [117 kB] 918s Get:2 http://ftpmaster.internal/ubuntu noble-proposed/multiverse Sources [52.0 kB] 918s Get:3 http://ftpmaster.internal/ubuntu noble-proposed/main Sources [485 kB] 919s Get:4 http://ftpmaster.internal/ubuntu noble-proposed/universe Sources [3720 kB] 920s Get:5 http://ftpmaster.internal/ubuntu noble-proposed/restricted Sources [6540 B] 920s Get:6 http://ftpmaster.internal/ubuntu noble-proposed/main arm64 Packages [654 kB] 921s Get:7 http://ftpmaster.internal/ubuntu noble-proposed/main arm64 c-n-f Metadata [3144 B] 921s Get:8 http://ftpmaster.internal/ubuntu noble-proposed/restricted arm64 Packages [33.6 kB] 921s Get:9 http://ftpmaster.internal/ubuntu noble-proposed/restricted arm64 c-n-f Metadata [116 B] 921s Get:10 http://ftpmaster.internal/ubuntu noble-proposed/universe arm64 Packages [4104 kB] 922s Get:11 http://ftpmaster.internal/ubuntu noble-proposed/universe arm64 c-n-f Metadata [8528 B] 922s Get:12 http://ftpmaster.internal/ubuntu noble-proposed/multiverse arm64 Packages [55.7 kB] 922s Get:13 http://ftpmaster.internal/ubuntu noble-proposed/multiverse arm64 c-n-f Metadata [116 B] 937s Fetched 9239 kB in 8s (1121 kB/s) 938s Reading package lists... 951s Reading package lists... 953s Building dependency tree... 953s Reading state information... 956s Calculating upgrade... 958s The following packages will be REMOVED: 958s libssl3 958s The following NEW packages will be installed: 958s libssl3t64 958s The following packages will be upgraded: 958s openssl sudo 958s 2 upgraded, 1 newly installed, 1 to remove and 0 not upgraded. 958s Need to get 3706 kB of archives. 958s After this operation, 143 kB of additional disk space will be used. 958s Get:1 http://ftpmaster.internal/ubuntu noble-proposed/main arm64 sudo arm64 1.9.15p5-3ubuntu3 [928 kB] 959s Get:2 http://ftpmaster.internal/ubuntu noble-proposed/main arm64 openssl arm64 3.0.13-0ubuntu2 [985 kB] 959s Get:3 http://ftpmaster.internal/ubuntu noble-proposed/main arm64 libssl3t64 arm64 3.0.13-0ubuntu2 [1793 kB] 963s Fetched 3706 kB in 1s (2648 kB/s) 967s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 75850 files and directories currently installed.) 967s Preparing to unpack .../sudo_1.9.15p5-3ubuntu3_arm64.deb ... 967s Unpacking sudo (1.9.15p5-3ubuntu3) over (1.9.15p5-3ubuntu1) ... 969s Preparing to unpack .../openssl_3.0.13-0ubuntu2_arm64.deb ... 969s Unpacking openssl (3.0.13-0ubuntu2) over (3.0.10-1ubuntu4) ... 970s dpkg: libssl3:arm64: dependency problems, but removing anyway as you requested: 970s wget depends on libssl3 (>= 3.0.0). 970s u-boot-tools depends on libssl3 (>= 3.0.0). 970s tnftp depends on libssl3 (>= 3.0.0). 970s tcpdump depends on libssl3 (>= 3.0.0). 970s systemd-resolved depends on libssl3 (>= 3.0.0). 970s systemd depends on libssl3 (>= 3.0.0). 970s sbsigntool depends on libssl3 (>= 3.0.0). 970s rsync depends on libssl3 (>= 3.0.0). 970s python3-cryptography depends on libssl3 (>= 3.0.0). 970s openssh-server depends on libssl3 (>= 3.0.10). 970s openssh-client depends on libssl3 (>= 3.0.10). 970s mtd-utils depends on libssl3 (>= 3.0.0). 970s mokutil depends on libssl3 (>= 3.0.0). 970s linux-headers-6.8.0-11-generic depends on libssl3 (>= 3.0.0). 970s libsystemd-shared:arm64 depends on libssl3 (>= 3.0.0). 970s libssh-4:arm64 depends on libssl3 (>= 3.0.0). 970s libsasl2-modules:arm64 depends on libssl3 (>= 3.0.0). 970s libsasl2-2:arm64 depends on libssl3 (>= 3.0.0). 970s libpython3.12-minimal:arm64 depends on libssl3 (>= 3.0.0). 970s libpython3.11-minimal:arm64 depends on libssl3 (>= 3.0.0). 970s libnvme1 depends on libssl3 (>= 3.0.0). 970s libkrb5-3:arm64 depends on libssl3 (>= 3.0.0). 970s libkmod2:arm64 depends on libssl3 (>= 3.0.0). 970s libfido2-1:arm64 depends on libssl3 (>= 3.0.0). 970s libcurl4:arm64 depends on libssl3 (>= 3.0.0). 970s libcryptsetup12:arm64 depends on libssl3 (>= 3.0.0). 970s kmod depends on libssl3 (>= 3.0.0). 970s dhcpcd-base depends on libssl3 (>= 3.0.0). 970s bind9-libs:arm64 depends on libssl3 (>= 3.0.0). 970s 970s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 75850 files and directories currently installed.) 970s Removing libssl3:arm64 (3.0.10-1ubuntu4) ... 971s Selecting previously unselected package libssl3t64:arm64. 971s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 75839 files and directories currently installed.) 971s Preparing to unpack .../libssl3t64_3.0.13-0ubuntu2_arm64.deb ... 971s Unpacking libssl3t64:arm64 (3.0.13-0ubuntu2) ... 972s Setting up libssl3t64:arm64 (3.0.13-0ubuntu2) ... 972s Setting up sudo (1.9.15p5-3ubuntu3) ... 972s Setting up openssl (3.0.13-0ubuntu2) ... 972s Processing triggers for man-db (2.12.0-3) ... 979s Processing triggers for libc-bin (2.39-0ubuntu2) ... 980s Reading package lists... 981s Building dependency tree... 981s Reading state information... 983s 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 985s Hit:1 http://ftpmaster.internal/ubuntu noble-proposed InRelease 985s Hit:2 http://ftpmaster.internal/ubuntu noble InRelease 985s Hit:3 http://ftpmaster.internal/ubuntu noble-updates InRelease 985s Hit:4 http://ftpmaster.internal/ubuntu noble-security InRelease 992s Reading package lists... 992s Reading package lists... 993s Building dependency tree... 993s Reading state information... 995s Calculating upgrade... 996s 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 996s Reading package lists... 997s Building dependency tree... 997s Reading state information... 1000s 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 1000s autopkgtest [18:06:10]: rebooting testbed after setup commands that affected boot 1172s autopkgtest-virt-ssh: WARNING: ssh connection failed. Retrying in 3 seconds... 1185s autopkgtest-virt-ssh: WARNING: ssh connection failed. Retrying in 3 seconds... 1208s Reading package lists... 1209s Building dependency tree... 1209s Reading state information... 1211s Starting pkgProblemResolver with broken count: 0 1211s Starting 2 pkgProblemResolver with broken count: 0 1211s Done 1214s The following additional packages will be installed: 1214s gnutls-bin libavahi-client3 libavahi-common-data libavahi-common3 1214s libbasicobjects0 libc-ares2 libcollection4 libcrack2 libdhash1 1214s libevent-2.1-7 libgnutls-dane0 libini-config5 libipa-hbac0 libldb2 1214s libnfsidmap1 libnss-sss libpam-pwquality libpam-sss libpath-utils1 1214s libpwquality-common libpwquality1 libref-array1 libsmbclient libsofthsm2 1214s libsss-certmap0 libsss-idmap0 libsss-nss-idmap0 libtalloc2 libtdb1 1214s libtevent0 libunbound8 libwbclient0 python3-sss samba-libs softhsm2 1214s softhsm2-common sssd sssd-ad sssd-ad-common sssd-common sssd-ipa sssd-krb5 1214s sssd-krb5-common sssd-ldap sssd-proxy 1214s Suggested packages: 1214s dns-root-data adcli libsss-sudo sssd-tools libsasl2-modules-ldap 1214s Recommended packages: 1214s cracklib-runtime libsasl2-modules-gssapi-mit 1214s | libsasl2-modules-gssapi-heimdal ldap-utils 1215s The following NEW packages will be installed: 1215s autopkgtest-satdep gnutls-bin libavahi-client3 libavahi-common-data 1215s libavahi-common3 libbasicobjects0 libc-ares2 libcollection4 libcrack2 1215s libdhash1 libevent-2.1-7 libgnutls-dane0 libini-config5 libipa-hbac0 libldb2 1215s libnfsidmap1 libnss-sss libpam-pwquality libpam-sss libpath-utils1 1215s libpwquality-common libpwquality1 libref-array1 libsmbclient libsofthsm2 1215s libsss-certmap0 libsss-idmap0 libsss-nss-idmap0 libtalloc2 libtdb1 1215s libtevent0 libunbound8 libwbclient0 python3-sss samba-libs softhsm2 1215s softhsm2-common sssd sssd-ad sssd-ad-common sssd-common sssd-ipa sssd-krb5 1215s sssd-krb5-common sssd-ldap sssd-proxy 1215s 0 upgraded, 46 newly installed, 0 to remove and 0 not upgraded. 1215s Need to get 10.1 MB/10.1 MB of archives. 1215s After this operation, 48.6 MB of additional disk space will be used. 1215s Get:1 /tmp/autopkgtest.fO43Gi/3-autopkgtest-satdep.deb autopkgtest-satdep arm64 0 [744 B] 1215s Get:2 http://ftpmaster.internal/ubuntu noble/main arm64 libevent-2.1-7 arm64 2.1.12-stable-9 [138 kB] 1216s Get:3 http://ftpmaster.internal/ubuntu noble/main arm64 libunbound8 arm64 1.19.1-1ubuntu1 [423 kB] 1217s Get:4 http://ftpmaster.internal/ubuntu noble/main arm64 libgnutls-dane0 arm64 3.8.3-1ubuntu1 [23.3 kB] 1217s Get:5 http://ftpmaster.internal/ubuntu noble/universe arm64 gnutls-bin arm64 3.8.3-1ubuntu1 [267 kB] 1217s Get:6 http://ftpmaster.internal/ubuntu noble/main arm64 libavahi-common-data arm64 0.8-13ubuntu2 [29.5 kB] 1217s Get:7 http://ftpmaster.internal/ubuntu noble/main arm64 libavahi-common3 arm64 0.8-13ubuntu2 [23.2 kB] 1217s Get:8 http://ftpmaster.internal/ubuntu noble/main arm64 libavahi-client3 arm64 0.8-13ubuntu2 [27.3 kB] 1217s Get:9 http://ftpmaster.internal/ubuntu noble/main arm64 libcrack2 arm64 2.9.6-5.1 [28.7 kB] 1217s Get:10 http://ftpmaster.internal/ubuntu noble/main arm64 libtalloc2 arm64 2.4.2-1 [26.6 kB] 1217s Get:11 http://ftpmaster.internal/ubuntu noble/main arm64 libtdb1 arm64 1.4.10-1 [48.4 kB] 1217s Get:12 http://ftpmaster.internal/ubuntu noble/main arm64 libtevent0 arm64 0.16.1-1 [41.8 kB] 1217s Get:13 http://ftpmaster.internal/ubuntu noble/main arm64 libldb2 arm64 2:2.8.0+samba4.19.5+dfsg-1ubuntu1 [187 kB] 1217s Get:14 http://ftpmaster.internal/ubuntu noble/main arm64 libnfsidmap1 arm64 1:2.6.3-3ubuntu1 [47.1 kB] 1217s Get:15 http://ftpmaster.internal/ubuntu noble/main arm64 libpwquality-common all 1.4.5-3 [7658 B] 1217s Get:16 http://ftpmaster.internal/ubuntu noble/main arm64 libpwquality1 arm64 1.4.5-3 [13.2 kB] 1217s Get:17 http://ftpmaster.internal/ubuntu noble/main arm64 libpam-pwquality arm64 1.4.5-3 [11.6 kB] 1217s Get:18 http://ftpmaster.internal/ubuntu noble/main arm64 libwbclient0 arm64 2:4.19.5+dfsg-1ubuntu1 [70.6 kB] 1217s Get:19 http://ftpmaster.internal/ubuntu noble/main arm64 samba-libs arm64 2:4.19.5+dfsg-1ubuntu1 [6061 kB] 1219s Get:20 http://ftpmaster.internal/ubuntu noble/universe arm64 softhsm2-common arm64 2.6.1-2.2 [5806 B] 1219s Get:21 http://ftpmaster.internal/ubuntu noble/universe arm64 libsofthsm2 arm64 2.6.1-2.2 [246 kB] 1219s Get:22 http://ftpmaster.internal/ubuntu noble/universe arm64 softhsm2 arm64 2.6.1-2.2 [167 kB] 1219s Get:23 http://ftpmaster.internal/ubuntu noble/main arm64 python3-sss arm64 2.9.4-1ubuntu1 [46.5 kB] 1219s Get:24 http://ftpmaster.internal/ubuntu noble/main arm64 libsss-idmap0 arm64 2.9.4-1ubuntu1 [21.8 kB] 1219s Get:25 http://ftpmaster.internal/ubuntu noble/main arm64 libnss-sss arm64 2.9.4-1ubuntu1 [31.7 kB] 1219s Get:26 http://ftpmaster.internal/ubuntu noble/main arm64 libpam-sss arm64 2.9.4-1ubuntu1 [48.8 kB] 1219s Get:27 http://ftpmaster.internal/ubuntu noble/main arm64 libc-ares2 arm64 1.27.0-1 [74.1 kB] 1219s Get:28 http://ftpmaster.internal/ubuntu noble/main arm64 libdhash1 arm64 0.6.2-2 [8540 B] 1219s Get:29 http://ftpmaster.internal/ubuntu noble/main arm64 libbasicobjects0 arm64 0.6.2-2 [5586 B] 1219s Get:30 http://ftpmaster.internal/ubuntu noble/main arm64 libcollection4 arm64 0.6.2-2 [23.0 kB] 1219s Get:31 http://ftpmaster.internal/ubuntu noble/main arm64 libpath-utils1 arm64 0.6.2-2 [8722 B] 1219s Get:32 http://ftpmaster.internal/ubuntu noble/main arm64 libref-array1 arm64 0.6.2-2 [7042 B] 1219s Get:33 http://ftpmaster.internal/ubuntu noble/main arm64 libini-config5 arm64 0.6.2-2 [43.7 kB] 1219s Get:34 http://ftpmaster.internal/ubuntu noble/main arm64 libsss-certmap0 arm64 2.9.4-1ubuntu1 [45.8 kB] 1219s Get:35 http://ftpmaster.internal/ubuntu noble/main arm64 libsss-nss-idmap0 arm64 2.9.4-1ubuntu1 [30.3 kB] 1219s Get:36 http://ftpmaster.internal/ubuntu noble/main arm64 sssd-common arm64 2.9.4-1ubuntu1 [1147 kB] 1220s Get:37 http://ftpmaster.internal/ubuntu noble/main arm64 sssd-ad-common arm64 2.9.4-1ubuntu1 [75.4 kB] 1220s Get:38 http://ftpmaster.internal/ubuntu noble/main arm64 sssd-krb5-common arm64 2.9.4-1ubuntu1 [87.9 kB] 1220s Get:39 http://ftpmaster.internal/ubuntu noble/main arm64 libsmbclient arm64 2:4.19.5+dfsg-1ubuntu1 [62.2 kB] 1220s Get:40 http://ftpmaster.internal/ubuntu noble/main arm64 sssd-ad arm64 2.9.4-1ubuntu1 [134 kB] 1220s Get:41 http://ftpmaster.internal/ubuntu noble/main arm64 libipa-hbac0 arm64 2.9.4-1ubuntu1 [16.7 kB] 1220s Get:42 http://ftpmaster.internal/ubuntu noble/main arm64 sssd-ipa arm64 2.9.4-1ubuntu1 [220 kB] 1220s Get:43 http://ftpmaster.internal/ubuntu noble/main arm64 sssd-krb5 arm64 2.9.4-1ubuntu1 [14.3 kB] 1220s Get:44 http://ftpmaster.internal/ubuntu noble/main arm64 sssd-ldap arm64 2.9.4-1ubuntu1 [31.3 kB] 1220s Get:45 http://ftpmaster.internal/ubuntu noble/main arm64 sssd-proxy arm64 2.9.4-1ubuntu1 [44.6 kB] 1220s Get:46 http://ftpmaster.internal/ubuntu noble/main arm64 sssd arm64 2.9.4-1ubuntu1 [4120 B] 1223s Fetched 10.1 MB in 5s (2183 kB/s) 1223s Selecting previously unselected package libevent-2.1-7:arm64. 1224s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 75852 files and directories currently installed.) 1225s Preparing to unpack .../00-libevent-2.1-7_2.1.12-stable-9_arm64.deb ... 1225s Unpacking libevent-2.1-7:arm64 (2.1.12-stable-9) ... 1225s Selecting previously unselected package libunbound8:arm64. 1225s Preparing to unpack .../01-libunbound8_1.19.1-1ubuntu1_arm64.deb ... 1225s Unpacking libunbound8:arm64 (1.19.1-1ubuntu1) ... 1225s Selecting previously unselected package libgnutls-dane0:arm64. 1225s Preparing to unpack .../02-libgnutls-dane0_3.8.3-1ubuntu1_arm64.deb ... 1225s Unpacking libgnutls-dane0:arm64 (3.8.3-1ubuntu1) ... 1225s Selecting previously unselected package gnutls-bin. 1225s Preparing to unpack .../03-gnutls-bin_3.8.3-1ubuntu1_arm64.deb ... 1225s Unpacking gnutls-bin (3.8.3-1ubuntu1) ... 1225s Selecting previously unselected package libavahi-common-data:arm64. 1226s Preparing to unpack .../04-libavahi-common-data_0.8-13ubuntu2_arm64.deb ... 1226s Unpacking libavahi-common-data:arm64 (0.8-13ubuntu2) ... 1226s Selecting previously unselected package libavahi-common3:arm64. 1226s Preparing to unpack .../05-libavahi-common3_0.8-13ubuntu2_arm64.deb ... 1226s Unpacking libavahi-common3:arm64 (0.8-13ubuntu2) ... 1226s Selecting previously unselected package libavahi-client3:arm64. 1226s Preparing to unpack .../06-libavahi-client3_0.8-13ubuntu2_arm64.deb ... 1226s Unpacking libavahi-client3:arm64 (0.8-13ubuntu2) ... 1226s Selecting previously unselected package libcrack2:arm64. 1226s Preparing to unpack .../07-libcrack2_2.9.6-5.1_arm64.deb ... 1226s Unpacking libcrack2:arm64 (2.9.6-5.1) ... 1226s Selecting previously unselected package libtalloc2:arm64. 1226s Preparing to unpack .../08-libtalloc2_2.4.2-1_arm64.deb ... 1226s Unpacking libtalloc2:arm64 (2.4.2-1) ... 1226s Selecting previously unselected package libtdb1:arm64. 1226s Preparing to unpack .../09-libtdb1_1.4.10-1_arm64.deb ... 1226s Unpacking libtdb1:arm64 (1.4.10-1) ... 1226s Selecting previously unselected package libtevent0:arm64. 1226s Preparing to unpack .../10-libtevent0_0.16.1-1_arm64.deb ... 1226s Unpacking libtevent0:arm64 (0.16.1-1) ... 1226s Selecting previously unselected package libldb2:arm64. 1226s Preparing to unpack .../11-libldb2_2%3a2.8.0+samba4.19.5+dfsg-1ubuntu1_arm64.deb ... 1226s Unpacking libldb2:arm64 (2:2.8.0+samba4.19.5+dfsg-1ubuntu1) ... 1227s Selecting previously unselected package libnfsidmap1:arm64. 1227s Preparing to unpack .../12-libnfsidmap1_1%3a2.6.3-3ubuntu1_arm64.deb ... 1227s Unpacking libnfsidmap1:arm64 (1:2.6.3-3ubuntu1) ... 1227s Selecting previously unselected package libpwquality-common. 1227s Preparing to unpack .../13-libpwquality-common_1.4.5-3_all.deb ... 1227s Unpacking libpwquality-common (1.4.5-3) ... 1227s Selecting previously unselected package libpwquality1:arm64. 1227s Preparing to unpack .../14-libpwquality1_1.4.5-3_arm64.deb ... 1227s Unpacking libpwquality1:arm64 (1.4.5-3) ... 1227s Selecting previously unselected package libpam-pwquality:arm64. 1227s Preparing to unpack .../15-libpam-pwquality_1.4.5-3_arm64.deb ... 1227s Unpacking libpam-pwquality:arm64 (1.4.5-3) ... 1227s Selecting previously unselected package libwbclient0:arm64. 1227s Preparing to unpack .../16-libwbclient0_2%3a4.19.5+dfsg-1ubuntu1_arm64.deb ... 1227s Unpacking libwbclient0:arm64 (2:4.19.5+dfsg-1ubuntu1) ... 1227s Selecting previously unselected package samba-libs:arm64. 1227s Preparing to unpack .../17-samba-libs_2%3a4.19.5+dfsg-1ubuntu1_arm64.deb ... 1227s Unpacking samba-libs:arm64 (2:4.19.5+dfsg-1ubuntu1) ... 1229s Selecting previously unselected package softhsm2-common. 1229s Preparing to unpack .../18-softhsm2-common_2.6.1-2.2_arm64.deb ... 1229s Unpacking softhsm2-common (2.6.1-2.2) ... 1229s Selecting previously unselected package libsofthsm2. 1229s Preparing to unpack .../19-libsofthsm2_2.6.1-2.2_arm64.deb ... 1229s Unpacking libsofthsm2 (2.6.1-2.2) ... 1229s Selecting previously unselected package softhsm2. 1229s Preparing to unpack .../20-softhsm2_2.6.1-2.2_arm64.deb ... 1229s Unpacking softhsm2 (2.6.1-2.2) ... 1229s Selecting previously unselected package python3-sss. 1229s Preparing to unpack .../21-python3-sss_2.9.4-1ubuntu1_arm64.deb ... 1229s Unpacking python3-sss (2.9.4-1ubuntu1) ... 1229s Selecting previously unselected package libsss-idmap0. 1229s Preparing to unpack .../22-libsss-idmap0_2.9.4-1ubuntu1_arm64.deb ... 1229s Unpacking libsss-idmap0 (2.9.4-1ubuntu1) ... 1230s Selecting previously unselected package libnss-sss:arm64. 1230s Preparing to unpack .../23-libnss-sss_2.9.4-1ubuntu1_arm64.deb ... 1230s Unpacking libnss-sss:arm64 (2.9.4-1ubuntu1) ... 1230s Selecting previously unselected package libpam-sss:arm64. 1230s Preparing to unpack .../24-libpam-sss_2.9.4-1ubuntu1_arm64.deb ... 1230s Unpacking libpam-sss:arm64 (2.9.4-1ubuntu1) ... 1230s Selecting previously unselected package libc-ares2:arm64. 1230s Preparing to unpack .../25-libc-ares2_1.27.0-1_arm64.deb ... 1230s Unpacking libc-ares2:arm64 (1.27.0-1) ... 1230s Selecting previously unselected package libdhash1:arm64. 1230s Preparing to unpack .../26-libdhash1_0.6.2-2_arm64.deb ... 1230s Unpacking libdhash1:arm64 (0.6.2-2) ... 1230s Selecting previously unselected package libbasicobjects0:arm64. 1230s Preparing to unpack .../27-libbasicobjects0_0.6.2-2_arm64.deb ... 1230s Unpacking libbasicobjects0:arm64 (0.6.2-2) ... 1230s Selecting previously unselected package libcollection4:arm64. 1230s Preparing to unpack .../28-libcollection4_0.6.2-2_arm64.deb ... 1230s Unpacking libcollection4:arm64 (0.6.2-2) ... 1230s Selecting previously unselected package libpath-utils1:arm64. 1230s Preparing to unpack .../29-libpath-utils1_0.6.2-2_arm64.deb ... 1230s Unpacking libpath-utils1:arm64 (0.6.2-2) ... 1231s Selecting previously unselected package libref-array1:arm64. 1231s Preparing to unpack .../30-libref-array1_0.6.2-2_arm64.deb ... 1231s Unpacking libref-array1:arm64 (0.6.2-2) ... 1231s Selecting previously unselected package libini-config5:arm64. 1231s Preparing to unpack .../31-libini-config5_0.6.2-2_arm64.deb ... 1231s Unpacking libini-config5:arm64 (0.6.2-2) ... 1231s Selecting previously unselected package libsss-certmap0. 1231s Preparing to unpack .../32-libsss-certmap0_2.9.4-1ubuntu1_arm64.deb ... 1231s Unpacking libsss-certmap0 (2.9.4-1ubuntu1) ... 1231s Selecting previously unselected package libsss-nss-idmap0. 1231s Preparing to unpack .../33-libsss-nss-idmap0_2.9.4-1ubuntu1_arm64.deb ... 1231s Unpacking libsss-nss-idmap0 (2.9.4-1ubuntu1) ... 1231s Selecting previously unselected package sssd-common. 1231s Preparing to unpack .../34-sssd-common_2.9.4-1ubuntu1_arm64.deb ... 1231s Unpacking sssd-common (2.9.4-1ubuntu1) ... 1232s Selecting previously unselected package sssd-ad-common. 1232s Preparing to unpack .../35-sssd-ad-common_2.9.4-1ubuntu1_arm64.deb ... 1232s Unpacking sssd-ad-common (2.9.4-1ubuntu1) ... 1232s Selecting previously unselected package sssd-krb5-common. 1232s Preparing to unpack .../36-sssd-krb5-common_2.9.4-1ubuntu1_arm64.deb ... 1232s Unpacking sssd-krb5-common (2.9.4-1ubuntu1) ... 1232s Selecting previously unselected package libsmbclient:arm64. 1232s Preparing to unpack .../37-libsmbclient_2%3a4.19.5+dfsg-1ubuntu1_arm64.deb ... 1232s Unpacking libsmbclient:arm64 (2:4.19.5+dfsg-1ubuntu1) ... 1232s Selecting previously unselected package sssd-ad. 1232s Preparing to unpack .../38-sssd-ad_2.9.4-1ubuntu1_arm64.deb ... 1233s Unpacking sssd-ad (2.9.4-1ubuntu1) ... 1233s Selecting previously unselected package libipa-hbac0. 1233s Preparing to unpack .../39-libipa-hbac0_2.9.4-1ubuntu1_arm64.deb ... 1233s Unpacking libipa-hbac0 (2.9.4-1ubuntu1) ... 1233s Selecting previously unselected package sssd-ipa. 1233s Preparing to unpack .../40-sssd-ipa_2.9.4-1ubuntu1_arm64.deb ... 1233s Unpacking sssd-ipa (2.9.4-1ubuntu1) ... 1233s Selecting previously unselected package sssd-krb5. 1233s Preparing to unpack .../41-sssd-krb5_2.9.4-1ubuntu1_arm64.deb ... 1233s Unpacking sssd-krb5 (2.9.4-1ubuntu1) ... 1233s Selecting previously unselected package sssd-ldap. 1233s Preparing to unpack .../42-sssd-ldap_2.9.4-1ubuntu1_arm64.deb ... 1233s Unpacking sssd-ldap (2.9.4-1ubuntu1) ... 1233s Selecting previously unselected package sssd-proxy. 1233s Preparing to unpack .../43-sssd-proxy_2.9.4-1ubuntu1_arm64.deb ... 1233s Unpacking sssd-proxy (2.9.4-1ubuntu1) ... 1234s Selecting previously unselected package sssd. 1234s Preparing to unpack .../44-sssd_2.9.4-1ubuntu1_arm64.deb ... 1234s Unpacking sssd (2.9.4-1ubuntu1) ... 1234s Selecting previously unselected package autopkgtest-satdep. 1234s Preparing to unpack .../45-3-autopkgtest-satdep.deb ... 1234s Unpacking autopkgtest-satdep (0) ... 1234s Setting up libpwquality-common (1.4.5-3) ... 1234s Setting up libpath-utils1:arm64 (0.6.2-2) ... 1234s Setting up softhsm2-common (2.6.1-2.2) ... 1236s 1236s Creating config file /etc/softhsm/softhsm2.conf with new version 1236s Setting up libnfsidmap1:arm64 (1:2.6.3-3ubuntu1) ... 1236s Setting up libsss-idmap0 (2.9.4-1ubuntu1) ... 1236s Setting up libbasicobjects0:arm64 (0.6.2-2) ... 1236s Setting up libtdb1:arm64 (1.4.10-1) ... 1236s Setting up libc-ares2:arm64 (1.27.0-1) ... 1236s Setting up libwbclient0:arm64 (2:4.19.5+dfsg-1ubuntu1) ... 1236s Setting up libtalloc2:arm64 (2.4.2-1) ... 1236s Setting up libdhash1:arm64 (0.6.2-2) ... 1236s Setting up libtevent0:arm64 (0.16.1-1) ... 1236s Setting up libavahi-common-data:arm64 (0.8-13ubuntu2) ... 1236s Setting up libevent-2.1-7:arm64 (2.1.12-stable-9) ... 1236s Setting up libcrack2:arm64 (2.9.6-5.1) ... 1236s Setting up libcollection4:arm64 (0.6.2-2) ... 1236s Setting up libipa-hbac0 (2.9.4-1ubuntu1) ... 1236s Setting up libref-array1:arm64 (0.6.2-2) ... 1236s Setting up libldb2:arm64 (2:2.8.0+samba4.19.5+dfsg-1ubuntu1) ... 1236s Setting up libsss-nss-idmap0 (2.9.4-1ubuntu1) ... 1236s Setting up libnss-sss:arm64 (2.9.4-1ubuntu1) ... 1236s Setting up libsofthsm2 (2.6.1-2.2) ... 1236s Setting up softhsm2 (2.6.1-2.2) ... 1236s Setting up libini-config5:arm64 (0.6.2-2) ... 1236s Setting up libavahi-common3:arm64 (0.8-13ubuntu2) ... 1236s Setting up python3-sss (2.9.4-1ubuntu1) ... 1238s Setting up libsss-certmap0 (2.9.4-1ubuntu1) ... 1238s Setting up libunbound8:arm64 (1.19.1-1ubuntu1) ... 1238s Setting up libpwquality1:arm64 (1.4.5-3) ... 1238s Setting up libavahi-client3:arm64 (0.8-13ubuntu2) ... 1238s Setting up libgnutls-dane0:arm64 (3.8.3-1ubuntu1) ... 1238s Setting up libpam-pwquality:arm64 (1.4.5-3) ... 1238s Setting up samba-libs:arm64 (2:4.19.5+dfsg-1ubuntu1) ... 1238s Setting up libsmbclient:arm64 (2:4.19.5+dfsg-1ubuntu1) ... 1238s Setting up libpam-sss:arm64 (2.9.4-1ubuntu1) ... 1239s Setting up gnutls-bin (3.8.3-1ubuntu1) ... 1239s Setting up sssd-common (2.9.4-1ubuntu1) ... 1239s Creating SSSD system user & group... 1240s warn: The home directory `/var/lib/sss' already exists. Not touching this directory. 1240s warn: Warning: The home directory `/var/lib/sss' does not belong to the user you are currently creating. 1241s Warning: found usr.sbin.sssd in /etc/apparmor.d/force-complain, forcing complain mode 1241s Warning from /etc/apparmor.d/usr.sbin.sssd (/etc/apparmor.d/usr.sbin.sssd line 63): Caching disabled for: 'usr.sbin.sssd' due to force complain 1244s Created symlink /etc/systemd/system/sssd.service.wants/sssd-autofs.socket → /usr/lib/systemd/system/sssd-autofs.socket. 1245s Created symlink /etc/systemd/system/sssd.service.wants/sssd-nss.socket → /usr/lib/systemd/system/sssd-nss.socket. 1246s Created symlink /etc/systemd/system/sssd.service.wants/sssd-pam-priv.socket → /usr/lib/systemd/system/sssd-pam-priv.socket. 1247s Created symlink /etc/systemd/system/sssd.service.wants/sssd-pam.socket → /usr/lib/systemd/system/sssd-pam.socket. 1248s Created symlink /etc/systemd/system/sssd.service.wants/sssd-ssh.socket → /usr/lib/systemd/system/sssd-ssh.socket. 1249s Created symlink /etc/systemd/system/sssd.service.wants/sssd-sudo.socket → /usr/lib/systemd/system/sssd-sudo.socket. 1251s Created symlink /etc/systemd/system/multi-user.target.wants/sssd.service → /usr/lib/systemd/system/sssd.service. 1252s sssd-autofs.service is a disabled or a static unit, not starting it. 1252s sssd-nss.service is a disabled or a static unit, not starting it. 1253s sssd-pam.service is a disabled or a static unit, not starting it. 1253s sssd-ssh.service is a disabled or a static unit, not starting it. 1253s sssd-sudo.service is a disabled or a static unit, not starting it. 1253s Could not execute systemctl: at /usr/bin/deb-systemd-invoke line 148. 1253s Setting up sssd-proxy (2.9.4-1ubuntu1) ... 1253s Setting up sssd-ad-common (2.9.4-1ubuntu1) ... 1254s Created symlink /etc/systemd/system/sssd.service.wants/sssd-pac.socket → /usr/lib/systemd/system/sssd-pac.socket. 1257s sssd-pac.service is a disabled or a static unit, not starting it. 1257s Could not execute systemctl: at /usr/bin/deb-systemd-invoke line 148. 1257s Setting up sssd-krb5-common (2.9.4-1ubuntu1) ... 1257s Setting up sssd-krb5 (2.9.4-1ubuntu1) ... 1257s Setting up sssd-ldap (2.9.4-1ubuntu1) ... 1257s Setting up sssd-ad (2.9.4-1ubuntu1) ... 1257s Setting up sssd-ipa (2.9.4-1ubuntu1) ... 1257s Setting up sssd (2.9.4-1ubuntu1) ... 1257s Setting up autopkgtest-satdep (0) ... 1257s Processing triggers for man-db (2.12.0-3) ... 1260s Processing triggers for libc-bin (2.39-0ubuntu2) ... 1273s (Reading database ... 76440 files and directories currently installed.) 1274s Removing autopkgtest-satdep (0) ... 1292s autopkgtest [18:11:02]: test sssd-softhism2-certificates-tests.sh: [----------------------- 1292s + '[' -z ubuntu ']' 1292s + required_tools=(p11tool openssl softhsm2-util) 1292s + for cmd in "${required_tools[@]}" 1292s + command -v p11tool 1292s + for cmd in "${required_tools[@]}" 1292s + command -v openssl 1292s + for cmd in "${required_tools[@]}" 1292s + command -v softhsm2-util 1292s + PIN=053350 1292s +++ find /usr/lib/softhsm/libsofthsm2.so 1292s +++ head -n 1 1292s ++ realpath /usr/lib/softhsm/libsofthsm2.so 1292s + SOFTHSM2_MODULE=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so 1292s + SSSD_P11_CHILD=/usr/libexec/sssd/p11_child 1292s + TOKEN_ID=00112233445566778899FFAABBCCDDEEFF012345 1292s + '[' '!' -v NO_SSSD_TESTS ']' 1292s + '[' '!' -x /usr/libexec/sssd/p11_child ']' 1292s + ca_db_arg=ca_db 1292s ++ /usr/libexec/sssd/p11_child --help 1292s + p11_child_help='Usage: p11_child [OPTION...] 1292s -d, --debug-level=INT Debug level 1292s --debug-timestamps=INT Add debug timestamps 1292s --debug-microseconds=INT Show timestamps with microseconds 1292s --dumpable=INT Allow core dumps 1292s --debug-fd=INT An open file descriptor for the debug 1292s logs 1292s --logger=stderr|files|journald Set logger 1292s --auth Run in auth mode 1292s --pre Run in pre-auth mode 1292s --wait_for_card Wait until card is available 1292s --verification Run in verification mode 1292s --pin Expect PIN on stdin 1292s --keypad Expect PIN on keypad 1292s --verify=STRING Tune validation 1292s --ca_db=STRING CA DB to use 1292s --module_name=STRING Module name for authentication 1292s --token_name=STRING Token name for authentication 1292s --key_id=STRING Key ID for authentication 1292s --label=STRING Label for authentication 1292s --certificate=STRING certificate to verify, base64 encoded 1292s --uri=STRING PKCS#11 URI to restrict selection 1292s --chain-id=LONG Tevent chain ID used for logging 1292s purposes 1292s 1292s Help options: 1292s -?, --help Show this help message 1292s --usage Display brief usage message' 1292s + grep nssdb -qs 1292s + echo 'Usage: p11_child [OPTION...] 1292s -d, --debug-level=INT Debug level 1292s --debug-timestamps=INT Add debug timestamps 1292s --debug-microseconds=INT Show timestamps with microseconds 1292s --dumpable=INT Allow core dumps 1292s --debug-fd=INT An open file descriptor for the debug 1292s logs 1292s --logger=stderr|files|journald Set logger 1292s --auth Run in auth mode 1292s --pre Run in pre-auth mode 1292s --wait_for_card Wait until card is available 1292s --verification Run in verification mode 1292s --pin Expect PIN on stdin 1292s --keypad Expect PIN on keypad 1292s --verify=STRING Tune validation 1292s --ca_db=STRING CA DB to use 1292s --module_name=STRING Module name for authentication 1292s --token_name=STRING Token name for authentication 1292s --key_id=STRING Key ID for authentication 1292s --label=STRING Label for authentication 1292s --certificate=STRING certificate to verify, base64 encoded 1292s --uri=STRING PKCS#11 URI to restrict selection 1292s --chain-id=LONG Tevent chain ID used for logging 1292s purposes 1292s 1292s Help options: 1292s -?, --help Show this help message 1292s --usage Display brief usage message' 1292s + echo 'Usage: p11_child [OPTION...] 1292s -d, --debug-level=INT Debug level 1292s + grep -qs -- --ca_db 1292s --debug-timestamps=INT Add debug timestamps 1292s --debug-microseconds=INT Show timestamps with microseconds 1292s --dumpable=INT Allow core dumps 1292s --debug-fd=INT An open file descriptor for the debug 1292s logs 1292s --logger=stderr|files|journald Set logger 1292s --auth Run in auth mode 1292s --pre Run in pre-auth mode 1292s --wait_for_card Wait until card is available 1292s --verification Run in verification mode 1292s --pin Expect PIN on stdin 1292s --keypad Expect PIN on keypad 1292s --verify=STRING Tune validation 1292s --ca_db=STRING CA DB to use 1292s --module_name=STRING Module name for authentication 1292s --token_name=STRING Token name for authentication 1292s --key_id=STRING Key ID for authentication 1292s --label=STRING Label for authentication 1292s --certificate=STRING certificate to verify, base64 encoded 1292s --uri=STRING PKCS#11 URI to restrict selection 1292s --chain-id=LONG Tevent chain ID used for logging 1292s purposes 1292s 1292s Help options: 1292s -?, --help Show this help message 1292s --usage Display brief usage message' 1292s + '[' '!' -e /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so ']' 1292s ++ mktemp -d -t sssd-softhsm2-XXXXXX 1292s + tmpdir=/tmp/sssd-softhsm2-MrKnJX 1292s + keys_size=1024 1292s + [[ ! -v KEEP_TEMPORARY_FILES ]] 1292s + trap 'rm -rf "$tmpdir"' EXIT 1292s + trap 'set +x; echo -e "\nUnexpected failure!!!"' ERR 1292s + echo -n 01 1292s + touch /tmp/sssd-softhsm2-MrKnJX/index.txt 1292s + mkdir -p /tmp/sssd-softhsm2-MrKnJX/new_certs 1292s + cat 1292s + root_ca_key_pass=pass:random-root-CA-password-17521 1292s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-MrKnJX/test-root-CA-key.pem -passout pass:random-root-CA-password-17521 1024 1292s + openssl req -passin pass:random-root-CA-password-17521 -batch -config /tmp/sssd-softhsm2-MrKnJX/test-root-CA.config -x509 -new -nodes -key /tmp/sssd-softhsm2-MrKnJX/test-root-CA-key.pem -sha256 -days 1024 -set_serial 0 -extensions v3_ca -out /tmp/sssd-softhsm2-MrKnJX/test-root-CA.pem 1293s + openssl x509 -noout -in /tmp/sssd-softhsm2-MrKnJX/test-root-CA.pem 1293s + cat 1293s + intermediate_ca_key_pass=pass:random-intermediate-CA-password-11844 1293s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-MrKnJX/test-intermediate-CA-key.pem -passout pass:random-intermediate-CA-password-11844 1024 1293s + openssl req -batch -new -nodes -passin pass:random-intermediate-CA-password-11844 -config /tmp/sssd-softhsm2-MrKnJX/test-intermediate-CA.config -key /tmp/sssd-softhsm2-MrKnJX/test-intermediate-CA-key.pem -passout pass:random-root-CA-password-17521 -sha256 -extensions v3_ca -out /tmp/sssd-softhsm2-MrKnJX/test-intermediate-CA-certificate-request.pem 1293s + openssl req -text -noout -in /tmp/sssd-softhsm2-MrKnJX/test-intermediate-CA-certificate-request.pem 1293s Certificate Request: 1293s Data: 1293s Version: 1 (0x0) 1293s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 1293s Subject Public Key Info: 1293s Public Key Algorithm: rsaEncryption 1293s Public-Key: (1024 bit) 1293s Modulus: 1293s 00:91:8a:77:f6:8c:df:5a:43:fb:18:ed:c7:70:4e: 1293s 8b:be:61:7a:7c:69:95:be:57:68:1a:fa:4d:b6:16: 1293s 81:ab:dc:20:99:6c:1b:5d:fc:54:65:db:5f:bd:34: 1293s 6a:b0:c0:cb:c4:7a:d8:5e:80:05:73:2a:dd:8d:25: 1293s b5:26:2d:0c:18:90:1a:40:23:9d:c6:78:3b:c5:cd: 1293s c3:28:8b:07:47:2b:32:31:2a:f9:e6:85:6d:0d:c7: 1293s f9:5f:ea:5e:1d:db:ec:29:4d:d7:ae:43:19:e6:bb: 1293s 3c:80:c9:95:b1:4f:21:bf:f3:22:b0:53:d2:9f:d9: 1293s 8b:84:70:f6:c3:2d:95:0f:e7 1293s Exponent: 65537 (0x10001) 1293s Attributes: 1293s (none) 1293s Requested Extensions: 1293s Signature Algorithm: sha256WithRSAEncryption 1293s Signature Value: 1293s 27:f0:3c:3c:45:95:96:96:6d:0e:47:17:f2:86:6f:a4:22:e1: 1293s f0:56:7d:34:c4:5f:dd:78:a0:44:16:27:d5:ac:85:76:43:4a: 1293s 26:62:d9:73:21:bd:90:2e:83:6c:3e:df:28:8c:31:98:07:c7: 1293s 39:46:3d:08:88:29:5e:14:49:8e:76:ae:c6:9b:73:8d:3b:2e: 1293s 71:0a:e7:a4:a3:0b:9f:8f:f0:a8:8a:78:31:bb:41:de:98:f3: 1293s 98:e5:9f:58:ff:25:e8:13:d2:9e:1e:50:f0:19:e9:3c:66:f5: 1293s b6:f3:48:d6:73:79:7b:d7:3d:33:c6:fb:d4:a3:26:b1:aa:97: 1293s d8:cb 1293s + openssl ca -batch -notext -config /tmp/sssd-softhsm2-MrKnJX/test-root-CA.config -passin pass:random-root-CA-password-17521 -keyfile /tmp/sssd-softhsm2-MrKnJX/test-root-CA-key.pem -in /tmp/sssd-softhsm2-MrKnJX/test-intermediate-CA-certificate-request.pem -days 365 -extensions v3_intermediate_ca -out /tmp/sssd-softhsm2-MrKnJX/test-intermediate-CA.pem 1293s Using configuration from /tmp/sssd-softhsm2-MrKnJX/test-root-CA.config 1293s Check that the request matches the signature 1293s Signature ok 1293s Certificate Details: 1293s Serial Number: 1 (0x1) 1293s Validity 1293s Not Before: Mar 18 18:11:03 2024 GMT 1293s Not After : Mar 18 18:11:03 2025 GMT 1293s Subject: 1293s organizationName = Test Organization 1293s organizationalUnitName = Test Organization Unit 1293s commonName = Test Organization Intermediate CA 1293s X509v3 extensions: 1293s X509v3 Subject Key Identifier: 1293s A1:B8:7A:33:3A:B7:3F:51:17:99:71:03:06:72:5B:9C:A7:CA:57:50 1293s X509v3 Authority Key Identifier: 1293s keyid:DE:81:23:6D:61:38:74:A5:33:A9:F2:A7:5D:C8:65:B1:B5:31:91:1E 1293s DirName:/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root CA 1293s serial:00 1293s X509v3 Basic Constraints: 1293s CA:TRUE 1293s X509v3 Key Usage: critical 1293s Digital Signature, Certificate Sign, CRL Sign 1293s Certificate is to be certified until Mar 18 18:11:03 2025 GMT (365 days) 1293s 1293s Write out database with 1 new entries 1293s Database updated 1293s + openssl x509 -noout -in /tmp/sssd-softhsm2-MrKnJX/test-intermediate-CA.pem 1293s + openssl verify -CAfile /tmp/sssd-softhsm2-MrKnJX/test-root-CA.pem /tmp/sssd-softhsm2-MrKnJX/test-intermediate-CA.pem 1293s /tmp/sssd-softhsm2-MrKnJX/test-intermediate-CA.pem: OK 1293s + cat 1293s + sub_intermediate_ca_key_pass=pass:random-sub-intermediate-CA-password-4753 1293s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-MrKnJX/test-sub-intermediate-CA-key.pem -passout pass:random-sub-intermediate-CA-password-4753 1024 1293s + openssl req -batch -new -nodes -passin pass:random-sub-intermediate-CA-password-4753 -config /tmp/sssd-softhsm2-MrKnJX/test-sub-intermediate-CA.config -key /tmp/sssd-softhsm2-MrKnJX/test-sub-intermediate-CA-key.pem -passout pass:random-intermediate-CA-password-11844 -sha256 -extensions v3_ca -out /tmp/sssd-softhsm2-MrKnJX/test-sub-intermediate-CA-certificate-request.pem 1293s + openssl req -text -noout -in /tmp/sssd-softhsm2-MrKnJX/test-sub-intermediate-CA-certificate-request.pem 1293s Certificate Request: 1293s Data: 1293s Version: 1 (0x0) 1293s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 1293s Subject Public Key Info: 1293s Public Key Algorithm: rsaEncryption 1293s Public-Key: (1024 bit) 1293s Modulus: 1293s 00:d7:97:43:2d:ac:33:bd:6e:41:91:0a:63:8a:c7: 1293s a8:ea:32:21:f1:c0:3a:47:dd:2d:90:8b:72:5d:14: 1293s da:58:7e:f4:a3:06:ef:f4:10:e4:da:c1:92:2d:32: 1293s 2d:c1:bd:3c:d1:14:47:bb:17:e4:6d:7f:12:81:b2: 1293s fb:40:e4:43:69:56:75:0d:9e:01:ed:9f:ac:c7:6a: 1293s 48:ef:47:a8:85:93:dd:5f:bf:72:98:81:6c:b2:91: 1293s 44:4f:9c:06:24:f9:c2:75:0b:4b:23:0f:cc:61:df: 1293s 76:65:1a:a3:d9:e0:2b:2f:2b:0b:67:12:5a:b5:82: 1293s 4d:55:63:46:2d:73:ac:08:6b 1293s Exponent: 65537 (0x10001) 1293s Attributes: 1293s (none) 1293s Requested Extensions: 1293s Signature Algorithm: sha256WithRSAEncryption 1293s Signature Value: 1293s bf:b3:fb:b8:9c:e5:20:1a:6a:b2:0f:a4:89:bf:bf:a6:ac:ec: 1293s 0e:3c:06:27:d6:ef:da:5a:c2:34:26:e7:c7:08:d4:c3:7b:70: 1293s ea:16:93:09:c5:41:56:e7:37:5e:84:48:f2:0c:d2:29:38:ed: 1293s cc:7b:35:5b:28:ee:e6:1c:2d:40:63:40:fe:a6:a6:70:f8:b1: 1293s f4:d9:a0:75:d3:80:b9:75:3a:97:33:e3:91:f5:d6:3d:29:97: 1293s f5:cc:40:20:81:21:87:46:30:6e:db:d4:d6:19:91:a4:a2:55: 1293s dd:2c:d8:aa:5f:fb:5c:78:dd:c5:a4:34:b6:86:58:89:d1:ef: 1293s 42:53 1293s + openssl ca -batch -notext -config /tmp/sssd-softhsm2-MrKnJX/test-intermediate-CA.config -passin pass:random-intermediate-CA-password-11844 -keyfile /tmp/sssd-softhsm2-MrKnJX/test-intermediate-CA-key.pem -in /tmp/sssd-softhsm2-MrKnJX/test-sub-intermediate-CA-certificate-request.pem -days 365 -extensions v3_intermediate_ca -out /tmp/sssd-softhsm2-MrKnJX/test-sub-intermediate-CA.pem 1293s Using configuration from /tmp/sssd-softhsm2-MrKnJX/test-intermediate-CA.config 1293s Check that the request matches the signature 1293s Signature ok 1293s Certificate Details: 1293s Serial Number: 2 (0x2) 1293s Validity 1293s Not Before: Mar 18 18:11:03 2024 GMT 1293s Not After : Mar 18 18:11:03 2025 GMT 1293s Subject: 1293s organizationName = Test Organization 1293s organizationalUnitName = Test Organization Unit 1293s commonName = Test Organization Sub Intermediate CA 1293s X509v3 extensions: 1293s X509v3 Subject Key Identifier: 1293s AF:47:73:AB:B1:CB:E0:E9:7E:D7:08:83:64:9C:A4:EC:70:13:49:F0 1293s X509v3 Authority Key Identifier: 1293s keyid:A1:B8:7A:33:3A:B7:3F:51:17:99:71:03:06:72:5B:9C:A7:CA:57:50 1293s DirName:/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root CA 1293s serial:01 1293s X509v3 Basic Constraints: 1293s CA:TRUE 1293s X509v3 Key Usage: critical 1293s Digital Signature, Certificate Sign, CRL Sign 1293s Certificate is to be certified until Mar 18 18:11:03 2025 GMT (365 days) 1293s 1293s Write out database with 1 new entries 1293s Database updated 1293s + openssl x509 -noout -in /tmp/sssd-softhsm2-MrKnJX/test-sub-intermediate-CA.pem 1294s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-MrKnJX/test-intermediate-CA.pem /tmp/sssd-softhsm2-MrKnJX/test-sub-intermediate-CA.pem 1294s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-MrKnJX/test-root-CA.pem /tmp/sssd-softhsm2-MrKnJX/test-sub-intermediate-CA.pem 1294s + local cmd=openssl 1294s + shift 1294s + openssl verify -CAfile /tmp/sssd-softhsm2-MrKnJX/test-root-CA.pem /tmp/sssd-softhsm2-MrKnJX/test-sub-intermediate-CA.pem 1294s /tmp/sssd-softhsm2-MrKnJX/test-sub-intermediate-CA.pem: OK 1294s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 1294s error 20 at 0 depth lookup: unable to get local issuer certificate 1294s error /tmp/sssd-softhsm2-MrKnJX/test-sub-intermediate-CA.pem: verification failed 1294s + cat 1294s + root_ca_trusted_cert_0001_key_pass=pass:random-root-ca-trusted-cert-0001-779 1294s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-MrKnJX/test-root-CA-trusted-certificate-0001-key.pem -passout pass:random-root-ca-trusted-cert-0001-779 1024 1294s + openssl req -new -nodes -reqexts req_exts -passin pass:random-root-ca-trusted-cert-0001-779 -key /tmp/sssd-softhsm2-MrKnJX/test-root-CA-trusted-certificate-0001-key.pem -config /tmp/sssd-softhsm2-MrKnJX/test-root-CA-trusted-certificate-0001.config -out /tmp/sssd-softhsm2-MrKnJX/test-root-CA-trusted-certificate-0001-request.pem 1294s + openssl req -text -noout -in /tmp/sssd-softhsm2-MrKnJX/test-root-CA-trusted-certificate-0001-request.pem 1294s Certificate Request: 1294s Data: 1294s Version: 1 (0x0) 1294s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 1294s Subject Public Key Info: 1294s Public Key Algorithm: rsaEncryption 1294s Public-Key: (1024 bit) 1294s Modulus: 1294s 00:c5:62:c5:32:31:5d:c3:ff:b0:21:d2:03:b8:fa: 1294s 19:4b:bd:0c:06:75:4e:e7:7d:24:53:bb:d6:af:61: 1294s 33:17:96:51:b7:26:ef:de:11:41:38:6b:df:53:6e: 1294s f2:59:31:2b:f7:35:3f:bc:1b:1f:ae:29:42:7c:b4: 1294s 53:88:24:2c:65:90:cf:33:e0:be:d6:78:a8:b3:7d: 1294s ca:03:e7:e0:fe:47:d9:2f:c9:74:5c:88:26:07:8c: 1294s bf:ee:e2:72:e9:07:31:f7:71:d6:74:89:75:0e:6b: 1294s 8a:58:81:4c:80:7e:83:b5:97:33:ba:37:4b:51:0f: 1294s 14:47:e0:29:6c:45:54:3c:6b 1294s Exponent: 65537 (0x10001) 1294s Attributes: 1294s Requested Extensions: 1294s X509v3 Basic Constraints: 1294s CA:FALSE 1294s Netscape Cert Type: 1294s SSL Client, S/MIME 1294s Netscape Comment: 1294s Test Organization Root CA trusted Certificate 1294s X509v3 Subject Key Identifier: 1294s C1:F2:58:4E:08:1E:A2:EA:7C:5F:97:D1:F7:B8:0D:A1:35:FA:60:21 1294s X509v3 Key Usage: critical 1294s Digital Signature, Non Repudiation, Key Encipherment 1294s X509v3 Extended Key Usage: 1294s TLS Web Client Authentication, E-mail Protection 1294s X509v3 Subject Alternative Name: 1294s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 1294s Signature Algorithm: sha256WithRSAEncryption 1294s Signature Value: 1294s 35:30:bd:a8:0d:cc:67:65:25:f2:d5:b2:23:f4:44:a9:b1:da: 1294s ea:96:30:88:e6:c6:92:fd:2f:b1:bf:d6:1e:fa:a2:d7:06:a1: 1294s bd:3a:b4:a1:cf:69:c0:80:2c:bf:2e:e4:ef:69:44:a5:48:7e: 1294s aa:6e:19:7b:3a:37:5c:cd:e0:dd:2e:fa:a6:34:1f:7e:cb:7f: 1294s 1f:63:6b:27:a1:8f:7d:ab:3f:d7:9c:cf:c4:aa:ef:2a:9f:1b: 1294s 17:bd:af:85:3c:28:b1:22:5c:61:5d:ed:7a:33:02:dc:a2:74: 1294s d1:36:44:4e:dd:9d:14:94:c5:e0:b7:09:16:f2:9e:e9:19:45: 1294s a8:20 1294s + openssl ca -batch -notext -config /tmp/sssd-softhsm2-MrKnJX/test-root-CA.config -passin pass:random-root-CA-password-17521 -keyfile /tmp/sssd-softhsm2-MrKnJX/test-root-CA-key.pem -in /tmp/sssd-softhsm2-MrKnJX/test-root-CA-trusted-certificate-0001-request.pem -days 365 -extensions usr_cert -out /tmp/sssd-softhsm2-MrKnJX/test-root-CA-trusted-certificate-0001.pem 1294s Using configuration from /tmp/sssd-softhsm2-MrKnJX/test-root-CA.config 1294s Check that the request matches the signature 1294s Signature ok 1294s Certificate Details: 1294s Serial Number: 3 (0x3) 1294s Validity 1294s Not Before: Mar 18 18:11:04 2024 GMT 1294s Not After : Mar 18 18:11:04 2025 GMT 1294s Subject: 1294s organizationName = Test Organization 1294s organizationalUnitName = Test Organization Unit 1294s commonName = Test Organization Root Trusted Certificate 0001 1294s X509v3 extensions: 1294s X509v3 Authority Key Identifier: 1294s DE:81:23:6D:61:38:74:A5:33:A9:F2:A7:5D:C8:65:B1:B5:31:91:1E 1294s X509v3 Basic Constraints: 1294s CA:FALSE 1294s Netscape Cert Type: 1294s SSL Client, S/MIME 1294s Netscape Comment: 1294s Test Organization Root CA trusted Certificate 1294s X509v3 Subject Key Identifier: 1294s C1:F2:58:4E:08:1E:A2:EA:7C:5F:97:D1:F7:B8:0D:A1:35:FA:60:21 1294s X509v3 Key Usage: critical 1294s Digital Signature, Non Repudiation, Key Encipherment 1294s X509v3 Extended Key Usage: 1294s TLS Web Client Authentication, E-mail Protection 1294s X509v3 Subject Alternative Name: 1294s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 1294s Certificate is to be certified until Mar 18 18:11:04 2025 GMT (365 days) 1294s 1294s Write out database with 1 new entries 1294s Database updated 1294s + openssl x509 -noout -in /tmp/sssd-softhsm2-MrKnJX/test-root-CA-trusted-certificate-0001.pem 1294s + openssl verify -CAfile /tmp/sssd-softhsm2-MrKnJX/test-root-CA.pem /tmp/sssd-softhsm2-MrKnJX/test-root-CA-trusted-certificate-0001.pem 1294s /tmp/sssd-softhsm2-MrKnJX/test-root-CA-trusted-certificate-0001.pem: OK 1294s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-MrKnJX/test-intermediate-CA.pem /tmp/sssd-softhsm2-MrKnJX/test-root-CA-trusted-certificate-0001.pem 1294s + local cmd=openssl 1294s + shift 1294s + openssl verify -CAfile /tmp/sssd-softhsm2-MrKnJX/test-intermediate-CA.pem /tmp/sssd-softhsm2-MrKnJX/test-root-CA-trusted-certificate-0001.pem 1294s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 1294s error 20 at 0 depth lookup: unable to get local issuer certificate 1294s error /tmp/sssd-softhsm2-MrKnJX/test-root-CA-trusted-certificate-0001.pem: verification failed 1294s + cat 1294s + intermediate_ca_trusted_cert_0001_key_pass=pass:random-intermediate-ca-trusted-cert-0001-24095 1294s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-MrKnJX/test-intermediate-CA-trusted-certificate-0001-key.pem -passout pass:random-intermediate-ca-trusted-cert-0001-24095 1024 1294s + openssl req -new -nodes -reqexts req_exts -passin pass:random-intermediate-ca-trusted-cert-0001-24095 -key /tmp/sssd-softhsm2-MrKnJX/test-intermediate-CA-trusted-certificate-0001-key.pem -config /tmp/sssd-softhsm2-MrKnJX/test-intermediate-CA-trusted-certificate-0001.config -out /tmp/sssd-softhsm2-MrKnJX/test-intermediate-CA-trusted-certificate-0001-request.pem 1294s + openssl req -text -noout -in /tmp/sssd-softhsm2-MrKnJX/test-intermediate-CA-trusted-certificate-0001-request.pem 1294s Certificate Request: 1294s Data: 1294s Version: 1 (0x0) 1294s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 1294s Subject Public Key Info: 1294s Public Key Algorithm: rsaEncryption 1294s Public-Key: (1024 bit) 1294s Modulus: 1294s 00:ca:f6:4c:6d:b2:6a:bd:9b:c1:92:2d:50:f5:20: 1294s 8a:c7:dc:cf:61:f6:9d:68:10:c6:d7:68:dd:69:43: 1294s 09:95:9c:71:41:91:21:22:78:13:f4:df:93:83:1f: 1294s 3a:65:58:87:fb:02:f1:78:fb:6a:d7:87:ee:35:27: 1294s 2f:dc:6c:02:b6:2d:0a:e8:61:9f:a2:b8:29:a4:2e: 1294s 65:c4:5b:20:55:73:2b:c5:f7:83:68:05:ee:02:76: 1294s cc:51:b0:d9:51:5f:ea:c4:8c:46:2c:41:dc:83:f2: 1294s dd:e8:d5:7d:89:5d:d7:52:6c:28:ca:f6:eb:33:f7: 1294s fb:b0:8b:9a:cd:e5:54:93:c7 1294s Exponent: 65537 (0x10001) 1294s Attributes: 1294s Requested Extensions: 1294s X509v3 Basic Constraints: 1294s CA:FALSE 1294s Netscape Cert Type: 1294s SSL Client, S/MIME 1294s Netscape Comment: 1294s Test Organization Intermediate CA trusted Certificate 1294s X509v3 Subject Key Identifier: 1294s 4F:F4:18:7E:68:F1:73:90:A2:DF:29:59:5E:06:2D:B9:3B:A6:3A:5A 1294s X509v3 Key Usage: critical 1294s Digital Signature, Non Repudiation, Key Encipherment 1294s X509v3 Extended Key Usage: 1294s TLS Web Client Authentication, E-mail Protection 1294s X509v3 Subject Alternative Name: 1294s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 1294s Signature Algorithm: sha256WithRSAEncryption 1294s Signature Value: 1294s a1:62:4e:f6:eb:1e:fa:fc:d9:71:a4:38:67:bf:ad:39:3c:9d: 1294s fd:dc:59:05:ae:ed:a0:cb:2f:3a:a7:91:2b:73:5b:30:a3:ac: 1294s 89:82:25:d6:83:35:94:b2:5b:23:8e:13:0f:49:fd:e2:e1:0f: 1294s a5:17:c9:84:6a:94:6c:dd:14:82:2c:18:10:c6:cb:e0:b4:2b: 1294s 1e:e2:95:d6:6a:1f:a1:df:45:fb:df:8a:57:e4:1f:d1:22:13: 1294s 36:db:d1:fa:8a:e4:af:1c:40:0d:c5:c4:a6:98:e3:1d:d6:1e: 1294s 90:d6:32:70:ec:15:5b:d6:e5:9a:53:67:af:76:58:58:67:07: 1294s ab:5e 1294s + openssl ca -passin pass:random-intermediate-CA-password-11844 -config /tmp/sssd-softhsm2-MrKnJX/test-intermediate-CA.config -batch -notext -keyfile /tmp/sssd-softhsm2-MrKnJX/test-intermediate-CA-key.pem -in /tmp/sssd-softhsm2-MrKnJX/test-intermediate-CA-trusted-certificate-0001-request.pem -days 365 -extensions usr_cert -out /tmp/sssd-softhsm2-MrKnJX/test-intermediate-CA-trusted-certificate-0001.pem 1295s Using configuration from /tmp/sssd-softhsm2-MrKnJX/test-intermediate-CA.config 1295s Check that the request matches the signature 1295s Signature ok 1295s Certificate Details: 1295s Serial Number: 4 (0x4) 1295s Validity 1295s Not Before: Mar 18 18:11:04 2024 GMT 1295s Not After : Mar 18 18:11:04 2025 GMT 1295s Subject: 1295s organizationName = Test Organization 1295s organizationalUnitName = Test Organization Unit 1295s commonName = Test Organization Intermediate Trusted Certificate 0001 1295s X509v3 extensions: 1295s X509v3 Authority Key Identifier: 1295s A1:B8:7A:33:3A:B7:3F:51:17:99:71:03:06:72:5B:9C:A7:CA:57:50 1295s X509v3 Basic Constraints: 1295s CA:FALSE 1295s Netscape Cert Type: 1295s SSL Client, S/MIME 1295s Netscape Comment: 1295s Test Organization Intermediate CA trusted Certificate 1295s X509v3 Subject Key Identifier: 1295s 4F:F4:18:7E:68:F1:73:90:A2:DF:29:59:5E:06:2D:B9:3B:A6:3A:5A 1295s X509v3 Key Usage: critical 1295s Digital Signature, Non Repudiation, Key Encipherment 1295s X509v3 Extended Key Usage: 1295s TLS Web Client Authentication, E-mail Protection 1295s X509v3 Subject Alternative Name: 1295s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 1295s Certificate is to be certified until Mar 18 18:11:04 2025 GMT (365 days) 1295s 1295s Write out database with 1 new entries 1295s Database updated 1295s + openssl x509 -noout -in /tmp/sssd-softhsm2-MrKnJX/test-intermediate-CA-trusted-certificate-0001.pem 1295s This certificate should not be trusted fully 1295s + echo 'This certificate should not be trusted fully' 1295s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-MrKnJX/test-intermediate-CA.pem /tmp/sssd-softhsm2-MrKnJX/test-intermediate-CA-trusted-certificate-0001.pem 1295s + local cmd=openssl 1295s + shift 1295s + openssl verify -CAfile /tmp/sssd-softhsm2-MrKnJX/test-intermediate-CA.pem /tmp/sssd-softhsm2-MrKnJX/test-intermediate-CA-trusted-certificate-0001.pem 1295s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 1295s error 2 at 1 depth lookup: unable to get issuer certificate 1295s error /tmp/sssd-softhsm2-MrKnJX/test-intermediate-CA-trusted-certificate-0001.pem: verification failed 1295s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-MrKnJX/test-intermediate-CA.pem /tmp/sssd-softhsm2-MrKnJX/test-intermediate-CA-trusted-certificate-0001.pem 1295s /tmp/sssd-softhsm2-MrKnJX/test-intermediate-CA-trusted-certificate-0001.pem: OK 1295s + cat 1295s + sub_intermediate_ca_trusted_cert_0001_key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-17036 1295s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-MrKnJX/test-sub-intermediate-CA-trusted-certificate-0001-key.pem -passout pass:random-sub-intermediate-ca-trusted-cert-0001-17036 1024 1295s + openssl req -new -nodes -reqexts req_exts -passin pass:random-sub-intermediate-ca-trusted-cert-0001-17036 -key /tmp/sssd-softhsm2-MrKnJX/test-sub-intermediate-CA-trusted-certificate-0001-key.pem -config /tmp/sssd-softhsm2-MrKnJX/test-sub-intermediate-CA-trusted-certificate-0001.config -out /tmp/sssd-softhsm2-MrKnJX/test-sub-intermediate-CA-trusted-certificate-0001-request.pem 1295s + openssl req -text -noout -in /tmp/sssd-softhsm2-MrKnJX/test-sub-intermediate-CA-trusted-certificate-0001-request.pem 1295s Certificate Request: 1295s Data: 1295s Version: 1 (0x0) 1295s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 1295s Subject Public Key Info: 1295s Public Key Algorithm: rsaEncryption 1295s Public-Key: (1024 bit) 1295s Modulus: 1295s 00:ae:e6:37:ff:36:95:de:20:89:68:7d:34:47:48: 1295s 08:b2:35:ab:af:7e:aa:e5:c7:f2:f2:57:7e:f2:2a: 1295s a6:9e:49:6e:c7:af:5c:a7:6d:a5:46:78:cd:6c:0d: 1295s 69:9c:10:16:aa:98:71:85:fc:29:4e:7c:62:eb:e1: 1295s 1e:6e:9b:0f:f5:44:df:75:5e:77:09:0d:d3:c4:b7: 1295s 98:c9:70:62:fd:19:f0:b1:a2:3e:b4:10:2d:48:17: 1295s 24:9d:cd:ed:14:9b:54:52:8a:7b:58:0c:89:a6:09: 1295s 8e:6c:cf:49:ef:68:2c:91:d8:9b:83:eb:73:71:81: 1295s 5d:e8:cb:35:ab:6e:1b:b1:ad 1295s Exponent: 65537 (0x10001) 1295s Attributes: 1295s Requested Extensions: 1295s X509v3 Basic Constraints: 1295s CA:FALSE 1295s Netscape Cert Type: 1295s SSL Client, S/MIME 1295s Netscape Comment: 1295s Test Organization Sub Intermediate CA trusted Certificate 1295s X509v3 Subject Key Identifier: 1295s 52:30:A4:83:AC:00:D0:D2:04:7F:47:03:9F:97:C7:58:35:D3:DB:A5 1295s X509v3 Key Usage: critical 1295s Digital Signature, Non Repudiation, Key Encipherment 1295s X509v3 Extended Key Usage: 1295s TLS Web Client Authentication, E-mail Protection 1295s X509v3 Subject Alternative Name: 1295s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 1295s Signature Algorithm: sha256WithRSAEncryption 1295s Signature Value: 1295s 57:ce:8d:c1:2e:31:39:5c:9b:b8:27:95:1e:5d:f1:55:b1:a4: 1295s f4:4e:88:c7:bb:6c:f2:51:60:db:0e:e0:e7:3b:f4:01:c1:37: 1295s dc:38:2d:8e:9e:fe:15:5f:3b:8c:7a:d3:15:91:bc:66:89:6f: 1295s df:07:5a:a0:13:cb:a3:e4:ae:d1:8e:0c:0e:14:e0:3d:cd:fa: 1295s 55:d4:39:42:39:15:8e:c1:ff:d5:ae:d1:6a:b9:a9:0f:19:aa: 1295s 6f:0f:31:2b:50:be:2c:d5:49:b4:6e:5e:ab:d9:73:16:cb:cb: 1295s 49:32:ee:3c:76:4d:14:da:cc:70:03:dc:32:d2:88:a2:ed:4c: 1295s 32:de 1295s + openssl ca -passin pass:random-sub-intermediate-CA-password-4753 -config /tmp/sssd-softhsm2-MrKnJX/test-sub-intermediate-CA.config -batch -notext -keyfile /tmp/sssd-softhsm2-MrKnJX/test-sub-intermediate-CA-key.pem -in /tmp/sssd-softhsm2-MrKnJX/test-sub-intermediate-CA-trusted-certificate-0001-request.pem -days 365 -extensions usr_cert -out /tmp/sssd-softhsm2-MrKnJX/test-sub-intermediate-CA-trusted-certificate-0001.pem 1295s Using configuration from /tmp/sssd-softhsm2-MrKnJX/test-sub-intermediate-CA.config 1295s Check that the request matches the signature 1295s Signature ok 1295s Certificate Details: 1295s Serial Number: 5 (0x5) 1295s Validity 1295s Not Before: Mar 18 18:11:05 2024 GMT 1295s Not After : Mar 18 18:11:05 2025 GMT 1295s Subject: 1295s organizationName = Test Organization 1295s organizationalUnitName = Test Organization Unit 1295s commonName = Test Organization Sub Intermediate Trusted Certificate 0001 1295s X509v3 extensions: 1295s X509v3 Authority Key Identifier: 1295s AF:47:73:AB:B1:CB:E0:E9:7E:D7:08:83:64:9C:A4:EC:70:13:49:F0 1295s X509v3 Basic Constraints: 1295s CA:FALSE 1295s Netscape Cert Type: 1295s SSL Client, S/MIME 1295s Netscape Comment: 1295s Test Organization Sub Intermediate CA trusted Certificate 1295s X509v3 Subject Key Identifier: 1295s 52:30:A4:83:AC:00:D0:D2:04:7F:47:03:9F:97:C7:58:35:D3:DB:A5 1295s X509v3 Key Usage: critical 1295s Digital Signature, Non Repudiation, Key Encipherment 1295s X509v3 Extended Key Usage: 1295s TLS Web Client Authentication, E-mail Protection 1295s X509v3 Subject Alternative Name: 1295s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 1295s Certificate is to be certified until Mar 18 18:11:05 2025 GMT (365 days) 1295s 1295s Write out database with 1 new entries 1295s Database updated 1295s + openssl x509 -noout -in /tmp/sssd-softhsm2-MrKnJX/test-sub-intermediate-CA-trusted-certificate-0001.pem 1295s + echo 'This certificate should not be trusted fully' 1295s This certificate should not be trusted fully 1295s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-MrKnJX/test-sub-intermediate-CA.pem /tmp/sssd-softhsm2-MrKnJX/test-sub-intermediate-CA-trusted-certificate-0001.pem 1295s + local cmd=openssl 1295s + shift 1295s + openssl verify -CAfile /tmp/sssd-softhsm2-MrKnJX/test-sub-intermediate-CA.pem /tmp/sssd-softhsm2-MrKnJX/test-sub-intermediate-CA-trusted-certificate-0001.pem 1295s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 1295s error 2 at 1 depth lookup: unable to get issuer certificate 1295s error /tmp/sssd-softhsm2-MrKnJX/test-sub-intermediate-CA-trusted-certificate-0001.pem: verification failed 1295s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-MrKnJX/test-intermediate-CA.pem /tmp/sssd-softhsm2-MrKnJX/test-sub-intermediate-CA-trusted-certificate-0001.pem 1295s + local cmd=openssl 1295s + shift 1295s + openssl verify -CAfile /tmp/sssd-softhsm2-MrKnJX/test-intermediate-CA.pem /tmp/sssd-softhsm2-MrKnJX/test-sub-intermediate-CA-trusted-certificate-0001.pem 1295s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 1295s error 20 at 0 depth lookup: unable to get local issuer certificate 1295s error /tmp/sssd-softhsm2-MrKnJX/test-sub-intermediate-CA-trusted-certificate-0001.pem: verification failed 1295s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-MrKnJX/test-sub-intermediate-CA.pem /tmp/sssd-softhsm2-MrKnJX/test-sub-intermediate-CA-trusted-certificate-0001.pem 1295s /tmp/sssd-softhsm2-MrKnJX/test-sub-intermediate-CA-trusted-certificate-0001.pem: OK 1295s + expect_fail openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-MrKnJX/test-intermediate-CA.pem /tmp/sssd-softhsm2-MrKnJX/test-sub-intermediate-CA-trusted-certificate-0001.pem 1295s + local cmd=openssl 1295s + shift 1295s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-MrKnJX/test-intermediate-CA.pem /tmp/sssd-softhsm2-MrKnJX/test-sub-intermediate-CA-trusted-certificate-0001.pem 1295s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 1295s error 20 at 0 depth lookup: unable to get local issuer certificate 1295s error /tmp/sssd-softhsm2-MrKnJX/test-sub-intermediate-CA-trusted-certificate-0001.pem: verification failed 1295s + echo 'Building a the full-chain CA file...' 1295s Building a the full-chain CA file... 1295s + cat /tmp/sssd-softhsm2-MrKnJX/test-root-CA.pem /tmp/sssd-softhsm2-MrKnJX/test-intermediate-CA.pem /tmp/sssd-softhsm2-MrKnJX/test-sub-intermediate-CA.pem 1295s + cat /tmp/sssd-softhsm2-MrKnJX/test-root-CA.pem /tmp/sssd-softhsm2-MrKnJX/test-intermediate-CA.pem 1295s + cat /tmp/sssd-softhsm2-MrKnJX/test-intermediate-CA.pem /tmp/sssd-softhsm2-MrKnJX/test-sub-intermediate-CA.pem 1295s + openssl crl2pkcs7 -nocrl -certfile /tmp/sssd-softhsm2-MrKnJX/test-full-chain-CA.pem 1295s + openssl pkcs7 -print_certs -noout 1295s subject=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 1295s issuer=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 1295s 1295s subject=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 1295s issuer=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 1295s 1295s subject=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 1295s issuer=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 1295s 1295s + openssl verify -CAfile /tmp/sssd-softhsm2-MrKnJX/test-full-chain-CA.pem /tmp/sssd-softhsm2-MrKnJX/test-intermediate-CA.pem 1295s /tmp/sssd-softhsm2-MrKnJX/test-intermediate-CA.pem: OK 1295s + openssl verify -CAfile /tmp/sssd-softhsm2-MrKnJX/test-full-chain-CA.pem /tmp/sssd-softhsm2-MrKnJX/test-root-CA-trusted-certificate-0001.pem 1295s /tmp/sssd-softhsm2-MrKnJX/test-root-CA-trusted-certificate-0001.pem: OK 1295s + openssl verify -CAfile /tmp/sssd-softhsm2-MrKnJX/test-full-chain-CA.pem /tmp/sssd-softhsm2-MrKnJX/test-intermediate-CA-trusted-certificate-0001.pem 1295s /tmp/sssd-softhsm2-MrKnJX/test-intermediate-CA-trusted-certificate-0001.pem: OK 1295s + openssl verify -CAfile /tmp/sssd-softhsm2-MrKnJX/test-full-chain-CA.pem /tmp/sssd-softhsm2-MrKnJX/test-root-intermediate-chain-CA.pem 1296s /tmp/sssd-softhsm2-MrKnJX/test-root-intermediate-chain-CA.pem: OK 1296s + openssl verify -CAfile /tmp/sssd-softhsm2-MrKnJX/test-full-chain-CA.pem /tmp/sssd-softhsm2-MrKnJX/test-sub-intermediate-CA-trusted-certificate-0001.pem 1296s /tmp/sssd-softhsm2-MrKnJX/test-sub-intermediate-CA-trusted-certificate-0001.pem: OK 1296s Certificates generation completed! 1296s + echo 'Certificates generation completed!' 1296s + [[ -v NO_SSSD_TESTS ]] 1296s + invalid_certificate /tmp/sssd-softhsm2-MrKnJX/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-779 /dev/null 1296s + check_certificate /tmp/sssd-softhsm2-MrKnJX/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-779 /dev/null 1296s + local certificate=/tmp/sssd-softhsm2-MrKnJX/test-root-CA-trusted-certificate-0001.pem 1296s + local key_pass=pass:random-root-ca-trusted-cert-0001-779 1296s + local key_ring=/dev/null 1296s + local verify_option= 1296s + prepare_softhsm2_card /tmp/sssd-softhsm2-MrKnJX/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-779 1296s + local certificate=/tmp/sssd-softhsm2-MrKnJX/test-root-CA-trusted-certificate-0001.pem 1296s + local key_pass=pass:random-root-ca-trusted-cert-0001-779 1296s + local key_cn 1296s + local key_name 1296s + local tokens_dir 1296s + local output_cert_file 1296s + token_name= 1296s ++ basename /tmp/sssd-softhsm2-MrKnJX/test-root-CA-trusted-certificate-0001.pem .pem 1296s + key_name=test-root-CA-trusted-certificate-0001 1296s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-MrKnJX/test-root-CA-trusted-certificate-0001.pem 1296s ++ sed -n 's/ *commonName *= //p' 1296s + key_cn='Test Organization Root Trusted Certificate 0001' 1296s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 1296s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-MrKnJX/softhsm2-test-root-CA-trusted-certificate-0001.conf 1296s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-MrKnJX/softhsm2-test-root-CA-trusted-certificate-0001.conf 1296s ++ basename /tmp/sssd-softhsm2-MrKnJX/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 1296s + tokens_dir=/tmp/sssd-softhsm2-MrKnJX/softhsm2-test-root-CA-trusted-certificate-0001 1296s + token_name='Test Organization Root Tr Token' 1296s + '[' '!' -e /tmp/sssd-softhsm2-MrKnJX/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 1296s + local key_file 1296s + local decrypted_key 1296s + mkdir -p /tmp/sssd-softhsm2-MrKnJX/softhsm2-test-root-CA-trusted-certificate-0001 1296s + key_file=/tmp/sssd-softhsm2-MrKnJX/test-root-CA-trusted-certificate-0001-key.pem 1296s + decrypted_key=/tmp/sssd-softhsm2-MrKnJX/test-root-CA-trusted-certificate-0001-key-decrypted.pem 1296s + cat 1296s + softhsm2-util --init-token --label 'Test Organization Root Tr Token' --pin 053350 --so-pin 053350 --free 1296s Slot 0 has a free/uninitialized token. 1296s The token has been initialized and is reassigned to slot 1420642618 1296s + softhsm2-util --show-slots 1296s Available slots: 1296s Slot 1420642618 1296s Slot info: 1296s Description: SoftHSM slot ID 0x54ad493a 1296s Manufacturer ID: SoftHSM project 1296s Hardware version: 2.6 1296s Firmware version: 2.6 1296s Token present: yes 1296s Token info: 1296s Manufacturer ID: SoftHSM project 1296s Model: SoftHSM v2 1296s Hardware version: 2.6 1296s Firmware version: 2.6 1296s Serial number: 2073fd1154ad493a 1296s Initialized: yes 1296s User PIN init.: yes 1296s Label: Test Organization Root Tr Token 1296s Slot 1 1296s Slot info: 1296s Description: SoftHSM slot ID 0x1 1296s Manufacturer ID: SoftHSM project 1296s Hardware version: 2.6 1296s Firmware version: 2.6 1296s Token present: yes 1296s Token info: 1296s Manufacturer ID: SoftHSM project 1296s Model: SoftHSM v2 1296s Hardware version: 2.6 1296s Firmware version: 2.6 1296s Serial number: 1296s Initialized: no 1296s User PIN init.: no 1296s Label: 1296s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=/tmp/sssd-softhsm2-MrKnJX/test-root-CA-trusted-certificate-0001.pem --login --set-pin=053350 --label 'Test Organization Root Trusted Certificate 0001' --id 00112233445566778899FFAABBCCDDEEFF012345 1296s + openssl rsa -passin pass:random-root-ca-trusted-cert-0001-779 -in /tmp/sssd-softhsm2-MrKnJX/test-root-CA-trusted-certificate-0001-key.pem -out /tmp/sssd-softhsm2-MrKnJX/test-root-CA-trusted-certificate-0001-key-decrypted.pem 1296s writing RSA key 1296s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --write --load-privkey=/tmp/sssd-softhsm2-MrKnJX/test-root-CA-trusted-certificate-0001-key-decrypted.pem --login --set-pin=053350 --label 'Test Organization Root Trusted Certificate 0001 Key' --id 00112233445566778899FFAABBCCDDEEFF012345 1297s + rm /tmp/sssd-softhsm2-MrKnJX/test-root-CA-trusted-certificate-0001-key-decrypted.pem 1297s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --list-all 1297s Object 0: 1297s URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=2073fd1154ad493a;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert 1297s Type: X.509 Certificate (RSA-1024) 1297s Expires: Tue Mar 18 18:11:04 2025 1297s Label: Test Organization Root Trusted Certificate 0001 1297s ID: 00:11:22:33:44:55:66:77:88:99:ff:aa:bb:cc:dd:ee:ff:01:23:45 1297s 1297s + echo 'Test Organization Root Tr Token' 1297s Test Organization Root Tr Token 1297s + '[' -n '' ']' 1297s + local output_base_name=SSSD-child-23280 1297s + local output_file=/tmp/sssd-softhsm2-MrKnJX/SSSD-child-23280.output 1297s + output_cert_file=/tmp/sssd-softhsm2-MrKnJX/SSSD-child-23280.pem 1297s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/dev/null 1297s [p11_child[2120]] [main] (0x0400): p11_child started. 1297s [p11_child[2120]] [main] (0x2000): Running in [pre-auth] mode. 1297s [p11_child[2120]] [main] (0x2000): Running with effective IDs: [0][0]. 1297s [p11_child[2120]] [main] (0x2000): Running with real IDs [0][0]. 1297s [p11_child[2120]] [init_verification] (0x0040): X509_LOOKUP_load_file [/dev/null] failed [92274824][error:05800088:x509 certificate routines::no certificate or crl found]. 1297s [p11_child[2120]] [do_work] (0x0040): init_verification failed. 1297s [p11_child[2120]] [main] (0x0020): p11_child failed (5) 1297s + return 2 1297s + valid_certificate /tmp/sssd-softhsm2-MrKnJX/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-779 /dev/null no_verification 1297s + check_certificate /tmp/sssd-softhsm2-MrKnJX/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-779 /dev/null no_verification 1297s + local certificate=/tmp/sssd-softhsm2-MrKnJX/test-root-CA-trusted-certificate-0001.pem 1297s + local key_pass=pass:random-root-ca-trusted-cert-0001-779 1297s + local key_ring=/dev/null 1297s + local verify_option=no_verification 1297s + prepare_softhsm2_card /tmp/sssd-softhsm2-MrKnJX/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-779 1297s + local certificate=/tmp/sssd-softhsm2-MrKnJX/test-root-CA-trusted-certificate-0001.pem 1297s + local key_pass=pass:random-root-ca-trusted-cert-0001-779 1297s + local key_cn 1297s + local key_name 1297s + local tokens_dir 1297s + local output_cert_file 1297s + token_name= 1297s ++ basename /tmp/sssd-softhsm2-MrKnJX/test-root-CA-trusted-certificate-0001.pem .pem 1297s + key_name=test-root-CA-trusted-certificate-0001 1297s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-MrKnJX/test-root-CA-trusted-certificate-0001.pem 1297s ++ sed -n 's/ *commonName *= //p' 1297s + key_cn='Test Organization Root Trusted Certificate 0001' 1297s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 1297s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-MrKnJX/softhsm2-test-root-CA-trusted-certificate-0001.conf 1297s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-MrKnJX/softhsm2-test-root-CA-trusted-certificate-0001.conf 1297s ++ basename /tmp/sssd-softhsm2-MrKnJX/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 1297s + tokens_dir=/tmp/sssd-softhsm2-MrKnJX/softhsm2-test-root-CA-trusted-certificate-0001 1297s Test Organization Root Tr Token 1297s + token_name='Test Organization Root Tr Token' 1297s + '[' '!' -e /tmp/sssd-softhsm2-MrKnJX/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 1297s + '[' '!' -d /tmp/sssd-softhsm2-MrKnJX/softhsm2-test-root-CA-trusted-certificate-0001 ']' 1297s + echo 'Test Organization Root Tr Token' 1297s + '[' -n no_verification ']' 1297s + local verify_arg=--verify=no_verification 1297s + local output_base_name=SSSD-child-31835 1297s + local output_file=/tmp/sssd-softhsm2-MrKnJX/SSSD-child-31835.output 1297s + output_cert_file=/tmp/sssd-softhsm2-MrKnJX/SSSD-child-31835.pem 1297s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --verify=no_verification --ca_db=/dev/null 1297s [p11_child[2126]] [main] (0x0400): p11_child started. 1297s [p11_child[2126]] [main] (0x2000): Running in [pre-auth] mode. 1297s [p11_child[2126]] [main] (0x2000): Running with effective IDs: [0][0]. 1297s [p11_child[2126]] [main] (0x2000): Running with real IDs [0][0]. 1297s [p11_child[2126]] [parse_cert_verify_opts] (0x0020): Found 'no_verification' option, disabling verification completely. This should not be used in production. 1297s [p11_child[2126]] [do_card] (0x4000): Module List: 1297s [p11_child[2126]] [do_card] (0x4000): common name: [softhsm2]. 1297s [p11_child[2126]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 1297s [p11_child[2126]] [do_card] (0x4000): Description [SoftHSM slot ID 0x54ad493a] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 1297s [p11_child[2126]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 1297s [p11_child[2126]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x54ad493a][1420642618] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 1297s [p11_child[2126]] [do_card] (0x4000): Login NOT required. 1297s [p11_child[2126]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 1297s [p11_child[2126]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Root Tr Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 1297s [p11_child[2126]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x54ad493a;slot-manufacturer=SoftHSM%20project;slot-id=1420642618;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=2073fd1154ad493a;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 1297s [p11_child[2126]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 1297s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-MrKnJX/SSSD-child-31835.output 1297s + echo '-----BEGIN CERTIFICATE-----' 1297s + tail -n1 /tmp/sssd-softhsm2-MrKnJX/SSSD-child-31835.output 1297s + echo '-----END CERTIFICATE-----' 1297s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-MrKnJX/SSSD-child-31835.pem 1297s Certificate: 1297s Data: 1297s Version: 3 (0x2) 1297s Serial Number: 3 (0x3) 1297s Signature Algorithm: sha256WithRSAEncryption 1297s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 1297s Validity 1297s Not Before: Mar 18 18:11:04 2024 GMT 1297s Not After : Mar 18 18:11:04 2025 GMT 1297s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 1297s Subject Public Key Info: 1297s Public Key Algorithm: rsaEncryption 1297s Public-Key: (1024 bit) 1297s Modulus: 1297s 00:c5:62:c5:32:31:5d:c3:ff:b0:21:d2:03:b8:fa: 1297s 19:4b:bd:0c:06:75:4e:e7:7d:24:53:bb:d6:af:61: 1297s 33:17:96:51:b7:26:ef:de:11:41:38:6b:df:53:6e: 1297s f2:59:31:2b:f7:35:3f:bc:1b:1f:ae:29:42:7c:b4: 1297s 53:88:24:2c:65:90:cf:33:e0:be:d6:78:a8:b3:7d: 1297s ca:03:e7:e0:fe:47:d9:2f:c9:74:5c:88:26:07:8c: 1297s bf:ee:e2:72:e9:07:31:f7:71:d6:74:89:75:0e:6b: 1297s 8a:58:81:4c:80:7e:83:b5:97:33:ba:37:4b:51:0f: 1297s 14:47:e0:29:6c:45:54:3c:6b 1297s Exponent: 65537 (0x10001) 1297s X509v3 extensions: 1297s X509v3 Authority Key Identifier: 1297s DE:81:23:6D:61:38:74:A5:33:A9:F2:A7:5D:C8:65:B1:B5:31:91:1E 1297s X509v3 Basic Constraints: 1297s CA:FALSE 1297s Netscape Cert Type: 1297s SSL Client, S/MIME 1297s Netscape Comment: 1297s Test Organization Root CA trusted Certificate 1297s X509v3 Subject Key Identifier: 1297s C1:F2:58:4E:08:1E:A2:EA:7C:5F:97:D1:F7:B8:0D:A1:35:FA:60:21 1297s X509v3 Key Usage: critical 1297s Digital Signature, Non Repudiation, Key Encipherment 1297s X509v3 Extended Key Usage: 1297s TLS Web Client Authentication, E-mail Protection 1297s X509v3 Subject Alternative Name: 1297s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 1297s Signature Algorithm: sha256WithRSAEncryption 1297s Signature Value: 1297s 64:92:98:75:6b:71:a6:d5:44:7d:4b:3c:df:48:de:8c:dc:1a: 1297s 5c:fd:96:5e:51:c7:5a:a5:82:22:ab:06:c2:4a:4d:17:16:71: 1297s 18:1e:6c:19:d8:68:a3:c0:54:a3:96:fa:32:fa:ad:21:50:76: 1297s c7:9b:7c:8a:a9:a2:17:61:c6:02:6d:55:f5:db:7d:54:24:e7: 1297s cb:01:d6:55:53:ae:6c:af:6d:b5:2b:12:08:fa:a2:08:44:99: 1297s d8:eb:f3:30:eb:32:c3:34:8b:07:5f:03:f3:83:b3:ae:a6:8f: 1297s 77:96:e0:6c:82:6b:cb:fd:79:21:ea:ba:ff:f8:da:59:fb:44: 1297s 47:82 1297s + local found_md5 expected_md5 1298s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-MrKnJX/test-root-CA-trusted-certificate-0001.pem 1298s + expected_md5=Modulus=C562C532315DC3FFB021D203B8FA194BBD0C06754EE77D2453BBD6AF6133179651B726EFDE1141386BDF536EF259312BF7353FBC1B1FAE29427CB45388242C6590CF33E0BED678A8B37DCA03E7E0FE47D92FC9745C8826078CBFEEE272E90731F771D67489750E6B8A58814C807E83B59733BA374B510F1447E0296C45543C6B 1298s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-MrKnJX/SSSD-child-31835.pem 1299s + found_md5=Modulus=C562C532315DC3FFB021D203B8FA194BBD0C06754EE77D2453BBD6AF6133179651B726EFDE1141386BDF536EF259312BF7353FBC1B1FAE29427CB45388242C6590CF33E0BED678A8B37DCA03E7E0FE47D92FC9745C8826078CBFEEE272E90731F771D67489750E6B8A58814C807E83B59733BA374B510F1447E0296C45543C6B 1299s + '[' Modulus=C562C532315DC3FFB021D203B8FA194BBD0C06754EE77D2453BBD6AF6133179651B726EFDE1141386BDF536EF259312BF7353FBC1B1FAE29427CB45388242C6590CF33E0BED678A8B37DCA03E7E0FE47D92FC9745C8826078CBFEEE272E90731F771D67489750E6B8A58814C807E83B59733BA374B510F1447E0296C45543C6B '!=' Modulus=C562C532315DC3FFB021D203B8FA194BBD0C06754EE77D2453BBD6AF6133179651B726EFDE1141386BDF536EF259312BF7353FBC1B1FAE29427CB45388242C6590CF33E0BED678A8B37DCA03E7E0FE47D92FC9745C8826078CBFEEE272E90731F771D67489750E6B8A58814C807E83B59733BA374B510F1447E0296C45543C6B ']' 1299s + output_file=/tmp/sssd-softhsm2-MrKnJX/SSSD-child-31835-auth.output 1299s ++ basename /tmp/sssd-softhsm2-MrKnJX/SSSD-child-31835-auth.output .output 1299s + output_cert_file=/tmp/sssd-softhsm2-MrKnJX/SSSD-child-31835-auth.pem 1299s + echo -n 053350 1299s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/dev/null --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=no_verification --token_name 'Test Organization Root Tr Token' --module_name /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so 1299s [p11_child[2134]] [main] (0x0400): p11_child started. 1299s [p11_child[2134]] [main] (0x2000): Running in [auth] mode. 1299s [p11_child[2134]] [main] (0x2000): Running with effective IDs: [0][0]. 1299s [p11_child[2134]] [main] (0x2000): Running with real IDs [0][0]. 1299s [p11_child[2134]] [parse_cert_verify_opts] (0x0020): Found 'no_verification' option, disabling verification completely. This should not be used in production. 1299s [p11_child[2134]] [do_card] (0x4000): Module List: 1299s [p11_child[2134]] [do_card] (0x4000): common name: [softhsm2]. 1299s [p11_child[2134]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 1299s [p11_child[2134]] [do_card] (0x4000): Description [SoftHSM slot ID 0x54ad493a] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 1299s [p11_child[2134]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 1299s [p11_child[2134]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x54ad493a][1420642618] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 1299s [p11_child[2134]] [do_card] (0x4000): Login required. 1299s [p11_child[2134]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 1299s [p11_child[2134]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so Test Organization Root Tr Token Test Organization Root Tr Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 1299s [p11_child[2134]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x54ad493a;slot-manufacturer=SoftHSM%20project;slot-id=1420642618;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=2073fd1154ad493a;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 1299s [p11_child[2134]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 1299s [p11_child[2134]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 1299s [p11_child[2134]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 1299s [p11_child[2134]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 1299s [p11_child[2134]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 1299s [p11_child[2134]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 1299s [p11_child[2134]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 1299s [p11_child[2134]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 1299s [p11_child[2134]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 1299s [p11_child[2134]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 1299s [p11_child[2134]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 1299s [p11_child[2134]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 1299s [p11_child[2134]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 1299s [p11_child[2134]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 1299s [p11_child[2134]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 1299s [p11_child[2134]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 1299s [p11_child[2134]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 1299s [p11_child[2134]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 1299s [p11_child[2134]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 1299s [p11_child[2134]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 1299s [p11_child[2134]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 1299s [p11_child[2134]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 1299s [p11_child[2134]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 1299s [p11_child[2134]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 1299s [p11_child[2134]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 1299s [p11_child[2134]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 1299s [p11_child[2134]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 1299s [p11_child[2134]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 1299s [p11_child[2134]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 1299s [p11_child[2134]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 1299s [p11_child[2134]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 1299s [p11_child[2134]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 1299s [p11_child[2134]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 1299s [p11_child[2134]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 1299s [p11_child[2134]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 1299s [p11_child[2134]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 1299s [p11_child[2134]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 1299s [p11_child[2134]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 1299s [p11_child[2134]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 1299s [p11_child[2134]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 1299s [p11_child[2134]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 1299s [p11_child[2134]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 1299s [p11_child[2134]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 1299s [p11_child[2134]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 1299s [p11_child[2134]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 1299s [p11_child[2134]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 1299s [p11_child[2134]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 1299s [p11_child[2134]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 1299s [p11_child[2134]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 1299s [p11_child[2134]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 1299s [p11_child[2134]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 1299s [p11_child[2134]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 1299s [p11_child[2134]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 1299s [p11_child[2134]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 1299s [p11_child[2134]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 1299s [p11_child[2134]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 1299s [p11_child[2134]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 1299s [p11_child[2134]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 1299s [p11_child[2134]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 1299s [p11_child[2134]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 1299s [p11_child[2134]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 1299s [p11_child[2134]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 1299s [p11_child[2134]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 1299s [p11_child[2134]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 1299s [p11_child[2134]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 1299s [p11_child[2134]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 1299s [p11_child[2134]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 1299s [p11_child[2134]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 1299s [p11_child[2134]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 1299s [p11_child[2134]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 1299s [p11_child[2134]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 1299s [p11_child[2134]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 1299s [p11_child[2134]] [do_card] (0x4000): Certificate verified and validated. 1299s [p11_child[2134]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 1299s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-MrKnJX/SSSD-child-31835-auth.output 1299s + echo '-----BEGIN CERTIFICATE-----' 1299s + tail -n1 /tmp/sssd-softhsm2-MrKnJX/SSSD-child-31835-auth.output 1299s + echo '-----END CERTIFICATE-----' 1299s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-MrKnJX/SSSD-child-31835-auth.pem 1299s Certificate: 1299s Data: 1299s Version: 3 (0x2) 1299s Serial Number: 3 (0x3) 1299s Signature Algorithm: sha256WithRSAEncryption 1299s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 1299s Validity 1299s Not Before: Mar 18 18:11:04 2024 GMT 1299s Not After : Mar 18 18:11:04 2025 GMT 1299s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 1299s Subject Public Key Info: 1299s Public Key Algorithm: rsaEncryption 1299s Public-Key: (1024 bit) 1299s Modulus: 1299s 00:c5:62:c5:32:31:5d:c3:ff:b0:21:d2:03:b8:fa: 1299s 19:4b:bd:0c:06:75:4e:e7:7d:24:53:bb:d6:af:61: 1299s 33:17:96:51:b7:26:ef:de:11:41:38:6b:df:53:6e: 1299s f2:59:31:2b:f7:35:3f:bc:1b:1f:ae:29:42:7c:b4: 1299s 53:88:24:2c:65:90:cf:33:e0:be:d6:78:a8:b3:7d: 1299s ca:03:e7:e0:fe:47:d9:2f:c9:74:5c:88:26:07:8c: 1299s bf:ee:e2:72:e9:07:31:f7:71:d6:74:89:75:0e:6b: 1299s 8a:58:81:4c:80:7e:83:b5:97:33:ba:37:4b:51:0f: 1299s 14:47:e0:29:6c:45:54:3c:6b 1299s Exponent: 65537 (0x10001) 1299s X509v3 extensions: 1299s X509v3 Authority Key Identifier: 1299s DE:81:23:6D:61:38:74:A5:33:A9:F2:A7:5D:C8:65:B1:B5:31:91:1E 1299s X509v3 Basic Constraints: 1299s CA:FALSE 1299s Netscape Cert Type: 1299s SSL Client, S/MIME 1299s Netscape Comment: 1299s Test Organization Root CA trusted Certificate 1299s X509v3 Subject Key Identifier: 1299s C1:F2:58:4E:08:1E:A2:EA:7C:5F:97:D1:F7:B8:0D:A1:35:FA:60:21 1299s X509v3 Key Usage: critical 1299s Digital Signature, Non Repudiation, Key Encipherment 1299s X509v3 Extended Key Usage: 1299s TLS Web Client Authentication, E-mail Protection 1299s X509v3 Subject Alternative Name: 1299s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 1299s Signature Algorithm: sha256WithRSAEncryption 1299s Signature Value: 1299s 64:92:98:75:6b:71:a6:d5:44:7d:4b:3c:df:48:de:8c:dc:1a: 1299s 5c:fd:96:5e:51:c7:5a:a5:82:22:ab:06:c2:4a:4d:17:16:71: 1299s 18:1e:6c:19:d8:68:a3:c0:54:a3:96:fa:32:fa:ad:21:50:76: 1299s c7:9b:7c:8a:a9:a2:17:61:c6:02:6d:55:f5:db:7d:54:24:e7: 1299s cb:01:d6:55:53:ae:6c:af:6d:b5:2b:12:08:fa:a2:08:44:99: 1299s d8:eb:f3:30:eb:32:c3:34:8b:07:5f:03:f3:83:b3:ae:a6:8f: 1299s 77:96:e0:6c:82:6b:cb:fd:79:21:ea:ba:ff:f8:da:59:fb:44: 1299s 47:82 1299s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-MrKnJX/SSSD-child-31835-auth.pem 1299s + found_md5=Modulus=C562C532315DC3FFB021D203B8FA194BBD0C06754EE77D2453BBD6AF6133179651B726EFDE1141386BDF536EF259312BF7353FBC1B1FAE29427CB45388242C6590CF33E0BED678A8B37DCA03E7E0FE47D92FC9745C8826078CBFEEE272E90731F771D67489750E6B8A58814C807E83B59733BA374B510F1447E0296C45543C6B 1299s + '[' Modulus=C562C532315DC3FFB021D203B8FA194BBD0C06754EE77D2453BBD6AF6133179651B726EFDE1141386BDF536EF259312BF7353FBC1B1FAE29427CB45388242C6590CF33E0BED678A8B37DCA03E7E0FE47D92FC9745C8826078CBFEEE272E90731F771D67489750E6B8A58814C807E83B59733BA374B510F1447E0296C45543C6B '!=' Modulus=C562C532315DC3FFB021D203B8FA194BBD0C06754EE77D2453BBD6AF6133179651B726EFDE1141386BDF536EF259312BF7353FBC1B1FAE29427CB45388242C6590CF33E0BED678A8B37DCA03E7E0FE47D92FC9745C8826078CBFEEE272E90731F771D67489750E6B8A58814C807E83B59733BA374B510F1447E0296C45543C6B ']' 1299s + valid_certificate /tmp/sssd-softhsm2-MrKnJX/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-779 /tmp/sssd-softhsm2-MrKnJX/test-root-CA.pem 1299s + check_certificate /tmp/sssd-softhsm2-MrKnJX/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-779 /tmp/sssd-softhsm2-MrKnJX/test-root-CA.pem 1299s + local certificate=/tmp/sssd-softhsm2-MrKnJX/test-root-CA-trusted-certificate-0001.pem 1299s + local key_pass=pass:random-root-ca-trusted-cert-0001-779 1299s + local key_ring=/tmp/sssd-softhsm2-MrKnJX/test-root-CA.pem 1299s + local verify_option= 1299s + prepare_softhsm2_card /tmp/sssd-softhsm2-MrKnJX/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-779 1299s + local certificate=/tmp/sssd-softhsm2-MrKnJX/test-root-CA-trusted-certificate-0001.pem 1299s + local key_pass=pass:random-root-ca-trusted-cert-0001-779 1299s + local key_cn 1299s + local key_name 1299s + local tokens_dir 1299s + local output_cert_file 1299s + token_name= 1299s ++ basename /tmp/sssd-softhsm2-MrKnJX/test-root-CA-trusted-certificate-0001.pem .pem 1299s + key_name=test-root-CA-trusted-certificate-0001 1299s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-MrKnJX/test-root-CA-trusted-certificate-0001.pem 1299s ++ sed -n 's/ *commonName *= //p' 1300s + key_cn='Test Organization Root Trusted Certificate 0001' 1300s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 1300s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-MrKnJX/softhsm2-test-root-CA-trusted-certificate-0001.conf 1300s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-MrKnJX/softhsm2-test-root-CA-trusted-certificate-0001.conf 1300s ++ basename /tmp/sssd-softhsm2-MrKnJX/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 1300s + tokens_dir=/tmp/sssd-softhsm2-MrKnJX/softhsm2-test-root-CA-trusted-certificate-0001 1300s Test Organization Root Tr Token 1300s + token_name='Test Organization Root Tr Token' 1300s + '[' '!' -e /tmp/sssd-softhsm2-MrKnJX/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 1300s + '[' '!' -d /tmp/sssd-softhsm2-MrKnJX/softhsm2-test-root-CA-trusted-certificate-0001 ']' 1300s + echo 'Test Organization Root Tr Token' 1300s + '[' -n '' ']' 1300s + local output_base_name=SSSD-child-700 1300s + local output_file=/tmp/sssd-softhsm2-MrKnJX/SSSD-child-700.output 1300s + output_cert_file=/tmp/sssd-softhsm2-MrKnJX/SSSD-child-700.pem 1300s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-MrKnJX/test-root-CA.pem 1300s [p11_child[2144]] [main] (0x0400): p11_child started. 1300s [p11_child[2144]] [main] (0x2000): Running in [pre-auth] mode. 1300s [p11_child[2144]] [main] (0x2000): Running with effective IDs: [0][0]. 1300s [p11_child[2144]] [main] (0x2000): Running with real IDs [0][0]. 1300s [p11_child[2144]] [do_card] (0x4000): Module List: 1300s [p11_child[2144]] [do_card] (0x4000): common name: [softhsm2]. 1300s [p11_child[2144]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 1300s [p11_child[2144]] [do_card] (0x4000): Description [SoftHSM slot ID 0x54ad493a] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 1300s [p11_child[2144]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 1300s [p11_child[2144]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x54ad493a][1420642618] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 1300s [p11_child[2144]] [do_card] (0x4000): Login NOT required. 1300s [p11_child[2144]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 1300s [p11_child[2144]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 1300s [p11_child[2144]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Root Tr Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 1300s [p11_child[2144]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x54ad493a;slot-manufacturer=SoftHSM%20project;slot-id=1420642618;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=2073fd1154ad493a;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 1300s [p11_child[2144]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 1300s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-MrKnJX/SSSD-child-700.output 1300s + echo '-----BEGIN CERTIFICATE-----' 1300s + tail -n1 /tmp/sssd-softhsm2-MrKnJX/SSSD-child-700.output 1300s + echo '-----END CERTIFICATE-----' 1300s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-MrKnJX/SSSD-child-700.pem 1300s Certificate: 1300s Data: 1300s Version: 3 (0x2) 1300s Serial Number: 3 (0x3) 1300s Signature Algorithm: sha256WithRSAEncryption 1300s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 1300s Validity 1300s Not Before: Mar 18 18:11:04 2024 GMT 1300s Not After : Mar 18 18:11:04 2025 GMT 1300s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 1300s Subject Public Key Info: 1300s Public Key Algorithm: rsaEncryption 1300s Public-Key: (1024 bit) 1300s Modulus: 1300s 00:c5:62:c5:32:31:5d:c3:ff:b0:21:d2:03:b8:fa: 1300s 19:4b:bd:0c:06:75:4e:e7:7d:24:53:bb:d6:af:61: 1300s 33:17:96:51:b7:26:ef:de:11:41:38:6b:df:53:6e: 1300s f2:59:31:2b:f7:35:3f:bc:1b:1f:ae:29:42:7c:b4: 1300s 53:88:24:2c:65:90:cf:33:e0:be:d6:78:a8:b3:7d: 1300s ca:03:e7:e0:fe:47:d9:2f:c9:74:5c:88:26:07:8c: 1300s bf:ee:e2:72:e9:07:31:f7:71:d6:74:89:75:0e:6b: 1300s 8a:58:81:4c:80:7e:83:b5:97:33:ba:37:4b:51:0f: 1300s 14:47:e0:29:6c:45:54:3c:6b 1300s Exponent: 65537 (0x10001) 1300s X509v3 extensions: 1300s X509v3 Authority Key Identifier: 1300s DE:81:23:6D:61:38:74:A5:33:A9:F2:A7:5D:C8:65:B1:B5:31:91:1E 1300s X509v3 Basic Constraints: 1300s CA:FALSE 1300s Netscape Cert Type: 1300s SSL Client, S/MIME 1300s Netscape Comment: 1300s Test Organization Root CA trusted Certificate 1300s X509v3 Subject Key Identifier: 1300s C1:F2:58:4E:08:1E:A2:EA:7C:5F:97:D1:F7:B8:0D:A1:35:FA:60:21 1300s X509v3 Key Usage: critical 1300s Digital Signature, Non Repudiation, Key Encipherment 1300s X509v3 Extended Key Usage: 1300s TLS Web Client Authentication, E-mail Protection 1300s X509v3 Subject Alternative Name: 1300s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 1300s Signature Algorithm: sha256WithRSAEncryption 1300s Signature Value: 1300s 64:92:98:75:6b:71:a6:d5:44:7d:4b:3c:df:48:de:8c:dc:1a: 1300s 5c:fd:96:5e:51:c7:5a:a5:82:22:ab:06:c2:4a:4d:17:16:71: 1300s 18:1e:6c:19:d8:68:a3:c0:54:a3:96:fa:32:fa:ad:21:50:76: 1300s c7:9b:7c:8a:a9:a2:17:61:c6:02:6d:55:f5:db:7d:54:24:e7: 1300s cb:01:d6:55:53:ae:6c:af:6d:b5:2b:12:08:fa:a2:08:44:99: 1300s d8:eb:f3:30:eb:32:c3:34:8b:07:5f:03:f3:83:b3:ae:a6:8f: 1300s 77:96:e0:6c:82:6b:cb:fd:79:21:ea:ba:ff:f8:da:59:fb:44: 1300s 47:82 1300s + local found_md5 expected_md5 1300s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-MrKnJX/test-root-CA-trusted-certificate-0001.pem 1300s + expected_md5=Modulus=C562C532315DC3FFB021D203B8FA194BBD0C06754EE77D2453BBD6AF6133179651B726EFDE1141386BDF536EF259312BF7353FBC1B1FAE29427CB45388242C6590CF33E0BED678A8B37DCA03E7E0FE47D92FC9745C8826078CBFEEE272E90731F771D67489750E6B8A58814C807E83B59733BA374B510F1447E0296C45543C6B 1300s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-MrKnJX/SSSD-child-700.pem 1301s + found_md5=Modulus=C562C532315DC3FFB021D203B8FA194BBD0C06754EE77D2453BBD6AF6133179651B726EFDE1141386BDF536EF259312BF7353FBC1B1FAE29427CB45388242C6590CF33E0BED678A8B37DCA03E7E0FE47D92FC9745C8826078CBFEEE272E90731F771D67489750E6B8A58814C807E83B59733BA374B510F1447E0296C45543C6B 1301s + '[' Modulus=C562C532315DC3FFB021D203B8FA194BBD0C06754EE77D2453BBD6AF6133179651B726EFDE1141386BDF536EF259312BF7353FBC1B1FAE29427CB45388242C6590CF33E0BED678A8B37DCA03E7E0FE47D92FC9745C8826078CBFEEE272E90731F771D67489750E6B8A58814C807E83B59733BA374B510F1447E0296C45543C6B '!=' Modulus=C562C532315DC3FFB021D203B8FA194BBD0C06754EE77D2453BBD6AF6133179651B726EFDE1141386BDF536EF259312BF7353FBC1B1FAE29427CB45388242C6590CF33E0BED678A8B37DCA03E7E0FE47D92FC9745C8826078CBFEEE272E90731F771D67489750E6B8A58814C807E83B59733BA374B510F1447E0296C45543C6B ']' 1301s + output_file=/tmp/sssd-softhsm2-MrKnJX/SSSD-child-700-auth.output 1301s ++ basename /tmp/sssd-softhsm2-MrKnJX/SSSD-child-700-auth.output .output 1301s + output_cert_file=/tmp/sssd-softhsm2-MrKnJX/SSSD-child-700-auth.pem 1301s + echo -n 053350 1301s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-MrKnJX/test-root-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 '' --token_name 'Test Organization Root Tr Token' --module_name /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so 1301s [p11_child[2152]] [main] (0x0400): p11_child started. 1301s [p11_child[2152]] [main] (0x2000): Running in [auth] mode. 1301s [p11_child[2152]] [main] (0x2000): Running with effective IDs: [0][0]. 1301s [p11_child[2152]] [main] (0x2000): Running with real IDs [0][0]. 1301s [p11_child[2152]] [do_card] (0x4000): Module List: 1301s [p11_child[2152]] [do_card] (0x4000): common name: [softhsm2]. 1301s [p11_child[2152]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 1301s [p11_child[2152]] [do_card] (0x4000): Description [SoftHSM slot ID 0x54ad493a] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 1301s [p11_child[2152]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 1301s [p11_child[2152]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x54ad493a][1420642618] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 1301s [p11_child[2152]] [do_card] (0x4000): Login required. 1301s [p11_child[2152]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 1301s [p11_child[2152]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 1301s [p11_child[2152]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so Test Organization Root Tr Token Test Organization Root Tr Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 1301s [p11_child[2152]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x54ad493a;slot-manufacturer=SoftHSM%20project;slot-id=1420642618;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=2073fd1154ad493a;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 1301s [p11_child[2152]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 1301s [p11_child[2152]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 1301s [p11_child[2152]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 1301s [p11_child[2152]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 1301s [p11_child[2152]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 1301s [p11_child[2152]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 1301s [p11_child[2152]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 1301s [p11_child[2152]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 1301s [p11_child[2152]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 1301s [p11_child[2152]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 1301s [p11_child[2152]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 1301s [p11_child[2152]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 1301s [p11_child[2152]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 1301s [p11_child[2152]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 1301s [p11_child[2152]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 1301s [p11_child[2152]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 1301s [p11_child[2152]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 1301s [p11_child[2152]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 1301s [p11_child[2152]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 1301s [p11_child[2152]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 1301s [p11_child[2152]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 1301s [p11_child[2152]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 1301s [p11_child[2152]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 1301s [p11_child[2152]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 1301s [p11_child[2152]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 1301s [p11_child[2152]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 1301s [p11_child[2152]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 1301s [p11_child[2152]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 1301s [p11_child[2152]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 1301s [p11_child[2152]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 1301s [p11_child[2152]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 1301s [p11_child[2152]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 1301s [p11_child[2152]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 1301s [p11_child[2152]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 1301s [p11_child[2152]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 1301s [p11_child[2152]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 1301s [p11_child[2152]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 1301s [p11_child[2152]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 1301s [p11_child[2152]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 1301s [p11_child[2152]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 1301s [p11_child[2152]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 1301s [p11_child[2152]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 1301s [p11_child[2152]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 1301s [p11_child[2152]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 1301s [p11_child[2152]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 1301s [p11_child[2152]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 1301s [p11_child[2152]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 1301s [p11_child[2152]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 1301s [p11_child[2152]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 1301s [p11_child[2152]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 1301s [p11_child[2152]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 1301s [p11_child[2152]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 1301s [p11_child[2152]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 1301s [p11_child[2152]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 1301s [p11_child[2152]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 1301s [p11_child[2152]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 1301s [p11_child[2152]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 1301s [p11_child[2152]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 1301s [p11_child[2152]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 1301s [p11_child[2152]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 1301s [p11_child[2152]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 1301s [p11_child[2152]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 1301s [p11_child[2152]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 1301s [p11_child[2152]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 1301s [p11_child[2152]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 1301s [p11_child[2152]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 1301s [p11_child[2152]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 1301s [p11_child[2152]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 1301s [p11_child[2152]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 1301s [p11_child[2152]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 1301s [p11_child[2152]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 1301s [p11_child[2152]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 1301s [p11_child[2152]] [do_card] (0x4000): Certificate verified and validated. 1301s [p11_child[2152]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 1301s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-MrKnJX/SSSD-child-700-auth.output 1301s + echo '-----BEGIN CERTIFICATE-----' 1301s + tail -n1 /tmp/sssd-softhsm2-MrKnJX/SSSD-child-700-auth.output 1301s + echo '-----END CERTIFICATE-----' 1301s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-MrKnJX/SSSD-child-700-auth.pem 1301s Certificate: 1301s Data: 1301s Version: 3 (0x2) 1301s Serial Number: 3 (0x3) 1301s Signature Algorithm: sha256WithRSAEncryption 1301s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 1301s Validity 1301s Not Before: Mar 18 18:11:04 2024 GMT 1301s Not After : Mar 18 18:11:04 2025 GMT 1301s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 1301s Subject Public Key Info: 1301s Public Key Algorithm: rsaEncryption 1301s Public-Key: (1024 bit) 1301s Modulus: 1301s 00:c5:62:c5:32:31:5d:c3:ff:b0:21:d2:03:b8:fa: 1301s 19:4b:bd:0c:06:75:4e:e7:7d:24:53:bb:d6:af:61: 1301s 33:17:96:51:b7:26:ef:de:11:41:38:6b:df:53:6e: 1301s f2:59:31:2b:f7:35:3f:bc:1b:1f:ae:29:42:7c:b4: 1301s 53:88:24:2c:65:90:cf:33:e0:be:d6:78:a8:b3:7d: 1301s ca:03:e7:e0:fe:47:d9:2f:c9:74:5c:88:26:07:8c: 1301s bf:ee:e2:72:e9:07:31:f7:71:d6:74:89:75:0e:6b: 1301s 8a:58:81:4c:80:7e:83:b5:97:33:ba:37:4b:51:0f: 1301s 14:47:e0:29:6c:45:54:3c:6b 1301s Exponent: 65537 (0x10001) 1301s X509v3 extensions: 1301s X509v3 Authority Key Identifier: 1301s DE:81:23:6D:61:38:74:A5:33:A9:F2:A7:5D:C8:65:B1:B5:31:91:1E 1301s X509v3 Basic Constraints: 1301s CA:FALSE 1301s Netscape Cert Type: 1301s SSL Client, S/MIME 1301s Netscape Comment: 1301s Test Organization Root CA trusted Certificate 1301s X509v3 Subject Key Identifier: 1301s C1:F2:58:4E:08:1E:A2:EA:7C:5F:97:D1:F7:B8:0D:A1:35:FA:60:21 1301s X509v3 Key Usage: critical 1301s Digital Signature, Non Repudiation, Key Encipherment 1301s X509v3 Extended Key Usage: 1301s TLS Web Client Authentication, E-mail Protection 1301s X509v3 Subject Alternative Name: 1301s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 1301s Signature Algorithm: sha256WithRSAEncryption 1301s Signature Value: 1301s 64:92:98:75:6b:71:a6:d5:44:7d:4b:3c:df:48:de:8c:dc:1a: 1301s 5c:fd:96:5e:51:c7:5a:a5:82:22:ab:06:c2:4a:4d:17:16:71: 1301s 18:1e:6c:19:d8:68:a3:c0:54:a3:96:fa:32:fa:ad:21:50:76: 1301s c7:9b:7c:8a:a9:a2:17:61:c6:02:6d:55:f5:db:7d:54:24:e7: 1301s cb:01:d6:55:53:ae:6c:af:6d:b5:2b:12:08:fa:a2:08:44:99: 1301s d8:eb:f3:30:eb:32:c3:34:8b:07:5f:03:f3:83:b3:ae:a6:8f: 1301s 77:96:e0:6c:82:6b:cb:fd:79:21:ea:ba:ff:f8:da:59:fb:44: 1301s 47:82 1301s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-MrKnJX/SSSD-child-700-auth.pem 1301s + found_md5=Modulus=C562C532315DC3FFB021D203B8FA194BBD0C06754EE77D2453BBD6AF6133179651B726EFDE1141386BDF536EF259312BF7353FBC1B1FAE29427CB45388242C6590CF33E0BED678A8B37DCA03E7E0FE47D92FC9745C8826078CBFEEE272E90731F771D67489750E6B8A58814C807E83B59733BA374B510F1447E0296C45543C6B 1301s + '[' Modulus=C562C532315DC3FFB021D203B8FA194BBD0C06754EE77D2453BBD6AF6133179651B726EFDE1141386BDF536EF259312BF7353FBC1B1FAE29427CB45388242C6590CF33E0BED678A8B37DCA03E7E0FE47D92FC9745C8826078CBFEEE272E90731F771D67489750E6B8A58814C807E83B59733BA374B510F1447E0296C45543C6B '!=' Modulus=C562C532315DC3FFB021D203B8FA194BBD0C06754EE77D2453BBD6AF6133179651B726EFDE1141386BDF536EF259312BF7353FBC1B1FAE29427CB45388242C6590CF33E0BED678A8B37DCA03E7E0FE47D92FC9745C8826078CBFEEE272E90731F771D67489750E6B8A58814C807E83B59733BA374B510F1447E0296C45543C6B ']' 1301s + valid_certificate /tmp/sssd-softhsm2-MrKnJX/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-779 /tmp/sssd-softhsm2-MrKnJX/test-root-CA.pem partial_chain 1301s + check_certificate /tmp/sssd-softhsm2-MrKnJX/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-779 /tmp/sssd-softhsm2-MrKnJX/test-root-CA.pem partial_chain 1301s + local certificate=/tmp/sssd-softhsm2-MrKnJX/test-root-CA-trusted-certificate-0001.pem 1301s + local key_pass=pass:random-root-ca-trusted-cert-0001-779 1301s + local key_ring=/tmp/sssd-softhsm2-MrKnJX/test-root-CA.pem 1301s + local verify_option=partial_chain 1301s + prepare_softhsm2_card /tmp/sssd-softhsm2-MrKnJX/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-779 1301s + local certificate=/tmp/sssd-softhsm2-MrKnJX/test-root-CA-trusted-certificate-0001.pem 1301s + local key_pass=pass:random-root-ca-trusted-cert-0001-779 1301s + local key_cn 1301s + local key_name 1301s + local tokens_dir 1301s + local output_cert_file 1301s + token_name= 1301s ++ basename /tmp/sssd-softhsm2-MrKnJX/test-root-CA-trusted-certificate-0001.pem .pem 1301s + key_name=test-root-CA-trusted-certificate-0001 1301s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-MrKnJX/test-root-CA-trusted-certificate-0001.pem 1301s ++ sed -n 's/ *commonName *= //p' 1301s + key_cn='Test Organization Root Trusted Certificate 0001' 1301s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 1301s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-MrKnJX/softhsm2-test-root-CA-trusted-certificate-0001.conf 1301s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-MrKnJX/softhsm2-test-root-CA-trusted-certificate-0001.conf 1301s ++ basename /tmp/sssd-softhsm2-MrKnJX/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 1301s + tokens_dir=/tmp/sssd-softhsm2-MrKnJX/softhsm2-test-root-CA-trusted-certificate-0001 1301s + token_name='Test Organization Root Tr Token' 1301s + '[' '!' -e /tmp/sssd-softhsm2-MrKnJX/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 1301s Test Organization Root Tr Token 1301s + '[' '!' -d /tmp/sssd-softhsm2-MrKnJX/softhsm2-test-root-CA-trusted-certificate-0001 ']' 1301s + echo 'Test Organization Root Tr Token' 1301s + '[' -n partial_chain ']' 1301s + local verify_arg=--verify=partial_chain 1301s + local output_base_name=SSSD-child-24115 1301s + local output_file=/tmp/sssd-softhsm2-MrKnJX/SSSD-child-24115.output 1301s + output_cert_file=/tmp/sssd-softhsm2-MrKnJX/SSSD-child-24115.pem 1301s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-MrKnJX/test-root-CA.pem 1301s [p11_child[2162]] [main] (0x0400): p11_child started. 1301s [p11_child[2162]] [main] (0x2000): Running in [pre-auth] mode. 1301s [p11_child[2162]] [main] (0x2000): Running with effective IDs: [0][0]. 1301s [p11_child[2162]] [main] (0x2000): Running with real IDs [0][0]. 1301s [p11_child[2162]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 1301s [p11_child[2162]] [do_card] (0x4000): Module List: 1301s [p11_child[2162]] [do_card] (0x4000): common name: [softhsm2]. 1301s [p11_child[2162]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 1301s [p11_child[2162]] [do_card] (0x4000): Description [SoftHSM slot ID 0x54ad493a] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 1301s [p11_child[2162]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 1301s [p11_child[2162]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x54ad493a][1420642618] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 1301s [p11_child[2162]] [do_card] (0x4000): Login NOT required. 1301s [p11_child[2162]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 1301s [p11_child[2162]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 1301s [p11_child[2162]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Root Tr Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 1301s [p11_child[2162]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x54ad493a;slot-manufacturer=SoftHSM%20project;slot-id=1420642618;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=2073fd1154ad493a;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 1301s [p11_child[2162]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 1301s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-MrKnJX/SSSD-child-24115.output 1301s + echo '-----BEGIN CERTIFICATE-----' 1301s + tail -n1 /tmp/sssd-softhsm2-MrKnJX/SSSD-child-24115.output 1301s + echo '-----END CERTIFICATE-----' 1301s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-MrKnJX/SSSD-child-24115.pem 1302s Certificate: 1302s Data: 1302s Version: 3 (0x2) 1302s Serial Number: 3 (0x3) 1302s Signature Algorithm: sha256WithRSAEncryption 1302s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 1302s Validity 1302s Not Before: Mar 18 18:11:04 2024 GMT 1302s Not After : Mar 18 18:11:04 2025 GMT 1302s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 1302s Subject Public Key Info: 1302s Public Key Algorithm: rsaEncryption 1302s Public-Key: (1024 bit) 1302s Modulus: 1302s 00:c5:62:c5:32:31:5d:c3:ff:b0:21:d2:03:b8:fa: 1302s 19:4b:bd:0c:06:75:4e:e7:7d:24:53:bb:d6:af:61: 1302s 33:17:96:51:b7:26:ef:de:11:41:38:6b:df:53:6e: 1302s f2:59:31:2b:f7:35:3f:bc:1b:1f:ae:29:42:7c:b4: 1302s 53:88:24:2c:65:90:cf:33:e0:be:d6:78:a8:b3:7d: 1302s ca:03:e7:e0:fe:47:d9:2f:c9:74:5c:88:26:07:8c: 1302s bf:ee:e2:72:e9:07:31:f7:71:d6:74:89:75:0e:6b: 1302s 8a:58:81:4c:80:7e:83:b5:97:33:ba:37:4b:51:0f: 1302s 14:47:e0:29:6c:45:54:3c:6b 1302s Exponent: 65537 (0x10001) 1302s X509v3 extensions: 1302s X509v3 Authority Key Identifier: 1302s DE:81:23:6D:61:38:74:A5:33:A9:F2:A7:5D:C8:65:B1:B5:31:91:1E 1302s X509v3 Basic Constraints: 1302s CA:FALSE 1302s Netscape Cert Type: 1302s SSL Client, S/MIME 1302s Netscape Comment: 1302s Test Organization Root CA trusted Certificate 1302s X509v3 Subject Key Identifier: 1302s C1:F2:58:4E:08:1E:A2:EA:7C:5F:97:D1:F7:B8:0D:A1:35:FA:60:21 1302s X509v3 Key Usage: critical 1302s Digital Signature, Non Repudiation, Key Encipherment 1302s X509v3 Extended Key Usage: 1302s TLS Web Client Authentication, E-mail Protection 1302s X509v3 Subject Alternative Name: 1302s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 1302s Signature Algorithm: sha256WithRSAEncryption 1302s Signature Value: 1302s 64:92:98:75:6b:71:a6:d5:44:7d:4b:3c:df:48:de:8c:dc:1a: 1302s 5c:fd:96:5e:51:c7:5a:a5:82:22:ab:06:c2:4a:4d:17:16:71: 1302s 18:1e:6c:19:d8:68:a3:c0:54:a3:96:fa:32:fa:ad:21:50:76: 1302s c7:9b:7c:8a:a9:a2:17:61:c6:02:6d:55:f5:db:7d:54:24:e7: 1302s cb:01:d6:55:53:ae:6c:af:6d:b5:2b:12:08:fa:a2:08:44:99: 1302s d8:eb:f3:30:eb:32:c3:34:8b:07:5f:03:f3:83:b3:ae:a6:8f: 1302s 77:96:e0:6c:82:6b:cb:fd:79:21:ea:ba:ff:f8:da:59:fb:44: 1302s 47:82 1302s + local found_md5 expected_md5 1302s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-MrKnJX/test-root-CA-trusted-certificate-0001.pem 1302s + expected_md5=Modulus=C562C532315DC3FFB021D203B8FA194BBD0C06754EE77D2453BBD6AF6133179651B726EFDE1141386BDF536EF259312BF7353FBC1B1FAE29427CB45388242C6590CF33E0BED678A8B37DCA03E7E0FE47D92FC9745C8826078CBFEEE272E90731F771D67489750E6B8A58814C807E83B59733BA374B510F1447E0296C45543C6B 1302s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-MrKnJX/SSSD-child-24115.pem 1302s + found_md5=Modulus=C562C532315DC3FFB021D203B8FA194BBD0C06754EE77D2453BBD6AF6133179651B726EFDE1141386BDF536EF259312BF7353FBC1B1FAE29427CB45388242C6590CF33E0BED678A8B37DCA03E7E0FE47D92FC9745C8826078CBFEEE272E90731F771D67489750E6B8A58814C807E83B59733BA374B510F1447E0296C45543C6B 1302s + '[' Modulus=C562C532315DC3FFB021D203B8FA194BBD0C06754EE77D2453BBD6AF6133179651B726EFDE1141386BDF536EF259312BF7353FBC1B1FAE29427CB45388242C6590CF33E0BED678A8B37DCA03E7E0FE47D92FC9745C8826078CBFEEE272E90731F771D67489750E6B8A58814C807E83B59733BA374B510F1447E0296C45543C6B '!=' Modulus=C562C532315DC3FFB021D203B8FA194BBD0C06754EE77D2453BBD6AF6133179651B726EFDE1141386BDF536EF259312BF7353FBC1B1FAE29427CB45388242C6590CF33E0BED678A8B37DCA03E7E0FE47D92FC9745C8826078CBFEEE272E90731F771D67489750E6B8A58814C807E83B59733BA374B510F1447E0296C45543C6B ']' 1302s + output_file=/tmp/sssd-softhsm2-MrKnJX/SSSD-child-24115-auth.output 1302s ++ basename /tmp/sssd-softhsm2-MrKnJX/SSSD-child-24115-auth.output .output 1302s + output_cert_file=/tmp/sssd-softhsm2-MrKnJX/SSSD-child-24115-auth.pem 1302s + echo -n 053350 1302s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-MrKnJX/test-root-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Root Tr Token' --module_name /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so 1302s [p11_child[2170]] [main] (0x0400): p11_child started. 1302s [p11_child[2170]] [main] (0x2000): Running in [auth] mode. 1302s [p11_child[2170]] [main] (0x2000): Running with effective IDs: [0][0]. 1302s [p11_child[2170]] [main] (0x2000): Running with real IDs [0][0]. 1302s [p11_child[2170]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 1302s [p11_child[2170]] [do_card] (0x4000): Module List: 1302s [p11_child[2170]] [do_card] (0x4000): common name: [softhsm2]. 1302s [p11_child[2170]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 1302s [p11_child[2170]] [do_card] (0x4000): Description [SoftHSM slot ID 0x54ad493a] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 1302s [p11_child[2170]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 1302s [p11_child[2170]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x54ad493a][1420642618] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 1302s [p11_child[2170]] [do_card] (0x4000): Login required. 1302s [p11_child[2170]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 1302s [p11_child[2170]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 1302s [p11_child[2170]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so Test Organization Root Tr Token Test Organization Root Tr Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 1302s [p11_child[2170]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x54ad493a;slot-manufacturer=SoftHSM%20project;slot-id=1420642618;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=2073fd1154ad493a;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 1302s [p11_child[2170]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 1302s [p11_child[2170]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 1302s [p11_child[2170]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 1302s [p11_child[2170]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 1302s [p11_child[2170]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 1302s [p11_child[2170]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 1302s [p11_child[2170]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 1302s [p11_child[2170]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 1302s [p11_child[2170]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 1302s [p11_child[2170]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 1302s [p11_child[2170]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 1302s [p11_child[2170]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 1302s [p11_child[2170]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 1302s [p11_child[2170]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 1302s [p11_child[2170]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 1302s [p11_child[2170]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 1302s [p11_child[2170]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 1302s [p11_child[2170]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 1302s [p11_child[2170]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 1302s [p11_child[2170]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 1302s [p11_child[2170]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 1302s [p11_child[2170]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 1302s [p11_child[2170]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 1302s [p11_child[2170]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 1302s [p11_child[2170]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 1302s [p11_child[2170]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 1302s [p11_child[2170]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 1302s [p11_child[2170]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 1302s [p11_child[2170]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 1302s [p11_child[2170]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 1302s [p11_child[2170]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 1302s [p11_child[2170]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 1302s [p11_child[2170]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 1302s [p11_child[2170]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 1302s [p11_child[2170]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 1302s [p11_child[2170]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 1302s [p11_child[2170]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 1302s [p11_child[2170]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 1302s [p11_child[2170]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 1302s [p11_child[2170]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 1302s [p11_child[2170]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 1302s [p11_child[2170]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 1302s [p11_child[2170]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 1302s [p11_child[2170]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 1302s [p11_child[2170]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 1302s [p11_child[2170]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 1302s [p11_child[2170]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 1302s [p11_child[2170]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 1302s [p11_child[2170]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 1302s [p11_child[2170]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 1302s [p11_child[2170]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 1302s [p11_child[2170]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 1302s [p11_child[2170]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 1302s [p11_child[2170]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 1302s [p11_child[2170]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 1302s [p11_child[2170]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 1302s [p11_child[2170]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 1302s [p11_child[2170]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 1302s [p11_child[2170]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 1302s [p11_child[2170]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 1302s [p11_child[2170]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 1302s [p11_child[2170]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 1302s [p11_child[2170]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 1302s [p11_child[2170]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 1302s [p11_child[2170]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 1302s [p11_child[2170]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 1302s [p11_child[2170]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 1302s [p11_child[2170]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 1302s [p11_child[2170]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 1302s [p11_child[2170]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 1302s [p11_child[2170]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 1302s [p11_child[2170]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 1302s [p11_child[2170]] [do_card] (0x4000): Certificate verified and validated. 1302s [p11_child[2170]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 1302s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-MrKnJX/SSSD-child-24115-auth.output 1302s + echo '-----BEGIN CERTIFICATE-----' 1302s + tail -n1 /tmp/sssd-softhsm2-MrKnJX/SSSD-child-24115-auth.output 1302s + echo '-----END CERTIFICATE-----' 1302s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-MrKnJX/SSSD-child-24115-auth.pem 1302s Certificate: 1302s Data: 1302s Version: 3 (0x2) 1302s Serial Number: 3 (0x3) 1302s Signature Algorithm: sha256WithRSAEncryption 1302s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 1302s Validity 1302s Not Before: Mar 18 18:11:04 2024 GMT 1302s Not After : Mar 18 18:11:04 2025 GMT 1302s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 1302s Subject Public Key Info: 1302s Public Key Algorithm: rsaEncryption 1302s Public-Key: (1024 bit) 1302s Modulus: 1302s 00:c5:62:c5:32:31:5d:c3:ff:b0:21:d2:03:b8:fa: 1302s 19:4b:bd:0c:06:75:4e:e7:7d:24:53:bb:d6:af:61: 1302s 33:17:96:51:b7:26:ef:de:11:41:38:6b:df:53:6e: 1302s f2:59:31:2b:f7:35:3f:bc:1b:1f:ae:29:42:7c:b4: 1302s 53:88:24:2c:65:90:cf:33:e0:be:d6:78:a8:b3:7d: 1302s ca:03:e7:e0:fe:47:d9:2f:c9:74:5c:88:26:07:8c: 1302s bf:ee:e2:72:e9:07:31:f7:71:d6:74:89:75:0e:6b: 1302s 8a:58:81:4c:80:7e:83:b5:97:33:ba:37:4b:51:0f: 1302s 14:47:e0:29:6c:45:54:3c:6b 1302s Exponent: 65537 (0x10001) 1302s X509v3 extensions: 1302s X509v3 Authority Key Identifier: 1302s DE:81:23:6D:61:38:74:A5:33:A9:F2:A7:5D:C8:65:B1:B5:31:91:1E 1302s X509v3 Basic Constraints: 1302s CA:FALSE 1302s Netscape Cert Type: 1302s SSL Client, S/MIME 1302s Netscape Comment: 1302s Test Organization Root CA trusted Certificate 1302s X509v3 Subject Key Identifier: 1302s C1:F2:58:4E:08:1E:A2:EA:7C:5F:97:D1:F7:B8:0D:A1:35:FA:60:21 1302s X509v3 Key Usage: critical 1302s Digital Signature, Non Repudiation, Key Encipherment 1302s X509v3 Extended Key Usage: 1302s TLS Web Client Authentication, E-mail Protection 1302s X509v3 Subject Alternative Name: 1302s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 1302s Signature Algorithm: sha256WithRSAEncryption 1302s Signature Value: 1302s 64:92:98:75:6b:71:a6:d5:44:7d:4b:3c:df:48:de:8c:dc:1a: 1302s 5c:fd:96:5e:51:c7:5a:a5:82:22:ab:06:c2:4a:4d:17:16:71: 1302s 18:1e:6c:19:d8:68:a3:c0:54:a3:96:fa:32:fa:ad:21:50:76: 1302s c7:9b:7c:8a:a9:a2:17:61:c6:02:6d:55:f5:db:7d:54:24:e7: 1302s cb:01:d6:55:53:ae:6c:af:6d:b5:2b:12:08:fa:a2:08:44:99: 1302s d8:eb:f3:30:eb:32:c3:34:8b:07:5f:03:f3:83:b3:ae:a6:8f: 1302s 77:96:e0:6c:82:6b:cb:fd:79:21:ea:ba:ff:f8:da:59:fb:44: 1302s 47:82 1302s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-MrKnJX/SSSD-child-24115-auth.pem 1303s + found_md5=Modulus=C562C532315DC3FFB021D203B8FA194BBD0C06754EE77D2453BBD6AF6133179651B726EFDE1141386BDF536EF259312BF7353FBC1B1FAE29427CB45388242C6590CF33E0BED678A8B37DCA03E7E0FE47D92FC9745C8826078CBFEEE272E90731F771D67489750E6B8A58814C807E83B59733BA374B510F1447E0296C45543C6B 1303s + '[' Modulus=C562C532315DC3FFB021D203B8FA194BBD0C06754EE77D2453BBD6AF6133179651B726EFDE1141386BDF536EF259312BF7353FBC1B1FAE29427CB45388242C6590CF33E0BED678A8B37DCA03E7E0FE47D92FC9745C8826078CBFEEE272E90731F771D67489750E6B8A58814C807E83B59733BA374B510F1447E0296C45543C6B '!=' Modulus=C562C532315DC3FFB021D203B8FA194BBD0C06754EE77D2453BBD6AF6133179651B726EFDE1141386BDF536EF259312BF7353FBC1B1FAE29427CB45388242C6590CF33E0BED678A8B37DCA03E7E0FE47D92FC9745C8826078CBFEEE272E90731F771D67489750E6B8A58814C807E83B59733BA374B510F1447E0296C45543C6B ']' 1303s + valid_certificate /tmp/sssd-softhsm2-MrKnJX/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-779 /tmp/sssd-softhsm2-MrKnJX/test-full-chain-CA.pem 1303s + check_certificate /tmp/sssd-softhsm2-MrKnJX/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-779 /tmp/sssd-softhsm2-MrKnJX/test-full-chain-CA.pem 1303s + local certificate=/tmp/sssd-softhsm2-MrKnJX/test-root-CA-trusted-certificate-0001.pem 1303s + local key_pass=pass:random-root-ca-trusted-cert-0001-779 1303s + local key_ring=/tmp/sssd-softhsm2-MrKnJX/test-full-chain-CA.pem 1303s + local verify_option= 1303s + prepare_softhsm2_card /tmp/sssd-softhsm2-MrKnJX/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-779 1303s + local certificate=/tmp/sssd-softhsm2-MrKnJX/test-root-CA-trusted-certificate-0001.pem 1303s + local key_pass=pass:random-root-ca-trusted-cert-0001-779 1303s + local key_cn 1303s + local key_name 1303s + local tokens_dir 1303s + local output_cert_file 1303s + token_name= 1303s ++ basename /tmp/sssd-softhsm2-MrKnJX/test-root-CA-trusted-certificate-0001.pem .pem 1303s + key_name=test-root-CA-trusted-certificate-0001 1303s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-MrKnJX/test-root-CA-trusted-certificate-0001.pem 1303s ++ sed -n 's/ *commonName *= //p' 1303s + key_cn='Test Organization Root Trusted Certificate 0001' 1303s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 1303s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-MrKnJX/softhsm2-test-root-CA-trusted-certificate-0001.conf 1303s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-MrKnJX/softhsm2-test-root-CA-trusted-certificate-0001.conf 1303s ++ basename /tmp/sssd-softhsm2-MrKnJX/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 1303s + tokens_dir=/tmp/sssd-softhsm2-MrKnJX/softhsm2-test-root-CA-trusted-certificate-0001 1303s + token_name='Test Organization Root Tr Token' 1303s + '[' '!' -e /tmp/sssd-softhsm2-MrKnJX/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 1303s + '[' '!' -d /tmp/sssd-softhsm2-MrKnJX/softhsm2-test-root-CA-trusted-certificate-0001 ']' 1303s + echo 'Test Organization Root Tr Token' 1303s + '[' -n '' ']' 1303s + local output_base_name=SSSD-child-29283 1303s + local output_file=/tmp/sssd-softhsm2-MrKnJX/SSSD-child-29283.output 1303s + output_cert_file=/tmp/sssd-softhsm2-MrKnJX/SSSD-child-29283.pem 1303s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-MrKnJX/test-full-chain-CA.pem 1303s Test Organization Root Tr Token 1303s [p11_child[2180]] [main] (0x0400): p11_child started. 1303s [p11_child[2180]] [main] (0x2000): Running in [pre-auth] mode. 1303s [p11_child[2180]] [main] (0x2000): Running with effective IDs: [0][0]. 1303s [p11_child[2180]] [main] (0x2000): Running with real IDs [0][0]. 1303s [p11_child[2180]] [do_card] (0x4000): Module List: 1303s [p11_child[2180]] [do_card] (0x4000): common name: [softhsm2]. 1303s [p11_child[2180]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 1303s [p11_child[2180]] [do_card] (0x4000): Description [SoftHSM slot ID 0x54ad493a] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 1303s [p11_child[2180]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 1303s [p11_child[2180]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x54ad493a][1420642618] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 1303s [p11_child[2180]] [do_card] (0x4000): Login NOT required. 1303s [p11_child[2180]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 1303s [p11_child[2180]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 1303s [p11_child[2180]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Root Tr Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 1303s [p11_child[2180]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x54ad493a;slot-manufacturer=SoftHSM%20project;slot-id=1420642618;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=2073fd1154ad493a;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 1303s [p11_child[2180]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 1303s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-MrKnJX/SSSD-child-29283.output 1303s + echo '-----BEGIN CERTIFICATE-----' 1303s + tail -n1 /tmp/sssd-softhsm2-MrKnJX/SSSD-child-29283.output 1303s + echo '-----END CERTIFICATE-----' 1303s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-MrKnJX/SSSD-child-29283.pem 1303s Certificate: 1303s Data: 1303s Version: 3 (0x2) 1303s Serial Number: 3 (0x3) 1303s Signature Algorithm: sha256WithRSAEncryption 1303s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 1303s Validity 1303s Not Before: Mar 18 18:11:04 2024 GMT 1303s Not After : Mar 18 18:11:04 2025 GMT 1303s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 1303s Subject Public Key Info: 1303s Public Key Algorithm: rsaEncryption 1303s Public-Key: (1024 bit) 1303s Modulus: 1303s 00:c5:62:c5:32:31:5d:c3:ff:b0:21:d2:03:b8:fa: 1303s 19:4b:bd:0c:06:75:4e:e7:7d:24:53:bb:d6:af:61: 1303s 33:17:96:51:b7:26:ef:de:11:41:38:6b:df:53:6e: 1303s f2:59:31:2b:f7:35:3f:bc:1b:1f:ae:29:42:7c:b4: 1303s 53:88:24:2c:65:90:cf:33:e0:be:d6:78:a8:b3:7d: 1303s ca:03:e7:e0:fe:47:d9:2f:c9:74:5c:88:26:07:8c: 1303s bf:ee:e2:72:e9:07:31:f7:71:d6:74:89:75:0e:6b: 1303s 8a:58:81:4c:80:7e:83:b5:97:33:ba:37:4b:51:0f: 1303s 14:47:e0:29:6c:45:54:3c:6b 1303s Exponent: 65537 (0x10001) 1303s X509v3 extensions: 1303s X509v3 Authority Key Identifier: 1303s DE:81:23:6D:61:38:74:A5:33:A9:F2:A7:5D:C8:65:B1:B5:31:91:1E 1303s X509v3 Basic Constraints: 1303s CA:FALSE 1303s Netscape Cert Type: 1303s SSL Client, S/MIME 1303s Netscape Comment: 1303s Test Organization Root CA trusted Certificate 1303s X509v3 Subject Key Identifier: 1303s C1:F2:58:4E:08:1E:A2:EA:7C:5F:97:D1:F7:B8:0D:A1:35:FA:60:21 1303s X509v3 Key Usage: critical 1303s Digital Signature, Non Repudiation, Key Encipherment 1303s X509v3 Extended Key Usage: 1303s TLS Web Client Authentication, E-mail Protection 1303s X509v3 Subject Alternative Name: 1303s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 1303s Signature Algorithm: sha256WithRSAEncryption 1303s Signature Value: 1303s 64:92:98:75:6b:71:a6:d5:44:7d:4b:3c:df:48:de:8c:dc:1a: 1303s 5c:fd:96:5e:51:c7:5a:a5:82:22:ab:06:c2:4a:4d:17:16:71: 1303s 18:1e:6c:19:d8:68:a3:c0:54:a3:96:fa:32:fa:ad:21:50:76: 1303s c7:9b:7c:8a:a9:a2:17:61:c6:02:6d:55:f5:db:7d:54:24:e7: 1303s cb:01:d6:55:53:ae:6c:af:6d:b5:2b:12:08:fa:a2:08:44:99: 1303s d8:eb:f3:30:eb:32:c3:34:8b:07:5f:03:f3:83:b3:ae:a6:8f: 1303s 77:96:e0:6c:82:6b:cb:fd:79:21:ea:ba:ff:f8:da:59:fb:44: 1303s 47:82 1303s + local found_md5 expected_md5 1303s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-MrKnJX/test-root-CA-trusted-certificate-0001.pem 1303s + expected_md5=Modulus=C562C532315DC3FFB021D203B8FA194BBD0C06754EE77D2453BBD6AF6133179651B726EFDE1141386BDF536EF259312BF7353FBC1B1FAE29427CB45388242C6590CF33E0BED678A8B37DCA03E7E0FE47D92FC9745C8826078CBFEEE272E90731F771D67489750E6B8A58814C807E83B59733BA374B510F1447E0296C45543C6B 1303s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-MrKnJX/SSSD-child-29283.pem 1303s + found_md5=Modulus=C562C532315DC3FFB021D203B8FA194BBD0C06754EE77D2453BBD6AF6133179651B726EFDE1141386BDF536EF259312BF7353FBC1B1FAE29427CB45388242C6590CF33E0BED678A8B37DCA03E7E0FE47D92FC9745C8826078CBFEEE272E90731F771D67489750E6B8A58814C807E83B59733BA374B510F1447E0296C45543C6B 1303s + '[' Modulus=C562C532315DC3FFB021D203B8FA194BBD0C06754EE77D2453BBD6AF6133179651B726EFDE1141386BDF536EF259312BF7353FBC1B1FAE29427CB45388242C6590CF33E0BED678A8B37DCA03E7E0FE47D92FC9745C8826078CBFEEE272E90731F771D67489750E6B8A58814C807E83B59733BA374B510F1447E0296C45543C6B '!=' Modulus=C562C532315DC3FFB021D203B8FA194BBD0C06754EE77D2453BBD6AF6133179651B726EFDE1141386BDF536EF259312BF7353FBC1B1FAE29427CB45388242C6590CF33E0BED678A8B37DCA03E7E0FE47D92FC9745C8826078CBFEEE272E90731F771D67489750E6B8A58814C807E83B59733BA374B510F1447E0296C45543C6B ']' 1303s + output_file=/tmp/sssd-softhsm2-MrKnJX/SSSD-child-29283-auth.output 1303s ++ basename /tmp/sssd-softhsm2-MrKnJX/SSSD-child-29283-auth.output .output 1303s + output_cert_file=/tmp/sssd-softhsm2-MrKnJX/SSSD-child-29283-auth.pem 1303s + echo -n 053350 1303s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-MrKnJX/test-full-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 '' --token_name 'Test Organization Root Tr Token' --module_name /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so 1303s [p11_child[2188]] [main] (0x0400): p11_child started. 1303s [p11_child[2188]] [main] (0x2000): Running in [auth] mode. 1303s [p11_child[2188]] [main] (0x2000): Running with effective IDs: [0][0]. 1303s [p11_child[2188]] [main] (0x2000): Running with real IDs [0][0]. 1303s [p11_child[2188]] [do_card] (0x4000): Module List: 1303s [p11_child[2188]] [do_card] (0x4000): common name: [softhsm2]. 1303s [p11_child[2188]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 1303s [p11_child[2188]] [do_card] (0x4000): Description [SoftHSM slot ID 0x54ad493a] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 1303s [p11_child[2188]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 1303s [p11_child[2188]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x54ad493a][1420642618] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 1303s [p11_child[2188]] [do_card] (0x4000): Login required. 1303s [p11_child[2188]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 1303s [p11_child[2188]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 1303s [p11_child[2188]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so Test Organization Root Tr Token Test Organization Root Tr Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 1303s [p11_child[2188]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x54ad493a;slot-manufacturer=SoftHSM%20project;slot-id=1420642618;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=2073fd1154ad493a;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 1303s [p11_child[2188]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 1303s [p11_child[2188]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 1303s [p11_child[2188]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 1303s [p11_child[2188]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 1303s [p11_child[2188]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 1303s [p11_child[2188]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 1303s [p11_child[2188]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 1303s [p11_child[2188]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 1303s [p11_child[2188]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 1303s [p11_child[2188]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 1303s [p11_child[2188]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 1303s [p11_child[2188]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 1303s [p11_child[2188]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 1303s [p11_child[2188]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 1303s [p11_child[2188]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 1303s [p11_child[2188]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 1303s [p11_child[2188]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 1303s [p11_child[2188]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 1303s [p11_child[2188]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 1303s [p11_child[2188]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 1303s [p11_child[2188]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 1303s [p11_child[2188]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 1303s [p11_child[2188]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 1303s [p11_child[2188]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 1303s [p11_child[2188]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 1303s [p11_child[2188]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 1303s [p11_child[2188]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 1303s [p11_child[2188]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 1303s [p11_child[2188]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 1303s [p11_child[2188]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 1303s [p11_child[2188]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 1303s [p11_child[2188]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 1303s [p11_child[2188]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 1303s [p11_child[2188]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 1303s [p11_child[2188]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 1303s [p11_child[2188]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 1303s [p11_child[2188]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 1303s [p11_child[2188]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 1303s [p11_child[2188]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 1303s [p11_child[2188]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 1303s [p11_child[2188]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 1303s [p11_child[2188]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 1303s [p11_child[2188]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 1303s [p11_child[2188]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 1303s [p11_child[2188]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 1303s [p11_child[2188]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 1303s [p11_child[2188]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 1303s [p11_child[2188]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 1303s [p11_child[2188]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 1303s [p11_child[2188]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 1303s [p11_child[2188]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 1303s [p11_child[2188]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 1303s [p11_child[2188]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 1303s [p11_child[2188]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 1303s [p11_child[2188]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 1303s [p11_child[2188]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 1303s [p11_child[2188]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 1303s [p11_child[2188]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 1303s [p11_child[2188]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 1303s [p11_child[2188]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 1303s [p11_child[2188]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 1303s [p11_child[2188]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 1303s [p11_child[2188]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 1303s [p11_child[2188]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 1303s [p11_child[2188]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 1303s [p11_child[2188]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 1303s [p11_child[2188]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 1303s [p11_child[2188]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 1303s [p11_child[2188]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 1303s [p11_child[2188]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 1303s [p11_child[2188]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 1303s [p11_child[2188]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 1303s [p11_child[2188]] [do_card] (0x4000): Certificate verified and validated. 1303s [p11_child[2188]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 1303s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-MrKnJX/SSSD-child-29283-auth.output 1303s + echo '-----BEGIN CERTIFICATE-----' 1303s + tail -n1 /tmp/sssd-softhsm2-MrKnJX/SSSD-child-29283-auth.output 1303s + echo '-----END CERTIFICATE-----' 1303s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-MrKnJX/SSSD-child-29283-auth.pem 1303s Certificate: 1303s Data: 1303s Version: 3 (0x2) 1303s Serial Number: 3 (0x3) 1303s Signature Algorithm: sha256WithRSAEncryption 1303s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 1303s Validity 1303s Not Before: Mar 18 18:11:04 2024 GMT 1303s Not After : Mar 18 18:11:04 2025 GMT 1303s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 1303s Subject Public Key Info: 1303s Public Key Algorithm: rsaEncryption 1303s Public-Key: (1024 bit) 1303s Modulus: 1303s 00:c5:62:c5:32:31:5d:c3:ff:b0:21:d2:03:b8:fa: 1303s 19:4b:bd:0c:06:75:4e:e7:7d:24:53:bb:d6:af:61: 1303s 33:17:96:51:b7:26:ef:de:11:41:38:6b:df:53:6e: 1303s f2:59:31:2b:f7:35:3f:bc:1b:1f:ae:29:42:7c:b4: 1303s 53:88:24:2c:65:90:cf:33:e0:be:d6:78:a8:b3:7d: 1303s ca:03:e7:e0:fe:47:d9:2f:c9:74:5c:88:26:07:8c: 1303s bf:ee:e2:72:e9:07:31:f7:71:d6:74:89:75:0e:6b: 1303s 8a:58:81:4c:80:7e:83:b5:97:33:ba:37:4b:51:0f: 1303s 14:47:e0:29:6c:45:54:3c:6b 1303s Exponent: 65537 (0x10001) 1303s X509v3 extensions: 1303s X509v3 Authority Key Identifier: 1303s DE:81:23:6D:61:38:74:A5:33:A9:F2:A7:5D:C8:65:B1:B5:31:91:1E 1303s X509v3 Basic Constraints: 1303s CA:FALSE 1303s Netscape Cert Type: 1303s SSL Client, S/MIME 1303s Netscape Comment: 1303s Test Organization Root CA trusted Certificate 1303s X509v3 Subject Key Identifier: 1303s C1:F2:58:4E:08:1E:A2:EA:7C:5F:97:D1:F7:B8:0D:A1:35:FA:60:21 1303s X509v3 Key Usage: critical 1303s Digital Signature, Non Repudiation, Key Encipherment 1303s X509v3 Extended Key Usage: 1303s TLS Web Client Authentication, E-mail Protection 1303s X509v3 Subject Alternative Name: 1303s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 1303s Signature Algorithm: sha256WithRSAEncryption 1303s Signature Value: 1303s 64:92:98:75:6b:71:a6:d5:44:7d:4b:3c:df:48:de:8c:dc:1a: 1303s 5c:fd:96:5e:51:c7:5a:a5:82:22:ab:06:c2:4a:4d:17:16:71: 1303s 18:1e:6c:19:d8:68:a3:c0:54:a3:96:fa:32:fa:ad:21:50:76: 1303s c7:9b:7c:8a:a9:a2:17:61:c6:02:6d:55:f5:db:7d:54:24:e7: 1303s cb:01:d6:55:53:ae:6c:af:6d:b5:2b:12:08:fa:a2:08:44:99: 1303s d8:eb:f3:30:eb:32:c3:34:8b:07:5f:03:f3:83:b3:ae:a6:8f: 1303s 77:96:e0:6c:82:6b:cb:fd:79:21:ea:ba:ff:f8:da:59:fb:44: 1303s 47:82 1303s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-MrKnJX/SSSD-child-29283-auth.pem 1303s + found_md5=Modulus=C562C532315DC3FFB021D203B8FA194BBD0C06754EE77D2453BBD6AF6133179651B726EFDE1141386BDF536EF259312BF7353FBC1B1FAE29427CB45388242C6590CF33E0BED678A8B37DCA03E7E0FE47D92FC9745C8826078CBFEEE272E90731F771D67489750E6B8A58814C807E83B59733BA374B510F1447E0296C45543C6B 1303s + '[' Modulus=C562C532315DC3FFB021D203B8FA194BBD0C06754EE77D2453BBD6AF6133179651B726EFDE1141386BDF536EF259312BF7353FBC1B1FAE29427CB45388242C6590CF33E0BED678A8B37DCA03E7E0FE47D92FC9745C8826078CBFEEE272E90731F771D67489750E6B8A58814C807E83B59733BA374B510F1447E0296C45543C6B '!=' Modulus=C562C532315DC3FFB021D203B8FA194BBD0C06754EE77D2453BBD6AF6133179651B726EFDE1141386BDF536EF259312BF7353FBC1B1FAE29427CB45388242C6590CF33E0BED678A8B37DCA03E7E0FE47D92FC9745C8826078CBFEEE272E90731F771D67489750E6B8A58814C807E83B59733BA374B510F1447E0296C45543C6B ']' 1303s + valid_certificate /tmp/sssd-softhsm2-MrKnJX/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-779 /tmp/sssd-softhsm2-MrKnJX/test-full-chain-CA.pem partial_chain 1303s + check_certificate /tmp/sssd-softhsm2-MrKnJX/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-779 /tmp/sssd-softhsm2-MrKnJX/test-full-chain-CA.pem partial_chain 1303s + local certificate=/tmp/sssd-softhsm2-MrKnJX/test-root-CA-trusted-certificate-0001.pem 1303s + local key_pass=pass:random-root-ca-trusted-cert-0001-779 1303s + local key_ring=/tmp/sssd-softhsm2-MrKnJX/test-full-chain-CA.pem 1303s + local verify_option=partial_chain 1303s + prepare_softhsm2_card /tmp/sssd-softhsm2-MrKnJX/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-779 1303s + local certificate=/tmp/sssd-softhsm2-MrKnJX/test-root-CA-trusted-certificate-0001.pem 1303s + local key_pass=pass:random-root-ca-trusted-cert-0001-779 1303s + local key_cn 1303s + local key_name 1303s + local tokens_dir 1303s + local output_cert_file 1303s + token_name= 1303s ++ basename /tmp/sssd-softhsm2-MrKnJX/test-root-CA-trusted-certificate-0001.pem .pem 1303s + key_name=test-root-CA-trusted-certificate-0001 1303s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-MrKnJX/test-root-CA-trusted-certificate-0001.pem 1303s ++ sed -n 's/ *commonName *= //p' 1304s + key_cn='Test Organization Root Trusted Certificate 0001' 1304s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 1304s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-MrKnJX/softhsm2-test-root-CA-trusted-certificate-0001.conf 1304s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-MrKnJX/softhsm2-test-root-CA-trusted-certificate-0001.conf 1304s ++ basename /tmp/sssd-softhsm2-MrKnJX/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 1304s + tokens_dir=/tmp/sssd-softhsm2-MrKnJX/softhsm2-test-root-CA-trusted-certificate-0001 1304s + token_name='Test Organization Root Tr Token' 1304s + '[' '!' -e /tmp/sssd-softhsm2-MrKnJX/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 1304s Test Organization Root Tr Token 1304s + '[' '!' -d /tmp/sssd-softhsm2-MrKnJX/softhsm2-test-root-CA-trusted-certificate-0001 ']' 1304s + echo 'Test Organization Root Tr Token' 1304s + '[' -n partial_chain ']' 1304s + local verify_arg=--verify=partial_chain 1304s + local output_base_name=SSSD-child-20503 1304s + local output_file=/tmp/sssd-softhsm2-MrKnJX/SSSD-child-20503.output 1304s + output_cert_file=/tmp/sssd-softhsm2-MrKnJX/SSSD-child-20503.pem 1304s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-MrKnJX/test-full-chain-CA.pem 1304s [p11_child[2198]] [main] (0x0400): p11_child started. 1304s [p11_child[2198]] [main] (0x2000): Running in [pre-auth] mode. 1304s [p11_child[2198]] [main] (0x2000): Running with effective IDs: [0][0]. 1304s [p11_child[2198]] [main] (0x2000): Running with real IDs [0][0]. 1304s [p11_child[2198]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 1304s [p11_child[2198]] [do_card] (0x4000): Module List: 1304s [p11_child[2198]] [do_card] (0x4000): common name: [softhsm2]. 1304s [p11_child[2198]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 1304s [p11_child[2198]] [do_card] (0x4000): Description [SoftHSM slot ID 0x54ad493a] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 1304s [p11_child[2198]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 1304s [p11_child[2198]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x54ad493a][1420642618] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 1304s [p11_child[2198]] [do_card] (0x4000): Login NOT required. 1304s [p11_child[2198]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 1304s [p11_child[2198]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 1304s [p11_child[2198]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Root Tr Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 1304s [p11_child[2198]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x54ad493a;slot-manufacturer=SoftHSM%20project;slot-id=1420642618;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=2073fd1154ad493a;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 1304s [p11_child[2198]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 1304s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-MrKnJX/SSSD-child-20503.output 1304s + echo '-----BEGIN CERTIFICATE-----' 1304s + tail -n1 /tmp/sssd-softhsm2-MrKnJX/SSSD-child-20503.output 1304s + echo '-----END CERTIFICATE-----' 1304s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-MrKnJX/SSSD-child-20503.pem 1304s Certificate: 1304s Data: 1304s Version: 3 (0x2) 1304s Serial Number: 3 (0x3) 1304s Signature Algorithm: sha256WithRSAEncryption 1304s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 1304s Validity 1304s Not Before: Mar 18 18:11:04 2024 GMT 1304s Not After : Mar 18 18:11:04 2025 GMT 1304s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 1304s Subject Public Key Info: 1304s Public Key Algorithm: rsaEncryption 1304s Public-Key: (1024 bit) 1304s Modulus: 1304s 00:c5:62:c5:32:31:5d:c3:ff:b0:21:d2:03:b8:fa: 1304s 19:4b:bd:0c:06:75:4e:e7:7d:24:53:bb:d6:af:61: 1304s 33:17:96:51:b7:26:ef:de:11:41:38:6b:df:53:6e: 1304s f2:59:31:2b:f7:35:3f:bc:1b:1f:ae:29:42:7c:b4: 1304s 53:88:24:2c:65:90:cf:33:e0:be:d6:78:a8:b3:7d: 1304s ca:03:e7:e0:fe:47:d9:2f:c9:74:5c:88:26:07:8c: 1304s bf:ee:e2:72:e9:07:31:f7:71:d6:74:89:75:0e:6b: 1304s 8a:58:81:4c:80:7e:83:b5:97:33:ba:37:4b:51:0f: 1304s 14:47:e0:29:6c:45:54:3c:6b 1304s Exponent: 65537 (0x10001) 1304s X509v3 extensions: 1304s X509v3 Authority Key Identifier: 1304s DE:81:23:6D:61:38:74:A5:33:A9:F2:A7:5D:C8:65:B1:B5:31:91:1E 1304s X509v3 Basic Constraints: 1304s CA:FALSE 1304s Netscape Cert Type: 1304s SSL Client, S/MIME 1304s Netscape Comment: 1304s Test Organization Root CA trusted Certificate 1304s X509v3 Subject Key Identifier: 1304s C1:F2:58:4E:08:1E:A2:EA:7C:5F:97:D1:F7:B8:0D:A1:35:FA:60:21 1304s X509v3 Key Usage: critical 1304s Digital Signature, Non Repudiation, Key Encipherment 1304s X509v3 Extended Key Usage: 1304s TLS Web Client Authentication, E-mail Protection 1304s X509v3 Subject Alternative Name: 1304s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 1304s Signature Algorithm: sha256WithRSAEncryption 1304s Signature Value: 1304s 64:92:98:75:6b:71:a6:d5:44:7d:4b:3c:df:48:de:8c:dc:1a: 1304s 5c:fd:96:5e:51:c7:5a:a5:82:22:ab:06:c2:4a:4d:17:16:71: 1304s 18:1e:6c:19:d8:68:a3:c0:54:a3:96:fa:32:fa:ad:21:50:76: 1304s c7:9b:7c:8a:a9:a2:17:61:c6:02:6d:55:f5:db:7d:54:24:e7: 1304s cb:01:d6:55:53:ae:6c:af:6d:b5:2b:12:08:fa:a2:08:44:99: 1304s d8:eb:f3:30:eb:32:c3:34:8b:07:5f:03:f3:83:b3:ae:a6:8f: 1304s 77:96:e0:6c:82:6b:cb:fd:79:21:ea:ba:ff:f8:da:59:fb:44: 1304s 47:82 1304s + local found_md5 expected_md5 1304s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-MrKnJX/test-root-CA-trusted-certificate-0001.pem 1304s + expected_md5=Modulus=C562C532315DC3FFB021D203B8FA194BBD0C06754EE77D2453BBD6AF6133179651B726EFDE1141386BDF536EF259312BF7353FBC1B1FAE29427CB45388242C6590CF33E0BED678A8B37DCA03E7E0FE47D92FC9745C8826078CBFEEE272E90731F771D67489750E6B8A58814C807E83B59733BA374B510F1447E0296C45543C6B 1304s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-MrKnJX/SSSD-child-20503.pem 1304s + found_md5=Modulus=C562C532315DC3FFB021D203B8FA194BBD0C06754EE77D2453BBD6AF6133179651B726EFDE1141386BDF536EF259312BF7353FBC1B1FAE29427CB45388242C6590CF33E0BED678A8B37DCA03E7E0FE47D92FC9745C8826078CBFEEE272E90731F771D67489750E6B8A58814C807E83B59733BA374B510F1447E0296C45543C6B 1304s + '[' Modulus=C562C532315DC3FFB021D203B8FA194BBD0C06754EE77D2453BBD6AF6133179651B726EFDE1141386BDF536EF259312BF7353FBC1B1FAE29427CB45388242C6590CF33E0BED678A8B37DCA03E7E0FE47D92FC9745C8826078CBFEEE272E90731F771D67489750E6B8A58814C807E83B59733BA374B510F1447E0296C45543C6B '!=' Modulus=C562C532315DC3FFB021D203B8FA194BBD0C06754EE77D2453BBD6AF6133179651B726EFDE1141386BDF536EF259312BF7353FBC1B1FAE29427CB45388242C6590CF33E0BED678A8B37DCA03E7E0FE47D92FC9745C8826078CBFEEE272E90731F771D67489750E6B8A58814C807E83B59733BA374B510F1447E0296C45543C6B ']' 1304s + output_file=/tmp/sssd-softhsm2-MrKnJX/SSSD-child-20503-auth.output 1304s ++ basename /tmp/sssd-softhsm2-MrKnJX/SSSD-child-20503-auth.output .output 1304s + output_cert_file=/tmp/sssd-softhsm2-MrKnJX/SSSD-child-20503-auth.pem 1304s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-MrKnJX/test-full-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Root Tr Token' --module_name /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so 1304s + echo -n 053350 1304s [p11_child[2206]] [main] (0x0400): p11_child started. 1304s [p11_child[2206]] [main] (0x2000): Running in [auth] mode. 1304s [p11_child[2206]] [main] (0x2000): Running with effective IDs: [0][0]. 1304s [p11_child[2206]] [main] (0x2000): Running with real IDs [0][0]. 1304s [p11_child[2206]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 1304s [p11_child[2206]] [do_card] (0x4000): Module List: 1304s [p11_child[2206]] [do_card] (0x4000): common name: [softhsm2]. 1304s [p11_child[2206]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 1304s [p11_child[2206]] [do_card] (0x4000): Description [SoftHSM slot ID 0x54ad493a] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 1304s [p11_child[2206]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 1304s [p11_child[2206]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x54ad493a][1420642618] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 1304s [p11_child[2206]] [do_card] (0x4000): Login required. 1304s [p11_child[2206]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 1304s [p11_child[2206]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 1304s [p11_child[2206]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so Test Organization Root Tr Token Test Organization Root Tr Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 1304s [p11_child[2206]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x54ad493a;slot-manufacturer=SoftHSM%20project;slot-id=1420642618;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=2073fd1154ad493a;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 1304s [p11_child[2206]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 1305s [p11_child[2206]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 1305s [p11_child[2206]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 1305s [p11_child[2206]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 1305s [p11_child[2206]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 1305s [p11_child[2206]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 1305s [p11_child[2206]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 1305s [p11_child[2206]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 1305s [p11_child[2206]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 1305s [p11_child[2206]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 1305s [p11_child[2206]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 1305s [p11_child[2206]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 1305s [p11_child[2206]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 1305s [p11_child[2206]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 1305s [p11_child[2206]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 1305s [p11_child[2206]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 1305s [p11_child[2206]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 1305s [p11_child[2206]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 1305s [p11_child[2206]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 1305s [p11_child[2206]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 1305s [p11_child[2206]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 1305s [p11_child[2206]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 1305s [p11_child[2206]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 1305s [p11_child[2206]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 1305s [p11_child[2206]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 1305s [p11_child[2206]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 1305s [p11_child[2206]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 1305s [p11_child[2206]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 1305s [p11_child[2206]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 1305s [p11_child[2206]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 1305s [p11_child[2206]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 1305s [p11_child[2206]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 1305s [p11_child[2206]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 1305s [p11_child[2206]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 1305s [p11_child[2206]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 1305s [p11_child[2206]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 1305s [p11_child[2206]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 1305s [p11_child[2206]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 1305s [p11_child[2206]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 1305s [p11_child[2206]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 1305s [p11_child[2206]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 1305s [p11_child[2206]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 1305s [p11_child[2206]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 1305s [p11_child[2206]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 1305s [p11_child[2206]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 1305s [p11_child[2206]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 1305s [p11_child[2206]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 1305s [p11_child[2206]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 1305s [p11_child[2206]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 1305s [p11_child[2206]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 1305s [p11_child[2206]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 1305s [p11_child[2206]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 1305s [p11_child[2206]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 1305s [p11_child[2206]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 1305s [p11_child[2206]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 1305s [p11_child[2206]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 1305s [p11_child[2206]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 1305s [p11_child[2206]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 1305s [p11_child[2206]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 1305s [p11_child[2206]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 1305s [p11_child[2206]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 1305s [p11_child[2206]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 1305s [p11_child[2206]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 1305s [p11_child[2206]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 1305s [p11_child[2206]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 1305s [p11_child[2206]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 1305s [p11_child[2206]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 1305s [p11_child[2206]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 1305s [p11_child[2206]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 1305s [p11_child[2206]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 1305s [p11_child[2206]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 1305s [p11_child[2206]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 1305s [p11_child[2206]] [do_card] (0x4000): Certificate verified and validated. 1305s [p11_child[2206]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 1305s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-MrKnJX/SSSD-child-20503-auth.output 1305s + echo '-----BEGIN CERTIFICATE-----' 1305s + tail -n1 /tmp/sssd-softhsm2-MrKnJX/SSSD-child-20503-auth.output 1305s + echo '-----END CERTIFICATE-----' 1305s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-MrKnJX/SSSD-child-20503-auth.pem 1305s Certificate: 1305s Data: 1305s Version: 3 (0x2) 1305s Serial Number: 3 (0x3) 1305s Signature Algorithm: sha256WithRSAEncryption 1305s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 1305s Validity 1305s Not Before: Mar 18 18:11:04 2024 GMT 1305s Not After : Mar 18 18:11:04 2025 GMT 1305s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 1305s Subject Public Key Info: 1305s Public Key Algorithm: rsaEncryption 1305s Public-Key: (1024 bit) 1305s Modulus: 1305s 00:c5:62:c5:32:31:5d:c3:ff:b0:21:d2:03:b8:fa: 1305s 19:4b:bd:0c:06:75:4e:e7:7d:24:53:bb:d6:af:61: 1305s 33:17:96:51:b7:26:ef:de:11:41:38:6b:df:53:6e: 1305s f2:59:31:2b:f7:35:3f:bc:1b:1f:ae:29:42:7c:b4: 1305s 53:88:24:2c:65:90:cf:33:e0:be:d6:78:a8:b3:7d: 1305s ca:03:e7:e0:fe:47:d9:2f:c9:74:5c:88:26:07:8c: 1305s bf:ee:e2:72:e9:07:31:f7:71:d6:74:89:75:0e:6b: 1305s 8a:58:81:4c:80:7e:83:b5:97:33:ba:37:4b:51:0f: 1305s 14:47:e0:29:6c:45:54:3c:6b 1305s Exponent: 65537 (0x10001) 1305s X509v3 extensions: 1305s X509v3 Authority Key Identifier: 1305s DE:81:23:6D:61:38:74:A5:33:A9:F2:A7:5D:C8:65:B1:B5:31:91:1E 1305s X509v3 Basic Constraints: 1305s CA:FALSE 1305s Netscape Cert Type: 1305s SSL Client, S/MIME 1305s Netscape Comment: 1305s Test Organization Root CA trusted Certificate 1305s X509v3 Subject Key Identifier: 1305s C1:F2:58:4E:08:1E:A2:EA:7C:5F:97:D1:F7:B8:0D:A1:35:FA:60:21 1305s X509v3 Key Usage: critical 1305s Digital Signature, Non Repudiation, Key Encipherment 1305s X509v3 Extended Key Usage: 1305s TLS Web Client Authentication, E-mail Protection 1305s X509v3 Subject Alternative Name: 1305s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 1305s Signature Algorithm: sha256WithRSAEncryption 1305s Signature Value: 1305s 64:92:98:75:6b:71:a6:d5:44:7d:4b:3c:df:48:de:8c:dc:1a: 1305s 5c:fd:96:5e:51:c7:5a:a5:82:22:ab:06:c2:4a:4d:17:16:71: 1305s 18:1e:6c:19:d8:68:a3:c0:54:a3:96:fa:32:fa:ad:21:50:76: 1305s c7:9b:7c:8a:a9:a2:17:61:c6:02:6d:55:f5:db:7d:54:24:e7: 1305s cb:01:d6:55:53:ae:6c:af:6d:b5:2b:12:08:fa:a2:08:44:99: 1305s d8:eb:f3:30:eb:32:c3:34:8b:07:5f:03:f3:83:b3:ae:a6:8f: 1305s 77:96:e0:6c:82:6b:cb:fd:79:21:ea:ba:ff:f8:da:59:fb:44: 1305s 47:82 1305s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-MrKnJX/SSSD-child-20503-auth.pem 1305s + found_md5=Modulus=C562C532315DC3FFB021D203B8FA194BBD0C06754EE77D2453BBD6AF6133179651B726EFDE1141386BDF536EF259312BF7353FBC1B1FAE29427CB45388242C6590CF33E0BED678A8B37DCA03E7E0FE47D92FC9745C8826078CBFEEE272E90731F771D67489750E6B8A58814C807E83B59733BA374B510F1447E0296C45543C6B 1305s + '[' Modulus=C562C532315DC3FFB021D203B8FA194BBD0C06754EE77D2453BBD6AF6133179651B726EFDE1141386BDF536EF259312BF7353FBC1B1FAE29427CB45388242C6590CF33E0BED678A8B37DCA03E7E0FE47D92FC9745C8826078CBFEEE272E90731F771D67489750E6B8A58814C807E83B59733BA374B510F1447E0296C45543C6B '!=' Modulus=C562C532315DC3FFB021D203B8FA194BBD0C06754EE77D2453BBD6AF6133179651B726EFDE1141386BDF536EF259312BF7353FBC1B1FAE29427CB45388242C6590CF33E0BED678A8B37DCA03E7E0FE47D92FC9745C8826078CBFEEE272E90731F771D67489750E6B8A58814C807E83B59733BA374B510F1447E0296C45543C6B ']' 1305s + invalid_certificate /tmp/sssd-softhsm2-MrKnJX/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-779 /tmp/sssd-softhsm2-MrKnJX/test-intermediate-CA.pem 1305s + check_certificate /tmp/sssd-softhsm2-MrKnJX/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-779 /tmp/sssd-softhsm2-MrKnJX/test-intermediate-CA.pem 1305s + local certificate=/tmp/sssd-softhsm2-MrKnJX/test-root-CA-trusted-certificate-0001.pem 1305s + local key_pass=pass:random-root-ca-trusted-cert-0001-779 1305s + local key_ring=/tmp/sssd-softhsm2-MrKnJX/test-intermediate-CA.pem 1305s + local verify_option= 1305s + prepare_softhsm2_card /tmp/sssd-softhsm2-MrKnJX/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-779 1305s + local certificate=/tmp/sssd-softhsm2-MrKnJX/test-root-CA-trusted-certificate-0001.pem 1305s + local key_pass=pass:random-root-ca-trusted-cert-0001-779 1305s + local key_cn 1305s + local key_name 1305s + local tokens_dir 1305s + local output_cert_file 1305s + token_name= 1305s ++ basename /tmp/sssd-softhsm2-MrKnJX/test-root-CA-trusted-certificate-0001.pem .pem 1305s + key_name=test-root-CA-trusted-certificate-0001 1305s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-MrKnJX/test-root-CA-trusted-certificate-0001.pem 1305s ++ sed -n 's/ *commonName *= //p' 1305s + key_cn='Test Organization Root Trusted Certificate 0001' 1305s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 1305s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-MrKnJX/softhsm2-test-root-CA-trusted-certificate-0001.conf 1305s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-MrKnJX/softhsm2-test-root-CA-trusted-certificate-0001.conf 1305s ++ basename /tmp/sssd-softhsm2-MrKnJX/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 1305s + tokens_dir=/tmp/sssd-softhsm2-MrKnJX/softhsm2-test-root-CA-trusted-certificate-0001 1305s + token_name='Test Organization Root Tr Token' 1305s + '[' '!' -e /tmp/sssd-softhsm2-MrKnJX/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 1305s Test Organization Root Tr Token 1305s + '[' '!' -d /tmp/sssd-softhsm2-MrKnJX/softhsm2-test-root-CA-trusted-certificate-0001 ']' 1305s + echo 'Test Organization Root Tr Token' 1305s + '[' -n '' ']' 1305s + local output_base_name=SSSD-child-16340 1305s + local output_file=/tmp/sssd-softhsm2-MrKnJX/SSSD-child-16340.output 1305s + output_cert_file=/tmp/sssd-softhsm2-MrKnJX/SSSD-child-16340.pem 1305s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-MrKnJX/test-intermediate-CA.pem 1305s [p11_child[2216]] [main] (0x0400): p11_child started. 1305s [p11_child[2216]] [main] (0x2000): Running in [pre-auth] mode. 1305s [p11_child[2216]] [main] (0x2000): Running with effective IDs: [0][0]. 1305s [p11_child[2216]] [main] (0x2000): Running with real IDs [0][0]. 1305s [p11_child[2216]] [do_card] (0x4000): Module List: 1305s [p11_child[2216]] [do_card] (0x4000): common name: [softhsm2]. 1305s [p11_child[2216]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 1305s [p11_child[2216]] [do_card] (0x4000): Description [SoftHSM slot ID 0x54ad493a] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 1305s [p11_child[2216]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 1305s [p11_child[2216]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x54ad493a][1420642618] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 1305s [p11_child[2216]] [do_card] (0x4000): Login NOT required. 1305s [p11_child[2216]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 1305s [p11_child[2216]] [do_verification] (0x0040): X509_verify_cert failed [0]. 1305s [p11_child[2216]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 1305s [p11_child[2216]] [read_certs] (0x0040): Certificate [Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] not valid, skipping. 1305s [p11_child[2216]] [do_card] (0x4000): No certificate found. 1305s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-MrKnJX/SSSD-child-16340.output 1305s + return 2 1305s + invalid_certificate /tmp/sssd-softhsm2-MrKnJX/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-779 /tmp/sssd-softhsm2-MrKnJX/test-intermediate-CA.pem partial_chain 1305s + check_certificate /tmp/sssd-softhsm2-MrKnJX/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-779 /tmp/sssd-softhsm2-MrKnJX/test-intermediate-CA.pem partial_chain 1305s + local certificate=/tmp/sssd-softhsm2-MrKnJX/test-root-CA-trusted-certificate-0001.pem 1305s + local key_pass=pass:random-root-ca-trusted-cert-0001-779 1305s + local key_ring=/tmp/sssd-softhsm2-MrKnJX/test-intermediate-CA.pem 1305s + local verify_option=partial_chain 1305s + prepare_softhsm2_card /tmp/sssd-softhsm2-MrKnJX/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-779 1305s + local certificate=/tmp/sssd-softhsm2-MrKnJX/test-root-CA-trusted-certificate-0001.pem 1305s + local key_pass=pass:random-root-ca-trusted-cert-0001-779 1305s + local key_cn 1305s + local key_name 1305s + local tokens_dir 1305s + local output_cert_file 1305s + token_name= 1305s ++ basename /tmp/sssd-softhsm2-MrKnJX/test-root-CA-trusted-certificate-0001.pem .pem 1305s + key_name=test-root-CA-trusted-certificate-0001 1305s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-MrKnJX/test-root-CA-trusted-certificate-0001.pem 1305s ++ sed -n 's/ *commonName *= //p' 1305s + key_cn='Test Organization Root Trusted Certificate 0001' 1305s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 1305s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-MrKnJX/softhsm2-test-root-CA-trusted-certificate-0001.conf 1305s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-MrKnJX/softhsm2-test-root-CA-trusted-certificate-0001.conf 1305s ++ basename /tmp/sssd-softhsm2-MrKnJX/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 1305s + tokens_dir=/tmp/sssd-softhsm2-MrKnJX/softhsm2-test-root-CA-trusted-certificate-0001 1305s Test Organization Root Tr Token 1305s + token_name='Test Organization Root Tr Token' 1305s + '[' '!' -e /tmp/sssd-softhsm2-MrKnJX/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 1305s + '[' '!' -d /tmp/sssd-softhsm2-MrKnJX/softhsm2-test-root-CA-trusted-certificate-0001 ']' 1305s + echo 'Test Organization Root Tr Token' 1305s + '[' -n partial_chain ']' 1305s + local verify_arg=--verify=partial_chain 1305s + local output_base_name=SSSD-child-20758 1305s + local output_file=/tmp/sssd-softhsm2-MrKnJX/SSSD-child-20758.output 1305s + output_cert_file=/tmp/sssd-softhsm2-MrKnJX/SSSD-child-20758.pem 1305s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-MrKnJX/test-intermediate-CA.pem 1305s [p11_child[2223]] [main] (0x0400): p11_child started. 1305s [p11_child[2223]] [main] (0x2000): Running in [pre-auth] mode. 1305s [p11_child[2223]] [main] (0x2000): Running with effective IDs: [0][0]. 1305s [p11_child[2223]] [main] (0x2000): Running with real IDs [0][0]. 1305s [p11_child[2223]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 1305s [p11_child[2223]] [do_card] (0x4000): Module List: 1305s [p11_child[2223]] [do_card] (0x4000): common name: [softhsm2]. 1305s [p11_child[2223]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 1305s [p11_child[2223]] [do_card] (0x4000): Description [SoftHSM slot ID 0x54ad493a] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 1305s [p11_child[2223]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 1305s [p11_child[2223]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x54ad493a][1420642618] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 1305s [p11_child[2223]] [do_card] (0x4000): Login NOT required. 1305s [p11_child[2223]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 1305s [p11_child[2223]] [do_verification] (0x0040): X509_verify_cert failed [0]. 1305s [p11_child[2223]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 1305s [p11_child[2223]] [read_certs] (0x0040): Certificate [Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] not valid, skipping. 1305s [p11_child[2223]] [do_card] (0x4000): No certificate found. 1305s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-MrKnJX/SSSD-child-20758.output 1305s + return 2 1305s + invalid_certificate /tmp/sssd-softhsm2-MrKnJX/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-24095 /dev/null 1305s + check_certificate /tmp/sssd-softhsm2-MrKnJX/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-24095 /dev/null 1305s + local certificate=/tmp/sssd-softhsm2-MrKnJX/test-intermediate-CA-trusted-certificate-0001.pem 1305s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-24095 1305s + local key_ring=/dev/null 1305s + local verify_option= 1305s + prepare_softhsm2_card /tmp/sssd-softhsm2-MrKnJX/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-24095 1305s + local certificate=/tmp/sssd-softhsm2-MrKnJX/test-intermediate-CA-trusted-certificate-0001.pem 1305s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-24095 1305s + local key_cn 1305s + local key_name 1305s + local tokens_dir 1305s + local output_cert_file 1305s + token_name= 1305s ++ basename /tmp/sssd-softhsm2-MrKnJX/test-intermediate-CA-trusted-certificate-0001.pem .pem 1305s + key_name=test-intermediate-CA-trusted-certificate-0001 1305s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-MrKnJX/test-intermediate-CA-trusted-certificate-0001.pem 1305s ++ sed -n 's/ *commonName *= //p' 1306s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 1306s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 1306s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-MrKnJX/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 1306s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-MrKnJX/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 1306s ++ basename /tmp/sssd-softhsm2-MrKnJX/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 1306s + tokens_dir=/tmp/sssd-softhsm2-MrKnJX/softhsm2-test-intermediate-CA-trusted-certificate-0001 1306s + token_name='Test Organization Interme Token' 1306s + '[' '!' -e /tmp/sssd-softhsm2-MrKnJX/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 1306s + local key_file 1306s + local decrypted_key 1306s + mkdir -p /tmp/sssd-softhsm2-MrKnJX/softhsm2-test-intermediate-CA-trusted-certificate-0001 1306s + key_file=/tmp/sssd-softhsm2-MrKnJX/test-intermediate-CA-trusted-certificate-0001-key.pem 1306s + decrypted_key=/tmp/sssd-softhsm2-MrKnJX/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 1306s + cat 1306s + softhsm2-util --init-token --label 'Test Organization Interme Token' --pin 053350 --so-pin 053350 --free 1306s Slot 0 has a free/uninitialized token. 1306s The token has been initialized and is reassigned to slot 1690452921 1306s + softhsm2-util --show-slots 1306s Available slots: 1306s Slot 1690452921 1306s Slot info: 1306s Description: SoftHSM slot ID 0x64c243b9 1306s Manufacturer ID: SoftHSM project 1306s Hardware version: 2.6 1306s Firmware version: 2.6 1306s Token present: yes 1306s Token info: 1306s Manufacturer ID: SoftHSM project 1306s Model: SoftHSM v2 1306s Hardware version: 2.6 1306s Firmware version: 2.6 1306s Serial number: 606576fb64c243b9 1306s Initialized: yes 1306s User PIN init.: yes 1306s Label: Test Organization Interme Token 1306s Slot 1 1306s Slot info: 1306s Description: SoftHSM slot ID 0x1 1306s Manufacturer ID: SoftHSM project 1306s Hardware version: 2.6 1306s Firmware version: 2.6 1306s Token present: yes 1306s Token info: 1306s Manufacturer ID: SoftHSM project 1306s Model: SoftHSM v2 1306s Hardware version: 2.6 1306s Firmware version: 2.6 1306s Serial number: 1306s Initialized: no 1306s User PIN init.: no 1306s Label: 1306s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=/tmp/sssd-softhsm2-MrKnJX/test-intermediate-CA-trusted-certificate-0001.pem --login --set-pin=053350 --label 'Test Organization Intermediate Trusted Certificate 0001' --id 00112233445566778899FFAABBCCDDEEFF012345 1306s + openssl rsa -passin pass:random-intermediate-ca-trusted-cert-0001-24095 -in /tmp/sssd-softhsm2-MrKnJX/test-intermediate-CA-trusted-certificate-0001-key.pem -out /tmp/sssd-softhsm2-MrKnJX/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 1306s writing RSA key 1306s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --write --load-privkey=/tmp/sssd-softhsm2-MrKnJX/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem --login --set-pin=053350 --label 'Test Organization Intermediate Trusted Certificate 0001 Key' --id 00112233445566778899FFAABBCCDDEEFF012345 1306s + rm /tmp/sssd-softhsm2-MrKnJX/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 1306s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --list-all 1306s Object 0: 1306s URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=606576fb64c243b9;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert 1306s Type: X.509 Certificate (RSA-1024) 1306s Expires: Tue Mar 18 18:11:04 2025 1306s Label: Test Organization Intermediate Trusted Certificate 0001 1306s ID: 00:11:22:33:44:55:66:77:88:99:ff:aa:bb:cc:dd:ee:ff:01:23:45 1306s 1306s + echo 'Test Organization Interme Token' 1306s Test Organization Interme Token 1306s + '[' -n '' ']' 1306s + local output_base_name=SSSD-child-6541 1306s + local output_file=/tmp/sssd-softhsm2-MrKnJX/SSSD-child-6541.output 1306s + output_cert_file=/tmp/sssd-softhsm2-MrKnJX/SSSD-child-6541.pem 1306s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/dev/null 1306s [p11_child[2239]] [main] (0x0400): p11_child started. 1306s [p11_child[2239]] [main] (0x2000): Running in [pre-auth] mode. 1306s [p11_child[2239]] [main] (0x2000): Running with effective IDs: [0][0]. 1306s [p11_child[2239]] [main] (0x2000): Running with real IDs [0][0]. 1306s [p11_child[2239]] [init_verification] (0x0040): X509_LOOKUP_load_file [/dev/null] failed [92274824][error:05800088:x509 certificate routines::no certificate or crl found]. 1306s [p11_child[2239]] [do_work] (0x0040): init_verification failed. 1306s [p11_child[2239]] [main] (0x0020): p11_child failed (5) 1306s + return 2 1306s + valid_certificate /tmp/sssd-softhsm2-MrKnJX/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-24095 /dev/null no_verification 1306s + check_certificate /tmp/sssd-softhsm2-MrKnJX/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-24095 /dev/null no_verification 1306s + local certificate=/tmp/sssd-softhsm2-MrKnJX/test-intermediate-CA-trusted-certificate-0001.pem 1306s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-24095 1306s + local key_ring=/dev/null 1306s + local verify_option=no_verification 1306s + prepare_softhsm2_card /tmp/sssd-softhsm2-MrKnJX/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-24095 1306s + local certificate=/tmp/sssd-softhsm2-MrKnJX/test-intermediate-CA-trusted-certificate-0001.pem 1306s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-24095 1306s + local key_cn 1306s + local key_name 1306s + local tokens_dir 1306s + local output_cert_file 1306s + token_name= 1306s ++ basename /tmp/sssd-softhsm2-MrKnJX/test-intermediate-CA-trusted-certificate-0001.pem .pem 1306s + key_name=test-intermediate-CA-trusted-certificate-0001 1306s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-MrKnJX/test-intermediate-CA-trusted-certificate-0001.pem 1306s ++ sed -n 's/ *commonName *= //p' 1307s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 1307s Test Organization Interme Token 1307s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 1307s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-MrKnJX/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 1307s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-MrKnJX/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 1307s ++ basename /tmp/sssd-softhsm2-MrKnJX/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 1307s + tokens_dir=/tmp/sssd-softhsm2-MrKnJX/softhsm2-test-intermediate-CA-trusted-certificate-0001 1307s + token_name='Test Organization Interme Token' 1307s + '[' '!' -e /tmp/sssd-softhsm2-MrKnJX/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 1307s + '[' '!' -d /tmp/sssd-softhsm2-MrKnJX/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 1307s + echo 'Test Organization Interme Token' 1307s + '[' -n no_verification ']' 1307s + local verify_arg=--verify=no_verification 1307s + local output_base_name=SSSD-child-5415 1307s + local output_file=/tmp/sssd-softhsm2-MrKnJX/SSSD-child-5415.output 1307s + output_cert_file=/tmp/sssd-softhsm2-MrKnJX/SSSD-child-5415.pem 1307s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --verify=no_verification --ca_db=/dev/null 1307s [p11_child[2245]] [main] (0x0400): p11_child started. 1307s [p11_child[2245]] [main] (0x2000): Running in [pre-auth] mode. 1307s [p11_child[2245]] [main] (0x2000): Running with effective IDs: [0][0]. 1307s [p11_child[2245]] [main] (0x2000): Running with real IDs [0][0]. 1307s [p11_child[2245]] [parse_cert_verify_opts] (0x0020): Found 'no_verification' option, disabling verification completely. This should not be used in production. 1307s [p11_child[2245]] [do_card] (0x4000): Module List: 1307s [p11_child[2245]] [do_card] (0x4000): common name: [softhsm2]. 1307s [p11_child[2245]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 1307s [p11_child[2245]] [do_card] (0x4000): Description [SoftHSM slot ID 0x64c243b9] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 1307s [p11_child[2245]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 1307s [p11_child[2245]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x64c243b9][1690452921] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 1307s [p11_child[2245]] [do_card] (0x4000): Login NOT required. 1307s [p11_child[2245]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 1307s [p11_child[2245]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Interme Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 1307s [p11_child[2245]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x64c243b9;slot-manufacturer=SoftHSM%20project;slot-id=1690452921;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=606576fb64c243b9;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 1307s [p11_child[2245]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 1307s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-MrKnJX/SSSD-child-5415.output 1307s + echo '-----BEGIN CERTIFICATE-----' 1307s + tail -n1 /tmp/sssd-softhsm2-MrKnJX/SSSD-child-5415.output 1307s + echo '-----END CERTIFICATE-----' 1307s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-MrKnJX/SSSD-child-5415.pem 1307s Certificate: 1307s Data: 1307s Version: 3 (0x2) 1307s Serial Number: 4 (0x4) 1307s Signature Algorithm: sha256WithRSAEncryption 1307s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 1307s Validity 1307s Not Before: Mar 18 18:11:04 2024 GMT 1307s Not After : Mar 18 18:11:04 2025 GMT 1307s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 1307s Subject Public Key Info: 1307s Public Key Algorithm: rsaEncryption 1307s Public-Key: (1024 bit) 1307s Modulus: 1307s 00:ca:f6:4c:6d:b2:6a:bd:9b:c1:92:2d:50:f5:20: 1307s 8a:c7:dc:cf:61:f6:9d:68:10:c6:d7:68:dd:69:43: 1307s 09:95:9c:71:41:91:21:22:78:13:f4:df:93:83:1f: 1307s 3a:65:58:87:fb:02:f1:78:fb:6a:d7:87:ee:35:27: 1307s 2f:dc:6c:02:b6:2d:0a:e8:61:9f:a2:b8:29:a4:2e: 1307s 65:c4:5b:20:55:73:2b:c5:f7:83:68:05:ee:02:76: 1307s cc:51:b0:d9:51:5f:ea:c4:8c:46:2c:41:dc:83:f2: 1307s dd:e8:d5:7d:89:5d:d7:52:6c:28:ca:f6:eb:33:f7: 1307s fb:b0:8b:9a:cd:e5:54:93:c7 1307s Exponent: 65537 (0x10001) 1307s X509v3 extensions: 1307s X509v3 Authority Key Identifier: 1307s A1:B8:7A:33:3A:B7:3F:51:17:99:71:03:06:72:5B:9C:A7:CA:57:50 1307s X509v3 Basic Constraints: 1307s CA:FALSE 1307s Netscape Cert Type: 1307s SSL Client, S/MIME 1307s Netscape Comment: 1307s Test Organization Intermediate CA trusted Certificate 1307s X509v3 Subject Key Identifier: 1307s 4F:F4:18:7E:68:F1:73:90:A2:DF:29:59:5E:06:2D:B9:3B:A6:3A:5A 1307s X509v3 Key Usage: critical 1307s Digital Signature, Non Repudiation, Key Encipherment 1307s X509v3 Extended Key Usage: 1307s TLS Web Client Authentication, E-mail Protection 1307s X509v3 Subject Alternative Name: 1307s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 1307s Signature Algorithm: sha256WithRSAEncryption 1307s Signature Value: 1307s 3a:39:e7:de:fc:60:ab:4e:b0:c5:f9:9c:0f:b1:dc:bd:54:eb: 1307s 8f:a3:b7:a0:ef:b2:09:27:7a:78:a3:c8:a7:59:ca:fb:c6:f9: 1307s c4:04:a5:0b:bf:b4:1e:be:a9:fb:49:78:59:33:b6:9e:fe:de: 1307s 8b:f3:96:1f:be:97:19:ed:8d:27:f5:6f:7b:73:95:cf:af:1b: 1307s 26:82:07:37:c9:1e:76:a3:b6:fb:61:b3:6d:67:7f:91:e9:54: 1307s 17:c7:7d:e0:95:a7:2f:01:05:73:98:d5:50:d4:47:d9:7c:a1: 1307s 9d:a7:c0:e8:94:f7:9d:59:72:ae:a1:84:2f:37:64:9a:27:c5: 1307s 5c:60 1307s + local found_md5 expected_md5 1307s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-MrKnJX/test-intermediate-CA-trusted-certificate-0001.pem 1307s + expected_md5=Modulus=CAF64C6DB26ABD9BC1922D50F5208AC7DCCF61F69D6810C6D768DD694309959C71419121227813F4DF93831F3A655887FB02F178FB6AD787EE35272FDC6C02B62D0AE8619FA2B829A42E65C45B2055732BC5F7836805EE0276CC51B0D9515FEAC48C462C41DC83F2DDE8D57D895DD7526C28CAF6EB33F7FBB08B9ACDE55493C7 1307s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-MrKnJX/SSSD-child-5415.pem 1307s + found_md5=Modulus=CAF64C6DB26ABD9BC1922D50F5208AC7DCCF61F69D6810C6D768DD694309959C71419121227813F4DF93831F3A655887FB02F178FB6AD787EE35272FDC6C02B62D0AE8619FA2B829A42E65C45B2055732BC5F7836805EE0276CC51B0D9515FEAC48C462C41DC83F2DDE8D57D895DD7526C28CAF6EB33F7FBB08B9ACDE55493C7 1307s + '[' Modulus=CAF64C6DB26ABD9BC1922D50F5208AC7DCCF61F69D6810C6D768DD694309959C71419121227813F4DF93831F3A655887FB02F178FB6AD787EE35272FDC6C02B62D0AE8619FA2B829A42E65C45B2055732BC5F7836805EE0276CC51B0D9515FEAC48C462C41DC83F2DDE8D57D895DD7526C28CAF6EB33F7FBB08B9ACDE55493C7 '!=' Modulus=CAF64C6DB26ABD9BC1922D50F5208AC7DCCF61F69D6810C6D768DD694309959C71419121227813F4DF93831F3A655887FB02F178FB6AD787EE35272FDC6C02B62D0AE8619FA2B829A42E65C45B2055732BC5F7836805EE0276CC51B0D9515FEAC48C462C41DC83F2DDE8D57D895DD7526C28CAF6EB33F7FBB08B9ACDE55493C7 ']' 1307s + output_file=/tmp/sssd-softhsm2-MrKnJX/SSSD-child-5415-auth.output 1307s ++ basename /tmp/sssd-softhsm2-MrKnJX/SSSD-child-5415-auth.output .output 1307s + output_cert_file=/tmp/sssd-softhsm2-MrKnJX/SSSD-child-5415-auth.pem 1307s + echo -n 053350 1307s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/dev/null --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=no_verification --token_name 'Test Organization Interme Token' --module_name /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so 1307s [p11_child[2253]] [main] (0x0400): p11_child started. 1307s [p11_child[2253]] [main] (0x2000): Running in [auth] mode. 1307s [p11_child[2253]] [main] (0x2000): Running with effective IDs: [0][0]. 1307s [p11_child[2253]] [main] (0x2000): Running with real IDs [0][0]. 1307s [p11_child[2253]] [parse_cert_verify_opts] (0x0020): Found 'no_verification' option, disabling verification completely. This should not be used in production. 1307s [p11_child[2253]] [do_card] (0x4000): Module List: 1307s [p11_child[2253]] [do_card] (0x4000): common name: [softhsm2]. 1307s [p11_child[2253]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 1307s [p11_child[2253]] [do_card] (0x4000): Description [SoftHSM slot ID 0x64c243b9] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 1307s [p11_child[2253]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 1307s [p11_child[2253]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x64c243b9][1690452921] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 1307s [p11_child[2253]] [do_card] (0x4000): Login required. 1307s [p11_child[2253]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 1307s [p11_child[2253]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so Test Organization Interme Token Test Organization Interme Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 1307s [p11_child[2253]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x64c243b9;slot-manufacturer=SoftHSM%20project;slot-id=1690452921;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=606576fb64c243b9;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 1307s [p11_child[2253]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 1307s [p11_child[2253]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 1307s [p11_child[2253]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 1307s [p11_child[2253]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 1307s [p11_child[2253]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 1307s [p11_child[2253]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 1307s [p11_child[2253]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 1307s [p11_child[2253]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 1307s [p11_child[2253]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 1307s [p11_child[2253]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 1307s [p11_child[2253]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 1307s [p11_child[2253]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 1307s [p11_child[2253]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 1307s [p11_child[2253]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 1307s [p11_child[2253]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 1307s [p11_child[2253]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 1307s [p11_child[2253]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 1307s [p11_child[2253]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 1307s [p11_child[2253]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 1307s [p11_child[2253]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 1307s [p11_child[2253]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 1307s [p11_child[2253]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 1307s [p11_child[2253]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 1307s [p11_child[2253]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 1307s [p11_child[2253]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 1307s [p11_child[2253]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 1307s [p11_child[2253]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 1307s [p11_child[2253]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 1307s [p11_child[2253]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 1307s [p11_child[2253]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 1307s [p11_child[2253]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 1307s [p11_child[2253]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 1307s [p11_child[2253]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 1307s [p11_child[2253]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 1307s [p11_child[2253]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 1307s [p11_child[2253]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 1307s [p11_child[2253]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 1307s [p11_child[2253]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 1307s [p11_child[2253]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 1307s [p11_child[2253]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 1307s [p11_child[2253]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 1307s [p11_child[2253]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 1307s [p11_child[2253]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 1307s [p11_child[2253]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 1307s [p11_child[2253]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 1307s [p11_child[2253]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 1307s [p11_child[2253]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 1307s [p11_child[2253]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 1307s [p11_child[2253]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 1307s [p11_child[2253]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 1307s [p11_child[2253]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 1307s [p11_child[2253]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 1307s [p11_child[2253]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 1307s [p11_child[2253]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 1307s [p11_child[2253]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 1307s [p11_child[2253]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 1307s [p11_child[2253]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 1307s [p11_child[2253]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 1307s [p11_child[2253]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 1307s [p11_child[2253]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 1307s [p11_child[2253]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 1307s [p11_child[2253]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 1307s [p11_child[2253]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 1307s [p11_child[2253]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 1307s [p11_child[2253]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 1307s [p11_child[2253]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 1307s [p11_child[2253]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 1307s [p11_child[2253]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 1307s [p11_child[2253]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 1307s [p11_child[2253]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 1307s [p11_child[2253]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 1307s [p11_child[2253]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 1307s [p11_child[2253]] [do_card] (0x4000): Certificate verified and validated. 1307s [p11_child[2253]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 1307s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-MrKnJX/SSSD-child-5415-auth.output 1307s + echo '-----BEGIN CERTIFICATE-----' 1307s + tail -n1 /tmp/sssd-softhsm2-MrKnJX/SSSD-child-5415-auth.output 1307s + echo '-----END CERTIFICATE-----' 1307s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-MrKnJX/SSSD-child-5415-auth.pem 1307s Certificate: 1307s Data: 1307s Version: 3 (0x2) 1307s Serial Number: 4 (0x4) 1307s Signature Algorithm: sha256WithRSAEncryption 1307s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 1307s Validity 1307s Not Before: Mar 18 18:11:04 2024 GMT 1307s Not After : Mar 18 18:11:04 2025 GMT 1307s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 1307s Subject Public Key Info: 1307s Public Key Algorithm: rsaEncryption 1307s Public-Key: (1024 bit) 1307s Modulus: 1307s 00:ca:f6:4c:6d:b2:6a:bd:9b:c1:92:2d:50:f5:20: 1307s 8a:c7:dc:cf:61:f6:9d:68:10:c6:d7:68:dd:69:43: 1307s 09:95:9c:71:41:91:21:22:78:13:f4:df:93:83:1f: 1307s 3a:65:58:87:fb:02:f1:78:fb:6a:d7:87:ee:35:27: 1307s 2f:dc:6c:02:b6:2d:0a:e8:61:9f:a2:b8:29:a4:2e: 1307s 65:c4:5b:20:55:73:2b:c5:f7:83:68:05:ee:02:76: 1307s cc:51:b0:d9:51:5f:ea:c4:8c:46:2c:41:dc:83:f2: 1307s dd:e8:d5:7d:89:5d:d7:52:6c:28:ca:f6:eb:33:f7: 1307s fb:b0:8b:9a:cd:e5:54:93:c7 1307s Exponent: 65537 (0x10001) 1307s X509v3 extensions: 1307s X509v3 Authority Key Identifier: 1307s A1:B8:7A:33:3A:B7:3F:51:17:99:71:03:06:72:5B:9C:A7:CA:57:50 1307s X509v3 Basic Constraints: 1307s CA:FALSE 1307s Netscape Cert Type: 1307s SSL Client, S/MIME 1307s Netscape Comment: 1307s Test Organization Intermediate CA trusted Certificate 1307s X509v3 Subject Key Identifier: 1307s 4F:F4:18:7E:68:F1:73:90:A2:DF:29:59:5E:06:2D:B9:3B:A6:3A:5A 1307s X509v3 Key Usage: critical 1307s Digital Signature, Non Repudiation, Key Encipherment 1307s X509v3 Extended Key Usage: 1307s TLS Web Client Authentication, E-mail Protection 1307s X509v3 Subject Alternative Name: 1307s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 1307s Signature Algorithm: sha256WithRSAEncryption 1307s Signature Value: 1307s 3a:39:e7:de:fc:60:ab:4e:b0:c5:f9:9c:0f:b1:dc:bd:54:eb: 1307s 8f:a3:b7:a0:ef:b2:09:27:7a:78:a3:c8:a7:59:ca:fb:c6:f9: 1307s c4:04:a5:0b:bf:b4:1e:be:a9:fb:49:78:59:33:b6:9e:fe:de: 1307s 8b:f3:96:1f:be:97:19:ed:8d:27:f5:6f:7b:73:95:cf:af:1b: 1307s 26:82:07:37:c9:1e:76:a3:b6:fb:61:b3:6d:67:7f:91:e9:54: 1307s 17:c7:7d:e0:95:a7:2f:01:05:73:98:d5:50:d4:47:d9:7c:a1: 1307s 9d:a7:c0:e8:94:f7:9d:59:72:ae:a1:84:2f:37:64:9a:27:c5: 1307s 5c:60 1307s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-MrKnJX/SSSD-child-5415-auth.pem 1308s + found_md5=Modulus=CAF64C6DB26ABD9BC1922D50F5208AC7DCCF61F69D6810C6D768DD694309959C71419121227813F4DF93831F3A655887FB02F178FB6AD787EE35272FDC6C02B62D0AE8619FA2B829A42E65C45B2055732BC5F7836805EE0276CC51B0D9515FEAC48C462C41DC83F2DDE8D57D895DD7526C28CAF6EB33F7FBB08B9ACDE55493C7 1308s + '[' Modulus=CAF64C6DB26ABD9BC1922D50F5208AC7DCCF61F69D6810C6D768DD694309959C71419121227813F4DF93831F3A655887FB02F178FB6AD787EE35272FDC6C02B62D0AE8619FA2B829A42E65C45B2055732BC5F7836805EE0276CC51B0D9515FEAC48C462C41DC83F2DDE8D57D895DD7526C28CAF6EB33F7FBB08B9ACDE55493C7 '!=' Modulus=CAF64C6DB26ABD9BC1922D50F5208AC7DCCF61F69D6810C6D768DD694309959C71419121227813F4DF93831F3A655887FB02F178FB6AD787EE35272FDC6C02B62D0AE8619FA2B829A42E65C45B2055732BC5F7836805EE0276CC51B0D9515FEAC48C462C41DC83F2DDE8D57D895DD7526C28CAF6EB33F7FBB08B9ACDE55493C7 ']' 1308s + invalid_certificate /tmp/sssd-softhsm2-MrKnJX/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-24095 /tmp/sssd-softhsm2-MrKnJX/test-root-CA.pem 1308s + check_certificate /tmp/sssd-softhsm2-MrKnJX/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-24095 /tmp/sssd-softhsm2-MrKnJX/test-root-CA.pem 1308s + local certificate=/tmp/sssd-softhsm2-MrKnJX/test-intermediate-CA-trusted-certificate-0001.pem 1308s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-24095 1308s + local key_ring=/tmp/sssd-softhsm2-MrKnJX/test-root-CA.pem 1308s + local verify_option= 1308s + prepare_softhsm2_card /tmp/sssd-softhsm2-MrKnJX/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-24095 1308s + local certificate=/tmp/sssd-softhsm2-MrKnJX/test-intermediate-CA-trusted-certificate-0001.pem 1308s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-24095 1308s + local key_cn 1308s + local key_name 1308s + local tokens_dir 1308s + local output_cert_file 1308s + token_name= 1308s ++ basename /tmp/sssd-softhsm2-MrKnJX/test-intermediate-CA-trusted-certificate-0001.pem .pem 1308s + key_name=test-intermediate-CA-trusted-certificate-0001 1308s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-MrKnJX/test-intermediate-CA-trusted-certificate-0001.pem 1308s ++ sed -n 's/ *commonName *= //p' 1308s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 1308s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 1308s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-MrKnJX/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 1308s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-MrKnJX/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 1308s ++ basename /tmp/sssd-softhsm2-MrKnJX/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 1308s + tokens_dir=/tmp/sssd-softhsm2-MrKnJX/softhsm2-test-intermediate-CA-trusted-certificate-0001 1308s + token_name='Test Organization Interme Token' 1308s Test Organization Interme Token 1308s + '[' '!' -e /tmp/sssd-softhsm2-MrKnJX/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 1308s + '[' '!' -d /tmp/sssd-softhsm2-MrKnJX/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 1308s + echo 'Test Organization Interme Token' 1308s + '[' -n '' ']' 1308s + local output_base_name=SSSD-child-25125 1308s + local output_file=/tmp/sssd-softhsm2-MrKnJX/SSSD-child-25125.output 1308s + output_cert_file=/tmp/sssd-softhsm2-MrKnJX/SSSD-child-25125.pem 1308s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-MrKnJX/test-root-CA.pem 1308s [p11_child[2263]] [main] (0x0400): p11_child started. 1308s [p11_child[2263]] [main] (0x2000): Running in [pre-auth] mode. 1308s [p11_child[2263]] [main] (0x2000): Running with effective IDs: [0][0]. 1308s [p11_child[2263]] [main] (0x2000): Running with real IDs [0][0]. 1308s [p11_child[2263]] [do_card] (0x4000): Module List: 1308s [p11_child[2263]] [do_card] (0x4000): common name: [softhsm2]. 1308s [p11_child[2263]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 1308s [p11_child[2263]] [do_card] (0x4000): Description [SoftHSM slot ID 0x64c243b9] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 1308s [p11_child[2263]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 1308s [p11_child[2263]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x64c243b9][1690452921] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 1308s [p11_child[2263]] [do_card] (0x4000): Login NOT required. 1308s [p11_child[2263]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 1308s [p11_child[2263]] [do_verification] (0x0040): X509_verify_cert failed [0]. 1308s [p11_child[2263]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 1308s [p11_child[2263]] [read_certs] (0x0040): Certificate [Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] not valid, skipping. 1308s [p11_child[2263]] [do_card] (0x4000): No certificate found. 1308s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-MrKnJX/SSSD-child-25125.output 1308s + return 2 1308s + invalid_certificate /tmp/sssd-softhsm2-MrKnJX/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-24095 /tmp/sssd-softhsm2-MrKnJX/test-root-CA.pem partial_chain 1308s + check_certificate /tmp/sssd-softhsm2-MrKnJX/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-24095 /tmp/sssd-softhsm2-MrKnJX/test-root-CA.pem partial_chain 1308s + local certificate=/tmp/sssd-softhsm2-MrKnJX/test-intermediate-CA-trusted-certificate-0001.pem 1308s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-24095 1308s + local key_ring=/tmp/sssd-softhsm2-MrKnJX/test-root-CA.pem 1308s + local verify_option=partial_chain 1308s + prepare_softhsm2_card /tmp/sssd-softhsm2-MrKnJX/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-24095 1308s + local certificate=/tmp/sssd-softhsm2-MrKnJX/test-intermediate-CA-trusted-certificate-0001.pem 1308s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-24095 1308s + local key_cn 1308s + local key_name 1308s + local tokens_dir 1308s + local output_cert_file 1308s + token_name= 1308s ++ basename /tmp/sssd-softhsm2-MrKnJX/test-intermediate-CA-trusted-certificate-0001.pem .pem 1308s + key_name=test-intermediate-CA-trusted-certificate-0001 1308s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-MrKnJX/test-intermediate-CA-trusted-certificate-0001.pem 1308s ++ sed -n 's/ *commonName *= //p' 1308s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 1308s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 1308s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-MrKnJX/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 1308s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-MrKnJX/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 1308s ++ basename /tmp/sssd-softhsm2-MrKnJX/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 1308s + tokens_dir=/tmp/sssd-softhsm2-MrKnJX/softhsm2-test-intermediate-CA-trusted-certificate-0001 1308s + token_name='Test Organization Interme Token' 1308s + '[' '!' -e /tmp/sssd-softhsm2-MrKnJX/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 1308s + '[' '!' -d /tmp/sssd-softhsm2-MrKnJX/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 1308s + echo 'Test Organization Interme Token' 1308s Test Organization Interme Token 1308s + '[' -n partial_chain ']' 1308s + local verify_arg=--verify=partial_chain 1308s + local output_base_name=SSSD-child-30556 1308s + local output_file=/tmp/sssd-softhsm2-MrKnJX/SSSD-child-30556.output 1308s + output_cert_file=/tmp/sssd-softhsm2-MrKnJX/SSSD-child-30556.pem 1308s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-MrKnJX/test-root-CA.pem 1308s [p11_child[2270]] [main] (0x0400): p11_child started. 1308s [p11_child[2270]] [main] (0x2000): Running in [pre-auth] mode. 1308s [p11_child[2270]] [main] (0x2000): Running with effective IDs: [0][0]. 1308s [p11_child[2270]] [main] (0x2000): Running with real IDs [0][0]. 1308s [p11_child[2270]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 1308s [p11_child[2270]] [do_card] (0x4000): Module List: 1308s [p11_child[2270]] [do_card] (0x4000): common name: [softhsm2]. 1308s [p11_child[2270]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 1308s [p11_child[2270]] [do_card] (0x4000): Description [SoftHSM slot ID 0x64c243b9] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 1308s [p11_child[2270]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 1308s [p11_child[2270]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x64c243b9][1690452921] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 1308s [p11_child[2270]] [do_card] (0x4000): Login NOT required. 1308s [p11_child[2270]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 1308s [p11_child[2270]] [do_verification] (0x0040): X509_verify_cert failed [0]. 1308s [p11_child[2270]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 1308s [p11_child[2270]] [read_certs] (0x0040): Certificate [Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] not valid, skipping. 1308s [p11_child[2270]] [do_card] (0x4000): No certificate found. 1308s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-MrKnJX/SSSD-child-30556.output 1308s + return 2 1308s + valid_certificate /tmp/sssd-softhsm2-MrKnJX/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-24095 /tmp/sssd-softhsm2-MrKnJX/test-full-chain-CA.pem 1308s + check_certificate /tmp/sssd-softhsm2-MrKnJX/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-24095 /tmp/sssd-softhsm2-MrKnJX/test-full-chain-CA.pem 1308s + local certificate=/tmp/sssd-softhsm2-MrKnJX/test-intermediate-CA-trusted-certificate-0001.pem 1308s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-24095 1308s + local key_ring=/tmp/sssd-softhsm2-MrKnJX/test-full-chain-CA.pem 1308s + local verify_option= 1308s + prepare_softhsm2_card /tmp/sssd-softhsm2-MrKnJX/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-24095 1308s + local certificate=/tmp/sssd-softhsm2-MrKnJX/test-intermediate-CA-trusted-certificate-0001.pem 1308s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-24095 1308s + local key_cn 1308s + local key_name 1308s + local tokens_dir 1308s + local output_cert_file 1308s + token_name= 1308s ++ basename /tmp/sssd-softhsm2-MrKnJX/test-intermediate-CA-trusted-certificate-0001.pem .pem 1308s + key_name=test-intermediate-CA-trusted-certificate-0001 1308s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-MrKnJX/test-intermediate-CA-trusted-certificate-0001.pem 1308s ++ sed -n 's/ *commonName *= //p' 1309s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 1309s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 1309s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-MrKnJX/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 1309s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-MrKnJX/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 1309s ++ basename /tmp/sssd-softhsm2-MrKnJX/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 1309s + tokens_dir=/tmp/sssd-softhsm2-MrKnJX/softhsm2-test-intermediate-CA-trusted-certificate-0001 1309s Test Organization Interme Token 1309s + token_name='Test Organization Interme Token' 1309s + '[' '!' -e /tmp/sssd-softhsm2-MrKnJX/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 1309s + '[' '!' -d /tmp/sssd-softhsm2-MrKnJX/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 1309s + echo 'Test Organization Interme Token' 1309s + '[' -n '' ']' 1309s + local output_base_name=SSSD-child-9525 1309s + local output_file=/tmp/sssd-softhsm2-MrKnJX/SSSD-child-9525.output 1309s + output_cert_file=/tmp/sssd-softhsm2-MrKnJX/SSSD-child-9525.pem 1309s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-MrKnJX/test-full-chain-CA.pem 1309s [p11_child[2277]] [main] (0x0400): p11_child started. 1309s [p11_child[2277]] [main] (0x2000): Running in [pre-auth] mode. 1309s [p11_child[2277]] [main] (0x2000): Running with effective IDs: [0][0]. 1309s [p11_child[2277]] [main] (0x2000): Running with real IDs [0][0]. 1309s [p11_child[2277]] [do_card] (0x4000): Module List: 1309s [p11_child[2277]] [do_card] (0x4000): common name: [softhsm2]. 1309s [p11_child[2277]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 1309s [p11_child[2277]] [do_card] (0x4000): Description [SoftHSM slot ID 0x64c243b9] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 1309s [p11_child[2277]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 1309s [p11_child[2277]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x64c243b9][1690452921] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 1309s [p11_child[2277]] [do_card] (0x4000): Login NOT required. 1309s [p11_child[2277]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 1309s [p11_child[2277]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 1309s [p11_child[2277]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Interme Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 1309s [p11_child[2277]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x64c243b9;slot-manufacturer=SoftHSM%20project;slot-id=1690452921;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=606576fb64c243b9;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 1309s [p11_child[2277]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 1309s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-MrKnJX/SSSD-child-9525.output 1309s + echo '-----BEGIN CERTIFICATE-----' 1309s + tail -n1 /tmp/sssd-softhsm2-MrKnJX/SSSD-child-9525.output 1309s + echo '-----END CERTIFICATE-----' 1309s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-MrKnJX/SSSD-child-9525.pem 1309s Certificate: 1309s Data: 1309s Version: 3 (0x2) 1309s Serial Number: 4 (0x4) 1309s Signature Algorithm: sha256WithRSAEncryption 1309s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 1309s Validity 1309s Not Before: Mar 18 18:11:04 2024 GMT 1309s Not After : Mar 18 18:11:04 2025 GMT 1309s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 1309s Subject Public Key Info: 1309s Public Key Algorithm: rsaEncryption 1309s Public-Key: (1024 bit) 1309s Modulus: 1309s 00:ca:f6:4c:6d:b2:6a:bd:9b:c1:92:2d:50:f5:20: 1309s 8a:c7:dc:cf:61:f6:9d:68:10:c6:d7:68:dd:69:43: 1309s 09:95:9c:71:41:91:21:22:78:13:f4:df:93:83:1f: 1309s 3a:65:58:87:fb:02:f1:78:fb:6a:d7:87:ee:35:27: 1309s 2f:dc:6c:02:b6:2d:0a:e8:61:9f:a2:b8:29:a4:2e: 1309s 65:c4:5b:20:55:73:2b:c5:f7:83:68:05:ee:02:76: 1309s cc:51:b0:d9:51:5f:ea:c4:8c:46:2c:41:dc:83:f2: 1309s dd:e8:d5:7d:89:5d:d7:52:6c:28:ca:f6:eb:33:f7: 1309s fb:b0:8b:9a:cd:e5:54:93:c7 1309s Exponent: 65537 (0x10001) 1309s X509v3 extensions: 1309s X509v3 Authority Key Identifier: 1309s A1:B8:7A:33:3A:B7:3F:51:17:99:71:03:06:72:5B:9C:A7:CA:57:50 1309s X509v3 Basic Constraints: 1309s CA:FALSE 1309s Netscape Cert Type: 1309s SSL Client, S/MIME 1309s Netscape Comment: 1309s Test Organization Intermediate CA trusted Certificate 1309s X509v3 Subject Key Identifier: 1309s 4F:F4:18:7E:68:F1:73:90:A2:DF:29:59:5E:06:2D:B9:3B:A6:3A:5A 1309s X509v3 Key Usage: critical 1309s Digital Signature, Non Repudiation, Key Encipherment 1309s X509v3 Extended Key Usage: 1309s TLS Web Client Authentication, E-mail Protection 1309s X509v3 Subject Alternative Name: 1309s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 1309s Signature Algorithm: sha256WithRSAEncryption 1309s Signature Value: 1309s 3a:39:e7:de:fc:60:ab:4e:b0:c5:f9:9c:0f:b1:dc:bd:54:eb: 1309s 8f:a3:b7:a0:ef:b2:09:27:7a:78:a3:c8:a7:59:ca:fb:c6:f9: 1309s c4:04:a5:0b:bf:b4:1e:be:a9:fb:49:78:59:33:b6:9e:fe:de: 1309s 8b:f3:96:1f:be:97:19:ed:8d:27:f5:6f:7b:73:95:cf:af:1b: 1309s 26:82:07:37:c9:1e:76:a3:b6:fb:61:b3:6d:67:7f:91:e9:54: 1309s 17:c7:7d:e0:95:a7:2f:01:05:73:98:d5:50:d4:47:d9:7c:a1: 1309s 9d:a7:c0:e8:94:f7:9d:59:72:ae:a1:84:2f:37:64:9a:27:c5: 1309s 5c:60 1309s + local found_md5 expected_md5 1309s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-MrKnJX/test-intermediate-CA-trusted-certificate-0001.pem 1310s + expected_md5=Modulus=CAF64C6DB26ABD9BC1922D50F5208AC7DCCF61F69D6810C6D768DD694309959C71419121227813F4DF93831F3A655887FB02F178FB6AD787EE35272FDC6C02B62D0AE8619FA2B829A42E65C45B2055732BC5F7836805EE0276CC51B0D9515FEAC48C462C41DC83F2DDE8D57D895DD7526C28CAF6EB33F7FBB08B9ACDE55493C7 1310s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-MrKnJX/SSSD-child-9525.pem 1310s + found_md5=Modulus=CAF64C6DB26ABD9BC1922D50F5208AC7DCCF61F69D6810C6D768DD694309959C71419121227813F4DF93831F3A655887FB02F178FB6AD787EE35272FDC6C02B62D0AE8619FA2B829A42E65C45B2055732BC5F7836805EE0276CC51B0D9515FEAC48C462C41DC83F2DDE8D57D895DD7526C28CAF6EB33F7FBB08B9ACDE55493C7 1310s + '[' Modulus=CAF64C6DB26ABD9BC1922D50F5208AC7DCCF61F69D6810C6D768DD694309959C71419121227813F4DF93831F3A655887FB02F178FB6AD787EE35272FDC6C02B62D0AE8619FA2B829A42E65C45B2055732BC5F7836805EE0276CC51B0D9515FEAC48C462C41DC83F2DDE8D57D895DD7526C28CAF6EB33F7FBB08B9ACDE55493C7 '!=' Modulus=CAF64C6DB26ABD9BC1922D50F5208AC7DCCF61F69D6810C6D768DD694309959C71419121227813F4DF93831F3A655887FB02F178FB6AD787EE35272FDC6C02B62D0AE8619FA2B829A42E65C45B2055732BC5F7836805EE0276CC51B0D9515FEAC48C462C41DC83F2DDE8D57D895DD7526C28CAF6EB33F7FBB08B9ACDE55493C7 ']' 1310s + output_file=/tmp/sssd-softhsm2-MrKnJX/SSSD-child-9525-auth.output 1310s ++ basename /tmp/sssd-softhsm2-MrKnJX/SSSD-child-9525-auth.output .output 1310s + output_cert_file=/tmp/sssd-softhsm2-MrKnJX/SSSD-child-9525-auth.pem 1310s + echo -n 053350 1310s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-MrKnJX/test-full-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 '' --token_name 'Test Organization Interme Token' --module_name /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so 1310s [p11_child[2285]] [main] (0x0400): p11_child started. 1310s [p11_child[2285]] [main] (0x2000): Running in [auth] mode. 1310s [p11_child[2285]] [main] (0x2000): Running with effective IDs: [0][0]. 1310s [p11_child[2285]] [main] (0x2000): Running with real IDs [0][0]. 1310s [p11_child[2285]] [do_card] (0x4000): Module List: 1310s [p11_child[2285]] [do_card] (0x4000): common name: [softhsm2]. 1310s [p11_child[2285]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 1310s [p11_child[2285]] [do_card] (0x4000): Description [SoftHSM slot ID 0x64c243b9] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 1310s [p11_child[2285]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 1310s [p11_child[2285]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x64c243b9][1690452921] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 1310s [p11_child[2285]] [do_card] (0x4000): Login required. 1310s [p11_child[2285]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 1310s [p11_child[2285]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 1310s [p11_child[2285]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so Test Organization Interme Token Test Organization Interme Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 1310s [p11_child[2285]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x64c243b9;slot-manufacturer=SoftHSM%20project;slot-id=1690452921;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=606576fb64c243b9;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 1310s [p11_child[2285]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 1310s [p11_child[2285]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 1310s [p11_child[2285]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 1310s [p11_child[2285]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 1310s [p11_child[2285]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 1310s [p11_child[2285]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 1310s [p11_child[2285]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 1310s [p11_child[2285]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 1310s [p11_child[2285]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 1310s [p11_child[2285]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 1310s [p11_child[2285]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 1310s [p11_child[2285]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 1310s [p11_child[2285]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 1310s [p11_child[2285]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 1310s [p11_child[2285]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 1310s [p11_child[2285]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 1310s [p11_child[2285]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 1310s [p11_child[2285]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 1310s [p11_child[2285]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 1310s [p11_child[2285]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 1310s [p11_child[2285]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 1310s [p11_child[2285]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 1310s [p11_child[2285]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 1310s [p11_child[2285]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 1310s [p11_child[2285]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 1310s [p11_child[2285]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 1310s [p11_child[2285]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 1310s [p11_child[2285]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 1310s [p11_child[2285]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 1310s [p11_child[2285]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 1310s [p11_child[2285]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 1310s [p11_child[2285]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 1310s [p11_child[2285]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 1310s [p11_child[2285]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 1310s [p11_child[2285]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 1310s [p11_child[2285]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 1310s [p11_child[2285]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 1310s [p11_child[2285]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 1310s [p11_child[2285]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 1310s [p11_child[2285]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 1310s [p11_child[2285]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 1310s [p11_child[2285]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 1310s [p11_child[2285]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 1310s [p11_child[2285]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 1310s [p11_child[2285]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 1310s [p11_child[2285]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 1310s [p11_child[2285]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 1310s [p11_child[2285]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 1310s [p11_child[2285]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 1310s [p11_child[2285]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 1310s [p11_child[2285]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 1310s [p11_child[2285]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 1310s [p11_child[2285]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 1310s [p11_child[2285]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 1310s [p11_child[2285]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 1310s [p11_child[2285]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 1310s [p11_child[2285]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 1310s [p11_child[2285]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 1310s [p11_child[2285]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 1310s [p11_child[2285]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 1310s [p11_child[2285]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 1310s [p11_child[2285]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 1310s [p11_child[2285]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 1310s [p11_child[2285]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 1310s [p11_child[2285]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 1310s [p11_child[2285]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 1310s [p11_child[2285]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 1310s [p11_child[2285]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 1310s [p11_child[2285]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 1310s [p11_child[2285]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 1310s [p11_child[2285]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 1310s [p11_child[2285]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 1310s [p11_child[2285]] [do_card] (0x4000): Certificate verified and validated. 1310s [p11_child[2285]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 1310s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-MrKnJX/SSSD-child-9525-auth.output 1310s + echo '-----BEGIN CERTIFICATE-----' 1310s + tail -n1 /tmp/sssd-softhsm2-MrKnJX/SSSD-child-9525-auth.output 1310s + echo '-----END CERTIFICATE-----' 1310s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-MrKnJX/SSSD-child-9525-auth.pem 1310s Certificate: 1310s Data: 1310s Version: 3 (0x2) 1310s Serial Number: 4 (0x4) 1310s Signature Algorithm: sha256WithRSAEncryption 1310s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 1310s Validity 1310s Not Before: Mar 18 18:11:04 2024 GMT 1310s Not After : Mar 18 18:11:04 2025 GMT 1310s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 1310s Subject Public Key Info: 1310s Public Key Algorithm: rsaEncryption 1310s Public-Key: (1024 bit) 1310s Modulus: 1310s 00:ca:f6:4c:6d:b2:6a:bd:9b:c1:92:2d:50:f5:20: 1310s 8a:c7:dc:cf:61:f6:9d:68:10:c6:d7:68:dd:69:43: 1310s 09:95:9c:71:41:91:21:22:78:13:f4:df:93:83:1f: 1310s 3a:65:58:87:fb:02:f1:78:fb:6a:d7:87:ee:35:27: 1310s 2f:dc:6c:02:b6:2d:0a:e8:61:9f:a2:b8:29:a4:2e: 1310s 65:c4:5b:20:55:73:2b:c5:f7:83:68:05:ee:02:76: 1310s cc:51:b0:d9:51:5f:ea:c4:8c:46:2c:41:dc:83:f2: 1310s dd:e8:d5:7d:89:5d:d7:52:6c:28:ca:f6:eb:33:f7: 1310s fb:b0:8b:9a:cd:e5:54:93:c7 1310s Exponent: 65537 (0x10001) 1310s X509v3 extensions: 1310s X509v3 Authority Key Identifier: 1310s A1:B8:7A:33:3A:B7:3F:51:17:99:71:03:06:72:5B:9C:A7:CA:57:50 1310s X509v3 Basic Constraints: 1310s CA:FALSE 1310s Netscape Cert Type: 1310s SSL Client, S/MIME 1310s Netscape Comment: 1310s Test Organization Intermediate CA trusted Certificate 1310s X509v3 Subject Key Identifier: 1310s 4F:F4:18:7E:68:F1:73:90:A2:DF:29:59:5E:06:2D:B9:3B:A6:3A:5A 1310s X509v3 Key Usage: critical 1310s Digital Signature, Non Repudiation, Key Encipherment 1310s X509v3 Extended Key Usage: 1310s TLS Web Client Authentication, E-mail Protection 1310s X509v3 Subject Alternative Name: 1310s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 1310s Signature Algorithm: sha256WithRSAEncryption 1310s Signature Value: 1310s 3a:39:e7:de:fc:60:ab:4e:b0:c5:f9:9c:0f:b1:dc:bd:54:eb: 1310s 8f:a3:b7:a0:ef:b2:09:27:7a:78:a3:c8:a7:59:ca:fb:c6:f9: 1310s c4:04:a5:0b:bf:b4:1e:be:a9:fb:49:78:59:33:b6:9e:fe:de: 1310s 8b:f3:96:1f:be:97:19:ed:8d:27:f5:6f:7b:73:95:cf:af:1b: 1310s 26:82:07:37:c9:1e:76:a3:b6:fb:61:b3:6d:67:7f:91:e9:54: 1310s 17:c7:7d:e0:95:a7:2f:01:05:73:98:d5:50:d4:47:d9:7c:a1: 1310s 9d:a7:c0:e8:94:f7:9d:59:72:ae:a1:84:2f:37:64:9a:27:c5: 1310s 5c:60 1310s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-MrKnJX/SSSD-child-9525-auth.pem 1311s + found_md5=Modulus=CAF64C6DB26ABD9BC1922D50F5208AC7DCCF61F69D6810C6D768DD694309959C71419121227813F4DF93831F3A655887FB02F178FB6AD787EE35272FDC6C02B62D0AE8619FA2B829A42E65C45B2055732BC5F7836805EE0276CC51B0D9515FEAC48C462C41DC83F2DDE8D57D895DD7526C28CAF6EB33F7FBB08B9ACDE55493C7 1311s + '[' Modulus=CAF64C6DB26ABD9BC1922D50F5208AC7DCCF61F69D6810C6D768DD694309959C71419121227813F4DF93831F3A655887FB02F178FB6AD787EE35272FDC6C02B62D0AE8619FA2B829A42E65C45B2055732BC5F7836805EE0276CC51B0D9515FEAC48C462C41DC83F2DDE8D57D895DD7526C28CAF6EB33F7FBB08B9ACDE55493C7 '!=' Modulus=CAF64C6DB26ABD9BC1922D50F5208AC7DCCF61F69D6810C6D768DD694309959C71419121227813F4DF93831F3A655887FB02F178FB6AD787EE35272FDC6C02B62D0AE8619FA2B829A42E65C45B2055732BC5F7836805EE0276CC51B0D9515FEAC48C462C41DC83F2DDE8D57D895DD7526C28CAF6EB33F7FBB08B9ACDE55493C7 ']' 1311s + valid_certificate /tmp/sssd-softhsm2-MrKnJX/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-24095 /tmp/sssd-softhsm2-MrKnJX/test-full-chain-CA.pem partial_chain 1311s + check_certificate /tmp/sssd-softhsm2-MrKnJX/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-24095 /tmp/sssd-softhsm2-MrKnJX/test-full-chain-CA.pem partial_chain 1311s + local certificate=/tmp/sssd-softhsm2-MrKnJX/test-intermediate-CA-trusted-certificate-0001.pem 1311s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-24095 1311s + local key_ring=/tmp/sssd-softhsm2-MrKnJX/test-full-chain-CA.pem 1311s + local verify_option=partial_chain 1311s + prepare_softhsm2_card /tmp/sssd-softhsm2-MrKnJX/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-24095 1311s + local certificate=/tmp/sssd-softhsm2-MrKnJX/test-intermediate-CA-trusted-certificate-0001.pem 1311s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-24095 1311s + local key_cn 1311s + local key_name 1311s + local tokens_dir 1311s + local output_cert_file 1311s + token_name= 1311s ++ basename /tmp/sssd-softhsm2-MrKnJX/test-intermediate-CA-trusted-certificate-0001.pem .pem 1311s + key_name=test-intermediate-CA-trusted-certificate-0001 1311s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-MrKnJX/test-intermediate-CA-trusted-certificate-0001.pem 1311s ++ sed -n 's/ *commonName *= //p' 1311s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 1311s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 1311s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-MrKnJX/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 1311s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-MrKnJX/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 1311s ++ basename /tmp/sssd-softhsm2-MrKnJX/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 1311s + tokens_dir=/tmp/sssd-softhsm2-MrKnJX/softhsm2-test-intermediate-CA-trusted-certificate-0001 1311s Test Organization Interme Token 1311s + token_name='Test Organization Interme Token' 1311s + '[' '!' -e /tmp/sssd-softhsm2-MrKnJX/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 1311s + '[' '!' -d /tmp/sssd-softhsm2-MrKnJX/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 1311s + echo 'Test Organization Interme Token' 1311s + '[' -n partial_chain ']' 1311s + local verify_arg=--verify=partial_chain 1311s + local output_base_name=SSSD-child-18956 1311s + local output_file=/tmp/sssd-softhsm2-MrKnJX/SSSD-child-18956.output 1311s + output_cert_file=/tmp/sssd-softhsm2-MrKnJX/SSSD-child-18956.pem 1311s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-MrKnJX/test-full-chain-CA.pem 1311s [p11_child[2295]] [main] (0x0400): p11_child started. 1311s [p11_child[2295]] [main] (0x2000): Running in [pre-auth] mode. 1311s [p11_child[2295]] [main] (0x2000): Running with effective IDs: [0][0]. 1311s [p11_child[2295]] [main] (0x2000): Running with real IDs [0][0]. 1311s [p11_child[2295]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 1311s [p11_child[2295]] [do_card] (0x4000): Module List: 1311s [p11_child[2295]] [do_card] (0x4000): common name: [softhsm2]. 1311s [p11_child[2295]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 1311s [p11_child[2295]] [do_card] (0x4000): Description [SoftHSM slot ID 0x64c243b9] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 1311s [p11_child[2295]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 1311s [p11_child[2295]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x64c243b9][1690452921] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 1311s [p11_child[2295]] [do_card] (0x4000): Login NOT required. 1311s [p11_child[2295]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 1311s [p11_child[2295]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 1311s [p11_child[2295]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Interme Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 1311s [p11_child[2295]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x64c243b9;slot-manufacturer=SoftHSM%20project;slot-id=1690452921;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=606576fb64c243b9;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 1311s [p11_child[2295]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 1311s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-MrKnJX/SSSD-child-18956.output 1311s + echo '-----BEGIN CERTIFICATE-----' 1311s + tail -n1 /tmp/sssd-softhsm2-MrKnJX/SSSD-child-18956.output 1311s + echo '-----END CERTIFICATE-----' 1311s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-MrKnJX/SSSD-child-18956.pem 1311s Certificate: 1311s Data: 1311s Version: 3 (0x2) 1311s Serial Number: 4 (0x4) 1311s Signature Algorithm: sha256WithRSAEncryption 1311s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 1311s Validity 1311s Not Before: Mar 18 18:11:04 2024 GMT 1311s Not After : Mar 18 18:11:04 2025 GMT 1311s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 1311s Subject Public Key Info: 1311s Public Key Algorithm: rsaEncryption 1311s Public-Key: (1024 bit) 1311s Modulus: 1311s 00:ca:f6:4c:6d:b2:6a:bd:9b:c1:92:2d:50:f5:20: 1311s 8a:c7:dc:cf:61:f6:9d:68:10:c6:d7:68:dd:69:43: 1311s 09:95:9c:71:41:91:21:22:78:13:f4:df:93:83:1f: 1311s 3a:65:58:87:fb:02:f1:78:fb:6a:d7:87:ee:35:27: 1311s 2f:dc:6c:02:b6:2d:0a:e8:61:9f:a2:b8:29:a4:2e: 1311s 65:c4:5b:20:55:73:2b:c5:f7:83:68:05:ee:02:76: 1311s cc:51:b0:d9:51:5f:ea:c4:8c:46:2c:41:dc:83:f2: 1311s dd:e8:d5:7d:89:5d:d7:52:6c:28:ca:f6:eb:33:f7: 1311s fb:b0:8b:9a:cd:e5:54:93:c7 1311s Exponent: 65537 (0x10001) 1311s X509v3 extensions: 1311s X509v3 Authority Key Identifier: 1311s A1:B8:7A:33:3A:B7:3F:51:17:99:71:03:06:72:5B:9C:A7:CA:57:50 1311s X509v3 Basic Constraints: 1311s CA:FALSE 1311s Netscape Cert Type: 1311s SSL Client, S/MIME 1311s Netscape Comment: 1311s Test Organization Intermediate CA trusted Certificate 1311s X509v3 Subject Key Identifier: 1311s 4F:F4:18:7E:68:F1:73:90:A2:DF:29:59:5E:06:2D:B9:3B:A6:3A:5A 1311s X509v3 Key Usage: critical 1311s Digital Signature, Non Repudiation, Key Encipherment 1311s X509v3 Extended Key Usage: 1311s TLS Web Client Authentication, E-mail Protection 1311s X509v3 Subject Alternative Name: 1311s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 1311s Signature Algorithm: sha256WithRSAEncryption 1311s Signature Value: 1311s 3a:39:e7:de:fc:60:ab:4e:b0:c5:f9:9c:0f:b1:dc:bd:54:eb: 1311s 8f:a3:b7:a0:ef:b2:09:27:7a:78:a3:c8:a7:59:ca:fb:c6:f9: 1311s c4:04:a5:0b:bf:b4:1e:be:a9:fb:49:78:59:33:b6:9e:fe:de: 1311s 8b:f3:96:1f:be:97:19:ed:8d:27:f5:6f:7b:73:95:cf:af:1b: 1311s 26:82:07:37:c9:1e:76:a3:b6:fb:61:b3:6d:67:7f:91:e9:54: 1311s 17:c7:7d:e0:95:a7:2f:01:05:73:98:d5:50:d4:47:d9:7c:a1: 1311s 9d:a7:c0:e8:94:f7:9d:59:72:ae:a1:84:2f:37:64:9a:27:c5: 1311s 5c:60 1311s + local found_md5 expected_md5 1311s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-MrKnJX/test-intermediate-CA-trusted-certificate-0001.pem 1312s + expected_md5=Modulus=CAF64C6DB26ABD9BC1922D50F5208AC7DCCF61F69D6810C6D768DD694309959C71419121227813F4DF93831F3A655887FB02F178FB6AD787EE35272FDC6C02B62D0AE8619FA2B829A42E65C45B2055732BC5F7836805EE0276CC51B0D9515FEAC48C462C41DC83F2DDE8D57D895DD7526C28CAF6EB33F7FBB08B9ACDE55493C7 1312s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-MrKnJX/SSSD-child-18956.pem 1312s + found_md5=Modulus=CAF64C6DB26ABD9BC1922D50F5208AC7DCCF61F69D6810C6D768DD694309959C71419121227813F4DF93831F3A655887FB02F178FB6AD787EE35272FDC6C02B62D0AE8619FA2B829A42E65C45B2055732BC5F7836805EE0276CC51B0D9515FEAC48C462C41DC83F2DDE8D57D895DD7526C28CAF6EB33F7FBB08B9ACDE55493C7 1312s + '[' Modulus=CAF64C6DB26ABD9BC1922D50F5208AC7DCCF61F69D6810C6D768DD694309959C71419121227813F4DF93831F3A655887FB02F178FB6AD787EE35272FDC6C02B62D0AE8619FA2B829A42E65C45B2055732BC5F7836805EE0276CC51B0D9515FEAC48C462C41DC83F2DDE8D57D895DD7526C28CAF6EB33F7FBB08B9ACDE55493C7 '!=' Modulus=CAF64C6DB26ABD9BC1922D50F5208AC7DCCF61F69D6810C6D768DD694309959C71419121227813F4DF93831F3A655887FB02F178FB6AD787EE35272FDC6C02B62D0AE8619FA2B829A42E65C45B2055732BC5F7836805EE0276CC51B0D9515FEAC48C462C41DC83F2DDE8D57D895DD7526C28CAF6EB33F7FBB08B9ACDE55493C7 ']' 1312s + output_file=/tmp/sssd-softhsm2-MrKnJX/SSSD-child-18956-auth.output 1312s ++ basename /tmp/sssd-softhsm2-MrKnJX/SSSD-child-18956-auth.output .output 1312s + output_cert_file=/tmp/sssd-softhsm2-MrKnJX/SSSD-child-18956-auth.pem 1312s + echo -n 053350 1312s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-MrKnJX/test-full-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Interme Token' --module_name /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so 1312s [p11_child[2303]] [main] (0x0400): p11_child started. 1312s [p11_child[2303]] [main] (0x2000): Running in [auth] mode. 1312s [p11_child[2303]] [main] (0x2000): Running with effective IDs: [0][0]. 1312s [p11_child[2303]] [main] (0x2000): Running with real IDs [0][0]. 1312s [p11_child[2303]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 1312s [p11_child[2303]] [do_card] (0x4000): Module List: 1312s [p11_child[2303]] [do_card] (0x4000): common name: [softhsm2]. 1312s [p11_child[2303]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 1312s [p11_child[2303]] [do_card] (0x4000): Description [SoftHSM slot ID 0x64c243b9] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 1312s [p11_child[2303]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 1312s [p11_child[2303]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x64c243b9][1690452921] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 1312s [p11_child[2303]] [do_card] (0x4000): Login required. 1312s [p11_child[2303]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 1312s [p11_child[2303]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 1312s [p11_child[2303]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so Test Organization Interme Token Test Organization Interme Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 1312s [p11_child[2303]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x64c243b9;slot-manufacturer=SoftHSM%20project;slot-id=1690452921;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=606576fb64c243b9;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 1312s [p11_child[2303]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 1312s [p11_child[2303]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 1312s [p11_child[2303]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 1312s [p11_child[2303]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 1312s [p11_child[2303]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 1312s [p11_child[2303]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 1312s [p11_child[2303]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 1312s [p11_child[2303]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 1312s [p11_child[2303]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 1312s [p11_child[2303]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 1312s [p11_child[2303]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 1312s [p11_child[2303]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 1312s [p11_child[2303]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 1312s [p11_child[2303]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 1312s [p11_child[2303]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 1312s [p11_child[2303]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 1312s [p11_child[2303]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 1312s [p11_child[2303]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 1312s [p11_child[2303]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 1312s [p11_child[2303]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 1312s [p11_child[2303]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 1312s [p11_child[2303]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 1312s [p11_child[2303]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 1312s [p11_child[2303]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 1312s [p11_child[2303]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 1312s [p11_child[2303]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 1312s [p11_child[2303]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 1312s [p11_child[2303]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 1312s [p11_child[2303]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 1312s [p11_child[2303]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 1312s [p11_child[2303]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 1312s [p11_child[2303]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 1312s [p11_child[2303]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 1312s [p11_child[2303]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 1312s [p11_child[2303]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 1312s [p11_child[2303]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 1312s [p11_child[2303]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 1312s [p11_child[2303]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 1312s [p11_child[2303]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 1312s [p11_child[2303]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 1312s [p11_child[2303]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 1312s [p11_child[2303]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 1312s [p11_child[2303]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 1312s [p11_child[2303]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 1312s [p11_child[2303]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 1312s [p11_child[2303]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 1312s [p11_child[2303]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 1312s [p11_child[2303]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 1312s [p11_child[2303]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 1312s [p11_child[2303]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 1312s [p11_child[2303]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 1312s [p11_child[2303]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 1312s [p11_child[2303]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 1312s [p11_child[2303]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 1312s [p11_child[2303]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 1312s [p11_child[2303]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 1312s [p11_child[2303]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 1312s [p11_child[2303]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 1312s [p11_child[2303]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 1312s [p11_child[2303]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 1312s [p11_child[2303]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 1312s [p11_child[2303]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 1312s [p11_child[2303]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 1312s [p11_child[2303]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 1312s [p11_child[2303]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 1312s [p11_child[2303]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 1312s [p11_child[2303]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 1312s [p11_child[2303]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 1312s [p11_child[2303]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 1312s [p11_child[2303]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 1312s [p11_child[2303]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 1312s [p11_child[2303]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 1312s [p11_child[2303]] [do_card] (0x4000): Certificate verified and validated. 1312s [p11_child[2303]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 1312s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-MrKnJX/SSSD-child-18956-auth.output 1312s + echo '-----BEGIN CERTIFICATE-----' 1312s + tail -n1 /tmp/sssd-softhsm2-MrKnJX/SSSD-child-18956-auth.output 1312s + echo '-----END CERTIFICATE-----' 1312s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-MrKnJX/SSSD-child-18956-auth.pem 1312s Certificate: 1312s Data: 1312s Version: 3 (0x2) 1312s Serial Number: 4 (0x4) 1312s Signature Algorithm: sha256WithRSAEncryption 1312s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 1312s Validity 1312s Not Before: Mar 18 18:11:04 2024 GMT 1312s Not After : Mar 18 18:11:04 2025 GMT 1312s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 1312s Subject Public Key Info: 1312s Public Key Algorithm: rsaEncryption 1312s Public-Key: (1024 bit) 1312s Modulus: 1312s 00:ca:f6:4c:6d:b2:6a:bd:9b:c1:92:2d:50:f5:20: 1312s 8a:c7:dc:cf:61:f6:9d:68:10:c6:d7:68:dd:69:43: 1312s 09:95:9c:71:41:91:21:22:78:13:f4:df:93:83:1f: 1312s 3a:65:58:87:fb:02:f1:78:fb:6a:d7:87:ee:35:27: 1312s 2f:dc:6c:02:b6:2d:0a:e8:61:9f:a2:b8:29:a4:2e: 1312s 65:c4:5b:20:55:73:2b:c5:f7:83:68:05:ee:02:76: 1312s cc:51:b0:d9:51:5f:ea:c4:8c:46:2c:41:dc:83:f2: 1312s dd:e8:d5:7d:89:5d:d7:52:6c:28:ca:f6:eb:33:f7: 1312s fb:b0:8b:9a:cd:e5:54:93:c7 1312s Exponent: 65537 (0x10001) 1312s X509v3 extensions: 1312s X509v3 Authority Key Identifier: 1312s A1:B8:7A:33:3A:B7:3F:51:17:99:71:03:06:72:5B:9C:A7:CA:57:50 1312s X509v3 Basic Constraints: 1312s CA:FALSE 1312s Netscape Cert Type: 1312s SSL Client, S/MIME 1312s Netscape Comment: 1312s Test Organization Intermediate CA trusted Certificate 1312s X509v3 Subject Key Identifier: 1312s 4F:F4:18:7E:68:F1:73:90:A2:DF:29:59:5E:06:2D:B9:3B:A6:3A:5A 1312s X509v3 Key Usage: critical 1312s Digital Signature, Non Repudiation, Key Encipherment 1312s X509v3 Extended Key Usage: 1312s TLS Web Client Authentication, E-mail Protection 1312s X509v3 Subject Alternative Name: 1312s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 1312s Signature Algorithm: sha256WithRSAEncryption 1312s Signature Value: 1312s 3a:39:e7:de:fc:60:ab:4e:b0:c5:f9:9c:0f:b1:dc:bd:54:eb: 1312s 8f:a3:b7:a0:ef:b2:09:27:7a:78:a3:c8:a7:59:ca:fb:c6:f9: 1312s c4:04:a5:0b:bf:b4:1e:be:a9:fb:49:78:59:33:b6:9e:fe:de: 1312s 8b:f3:96:1f:be:97:19:ed:8d:27:f5:6f:7b:73:95:cf:af:1b: 1312s 26:82:07:37:c9:1e:76:a3:b6:fb:61:b3:6d:67:7f:91:e9:54: 1312s 17:c7:7d:e0:95:a7:2f:01:05:73:98:d5:50:d4:47:d9:7c:a1: 1312s 9d:a7:c0:e8:94:f7:9d:59:72:ae:a1:84:2f:37:64:9a:27:c5: 1312s 5c:60 1312s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-MrKnJX/SSSD-child-18956-auth.pem 1312s + found_md5=Modulus=CAF64C6DB26ABD9BC1922D50F5208AC7DCCF61F69D6810C6D768DD694309959C71419121227813F4DF93831F3A655887FB02F178FB6AD787EE35272FDC6C02B62D0AE8619FA2B829A42E65C45B2055732BC5F7836805EE0276CC51B0D9515FEAC48C462C41DC83F2DDE8D57D895DD7526C28CAF6EB33F7FBB08B9ACDE55493C7 1312s + '[' Modulus=CAF64C6DB26ABD9BC1922D50F5208AC7DCCF61F69D6810C6D768DD694309959C71419121227813F4DF93831F3A655887FB02F178FB6AD787EE35272FDC6C02B62D0AE8619FA2B829A42E65C45B2055732BC5F7836805EE0276CC51B0D9515FEAC48C462C41DC83F2DDE8D57D895DD7526C28CAF6EB33F7FBB08B9ACDE55493C7 '!=' Modulus=CAF64C6DB26ABD9BC1922D50F5208AC7DCCF61F69D6810C6D768DD694309959C71419121227813F4DF93831F3A655887FB02F178FB6AD787EE35272FDC6C02B62D0AE8619FA2B829A42E65C45B2055732BC5F7836805EE0276CC51B0D9515FEAC48C462C41DC83F2DDE8D57D895DD7526C28CAF6EB33F7FBB08B9ACDE55493C7 ']' 1312s + invalid_certificate /tmp/sssd-softhsm2-MrKnJX/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-24095 /tmp/sssd-softhsm2-MrKnJX/test-intermediate-CA.pem 1312s + check_certificate /tmp/sssd-softhsm2-MrKnJX/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-24095 /tmp/sssd-softhsm2-MrKnJX/test-intermediate-CA.pem 1312s + local certificate=/tmp/sssd-softhsm2-MrKnJX/test-intermediate-CA-trusted-certificate-0001.pem 1312s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-24095 1312s + local key_ring=/tmp/sssd-softhsm2-MrKnJX/test-intermediate-CA.pem 1312s + local verify_option= 1312s + prepare_softhsm2_card /tmp/sssd-softhsm2-MrKnJX/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-24095 1312s + local certificate=/tmp/sssd-softhsm2-MrKnJX/test-intermediate-CA-trusted-certificate-0001.pem 1312s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-24095 1312s + local key_cn 1312s + local key_name 1312s + local tokens_dir 1312s + local output_cert_file 1312s + token_name= 1312s ++ basename /tmp/sssd-softhsm2-MrKnJX/test-intermediate-CA-trusted-certificate-0001.pem .pem 1313s + key_name=test-intermediate-CA-trusted-certificate-0001 1313s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-MrKnJX/test-intermediate-CA-trusted-certificate-0001.pem 1313s ++ sed -n 's/ *commonName *= //p' 1313s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 1313s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 1313s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-MrKnJX/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 1313s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-MrKnJX/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 1313s ++ basename /tmp/sssd-softhsm2-MrKnJX/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 1313s + tokens_dir=/tmp/sssd-softhsm2-MrKnJX/softhsm2-test-intermediate-CA-trusted-certificate-0001 1313s + token_name='Test Organization Interme Token' 1313s + '[' '!' -e /tmp/sssd-softhsm2-MrKnJX/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 1313s + '[' '!' -d /tmp/sssd-softhsm2-MrKnJX/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 1313s + echo 'Test Organization Interme Token' 1313s + '[' -n '' ']' 1313s + local output_base_name=SSSD-child-17173 1313s + local output_file=/tmp/sssd-softhsm2-MrKnJX/SSSD-child-17173.output 1313s + output_cert_file=/tmp/sssd-softhsm2-MrKnJX/SSSD-child-17173.pem 1313s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-MrKnJX/test-intermediate-CA.pem 1313s Test Organization Interme Token 1313s [p11_child[2313]] [main] (0x0400): p11_child started. 1313s [p11_child[2313]] [main] (0x2000): Running in [pre-auth] mode. 1313s [p11_child[2313]] [main] (0x2000): Running with effective IDs: [0][0]. 1313s [p11_child[2313]] [main] (0x2000): Running with real IDs [0][0]. 1313s [p11_child[2313]] [do_card] (0x4000): Module List: 1313s [p11_child[2313]] [do_card] (0x4000): common name: [softhsm2]. 1313s [p11_child[2313]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 1313s [p11_child[2313]] [do_card] (0x4000): Description [SoftHSM slot ID 0x64c243b9] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 1313s [p11_child[2313]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 1313s [p11_child[2313]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x64c243b9][1690452921] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 1313s [p11_child[2313]] [do_card] (0x4000): Login NOT required. 1313s [p11_child[2313]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 1313s [p11_child[2313]] [do_verification] (0x0040): X509_verify_cert failed [0]. 1313s [p11_child[2313]] [do_verification] (0x0040): X509_verify_cert failed [2][unable to get issuer certificate]. 1313s [p11_child[2313]] [read_certs] (0x0040): Certificate [Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] not valid, skipping. 1313s [p11_child[2313]] [do_card] (0x4000): No certificate found. 1313s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-MrKnJX/SSSD-child-17173.output 1313s + return 2 1313s + valid_certificate /tmp/sssd-softhsm2-MrKnJX/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-24095 /tmp/sssd-softhsm2-MrKnJX/test-intermediate-CA.pem partial_chain 1313s + check_certificate /tmp/sssd-softhsm2-MrKnJX/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-24095 /tmp/sssd-softhsm2-MrKnJX/test-intermediate-CA.pem partial_chain 1313s + local certificate=/tmp/sssd-softhsm2-MrKnJX/test-intermediate-CA-trusted-certificate-0001.pem 1313s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-24095 1313s + local key_ring=/tmp/sssd-softhsm2-MrKnJX/test-intermediate-CA.pem 1313s + local verify_option=partial_chain 1313s + prepare_softhsm2_card /tmp/sssd-softhsm2-MrKnJX/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-24095 1313s + local certificate=/tmp/sssd-softhsm2-MrKnJX/test-intermediate-CA-trusted-certificate-0001.pem 1313s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-24095 1313s + local key_cn 1313s + local key_name 1313s + local tokens_dir 1313s + local output_cert_file 1313s + token_name= 1313s ++ basename /tmp/sssd-softhsm2-MrKnJX/test-intermediate-CA-trusted-certificate-0001.pem .pem 1313s + key_name=test-intermediate-CA-trusted-certificate-0001 1313s ++ sed -n 's/ *commonName *= //p' 1313s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-MrKnJX/test-intermediate-CA-trusted-certificate-0001.pem 1314s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 1314s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 1314s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-MrKnJX/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 1314s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-MrKnJX/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 1314s ++ basename /tmp/sssd-softhsm2-MrKnJX/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 1314s Test Organization Interme Token 1314s + tokens_dir=/tmp/sssd-softhsm2-MrKnJX/softhsm2-test-intermediate-CA-trusted-certificate-0001 1314s + token_name='Test Organization Interme Token' 1314s + '[' '!' -e /tmp/sssd-softhsm2-MrKnJX/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 1314s + '[' '!' -d /tmp/sssd-softhsm2-MrKnJX/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 1314s + echo 'Test Organization Interme Token' 1314s + '[' -n partial_chain ']' 1314s + local verify_arg=--verify=partial_chain 1314s + local output_base_name=SSSD-child-9797 1314s + local output_file=/tmp/sssd-softhsm2-MrKnJX/SSSD-child-9797.output 1314s + output_cert_file=/tmp/sssd-softhsm2-MrKnJX/SSSD-child-9797.pem 1314s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-MrKnJX/test-intermediate-CA.pem 1314s [p11_child[2320]] [main] (0x0400): p11_child started. 1314s [p11_child[2320]] [main] (0x2000): Running in [pre-auth] mode. 1314s [p11_child[2320]] [main] (0x2000): Running with effective IDs: [0][0]. 1314s [p11_child[2320]] [main] (0x2000): Running with real IDs [0][0]. 1314s [p11_child[2320]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 1314s [p11_child[2320]] [do_card] (0x4000): Module List: 1314s [p11_child[2320]] [do_card] (0x4000): common name: [softhsm2]. 1314s [p11_child[2320]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 1314s [p11_child[2320]] [do_card] (0x4000): Description [SoftHSM slot ID 0x64c243b9] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 1314s [p11_child[2320]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 1314s [p11_child[2320]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x64c243b9][1690452921] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 1314s [p11_child[2320]] [do_card] (0x4000): Login NOT required. 1314s [p11_child[2320]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 1314s [p11_child[2320]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 1314s [p11_child[2320]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Interme Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 1314s [p11_child[2320]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x64c243b9;slot-manufacturer=SoftHSM%20project;slot-id=1690452921;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=606576fb64c243b9;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 1314s [p11_child[2320]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 1314s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-MrKnJX/SSSD-child-9797.output 1314s + echo '-----BEGIN CERTIFICATE-----' 1314s + tail -n1 /tmp/sssd-softhsm2-MrKnJX/SSSD-child-9797.output 1314s + echo '-----END CERTIFICATE-----' 1314s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-MrKnJX/SSSD-child-9797.pem 1314s Certificate: 1314s Data: 1314s Version: 3 (0x2) 1314s Serial Number: 4 (0x4) 1314s Signature Algorithm: sha256WithRSAEncryption 1314s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 1314s Validity 1314s Not Before: Mar 18 18:11:04 2024 GMT 1314s Not After : Mar 18 18:11:04 2025 GMT 1314s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 1314s Subject Public Key Info: 1314s Public Key Algorithm: rsaEncryption 1314s Public-Key: (1024 bit) 1314s Modulus: 1314s 00:ca:f6:4c:6d:b2:6a:bd:9b:c1:92:2d:50:f5:20: 1314s 8a:c7:dc:cf:61:f6:9d:68:10:c6:d7:68:dd:69:43: 1314s 09:95:9c:71:41:91:21:22:78:13:f4:df:93:83:1f: 1314s 3a:65:58:87:fb:02:f1:78:fb:6a:d7:87:ee:35:27: 1314s 2f:dc:6c:02:b6:2d:0a:e8:61:9f:a2:b8:29:a4:2e: 1314s 65:c4:5b:20:55:73:2b:c5:f7:83:68:05:ee:02:76: 1314s cc:51:b0:d9:51:5f:ea:c4:8c:46:2c:41:dc:83:f2: 1314s dd:e8:d5:7d:89:5d:d7:52:6c:28:ca:f6:eb:33:f7: 1314s fb:b0:8b:9a:cd:e5:54:93:c7 1314s Exponent: 65537 (0x10001) 1314s X509v3 extensions: 1314s X509v3 Authority Key Identifier: 1314s A1:B8:7A:33:3A:B7:3F:51:17:99:71:03:06:72:5B:9C:A7:CA:57:50 1314s X509v3 Basic Constraints: 1314s CA:FALSE 1314s Netscape Cert Type: 1314s SSL Client, S/MIME 1314s Netscape Comment: 1314s Test Organization Intermediate CA trusted Certificate 1314s X509v3 Subject Key Identifier: 1314s 4F:F4:18:7E:68:F1:73:90:A2:DF:29:59:5E:06:2D:B9:3B:A6:3A:5A 1314s X509v3 Key Usage: critical 1314s Digital Signature, Non Repudiation, Key Encipherment 1314s X509v3 Extended Key Usage: 1314s TLS Web Client Authentication, E-mail Protection 1314s X509v3 Subject Alternative Name: 1314s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 1314s Signature Algorithm: sha256WithRSAEncryption 1314s Signature Value: 1314s 3a:39:e7:de:fc:60:ab:4e:b0:c5:f9:9c:0f:b1:dc:bd:54:eb: 1314s 8f:a3:b7:a0:ef:b2:09:27:7a:78:a3:c8:a7:59:ca:fb:c6:f9: 1314s c4:04:a5:0b:bf:b4:1e:be:a9:fb:49:78:59:33:b6:9e:fe:de: 1314s 8b:f3:96:1f:be:97:19:ed:8d:27:f5:6f:7b:73:95:cf:af:1b: 1314s 26:82:07:37:c9:1e:76:a3:b6:fb:61:b3:6d:67:7f:91:e9:54: 1314s 17:c7:7d:e0:95:a7:2f:01:05:73:98:d5:50:d4:47:d9:7c:a1: 1314s 9d:a7:c0:e8:94:f7:9d:59:72:ae:a1:84:2f:37:64:9a:27:c5: 1314s 5c:60 1314s + local found_md5 expected_md5 1314s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-MrKnJX/test-intermediate-CA-trusted-certificate-0001.pem 1315s + expected_md5=Modulus=CAF64C6DB26ABD9BC1922D50F5208AC7DCCF61F69D6810C6D768DD694309959C71419121227813F4DF93831F3A655887FB02F178FB6AD787EE35272FDC6C02B62D0AE8619FA2B829A42E65C45B2055732BC5F7836805EE0276CC51B0D9515FEAC48C462C41DC83F2DDE8D57D895DD7526C28CAF6EB33F7FBB08B9ACDE55493C7 1315s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-MrKnJX/SSSD-child-9797.pem 1316s + found_md5=Modulus=CAF64C6DB26ABD9BC1922D50F5208AC7DCCF61F69D6810C6D768DD694309959C71419121227813F4DF93831F3A655887FB02F178FB6AD787EE35272FDC6C02B62D0AE8619FA2B829A42E65C45B2055732BC5F7836805EE0276CC51B0D9515FEAC48C462C41DC83F2DDE8D57D895DD7526C28CAF6EB33F7FBB08B9ACDE55493C7 1316s + '[' Modulus=CAF64C6DB26ABD9BC1922D50F5208AC7DCCF61F69D6810C6D768DD694309959C71419121227813F4DF93831F3A655887FB02F178FB6AD787EE35272FDC6C02B62D0AE8619FA2B829A42E65C45B2055732BC5F7836805EE0276CC51B0D9515FEAC48C462C41DC83F2DDE8D57D895DD7526C28CAF6EB33F7FBB08B9ACDE55493C7 '!=' Modulus=CAF64C6DB26ABD9BC1922D50F5208AC7DCCF61F69D6810C6D768DD694309959C71419121227813F4DF93831F3A655887FB02F178FB6AD787EE35272FDC6C02B62D0AE8619FA2B829A42E65C45B2055732BC5F7836805EE0276CC51B0D9515FEAC48C462C41DC83F2DDE8D57D895DD7526C28CAF6EB33F7FBB08B9ACDE55493C7 ']' 1316s + output_file=/tmp/sssd-softhsm2-MrKnJX/SSSD-child-9797-auth.output 1316s ++ basename /tmp/sssd-softhsm2-MrKnJX/SSSD-child-9797-auth.output .output 1316s + output_cert_file=/tmp/sssd-softhsm2-MrKnJX/SSSD-child-9797-auth.pem 1316s + echo -n 053350 1316s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-MrKnJX/test-intermediate-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Interme Token' --module_name /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so 1316s [p11_child[2328]] [main] (0x0400): p11_child started. 1316s [p11_child[2328]] [main] (0x2000): Running in [auth] mode. 1316s [p11_child[2328]] [main] (0x2000): Running with effective IDs: [0][0]. 1316s [p11_child[2328]] [main] (0x2000): Running with real IDs [0][0]. 1316s [p11_child[2328]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 1316s [p11_child[2328]] [do_card] (0x4000): Module List: 1316s [p11_child[2328]] [do_card] (0x4000): common name: [softhsm2]. 1316s [p11_child[2328]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 1316s [p11_child[2328]] [do_card] (0x4000): Description [SoftHSM slot ID 0x64c243b9] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 1316s [p11_child[2328]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 1316s [p11_child[2328]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x64c243b9][1690452921] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 1316s [p11_child[2328]] [do_card] (0x4000): Login required. 1316s [p11_child[2328]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 1316s [p11_child[2328]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 1316s [p11_child[2328]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so Test Organization Interme Token Test Organization Interme Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 1316s [p11_child[2328]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x64c243b9;slot-manufacturer=SoftHSM%20project;slot-id=1690452921;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=606576fb64c243b9;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 1316s [p11_child[2328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 1316s [p11_child[2328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 1316s [p11_child[2328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 1316s [p11_child[2328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 1316s [p11_child[2328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 1316s [p11_child[2328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 1316s [p11_child[2328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 1316s [p11_child[2328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 1316s [p11_child[2328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 1316s [p11_child[2328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 1316s [p11_child[2328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 1316s [p11_child[2328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 1316s [p11_child[2328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 1316s [p11_child[2328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 1316s [p11_child[2328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 1316s [p11_child[2328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 1316s [p11_child[2328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 1316s [p11_child[2328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 1316s [p11_child[2328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 1316s [p11_child[2328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 1316s [p11_child[2328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 1316s [p11_child[2328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 1316s [p11_child[2328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 1316s [p11_child[2328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 1316s [p11_child[2328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 1316s [p11_child[2328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 1316s [p11_child[2328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 1316s [p11_child[2328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 1316s [p11_child[2328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 1316s [p11_child[2328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 1316s [p11_child[2328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 1316s [p11_child[2328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 1316s [p11_child[2328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 1316s [p11_child[2328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 1316s [p11_child[2328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 1316s [p11_child[2328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 1316s [p11_child[2328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 1316s [p11_child[2328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 1316s [p11_child[2328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 1316s [p11_child[2328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 1316s [p11_child[2328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 1316s [p11_child[2328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 1316s [p11_child[2328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 1316s [p11_child[2328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 1316s [p11_child[2328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 1316s [p11_child[2328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 1316s [p11_child[2328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 1316s [p11_child[2328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 1316s [p11_child[2328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 1316s [p11_child[2328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 1316s [p11_child[2328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 1316s [p11_child[2328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 1316s [p11_child[2328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 1316s [p11_child[2328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 1316s [p11_child[2328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 1316s [p11_child[2328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 1316s [p11_child[2328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 1316s [p11_child[2328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 1316s [p11_child[2328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 1316s [p11_child[2328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 1316s [p11_child[2328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 1316s [p11_child[2328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 1316s [p11_child[2328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 1316s [p11_child[2328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 1316s [p11_child[2328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 1316s [p11_child[2328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 1316s [p11_child[2328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 1316s [p11_child[2328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 1316s [p11_child[2328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 1316s [p11_child[2328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 1316s [p11_child[2328]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 1316s [p11_child[2328]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 1316s [p11_child[2328]] [do_card] (0x4000): Certificate verified and validated. 1316s [p11_child[2328]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 1316s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-MrKnJX/SSSD-child-9797-auth.output 1316s + echo '-----BEGIN CERTIFICATE-----' 1316s + tail -n1 /tmp/sssd-softhsm2-MrKnJX/SSSD-child-9797-auth.output 1316s + echo '-----END CERTIFICATE-----' 1316s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-MrKnJX/SSSD-child-9797-auth.pem 1318s Certificate: 1318s Data: 1318s Version: 3 (0x2) 1318s Serial Number: 4 (0x4) 1318s Signature Algorithm: sha256WithRSAEncryption 1318s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 1318s Validity 1318s Not Before: Mar 18 18:11:04 2024 GMT 1318s Not After : Mar 18 18:11:04 2025 GMT 1318s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 1318s Subject Public Key Info: 1318s Public Key Algorithm: rsaEncryption 1318s Public-Key: (1024 bit) 1318s Modulus: 1318s 00:ca:f6:4c:6d:b2:6a:bd:9b:c1:92:2d:50:f5:20: 1318s 8a:c7:dc:cf:61:f6:9d:68:10:c6:d7:68:dd:69:43: 1318s 09:95:9c:71:41:91:21:22:78:13:f4:df:93:83:1f: 1318s 3a:65:58:87:fb:02:f1:78:fb:6a:d7:87:ee:35:27: 1318s 2f:dc:6c:02:b6:2d:0a:e8:61:9f:a2:b8:29:a4:2e: 1318s 65:c4:5b:20:55:73:2b:c5:f7:83:68:05:ee:02:76: 1318s cc:51:b0:d9:51:5f:ea:c4:8c:46:2c:41:dc:83:f2: 1318s dd:e8:d5:7d:89:5d:d7:52:6c:28:ca:f6:eb:33:f7: 1318s fb:b0:8b:9a:cd:e5:54:93:c7 1318s Exponent: 65537 (0x10001) 1318s X509v3 extensions: 1318s X509v3 Authority Key Identifier: 1318s A1:B8:7A:33:3A:B7:3F:51:17:99:71:03:06:72:5B:9C:A7:CA:57:50 1318s X509v3 Basic Constraints: 1318s CA:FALSE 1318s Netscape Cert Type: 1318s SSL Client, S/MIME 1318s Netscape Comment: 1318s Test Organization Intermediate CA trusted Certificate 1318s X509v3 Subject Key Identifier: 1318s 4F:F4:18:7E:68:F1:73:90:A2:DF:29:59:5E:06:2D:B9:3B:A6:3A:5A 1318s X509v3 Key Usage: critical 1318s Digital Signature, Non Repudiation, Key Encipherment 1318s X509v3 Extended Key Usage: 1318s TLS Web Client Authentication, E-mail Protection 1318s X509v3 Subject Alternative Name: 1318s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 1318s Signature Algorithm: sha256WithRSAEncryption 1318s Signature Value: 1318s 3a:39:e7:de:fc:60:ab:4e:b0:c5:f9:9c:0f:b1:dc:bd:54:eb: 1318s 8f:a3:b7:a0:ef:b2:09:27:7a:78:a3:c8:a7:59:ca:fb:c6:f9: 1318s c4:04:a5:0b:bf:b4:1e:be:a9:fb:49:78:59:33:b6:9e:fe:de: 1318s 8b:f3:96:1f:be:97:19:ed:8d:27:f5:6f:7b:73:95:cf:af:1b: 1318s 26:82:07:37:c9:1e:76:a3:b6:fb:61:b3:6d:67:7f:91:e9:54: 1318s 17:c7:7d:e0:95:a7:2f:01:05:73:98:d5:50:d4:47:d9:7c:a1: 1318s 9d:a7:c0:e8:94:f7:9d:59:72:ae:a1:84:2f:37:64:9a:27:c5: 1318s 5c:60 1318s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-MrKnJX/SSSD-child-9797-auth.pem 1318s Slot 0 has a free/uninitialized token. 1318s The token has been initialized and is reassigned to slot 1270406546 1318s Available slots: 1318s Slot 1270406546 1318s Slot info: 1318s Description: SoftHSM slot ID 0x4bb8dd92 1318s Manufacturer ID: SoftHSM project 1318s Hardware version: 2.6 1318s Firmware version: 2.6 1318s Token present: yes 1318s Token info: 1318s Manufacturer ID: SoftHSM project 1318s Model: SoftHSM v2 1318s Hardware version: 2.6 1318s Firmware version: 2.6 1318s Serial number: c50f8f0dcbb8dd92 1318s Initialized: yes 1318s User PIN init.: yes 1318s Label: Test Organization Sub Int Token 1318s Slot 1 1318s Slot info: 1318s Description: SoftHSM slot ID 0x1 1318s Manufacturer ID: SoftHSM project 1318s Hardware version: 2.6 1318s Firmware version: 2.6 1318s Token present: yes 1318s Token info: 1318s Manufacturer ID: SoftHSM project 1318s Model: SoftHSM v2 1318s Hardware version: 2.6 1318s Firmware version: 2.6 1318s Serial number: 1318s Initialized: no 1318s User PIN init.: no 1318s Label: 1318s Object 0: 1318s URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=c50f8f0dcbb8dd92;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert 1318s Type: X.509 Certificate (RSA-1024) 1318s Expires: Tue Mar 18 18:11:05 2025 1318s Label: Test Organization Sub Intermediate Trusted Certificate 0001 1318s ID: 00:11:22:33:44:55:66:77:88:99:ff:aa:bb:cc:dd:ee:ff:01:23:45 1318s 1318s Test Organization Sub Int Token 1318s Test Organization Sub Int Token 1318s Test Organization Sub Int Token 1318s Certificate: 1318s Data: 1318s Version: 3 (0x2) 1318s Serial Number: 5 (0x5) 1318s Signature Algorithm: sha256WithRSAEncryption 1318s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 1318s Validity 1318s Not Before: Mar 18 18:11:05 2024 GMT 1318s Not After : Mar 18 18:11:05 2025 GMT 1318s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 1318s Subject Public Key Info: 1318s Public Key Algorithm: rsaEncryption 1318s Public-Key: (1024 bit) 1318s Modulus: 1318s 00:ae:e6:37:ff:36:95:de:20:89:68:7d:34:47:48: 1318s 08:b2:35:ab:af:7e:aa:e5:c7:f2:f2:57:7e:f2:2a: 1318s a6:9e:49:6e:c7:af:5c:a7:6d:a5:46:78:cd:6c:0d: 1318s 69:9c:10:16:aa:98:71:85:fc:29:4e:7c:62:eb:e1: 1318s 1e:6e:9b:0f:f5:44:df:75:5e:77:09:0d:d3:c4:b7: 1318s 98:c9:70:62:fd:19:f0:b1:a2:3e:b4:10:2d:48:17: 1318s 24:9d:cd:ed:14:9b:54:52:8a:7b:58:0c:89:a6:09: 1318s 8e:6c:cf:49:ef:68:2c:91:d8:9b:83:eb:73:71:81: 1318s 5d:e8:cb:35:ab:6e:1b:b1:ad 1318s Exponent: 65537 (0x10001) 1318s X509v3 extensions: 1318s X509v3 Authority Key Identifier: 1318s AF:47:73:AB:B1:CB:E0:E9:7E:D7:08:83:64:9C:A4:EC:70:13:49:F0 1318s X509v3 Basic Constraints: 1318s CA:FALSE 1318s Netscape Cert Type: 1318s SSL Client, S/MIME 1318s Netscape Comment: 1318s Test Organization Sub Intermediate CA trusted Certificate 1318s X509v3 Subject Key Identifier: 1318s 52:30:A4:83:AC:00:D0:D2:04:7F:47:03:9F:97:C7:58:35:D3:DB:A5 1318s X509v3 Key Usage: critical 1318s Digital Signature, Non Repudiation, Key Encipherment 1318s X509v3 Extended Key Usage: 1318s TLS Web Client Authentication, E-mail Protection 1318s X509v3 Subject Alternative Name: 1318s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 1318s Signature Algorithm: sha256WithRSAEncryption 1318s Signature Value: 1318s 33:03:95:e2:bb:aa:94:76:bd:7c:ed:1a:43:6a:8a:53:a6:4d: 1318s 8a:47:84:41:4a:bb:2f:0b:b7:28:bc:28:62:9f:8c:e6:42:e0: 1318s a2:88:06:c8:56:03:87:19:e5:de:31:3c:d6:7a:83:b4:ec:83: 1318s 19:b8:bf:e5:7f:cf:72:ee:30:7c:02:70:79:74:99:6e:af:1a: 1318s 80:a4:84:82:c7:92:69:09:6a:30:1a:39:67:7f:9a:ec:0b:e3: 1318s 00:e7:d0:9e:ed:e0:4f:fa:c4:d8:97:ec:1b:61:18:85:6a:31: 1318s db:de:7b:e9:96:08:ec:2a:76:78:ae:9a:ab:a2:db:48:90:db: 1318s 3f:4b 1318s + found_md5=Modulus=CAF64C6DB26ABD9BC1922D50F5208AC7DCCF61F69D6810C6D768DD694309959C71419121227813F4DF93831F3A655887FB02F178FB6AD787EE35272FDC6C02B62D0AE8619FA2B829A42E65C45B2055732BC5F7836805EE0276CC51B0D9515FEAC48C462C41DC83F2DDE8D57D895DD7526C28CAF6EB33F7FBB08B9ACDE55493C7 1318s + '[' Modulus=CAF64C6DB26ABD9BC1922D50F5208AC7DCCF61F69D6810C6D768DD694309959C71419121227813F4DF93831F3A655887FB02F178FB6AD787EE35272FDC6C02B62D0AE8619FA2B829A42E65C45B2055732BC5F7836805EE0276CC51B0D9515FEAC48C462C41DC83F2DDE8D57D895DD7526C28CAF6EB33F7FBB08B9ACDE55493C7 '!=' Modulus=CAF64C6DB26ABD9BC1922D50F5208AC7DCCF61F69D6810C6D768DD694309959C71419121227813F4DF93831F3A655887FB02F178FB6AD787EE35272FDC6C02B62D0AE8619FA2B829A42E65C45B2055732BC5F7836805EE0276CC51B0D9515FEAC48C462C41DC83F2DDE8D57D895DD7526C28CAF6EB33F7FBB08B9ACDE55493C7 ']' 1318s + invalid_certificate /tmp/sssd-softhsm2-MrKnJX/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-17036 /tmp/sssd-softhsm2-MrKnJX/test-root-CA.pem 1318s + check_certificate /tmp/sssd-softhsm2-MrKnJX/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-17036 /tmp/sssd-softhsm2-MrKnJX/test-root-CA.pem 1318s + local certificate=/tmp/sssd-softhsm2-MrKnJX/test-sub-intermediate-CA-trusted-certificate-0001.pem 1318s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-17036 1318s + local key_ring=/tmp/sssd-softhsm2-MrKnJX/test-root-CA.pem 1318s + local verify_option= 1318s + prepare_softhsm2_card /tmp/sssd-softhsm2-MrKnJX/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-17036 1318s + local certificate=/tmp/sssd-softhsm2-MrKnJX/test-sub-intermediate-CA-trusted-certificate-0001.pem 1318s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-17036 1318s + local key_cn 1318s + local key_name 1318s + local tokens_dir 1318s + local output_cert_file 1318s + token_name= 1318s ++ basename /tmp/sssd-softhsm2-MrKnJX/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 1318s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 1318s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-MrKnJX/test-sub-intermediate-CA-trusted-certificate-0001.pem 1318s ++ sed -n 's/ *commonName *= //p' 1318s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 1318s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 1318s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-MrKnJX/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 1318s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-MrKnJX/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 1318s ++ basename /tmp/sssd-softhsm2-MrKnJX/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 1318s + tokens_dir=/tmp/sssd-softhsm2-MrKnJX/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 1318s + token_name='Test Organization Sub Int Token' 1318s + '[' '!' -e /tmp/sssd-softhsm2-MrKnJX/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 1318s + local key_file 1318s + local decrypted_key 1318s + mkdir -p /tmp/sssd-softhsm2-MrKnJX/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 1318s + key_file=/tmp/sssd-softhsm2-MrKnJX/test-sub-intermediate-CA-trusted-certificate-0001-key.pem 1318s + decrypted_key=/tmp/sssd-softhsm2-MrKnJX/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 1318s + cat 1318s + softhsm2-util --init-token --label 'Test Organization Sub Int Token' --pin 053350 --so-pin 053350 --free 1318s + softhsm2-util --show-slots 1318s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=/tmp/sssd-softhsm2-MrKnJX/test-sub-intermediate-CA-trusted-certificate-0001.pem --login --set-pin=053350 --label 'Test Organization Sub Intermediate Trusted Certificate 0001' --id 00112233445566778899FFAABBCCDDEEFF012345 1318s + openssl rsa -passin pass:random-sub-intermediate-ca-trusted-cert-0001-17036 -in /tmp/sssd-softhsm2-MrKnJX/test-sub-intermediate-CA-trusted-certificate-0001-key.pem -out /tmp/sssd-softhsm2-MrKnJX/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 1318s writing RSA key 1318s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --write --load-privkey=/tmp/sssd-softhsm2-MrKnJX/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem --login --set-pin=053350 --label 'Test Organization Sub Intermediate Trusted Certificate 0001 Key' --id 00112233445566778899FFAABBCCDDEEFF012345 1318s + rm /tmp/sssd-softhsm2-MrKnJX/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 1318s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --list-all 1318s + echo 'Test Organization Sub Int Token' 1318s + '[' -n '' ']' 1318s + local output_base_name=SSSD-child-32702 1318s + local output_file=/tmp/sssd-softhsm2-MrKnJX/SSSD-child-32702.output 1318s + output_cert_file=/tmp/sssd-softhsm2-MrKnJX/SSSD-child-32702.pem 1318s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-MrKnJX/test-root-CA.pem 1318s [p11_child[2347]] [main] (0x0400): p11_child started. 1318s [p11_child[2347]] [main] (0x2000): Running in [pre-auth] mode. 1318s [p11_child[2347]] [main] (0x2000): Running with effective IDs: [0][0]. 1318s [p11_child[2347]] [main] (0x2000): Running with real IDs [0][0]. 1318s [p11_child[2347]] [do_card] (0x4000): Module List: 1318s [p11_child[2347]] [do_card] (0x4000): common name: [softhsm2]. 1318s [p11_child[2347]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 1318s [p11_child[2347]] [do_card] (0x4000): Description [SoftHSM slot ID 0x4bb8dd92] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 1318s [p11_child[2347]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 1318s [p11_child[2347]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x4bb8dd92][1270406546] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 1318s [p11_child[2347]] [do_card] (0x4000): Login NOT required. 1318s [p11_child[2347]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 1318s [p11_child[2347]] [do_verification] (0x0040): X509_verify_cert failed [0]. 1318s [p11_child[2347]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 1318s [p11_child[2347]] [read_certs] (0x0040): Certificate [Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] not valid, skipping. 1318s [p11_child[2347]] [do_card] (0x4000): No certificate found. 1318s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-MrKnJX/SSSD-child-32702.output 1318s + return 2 1318s + invalid_certificate /tmp/sssd-softhsm2-MrKnJX/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-17036 /tmp/sssd-softhsm2-MrKnJX/test-root-CA.pem partial_chain 1318s + check_certificate /tmp/sssd-softhsm2-MrKnJX/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-17036 /tmp/sssd-softhsm2-MrKnJX/test-root-CA.pem partial_chain 1318s + local certificate=/tmp/sssd-softhsm2-MrKnJX/test-sub-intermediate-CA-trusted-certificate-0001.pem 1318s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-17036 1318s + local key_ring=/tmp/sssd-softhsm2-MrKnJX/test-root-CA.pem 1318s + local verify_option=partial_chain 1318s + prepare_softhsm2_card /tmp/sssd-softhsm2-MrKnJX/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-17036 1318s + local certificate=/tmp/sssd-softhsm2-MrKnJX/test-sub-intermediate-CA-trusted-certificate-0001.pem 1318s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-17036 1318s + local key_cn 1318s + local key_name 1318s + local tokens_dir 1318s + local output_cert_file 1318s + token_name= 1318s ++ basename /tmp/sssd-softhsm2-MrKnJX/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 1318s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 1318s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-MrKnJX/test-sub-intermediate-CA-trusted-certificate-0001.pem 1318s ++ sed -n 's/ *commonName *= //p' 1318s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 1318s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 1318s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-MrKnJX/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 1318s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-MrKnJX/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 1318s ++ basename /tmp/sssd-softhsm2-MrKnJX/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 1318s + tokens_dir=/tmp/sssd-softhsm2-MrKnJX/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 1318s + token_name='Test Organization Sub Int Token' 1318s + '[' '!' -e /tmp/sssd-softhsm2-MrKnJX/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 1318s + '[' '!' -d /tmp/sssd-softhsm2-MrKnJX/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 1318s + echo 'Test Organization Sub Int Token' 1318s + '[' -n partial_chain ']' 1318s + local verify_arg=--verify=partial_chain 1318s + local output_base_name=SSSD-child-15700 1318s + local output_file=/tmp/sssd-softhsm2-MrKnJX/SSSD-child-15700.output 1318s + output_cert_file=/tmp/sssd-softhsm2-MrKnJX/SSSD-child-15700.pem 1318s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-MrKnJX/test-root-CA.pem 1318s [p11_child[2354]] [main] (0x0400): p11_child started. 1318s [p11_child[2354]] [main] (0x2000): Running in [pre-auth] mode. 1318s [p11_child[2354]] [main] (0x2000): Running with effective IDs: [0][0]. 1318s [p11_child[2354]] [main] (0x2000): Running with real IDs [0][0]. 1318s [p11_child[2354]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 1318s [p11_child[2354]] [do_card] (0x4000): Module List: 1318s [p11_child[2354]] [do_card] (0x4000): common name: [softhsm2]. 1318s [p11_child[2354]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 1318s [p11_child[2354]] [do_card] (0x4000): Description [SoftHSM slot ID 0x4bb8dd92] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 1318s [p11_child[2354]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 1318s [p11_child[2354]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x4bb8dd92][1270406546] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 1318s [p11_child[2354]] [do_card] (0x4000): Login NOT required. 1318s [p11_child[2354]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 1318s [p11_child[2354]] [do_verification] (0x0040): X509_verify_cert failed [0]. 1318s [p11_child[2354]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 1318s [p11_child[2354]] [read_certs] (0x0040): Certificate [Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] not valid, skipping. 1318s [p11_child[2354]] [do_card] (0x4000): No certificate found. 1318s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-MrKnJX/SSSD-child-15700.output 1318s + return 2 1318s + valid_certificate /tmp/sssd-softhsm2-MrKnJX/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-17036 /tmp/sssd-softhsm2-MrKnJX/test-full-chain-CA.pem 1318s + check_certificate /tmp/sssd-softhsm2-MrKnJX/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-17036 /tmp/sssd-softhsm2-MrKnJX/test-full-chain-CA.pem 1318s + local certificate=/tmp/sssd-softhsm2-MrKnJX/test-sub-intermediate-CA-trusted-certificate-0001.pem 1318s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-17036 1318s + local key_ring=/tmp/sssd-softhsm2-MrKnJX/test-full-chain-CA.pem 1318s + local verify_option= 1318s + prepare_softhsm2_card /tmp/sssd-softhsm2-MrKnJX/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-17036 1318s + local certificate=/tmp/sssd-softhsm2-MrKnJX/test-sub-intermediate-CA-trusted-certificate-0001.pem 1318s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-17036 1318s + local key_cn 1318s + local key_name 1318s + local tokens_dir 1318s + local output_cert_file 1318s + token_name= 1318s ++ basename /tmp/sssd-softhsm2-MrKnJX/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 1318s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 1318s ++ sed -n 's/ *commonName *= //p' 1318s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-MrKnJX/test-sub-intermediate-CA-trusted-certificate-0001.pem 1318s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 1318s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 1318s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-MrKnJX/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 1318s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-MrKnJX/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 1318s ++ basename /tmp/sssd-softhsm2-MrKnJX/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 1318s + tokens_dir=/tmp/sssd-softhsm2-MrKnJX/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 1318s + token_name='Test Organization Sub Int Token' 1318s + '[' '!' -e /tmp/sssd-softhsm2-MrKnJX/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 1318s + '[' '!' -d /tmp/sssd-softhsm2-MrKnJX/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 1318s + echo 'Test Organization Sub Int Token' 1318s + '[' -n '' ']' 1318s + local output_base_name=SSSD-child-22686 1318s + local output_file=/tmp/sssd-softhsm2-MrKnJX/SSSD-child-22686.output 1318s + output_cert_file=/tmp/sssd-softhsm2-MrKnJX/SSSD-child-22686.pem 1318s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-MrKnJX/test-full-chain-CA.pem 1318s [p11_child[2361]] [main] (0x0400): p11_child started. 1318s [p11_child[2361]] [main] (0x2000): Running in [pre-auth] mode. 1318s [p11_child[2361]] [main] (0x2000): Running with effective IDs: [0][0]. 1318s [p11_child[2361]] [main] (0x2000): Running with real IDs [0][0]. 1318s [p11_child[2361]] [do_card] (0x4000): Module List: 1318s [p11_child[2361]] [do_card] (0x4000): common name: [softhsm2]. 1318s [p11_child[2361]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 1318s [p11_child[2361]] [do_card] (0x4000): Description [SoftHSM slot ID 0x4bb8dd92] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 1318s [p11_child[2361]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 1318s [p11_child[2361]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x4bb8dd92][1270406546] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 1318s [p11_child[2361]] [do_card] (0x4000): Login NOT required. 1318s [p11_child[2361]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 1318s [p11_child[2361]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 1318s [p11_child[2361]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Sub Int Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 1318s [p11_child[2361]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x4bb8dd92;slot-manufacturer=SoftHSM%20project;slot-id=1270406546;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=c50f8f0dcbb8dd92;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 1318s [p11_child[2361]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 1318s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-MrKnJX/SSSD-child-22686.output 1318s + echo '-----BEGIN CERTIFICATE-----' 1318s + tail -n1 /tmp/sssd-softhsm2-MrKnJX/SSSD-child-22686.output 1318s + echo '-----END CERTIFICATE-----' 1318s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-MrKnJX/SSSD-child-22686.pem 1318s + local found_md5 expected_md5 1318s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-MrKnJX/test-sub-intermediate-CA-trusted-certificate-0001.pem 1318s + expected_md5=Modulus=AEE637FF3695DE2089687D34474808B235ABAF7EAAE5C7F2F2577EF22AA69E496EC7AF5CA76DA54678CD6C0D699C1016AA987185FC294E7C62EBE11E6E9B0FF544DF755E77090DD3C4B798C97062FD19F0B1A23EB4102D4817249DCDED149B54528A7B580C89A6098E6CCF49EF682C91D89B83EB7371815DE8CB35AB6E1BB1AD 1318s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-MrKnJX/SSSD-child-22686.pem 1318s + found_md5=Modulus=AEE637FF3695DE2089687D34474808B235ABAF7EAAE5C7F2F2577EF22AA69E496EC7AF5CA76DA54678CD6C0D699C1016AA987185FC294E7C62EBE11E6E9B0FF544DF755E77090DD3C4B798C97062FD19F0B1A23EB4102D4817249DCDED149B54528A7B580C89A6098E6CCF49EF682C91D89B83EB7371815DE8CB35AB6E1BB1AD 1318s + '[' Modulus=AEE637FF3695DE2089687D34474808B235ABAF7EAAE5C7F2F2577EF22AA69E496EC7AF5CA76DA54678CD6C0D699C1016AA987185FC294E7C62EBE11E6E9B0FF544DF755E77090DD3C4B798C97062FD19F0B1A23EB4102D4817249DCDED149B54528A7B580C89A6098E6CCF49EF682C91D89B83EB7371815DE8CB35AB6E1BB1AD '!=' Modulus=AEE637FF3695DE2089687D34474808B235ABAF7EAAE5C7F2F2577EF22AA69E496EC7AF5CA76DA54678CD6C0D699C1016AA987185FC294E7C62EBE11E6E9B0FF544DF755E77090DD3C4B798C97062FD19F0B1A23EB4102D4817249DCDED149B54528A7B580C89A6098E6CCF49EF682C91D89B83EB7371815DE8CB35AB6E1BB1AD ']' 1318s + output_file=/tmp/sssd-softhsm2-MrKnJX/SSSD-child-22686-auth.output 1318s ++ basename /tmp/sssd-softhsm2-MrKnJX/SSSD-child-22686-auth.output .output 1318s + output_cert_file=/tmp/sssd-softhsm2-MrKnJX/SSSD-child-22686-auth.pem 1318s + echo -n 053350 1318s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-MrKnJX/test-full-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 '' --token_name 'Test Organization Sub Int Token' --module_name /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so 1318s [p11_child[2369]] [main] (0x0400): p11_child started. 1318s [p11_child[2369]] [main] (0x2000): Running in [auth] mode. 1318s [p11_child[2369]] [main] (0x2000): Running with effective IDs: [0][0]. 1318s [p11_child[2369]] [main] (0x2000): Running with real IDs [0][0]. 1318s [p11_child[2369]] [do_card] (0x4000): Module List: 1318s [p11_child[2369]] [do_card] (0x4000): common name: [softhsm2]. 1318s [p11_child[2369]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 1318s [p11_child[2369]] [do_card] (0x4000): Description [SoftHSM slot ID 0x4bb8dd92] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 1318s [p11_child[2369]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 1318s [p11_child[2369]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x4bb8dd92][1270406546] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 1318s [p11_child[2369]] [do_card] (0x4000): Login required. 1318s [p11_child[2369]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 1318s [p11_child[2369]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 1318s [p11_child[2369]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so Test Organization Sub Int Token Test Organization Sub Int Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 1318s [p11_child[2369]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x4bb8dd92;slot-manufacturer=SoftHSM%20project;slot-id=1270406546;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=c50f8f0dcbb8dd92;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 1318s [p11_child[2369]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 1318s [p11_child[2369]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 1318s [p11_child[2369]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 1318s [p11_child[2369]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 1318s [p11_child[2369]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 1318s [p11_child[2369]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 1318s [p11_child[2369]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 1318s [p11_child[2369]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 1318s [p11_child[2369]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 1318s [p11_child[2369]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 1318s [p11_child[2369]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 1318s [p11_child[2369]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 1318s [p11_child[2369]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 1318s [p11_child[2369]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 1318s [p11_child[2369]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 1318s [p11_child[2369]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 1318s [p11_child[2369]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 1318s [p11_child[2369]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 1318s [p11_child[2369]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 1318s [p11_child[2369]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 1318s [p11_child[2369]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 1318s [p11_child[2369]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 1318s [p11_child[2369]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 1318s [p11_child[2369]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 1318s [p11_child[2369]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 1318s [p11_child[2369]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 1318s [p11_child[2369]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 1318s [p11_child[2369]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 1318s [p11_child[2369]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 1318s [p11_child[2369]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 1318s [p11_child[2369]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 1318s [p11_child[2369]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 1318s [p11_child[2369]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 1318s [p11_child[2369]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 1318s [p11_child[2369]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 1318s [p11_child[2369]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 1318s [p11_child[2369]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 1318s [p11_child[2369]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 1318s [p11_child[2369]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 1318s [p11_child[2369]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 1318s [p11_child[2369]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 1318s [p11_child[2369]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 1318s [p11_child[2369]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 1318s [p11_child[2369]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 1318s [p11_child[2369]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 1318s [p11_child[2369]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 1318s [p11_child[2369]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 1318s [p11_child[2369]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 1318s [p11_child[2369]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 1318s [p11_child[2369]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 1318s [p11_child[2369]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 1318s [p11_child[2369]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 1318s [p11_child[2369]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 1318s [p11_child[2369]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 1318s [p11_child[2369]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 1318s [p11_child[2369]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 1318s [p11_child[2369]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 1318s [p11_child[2369]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 1318s [p11_child[2369]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 1318s [p11_child[2369]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 1318s [p11_child[2369]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 1318s [p11_child[2369]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 1318s [p11_child[2369]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 1318s [p11_child[2369]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 1318s [p11_child[2369]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 1318s [p11_child[2369]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 1318s [p11_child[2369]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 1318s [p11_child[2369]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 1318s [p11_child[2369]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 1318s [p11_child[2369]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 1318s [p11_child[2369]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 1318s [p11_child[2369]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 1318s [p11_child[2369]] [do_card] (0x4000): Certificate verified and validated. 1318s [p11_child[2369]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 1318s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-MrKnJX/SSSD-child-22686-auth.output 1318s + echo '-----BEGIN CERTIFICATE-----' 1318s + tail -n1 /tmp/sssd-softhsm2-MrKnJX/SSSD-child-22686-auth.output 1318s + echo '-----END CERTIFICATE-----' 1318s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-MrKnJX/SSSD-child-22686-auth.pem 1319s Certificate: 1319s Data: 1319s Version: 3 (0x2) 1319s Serial Number: 5 (0x5) 1319s Signature Algorithm: sha256WithRSAEncryption 1319s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 1319s Validity 1319s Not Before: Mar 18 18:11:05 2024 GMT 1319s Not After : Mar 18 18:11:05 2025 GMT 1319s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 1319s Subject Public Key Info: 1319s Public Key Algorithm: rsaEncryption 1319s Public-Key: (1024 bit) 1319s Modulus: 1319s 00:ae:e6:37:ff:36:95:de:20:89:68:7d:34:47:48: 1319s 08:b2:35:ab:af:7e:aa:e5:c7:f2:f2:57:7e:f2:2a: 1319s a6:9e:49:6e:c7:af:5c:a7:6d:a5:46:78:cd:6c:0d: 1319s 69:9c:10:16:aa:98:71:85:fc:29:4e:7c:62:eb:e1: 1319s 1e:6e:9b:0f:f5:44:df:75:5e:77:09:0d:d3:c4:b7: 1319s 98:c9:70:62:fd:19:f0:b1:a2:3e:b4:10:2d:48:17: 1319s 24:9d:cd:ed:14:9b:54:52:8a:7b:58:0c:89:a6:09: 1319s 8e:6c:cf:49:ef:68:2c:91:d8:9b:83:eb:73:71:81: 1319s 5d:e8:cb:35:ab:6e:1b:b1:ad 1319s Exponent: 65537 (0x10001) 1319s X509v3 extensions: 1319s X509v3 Authority Key Identifier: 1319s AF:47:73:AB:B1:CB:E0:E9:7E:D7:08:83:64:9C:A4:EC:70:13:49:F0 1319s X509v3 Basic Constraints: 1319s CA:FALSE 1319s Netscape Cert Type: 1319s SSL Client, S/MIME 1319s Netscape Comment: 1319s Test Organization Sub Intermediate CA trusted Certificate 1319s X509v3 Subject Key Identifier: 1319s 52:30:A4:83:AC:00:D0:D2:04:7F:47:03:9F:97:C7:58:35:D3:DB:A5 1319s X509v3 Key Usage: critical 1319s Digital Signature, Non Repudiation, Key Encipherment 1319s X509v3 Extended Key Usage: 1319s TLS Web Client Authentication, E-mail Protection 1319s X509v3 Subject Alternative Name: 1319s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 1319s Signature Algorithm: sha256WithRSAEncryption 1319s Signature Value: 1319s 33:03:95:e2:bb:aa:94:76:bd:7c:ed:1a:43:6a:8a:53:a6:4d: 1319s 8a:47:84:41:4a:bb:2f:0b:b7:28:bc:28:62:9f:8c:e6:42:e0: 1319s a2:88:06:c8:56:03:87:19:e5:de:31:3c:d6:7a:83:b4:ec:83: 1319s 19:b8:bf:e5:7f:cf:72:ee:30:7c:02:70:79:74:99:6e:af:1a: 1319s 80:a4:84:82:c7:92:69:09:6a:30:1a:39:67:7f:9a:ec:0b:e3: 1319s 00:e7:d0:9e:ed:e0:4f:fa:c4:d8:97:ec:1b:61:18:85:6a:31: 1319s db:de:7b:e9:96:08:ec:2a:76:78:ae:9a:ab:a2:db:48:90:db: 1319s 3f:4b 1319s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-MrKnJX/SSSD-child-22686-auth.pem 1319s + found_md5=Modulus=AEE637FF3695DE2089687D34474808B235ABAF7EAAE5C7F2F2577EF22AA69E496EC7AF5CA76DA54678CD6C0D699C1016AA987185FC294E7C62EBE11E6E9B0FF544DF755E77090DD3C4B798C97062FD19F0B1A23EB4102D4817249DCDED149B54528A7B580C89A6098E6CCF49EF682C91D89B83EB7371815DE8CB35AB6E1BB1AD 1319s + '[' Modulus=AEE637FF3695DE2089687D34474808B235ABAF7EAAE5C7F2F2577EF22AA69E496EC7AF5CA76DA54678CD6C0D699C1016AA987185FC294E7C62EBE11E6E9B0FF544DF755E77090DD3C4B798C97062FD19F0B1A23EB4102D4817249DCDED149B54528A7B580C89A6098E6CCF49EF682C91D89B83EB7371815DE8CB35AB6E1BB1AD '!=' Modulus=AEE637FF3695DE2089687D34474808B235ABAF7EAAE5C7F2F2577EF22AA69E496EC7AF5CA76DA54678CD6C0D699C1016AA987185FC294E7C62EBE11E6E9B0FF544DF755E77090DD3C4B798C97062FD19F0B1A23EB4102D4817249DCDED149B54528A7B580C89A6098E6CCF49EF682C91D89B83EB7371815DE8CB35AB6E1BB1AD ']' 1319s + valid_certificate /tmp/sssd-softhsm2-MrKnJX/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-17036 /tmp/sssd-softhsm2-MrKnJX/test-full-chain-CA.pem partial_chain 1319s + check_certificate /tmp/sssd-softhsm2-MrKnJX/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-17036 /tmp/sssd-softhsm2-MrKnJX/test-full-chain-CA.pem partial_chain 1319s + local certificate=/tmp/sssd-softhsm2-MrKnJX/test-sub-intermediate-CA-trusted-certificate-0001.pem 1319s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-17036 1319s + local key_ring=/tmp/sssd-softhsm2-MrKnJX/test-full-chain-CA.pem 1319s + local verify_option=partial_chain 1319s + prepare_softhsm2_card /tmp/sssd-softhsm2-MrKnJX/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-17036 1319s + local certificate=/tmp/sssd-softhsm2-MrKnJX/test-sub-intermediate-CA-trusted-certificate-0001.pem 1319s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-17036 1319s + local key_cn 1319s + local key_name 1319s + local tokens_dir 1319s + local output_cert_file 1319s + token_name= 1319s ++ basename /tmp/sssd-softhsm2-MrKnJX/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 1319s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 1319s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-MrKnJX/test-sub-intermediate-CA-trusted-certificate-0001.pem 1319s ++ sed -n 's/ *commonName *= //p' 1319s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 1319s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 1319s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-MrKnJX/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 1319s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-MrKnJX/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 1319s ++ basename /tmp/sssd-softhsm2-MrKnJX/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 1319s + tokens_dir=/tmp/sssd-softhsm2-MrKnJX/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 1319s + token_name='Test Organization Sub Int Token' 1319s + '[' '!' -e /tmp/sssd-softhsm2-MrKnJX/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 1319s + '[' '!' -d /tmp/sssd-softhsm2-MrKnJX/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 1319s + echo 'Test Organization Sub Int Token' 1319s Test Organization Sub Int Token 1319s + '[' -n partial_chain ']' 1319s + local verify_arg=--verify=partial_chain 1319s + local output_base_name=SSSD-child-8224 1319s + local output_file=/tmp/sssd-softhsm2-MrKnJX/SSSD-child-8224.output 1319s + output_cert_file=/tmp/sssd-softhsm2-MrKnJX/SSSD-child-8224.pem 1319s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-MrKnJX/test-full-chain-CA.pem 1319s [p11_child[2379]] [main] (0x0400): p11_child started. 1319s [p11_child[2379]] [main] (0x2000): Running in [pre-auth] mode. 1319s [p11_child[2379]] [main] (0x2000): Running with effective IDs: [0][0]. 1319s [p11_child[2379]] [main] (0x2000): Running with real IDs [0][0]. 1319s [p11_child[2379]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 1319s [p11_child[2379]] [do_card] (0x4000): Module List: 1319s [p11_child[2379]] [do_card] (0x4000): common name: [softhsm2]. 1319s [p11_child[2379]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 1319s [p11_child[2379]] [do_card] (0x4000): Description [SoftHSM slot ID 0x4bb8dd92] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 1319s [p11_child[2379]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 1319s [p11_child[2379]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x4bb8dd92][1270406546] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 1319s [p11_child[2379]] [do_card] (0x4000): Login NOT required. 1319s [p11_child[2379]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 1319s [p11_child[2379]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 1319s [p11_child[2379]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Sub Int Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 1319s [p11_child[2379]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x4bb8dd92;slot-manufacturer=SoftHSM%20project;slot-id=1270406546;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=c50f8f0dcbb8dd92;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 1319s [p11_child[2379]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 1319s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-MrKnJX/SSSD-child-8224.output 1319s + echo '-----BEGIN CERTIFICATE-----' 1319s + tail -n1 /tmp/sssd-softhsm2-MrKnJX/SSSD-child-8224.output 1319s + echo '-----END CERTIFICATE-----' 1319s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-MrKnJX/SSSD-child-8224.pem 1319s Certificate: 1319s Data: 1319s Version: 3 (0x2) 1319s Serial Number: 5 (0x5) 1319s Signature Algorithm: sha256WithRSAEncryption 1319s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 1319s Validity 1319s Not Before: Mar 18 18:11:05 2024 GMT 1319s Not After : Mar 18 18:11:05 2025 GMT 1319s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 1319s Subject Public Key Info: 1319s Public Key Algorithm: rsaEncryption 1319s Public-Key: (1024 bit) 1319s Modulus: 1319s 00:ae:e6:37:ff:36:95:de:20:89:68:7d:34:47:48: 1319s 08:b2:35:ab:af:7e:aa:e5:c7:f2:f2:57:7e:f2:2a: 1319s a6:9e:49:6e:c7:af:5c:a7:6d:a5:46:78:cd:6c:0d: 1319s 69:9c:10:16:aa:98:71:85:fc:29:4e:7c:62:eb:e1: 1319s 1e:6e:9b:0f:f5:44:df:75:5e:77:09:0d:d3:c4:b7: 1319s 98:c9:70:62:fd:19:f0:b1:a2:3e:b4:10:2d:48:17: 1319s 24:9d:cd:ed:14:9b:54:52:8a:7b:58:0c:89:a6:09: 1319s 8e:6c:cf:49:ef:68:2c:91:d8:9b:83:eb:73:71:81: 1319s 5d:e8:cb:35:ab:6e:1b:b1:ad 1319s Exponent: 65537 (0x10001) 1319s X509v3 extensions: 1319s X509v3 Authority Key Identifier: 1319s AF:47:73:AB:B1:CB:E0:E9:7E:D7:08:83:64:9C:A4:EC:70:13:49:F0 1319s X509v3 Basic Constraints: 1319s CA:FALSE 1319s Netscape Cert Type: 1319s SSL Client, S/MIME 1319s Netscape Comment: 1319s Test Organization Sub Intermediate CA trusted Certificate 1319s X509v3 Subject Key Identifier: 1319s 52:30:A4:83:AC:00:D0:D2:04:7F:47:03:9F:97:C7:58:35:D3:DB:A5 1319s X509v3 Key Usage: critical 1319s Digital Signature, Non Repudiation, Key Encipherment 1319s X509v3 Extended Key Usage: 1319s TLS Web Client Authentication, E-mail Protection 1319s X509v3 Subject Alternative Name: 1319s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 1319s Signature Algorithm: sha256WithRSAEncryption 1319s Signature Value: 1319s 33:03:95:e2:bb:aa:94:76:bd:7c:ed:1a:43:6a:8a:53:a6:4d: 1319s 8a:47:84:41:4a:bb:2f:0b:b7:28:bc:28:62:9f:8c:e6:42:e0: 1319s a2:88:06:c8:56:03:87:19:e5:de:31:3c:d6:7a:83:b4:ec:83: 1319s 19:b8:bf:e5:7f:cf:72:ee:30:7c:02:70:79:74:99:6e:af:1a: 1319s 80:a4:84:82:c7:92:69:09:6a:30:1a:39:67:7f:9a:ec:0b:e3: 1319s 00:e7:d0:9e:ed:e0:4f:fa:c4:d8:97:ec:1b:61:18:85:6a:31: 1319s db:de:7b:e9:96:08:ec:2a:76:78:ae:9a:ab:a2:db:48:90:db: 1319s 3f:4b 1319s + local found_md5 expected_md5 1319s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-MrKnJX/test-sub-intermediate-CA-trusted-certificate-0001.pem 1319s + expected_md5=Modulus=AEE637FF3695DE2089687D34474808B235ABAF7EAAE5C7F2F2577EF22AA69E496EC7AF5CA76DA54678CD6C0D699C1016AA987185FC294E7C62EBE11E6E9B0FF544DF755E77090DD3C4B798C97062FD19F0B1A23EB4102D4817249DCDED149B54528A7B580C89A6098E6CCF49EF682C91D89B83EB7371815DE8CB35AB6E1BB1AD 1319s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-MrKnJX/SSSD-child-8224.pem 1320s + found_md5=Modulus=AEE637FF3695DE2089687D34474808B235ABAF7EAAE5C7F2F2577EF22AA69E496EC7AF5CA76DA54678CD6C0D699C1016AA987185FC294E7C62EBE11E6E9B0FF544DF755E77090DD3C4B798C97062FD19F0B1A23EB4102D4817249DCDED149B54528A7B580C89A6098E6CCF49EF682C91D89B83EB7371815DE8CB35AB6E1BB1AD 1320s + '[' Modulus=AEE637FF3695DE2089687D34474808B235ABAF7EAAE5C7F2F2577EF22AA69E496EC7AF5CA76DA54678CD6C0D699C1016AA987185FC294E7C62EBE11E6E9B0FF544DF755E77090DD3C4B798C97062FD19F0B1A23EB4102D4817249DCDED149B54528A7B580C89A6098E6CCF49EF682C91D89B83EB7371815DE8CB35AB6E1BB1AD '!=' Modulus=AEE637FF3695DE2089687D34474808B235ABAF7EAAE5C7F2F2577EF22AA69E496EC7AF5CA76DA54678CD6C0D699C1016AA987185FC294E7C62EBE11E6E9B0FF544DF755E77090DD3C4B798C97062FD19F0B1A23EB4102D4817249DCDED149B54528A7B580C89A6098E6CCF49EF682C91D89B83EB7371815DE8CB35AB6E1BB1AD ']' 1320s + output_file=/tmp/sssd-softhsm2-MrKnJX/SSSD-child-8224-auth.output 1320s ++ basename /tmp/sssd-softhsm2-MrKnJX/SSSD-child-8224-auth.output .output 1320s + output_cert_file=/tmp/sssd-softhsm2-MrKnJX/SSSD-child-8224-auth.pem 1320s + echo -n 053350 1320s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-MrKnJX/test-full-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Sub Int Token' --module_name /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so 1320s [p11_child[2387]] [main] (0x0400): p11_child started. 1320s [p11_child[2387]] [main] (0x2000): Running in [auth] mode. 1320s [p11_child[2387]] [main] (0x2000): Running with effective IDs: [0][0]. 1320s [p11_child[2387]] [main] (0x2000): Running with real IDs [0][0]. 1320s [p11_child[2387]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 1320s [p11_child[2387]] [do_card] (0x4000): Module List: 1320s [p11_child[2387]] [do_card] (0x4000): common name: [softhsm2]. 1320s [p11_child[2387]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 1320s [p11_child[2387]] [do_card] (0x4000): Description [SoftHSM slot ID 0x4bb8dd92] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 1320s [p11_child[2387]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 1320s [p11_child[2387]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x4bb8dd92][1270406546] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 1320s [p11_child[2387]] [do_card] (0x4000): Login required. 1320s [p11_child[2387]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 1320s [p11_child[2387]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 1320s [p11_child[2387]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so Test Organization Sub Int Token Test Organization Sub Int Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 1320s [p11_child[2387]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x4bb8dd92;slot-manufacturer=SoftHSM%20project;slot-id=1270406546;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=c50f8f0dcbb8dd92;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 1320s [p11_child[2387]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 1320s [p11_child[2387]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 1320s [p11_child[2387]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 1320s [p11_child[2387]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 1320s [p11_child[2387]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 1320s [p11_child[2387]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 1320s [p11_child[2387]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 1320s [p11_child[2387]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 1320s [p11_child[2387]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 1320s [p11_child[2387]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 1320s [p11_child[2387]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 1320s [p11_child[2387]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 1320s [p11_child[2387]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 1320s [p11_child[2387]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 1320s [p11_child[2387]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 1320s [p11_child[2387]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 1320s [p11_child[2387]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 1320s [p11_child[2387]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 1320s [p11_child[2387]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 1320s [p11_child[2387]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 1320s [p11_child[2387]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 1320s [p11_child[2387]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 1320s [p11_child[2387]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 1320s [p11_child[2387]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 1320s [p11_child[2387]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 1320s [p11_child[2387]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 1320s [p11_child[2387]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 1320s [p11_child[2387]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 1320s [p11_child[2387]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 1320s [p11_child[2387]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 1320s [p11_child[2387]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 1320s [p11_child[2387]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 1320s [p11_child[2387]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 1320s [p11_child[2387]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 1320s [p11_child[2387]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 1320s [p11_child[2387]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 1320s [p11_child[2387]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 1320s [p11_child[2387]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 1320s [p11_child[2387]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 1320s [p11_child[2387]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 1320s [p11_child[2387]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 1320s [p11_child[2387]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 1320s [p11_child[2387]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 1320s [p11_child[2387]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 1320s [p11_child[2387]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 1320s [p11_child[2387]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 1320s [p11_child[2387]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 1320s [p11_child[2387]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 1320s [p11_child[2387]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 1320s [p11_child[2387]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 1320s [p11_child[2387]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 1320s [p11_child[2387]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 1320s [p11_child[2387]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 1320s [p11_child[2387]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 1320s [p11_child[2387]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 1320s [p11_child[2387]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 1320s [p11_child[2387]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 1320s [p11_child[2387]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 1320s [p11_child[2387]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 1320s [p11_child[2387]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 1320s [p11_child[2387]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 1320s [p11_child[2387]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 1320s [p11_child[2387]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 1320s [p11_child[2387]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 1320s [p11_child[2387]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 1320s [p11_child[2387]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 1320s [p11_child[2387]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 1320s [p11_child[2387]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 1320s [p11_child[2387]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 1320s [p11_child[2387]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 1320s [p11_child[2387]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 1320s [p11_child[2387]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 1320s [p11_child[2387]] [do_card] (0x4000): Certificate verified and validated. 1320s [p11_child[2387]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 1320s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-MrKnJX/SSSD-child-8224-auth.output 1320s + echo '-----BEGIN CERTIFICATE-----' 1320s + tail -n1 /tmp/sssd-softhsm2-MrKnJX/SSSD-child-8224-auth.output 1320s + echo '-----END CERTIFICATE-----' 1320s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-MrKnJX/SSSD-child-8224-auth.pem 1320s Certificate: 1320s Data: 1320s Version: 3 (0x2) 1320s Serial Number: 5 (0x5) 1320s Signature Algorithm: sha256WithRSAEncryption 1320s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 1320s Validity 1320s Not Before: Mar 18 18:11:05 2024 GMT 1320s Not After : Mar 18 18:11:05 2025 GMT 1320s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 1320s Subject Public Key Info: 1320s Public Key Algorithm: rsaEncryption 1320s Public-Key: (1024 bit) 1320s Modulus: 1320s 00:ae:e6:37:ff:36:95:de:20:89:68:7d:34:47:48: 1320s 08:b2:35:ab:af:7e:aa:e5:c7:f2:f2:57:7e:f2:2a: 1320s a6:9e:49:6e:c7:af:5c:a7:6d:a5:46:78:cd:6c:0d: 1320s 69:9c:10:16:aa:98:71:85:fc:29:4e:7c:62:eb:e1: 1320s 1e:6e:9b:0f:f5:44:df:75:5e:77:09:0d:d3:c4:b7: 1320s 98:c9:70:62:fd:19:f0:b1:a2:3e:b4:10:2d:48:17: 1320s 24:9d:cd:ed:14:9b:54:52:8a:7b:58:0c:89:a6:09: 1320s 8e:6c:cf:49:ef:68:2c:91:d8:9b:83:eb:73:71:81: 1320s 5d:e8:cb:35:ab:6e:1b:b1:ad 1320s Exponent: 65537 (0x10001) 1320s X509v3 extensions: 1320s X509v3 Authority Key Identifier: 1320s AF:47:73:AB:B1:CB:E0:E9:7E:D7:08:83:64:9C:A4:EC:70:13:49:F0 1320s X509v3 Basic Constraints: 1320s CA:FALSE 1320s Netscape Cert Type: 1320s SSL Client, S/MIME 1320s Netscape Comment: 1320s Test Organization Sub Intermediate CA trusted Certificate 1320s X509v3 Subject Key Identifier: 1320s 52:30:A4:83:AC:00:D0:D2:04:7F:47:03:9F:97:C7:58:35:D3:DB:A5 1320s X509v3 Key Usage: critical 1320s Digital Signature, Non Repudiation, Key Encipherment 1320s X509v3 Extended Key Usage: 1320s TLS Web Client Authentication, E-mail Protection 1320s X509v3 Subject Alternative Name: 1320s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 1320s Signature Algorithm: sha256WithRSAEncryption 1320s Signature Value: 1320s 33:03:95:e2:bb:aa:94:76:bd:7c:ed:1a:43:6a:8a:53:a6:4d: 1320s 8a:47:84:41:4a:bb:2f:0b:b7:28:bc:28:62:9f:8c:e6:42:e0: 1320s a2:88:06:c8:56:03:87:19:e5:de:31:3c:d6:7a:83:b4:ec:83: 1320s 19:b8:bf:e5:7f:cf:72:ee:30:7c:02:70:79:74:99:6e:af:1a: 1320s 80:a4:84:82:c7:92:69:09:6a:30:1a:39:67:7f:9a:ec:0b:e3: 1320s 00:e7:d0:9e:ed:e0:4f:fa:c4:d8:97:ec:1b:61:18:85:6a:31: 1320s db:de:7b:e9:96:08:ec:2a:76:78:ae:9a:ab:a2:db:48:90:db: 1320s 3f:4b 1320s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-MrKnJX/SSSD-child-8224-auth.pem 1321s + found_md5=Modulus=AEE637FF3695DE2089687D34474808B235ABAF7EAAE5C7F2F2577EF22AA69E496EC7AF5CA76DA54678CD6C0D699C1016AA987185FC294E7C62EBE11E6E9B0FF544DF755E77090DD3C4B798C97062FD19F0B1A23EB4102D4817249DCDED149B54528A7B580C89A6098E6CCF49EF682C91D89B83EB7371815DE8CB35AB6E1BB1AD 1321s + '[' Modulus=AEE637FF3695DE2089687D34474808B235ABAF7EAAE5C7F2F2577EF22AA69E496EC7AF5CA76DA54678CD6C0D699C1016AA987185FC294E7C62EBE11E6E9B0FF544DF755E77090DD3C4B798C97062FD19F0B1A23EB4102D4817249DCDED149B54528A7B580C89A6098E6CCF49EF682C91D89B83EB7371815DE8CB35AB6E1BB1AD '!=' Modulus=AEE637FF3695DE2089687D34474808B235ABAF7EAAE5C7F2F2577EF22AA69E496EC7AF5CA76DA54678CD6C0D699C1016AA987185FC294E7C62EBE11E6E9B0FF544DF755E77090DD3C4B798C97062FD19F0B1A23EB4102D4817249DCDED149B54528A7B580C89A6098E6CCF49EF682C91D89B83EB7371815DE8CB35AB6E1BB1AD ']' 1321s + invalid_certificate /tmp/sssd-softhsm2-MrKnJX/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-17036 /tmp/sssd-softhsm2-MrKnJX/test-sub-intermediate-CA.pem 1321s + check_certificate /tmp/sssd-softhsm2-MrKnJX/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-17036 /tmp/sssd-softhsm2-MrKnJX/test-sub-intermediate-CA.pem 1321s + local certificate=/tmp/sssd-softhsm2-MrKnJX/test-sub-intermediate-CA-trusted-certificate-0001.pem 1321s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-17036 1321s + local key_ring=/tmp/sssd-softhsm2-MrKnJX/test-sub-intermediate-CA.pem 1321s + local verify_option= 1321s + prepare_softhsm2_card /tmp/sssd-softhsm2-MrKnJX/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-17036 1321s + local certificate=/tmp/sssd-softhsm2-MrKnJX/test-sub-intermediate-CA-trusted-certificate-0001.pem 1321s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-17036 1321s + local key_cn 1321s + local key_name 1321s + local tokens_dir 1321s + local output_cert_file 1321s + token_name= 1321s ++ basename /tmp/sssd-softhsm2-MrKnJX/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 1321s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 1321s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-MrKnJX/test-sub-intermediate-CA-trusted-certificate-0001.pem 1321s ++ sed -n 's/ *commonName *= //p' 1321s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 1321s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 1321s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-MrKnJX/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 1321s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-MrKnJX/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 1321s ++ basename /tmp/sssd-softhsm2-MrKnJX/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 1321s + tokens_dir=/tmp/sssd-softhsm2-MrKnJX/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 1321s + token_name='Test Organization Sub Int Token' 1321s + '[' '!' -e /tmp/sssd-softhsm2-MrKnJX/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 1321s Test Organization Sub Int Token 1321s + '[' '!' -d /tmp/sssd-softhsm2-MrKnJX/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 1321s + echo 'Test Organization Sub Int Token' 1321s + '[' -n '' ']' 1321s + local output_base_name=SSSD-child-28995 1321s + local output_file=/tmp/sssd-softhsm2-MrKnJX/SSSD-child-28995.output 1321s + output_cert_file=/tmp/sssd-softhsm2-MrKnJX/SSSD-child-28995.pem 1321s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-MrKnJX/test-sub-intermediate-CA.pem 1321s [p11_child[2397]] [main] (0x0400): p11_child started. 1321s [p11_child[2397]] [main] (0x2000): Running in [pre-auth] mode. 1321s [p11_child[2397]] [main] (0x2000): Running with effective IDs: [0][0]. 1321s [p11_child[2397]] [main] (0x2000): Running with real IDs [0][0]. 1321s [p11_child[2397]] [do_card] (0x4000): Module List: 1321s [p11_child[2397]] [do_card] (0x4000): common name: [softhsm2]. 1321s [p11_child[2397]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 1321s [p11_child[2397]] [do_card] (0x4000): Description [SoftHSM slot ID 0x4bb8dd92] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 1321s [p11_child[2397]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 1321s [p11_child[2397]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x4bb8dd92][1270406546] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 1321s [p11_child[2397]] [do_card] (0x4000): Login NOT required. 1321s [p11_child[2397]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 1321s [p11_child[2397]] [do_verification] (0x0040): X509_verify_cert failed [0]. 1321s [p11_child[2397]] [do_verification] (0x0040): X509_verify_cert failed [2][unable to get issuer certificate]. 1321s [p11_child[2397]] [read_certs] (0x0040): Certificate [Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] not valid, skipping. 1321s [p11_child[2397]] [do_card] (0x4000): No certificate found. 1321s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-MrKnJX/SSSD-child-28995.output 1321s + return 2 1321s + invalid_certificate /tmp/sssd-softhsm2-MrKnJX/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-17036 /tmp/sssd-softhsm2-MrKnJX/test-root-intermediate-chain-CA.pem partial_chain 1321s + check_certificate /tmp/sssd-softhsm2-MrKnJX/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-17036 /tmp/sssd-softhsm2-MrKnJX/test-root-intermediate-chain-CA.pem partial_chain 1321s + local certificate=/tmp/sssd-softhsm2-MrKnJX/test-sub-intermediate-CA-trusted-certificate-0001.pem 1321s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-17036 1321s + local key_ring=/tmp/sssd-softhsm2-MrKnJX/test-root-intermediate-chain-CA.pem 1321s + local verify_option=partial_chain 1321s + prepare_softhsm2_card /tmp/sssd-softhsm2-MrKnJX/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-17036 1321s + local certificate=/tmp/sssd-softhsm2-MrKnJX/test-sub-intermediate-CA-trusted-certificate-0001.pem 1321s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-17036 1321s + local key_cn 1321s + local key_name 1321s + local tokens_dir 1321s + local output_cert_file 1321s + token_name= 1321s ++ basename /tmp/sssd-softhsm2-MrKnJX/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 1321s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 1321s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-MrKnJX/test-sub-intermediate-CA-trusted-certificate-0001.pem 1321s ++ sed -n 's/ *commonName *= //p' 1321s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 1321s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 1321s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-MrKnJX/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 1321s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-MrKnJX/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 1321s ++ basename /tmp/sssd-softhsm2-MrKnJX/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 1321s Test Organization Sub Int Token 1321s + tokens_dir=/tmp/sssd-softhsm2-MrKnJX/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 1321s + token_name='Test Organization Sub Int Token' 1321s + '[' '!' -e /tmp/sssd-softhsm2-MrKnJX/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 1321s + '[' '!' -d /tmp/sssd-softhsm2-MrKnJX/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 1321s + echo 'Test Organization Sub Int Token' 1321s + '[' -n partial_chain ']' 1321s + local verify_arg=--verify=partial_chain 1321s + local output_base_name=SSSD-child-5748 1321s + local output_file=/tmp/sssd-softhsm2-MrKnJX/SSSD-child-5748.output 1321s + output_cert_file=/tmp/sssd-softhsm2-MrKnJX/SSSD-child-5748.pem 1321s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-MrKnJX/test-root-intermediate-chain-CA.pem 1321s [p11_child[2404]] [main] (0x0400): p11_child started. 1321s [p11_child[2404]] [main] (0x2000): Running in [pre-auth] mode. 1321s [p11_child[2404]] [main] (0x2000): Running with effective IDs: [0][0]. 1321s [p11_child[2404]] [main] (0x2000): Running with real IDs [0][0]. 1321s [p11_child[2404]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 1321s [p11_child[2404]] [do_card] (0x4000): Module List: 1321s [p11_child[2404]] [do_card] (0x4000): common name: [softhsm2]. 1321s [p11_child[2404]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 1321s [p11_child[2404]] [do_card] (0x4000): Description [SoftHSM slot ID 0x4bb8dd92] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 1321s [p11_child[2404]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 1321s [p11_child[2404]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x4bb8dd92][1270406546] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 1321s [p11_child[2404]] [do_card] (0x4000): Login NOT required. 1321s [p11_child[2404]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 1321s [p11_child[2404]] [do_verification] (0x0040): X509_verify_cert failed [0]. 1321s [p11_child[2404]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 1321s [p11_child[2404]] [read_certs] (0x0040): Certificate [Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] not valid, skipping. 1321s [p11_child[2404]] [do_card] (0x4000): No certificate found. 1321s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-MrKnJX/SSSD-child-5748.output 1321s + return 2 1321s + valid_certificate /tmp/sssd-softhsm2-MrKnJX/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-17036 /tmp/sssd-softhsm2-MrKnJX/test-sub-intermediate-CA.pem partial_chain 1321s + check_certificate /tmp/sssd-softhsm2-MrKnJX/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-17036 /tmp/sssd-softhsm2-MrKnJX/test-sub-intermediate-CA.pem partial_chain 1321s + local certificate=/tmp/sssd-softhsm2-MrKnJX/test-sub-intermediate-CA-trusted-certificate-0001.pem 1321s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-17036 1321s + local key_ring=/tmp/sssd-softhsm2-MrKnJX/test-sub-intermediate-CA.pem 1321s + local verify_option=partial_chain 1321s + prepare_softhsm2_card /tmp/sssd-softhsm2-MrKnJX/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-17036 1321s + local certificate=/tmp/sssd-softhsm2-MrKnJX/test-sub-intermediate-CA-trusted-certificate-0001.pem 1321s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-17036 1321s + local key_cn 1321s + local key_name 1321s + local tokens_dir 1321s + local output_cert_file 1321s + token_name= 1321s ++ basename /tmp/sssd-softhsm2-MrKnJX/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 1321s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 1321s ++ sed -n 's/ *commonName *= //p' 1321s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-MrKnJX/test-sub-intermediate-CA-trusted-certificate-0001.pem 1321s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 1321s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 1321s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-MrKnJX/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 1321s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-MrKnJX/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 1321s ++ basename /tmp/sssd-softhsm2-MrKnJX/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 1321s + tokens_dir=/tmp/sssd-softhsm2-MrKnJX/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 1321s + token_name='Test Organization Sub Int Token' 1321s + '[' '!' -e /tmp/sssd-softhsm2-MrKnJX/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 1321s + '[' '!' -d /tmp/sssd-softhsm2-MrKnJX/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 1321s + echo 'Test Organization Sub Int Token' 1321s Test Organization Sub Int Token 1321s + '[' -n partial_chain ']' 1321s + local verify_arg=--verify=partial_chain 1321s + local output_base_name=SSSD-child-18468 1321s + local output_file=/tmp/sssd-softhsm2-MrKnJX/SSSD-child-18468.output 1321s + output_cert_file=/tmp/sssd-softhsm2-MrKnJX/SSSD-child-18468.pem 1321s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-MrKnJX/test-sub-intermediate-CA.pem 1321s [p11_child[2411]] [main] (0x0400): p11_child started. 1321s [p11_child[2411]] [main] (0x2000): Running in [pre-auth] mode. 1321s [p11_child[2411]] [main] (0x2000): Running with effective IDs: [0][0]. 1321s [p11_child[2411]] [main] (0x2000): Running with real IDs [0][0]. 1321s [p11_child[2411]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 1322s [p11_child[2411]] [do_card] (0x4000): Module List: 1322s [p11_child[2411]] [do_card] (0x4000): common name: [softhsm2]. 1322s [p11_child[2411]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 1322s [p11_child[2411]] [do_card] (0x4000): Description [SoftHSM slot ID 0x4bb8dd92] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 1322s [p11_child[2411]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 1322s [p11_child[2411]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x4bb8dd92][1270406546] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 1322s [p11_child[2411]] [do_card] (0x4000): Login NOT required. 1322s [p11_child[2411]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 1322s [p11_child[2411]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 1322s [p11_child[2411]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Sub Int Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 1322s [p11_child[2411]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x4bb8dd92;slot-manufacturer=SoftHSM%20project;slot-id=1270406546;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=c50f8f0dcbb8dd92;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 1322s [p11_child[2411]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 1322s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-MrKnJX/SSSD-child-18468.output 1322s + echo '-----BEGIN CERTIFICATE-----' 1322s + tail -n1 /tmp/sssd-softhsm2-MrKnJX/SSSD-child-18468.output 1322s + echo '-----END CERTIFICATE-----' 1322s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-MrKnJX/SSSD-child-18468.pem 1322s Certificate: 1322s Data: 1322s Version: 3 (0x2) 1322s Serial Number: 5 (0x5) 1322s Signature Algorithm: sha256WithRSAEncryption 1322s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 1322s Validity 1322s Not Before: Mar 18 18:11:05 2024 GMT 1322s Not After : Mar 18 18:11:05 2025 GMT 1322s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 1322s Subject Public Key Info: 1322s Public Key Algorithm: rsaEncryption 1322s Public-Key: (1024 bit) 1322s Modulus: 1322s 00:ae:e6:37:ff:36:95:de:20:89:68:7d:34:47:48: 1322s 08:b2:35:ab:af:7e:aa:e5:c7:f2:f2:57:7e:f2:2a: 1322s a6:9e:49:6e:c7:af:5c:a7:6d:a5:46:78:cd:6c:0d: 1322s 69:9c:10:16:aa:98:71:85:fc:29:4e:7c:62:eb:e1: 1322s 1e:6e:9b:0f:f5:44:df:75:5e:77:09:0d:d3:c4:b7: 1322s 98:c9:70:62:fd:19:f0:b1:a2:3e:b4:10:2d:48:17: 1322s 24:9d:cd:ed:14:9b:54:52:8a:7b:58:0c:89:a6:09: 1322s 8e:6c:cf:49:ef:68:2c:91:d8:9b:83:eb:73:71:81: 1322s 5d:e8:cb:35:ab:6e:1b:b1:ad 1322s Exponent: 65537 (0x10001) 1322s X509v3 extensions: 1322s X509v3 Authority Key Identifier: 1322s AF:47:73:AB:B1:CB:E0:E9:7E:D7:08:83:64:9C:A4:EC:70:13:49:F0 1322s X509v3 Basic Constraints: 1322s CA:FALSE 1322s Netscape Cert Type: 1322s SSL Client, S/MIME 1322s Netscape Comment: 1322s Test Organization Sub Intermediate CA trusted Certificate 1322s X509v3 Subject Key Identifier: 1322s 52:30:A4:83:AC:00:D0:D2:04:7F:47:03:9F:97:C7:58:35:D3:DB:A5 1322s X509v3 Key Usage: critical 1322s Digital Signature, Non Repudiation, Key Encipherment 1322s X509v3 Extended Key Usage: 1322s TLS Web Client Authentication, E-mail Protection 1322s X509v3 Subject Alternative Name: 1322s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 1322s Signature Algorithm: sha256WithRSAEncryption 1322s Signature Value: 1322s 33:03:95:e2:bb:aa:94:76:bd:7c:ed:1a:43:6a:8a:53:a6:4d: 1322s 8a:47:84:41:4a:bb:2f:0b:b7:28:bc:28:62:9f:8c:e6:42:e0: 1322s a2:88:06:c8:56:03:87:19:e5:de:31:3c:d6:7a:83:b4:ec:83: 1322s 19:b8:bf:e5:7f:cf:72:ee:30:7c:02:70:79:74:99:6e:af:1a: 1322s 80:a4:84:82:c7:92:69:09:6a:30:1a:39:67:7f:9a:ec:0b:e3: 1322s 00:e7:d0:9e:ed:e0:4f:fa:c4:d8:97:ec:1b:61:18:85:6a:31: 1322s db:de:7b:e9:96:08:ec:2a:76:78:ae:9a:ab:a2:db:48:90:db: 1322s 3f:4b 1322s + local found_md5 expected_md5 1322s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-MrKnJX/test-sub-intermediate-CA-trusted-certificate-0001.pem 1322s + expected_md5=Modulus=AEE637FF3695DE2089687D34474808B235ABAF7EAAE5C7F2F2577EF22AA69E496EC7AF5CA76DA54678CD6C0D699C1016AA987185FC294E7C62EBE11E6E9B0FF544DF755E77090DD3C4B798C97062FD19F0B1A23EB4102D4817249DCDED149B54528A7B580C89A6098E6CCF49EF682C91D89B83EB7371815DE8CB35AB6E1BB1AD 1322s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-MrKnJX/SSSD-child-18468.pem 1322s + found_md5=Modulus=AEE637FF3695DE2089687D34474808B235ABAF7EAAE5C7F2F2577EF22AA69E496EC7AF5CA76DA54678CD6C0D699C1016AA987185FC294E7C62EBE11E6E9B0FF544DF755E77090DD3C4B798C97062FD19F0B1A23EB4102D4817249DCDED149B54528A7B580C89A6098E6CCF49EF682C91D89B83EB7371815DE8CB35AB6E1BB1AD 1322s + '[' Modulus=AEE637FF3695DE2089687D34474808B235ABAF7EAAE5C7F2F2577EF22AA69E496EC7AF5CA76DA54678CD6C0D699C1016AA987185FC294E7C62EBE11E6E9B0FF544DF755E77090DD3C4B798C97062FD19F0B1A23EB4102D4817249DCDED149B54528A7B580C89A6098E6CCF49EF682C91D89B83EB7371815DE8CB35AB6E1BB1AD '!=' Modulus=AEE637FF3695DE2089687D34474808B235ABAF7EAAE5C7F2F2577EF22AA69E496EC7AF5CA76DA54678CD6C0D699C1016AA987185FC294E7C62EBE11E6E9B0FF544DF755E77090DD3C4B798C97062FD19F0B1A23EB4102D4817249DCDED149B54528A7B580C89A6098E6CCF49EF682C91D89B83EB7371815DE8CB35AB6E1BB1AD ']' 1322s + output_file=/tmp/sssd-softhsm2-MrKnJX/SSSD-child-18468-auth.output 1322s ++ basename /tmp/sssd-softhsm2-MrKnJX/SSSD-child-18468-auth.output .output 1322s + output_cert_file=/tmp/sssd-softhsm2-MrKnJX/SSSD-child-18468-auth.pem 1322s + echo -n 053350 1322s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-MrKnJX/test-sub-intermediate-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Sub Int Token' --module_name /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so 1322s [p11_child[2419]] [main] (0x0400): p11_child started. 1322s [p11_child[2419]] [main] (0x2000): Running in [auth] mode. 1322s [p11_child[2419]] [main] (0x2000): Running with effective IDs: [0][0]. 1322s [p11_child[2419]] [main] (0x2000): Running with real IDs [0][0]. 1322s [p11_child[2419]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 1322s [p11_child[2419]] [do_card] (0x4000): Module List: 1322s [p11_child[2419]] [do_card] (0x4000): common name: [softhsm2]. 1322s [p11_child[2419]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 1322s [p11_child[2419]] [do_card] (0x4000): Description [SoftHSM slot ID 0x4bb8dd92] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 1322s [p11_child[2419]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 1322s [p11_child[2419]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x4bb8dd92][1270406546] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 1322s [p11_child[2419]] [do_card] (0x4000): Login required. 1322s [p11_child[2419]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 1322s [p11_child[2419]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 1322s [p11_child[2419]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so Test Organization Sub Int Token Test Organization Sub Int Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 1322s [p11_child[2419]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x4bb8dd92;slot-manufacturer=SoftHSM%20project;slot-id=1270406546;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=c50f8f0dcbb8dd92;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 1322s [p11_child[2419]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 1322s [p11_child[2419]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 1322s [p11_child[2419]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 1322s [p11_child[2419]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 1322s [p11_child[2419]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 1322s [p11_child[2419]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 1322s [p11_child[2419]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 1322s [p11_child[2419]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 1322s [p11_child[2419]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 1322s [p11_child[2419]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 1322s [p11_child[2419]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 1322s [p11_child[2419]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 1322s [p11_child[2419]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 1322s [p11_child[2419]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 1322s [p11_child[2419]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 1322s [p11_child[2419]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 1322s [p11_child[2419]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 1322s [p11_child[2419]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 1322s [p11_child[2419]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 1322s [p11_child[2419]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 1322s [p11_child[2419]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 1322s [p11_child[2419]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 1322s [p11_child[2419]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 1322s [p11_child[2419]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 1322s [p11_child[2419]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 1322s [p11_child[2419]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 1322s [p11_child[2419]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 1322s [p11_child[2419]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 1322s [p11_child[2419]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 1322s [p11_child[2419]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 1322s [p11_child[2419]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 1322s [p11_child[2419]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 1322s [p11_child[2419]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 1322s [p11_child[2419]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 1322s [p11_child[2419]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 1322s [p11_child[2419]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 1322s [p11_child[2419]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 1322s [p11_child[2419]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 1322s [p11_child[2419]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 1322s [p11_child[2419]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 1322s [p11_child[2419]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 1322s [p11_child[2419]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 1322s [p11_child[2419]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 1322s [p11_child[2419]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 1322s [p11_child[2419]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 1322s [p11_child[2419]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 1322s [p11_child[2419]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 1322s [p11_child[2419]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 1322s [p11_child[2419]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 1322s [p11_child[2419]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 1322s [p11_child[2419]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 1322s [p11_child[2419]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 1322s [p11_child[2419]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 1322s [p11_child[2419]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 1322s [p11_child[2419]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 1322s [p11_child[2419]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 1322s [p11_child[2419]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 1322s [p11_child[2419]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 1322s [p11_child[2419]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 1322s [p11_child[2419]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 1322s [p11_child[2419]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 1322s [p11_child[2419]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 1322s [p11_child[2419]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 1322s [p11_child[2419]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 1322s [p11_child[2419]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 1322s [p11_child[2419]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 1322s [p11_child[2419]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 1322s [p11_child[2419]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 1322s [p11_child[2419]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 1322s [p11_child[2419]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 1322s [p11_child[2419]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 1322s [p11_child[2419]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 1322s [p11_child[2419]] [do_card] (0x4000): Certificate verified and validated. 1322s [p11_child[2419]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 1322s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-MrKnJX/SSSD-child-18468-auth.output 1322s + echo '-----BEGIN CERTIFICATE-----' 1322s + tail -n1 /tmp/sssd-softhsm2-MrKnJX/SSSD-child-18468-auth.output 1322s + echo '-----END CERTIFICATE-----' 1322s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-MrKnJX/SSSD-child-18468-auth.pem 1322s Certificate: 1322s Data: 1322s Version: 3 (0x2) 1322s Serial Number: 5 (0x5) 1322s Signature Algorithm: sha256WithRSAEncryption 1322s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 1322s Validity 1322s Not Before: Mar 18 18:11:05 2024 GMT 1322s Not After : Mar 18 18:11:05 2025 GMT 1322s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 1322s Subject Public Key Info: 1322s Public Key Algorithm: rsaEncryption 1322s Public-Key: (1024 bit) 1322s Modulus: 1322s 00:ae:e6:37:ff:36:95:de:20:89:68:7d:34:47:48: 1322s 08:b2:35:ab:af:7e:aa:e5:c7:f2:f2:57:7e:f2:2a: 1322s a6:9e:49:6e:c7:af:5c:a7:6d:a5:46:78:cd:6c:0d: 1322s 69:9c:10:16:aa:98:71:85:fc:29:4e:7c:62:eb:e1: 1322s 1e:6e:9b:0f:f5:44:df:75:5e:77:09:0d:d3:c4:b7: 1322s 98:c9:70:62:fd:19:f0:b1:a2:3e:b4:10:2d:48:17: 1322s 24:9d:cd:ed:14:9b:54:52:8a:7b:58:0c:89:a6:09: 1322s 8e:6c:cf:49:ef:68:2c:91:d8:9b:83:eb:73:71:81: 1322s 5d:e8:cb:35:ab:6e:1b:b1:ad 1322s Exponent: 65537 (0x10001) 1322s X509v3 extensions: 1322s X509v3 Authority Key Identifier: 1322s AF:47:73:AB:B1:CB:E0:E9:7E:D7:08:83:64:9C:A4:EC:70:13:49:F0 1322s X509v3 Basic Constraints: 1322s CA:FALSE 1322s Netscape Cert Type: 1322s SSL Client, S/MIME 1322s Netscape Comment: 1322s Test Organization Sub Intermediate CA trusted Certificate 1322s X509v3 Subject Key Identifier: 1322s 52:30:A4:83:AC:00:D0:D2:04:7F:47:03:9F:97:C7:58:35:D3:DB:A5 1322s X509v3 Key Usage: critical 1322s Digital Signature, Non Repudiation, Key Encipherment 1322s X509v3 Extended Key Usage: 1322s TLS Web Client Authentication, E-mail Protection 1322s X509v3 Subject Alternative Name: 1322s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 1322s Signature Algorithm: sha256WithRSAEncryption 1322s Signature Value: 1322s 33:03:95:e2:bb:aa:94:76:bd:7c:ed:1a:43:6a:8a:53:a6:4d: 1322s 8a:47:84:41:4a:bb:2f:0b:b7:28:bc:28:62:9f:8c:e6:42:e0: 1322s a2:88:06:c8:56:03:87:19:e5:de:31:3c:d6:7a:83:b4:ec:83: 1322s 19:b8:bf:e5:7f:cf:72:ee:30:7c:02:70:79:74:99:6e:af:1a: 1322s 80:a4:84:82:c7:92:69:09:6a:30:1a:39:67:7f:9a:ec:0b:e3: 1322s 00:e7:d0:9e:ed:e0:4f:fa:c4:d8:97:ec:1b:61:18:85:6a:31: 1322s db:de:7b:e9:96:08:ec:2a:76:78:ae:9a:ab:a2:db:48:90:db: 1322s 3f:4b 1322s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-MrKnJX/SSSD-child-18468-auth.pem 1323s + found_md5=Modulus=AEE637FF3695DE2089687D34474808B235ABAF7EAAE5C7F2F2577EF22AA69E496EC7AF5CA76DA54678CD6C0D699C1016AA987185FC294E7C62EBE11E6E9B0FF544DF755E77090DD3C4B798C97062FD19F0B1A23EB4102D4817249DCDED149B54528A7B580C89A6098E6CCF49EF682C91D89B83EB7371815DE8CB35AB6E1BB1AD 1323s + '[' Modulus=AEE637FF3695DE2089687D34474808B235ABAF7EAAE5C7F2F2577EF22AA69E496EC7AF5CA76DA54678CD6C0D699C1016AA987185FC294E7C62EBE11E6E9B0FF544DF755E77090DD3C4B798C97062FD19F0B1A23EB4102D4817249DCDED149B54528A7B580C89A6098E6CCF49EF682C91D89B83EB7371815DE8CB35AB6E1BB1AD '!=' Modulus=AEE637FF3695DE2089687D34474808B235ABAF7EAAE5C7F2F2577EF22AA69E496EC7AF5CA76DA54678CD6C0D699C1016AA987185FC294E7C62EBE11E6E9B0FF544DF755E77090DD3C4B798C97062FD19F0B1A23EB4102D4817249DCDED149B54528A7B580C89A6098E6CCF49EF682C91D89B83EB7371815DE8CB35AB6E1BB1AD ']' 1323s + valid_certificate /tmp/sssd-softhsm2-MrKnJX/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-17036 /tmp/sssd-softhsm2-MrKnJX/test-intermediate-sub-chain-CA.pem partial_chain 1323s + check_certificate /tmp/sssd-softhsm2-MrKnJX/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-17036 /tmp/sssd-softhsm2-MrKnJX/test-intermediate-sub-chain-CA.pem partial_chain 1323s + local certificate=/tmp/sssd-softhsm2-MrKnJX/test-sub-intermediate-CA-trusted-certificate-0001.pem 1323s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-17036 1323s + local key_ring=/tmp/sssd-softhsm2-MrKnJX/test-intermediate-sub-chain-CA.pem 1323s + local verify_option=partial_chain 1323s + prepare_softhsm2_card /tmp/sssd-softhsm2-MrKnJX/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-17036 1323s + local certificate=/tmp/sssd-softhsm2-MrKnJX/test-sub-intermediate-CA-trusted-certificate-0001.pem 1323s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-17036 1323s + local key_cn 1323s + local key_name 1323s + local tokens_dir 1323s + local output_cert_file 1323s + token_name= 1323s ++ basename /tmp/sssd-softhsm2-MrKnJX/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 1323s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 1323s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-MrKnJX/test-sub-intermediate-CA-trusted-certificate-0001.pem 1323s ++ sed -n 's/ *commonName *= //p' 1323s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 1323s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 1323s Test Organization Sub Int Token 1323s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-MrKnJX/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 1323s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-MrKnJX/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 1323s ++ basename /tmp/sssd-softhsm2-MrKnJX/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 1323s + tokens_dir=/tmp/sssd-softhsm2-MrKnJX/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 1323s + token_name='Test Organization Sub Int Token' 1323s + '[' '!' -e /tmp/sssd-softhsm2-MrKnJX/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 1323s + '[' '!' -d /tmp/sssd-softhsm2-MrKnJX/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 1323s + echo 'Test Organization Sub Int Token' 1323s + '[' -n partial_chain ']' 1323s + local verify_arg=--verify=partial_chain 1323s + local output_base_name=SSSD-child-2366 1323s + local output_file=/tmp/sssd-softhsm2-MrKnJX/SSSD-child-2366.output 1323s + output_cert_file=/tmp/sssd-softhsm2-MrKnJX/SSSD-child-2366.pem 1323s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-MrKnJX/test-intermediate-sub-chain-CA.pem 1323s [p11_child[2429]] [main] (0x0400): p11_child started. 1323s [p11_child[2429]] [main] (0x2000): Running in [pre-auth] mode. 1323s [p11_child[2429]] [main] (0x2000): Running with effective IDs: [0][0]. 1323s [p11_child[2429]] [main] (0x2000): Running with real IDs [0][0]. 1323s [p11_child[2429]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 1323s [p11_child[2429]] [do_card] (0x4000): Module List: 1323s [p11_child[2429]] [do_card] (0x4000): common name: [softhsm2]. 1323s [p11_child[2429]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 1323s [p11_child[2429]] [do_card] (0x4000): Description [SoftHSM slot ID 0x4bb8dd92] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 1323s [p11_child[2429]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 1323s [p11_child[2429]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x4bb8dd92][1270406546] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 1323s [p11_child[2429]] [do_card] (0x4000): Login NOT required. 1323s [p11_child[2429]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 1323s [p11_child[2429]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 1323s [p11_child[2429]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Sub Int Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 1323s [p11_child[2429]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x4bb8dd92;slot-manufacturer=SoftHSM%20project;slot-id=1270406546;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=c50f8f0dcbb8dd92;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 1323s [p11_child[2429]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 1323s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-MrKnJX/SSSD-child-2366.output 1323s + echo '-----BEGIN CERTIFICATE-----' 1323s + tail -n1 /tmp/sssd-softhsm2-MrKnJX/SSSD-child-2366.output 1323s + echo '-----END CERTIFICATE-----' 1323s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-MrKnJX/SSSD-child-2366.pem 1324s Certificate: 1324s Data: 1324s Version: 3 (0x2) 1324s Serial Number: 5 (0x5) 1324s Signature Algorithm: sha256WithRSAEncryption 1324s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 1324s Validity 1324s Not Before: Mar 18 18:11:05 2024 GMT 1324s Not After : Mar 18 18:11:05 2025 GMT 1324s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 1324s Subject Public Key Info: 1324s Public Key Algorithm: rsaEncryption 1324s Public-Key: (1024 bit) 1324s Modulus: 1324s 00:ae:e6:37:ff:36:95:de:20:89:68:7d:34:47:48: 1324s 08:b2:35:ab:af:7e:aa:e5:c7:f2:f2:57:7e:f2:2a: 1324s a6:9e:49:6e:c7:af:5c:a7:6d:a5:46:78:cd:6c:0d: 1324s 69:9c:10:16:aa:98:71:85:fc:29:4e:7c:62:eb:e1: 1324s 1e:6e:9b:0f:f5:44:df:75:5e:77:09:0d:d3:c4:b7: 1324s 98:c9:70:62:fd:19:f0:b1:a2:3e:b4:10:2d:48:17: 1324s 24:9d:cd:ed:14:9b:54:52:8a:7b:58:0c:89:a6:09: 1324s 8e:6c:cf:49:ef:68:2c:91:d8:9b:83:eb:73:71:81: 1324s 5d:e8:cb:35:ab:6e:1b:b1:ad 1324s Exponent: 65537 (0x10001) 1324s X509v3 extensions: 1324s X509v3 Authority Key Identifier: 1324s AF:47:73:AB:B1:CB:E0:E9:7E:D7:08:83:64:9C:A4:EC:70:13:49:F0 1324s X509v3 Basic Constraints: 1324s CA:FALSE 1324s Netscape Cert Type: 1324s SSL Client, S/MIME 1324s Netscape Comment: 1324s Test Organization Sub Intermediate CA trusted Certificate 1324s X509v3 Subject Key Identifier: 1324s 52:30:A4:83:AC:00:D0:D2:04:7F:47:03:9F:97:C7:58:35:D3:DB:A5 1324s X509v3 Key Usage: critical 1324s Digital Signature, Non Repudiation, Key Encipherment 1324s X509v3 Extended Key Usage: 1324s TLS Web Client Authentication, E-mail Protection 1324s X509v3 Subject Alternative Name: 1324s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 1324s Signature Algorithm: sha256WithRSAEncryption 1324s Signature Value: 1324s 33:03:95:e2:bb:aa:94:76:bd:7c:ed:1a:43:6a:8a:53:a6:4d: 1324s 8a:47:84:41:4a:bb:2f:0b:b7:28:bc:28:62:9f:8c:e6:42:e0: 1324s a2:88:06:c8:56:03:87:19:e5:de:31:3c:d6:7a:83:b4:ec:83: 1324s 19:b8:bf:e5:7f:cf:72:ee:30:7c:02:70:79:74:99:6e:af:1a: 1324s 80:a4:84:82:c7:92:69:09:6a:30:1a:39:67:7f:9a:ec:0b:e3: 1324s 00:e7:d0:9e:ed:e0:4f:fa:c4:d8:97:ec:1b:61:18:85:6a:31: 1324s db:de:7b:e9:96:08:ec:2a:76:78:ae:9a:ab:a2:db:48:90:db: 1324s 3f:4b 1324s + local found_md5 expected_md5 1324s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-MrKnJX/test-sub-intermediate-CA-trusted-certificate-0001.pem 1324s + expected_md5=Modulus=AEE637FF3695DE2089687D34474808B235ABAF7EAAE5C7F2F2577EF22AA69E496EC7AF5CA76DA54678CD6C0D699C1016AA987185FC294E7C62EBE11E6E9B0FF544DF755E77090DD3C4B798C97062FD19F0B1A23EB4102D4817249DCDED149B54528A7B580C89A6098E6CCF49EF682C91D89B83EB7371815DE8CB35AB6E1BB1AD 1324s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-MrKnJX/SSSD-child-2366.pem 1324s + found_md5=Modulus=AEE637FF3695DE2089687D34474808B235ABAF7EAAE5C7F2F2577EF22AA69E496EC7AF5CA76DA54678CD6C0D699C1016AA987185FC294E7C62EBE11E6E9B0FF544DF755E77090DD3C4B798C97062FD19F0B1A23EB4102D4817249DCDED149B54528A7B580C89A6098E6CCF49EF682C91D89B83EB7371815DE8CB35AB6E1BB1AD 1324s + '[' Modulus=AEE637FF3695DE2089687D34474808B235ABAF7EAAE5C7F2F2577EF22AA69E496EC7AF5CA76DA54678CD6C0D699C1016AA987185FC294E7C62EBE11E6E9B0FF544DF755E77090DD3C4B798C97062FD19F0B1A23EB4102D4817249DCDED149B54528A7B580C89A6098E6CCF49EF682C91D89B83EB7371815DE8CB35AB6E1BB1AD '!=' Modulus=AEE637FF3695DE2089687D34474808B235ABAF7EAAE5C7F2F2577EF22AA69E496EC7AF5CA76DA54678CD6C0D699C1016AA987185FC294E7C62EBE11E6E9B0FF544DF755E77090DD3C4B798C97062FD19F0B1A23EB4102D4817249DCDED149B54528A7B580C89A6098E6CCF49EF682C91D89B83EB7371815DE8CB35AB6E1BB1AD ']' 1324s + output_file=/tmp/sssd-softhsm2-MrKnJX/SSSD-child-2366-auth.output 1324s ++ basename /tmp/sssd-softhsm2-MrKnJX/SSSD-child-2366-auth.output .output 1324s + output_cert_file=/tmp/sssd-softhsm2-MrKnJX/SSSD-child-2366-auth.pem 1324s + echo -n 053350 1324s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-MrKnJX/test-intermediate-sub-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Sub Int Token' --module_name /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so 1324s [p11_child[2437]] [main] (0x0400): p11_child started. 1324s [p11_child[2437]] [main] (0x2000): Running in [auth] mode. 1324s [p11_child[2437]] [main] (0x2000): Running with effective IDs: [0][0]. 1324s [p11_child[2437]] [main] (0x2000): Running with real IDs [0][0]. 1324s [p11_child[2437]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 1325s [p11_child[2437]] [do_card] (0x4000): Module List: 1325s [p11_child[2437]] [do_card] (0x4000): common name: [softhsm2]. 1325s [p11_child[2437]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 1325s [p11_child[2437]] [do_card] (0x4000): Description [SoftHSM slot ID 0x4bb8dd92] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 1325s [p11_child[2437]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 1325s [p11_child[2437]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x4bb8dd92][1270406546] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 1325s [p11_child[2437]] [do_card] (0x4000): Login required. 1325s [p11_child[2437]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 1325s [p11_child[2437]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 1325s [p11_child[2437]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so Test Organization Sub Int Token Test Organization Sub Int Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 1325s [p11_child[2437]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x4bb8dd92;slot-manufacturer=SoftHSM%20project;slot-id=1270406546;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=c50f8f0dcbb8dd92;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 1325s [p11_child[2437]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 1325s [p11_child[2437]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 1325s [p11_child[2437]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 1325s [p11_child[2437]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 1325s [p11_child[2437]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 1325s [p11_child[2437]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 1325s [p11_child[2437]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 1325s [p11_child[2437]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 1325s [p11_child[2437]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 1325s [p11_child[2437]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 1325s [p11_child[2437]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 1325s [p11_child[2437]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 1325s [p11_child[2437]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 1325s [p11_child[2437]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 1325s [p11_child[2437]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 1325s [p11_child[2437]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 1325s [p11_child[2437]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 1325s [p11_child[2437]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 1325s [p11_child[2437]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 1325s [p11_child[2437]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 1325s [p11_child[2437]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 1325s [p11_child[2437]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 1325s [p11_child[2437]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 1325s [p11_child[2437]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 1325s [p11_child[2437]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 1325s [p11_child[2437]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 1325s [p11_child[2437]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 1325s [p11_child[2437]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 1325s [p11_child[2437]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 1325s [p11_child[2437]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 1325s [p11_child[2437]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 1325s [p11_child[2437]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 1325s [p11_child[2437]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 1325s [p11_child[2437]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 1325s [p11_child[2437]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 1325s [p11_child[2437]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 1325s [p11_child[2437]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 1325s [p11_child[2437]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 1325s [p11_child[2437]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 1325s [p11_child[2437]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 1325s [p11_child[2437]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 1325s [p11_child[2437]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 1325s [p11_child[2437]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 1325s [p11_child[2437]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 1325s [p11_child[2437]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 1325s [p11_child[2437]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 1325s [p11_child[2437]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 1325s [p11_child[2437]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 1325s [p11_child[2437]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 1325s [p11_child[2437]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 1325s [p11_child[2437]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 1325s [p11_child[2437]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 1325s [p11_child[2437]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 1325s [p11_child[2437]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 1325s [p11_child[2437]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 1325s [p11_child[2437]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 1325s [p11_child[2437]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 1325s [p11_child[2437]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 1325s [p11_child[2437]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 1325s [p11_child[2437]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 1325s [p11_child[2437]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 1325s [p11_child[2437]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 1325s [p11_child[2437]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 1325s [p11_child[2437]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 1325s [p11_child[2437]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 1325s [p11_child[2437]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 1325s [p11_child[2437]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 1325s [p11_child[2437]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 1325s [p11_child[2437]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 1325s [p11_child[2437]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 1325s [p11_child[2437]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 1325s [p11_child[2437]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 1325s [p11_child[2437]] [do_card] (0x4000): Certificate verified and validated. 1325s [p11_child[2437]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 1325s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-MrKnJX/SSSD-child-2366-auth.output 1325s + echo '-----BEGIN CERTIFICATE-----' 1325s + tail -n1 /tmp/sssd-softhsm2-MrKnJX/SSSD-child-2366-auth.output 1325s + echo '-----END CERTIFICATE-----' 1325s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-MrKnJX/SSSD-child-2366-auth.pem 1325s Certificate: 1325s Data: 1325s Version: 3 (0x2) 1325s Serial Number: 5 (0x5) 1325s Signature Algorithm: sha256WithRSAEncryption 1325s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 1325s Validity 1325s Not Before: Mar 18 18:11:05 2024 GMT 1325s Not After : Mar 18 18:11:05 2025 GMT 1325s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 1325s Subject Public Key Info: 1325s Public Key Algorithm: rsaEncryption 1325s Public-Key: (1024 bit) 1325s Modulus: 1325s 00:ae:e6:37:ff:36:95:de:20:89:68:7d:34:47:48: 1325s 08:b2:35:ab:af:7e:aa:e5:c7:f2:f2:57:7e:f2:2a: 1325s a6:9e:49:6e:c7:af:5c:a7:6d:a5:46:78:cd:6c:0d: 1325s 69:9c:10:16:aa:98:71:85:fc:29:4e:7c:62:eb:e1: 1325s 1e:6e:9b:0f:f5:44:df:75:5e:77:09:0d:d3:c4:b7: 1325s 98:c9:70:62:fd:19:f0:b1:a2:3e:b4:10:2d:48:17: 1325s 24:9d:cd:ed:14:9b:54:52:8a:7b:58:0c:89:a6:09: 1325s 8e:6c:cf:49:ef:68:2c:91:d8:9b:83:eb:73:71:81: 1325s 5d:e8:cb:35:ab:6e:1b:b1:ad 1325s Exponent: 65537 (0x10001) 1325s X509v3 extensions: 1325s X509v3 Authority Key Identifier: 1325s AF:47:73:AB:B1:CB:E0:E9:7E:D7:08:83:64:9C:A4:EC:70:13:49:F0 1325s X509v3 Basic Constraints: 1325s CA:FALSE 1325s Netscape Cert Type: 1325s SSL Client, S/MIME 1325s Netscape Comment: 1325s Test Organization Sub Intermediate CA trusted Certificate 1325s X509v3 Subject Key Identifier: 1325s 52:30:A4:83:AC:00:D0:D2:04:7F:47:03:9F:97:C7:58:35:D3:DB:A5 1325s X509v3 Key Usage: critical 1325s Digital Signature, Non Repudiation, Key Encipherment 1325s X509v3 Extended Key Usage: 1325s TLS Web Client Authentication, E-mail Protection 1325s X509v3 Subject Alternative Name: 1325s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 1325s Signature Algorithm: sha256WithRSAEncryption 1325s Signature Value: 1325s 33:03:95:e2:bb:aa:94:76:bd:7c:ed:1a:43:6a:8a:53:a6:4d: 1325s 8a:47:84:41:4a:bb:2f:0b:b7:28:bc:28:62:9f:8c:e6:42:e0: 1325s a2:88:06:c8:56:03:87:19:e5:de:31:3c:d6:7a:83:b4:ec:83: 1325s 19:b8:bf:e5:7f:cf:72:ee:30:7c:02:70:79:74:99:6e:af:1a: 1325s 80:a4:84:82:c7:92:69:09:6a:30:1a:39:67:7f:9a:ec:0b:e3: 1325s 00:e7:d0:9e:ed:e0:4f:fa:c4:d8:97:ec:1b:61:18:85:6a:31: 1325s db:de:7b:e9:96:08:ec:2a:76:78:ae:9a:ab:a2:db:48:90:db: 1325s 3f:4b 1325s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-MrKnJX/SSSD-child-2366-auth.pem 1325s + found_md5=Modulus=AEE637FF3695DE2089687D34474808B235ABAF7EAAE5C7F2F2577EF22AA69E496EC7AF5CA76DA54678CD6C0D699C1016AA987185FC294E7C62EBE11E6E9B0FF544DF755E77090DD3C4B798C97062FD19F0B1A23EB4102D4817249DCDED149B54528A7B580C89A6098E6CCF49EF682C91D89B83EB7371815DE8CB35AB6E1BB1AD 1325s + '[' Modulus=AEE637FF3695DE2089687D34474808B235ABAF7EAAE5C7F2F2577EF22AA69E496EC7AF5CA76DA54678CD6C0D699C1016AA987185FC294E7C62EBE11E6E9B0FF544DF755E77090DD3C4B798C97062FD19F0B1A23EB4102D4817249DCDED149B54528A7B580C89A6098E6CCF49EF682C91D89B83EB7371815DE8CB35AB6E1BB1AD '!=' Modulus=AEE637FF3695DE2089687D34474808B235ABAF7EAAE5C7F2F2577EF22AA69E496EC7AF5CA76DA54678CD6C0D699C1016AA987185FC294E7C62EBE11E6E9B0FF544DF755E77090DD3C4B798C97062FD19F0B1A23EB4102D4817249DCDED149B54528A7B580C89A6098E6CCF49EF682C91D89B83EB7371815DE8CB35AB6E1BB1AD ']' 1325s + set +x 1325s 1325s Test completed, Root CA and intermediate issued certificates verified! 1326s autopkgtest [18:11:36]: test sssd-softhism2-certificates-tests.sh: -----------------------] 1327s autopkgtest [18:11:37]: test sssd-softhism2-certificates-tests.sh: - - - - - - - - - - results - - - - - - - - - - 1327s sssd-softhism2-certificates-tests.sh PASS 1328s autopkgtest [18:11:38]: test sssd-smart-card-pam-auth-configs: preparing testbed 1334s Reading package lists... 1336s Building dependency tree... 1336s Reading state information... 1338s Starting pkgProblemResolver with broken count: 0 1339s Starting 2 pkgProblemResolver with broken count: 0 1339s Done 1342s The following additional packages will be installed: 1342s pamtester 1342s The following NEW packages will be installed: 1342s autopkgtest-satdep pamtester 1343s 0 upgraded, 2 newly installed, 0 to remove and 0 not upgraded. 1343s Need to get 12.3 kB/13.0 kB of archives. 1343s After this operation, 36.9 kB of additional disk space will be used. 1343s Get:1 /tmp/autopkgtest.fO43Gi/4-autopkgtest-satdep.deb autopkgtest-satdep arm64 0 [760 B] 1343s Get:2 http://ftpmaster.internal/ubuntu noble/universe arm64 pamtester arm64 0.1.2-4 [12.3 kB] 1345s Fetched 12.3 kB in 0s (37.4 kB/s) 1345s Selecting previously unselected package pamtester. 1345s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 76441 files and directories currently installed.) 1345s Preparing to unpack .../pamtester_0.1.2-4_arm64.deb ... 1345s Unpacking pamtester (0.1.2-4) ... 1346s Selecting previously unselected package autopkgtest-satdep. 1346s Preparing to unpack .../4-autopkgtest-satdep.deb ... 1346s Unpacking autopkgtest-satdep (0) ... 1346s Setting up pamtester (0.1.2-4) ... 1346s Setting up autopkgtest-satdep (0) ... 1346s Processing triggers for man-db (2.12.0-3) ... 1362s (Reading database ... 76447 files and directories currently installed.) 1362s Removing autopkgtest-satdep (0) ... 1365s autopkgtest [18:12:15]: test sssd-smart-card-pam-auth-configs: env OFFLINE_MODE=1 bash debian/tests/sssd-smart-card-pam-auth-configs-tester.sh 1365s autopkgtest [18:12:15]: test sssd-smart-card-pam-auth-configs: [----------------------- 1365s + '[' -z ubuntu ']' 1365s + export DEBIAN_FRONTEND=noninteractive 1365s + DEBIAN_FRONTEND=noninteractive 1365s + required_tools=(pamtester softhsm2-util sssd) 1365s + [[ ! -v OFFLINE_MODE ]] 1365s + for cmd in "${required_tools[@]}" 1365s + command -v pamtester 1365s + for cmd in "${required_tools[@]}" 1365s + command -v softhsm2-util 1365s + for cmd in "${required_tools[@]}" 1365s + command -v sssd 1365s + PIN=123456 1365s ++ mktemp -d -t sssd-softhsm2-certs-XXXXXX 1365s + tmpdir=/tmp/sssd-softhsm2-certs-zihgnH 1365s + backupsdir= 1365s + alternative_pam_configs=(sss-smart-card-optional sss-smart-card-required) 1365s + declare -a restore_paths 1365s + declare -a delete_paths 1365s + trap handle_exit EXIT 1365s ++ dirname debian/tests/sssd-smart-card-pam-auth-configs-tester.sh 1365s + tester=debian/tests/sssd-softhism2-certificates-tests.sh 1365s + '[' '!' -e debian/tests/sssd-softhism2-certificates-tests.sh ']' 1365s + '[' '!' -e debian/tests/sssd-softhism2-certificates-tests.sh ']' 1365s + export PIN TEST_TMPDIR=/tmp/sssd-softhsm2-certs-zihgnH GENERATE_SMART_CARDS=1 KEEP_TEMPORARY_FILES=1 NO_SSSD_TESTS=1 1365s + TEST_TMPDIR=/tmp/sssd-softhsm2-certs-zihgnH 1365s + GENERATE_SMART_CARDS=1 1365s + KEEP_TEMPORARY_FILES=1 1365s + NO_SSSD_TESTS=1 1365s + bash debian/tests/sssd-softhism2-certificates-tests.sh 1365s + '[' -z ubuntu ']' 1365s + required_tools=(p11tool openssl softhsm2-util) 1365s + for cmd in "${required_tools[@]}" 1365s + command -v p11tool 1365s + for cmd in "${required_tools[@]}" 1365s + command -v openssl 1365s + for cmd in "${required_tools[@]}" 1365s + command -v softhsm2-util 1365s + PIN=123456 1365s +++ find /usr/lib/softhsm/libsofthsm2.so 1365s +++ head -n 1 1365s ++ realpath /usr/lib/softhsm/libsofthsm2.so 1365s + SOFTHSM2_MODULE=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so 1365s + SSSD_P11_CHILD=/usr/libexec/sssd/p11_child 1365s + TOKEN_ID=00112233445566778899FFAABBCCDDEEFF012345 1365s + '[' '!' -v NO_SSSD_TESTS ']' 1365s + '[' '!' -e /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so ']' 1365s + tmpdir=/tmp/sssd-softhsm2-certs-zihgnH 1365s + keys_size=1024 1365s + [[ ! -v KEEP_TEMPORARY_FILES ]] 1365s + trap 'set +x; echo -e "\nUnexpected failure!!!"' ERR 1365s + echo -n 01 1365s + touch /tmp/sssd-softhsm2-certs-zihgnH/index.txt 1365s + mkdir -p /tmp/sssd-softhsm2-certs-zihgnH/new_certs 1365s + cat 1365s + root_ca_key_pass=pass:random-root-CA-password-18030 1365s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-certs-zihgnH/test-root-CA-key.pem -passout pass:random-root-CA-password-18030 1024 1365s + openssl req -passin pass:random-root-CA-password-18030 -batch -config /tmp/sssd-softhsm2-certs-zihgnH/test-root-CA.config -x509 -new -nodes -key /tmp/sssd-softhsm2-certs-zihgnH/test-root-CA-key.pem -sha256 -days 1024 -set_serial 0 -extensions v3_ca -out /tmp/sssd-softhsm2-certs-zihgnH/test-root-CA.pem 1366s + openssl x509 -noout -in /tmp/sssd-softhsm2-certs-zihgnH/test-root-CA.pem 1366s + cat 1366s + intermediate_ca_key_pass=pass:random-intermediate-CA-password-28739 1366s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-certs-zihgnH/test-intermediate-CA-key.pem -passout pass:random-intermediate-CA-password-28739 1024 1366s + openssl req -batch -new -nodes -passin pass:random-intermediate-CA-password-28739 -config /tmp/sssd-softhsm2-certs-zihgnH/test-intermediate-CA.config -key /tmp/sssd-softhsm2-certs-zihgnH/test-intermediate-CA-key.pem -passout pass:random-root-CA-password-18030 -sha256 -extensions v3_ca -out /tmp/sssd-softhsm2-certs-zihgnH/test-intermediate-CA-certificate-request.pem 1366s + openssl req -text -noout -in /tmp/sssd-softhsm2-certs-zihgnH/test-intermediate-CA-certificate-request.pem 1366s Certificate Request: 1366s Data: 1366s Version: 1 (0x0) 1366s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 1366s Subject Public Key Info: 1366s Public Key Algorithm: rsaEncryption 1366s Public-Key: (1024 bit) 1366s Modulus: 1366s 00:ae:c6:a2:69:24:2f:8a:65:41:17:a1:20:69:bc: 1366s 82:4e:7a:93:25:83:83:e4:7b:df:32:78:64:6d:d8: 1366s 6d:fd:e0:02:a0:fb:cb:1f:c6:11:85:a6:e0:d7:c8: 1366s 54:3d:c8:fb:20:87:08:bb:26:bc:4a:b5:43:f1:63: 1366s 4a:83:09:7d:5d:f5:70:57:79:52:e9:6f:22:f6:fd: 1366s 45:31:80:48:e7:3a:31:81:72:af:34:7b:28:75:60: 1366s 1b:20:fa:c2:fc:83:87:ef:de:77:1c:89:ab:ca:4c: 1366s 2d:d3:4e:8a:8b:aa:70:1d:22:c7:78:5d:3e:b5:bb: 1366s 91:66:81:d8:84:09:13:74:af 1366s Exponent: 65537 (0x10001) 1366s Attributes: 1366s (none) 1366s Requested Extensions: 1366s Signature Algorithm: sha256WithRSAEncryption 1366s Signature Value: 1366s 26:7b:ff:39:af:0c:7e:6e:d6:e3:10:05:d8:86:16:49:00:08: 1366s c5:53:76:3d:85:78:13:d8:b7:20:e6:65:b6:70:e2:95:82:f6: 1366s 11:e0:c0:be:8e:e7:de:f2:1f:17:cd:73:a6:88:bf:64:c4:d3: 1366s c9:ac:55:8a:da:99:b0:48:7b:fb:b5:25:15:75:55:88:dc:ad: 1366s d5:45:51:e9:d5:4f:f0:5d:89:ef:1a:94:81:fe:bb:20:bd:ec: 1366s 1e:e3:52:7e:bf:0b:16:cb:6a:7f:55:78:55:f1:a3:04:c5:be: 1366s 38:54:09:fa:e2:d9:21:a3:aa:d9:2c:22:11:a1:d5:18:c9:88: 1366s 4a:b1 1366s + openssl ca -batch -notext -config /tmp/sssd-softhsm2-certs-zihgnH/test-root-CA.config -passin pass:random-root-CA-password-18030 -keyfile /tmp/sssd-softhsm2-certs-zihgnH/test-root-CA-key.pem -in /tmp/sssd-softhsm2-certs-zihgnH/test-intermediate-CA-certificate-request.pem -days 365 -extensions v3_intermediate_ca -out /tmp/sssd-softhsm2-certs-zihgnH/test-intermediate-CA.pem 1366s Using configuration from /tmp/sssd-softhsm2-certs-zihgnH/test-root-CA.config 1366s Check that the request matches the signature 1366s Signature ok 1366s Certificate Details: 1366s Serial Number: 1 (0x1) 1366s Validity 1366s Not Before: Mar 18 18:12:16 2024 GMT 1366s Not After : Mar 18 18:12:16 2025 GMT 1366s Subject: 1366s organizationName = Test Organization 1366s organizationalUnitName = Test Organization Unit 1366s commonName = Test Organization Intermediate CA 1366s X509v3 extensions: 1366s X509v3 Subject Key Identifier: 1366s 19:7F:C8:AF:02:3F:C9:87:45:B9:7C:18:FD:7C:AA:40:7E:DA:1A:CC 1366s X509v3 Authority Key Identifier: 1366s keyid:EE:4E:CC:98:AE:FC:64:F6:33:71:A1:3B:F5:C4:34:4B:4D:87:50:0F 1366s DirName:/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root CA 1366s serial:00 1366s X509v3 Basic Constraints: 1366s CA:TRUE 1366s X509v3 Key Usage: critical 1366s Digital Signature, Certificate Sign, CRL Sign 1366s Certificate is to be certified until Mar 18 18:12:16 2025 GMT (365 days) 1366s 1366s Write out database with 1 new entries 1366s Database updated 1366s + openssl x509 -noout -in /tmp/sssd-softhsm2-certs-zihgnH/test-intermediate-CA.pem 1367s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-zihgnH/test-root-CA.pem /tmp/sssd-softhsm2-certs-zihgnH/test-intermediate-CA.pem 1367s /tmp/sssd-softhsm2-certs-zihgnH/test-intermediate-CA.pem: OK 1367s + cat 1367s + sub_intermediate_ca_key_pass=pass:random-sub-intermediate-CA-password-27921 1367s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-certs-zihgnH/test-sub-intermediate-CA-key.pem -passout pass:random-sub-intermediate-CA-password-27921 1024 1367s + openssl req -batch -new -nodes -passin pass:random-sub-intermediate-CA-password-27921 -config /tmp/sssd-softhsm2-certs-zihgnH/test-sub-intermediate-CA.config -key /tmp/sssd-softhsm2-certs-zihgnH/test-sub-intermediate-CA-key.pem -passout pass:random-intermediate-CA-password-28739 -sha256 -extensions v3_ca -out /tmp/sssd-softhsm2-certs-zihgnH/test-sub-intermediate-CA-certificate-request.pem 1367s + openssl req -text -noout -in /tmp/sssd-softhsm2-certs-zihgnH/test-sub-intermediate-CA-certificate-request.pem 1367s Certificate Request: 1367s Data: 1367s Version: 1 (0x0) 1367s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 1367s Subject Public Key Info: 1367s Public Key Algorithm: rsaEncryption 1367s Public-Key: (1024 bit) 1367s Modulus: 1367s 00:ce:36:59:b1:d4:b1:1a:ef:43:65:b8:93:0d:de: 1367s f1:25:a6:0b:07:54:90:ad:24:82:9a:4e:aa:02:24: 1367s ee:6f:fb:4e:c8:95:24:57:ba:71:ab:4f:f2:ee:88: 1367s 7e:14:83:ff:17:20:fe:d6:f1:70:a1:65:84:ba:ee: 1367s 69:00:10:49:ff:6a:2e:38:16:9c:68:4a:36:ef:bd: 1367s 4e:84:de:3a:d3:1d:e4:ea:07:9f:7f:14:df:28:71: 1367s c2:62:0a:bd:ee:de:aa:48:01:b5:bb:fa:f2:bc:87: 1367s 38:19:c2:9f:58:fd:52:d4:9e:d0:1a:1f:3d:f3:33: 1367s ce:6b:e3:87:a9:ae:7c:e2:ab 1367s Exponent: 65537 (0x10001) 1367s Attributes: 1367s (none) 1367s Requested Extensions: 1367s Signature Algorithm: sha256WithRSAEncryption 1367s Signature Value: 1367s 5d:d4:c8:58:d0:bb:eb:bf:7e:1a:82:89:d8:56:5c:27:6f:48: 1367s 71:f2:d4:62:10:7a:c8:24:0c:c3:15:0e:84:27:91:93:72:b4: 1367s 73:e7:3e:a0:7b:82:dc:35:1e:de:a7:b8:97:af:40:0e:7a:4a: 1367s 5b:41:3f:70:62:a8:37:ab:be:23:64:c9:44:ed:bc:b3:dc:45: 1367s 2f:a5:12:45:87:05:44:5b:36:63:70:83:f1:71:5b:1c:88:f0: 1367s a2:f4:2a:6a:b5:66:26:8c:dd:27:21:3a:0c:ba:9f:7b:de:9e: 1367s 42:b1:c1:78:b7:9b:63:0d:d4:71:bd:ec:93:5e:23:5b:8b:a6: 1367s 16:32 1367s + openssl ca -batch -notext -config /tmp/sssd-softhsm2-certs-zihgnH/test-intermediate-CA.config -passin pass:random-intermediate-CA-password-28739 -keyfile /tmp/sssd-softhsm2-certs-zihgnH/test-intermediate-CA-key.pem -in /tmp/sssd-softhsm2-certs-zihgnH/test-sub-intermediate-CA-certificate-request.pem -days 365 -extensions v3_intermediate_ca -out /tmp/sssd-softhsm2-certs-zihgnH/test-sub-intermediate-CA.pem 1367s Using configuration from /tmp/sssd-softhsm2-certs-zihgnH/test-intermediate-CA.config 1367s Check that the request matches the signature 1367s Signature ok 1367s Certificate Details: 1367s Serial Number: 2 (0x2) 1367s Validity 1367s Not Before: Mar 18 18:12:17 2024 GMT 1367s Not After : Mar 18 18:12:17 2025 GMT 1367s Subject: 1367s organizationName = Test Organization 1367s organizationalUnitName = Test Organization Unit 1367s commonName = Test Organization Sub Intermediate CA 1367s X509v3 extensions: 1367s X509v3 Subject Key Identifier: 1367s 22:38:3E:D3:FA:D7:B4:87:B2:A8:3C:29:3D:5F:00:90:74:23:AB:44 1367s X509v3 Authority Key Identifier: 1367s keyid:19:7F:C8:AF:02:3F:C9:87:45:B9:7C:18:FD:7C:AA:40:7E:DA:1A:CC 1367s DirName:/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root CA 1367s serial:01 1367s X509v3 Basic Constraints: 1367s CA:TRUE 1367s X509v3 Key Usage: critical 1367s Digital Signature, Certificate Sign, CRL Sign 1367s Certificate is to be certified until Mar 18 18:12:17 2025 GMT (365 days) 1367s 1367s Write out database with 1 new entries 1367s Database updated 1367s + openssl x509 -noout -in /tmp/sssd-softhsm2-certs-zihgnH/test-sub-intermediate-CA.pem 1367s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-certs-zihgnH/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-zihgnH/test-sub-intermediate-CA.pem 1367s /tmp/sssd-softhsm2-certs-zihgnH/test-sub-intermediate-CA.pem: OK 1367s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-certs-zihgnH/test-root-CA.pem /tmp/sssd-softhsm2-certs-zihgnH/test-sub-intermediate-CA.pem 1367s + local cmd=openssl 1367s + shift 1367s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-zihgnH/test-root-CA.pem /tmp/sssd-softhsm2-certs-zihgnH/test-sub-intermediate-CA.pem 1367s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 1367s error 20 at 0 depth lookup: unable to get local issuer certificate 1367s error /tmp/sssd-softhsm2-certs-zihgnH/test-sub-intermediate-CA.pem: verification failed 1367s + cat 1367s + root_ca_trusted_cert_0001_key_pass=pass:random-root-ca-trusted-cert-0001-30290 1367s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-certs-zihgnH/test-root-CA-trusted-certificate-0001-key.pem -passout pass:random-root-ca-trusted-cert-0001-30290 1024 1367s + openssl req -new -nodes -reqexts req_exts -passin pass:random-root-ca-trusted-cert-0001-30290 -key /tmp/sssd-softhsm2-certs-zihgnH/test-root-CA-trusted-certificate-0001-key.pem -config /tmp/sssd-softhsm2-certs-zihgnH/test-root-CA-trusted-certificate-0001.config -out /tmp/sssd-softhsm2-certs-zihgnH/test-root-CA-trusted-certificate-0001-request.pem 1367s + openssl req -text -noout -in /tmp/sssd-softhsm2-certs-zihgnH/test-root-CA-trusted-certificate-0001-request.pem 1368s Certificate Request: 1368s Data: 1368s Version: 1 (0x0) 1368s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 1368s Subject Public Key Info: 1368s Public Key Algorithm: rsaEncryption 1368s Public-Key: (1024 bit) 1368s Modulus: 1368s 00:ce:86:2b:8f:cf:b8:06:be:79:3c:d6:b6:01:0f: 1368s 7c:fa:60:1b:05:e7:97:d4:89:41:e0:c4:3f:d8:08: 1368s 6b:87:c9:f3:d7:6b:d7:37:e0:4a:84:d9:56:7e:c9: 1368s e3:44:47:45:0e:b3:02:02:21:95:ed:05:7d:46:ab: 1368s b9:2d:d0:1b:21:c6:e3:ac:03:0b:e5:6c:62:e6:14: 1368s f2:c2:57:74:7f:c3:2b:c7:dc:2a:45:b4:6d:80:f5: 1368s d2:c1:8b:b4:25:b2:cc:dc:3e:57:49:bd:c3:ce:46: 1368s 19:f3:90:6a:8b:68:5c:51:83:d6:aa:36:cb:4d:6b: 1368s 3b:5d:ce:fb:1d:fb:d7:12:dd 1368s Exponent: 65537 (0x10001) 1368s Attributes: 1368s Requested Extensions: 1368s X509v3 Basic Constraints: 1368s CA:FALSE 1368s Netscape Cert Type: 1368s SSL Client, S/MIME 1368s Netscape Comment: 1368s Test Organization Root CA trusted Certificate 1368s X509v3 Subject Key Identifier: 1368s 76:B9:20:C9:5E:37:96:B2:F6:42:B1:B2:FF:C1:61:45:B7:C9:97:73 1368s X509v3 Key Usage: critical 1368s Digital Signature, Non Repudiation, Key Encipherment 1368s X509v3 Extended Key Usage: 1368s TLS Web Client Authentication, E-mail Protection 1368s X509v3 Subject Alternative Name: 1368s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 1368s Signature Algorithm: sha256WithRSAEncryption 1368s Signature Value: 1368s c7:71:8c:55:5e:39:70:87:2f:27:01:cc:85:67:98:64:3d:38: 1368s 33:80:8a:89:c3:ff:d5:01:80:69:4f:e7:c0:37:f0:e7:bc:63: 1368s cd:f5:9d:f6:8b:e0:7f:f8:9d:3e:76:f0:08:df:85:cb:10:17: 1368s 5c:8b:27:b1:18:66:61:c0:1c:d5:02:0a:db:87:c9:8d:f8:c6: 1368s 94:61:cf:91:5f:59:49:42:ab:9d:c4:ee:b0:0c:0d:9f:1d:f2: 1368s a4:86:75:bf:25:bb:7d:8a:1a:33:02:b0:ae:0d:b6:7b:25:9e: 1368s bc:25:e1:77:c5:19:02:61:06:fd:29:94:ed:89:fd:83:64:db: 1368s f7:ba 1368s + openssl ca -batch -notext -config /tmp/sssd-softhsm2-certs-zihgnH/test-root-CA.config -passin pass:random-root-CA-password-18030 -keyfile /tmp/sssd-softhsm2-certs-zihgnH/test-root-CA-key.pem -in /tmp/sssd-softhsm2-certs-zihgnH/test-root-CA-trusted-certificate-0001-request.pem -days 365 -extensions usr_cert -out /tmp/sssd-softhsm2-certs-zihgnH/test-root-CA-trusted-certificate-0001.pem 1368s Using configuration from /tmp/sssd-softhsm2-certs-zihgnH/test-root-CA.config 1368s Check that the request matches the signature 1368s Signature ok 1368s Certificate Details: 1368s Serial Number: 3 (0x3) 1368s Validity 1368s Not Before: Mar 18 18:12:18 2024 GMT 1368s Not After : Mar 18 18:12:18 2025 GMT 1368s Subject: 1368s organizationName = Test Organization 1368s organizationalUnitName = Test Organization Unit 1368s commonName = Test Organization Root Trusted Certificate 0001 1368s X509v3 extensions: 1368s X509v3 Authority Key Identifier: 1368s EE:4E:CC:98:AE:FC:64:F6:33:71:A1:3B:F5:C4:34:4B:4D:87:50:0F 1368s X509v3 Basic Constraints: 1368s CA:FALSE 1368s Netscape Cert Type: 1368s SSL Client, S/MIME 1368s Netscape Comment: 1368s Test Organization Root CA trusted Certificate 1368s X509v3 Subject Key Identifier: 1368s 76:B9:20:C9:5E:37:96:B2:F6:42:B1:B2:FF:C1:61:45:B7:C9:97:73 1368s X509v3 Key Usage: critical 1368s Digital Signature, Non Repudiation, Key Encipherment 1368s X509v3 Extended Key Usage: 1368s TLS Web Client Authentication, E-mail Protection 1368s X509v3 Subject Alternative Name: 1368s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 1368s Certificate is to be certified until Mar 18 18:12:18 2025 GMT (365 days) 1368s 1368s Write out database with 1 new entries 1368s Database updated 1368s + openssl x509 -noout -in /tmp/sssd-softhsm2-certs-zihgnH/test-root-CA-trusted-certificate-0001.pem 1368s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-zihgnH/test-root-CA.pem /tmp/sssd-softhsm2-certs-zihgnH/test-root-CA-trusted-certificate-0001.pem 1368s /tmp/sssd-softhsm2-certs-zihgnH/test-root-CA-trusted-certificate-0001.pem: OK 1368s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-certs-zihgnH/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-zihgnH/test-root-CA-trusted-certificate-0001.pem 1368s + local cmd=openssl 1368s + shift 1368s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-zihgnH/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-zihgnH/test-root-CA-trusted-certificate-0001.pem 1368s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 1368s error 20 at 0 depth lookup: unable to get local issuer certificate 1368s error /tmp/sssd-softhsm2-certs-zihgnH/test-root-CA-trusted-certificate-0001.pem: verification failed 1368s + cat 1368s + intermediate_ca_trusted_cert_0001_key_pass=pass:random-intermediate-ca-trusted-cert-0001-15465 1368s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-certs-zihgnH/test-intermediate-CA-trusted-certificate-0001-key.pem -passout pass:random-intermediate-ca-trusted-cert-0001-15465 1024 1368s + openssl req -new -nodes -reqexts req_exts -passin pass:random-intermediate-ca-trusted-cert-0001-15465 -key /tmp/sssd-softhsm2-certs-zihgnH/test-intermediate-CA-trusted-certificate-0001-key.pem -config /tmp/sssd-softhsm2-certs-zihgnH/test-intermediate-CA-trusted-certificate-0001.config -out /tmp/sssd-softhsm2-certs-zihgnH/test-intermediate-CA-trusted-certificate-0001-request.pem 1368s + openssl req -text -noout -in /tmp/sssd-softhsm2-certs-zihgnH/test-intermediate-CA-trusted-certificate-0001-request.pem 1368s Certificate Request: 1368s Data: 1368s Version: 1 (0x0) 1368s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 1368s Subject Public Key Info: 1368s Public Key Algorithm: rsaEncryption 1368s Public-Key: (1024 bit) 1368s Modulus: 1368s 00:f4:cf:70:62:15:57:09:f2:82:99:11:7c:00:b2: 1368s 77:14:c6:76:70:86:fb:d2:27:c0:64:38:08:e7:ac: 1368s 38:dc:b7:69:b7:62:dc:90:7e:46:88:77:ec:bd:ba: 1368s 0c:48:d7:19:fd:e6:a6:80:70:17:9c:7d:32:66:f8: 1368s 28:a7:14:92:9d:f5:f0:8d:f2:db:1f:80:84:81:c8: 1368s 7e:be:c4:c0:a5:aa:8f:94:b6:58:7d:4b:05:57:c4: 1368s c7:25:fa:63:bf:cf:df:bf:ea:a1:8f:b9:da:fe:4d: 1368s 2e:30:67:e1:29:c8:29:08:ee:22:8f:73:04:c6:ec: 1368s fb:7d:9e:17:d6:9b:f9:9f:d3 1368s Exponent: 65537 (0x10001) 1368s Attributes: 1368s Requested Extensions: 1368s X509v3 Basic Constraints: 1368s CA:FALSE 1368s Netscape Cert Type: 1368s SSL Client, S/MIME 1368s Netscape Comment: 1368s Test Organization Intermediate CA trusted Certificate 1368s X509v3 Subject Key Identifier: 1368s 42:0F:A7:8D:63:25:BE:D7:CB:D4:5B:76:A8:D2:D2:CD:ED:20:A3:01 1368s X509v3 Key Usage: critical 1368s Digital Signature, Non Repudiation, Key Encipherment 1368s X509v3 Extended Key Usage: 1368s TLS Web Client Authentication, E-mail Protection 1368s X509v3 Subject Alternative Name: 1368s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 1368s Signature Algorithm: sha256WithRSAEncryption 1368s Signature Value: 1368s a0:6b:d1:db:fe:88:dc:3c:82:92:06:fb:f8:64:af:96:81:f4: 1368s 3b:8e:3b:0d:d6:0c:95:8a:f4:8f:0c:87:11:b1:e9:30:49:4c: 1368s 3f:31:d3:3d:2a:9b:be:ba:06:ff:3c:87:c6:78:62:19:53:d1: 1368s 27:b9:a0:af:6d:8e:ad:11:2a:af:34:cf:2c:02:45:cb:2d:14: 1368s f7:74:0d:9f:3c:fa:f7:46:c4:fc:e7:9c:02:1a:3a:92:d2:b7: 1368s 48:4f:c9:61:21:07:22:be:66:ca:d9:e6:ae:db:d9:45:2e:81: 1368s 66:cd:28:21:f5:cc:09:00:48:ef:c3:37:35:10:1c:05:89:cd: 1368s d9:e2 1368s + openssl ca -passin pass:random-intermediate-CA-password-28739 -config /tmp/sssd-softhsm2-certs-zihgnH/test-intermediate-CA.config -batch -notext -keyfile /tmp/sssd-softhsm2-certs-zihgnH/test-intermediate-CA-key.pem -in /tmp/sssd-softhsm2-certs-zihgnH/test-intermediate-CA-trusted-certificate-0001-request.pem -days 365 -extensions usr_cert -out /tmp/sssd-softhsm2-certs-zihgnH/test-intermediate-CA-trusted-certificate-0001.pem 1368s Using configuration from /tmp/sssd-softhsm2-certs-zihgnH/test-intermediate-CA.config 1368s Check that the request matches the signature 1368s Signature ok 1368s Certificate Details: 1368s Serial Number: 4 (0x4) 1368s Validity 1368s Not Before: Mar 18 18:12:18 2024 GMT 1368s Not After : Mar 18 18:12:18 2025 GMT 1368s Subject: 1368s organizationName = Test Organization 1368s organizationalUnitName = Test Organization Unit 1368s commonName = Test Organization Intermediate Trusted Certificate 0001 1368s X509v3 extensions: 1368s X509v3 Authority Key Identifier: 1368s 19:7F:C8:AF:02:3F:C9:87:45:B9:7C:18:FD:7C:AA:40:7E:DA:1A:CC 1368s X509v3 Basic Constraints: 1368s CA:FALSE 1368s Netscape Cert Type: 1368s SSL Client, S/MIME 1368s Netscape Comment: 1368s Test Organization Intermediate CA trusted Certificate 1368s X509v3 Subject Key Identifier: 1368s 42:0F:A7:8D:63:25:BE:D7:CB:D4:5B:76:A8:D2:D2:CD:ED:20:A3:01 1368s X509v3 Key Usage: critical 1368s Digital Signature, Non Repudiation, Key Encipherment 1368s X509v3 Extended Key Usage: 1368s TLS Web Client Authentication, E-mail Protection 1368s X509v3 Subject Alternative Name: 1368s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 1368s Certificate is to be certified until Mar 18 18:12:18 2025 GMT (365 days) 1368s 1368s Write out database with 1 new entries 1368s Database updated 1368s + openssl x509 -noout -in /tmp/sssd-softhsm2-certs-zihgnH/test-intermediate-CA-trusted-certificate-0001.pem 1369s This certificate should not be trusted fully 1369s + echo 'This certificate should not be trusted fully' 1369s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-certs-zihgnH/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-zihgnH/test-intermediate-CA-trusted-certificate-0001.pem 1369s + local cmd=openssl 1369s + shift 1369s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-zihgnH/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-zihgnH/test-intermediate-CA-trusted-certificate-0001.pem 1369s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 1369s error 2 at 1 depth lookup: unable to get issuer certificate 1369s error /tmp/sssd-softhsm2-certs-zihgnH/test-intermediate-CA-trusted-certificate-0001.pem: verification failed 1369s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-certs-zihgnH/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-zihgnH/test-intermediate-CA-trusted-certificate-0001.pem 1369s /tmp/sssd-softhsm2-certs-zihgnH/test-intermediate-CA-trusted-certificate-0001.pem: OK 1369s + cat 1369s + sub_intermediate_ca_trusted_cert_0001_key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-22143 1369s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-certs-zihgnH/test-sub-intermediate-CA-trusted-certificate-0001-key.pem -passout pass:random-sub-intermediate-ca-trusted-cert-0001-22143 1024 1369s + openssl req -new -nodes -reqexts req_exts -passin pass:random-sub-intermediate-ca-trusted-cert-0001-22143 -key /tmp/sssd-softhsm2-certs-zihgnH/test-sub-intermediate-CA-trusted-certificate-0001-key.pem -config /tmp/sssd-softhsm2-certs-zihgnH/test-sub-intermediate-CA-trusted-certificate-0001.config -out /tmp/sssd-softhsm2-certs-zihgnH/test-sub-intermediate-CA-trusted-certificate-0001-request.pem 1369s + openssl req -text -noout -in /tmp/sssd-softhsm2-certs-zihgnH/test-sub-intermediate-CA-trusted-certificate-0001-request.pem 1369s Certificate Request: 1369s Data: 1369s Version: 1 (0x0) 1369s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 1369s Subject Public Key Info: 1369s Public Key Algorithm: rsaEncryption 1369s Public-Key: (1024 bit) 1369s Modulus: 1369s 00:c0:8f:18:51:7f:85:e4:4b:37:47:ed:a9:0a:23: 1369s 77:4d:a7:f7:6c:4f:7d:63:cc:b4:61:98:c5:84:2e: 1369s 8d:5d:c4:8c:98:51:76:77:8f:e2:b3:2f:17:c9:81: 1369s 0c:5a:a2:24:2a:a6:92:17:10:30:8c:5b:f7:e0:cf: 1369s ad:0c:f7:23:ca:87:7f:dd:cf:cb:d1:d0:c4:69:3d: 1369s 32:65:d7:4c:78:c0:d2:d1:a5:ed:9f:47:b3:84:87: 1369s 1f:1f:db:b7:eb:af:8e:56:94:67:13:dc:4d:31:27: 1369s 75:0b:60:27:56:fc:d5:c0:54:f9:c7:29:03:cc:19: 1369s 81:7f:0d:82:ee:65:57:63:cb 1369s Exponent: 65537 (0x10001) 1369s Attributes: 1369s Requested Extensions: 1369s X509v3 Basic Constraints: 1369s CA:FALSE 1369s Netscape Cert Type: 1369s SSL Client, S/MIME 1369s Netscape Comment: 1369s Test Organization Sub Intermediate CA trusted Certificate 1369s X509v3 Subject Key Identifier: 1369s 01:C1:F4:02:C9:0B:FA:AE:0B:0D:78:AA:A4:3D:0C:1C:C4:04:29:1C 1369s X509v3 Key Usage: critical 1369s Digital Signature, Non Repudiation, Key Encipherment 1369s X509v3 Extended Key Usage: 1369s TLS Web Client Authentication, E-mail Protection 1369s X509v3 Subject Alternative Name: 1369s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 1369s Signature Algorithm: sha256WithRSAEncryption 1369s Signature Value: 1369s 77:7c:47:09:cf:08:1e:b4:a4:41:e4:e8:7a:d3:a5:79:0f:d5: 1369s 2e:82:7e:73:cd:4a:2f:1f:72:cc:1e:4a:9e:fd:ba:2c:af:11: 1369s 28:a3:35:a7:71:ee:16:21:9a:7c:c4:e5:7c:ca:c7:a3:25:59: 1369s 45:4c:d8:17:12:db:2b:13:c9:9e:25:e3:3b:47:0d:9a:1a:82: 1369s 99:03:56:7c:4c:5e:a1:c5:46:ba:9b:20:53:ee:13:bd:da:fd: 1369s a0:8f:29:03:59:e6:28:2d:0e:b6:59:be:8e:39:21:bf:bb:43: 1369s 94:28:34:14:b5:9f:b9:2b:17:1a:9b:35:11:a7:4d:93:c0:5c: 1369s 16:13 1369s + openssl ca -passin pass:random-sub-intermediate-CA-password-27921 -config /tmp/sssd-softhsm2-certs-zihgnH/test-sub-intermediate-CA.config -batch -notext -keyfile /tmp/sssd-softhsm2-certs-zihgnH/test-sub-intermediate-CA-key.pem -in /tmp/sssd-softhsm2-certs-zihgnH/test-sub-intermediate-CA-trusted-certificate-0001-request.pem -days 365 -extensions usr_cert -out /tmp/sssd-softhsm2-certs-zihgnH/test-sub-intermediate-CA-trusted-certificate-0001.pem 1369s Using configuration from /tmp/sssd-softhsm2-certs-zihgnH/test-sub-intermediate-CA.config 1369s Check that the request matches the signature 1369s Signature ok 1369s Certificate Details: 1369s Serial Number: 5 (0x5) 1369s Validity 1369s Not Before: Mar 18 18:12:19 2024 GMT 1369s Not After : Mar 18 18:12:19 2025 GMT 1369s Subject: 1369s organizationName = Test Organization 1369s organizationalUnitName = Test Organization Unit 1369s commonName = Test Organization Sub Intermediate Trusted Certificate 0001 1369s X509v3 extensions: 1369s X509v3 Authority Key Identifier: 1369s 22:38:3E:D3:FA:D7:B4:87:B2:A8:3C:29:3D:5F:00:90:74:23:AB:44 1369s X509v3 Basic Constraints: 1369s CA:FALSE 1369s Netscape Cert Type: 1369s SSL Client, S/MIME 1369s Netscape Comment: 1369s Test Organization Sub Intermediate CA trusted Certificate 1369s X509v3 Subject Key Identifier: 1369s 01:C1:F4:02:C9:0B:FA:AE:0B:0D:78:AA:A4:3D:0C:1C:C4:04:29:1C 1369s X509v3 Key Usage: critical 1369s Digital Signature, Non Repudiation, Key Encipherment 1369s X509v3 Extended Key Usage: 1369s TLS Web Client Authentication, E-mail Protection 1369s X509v3 Subject Alternative Name: 1369s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 1369s Certificate is to be certified until Mar 18 18:12:19 2025 GMT (365 days) 1369s 1369s Write out database with 1 new entries 1369s Database updated 1369s + openssl x509 -noout -in /tmp/sssd-softhsm2-certs-zihgnH/test-sub-intermediate-CA-trusted-certificate-0001.pem 1369s + echo 'This certificate should not be trusted fully' 1369s This certificate should not be trusted fully 1369s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-certs-zihgnH/test-sub-intermediate-CA.pem /tmp/sssd-softhsm2-certs-zihgnH/test-sub-intermediate-CA-trusted-certificate-0001.pem 1369s + local cmd=openssl 1369s + shift 1369s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-zihgnH/test-sub-intermediate-CA.pem /tmp/sssd-softhsm2-certs-zihgnH/test-sub-intermediate-CA-trusted-certificate-0001.pem 1369s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 1369s error 2 at 1 depth lookup: unable to get issuer certificate 1369s error /tmp/sssd-softhsm2-certs-zihgnH/test-sub-intermediate-CA-trusted-certificate-0001.pem: verification failed 1369s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-certs-zihgnH/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-zihgnH/test-sub-intermediate-CA-trusted-certificate-0001.pem 1369s + local cmd=openssl 1369s + shift 1369s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-zihgnH/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-zihgnH/test-sub-intermediate-CA-trusted-certificate-0001.pem 1369s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 1369s error 20 at 0 depth lookup: unable to get local issuer certificate 1369s error /tmp/sssd-softhsm2-certs-zihgnH/test-sub-intermediate-CA-trusted-certificate-0001.pem: verification failed 1369s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-certs-zihgnH/test-sub-intermediate-CA.pem /tmp/sssd-softhsm2-certs-zihgnH/test-sub-intermediate-CA-trusted-certificate-0001.pem 1369s /tmp/sssd-softhsm2-certs-zihgnH/test-sub-intermediate-CA-trusted-certificate-0001.pem: OK 1369s + expect_fail openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-certs-zihgnH/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-zihgnH/test-sub-intermediate-CA-trusted-certificate-0001.pem 1369s + local cmd=openssl 1369s + shift 1369s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-certs-zihgnH/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-zihgnH/test-sub-intermediate-CA-trusted-certificate-0001.pem 1369s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 1369s error 20 at 0 depth lookup: unable to get local issuer certificate 1369s error /tmp/sssd-softhsm2-certs-zihgnH/test-sub-intermediate-CA-trusted-certificate-0001.pem: verification failed 1369s + echo 'Building a the full-chain CA file...' 1369s Building a the full-chain CA file... 1369s + cat /tmp/sssd-softhsm2-certs-zihgnH/test-root-CA.pem /tmp/sssd-softhsm2-certs-zihgnH/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-zihgnH/test-sub-intermediate-CA.pem 1369s + cat /tmp/sssd-softhsm2-certs-zihgnH/test-root-CA.pem /tmp/sssd-softhsm2-certs-zihgnH/test-intermediate-CA.pem 1369s + cat /tmp/sssd-softhsm2-certs-zihgnH/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-zihgnH/test-sub-intermediate-CA.pem 1369s + openssl crl2pkcs7 -nocrl -certfile /tmp/sssd-softhsm2-certs-zihgnH/test-full-chain-CA.pem 1369s + openssl pkcs7 -print_certs -noout 1369s subject=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 1369s issuer=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 1369s 1369s subject=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 1369s issuer=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 1369s 1369s subject=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 1369s issuer=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 1369s 1369s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-zihgnH/test-full-chain-CA.pem /tmp/sssd-softhsm2-certs-zihgnH/test-intermediate-CA.pem 1369s /tmp/sssd-softhsm2-certs-zihgnH/test-intermediate-CA.pem: OK 1369s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-zihgnH/test-full-chain-CA.pem /tmp/sssd-softhsm2-certs-zihgnH/test-root-CA-trusted-certificate-0001.pem 1370s /tmp/sssd-softhsm2-certs-zihgnH/test-root-CA-trusted-certificate-0001.pem: OK 1370s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-zihgnH/test-full-chain-CA.pem /tmp/sssd-softhsm2-certs-zihgnH/test-intermediate-CA-trusted-certificate-0001.pem 1370s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-zihgnH/test-full-chain-CA.pem /tmp/sssd-softhsm2-certs-zihgnH/test-root-intermediate-chain-CA.pem 1370s /tmp/sssd-softhsm2-certs-zihgnH/test-intermediate-CA-trusted-certificate-0001.pem: OK 1370s /tmp/sssd-softhsm2-certs-zihgnH/test-root-intermediate-chain-CA.pem: OK 1370s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-zihgnH/test-full-chain-CA.pem /tmp/sssd-softhsm2-certs-zihgnH/test-sub-intermediate-CA-trusted-certificate-0001.pem 1370s /tmp/sssd-softhsm2-certs-zihgnH/test-sub-intermediate-CA-trusted-certificate-0001.pem: OK 1370s Certificates generation completed! 1370s + echo 'Certificates generation completed!' 1370s + [[ -v NO_SSSD_TESTS ]] 1370s + [[ -v GENERATE_SMART_CARDS ]] 1370s + prepare_softhsm2_card /tmp/sssd-softhsm2-certs-zihgnH/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-30290 1370s + local certificate=/tmp/sssd-softhsm2-certs-zihgnH/test-root-CA-trusted-certificate-0001.pem 1370s + local key_pass=pass:random-root-ca-trusted-cert-0001-30290 1370s + local key_cn 1370s + local key_name 1370s + local tokens_dir 1370s + local output_cert_file 1370s + token_name= 1370s ++ basename /tmp/sssd-softhsm2-certs-zihgnH/test-root-CA-trusted-certificate-0001.pem .pem 1370s + key_name=test-root-CA-trusted-certificate-0001 1370s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-certs-zihgnH/test-root-CA-trusted-certificate-0001.pem 1370s ++ sed -n 's/ *commonName *= //p' 1370s + key_cn='Test Organization Root Trusted Certificate 0001' 1370s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 1370s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-certs-zihgnH/softhsm2-test-root-CA-trusted-certificate-0001.conf 1370s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-certs-zihgnH/softhsm2-test-root-CA-trusted-certificate-0001.conf 1370s ++ basename /tmp/sssd-softhsm2-certs-zihgnH/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 1370s + tokens_dir=/tmp/sssd-softhsm2-certs-zihgnH/softhsm2-test-root-CA-trusted-certificate-0001 1370s + token_name='Test Organization Root Tr Token' 1370s + '[' '!' -e /tmp/sssd-softhsm2-certs-zihgnH/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 1370s + local key_file 1370s + local decrypted_key 1370s + mkdir -p /tmp/sssd-softhsm2-certs-zihgnH/softhsm2-test-root-CA-trusted-certificate-0001 1370s + key_file=/tmp/sssd-softhsm2-certs-zihgnH/test-root-CA-trusted-certificate-0001-key.pem 1370s + decrypted_key=/tmp/sssd-softhsm2-certs-zihgnH/test-root-CA-trusted-certificate-0001-key-decrypted.pem 1370s + cat 1370s + softhsm2-util --init-token --label 'Test Organization Root Tr Token' --pin 123456 --so-pin 123456 --free 1370s Slot 0 has a free/uninitialized token. 1370s The token has been initialized and is reassigned to slot 1699327079 1370s + softhsm2-util --show-slots 1370s Available slots: 1370s Slot 1699327079 1370s Slot info: 1370s Description: SoftHSM slot ID 0x6549ac67 1370s Manufacturer ID: SoftHSM project 1370s Hardware version: 2.6 1370s Firmware version: 2.6 1370s Token present: yes 1370s Token info: 1370s Manufacturer ID: SoftHSM project 1370s Model: SoftHSM v2 1370s Hardware version: 2.6 1370s Firmware version: 2.6 1370s Serial number: 8a433b76e549ac67 1370s Initialized: yes 1370s User PIN init.: yes 1370s Label: Test Organization Root Tr Token 1370s Slot 1 1370s Slot info: 1370s Description: SoftHSM slot ID 0x1 1370s Manufacturer ID: SoftHSM project 1370s Hardware version: 2.6 1370s Firmware version: 2.6 1370s Token present: yes 1370s Token info: 1370s Manufacturer ID: SoftHSM project 1370s Model: SoftHSM v2 1370s Hardware version: 2.6 1370s Firmware version: 2.6 1370s Serial number: 1370s Initialized: no 1370s User PIN init.: no 1370s Label: 1370s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=/tmp/sssd-softhsm2-certs-zihgnH/test-root-CA-trusted-certificate-0001.pem --login --set-pin=123456 --label 'Test Organization Root Trusted Certificate 0001' --id 00112233445566778899FFAABBCCDDEEFF012345 1370s + openssl rsa -passin pass:random-root-ca-trusted-cert-0001-30290 -in /tmp/sssd-softhsm2-certs-zihgnH/test-root-CA-trusted-certificate-0001-key.pem -out /tmp/sssd-softhsm2-certs-zihgnH/test-root-CA-trusted-certificate-0001-key-decrypted.pem 1370s writing RSA key 1370s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --write --load-privkey=/tmp/sssd-softhsm2-certs-zihgnH/test-root-CA-trusted-certificate-0001-key-decrypted.pem --login --set-pin=123456 --label 'Test Organization Root Trusted Certificate 0001 Key' --id 00112233445566778899FFAABBCCDDEEFF012345 1370s + rm /tmp/sssd-softhsm2-certs-zihgnH/test-root-CA-trusted-certificate-0001-key-decrypted.pem 1370s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --list-all 1370s Object 0: 1370s URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=8a433b76e549ac67;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert 1370s Type: X.509 Certificate (RSA-1024) 1370s Expires: Tue Mar 18 18:12:18 2025 1370s Label: Test Organization Root Trusted Certificate 0001 1370s ID: 00:11:22:33:44:55:66:77:88:99:ff:aa:bb:cc:dd:ee:ff:01:23:45 1370s 1370s + echo 'Test Organization Root Tr Token' 1370s Test Organization Root Tr Token 1370s + prepare_softhsm2_card /tmp/sssd-softhsm2-certs-zihgnH/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-15465 1370s + local certificate=/tmp/sssd-softhsm2-certs-zihgnH/test-intermediate-CA-trusted-certificate-0001.pem 1370s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-15465 1370s + local key_cn 1370s + local key_name 1370s + local tokens_dir 1370s + local output_cert_file 1370s + token_name= 1370s ++ basename /tmp/sssd-softhsm2-certs-zihgnH/test-intermediate-CA-trusted-certificate-0001.pem .pem 1370s + key_name=test-intermediate-CA-trusted-certificate-0001 1370s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-certs-zihgnH/test-intermediate-CA-trusted-certificate-0001.pem 1370s ++ sed -n 's/ *commonName *= //p' 1371s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 1371s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 1371s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-certs-zihgnH/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 1371s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-certs-zihgnH/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 1371s ++ basename /tmp/sssd-softhsm2-certs-zihgnH/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 1371s + tokens_dir=/tmp/sssd-softhsm2-certs-zihgnH/softhsm2-test-intermediate-CA-trusted-certificate-0001 1371s + token_name='Test Organization Interme Token' 1371s + '[' '!' -e /tmp/sssd-softhsm2-certs-zihgnH/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 1371s + local key_file 1371s + local decrypted_key 1371s + mkdir -p /tmp/sssd-softhsm2-certs-zihgnH/softhsm2-test-intermediate-CA-trusted-certificate-0001 1371s + key_file=/tmp/sssd-softhsm2-certs-zihgnH/test-intermediate-CA-trusted-certificate-0001-key.pem 1371s + decrypted_key=/tmp/sssd-softhsm2-certs-zihgnH/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 1371s + cat 1371s + softhsm2-util --init-token --label 'Test Organization Interme Token' --pin 123456 --so-pin 123456 --free 1371s Slot 0 has a free/uninitialized token. 1371s The token has been initialized and is reassigned to slot 1119288089 1371s + softhsm2-util --show-slots 1371s Available slots: 1371s Slot 1119288089 1371s Slot info: 1371s Description: SoftHSM slot ID 0x42b6fb19 1371s Manufacturer ID: SoftHSM project 1371s Hardware version: 2.6 1371s Firmware version: 2.6 1371s Token present: yes 1371s Token info: 1371s Manufacturer ID: SoftHSM project 1371s Model: SoftHSM v2 1371s Hardware version: 2.6 1371s Firmware version: 2.6 1371s Serial number: 5bc8bf4e42b6fb19 1371s Initialized: yes 1371s User PIN init.: yes 1371s Label: Test Organization Interme Token 1371s Slot 1 1371s Slot info: 1371s Description: SoftHSM slot ID 0x1 1371s Manufacturer ID: SoftHSM project 1371s Hardware version: 2.6 1371s Firmware version: 2.6 1371s Token present: yes 1371s Token info: 1371s Manufacturer ID: SoftHSM project 1371s Model: SoftHSM v2 1371s Hardware version: 2.6 1371s Firmware version: 2.6 1371s Serial number: 1371s Initialized: no 1371s User PIN init.: no 1371s Label: 1371s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=/tmp/sssd-softhsm2-certs-zihgnH/test-intermediate-CA-trusted-certificate-0001.pem --login --set-pin=123456 --label 'Test Organization Intermediate Trusted Certificate 0001' --id 00112233445566778899FFAABBCCDDEEFF012345 1371s + openssl rsa -passin pass:random-intermediate-ca-trusted-cert-0001-15465 -in /tmp/sssd-softhsm2-certs-zihgnH/test-intermediate-CA-trusted-certificate-0001-key.pem -out /tmp/sssd-softhsm2-certs-zihgnH/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 1371s writing RSA key 1371s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --write --load-privkey=/tmp/sssd-softhsm2-certs-zihgnH/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem --login --set-pin=123456 --label 'Test Organization Intermediate Trusted Certificate 0001 Key' --id 00112233445566778899FFAABBCCDDEEFF012345 1371s + rm /tmp/sssd-softhsm2-certs-zihgnH/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 1371s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --list-all 1371s Object 0: 1371s URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=5bc8bf4e42b6fb19;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert 1371s Type: X.509 Certificate (RSA-1024) 1371s Expires: Tue Mar 18 18:12:18 2025 1371s Label: Test Organization Intermediate Trusted Certificate 0001 1371s ID: 00:11:22:33:44:55:66:77:88:99:ff:aa:bb:cc:dd:ee:ff:01:23:45 1371s 1371s + echo 'Test Organization Interme Token' 1371s + prepare_softhsm2_card /tmp/sssd-softhsm2-certs-zihgnH/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-22143 1371s + local certificate=/tmp/sssd-softhsm2-certs-zihgnH/test-sub-intermediate-CA-trusted-certificate-0001.pem 1371s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-22143 1371s + local key_cn 1371s + local key_name 1371s + local tokens_dir 1371s + local output_cert_file 1371s + token_name= 1371s Test Organization Interme Token 1371s ++ basename /tmp/sssd-softhsm2-certs-zihgnH/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 1371s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 1371s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-certs-zihgnH/test-sub-intermediate-CA-trusted-certificate-0001.pem 1371s ++ sed -n 's/ *commonName *= //p' 1372s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 1372s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 1372s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-certs-zihgnH/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 1372s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-certs-zihgnH/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 1372s ++ basename /tmp/sssd-softhsm2-certs-zihgnH/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 1372s + tokens_dir=/tmp/sssd-softhsm2-certs-zihgnH/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 1372s + token_name='Test Organization Sub Int Token' 1372s + '[' '!' -e /tmp/sssd-softhsm2-certs-zihgnH/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 1372s + local key_file 1372s + local decrypted_key 1372s + mkdir -p /tmp/sssd-softhsm2-certs-zihgnH/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 1372s + key_file=/tmp/sssd-softhsm2-certs-zihgnH/test-sub-intermediate-CA-trusted-certificate-0001-key.pem 1372s + decrypted_key=/tmp/sssd-softhsm2-certs-zihgnH/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 1372s + cat 1372s + softhsm2-util --init-token --label 'Test Organization Sub Int Token' --pin 123456 --so-pin 123456 --free 1372s Slot 0 has a free/uninitialized token. 1372s The token has been initialized and is reassigned to slot 238014653 1372s + softhsm2-util --show-slots 1372s Available slots: 1372s Slot 238014653 1372s Slot info: 1372s Description: SoftHSM slot ID 0xe2fd0bd 1372s Manufacturer ID: SoftHSM project 1372s Hardware version: 2.6 1372s Firmware version: 2.6 1372s Token present: yes 1372s Token info: 1372s Manufacturer ID: SoftHSM project 1372s Model: SoftHSM v2 1372s Hardware version: 2.6 1372s Firmware version: 2.6 1372s Serial number: 67980c758e2fd0bd 1372s Initialized: yes 1372s User PIN init.: yes 1372s Label: Test Organization Sub Int Token 1372s Slot 1 1372s Slot info: 1372s Description: SoftHSM slot ID 0x1 1372s Manufacturer ID: SoftHSM project 1372s Hardware version: 2.6 1372s Firmware version: 2.6 1372s Token present: yes 1372s Token info: 1372s Manufacturer ID: SoftHSM project 1372s Model: SoftHSM v2 1372s Hardware version: 2.6 1372s Firmware version: 2.6 1372s Serial number: 1372s Initialized: no 1372s User PIN init.: no 1372s Label: 1372s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=/tmp/sssd-softhsm2-certs-zihgnH/test-sub-intermediate-CA-trusted-certificate-0001.pem --login --set-pin=123456 --label 'Test Organization Sub Intermediate Trusted Certificate 0001' --id 00112233445566778899FFAABBCCDDEEFF012345 1372s + openssl rsa -passin pass:random-sub-intermediate-ca-trusted-cert-0001-22143 -in /tmp/sssd-softhsm2-certs-zihgnH/test-sub-intermediate-CA-trusted-certificate-0001-key.pem -out /tmp/sssd-softhsm2-certs-zihgnH/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 1372s writing RSA key 1372s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --write --load-privkey=/tmp/sssd-softhsm2-certs-zihgnH/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem --login --set-pin=123456 --label 'Test Organization Sub Intermediate Trusted Certificate 0001 Key' --id 00112233445566778899FFAABBCCDDEEFF012345 1372s + rm /tmp/sssd-softhsm2-certs-zihgnH/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 1372s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --list-all 1372s Object 0: 1372s URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=67980c758e2fd0bd;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert 1372s Type: X.509 Certificate (RSA-1024) 1372s Expires: Tue Mar 18 18:12:19 2025 1372s Label: Test Organization Sub Intermediate Trusted Certificate 0001 1372s ID: 00:11:22:33:44:55:66:77:88:99:ff:aa:bb:cc:dd:ee:ff:01:23:45 1372s 1372s + echo 'Test Organization Sub Int Token' 1372s Test Organization Sub Int Token 1372s Certificates generation completed! 1372s + echo 'Certificates generation completed!' 1372s + exit 0 1372s + find /tmp/sssd-softhsm2-certs-zihgnH -type d -exec chmod 777 '{}' ';' 1372s + find /tmp/sssd-softhsm2-certs-zihgnH -type f -exec chmod 666 '{}' ';' 1373s + backup_file /etc/sssd/sssd.conf 1373s + '[' -z '' ']' 1373s ++ mktemp -d -t sssd-softhsm2-backups-XXXXXX 1373s + backupsdir=/tmp/sssd-softhsm2-backups-rpxPfG 1373s + '[' -e /etc/sssd/sssd.conf ']' 1373s + delete_paths+=("$1") 1373s + rm -f /etc/sssd/sssd.conf 1373s ++ runuser -u ubuntu -- sh -c 'echo ~' 1373s + user_home=/home/ubuntu 1373s + mkdir -p /home/ubuntu 1373s + chown ubuntu:ubuntu /home/ubuntu 1373s ++ runuser -u ubuntu -- sh -c 'echo ${XDG_CONFIG_HOME:-~/.config}' 1373s + user_config=/home/ubuntu/.config 1373s + system_config=/etc 1373s + softhsm2_conf_paths=("${AUTOPKGTEST_NORMAL_USER}:$user_config/softhsm2/softhsm2.conf" "root:$system_config/softhsm/softhsm2.conf") 1373s + for path_pair in "${softhsm2_conf_paths[@]}" 1373s + IFS=: 1373s + read -r -a path 1373s + path=/home/ubuntu/.config/softhsm2/softhsm2.conf 1373s + backup_file /home/ubuntu/.config/softhsm2/softhsm2.conf 1373s + '[' -z /tmp/sssd-softhsm2-backups-rpxPfG ']' 1373s + '[' -e /home/ubuntu/.config/softhsm2/softhsm2.conf ']' 1373s + delete_paths+=("$1") 1373s + rm -f /home/ubuntu/.config/softhsm2/softhsm2.conf 1373s + for path_pair in "${softhsm2_conf_paths[@]}" 1373s + IFS=: 1373s + read -r -a path 1373s + path=/etc/softhsm/softhsm2.conf 1373s + backup_file /etc/softhsm/softhsm2.conf 1373s + '[' -z /tmp/sssd-softhsm2-backups-rpxPfG ']' 1373s + '[' -e /etc/softhsm/softhsm2.conf ']' 1373s ++ dirname /etc/softhsm/softhsm2.conf 1373s + local back_dir=/tmp/sssd-softhsm2-backups-rpxPfG//etc/softhsm 1373s ++ basename /etc/softhsm/softhsm2.conf 1373s + local back_path=/tmp/sssd-softhsm2-backups-rpxPfG//etc/softhsm/softhsm2.conf 1373s + '[' '!' -e /tmp/sssd-softhsm2-backups-rpxPfG//etc/softhsm/softhsm2.conf ']' 1373s + mkdir -p /tmp/sssd-softhsm2-backups-rpxPfG//etc/softhsm 1373s + cp -a /etc/softhsm/softhsm2.conf /tmp/sssd-softhsm2-backups-rpxPfG//etc/softhsm/softhsm2.conf 1373s + restore_paths+=("$back_path") 1373s + rm -f /etc/softhsm/softhsm2.conf 1373s + test_authentication login /tmp/sssd-softhsm2-certs-zihgnH/softhsm2-test-root-CA-trusted-certificate-0001.conf /tmp/sssd-softhsm2-certs-zihgnH/test-full-chain-CA.pem 1373s + pam_service=login 1373s + certificate_config=/tmp/sssd-softhsm2-certs-zihgnH/softhsm2-test-root-CA-trusted-certificate-0001.conf 1373s + ca_db=/tmp/sssd-softhsm2-certs-zihgnH/test-full-chain-CA.pem 1373s + verification_options= 1373s + mkdir -p -m 700 /etc/sssd 1373s Using CA DB '/tmp/sssd-softhsm2-certs-zihgnH/test-full-chain-CA.pem' with verification options: '' 1373s + echo 'Using CA DB '\''/tmp/sssd-softhsm2-certs-zihgnH/test-full-chain-CA.pem'\'' with verification options: '\'''\''' 1373s + cat 1373s + chmod 600 /etc/sssd/sssd.conf 1373s + for path_pair in "${softhsm2_conf_paths[@]}" 1373s + IFS=: 1373s + read -r -a path 1373s + user=ubuntu 1373s + path=/home/ubuntu/.config/softhsm2/softhsm2.conf 1373s ++ dirname /home/ubuntu/.config/softhsm2/softhsm2.conf 1373s + runuser -u ubuntu -- mkdir -p /home/ubuntu/.config/softhsm2 1373s + runuser -u ubuntu -- ln -sf /tmp/sssd-softhsm2-certs-zihgnH/softhsm2-test-root-CA-trusted-certificate-0001.conf /home/ubuntu/.config/softhsm2/softhsm2.conf 1373s + runuser -u ubuntu -- softhsm2-util --show-slots 1373s + grep 'Test Organization' 1374s Label: Test Organization Root Tr Token 1374s + for path_pair in "${softhsm2_conf_paths[@]}" 1374s + IFS=: 1374s + read -r -a path 1374s + user=root 1374s + path=/etc/softhsm/softhsm2.conf 1374s ++ dirname /etc/softhsm/softhsm2.conf 1374s + runuser -u root -- mkdir -p /etc/softhsm 1374s + runuser -u root -- ln -sf /tmp/sssd-softhsm2-certs-zihgnH/softhsm2-test-root-CA-trusted-certificate-0001.conf /etc/softhsm/softhsm2.conf 1374s + runuser -u root -- softhsm2-util --show-slots 1374s + grep 'Test Organization' 1374s Label: Test Organization Root Tr Token 1374s + systemctl restart sssd 1375s + pam-auth-update --disable sss-smart-card-optional sss-smart-card-required 1377s + for alternative in "${alternative_pam_configs[@]}" 1377s + pam-auth-update --enable sss-smart-card-optional 1378s + cat /etc/pam.d/common-auth 1378s # 1378s # /etc/pam.d/common-auth - authentication settings common to all services 1378s # 1378s # This file is included from other service-specific PAM config files, 1378s # and should contain a list of the authentication modules that define 1378s # the central authentication scheme for use on the system 1378s # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the 1378s # traditional Unix authentication mechanisms. 1378s # 1378s # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. 1378s # To take advantage of this, it is recommended that you configure any 1378s # local modules either before or after the default block, and use 1378s # pam-auth-update to manage selection of other modules. See 1378s # pam-auth-update(8) for details. 1378s 1378s # here are the per-package modules (the "Primary" block) 1378s auth [success=3 default=ignore] pam_sss.so allow_missing_name try_cert_auth 1378s auth [success=2 default=ignore] pam_unix.so nullok try_first_pass 1378s auth [success=1 default=ignore] pam_sss.so use_first_pass 1378s # here's the fallback if no module succeeds 1378s auth requisite pam_deny.so 1378s # prime the stack with a positive return value if there isn't one already; 1378s # this avoids us returning an error just because nothing sets a success code 1378s # since the modules above will each just jump around 1378s auth required pam_permit.so 1378s # and here are more per-package modules (the "Additional" block) 1378s auth optional pam_cap.so 1378s # end of pam-auth-update config 1379s + echo -n -e 123456 1379s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 1379s pamtester: invoking pam_start(login, ubuntu, ...) 1379s pamtester: performing operation - authenticate 1380s PIN for Test Organization Root Tr Token: pamtester: successfully authenticated 1380s + echo -n -e 123456 1380s + runuser -u ubuntu -- pamtester -v login '' authenticate 1380s pamtester: invoking pam_start(login, , ...) 1380s pamtester: performing operation - authenticate 1381s PIN for Test Organization Root Tr Token: pamtester: successfully authenticated 1381s + echo -n -e wrong123456 1381s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 1381s pamtester: invoking pam_start(login, ubuntu, ...) 1381s pamtester: performing operation - authenticate 1384s PIN for Test Organization Root Tr Token: Password: pamtester: Authentication failure 1384s + echo -n -e wrong123456 1384s + runuser -u ubuntu -- pamtester -v login '' authenticate 1384s pamtester: invoking pam_start(login, , ...) 1384s pamtester: performing operation - authenticate 1389s PIN for Test Organization Root Tr Token: Password: pamtester: Authentication failure 1389s + echo -n -e 123456 1389s + pamtester -v login root authenticate 1389s pamtester: invoking pam_start(login, root, ...) 1389s pamtester: performing operation - authenticate 1391s Password: pamtester: Authentication failure 1391s + for alternative in "${alternative_pam_configs[@]}" 1391s + pam-auth-update --enable sss-smart-card-required 1393s PAM configuration 1393s ----------------- 1393s 1393s Incompatible PAM profiles selected. 1393s 1393s The following PAM profiles cannot be used together: 1393s 1393s SSS required smart card authentication, SSS optional smart card 1393s authentication 1393s 1393s Please select a different set of modules to enable. 1393s 1393s + cat /etc/pam.d/common-auth 1393s # 1393s # /etc/pam.d/common-auth - authentication settings common to all services 1393s # 1393s # This file is included from other service-specific PAM config files, 1393s # and should contain a list of the authentication modules that define 1393s # the central authentication scheme for use on the system 1393s # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the 1393s # traditional Unix authentication mechanisms. 1393s # 1393s # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. 1393s # To take advantage of this, it is recommended that you configure any 1393s # local modules either before or after the default block, and use 1393s # pam-auth-update to manage selection of other modules. See 1393s # pam-auth-update(8) for details. 1393s 1393s # here are the per-package modules (the "Primary" block) 1393s auth [success=3 ignore=ignore default=die] pam_sss.so allow_missing_name require_cert_auth 1393s auth [success=2 default=ignore] pam_unix.so nullok try_first_pass 1393s auth [success=1 default=ignore] pam_sss.so use_first_pass 1393s # here's the fallback if no module succeeds 1393s auth requisite pam_deny.so 1393s # prime the stack with a positive return value if there isn't one already; 1393s # this avoids us returning an error just because nothing sets a success code 1393s # since the modules above will each just jump around 1393s auth required pam_permit.so 1393s # and here are more per-package modules (the "Additional" block) 1393s auth optional pam_cap.so 1393s # end of pam-auth-update config 1393s + echo -n -e 123456 1393s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 1393s pamtester: invoking pam_start(login, ubuntu, ...) 1393s pamtester: performing operation - authenticate 1393s PIN for Test Organization Root Tr Token: pamtester: successfully authenticated 1393s + echo -n -e 123456 1393s + runuser -u ubuntu -- pamtester -v login '' authenticate 1393s pamtester: invoking pam_start(login, , ...) 1393s pamtester: performing operation - authenticate 1394s PIN for Test Organization Root Tr Token: pamtester: successfully authenticated 1394s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 1394s + echo -n -e wrong123456 1394s pamtester: invoking pam_start(login, ubuntu, ...) 1394s pamtester: performing operation - authenticate 1397s PIN for Test Organization Root Tr Token: pamtester: Authentication failure 1397s + echo -n -e wrong123456 1397s + runuser -u ubuntu -- pamtester -v login '' authenticate 1397s pamtester: invoking pam_start(login, , ...) 1397s pamtester: performing operation - authenticate 1400s PIN for Test Organization Root Tr Token: pamtester: Authentication failure 1400s + pamtester -v login root authenticate 1400s + echo -n -e 123456 1400s pamtester: invoking pam_start(login, root, ...) 1400s pamtester: performing operation - authenticate 1403s pamtester: Authentication service cannot retrieve authentication info 1403s + test_authentication login /tmp/sssd-softhsm2-certs-zihgnH/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf /tmp/sssd-softhsm2-certs-zihgnH/test-full-chain-CA.pem 1403s + pam_service=login 1403s + certificate_config=/tmp/sssd-softhsm2-certs-zihgnH/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 1403s + ca_db=/tmp/sssd-softhsm2-certs-zihgnH/test-full-chain-CA.pem 1403s + verification_options= 1403s + mkdir -p -m 700 /etc/sssd 1403s + echo 'Using CA DB '\''/tmp/sssd-softhsm2-certs-zihgnH/test-full-chain-CA.pem'\'' with verification options: '\'''\''' 1403s Using CA DB '/tmp/sssd-softhsm2-certs-zihgnH/test-full-chain-CA.pem' with verification options: '' 1403s + cat 1403s + chmod 600 /etc/sssd/sssd.conf 1403s + for path_pair in "${softhsm2_conf_paths[@]}" 1403s + IFS=: 1403s + read -r -a path 1403s + user=ubuntu 1403s + path=/home/ubuntu/.config/softhsm2/softhsm2.conf 1403s ++ dirname /home/ubuntu/.config/softhsm2/softhsm2.conf 1403s + runuser -u ubuntu -- mkdir -p /home/ubuntu/.config/softhsm2 1403s + runuser -u ubuntu -- ln -sf /tmp/sssd-softhsm2-certs-zihgnH/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf /home/ubuntu/.config/softhsm2/softhsm2.conf 1403s + runuser -u ubuntu -- softhsm2-util --show-slots 1403s + grep 'Test Organization' 1403s Label: Test Organization Sub Int Token 1403s + for path_pair in "${softhsm2_conf_paths[@]}" 1403s + IFS=: 1403s + read -r -a path 1403s + user=root 1403s + path=/etc/softhsm/softhsm2.conf 1403s ++ dirname /etc/softhsm/softhsm2.conf 1403s + runuser -u root -- mkdir -p /etc/softhsm 1403s + runuser -u root -- ln -sf /tmp/sssd-softhsm2-certs-zihgnH/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf /etc/softhsm/softhsm2.conf 1403s + runuser -u root -- softhsm2-util --show-slots 1403s + grep 'Test Organization' 1403s Label: Test Organization Sub Int Token 1403s + systemctl restart sssd 1404s + pam-auth-update --disable sss-smart-card-optional sss-smart-card-required 1406s + for alternative in "${alternative_pam_configs[@]}" 1406s + pam-auth-update --enable sss-smart-card-optional 1407s + cat /etc/pam.d/common-auth 1407s # 1407s # /etc/pam.d/common-auth - authentication settings common to all services 1407s # 1407s # This file is included from other service-specific PAM config files, 1407s # and should contain a list of the authentication modules that define 1407s # the central authentication scheme for use on the system 1407s # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the 1407s # traditional Unix authentication mechanisms. 1407s # 1407s # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. 1407s # To take advantage of this, it is recommended that you configure any 1407s # local modules either before or after the default block, and use 1407s # pam-auth-update to manage selection of other modules. See 1407s # pam-auth-update(8) for details. 1407s 1407s # here are the per-package modules (the "Primary" block) 1407s auth [success=3 default=ignore] pam_sss.so allow_missing_name try_cert_auth 1407s auth [success=2 default=ignore] pam_unix.so nullok try_first_pass 1407s auth [success=1 default=ignore] pam_sss.so use_first_pass 1407s # here's the fallback if no module succeeds 1407s auth requisite pam_deny.so 1407s # prime the stack with a positive return value if there isn't one already; 1407s # this avoids us returning an error just because nothing sets a success code 1407s # since the modules above will each just jump around 1407s auth required pam_permit.so 1407s # and here are more per-package modules (the "Additional" block) 1407s auth optional pam_cap.so 1407s # end of pam-auth-update config 1407s + echo -n -e 123456 1407s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 1407s pamtester: invoking pam_start(login, ubuntu, ...) 1407s pamtester: performing operation - authenticate 1408s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 1408s + runuser -u ubuntu -- pamtester -v login '' authenticate 1408s + echo -n -e 123456 1408s pamtester: invoking pam_start(login, , ...) 1408s pamtester: performing operation - authenticate 1408s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 1408s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 1408s + echo -n -e wrong123456 1408s pamtester: invoking pam_start(login, ubuntu, ...) 1408s pamtester: performing operation - authenticate 1412s PIN for Test Organization Sub Int Token: Password: pamtester: Authentication failure 1412s + echo -n -e wrong123456 1412s + runuser -u ubuntu -- pamtester -v login '' authenticate 1412s pamtester: invoking pam_start(login, , ...) 1412s pamtester: performing operation - authenticate 1414s PIN for Test Organization Sub Int Token: Password: pamtester: Authentication failure 1414s + pamtester -v login root authenticate 1414s + echo -n -e 123456 1414s pamtester: invoking pam_start(login, root, ...) 1415s pamtester: performing operation - authenticate 1418s Password: pamtester: Authentication failure 1418s + for alternative in "${alternative_pam_configs[@]}" 1418s + pam-auth-update --enable sss-smart-card-required 1419s PAM configuration 1419s ----------------- 1419s 1419s Incompatible PAM profiles selected. 1419s 1419s The following PAM profiles cannot be used together: 1419s 1419s SSS required smart card authentication, SSS optional smart card 1419s authentication 1419s 1419s Please select a different set of modules to enable. 1419s 1419s + cat /etc/pam.d/common-auth 1419s # 1419s # /etc/pam.d/common-auth - authentication settings common to all services 1419s # 1419s # This file is included from other service-specific PAM config files, 1419s # and should contain a list of the authentication modules that define 1419s # the central authentication scheme for use on the system 1419s # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the 1419s # traditional Unix authentication mechanisms. 1419s # 1419s # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. 1419s # To take advantage of this, it is recommended that you configure any 1419s # local modules either before or after the default block, and use 1419s # pam-auth-update to manage selection of other modules. See 1419s # pam-auth-update(8) for details. 1419s 1419s # here are the per-package modules (the "Primary" block) 1419s auth [success=3 ignore=ignore default=die] pam_sss.so allow_missing_name require_cert_auth 1419s auth [success=2 default=ignore] pam_unix.so nullok try_first_pass 1419s auth [success=1 default=ignore] pam_sss.so use_first_pass 1419s # here's the fallback if no module succeeds 1419s auth requisite pam_deny.so 1419s # prime the stack with a positive return value if there isn't one already; 1419s # this avoids us returning an error just because nothing sets a success code 1419s # since the modules above will each just jump around 1419s auth required pam_permit.so 1419s # and here are more per-package modules (the "Additional" block) 1419s auth optional pam_cap.so 1419s # end of pam-auth-update config 1419s + echo -n -e 123456 1419s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 1419s pamtester: invoking pam_start(login, ubuntu, ...) 1419s pamtester: performing operation - authenticate 1420s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 1420s + echo -n -e 123456 1420s + runuser -u ubuntu -- pamtester -v login '' authenticate 1420s pamtester: invoking pam_start(login, , ...) 1420s pamtester: performing operation - authenticate 1420s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 1420s + echo -n -e wrong123456 1420s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 1420s pamtester: invoking pam_start(login, ubuntu, ...) 1420s pamtester: performing operation - authenticate 1424s PIN for Test Organization Sub Int Token: pamtester: Authentication failure 1424s + runuser -u ubuntu -- pamtester -v login '' authenticate 1424s + echo -n -e wrong123456 1424s pamtester: invoking pam_start(login, , ...) 1424s pamtester: performing operation - authenticate 1427s PIN for Test Organization Sub Int Token: pamtester: Authentication failure 1427s + echo -n -e 123456 1427s + pamtester -v login root authenticate 1427s pamtester: invoking pam_start(login, root, ...) 1427s pamtester: performing operation - authenticate 1431s pamtester: Authentication service cannot retrieve authentication info 1431s + test_authentication login /tmp/sssd-softhsm2-certs-zihgnH/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf /tmp/sssd-softhsm2-certs-zihgnH/test-sub-intermediate-CA.pem partial_chain 1431s + pam_service=login 1431s + certificate_config=/tmp/sssd-softhsm2-certs-zihgnH/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 1431s + ca_db=/tmp/sssd-softhsm2-certs-zihgnH/test-sub-intermediate-CA.pem 1431s + verification_options=partial_chain 1431s + mkdir -p -m 700 /etc/sssd 1431s Using CA DB '/tmp/sssd-softhsm2-certs-zihgnH/test-sub-intermediate-CA.pem' with verification options: 'partial_chain' 1431s + echo 'Using CA DB '\''/tmp/sssd-softhsm2-certs-zihgnH/test-sub-intermediate-CA.pem'\'' with verification options: '\''partial_chain'\''' 1431s + cat 1431s + chmod 600 /etc/sssd/sssd.conf 1431s + for path_pair in "${softhsm2_conf_paths[@]}" 1431s + IFS=: 1431s + read -r -a path 1431s + user=ubuntu 1431s + path=/home/ubuntu/.config/softhsm2/softhsm2.conf 1431s ++ dirname /home/ubuntu/.config/softhsm2/softhsm2.conf 1431s + runuser -u ubuntu -- mkdir -p /home/ubuntu/.config/softhsm2 1431s + runuser -u ubuntu -- ln -sf /tmp/sssd-softhsm2-certs-zihgnH/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf /home/ubuntu/.config/softhsm2/softhsm2.conf 1431s + runuser -u ubuntu -- softhsm2-util --show-slots 1431s + grep 'Test Organization' 1431s Label: Test Organization Sub Int Token 1431s + for path_pair in "${softhsm2_conf_paths[@]}" 1431s + IFS=: 1431s + read -r -a path 1431s + user=root 1431s + path=/etc/softhsm/softhsm2.conf 1431s ++ dirname /etc/softhsm/softhsm2.conf 1431s + runuser -u root -- mkdir -p /etc/softhsm 1431s + runuser -u root -- ln -sf /tmp/sssd-softhsm2-certs-zihgnH/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf /etc/softhsm/softhsm2.conf 1431s + runuser -u root -- softhsm2-util --show-slots 1431s + grep 'Test Organization' 1431s Label: Test Organization Sub Int Token 1431s + systemctl restart sssd 1432s + pam-auth-update --disable sss-smart-card-optional sss-smart-card-required 1434s + for alternative in "${alternative_pam_configs[@]}" 1434s + pam-auth-update --enable sss-smart-card-optional 1435s + cat /etc/pam.d/common-auth 1435s # 1435s # /etc/pam.d/common-auth - authentication settings common to all services 1435s # 1435s # This file is included from other service-specific PAM config files, 1435s # and should contain a list of the authentication modules that define 1435s # the central authentication scheme for use on the system 1435s # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the 1435s # traditional Unix authentication mechanisms. 1435s # 1435s # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. 1435s # To take advantage of this, it is recommended that you configure any 1435s # local modules either before or after the default block, and use 1435s # pam-auth-update to manage selection of other modules. See 1435s # pam-auth-update(8) for details. 1435s 1435s # here are the per-package modules (the "Primary" block) 1435s auth [success=3 default=ignore] pam_sss.so allow_missing_name try_cert_auth 1435s auth [success=2 default=ignore] pam_unix.so nullok try_first_pass 1435s auth [success=1 default=ignore] pam_sss.so use_first_pass 1435s # here's the fallback if no module succeeds 1435s auth requisite pam_deny.so 1435s # prime the stack with a positive return value if there isn't one already; 1435s # this avoids us returning an error just because nothing sets a success code 1435s # since the modules above will each just jump around 1435s auth required pam_permit.so 1435s # and here are more per-package modules (the "Additional" block) 1435s auth optional pam_cap.so 1435s # end of pam-auth-update config 1435s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 1435s + echo -n -e 123456 1435s pamtester: invoking pam_start(login, ubuntu, ...) 1435s pamtester: performing operation - authenticate 1435s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 1435s + echo -n -e 123456 1435s + runuser -u ubuntu -- pamtester -v login '' authenticate 1435s pamtester: invoking pam_start(login, , ...) 1435s pamtester: performing operation - authenticate 1435s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 1435s + echo -n -e wrong123456 1435s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 1435s pamtester: invoking pam_start(login, ubuntu, ...) 1435s pamtester: performing operation - authenticate 1439s PIN for Test Organization Sub Int Token: Password: pamtester: Authentication failure 1439s + echo -n -e wrong123456 1439s + runuser -u ubuntu -- pamtester -v login '' authenticate 1439s pamtester: invoking pam_start(login, , ...) 1439s pamtester: performing operation - authenticate 1442s PIN for Test Organization Sub Int Token: Password: pamtester: Authentication failure 1443s + echo -n -e 123456 1443s + pamtester -v login root authenticate 1443s pamtester: invoking pam_start(login, root, ...) 1443s pamtester: performing operation - authenticate 1446s Password: pamtester: Authentication failure 1446s + for alternative in "${alternative_pam_configs[@]}" 1446s + pam-auth-update --enable sss-smart-card-required 1446s PAM configuration 1446s ----------------- 1446s 1446s Incompatible PAM profiles selected. 1446s 1446s The following PAM profiles cannot be used together: 1446s 1446s SSS required smart card authentication, SSS optional smart card 1446s authentication 1446s 1446s Please select a different set of modules to enable. 1446s 1446s + cat /etc/pam.d/common-auth 1446s # 1446s # /etc/pam.d/common-auth - authentication settings common to all services 1446s # 1446s # This file is included from other service-specific PAM config files, 1446s # and should contain a list of the authentication modules that define 1446s # the central authentication scheme for use on the system 1446s # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the 1446s # traditional Unix authentication mechanisms. 1446s # 1446s # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. 1446s # To take advantage of this, it is recommended that you configure any 1446s # local modules either before or after the default block, and use 1446s # pam-auth-update to manage selection of other modules. See 1446s # pam-auth-update(8) for details. 1446s 1446s # here are the per-package modules (the "Primary" block) 1446s auth [success=3 ignore=ignore default=die] pam_sss.so allow_missing_name require_cert_auth 1446s auth [success=2 default=ignore] pam_unix.so nullok try_first_pass 1446s auth [success=1 default=ignore] pam_sss.so use_first_pass 1446s # here's the fallback if no module succeeds 1446s auth requisite pam_deny.so 1446s # prime the stack with a positive return value if there isn't one already; 1446s # this avoids us returning an error just because nothing sets a success code 1446s # since the modules above will each just jump around 1446s auth required pam_permit.so 1446s # and here are more per-package modules (the "Additional" block) 1446s auth optional pam_cap.so 1446s # end of pam-auth-update config 1446s + echo -n -e 123456 1446s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 1446s pamtester: invoking pam_start(login, ubuntu, ...) 1446s pamtester: performing operation - authenticate 1447s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 1447s + echo -n -e 123456 1447s + runuser -u ubuntu -- pamtester -v login '' authenticate 1447s pamtester: invoking pam_start(login, , ...) 1447s pamtester: performing operation - authenticate 1447s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 1447s + echo -n -e wrong123456 1447s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 1447s pamtester: invoking pam_start(login, ubuntu, ...) 1447s pamtester: performing operation - authenticate 1450s PIN for Test Organization Sub Int Token: pamtester: Authentication failure 1450s + echo -n -e wrong123456 1450s + runuser -u ubuntu -- pamtester -v login '' authenticate 1450s pamtester: invoking pam_start(login, , ...) 1450s pamtester: performing operation - authenticate 1453s PIN for Test Organization Sub Int Token: pamtester: Authentication failure 1453s + pamtester -v login root authenticate 1453s + echo -n -e 123456 1453s pamtester: invoking pam_start(login, root, ...) 1453s pamtester: performing operation - authenticate 1456s pamtester: Authentication service cannot retrieve authentication info 1456s + handle_exit 1456s + exit_code=0 1456s + restore_changes 1456s + for path in "${restore_paths[@]}" 1456s + local original_path 1456s ++ realpath --strip --relative-base=/tmp/sssd-softhsm2-backups-rpxPfG /tmp/sssd-softhsm2-backups-rpxPfG//etc/softhsm/softhsm2.conf 1456s + original_path=/etc/softhsm/softhsm2.conf 1456s + rm /etc/softhsm/softhsm2.conf 1456s + mv /tmp/sssd-softhsm2-backups-rpxPfG//etc/softhsm/softhsm2.conf /etc/softhsm/softhsm2.conf 1456s + for path in "${delete_paths[@]}" 1456s + rm -f /etc/sssd/sssd.conf 1456s + for path in "${delete_paths[@]}" 1456s + rm -f /home/ubuntu/.config/softhsm2/softhsm2.conf 1456s + pam-auth-update --disable sss-smart-card-optional sss-smart-card-required 1457s + '[' -e /etc/sssd/sssd.conf ']' 1457s + systemctl stop sssd 1457s + '[' -e /etc/softhsm/softhsm2.conf ']' 1457s + chmod 600 /etc/softhsm/softhsm2.conf 1457s + rm -rf /tmp/sssd-softhsm2-certs-zihgnH 1457s + '[' 0 = 0 ']' 1457s + rm -rf /tmp/sssd-softhsm2-backups-rpxPfG 1457s Script completed successfully! 1457s + set +x 1458s autopkgtest [18:13:48]: test sssd-smart-card-pam-auth-configs: -----------------------] 1458s sssd-smart-card-pam-auth-configs PASS 1458s autopkgtest [18:13:48]: test sssd-smart-card-pam-auth-configs: - - - - - - - - - - results - - - - - - - - - - 1459s autopkgtest [18:13:49]: @@@@@@@@@@@@@@@@@@@@ summary 1459s ldap-user-group-ldap-auth PASS 1459s ldap-user-group-krb5-auth PASS 1459s sssd-softhism2-certificates-tests.sh PASS 1459s sssd-smart-card-pam-auth-configs PASS 1479s Creating nova instance adt-noble-arm64-sssd-20240318-174930-juju-7f2275-prod-proposed-migration-environment-2 from image adt/ubuntu-noble-arm64-server-20240318.img (UUID 7ae91b52-a2f6-4b2b-830b-40f0853811cb)... 1479s Creating nova instance adt-noble-arm64-sssd-20240318-174930-juju-7f2275-prod-proposed-migration-environment-2 from image adt/ubuntu-noble-arm64-server-20240318.img (UUID 7ae91b52-a2f6-4b2b-830b-40f0853811cb)...