0s autopkgtest [04:42:47]: starting date and time: 2024-03-20 04:42:47+0000 0s autopkgtest [04:42:47]: git checkout: 4a1cd702 l/adt_testbed: don't blame the testbed for unsolvable build deps 0s autopkgtest [04:42:47]: host juju-7f2275-prod-proposed-migration-environment-2; command line: /home/ubuntu/autopkgtest/runner/autopkgtest --output-dir /tmp/autopkgtest-work.capa1lhw/out --timeout-copy=6000 --setup-commands /home/ubuntu/autopkgtest-cloud/worker-config-production/setup-canonical.sh --apt-pocket=proposed=src:libselinux,src:ruby-defaults --apt-upgrade sssd --timeout-short=300 --timeout-copy=20000 --timeout-build=20000 '--env=ADT_TEST_TRIGGERS=libselinux/3.5-2ubuntu1 ruby-defaults/1:3.2~ubuntu1' -- ssh -s /home/ubuntu/autopkgtest/ssh-setup/nova -- --flavor autopkgtest --security-groups autopkgtest-juju-7f2275-prod-proposed-migration-environment-2@bos02-arm64-13.secgroup --name adt-noble-arm64-sssd-20240320-044247-juju-7f2275-prod-proposed-migration-environment-2 --image adt/ubuntu-noble-arm64-server --keyname testbed-juju-7f2275-prod-proposed-migration-environment-2 --net-id=net_prod-proposed-migration -e TERM=linux -e ''"'"'http_proxy=http://squid.internal:3128'"'"'' -e ''"'"'https_proxy=http://squid.internal:3128'"'"'' -e ''"'"'no_proxy=127.0.0.1,127.0.1.1,login.ubuntu.com,localhost,localdomain,novalocal,internal,archive.ubuntu.com,ports.ubuntu.com,security.ubuntu.com,ddebs.ubuntu.com,changelogs.ubuntu.com,launchpadlibrarian.net,launchpadcontent.net,launchpad.net,10.24.0.0/24,keystone.ps5.canonical.com,objectstorage.prodstack5.canonical.com'"'"'' --mirror=http://ftpmaster.internal/ubuntu/ 136s autopkgtest [04:45:03]: testbed dpkg architecture: arm64 136s autopkgtest [04:45:03]: testbed apt version: 2.7.12 136s autopkgtest [04:45:03]: @@@@@@@@@@@@@@@@@@@@ test bed setup 138s Get:1 http://ftpmaster.internal/ubuntu noble-proposed InRelease [117 kB] 138s Get:2 http://ftpmaster.internal/ubuntu noble-proposed/main Sources [497 kB] 139s Get:3 http://ftpmaster.internal/ubuntu noble-proposed/restricted Sources [6540 B] 139s Get:4 http://ftpmaster.internal/ubuntu noble-proposed/multiverse Sources [52.7 kB] 139s Get:5 http://ftpmaster.internal/ubuntu noble-proposed/universe Sources [3808 kB] 139s Get:6 http://ftpmaster.internal/ubuntu noble-proposed/main arm64 Packages [671 kB] 140s Get:7 http://ftpmaster.internal/ubuntu noble-proposed/main arm64 c-n-f Metadata [3144 B] 140s Get:8 http://ftpmaster.internal/ubuntu noble-proposed/restricted arm64 Packages [41.7 kB] 140s Get:9 http://ftpmaster.internal/ubuntu noble-proposed/restricted arm64 c-n-f Metadata [116 B] 140s Get:10 http://ftpmaster.internal/ubuntu noble-proposed/universe arm64 Packages [4217 kB] 140s Get:11 http://ftpmaster.internal/ubuntu noble-proposed/universe arm64 c-n-f Metadata [8528 B] 140s Get:12 http://ftpmaster.internal/ubuntu noble-proposed/multiverse arm64 Packages [56.7 kB] 140s Get:13 http://ftpmaster.internal/ubuntu noble-proposed/multiverse arm64 c-n-f Metadata [116 B] 150s Fetched 9478 kB in 5s (1820 kB/s) 151s Reading package lists... 156s Reading package lists... 157s Building dependency tree... 157s Reading state information... 159s Calculating upgrade... 160s The following packages will be upgraded: 160s libselinux1 160s 1 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 160s Need to get 79.8 kB of archives. 160s After this operation, 0 B of additional disk space will be used. 160s Get:1 http://ftpmaster.internal/ubuntu noble-proposed/main arm64 libselinux1 arm64 3.5-2ubuntu1 [79.8 kB] 161s Fetched 79.8 kB in 0s (215 kB/s) 162s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 75850 files and directories currently installed.) 162s Preparing to unpack .../libselinux1_3.5-2ubuntu1_arm64.deb ... 162s Unpacking libselinux1:arm64 (3.5-2ubuntu1) over (3.5-2build1) ... 162s Setting up libselinux1:arm64 (3.5-2ubuntu1) ... 162s Processing triggers for libc-bin (2.39-0ubuntu2) ... 163s Reading package lists... 164s Building dependency tree... 164s Reading state information... 166s 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 167s Hit:1 http://ftpmaster.internal/ubuntu noble-proposed InRelease 167s Hit:2 http://ftpmaster.internal/ubuntu noble InRelease 167s Hit:3 http://ftpmaster.internal/ubuntu noble-updates InRelease 167s Hit:4 http://ftpmaster.internal/ubuntu noble-security InRelease 173s Reading package lists... 173s Reading package lists... 174s Building dependency tree... 174s Reading state information... 176s Calculating upgrade... 177s 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 177s Reading package lists... 178s Building dependency tree... 178s Reading state information... 180s 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 184s autopkgtest [04:45:51]: testbed running kernel: Linux 6.8.0-11-generic #11-Ubuntu SMP PREEMPT_DYNAMIC Wed Feb 14 02:53:31 UTC 2024 184s autopkgtest [04:45:51]: @@@@@@@@@@@@@@@@@@@@ apt-source sssd 211s Get:1 http://ftpmaster.internal/ubuntu noble/main sssd 2.9.4-1ubuntu1 (dsc) [5269 B] 211s Get:2 http://ftpmaster.internal/ubuntu noble/main sssd 2.9.4-1ubuntu1 (tar) [7983 kB] 211s Get:3 http://ftpmaster.internal/ubuntu noble/main sssd 2.9.4-1ubuntu1 (asc) [833 B] 211s Get:4 http://ftpmaster.internal/ubuntu noble/main sssd 2.9.4-1ubuntu1 (diff) [48.4 kB] 212s gpgv: Signature made Mon Feb 26 21:56:54 2024 UTC 212s gpgv: using RSA key E92FD0B36B14F1F4D8E0EB2F106DA1C8C3CBBF14 212s gpgv: Can't check signature: No public key 212s dpkg-source: warning: cannot verify inline signature for ./sssd_2.9.4-1ubuntu1.dsc: no acceptable signature found 214s autopkgtest [04:46:21]: testing package sssd version 2.9.4-1ubuntu1 214s autopkgtest [04:46:21]: build not needed 217s autopkgtest [04:46:24]: test ldap-user-group-ldap-auth: preparing testbed 219s Reading package lists... 220s Building dependency tree... 220s Reading state information... 221s Starting pkgProblemResolver with broken count: 0 222s Starting 2 pkgProblemResolver with broken count: 0 222s Done 224s The following additional packages will be installed: 224s expect ldap-utils libavahi-client3 libavahi-common-data libavahi-common3 224s libbasicobjects0 libc-ares2 libcollection4 libcrack2 libdhash1 224s libevent-2.1-7 libini-config5 libipa-hbac-dev libipa-hbac0 libjose0 libkrad0 224s libldb2 libltdl7 libnfsidmap1 libnss-sss libnss-sudo libodbc2 224s libpam-pwquality libpam-sss libpath-utils1 libpwquality-common libpwquality1 224s libref-array1 libsmbclient libsss-certmap-dev libsss-certmap0 224s libsss-idmap-dev libsss-idmap0 libsss-nss-idmap-dev libsss-nss-idmap0 224s libsss-sudo libtalloc2 libtcl8.6 libtdb1 libtevent0 libverto-libevent1 224s libverto1 libwbclient0 python3-libipa-hbac python3-libsss-nss-idmap 224s python3-sss samba-libs slapd sssd sssd-ad sssd-ad-common sssd-common 224s sssd-dbus sssd-idp sssd-ipa sssd-kcm sssd-krb5 sssd-krb5-common sssd-ldap 224s sssd-passkey sssd-proxy sssd-tools tcl-expect tcl8.6 224s Suggested packages: 224s tk8.6 libsasl2-modules-gssapi-mit | libsasl2-modules-gssapi-heimdal 224s odbc-postgresql tdsodbc adcli libsasl2-modules-ldap tcl-tclreadline 224s Recommended packages: 224s cracklib-runtime libsasl2-modules-gssapi-mit 224s | libsasl2-modules-gssapi-heimdal 224s The following NEW packages will be installed: 224s autopkgtest-satdep expect ldap-utils libavahi-client3 libavahi-common-data 224s libavahi-common3 libbasicobjects0 libc-ares2 libcollection4 libcrack2 224s libdhash1 libevent-2.1-7 libini-config5 libipa-hbac-dev libipa-hbac0 224s libjose0 libkrad0 libldb2 libltdl7 libnfsidmap1 libnss-sss libnss-sudo 224s libodbc2 libpam-pwquality libpam-sss libpath-utils1 libpwquality-common 224s libpwquality1 libref-array1 libsmbclient libsss-certmap-dev libsss-certmap0 224s libsss-idmap-dev libsss-idmap0 libsss-nss-idmap-dev libsss-nss-idmap0 224s libsss-sudo libtalloc2 libtcl8.6 libtdb1 libtevent0 libverto-libevent1 224s libverto1 libwbclient0 python3-libipa-hbac python3-libsss-nss-idmap 224s python3-sss samba-libs slapd sssd sssd-ad sssd-ad-common sssd-common 224s sssd-dbus sssd-idp sssd-ipa sssd-kcm sssd-krb5 sssd-krb5-common sssd-ldap 224s sssd-passkey sssd-proxy sssd-tools tcl-expect tcl8.6 224s 0 upgraded, 65 newly installed, 0 to remove and 0 not upgraded. 224s Need to get 12.6 MB/12.6 MB of archives. 224s After this operation, 59.9 MB of additional disk space will be used. 224s Get:1 /tmp/autopkgtest.imJSzo/1-autopkgtest-satdep.deb autopkgtest-satdep arm64 0 [864 B] 224s Get:2 http://ftpmaster.internal/ubuntu noble/main arm64 libltdl7 arm64 2.4.7-7 [40.3 kB] 224s Get:3 http://ftpmaster.internal/ubuntu noble/main arm64 libodbc2 arm64 2.3.12-1 [144 kB] 225s Get:4 http://ftpmaster.internal/ubuntu noble/main arm64 slapd arm64 2.6.7+dfsg-1~exp1ubuntu1 [1515 kB] 225s Get:5 http://ftpmaster.internal/ubuntu noble/main arm64 libtcl8.6 arm64 8.6.13+dfsg-2 [980 kB] 225s Get:6 http://ftpmaster.internal/ubuntu noble/main arm64 tcl8.6 arm64 8.6.13+dfsg-2 [14.6 kB] 225s Get:7 http://ftpmaster.internal/ubuntu noble/universe arm64 tcl-expect arm64 5.45.4-2build1 [103 kB] 225s Get:8 http://ftpmaster.internal/ubuntu noble/universe arm64 expect arm64 5.45.4-2build1 [137 kB] 225s Get:9 http://ftpmaster.internal/ubuntu noble/main arm64 ldap-utils arm64 2.6.7+dfsg-1~exp1ubuntu1 [149 kB] 225s Get:10 http://ftpmaster.internal/ubuntu noble/main arm64 libavahi-common-data arm64 0.8-13ubuntu2 [29.5 kB] 225s Get:11 http://ftpmaster.internal/ubuntu noble/main arm64 libavahi-common3 arm64 0.8-13ubuntu2 [23.2 kB] 225s Get:12 http://ftpmaster.internal/ubuntu noble/main arm64 libavahi-client3 arm64 0.8-13ubuntu2 [27.3 kB] 225s Get:13 http://ftpmaster.internal/ubuntu noble/main arm64 libcrack2 arm64 2.9.6-5.1 [28.7 kB] 225s Get:14 http://ftpmaster.internal/ubuntu noble/main arm64 libevent-2.1-7 arm64 2.1.12-stable-9 [138 kB] 225s Get:15 http://ftpmaster.internal/ubuntu noble/universe arm64 libjose0 arm64 11-3 [44.1 kB] 225s Get:16 http://ftpmaster.internal/ubuntu noble/main arm64 libverto-libevent1 arm64 0.3.1-1ubuntu5 [5848 B] 225s Get:17 http://ftpmaster.internal/ubuntu noble/main arm64 libverto1 arm64 0.3.1-1ubuntu5 [10.2 kB] 225s Get:18 http://ftpmaster.internal/ubuntu noble/main arm64 libkrad0 arm64 1.20.1-5build1 [22.1 kB] 225s Get:19 http://ftpmaster.internal/ubuntu noble/main arm64 libtalloc2 arm64 2.4.2-1 [26.6 kB] 225s Get:20 http://ftpmaster.internal/ubuntu noble/main arm64 libtdb1 arm64 1.4.10-1 [48.4 kB] 225s Get:21 http://ftpmaster.internal/ubuntu noble/main arm64 libtevent0 arm64 0.16.1-1 [41.8 kB] 225s Get:22 http://ftpmaster.internal/ubuntu noble/main arm64 libldb2 arm64 2:2.8.0+samba4.19.5+dfsg-1ubuntu1 [187 kB] 225s Get:23 http://ftpmaster.internal/ubuntu noble/main arm64 libnfsidmap1 arm64 1:2.6.3-3ubuntu1 [47.1 kB] 225s Get:24 http://ftpmaster.internal/ubuntu noble/universe arm64 libnss-sudo all 1.9.15p5-3ubuntu1 [14.9 kB] 225s Get:25 http://ftpmaster.internal/ubuntu noble/main arm64 libpwquality-common all 1.4.5-3 [7658 B] 225s Get:26 http://ftpmaster.internal/ubuntu noble/main arm64 libpwquality1 arm64 1.4.5-3 [13.2 kB] 225s Get:27 http://ftpmaster.internal/ubuntu noble/main arm64 libpam-pwquality arm64 1.4.5-3 [11.6 kB] 225s Get:28 http://ftpmaster.internal/ubuntu noble/main arm64 libwbclient0 arm64 2:4.19.5+dfsg-1ubuntu1 [70.6 kB] 225s Get:29 http://ftpmaster.internal/ubuntu noble/main arm64 samba-libs arm64 2:4.19.5+dfsg-1ubuntu1 [6061 kB] 225s Get:30 http://ftpmaster.internal/ubuntu noble/main arm64 libnss-sss arm64 2.9.4-1ubuntu1 [31.7 kB] 225s Get:31 http://ftpmaster.internal/ubuntu noble/main arm64 libpam-sss arm64 2.9.4-1ubuntu1 [48.8 kB] 225s Get:32 http://ftpmaster.internal/ubuntu noble/main arm64 python3-sss arm64 2.9.4-1ubuntu1 [46.5 kB] 225s Get:33 http://ftpmaster.internal/ubuntu noble/main arm64 libc-ares2 arm64 1.27.0-1 [74.1 kB] 225s Get:34 http://ftpmaster.internal/ubuntu noble/main arm64 libdhash1 arm64 0.6.2-2 [8540 B] 225s Get:35 http://ftpmaster.internal/ubuntu noble/main arm64 libbasicobjects0 arm64 0.6.2-2 [5586 B] 225s Get:36 http://ftpmaster.internal/ubuntu noble/main arm64 libcollection4 arm64 0.6.2-2 [23.0 kB] 225s Get:37 http://ftpmaster.internal/ubuntu noble/main arm64 libpath-utils1 arm64 0.6.2-2 [8722 B] 225s Get:38 http://ftpmaster.internal/ubuntu noble/main arm64 libref-array1 arm64 0.6.2-2 [7042 B] 225s Get:39 http://ftpmaster.internal/ubuntu noble/main arm64 libini-config5 arm64 0.6.2-2 [43.7 kB] 225s Get:40 http://ftpmaster.internal/ubuntu noble/main arm64 libsss-certmap0 arm64 2.9.4-1ubuntu1 [45.8 kB] 225s Get:41 http://ftpmaster.internal/ubuntu noble/main arm64 libsss-idmap0 arm64 2.9.4-1ubuntu1 [21.8 kB] 225s Get:42 http://ftpmaster.internal/ubuntu noble/main arm64 libsss-nss-idmap0 arm64 2.9.4-1ubuntu1 [30.3 kB] 225s Get:43 http://ftpmaster.internal/ubuntu noble/main arm64 sssd-common arm64 2.9.4-1ubuntu1 [1147 kB] 226s Get:44 http://ftpmaster.internal/ubuntu noble/universe arm64 sssd-idp arm64 2.9.4-1ubuntu1 [27.9 kB] 226s Get:45 http://ftpmaster.internal/ubuntu noble/universe arm64 sssd-passkey arm64 2.9.4-1ubuntu1 [32.7 kB] 226s Get:46 http://ftpmaster.internal/ubuntu noble/main arm64 sssd-ad-common arm64 2.9.4-1ubuntu1 [75.4 kB] 226s Get:47 http://ftpmaster.internal/ubuntu noble/main arm64 sssd-krb5-common arm64 2.9.4-1ubuntu1 [87.9 kB] 226s Get:48 http://ftpmaster.internal/ubuntu noble/main arm64 libsmbclient arm64 2:4.19.5+dfsg-1ubuntu1 [62.2 kB] 226s Get:49 http://ftpmaster.internal/ubuntu noble/main arm64 sssd-ad arm64 2.9.4-1ubuntu1 [134 kB] 226s Get:50 http://ftpmaster.internal/ubuntu noble/main arm64 libipa-hbac0 arm64 2.9.4-1ubuntu1 [16.7 kB] 226s Get:51 http://ftpmaster.internal/ubuntu noble/main arm64 sssd-ipa arm64 2.9.4-1ubuntu1 [220 kB] 226s Get:52 http://ftpmaster.internal/ubuntu noble/main arm64 sssd-krb5 arm64 2.9.4-1ubuntu1 [14.3 kB] 226s Get:53 http://ftpmaster.internal/ubuntu noble/main arm64 sssd-ldap arm64 2.9.4-1ubuntu1 [31.3 kB] 226s Get:54 http://ftpmaster.internal/ubuntu noble/main arm64 sssd-proxy arm64 2.9.4-1ubuntu1 [44.6 kB] 226s Get:55 http://ftpmaster.internal/ubuntu noble/main arm64 sssd arm64 2.9.4-1ubuntu1 [4120 B] 226s Get:56 http://ftpmaster.internal/ubuntu noble/main arm64 sssd-dbus arm64 2.9.4-1ubuntu1 [103 kB] 226s Get:57 http://ftpmaster.internal/ubuntu noble/universe arm64 sssd-kcm arm64 2.9.4-1ubuntu1 [139 kB] 226s Get:58 http://ftpmaster.internal/ubuntu noble/main arm64 sssd-tools arm64 2.9.4-1ubuntu1 [97.5 kB] 226s Get:59 http://ftpmaster.internal/ubuntu noble/main arm64 libipa-hbac-dev arm64 2.9.4-1ubuntu1 [6660 B] 226s Get:60 http://ftpmaster.internal/ubuntu noble/main arm64 libsss-certmap-dev arm64 2.9.4-1ubuntu1 [5722 B] 226s Get:61 http://ftpmaster.internal/ubuntu noble/main arm64 libsss-idmap-dev arm64 2.9.4-1ubuntu1 [8380 B] 226s Get:62 http://ftpmaster.internal/ubuntu noble/main arm64 libsss-nss-idmap-dev arm64 2.9.4-1ubuntu1 [6714 B] 226s Get:63 http://ftpmaster.internal/ubuntu noble/universe arm64 libsss-sudo arm64 2.9.4-1ubuntu1 [20.4 kB] 226s Get:64 http://ftpmaster.internal/ubuntu noble/universe arm64 python3-libipa-hbac arm64 2.9.4-1ubuntu1 [16.6 kB] 226s Get:65 http://ftpmaster.internal/ubuntu noble/universe arm64 python3-libsss-nss-idmap arm64 2.9.4-1ubuntu1 [9160 B] 227s Preconfiguring packages ... 227s Fetched 12.6 MB in 2s (7398 kB/s) 227s Selecting previously unselected package libltdl7:arm64. 228s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 75850 files and directories currently installed.) 228s Preparing to unpack .../00-libltdl7_2.4.7-7_arm64.deb ... 228s Unpacking libltdl7:arm64 (2.4.7-7) ... 228s Selecting previously unselected package libodbc2:arm64. 228s Preparing to unpack .../01-libodbc2_2.3.12-1_arm64.deb ... 228s Unpacking libodbc2:arm64 (2.3.12-1) ... 228s Selecting previously unselected package slapd. 228s Preparing to unpack .../02-slapd_2.6.7+dfsg-1~exp1ubuntu1_arm64.deb ... 229s Unpacking slapd (2.6.7+dfsg-1~exp1ubuntu1) ... 229s Selecting previously unselected package libtcl8.6:arm64. 229s Preparing to unpack .../03-libtcl8.6_8.6.13+dfsg-2_arm64.deb ... 229s Unpacking libtcl8.6:arm64 (8.6.13+dfsg-2) ... 229s Selecting previously unselected package tcl8.6. 229s Preparing to unpack .../04-tcl8.6_8.6.13+dfsg-2_arm64.deb ... 229s Unpacking tcl8.6 (8.6.13+dfsg-2) ... 229s Selecting previously unselected package tcl-expect:arm64. 229s Preparing to unpack .../05-tcl-expect_5.45.4-2build1_arm64.deb ... 229s Unpacking tcl-expect:arm64 (5.45.4-2build1) ... 229s Selecting previously unselected package expect. 229s Preparing to unpack .../06-expect_5.45.4-2build1_arm64.deb ... 229s Unpacking expect (5.45.4-2build1) ... 230s Selecting previously unselected package ldap-utils. 230s Preparing to unpack .../07-ldap-utils_2.6.7+dfsg-1~exp1ubuntu1_arm64.deb ... 230s Unpacking ldap-utils (2.6.7+dfsg-1~exp1ubuntu1) ... 230s Selecting previously unselected package libavahi-common-data:arm64. 230s Preparing to unpack .../08-libavahi-common-data_0.8-13ubuntu2_arm64.deb ... 230s Unpacking libavahi-common-data:arm64 (0.8-13ubuntu2) ... 230s Selecting previously unselected package libavahi-common3:arm64. 230s Preparing to unpack .../09-libavahi-common3_0.8-13ubuntu2_arm64.deb ... 230s Unpacking libavahi-common3:arm64 (0.8-13ubuntu2) ... 230s Selecting previously unselected package libavahi-client3:arm64. 230s Preparing to unpack .../10-libavahi-client3_0.8-13ubuntu2_arm64.deb ... 230s Unpacking libavahi-client3:arm64 (0.8-13ubuntu2) ... 230s Selecting previously unselected package libcrack2:arm64. 230s Preparing to unpack .../11-libcrack2_2.9.6-5.1_arm64.deb ... 230s Unpacking libcrack2:arm64 (2.9.6-5.1) ... 230s Selecting previously unselected package libevent-2.1-7:arm64. 230s Preparing to unpack .../12-libevent-2.1-7_2.1.12-stable-9_arm64.deb ... 230s Unpacking libevent-2.1-7:arm64 (2.1.12-stable-9) ... 230s Selecting previously unselected package libjose0:arm64. 230s Preparing to unpack .../13-libjose0_11-3_arm64.deb ... 230s Unpacking libjose0:arm64 (11-3) ... 230s Selecting previously unselected package libverto-libevent1:arm64. 230s Preparing to unpack .../14-libverto-libevent1_0.3.1-1ubuntu5_arm64.deb ... 230s Unpacking libverto-libevent1:arm64 (0.3.1-1ubuntu5) ... 230s Selecting previously unselected package libverto1:arm64. 231s Preparing to unpack .../15-libverto1_0.3.1-1ubuntu5_arm64.deb ... 231s Unpacking libverto1:arm64 (0.3.1-1ubuntu5) ... 231s Selecting previously unselected package libkrad0:arm64. 231s Preparing to unpack .../16-libkrad0_1.20.1-5build1_arm64.deb ... 231s Unpacking libkrad0:arm64 (1.20.1-5build1) ... 231s Selecting previously unselected package libtalloc2:arm64. 231s Preparing to unpack .../17-libtalloc2_2.4.2-1_arm64.deb ... 231s Unpacking libtalloc2:arm64 (2.4.2-1) ... 231s Selecting previously unselected package libtdb1:arm64. 231s Preparing to unpack .../18-libtdb1_1.4.10-1_arm64.deb ... 231s Unpacking libtdb1:arm64 (1.4.10-1) ... 231s Selecting previously unselected package libtevent0:arm64. 231s Preparing to unpack .../19-libtevent0_0.16.1-1_arm64.deb ... 231s Unpacking libtevent0:arm64 (0.16.1-1) ... 231s Selecting previously unselected package libldb2:arm64. 231s Preparing to unpack .../20-libldb2_2%3a2.8.0+samba4.19.5+dfsg-1ubuntu1_arm64.deb ... 231s Unpacking libldb2:arm64 (2:2.8.0+samba4.19.5+dfsg-1ubuntu1) ... 231s Selecting previously unselected package libnfsidmap1:arm64. 231s Preparing to unpack .../21-libnfsidmap1_1%3a2.6.3-3ubuntu1_arm64.deb ... 231s Unpacking libnfsidmap1:arm64 (1:2.6.3-3ubuntu1) ... 231s Selecting previously unselected package libnss-sudo. 231s Preparing to unpack .../22-libnss-sudo_1.9.15p5-3ubuntu1_all.deb ... 231s Unpacking libnss-sudo (1.9.15p5-3ubuntu1) ... 231s Selecting previously unselected package libpwquality-common. 231s Preparing to unpack .../23-libpwquality-common_1.4.5-3_all.deb ... 231s Unpacking libpwquality-common (1.4.5-3) ... 231s Selecting previously unselected package libpwquality1:arm64. 232s Preparing to unpack .../24-libpwquality1_1.4.5-3_arm64.deb ... 232s Unpacking libpwquality1:arm64 (1.4.5-3) ... 232s Selecting previously unselected package libpam-pwquality:arm64. 232s Preparing to unpack .../25-libpam-pwquality_1.4.5-3_arm64.deb ... 232s Unpacking libpam-pwquality:arm64 (1.4.5-3) ... 232s Selecting previously unselected package libwbclient0:arm64. 232s Preparing to unpack .../26-libwbclient0_2%3a4.19.5+dfsg-1ubuntu1_arm64.deb ... 232s Unpacking libwbclient0:arm64 (2:4.19.5+dfsg-1ubuntu1) ... 232s Selecting previously unselected package samba-libs:arm64. 232s Preparing to unpack .../27-samba-libs_2%3a4.19.5+dfsg-1ubuntu1_arm64.deb ... 232s Unpacking samba-libs:arm64 (2:4.19.5+dfsg-1ubuntu1) ... 233s Selecting previously unselected package libnss-sss:arm64. 233s Preparing to unpack .../28-libnss-sss_2.9.4-1ubuntu1_arm64.deb ... 233s Unpacking libnss-sss:arm64 (2.9.4-1ubuntu1) ... 233s Selecting previously unselected package libpam-sss:arm64. 233s Preparing to unpack .../29-libpam-sss_2.9.4-1ubuntu1_arm64.deb ... 233s Unpacking libpam-sss:arm64 (2.9.4-1ubuntu1) ... 233s Selecting previously unselected package python3-sss. 233s Preparing to unpack .../30-python3-sss_2.9.4-1ubuntu1_arm64.deb ... 233s Unpacking python3-sss (2.9.4-1ubuntu1) ... 233s Selecting previously unselected package libc-ares2:arm64. 233s Preparing to unpack .../31-libc-ares2_1.27.0-1_arm64.deb ... 233s Unpacking libc-ares2:arm64 (1.27.0-1) ... 233s Selecting previously unselected package libdhash1:arm64. 233s Preparing to unpack .../32-libdhash1_0.6.2-2_arm64.deb ... 233s Unpacking libdhash1:arm64 (0.6.2-2) ... 233s Selecting previously unselected package libbasicobjects0:arm64. 233s Preparing to unpack .../33-libbasicobjects0_0.6.2-2_arm64.deb ... 233s Unpacking libbasicobjects0:arm64 (0.6.2-2) ... 233s Selecting previously unselected package libcollection4:arm64. 233s Preparing to unpack .../34-libcollection4_0.6.2-2_arm64.deb ... 233s Unpacking libcollection4:arm64 (0.6.2-2) ... 233s Selecting previously unselected package libpath-utils1:arm64. 233s Preparing to unpack .../35-libpath-utils1_0.6.2-2_arm64.deb ... 233s Unpacking libpath-utils1:arm64 (0.6.2-2) ... 234s Selecting previously unselected package libref-array1:arm64. 234s Preparing to unpack .../36-libref-array1_0.6.2-2_arm64.deb ... 234s Unpacking libref-array1:arm64 (0.6.2-2) ... 234s Selecting previously unselected package libini-config5:arm64. 234s Preparing to unpack .../37-libini-config5_0.6.2-2_arm64.deb ... 234s Unpacking libini-config5:arm64 (0.6.2-2) ... 234s Selecting previously unselected package libsss-certmap0. 234s Preparing to unpack .../38-libsss-certmap0_2.9.4-1ubuntu1_arm64.deb ... 234s Unpacking libsss-certmap0 (2.9.4-1ubuntu1) ... 234s Selecting previously unselected package libsss-idmap0. 234s Preparing to unpack .../39-libsss-idmap0_2.9.4-1ubuntu1_arm64.deb ... 234s Unpacking libsss-idmap0 (2.9.4-1ubuntu1) ... 234s Selecting previously unselected package libsss-nss-idmap0. 234s Preparing to unpack .../40-libsss-nss-idmap0_2.9.4-1ubuntu1_arm64.deb ... 234s Unpacking libsss-nss-idmap0 (2.9.4-1ubuntu1) ... 234s Selecting previously unselected package sssd-common. 234s Preparing to unpack .../41-sssd-common_2.9.4-1ubuntu1_arm64.deb ... 234s Unpacking sssd-common (2.9.4-1ubuntu1) ... 234s Selecting previously unselected package sssd-idp. 234s Preparing to unpack .../42-sssd-idp_2.9.4-1ubuntu1_arm64.deb ... 234s Unpacking sssd-idp (2.9.4-1ubuntu1) ... 235s Selecting previously unselected package sssd-passkey. 235s Preparing to unpack .../43-sssd-passkey_2.9.4-1ubuntu1_arm64.deb ... 235s Unpacking sssd-passkey (2.9.4-1ubuntu1) ... 235s Selecting previously unselected package sssd-ad-common. 235s Preparing to unpack .../44-sssd-ad-common_2.9.4-1ubuntu1_arm64.deb ... 235s Unpacking sssd-ad-common (2.9.4-1ubuntu1) ... 235s Selecting previously unselected package sssd-krb5-common. 235s Preparing to unpack .../45-sssd-krb5-common_2.9.4-1ubuntu1_arm64.deb ... 235s Unpacking sssd-krb5-common (2.9.4-1ubuntu1) ... 235s Selecting previously unselected package libsmbclient:arm64. 235s Preparing to unpack .../46-libsmbclient_2%3a4.19.5+dfsg-1ubuntu1_arm64.deb ... 235s Unpacking libsmbclient:arm64 (2:4.19.5+dfsg-1ubuntu1) ... 235s Selecting previously unselected package sssd-ad. 235s Preparing to unpack .../47-sssd-ad_2.9.4-1ubuntu1_arm64.deb ... 235s Unpacking sssd-ad (2.9.4-1ubuntu1) ... 235s Selecting previously unselected package libipa-hbac0. 235s Preparing to unpack .../48-libipa-hbac0_2.9.4-1ubuntu1_arm64.deb ... 235s Unpacking libipa-hbac0 (2.9.4-1ubuntu1) ... 235s Selecting previously unselected package sssd-ipa. 235s Preparing to unpack .../49-sssd-ipa_2.9.4-1ubuntu1_arm64.deb ... 235s Unpacking sssd-ipa (2.9.4-1ubuntu1) ... 235s Selecting previously unselected package sssd-krb5. 235s Preparing to unpack .../50-sssd-krb5_2.9.4-1ubuntu1_arm64.deb ... 235s Unpacking sssd-krb5 (2.9.4-1ubuntu1) ... 235s Selecting previously unselected package sssd-ldap. 235s Preparing to unpack .../51-sssd-ldap_2.9.4-1ubuntu1_arm64.deb ... 235s Unpacking sssd-ldap (2.9.4-1ubuntu1) ... 236s Selecting previously unselected package sssd-proxy. 236s Preparing to unpack .../52-sssd-proxy_2.9.4-1ubuntu1_arm64.deb ... 236s Unpacking sssd-proxy (2.9.4-1ubuntu1) ... 236s Selecting previously unselected package sssd. 236s Preparing to unpack .../53-sssd_2.9.4-1ubuntu1_arm64.deb ... 236s Unpacking sssd (2.9.4-1ubuntu1) ... 236s Selecting previously unselected package sssd-dbus. 236s Preparing to unpack .../54-sssd-dbus_2.9.4-1ubuntu1_arm64.deb ... 236s Unpacking sssd-dbus (2.9.4-1ubuntu1) ... 236s Selecting previously unselected package sssd-kcm. 236s Preparing to unpack .../55-sssd-kcm_2.9.4-1ubuntu1_arm64.deb ... 236s Unpacking sssd-kcm (2.9.4-1ubuntu1) ... 236s Selecting previously unselected package sssd-tools. 236s Preparing to unpack .../56-sssd-tools_2.9.4-1ubuntu1_arm64.deb ... 236s Unpacking sssd-tools (2.9.4-1ubuntu1) ... 236s Selecting previously unselected package libipa-hbac-dev. 236s Preparing to unpack .../57-libipa-hbac-dev_2.9.4-1ubuntu1_arm64.deb ... 236s Unpacking libipa-hbac-dev (2.9.4-1ubuntu1) ... 236s Selecting previously unselected package libsss-certmap-dev. 236s Preparing to unpack .../58-libsss-certmap-dev_2.9.4-1ubuntu1_arm64.deb ... 236s Unpacking libsss-certmap-dev (2.9.4-1ubuntu1) ... 236s Selecting previously unselected package libsss-idmap-dev. 236s Preparing to unpack .../59-libsss-idmap-dev_2.9.4-1ubuntu1_arm64.deb ... 236s Unpacking libsss-idmap-dev (2.9.4-1ubuntu1) ... 237s Selecting previously unselected package libsss-nss-idmap-dev. 237s Preparing to unpack .../60-libsss-nss-idmap-dev_2.9.4-1ubuntu1_arm64.deb ... 237s Unpacking libsss-nss-idmap-dev (2.9.4-1ubuntu1) ... 237s Selecting previously unselected package libsss-sudo. 237s Preparing to unpack .../61-libsss-sudo_2.9.4-1ubuntu1_arm64.deb ... 237s Unpacking libsss-sudo (2.9.4-1ubuntu1) ... 237s Selecting previously unselected package python3-libipa-hbac. 237s Preparing to unpack .../62-python3-libipa-hbac_2.9.4-1ubuntu1_arm64.deb ... 237s Unpacking python3-libipa-hbac (2.9.4-1ubuntu1) ... 237s Selecting previously unselected package python3-libsss-nss-idmap. 237s Preparing to unpack .../63-python3-libsss-nss-idmap_2.9.4-1ubuntu1_arm64.deb ... 237s Unpacking python3-libsss-nss-idmap (2.9.4-1ubuntu1) ... 237s Selecting previously unselected package autopkgtest-satdep. 237s Preparing to unpack .../64-1-autopkgtest-satdep.deb ... 237s Unpacking autopkgtest-satdep (0) ... 237s Setting up libpwquality-common (1.4.5-3) ... 237s Setting up libpath-utils1:arm64 (0.6.2-2) ... 237s Setting up libnfsidmap1:arm64 (1:2.6.3-3ubuntu1) ... 237s Setting up libsss-idmap0 (2.9.4-1ubuntu1) ... 237s Setting up libbasicobjects0:arm64 (0.6.2-2) ... 237s Setting up libsss-idmap-dev (2.9.4-1ubuntu1) ... 237s Setting up libtdb1:arm64 (1.4.10-1) ... 237s Setting up libc-ares2:arm64 (1.27.0-1) ... 237s Setting up ldap-utils (2.6.7+dfsg-1~exp1ubuntu1) ... 237s Setting up libjose0:arm64 (11-3) ... 237s Setting up libwbclient0:arm64 (2:4.19.5+dfsg-1ubuntu1) ... 237s Setting up libtalloc2:arm64 (2.4.2-1) ... 237s Setting up libdhash1:arm64 (0.6.2-2) ... 237s Setting up libtevent0:arm64 (0.16.1-1) ... 237s Setting up libavahi-common-data:arm64 (0.8-13ubuntu2) ... 237s Setting up libevent-2.1-7:arm64 (2.1.12-stable-9) ... 237s Setting up libtcl8.6:arm64 (8.6.13+dfsg-2) ... 237s Setting up libltdl7:arm64 (2.4.7-7) ... 237s Setting up libcrack2:arm64 (2.9.6-5.1) ... 237s Setting up libcollection4:arm64 (0.6.2-2) ... 237s Setting up libodbc2:arm64 (2.3.12-1) ... 237s Setting up libipa-hbac0 (2.9.4-1ubuntu1) ... 237s Setting up python3-libipa-hbac (2.9.4-1ubuntu1) ... 237s Setting up libref-array1:arm64 (0.6.2-2) ... 237s Setting up libnss-sudo (1.9.15p5-3ubuntu1) ... 237s Setting up libldb2:arm64 (2:2.8.0+samba4.19.5+dfsg-1ubuntu1) ... 237s Setting up libsss-nss-idmap0 (2.9.4-1ubuntu1) ... 237s Setting up libnss-sss:arm64 (2.9.4-1ubuntu1) ... 238s Setting up slapd (2.6.7+dfsg-1~exp1ubuntu1) ... 239s Creating new user openldap... done. 239s Creating initial configuration... done. 239s Creating LDAP directory... done. 241s Setting up tcl8.6 (8.6.13+dfsg-2) ... 241s Setting up libsss-sudo (2.9.4-1ubuntu1) ... 241s Setting up libsss-nss-idmap-dev (2.9.4-1ubuntu1) ... 241s Setting up libipa-hbac-dev (2.9.4-1ubuntu1) ... 241s Setting up libini-config5:arm64 (0.6.2-2) ... 241s Setting up libavahi-common3:arm64 (0.8-13ubuntu2) ... 241s Setting up tcl-expect:arm64 (5.45.4-2build1) ... 241s Setting up python3-sss (2.9.4-1ubuntu1) ... 242s Setting up libsss-certmap0 (2.9.4-1ubuntu1) ... 242s Setting up libpwquality1:arm64 (1.4.5-3) ... 242s Setting up python3-libsss-nss-idmap (2.9.4-1ubuntu1) ... 242s Setting up libavahi-client3:arm64 (0.8-13ubuntu2) ... 242s Setting up expect (5.45.4-2build1) ... 242s Setting up libpam-pwquality:arm64 (1.4.5-3) ... 243s Setting up samba-libs:arm64 (2:4.19.5+dfsg-1ubuntu1) ... 243s Setting up libsss-certmap-dev (2.9.4-1ubuntu1) ... 243s Setting up libsmbclient:arm64 (2:4.19.5+dfsg-1ubuntu1) ... 243s Setting up libpam-sss:arm64 (2.9.4-1ubuntu1) ... 244s Setting up sssd-common (2.9.4-1ubuntu1) ... 244s Creating SSSD system user & group... 244s warn: The home directory `/var/lib/sss' already exists. Not touching this directory. 244s warn: Warning: The home directory `/var/lib/sss' does not belong to the user you are currently creating. 244s Warning: found usr.sbin.sssd in /etc/apparmor.d/force-complain, forcing complain mode 245s Warning from /etc/apparmor.d/usr.sbin.sssd (/etc/apparmor.d/usr.sbin.sssd line 63): Caching disabled for: 'usr.sbin.sssd' due to force complain 247s Created symlink /etc/systemd/system/sssd.service.wants/sssd-autofs.socket → /usr/lib/systemd/system/sssd-autofs.socket. 248s Created symlink /etc/systemd/system/sssd.service.wants/sssd-nss.socket → /usr/lib/systemd/system/sssd-nss.socket. 249s Created symlink /etc/systemd/system/sssd.service.wants/sssd-pam-priv.socket → /usr/lib/systemd/system/sssd-pam-priv.socket. 249s Created symlink /etc/systemd/system/sssd.service.wants/sssd-pam.socket → /usr/lib/systemd/system/sssd-pam.socket. 250s Created symlink /etc/systemd/system/sssd.service.wants/sssd-ssh.socket → /usr/lib/systemd/system/sssd-ssh.socket. 251s Created symlink /etc/systemd/system/sssd.service.wants/sssd-sudo.socket → /usr/lib/systemd/system/sssd-sudo.socket. 252s Created symlink /etc/systemd/system/multi-user.target.wants/sssd.service → /usr/lib/systemd/system/sssd.service. 253s sssd-autofs.service is a disabled or a static unit, not starting it. 254s sssd-nss.service is a disabled or a static unit, not starting it. 254s sssd-pam.service is a disabled or a static unit, not starting it. 254s sssd-ssh.service is a disabled or a static unit, not starting it. 254s sssd-sudo.service is a disabled or a static unit, not starting it. 254s Could not execute systemctl: at /usr/bin/deb-systemd-invoke line 148. 254s Setting up sssd-proxy (2.9.4-1ubuntu1) ... 254s Setting up sssd-kcm (2.9.4-1ubuntu1) ... 255s Created symlink /etc/systemd/system/sockets.target.wants/sssd-kcm.socket → /usr/lib/systemd/system/sssd-kcm.socket. 257s sssd-kcm.service is a disabled or a static unit, not starting it. 257s Setting up sssd-dbus (2.9.4-1ubuntu1) ... 258s sssd-ifp.service is a disabled or a static unit, not starting it. 258s Setting up sssd-ad-common (2.9.4-1ubuntu1) ... 259s Created symlink /etc/systemd/system/sssd.service.wants/sssd-pac.socket → /usr/lib/systemd/system/sssd-pac.socket. 261s sssd-pac.service is a disabled or a static unit, not starting it. 261s Could not execute systemctl: at /usr/bin/deb-systemd-invoke line 148. 261s Setting up sssd-krb5-common (2.9.4-1ubuntu1) ... 261s Setting up sssd-krb5 (2.9.4-1ubuntu1) ... 261s Setting up sssd-ldap (2.9.4-1ubuntu1) ... 261s Setting up sssd-ad (2.9.4-1ubuntu1) ... 261s Setting up sssd-tools (2.9.4-1ubuntu1) ... 261s Setting up sssd-ipa (2.9.4-1ubuntu1) ... 261s Setting up sssd (2.9.4-1ubuntu1) ... 261s Setting up libverto-libevent1:arm64 (0.3.1-1ubuntu5) ... 261s Setting up libverto1:arm64 (0.3.1-1ubuntu5) ... 261s Setting up libkrad0:arm64 (1.20.1-5build1) ... 261s Setting up sssd-passkey (2.9.4-1ubuntu1) ... 261s Setting up sssd-idp (2.9.4-1ubuntu1) ... 261s Setting up autopkgtest-satdep (0) ... 261s Processing triggers for libc-bin (2.39-0ubuntu2) ... 261s Processing triggers for ufw (0.36.2-5) ... 262s Processing triggers for man-db (2.12.0-3) ... 264s Processing triggers for dbus (1.14.10-4ubuntu1) ... 288s (Reading database ... 77135 files and directories currently installed.) 288s Removing autopkgtest-satdep (0) ... 289s autopkgtest [04:47:36]: test ldap-user-group-ldap-auth: [----------------------- 290s + . debian/tests/util 290s + . debian/tests/common-tests 290s + mydomain=example.com 290s + myhostname=ldap.example.com 290s + mysuffix=dc=example,dc=com 290s + admin_dn=cn=admin,dc=example,dc=com 290s + admin_pw=secret 290s + ldap_user=testuser1 290s + ldap_user_pw=testuser1secret 290s + ldap_group=ldapusers 290s + adjust_hostname ldap.example.com 290s + local myhostname=ldap.example.com 290s + echo ldap.example.com 290s + hostname ldap.example.com 290s + grep -qE ldap.example.com /etc/hosts 290s + echo 127.0.1.10 ldap.example.com 290s + reconfigure_slapd 290s + debconf-set-selections 290s + rm -rf /var/backups/*slapd* /var/backups/unknown*ldapdb 290s + dpkg-reconfigure -fnoninteractive -pcritical slapd 291s Backing up /etc/ldap/slapd.d in /var/backups/slapd-2.6.7+dfsg-1~exp1ubuntu1... done. 291s Moving old database directory to /var/backups: 291s - directory unknown... done. 292s Creating initial configuration... done. 292s Creating LDAP directory... done. 294s + generate_certs ldap.example.com 294s + local cn=ldap.example.com 294s + local cert=/etc/ldap/server.pem 294s + local key=/etc/ldap/server.key 294s + local cnf=/etc/ldap/openssl.cnf 294s + cat 294s + openssl req -new -x509 -nodes -out /etc/ldap/server.pem -keyout /etc/ldap/server.key -config /etc/ldap/openssl.cnf 294s ...............................................++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 294s .................................++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 294s ----- 294s + chmod 0640 /etc/ldap/server.key 294s + chgrp openldap /etc/ldap/server.key 294s + [ ! -f /etc/ldap/server.pem ] 294s + [ ! -f /etc/ldap/server.key ] 294s + enable_ldap_ssl 294s + cat 294s + cat 294s + ldapmodify -H ldapi:/// -Y EXTERNAL -Q 294s + populate_ldap_rfc2307 294s + cat 294s + ldapadd -x -D cn=admin,dc=example,dc=com -w secret 294s modifying entry "cn=config" 294s 294s adding new entry "ou=People,dc=example,dc=com" 294s 294s adding new entry "ou=Group,dc=example,dc=com" 294s 294s adding new entry "uid=testuser1,ou=People,dc=example,dc=com" 294s 294s adding new entry "cn=testuser1,ou=Group,dc=example,dc=com" 294s 294s adding new entry "cn=ldapusers,ou=Group,dc=example,dc=com" 294s 294s + configure_sssd_ldap_rfc2307 294s + cat 294s + chmod 0600 /etc/sssd/sssd.conf 294s + systemctl restart sssd 295s + enable_pam_mkhomedir 295s + grep -qE ^session.*pam_mkhomedir\.so /etc/pam.d/common-session 295s + echo session optional pam_mkhomedir.so 295s + run_common_tests 295s + echo Assert local user databases do not have our LDAP test data 295s Assert local user databases do not have our LDAP test data 295s + check_local_user testuser1 295s + local local_user=testuser1 295s + grep -q ^testuser1 /etc/passwd 295s + check_local_group testuser1 295s + local local_group=testuser1 295s + grep -q ^testuser1 /etc/group 295s + check_local_group ldapusers 295s + local local_group=ldapusers 295s + grep -q ^ldapusers /etc/group 295s + echo The LDAP user is known to the system via getent 295s The LDAP user is known to the system via getent 295s + check_getent_user testuser1 295s + local getent_user=testuser1 295s + local output 295s + getent passwd testuser1 295s + output=testuser1:*:10001:10001:testuser1:/home/testuser1:/bin/bash 295s + [ -z testuser1:*:10001:10001:testuser1:/home/testuser1:/bin/bash ] 295s + echo The LDAP user's private group is known to the system via getent 295s The LDAP user's private group is known to the system via getent 295s + check_getent_group testuser1 295s + local getent_group=testuser1 295s + local output 295s + getent group testuser1 295s + output=testuser1:*:10001:testuser1 295s + [ -z testuser1:*:10001:testuser1 ] 295s + echo The LDAP group ldapusers is known to the system via getent 295s + check_getent_group ldapusers 295s + local getent_group=ldapusers 295s + local output 295s The LDAP group ldapusers is known to the system via getent 295s + getent group ldapusers 295s + output=ldapusers:*:10100:testuser1 295s + [ -z ldapusers:*:10100:testuser1 ] 295s + echo The id(1) command can resolve the group membership of the LDAP user 295s The id(1) command can resolve the group membership of the LDAP user 295s + id -Gn testuser1 295s + output=testuser1 ldapusers 295s + [ testuser1 ldapusers != testuser1 ldapusers ] 295s The LDAP user can login on a terminal 295s + echo The LDAP user can login on a terminal 295s + /usr/bin/expect -f debian/tests/login.exp testuser1 testuser1secret 295s spawn login 295s ldap.example.com login: testuser1 295s Password: 295s Welcome to Ubuntu Noble Numbat (development branch) (GNU/Linux 6.8.0-11-generic aarch64) 295s 296s * Documentation: https://help.ubuntu.com 296s * Management: https://landscape.canonical.com 296s * Support: https://ubuntu.com/pro 296s 296s * Strictly confined Kubernetes makes edge and IoT secure. Learn how MicroK8s 296s just raised the bar for easy, resilient and secure K8s cluster deployment. 296s 296s https://ubuntu.com/engage/secure-kubernetes-at-the-edge 296s 296s The programs included with the Ubuntu system are free software; 296s the exact distribution terms for each program are described in the 296s individual files in /usr/share/doc/*/copyright. 296s 296s Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by 296s applicable law. 296s 296s 296s The programs included with the Ubuntu system are free software; 296s the exact distribution terms for each program are described in the 296s individual files in /usr/share/doc/*/copyright. 296s 296s Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by 296s applicable law. 296s 296s Creating directory '/home/testuser1'. 296s [?2004htestuser1@ldap:~$ id -un 296s [?2004l testuser1 296s [?2004htestuser1@ldap:~$ autopkgtest [04:47:43]: test ldap-user-group-ldap-auth: -----------------------] 297s autopkgtest [04:47:44]: test ldap-user-group-ldap-auth: - - - - - - - - - - results - - - - - - - - - - 297s ldap-user-group-ldap-auth PASS 298s autopkgtest [04:47:45]: test ldap-user-group-krb5-auth: preparing testbed 301s Reading package lists... 301s Building dependency tree... 301s Reading state information... 302s Starting pkgProblemResolver with broken count: 0 303s Starting 2 pkgProblemResolver with broken count: 0 303s Done 305s The following additional packages will be installed: 305s krb5-admin-server krb5-config krb5-kdc krb5-user libgssrpc4 305s libkadm5clnt-mit12 libkadm5srv-mit12 libkdb5-10 305s Suggested packages: 305s krb5-kdc-ldap krb5-kpropd krb5-k5tls krb5-doc 305s The following NEW packages will be installed: 305s autopkgtest-satdep krb5-admin-server krb5-config krb5-kdc krb5-user 305s libgssrpc4 libkadm5clnt-mit12 libkadm5srv-mit12 libkdb5-10 305s 0 upgraded, 9 newly installed, 0 to remove and 0 not upgraded. 305s Need to get 594 kB/595 kB of archives. 305s After this operation, 2907 kB of additional disk space will be used. 305s Get:1 /tmp/autopkgtest.imJSzo/2-autopkgtest-satdep.deb autopkgtest-satdep arm64 0 [888 B] 305s Get:2 http://ftpmaster.internal/ubuntu noble/main arm64 krb5-config all 2.7 [22.0 kB] 305s Get:3 http://ftpmaster.internal/ubuntu noble/main arm64 libgssrpc4 arm64 1.20.1-5build1 [57.4 kB] 305s Get:4 http://ftpmaster.internal/ubuntu noble/main arm64 libkadm5clnt-mit12 arm64 1.20.1-5build1 [39.9 kB] 305s Get:5 http://ftpmaster.internal/ubuntu noble/main arm64 libkdb5-10 arm64 1.20.1-5build1 [39.8 kB] 306s Get:6 http://ftpmaster.internal/ubuntu noble/main arm64 libkadm5srv-mit12 arm64 1.20.1-5build1 [53.2 kB] 306s Get:7 http://ftpmaster.internal/ubuntu noble/universe arm64 krb5-user arm64 1.20.1-5build1 [108 kB] 306s Get:8 http://ftpmaster.internal/ubuntu noble/universe arm64 krb5-kdc arm64 1.20.1-5build1 [180 kB] 306s Get:9 http://ftpmaster.internal/ubuntu noble/universe arm64 krb5-admin-server arm64 1.20.1-5build1 [94.6 kB] 307s Preconfiguring packages ... 307s Fetched 594 kB in 1s (965 kB/s) 308s Selecting previously unselected package krb5-config. 308s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 77135 files and directories currently installed.) 308s Preparing to unpack .../0-krb5-config_2.7_all.deb ... 308s Unpacking krb5-config (2.7) ... 308s Selecting previously unselected package libgssrpc4:arm64. 308s Preparing to unpack .../1-libgssrpc4_1.20.1-5build1_arm64.deb ... 308s Unpacking libgssrpc4:arm64 (1.20.1-5build1) ... 308s Selecting previously unselected package libkadm5clnt-mit12:arm64. 308s Preparing to unpack .../2-libkadm5clnt-mit12_1.20.1-5build1_arm64.deb ... 308s Unpacking libkadm5clnt-mit12:arm64 (1.20.1-5build1) ... 308s Selecting previously unselected package libkdb5-10:arm64. 308s Preparing to unpack .../3-libkdb5-10_1.20.1-5build1_arm64.deb ... 308s Unpacking libkdb5-10:arm64 (1.20.1-5build1) ... 308s Selecting previously unselected package libkadm5srv-mit12:arm64. 308s Preparing to unpack .../4-libkadm5srv-mit12_1.20.1-5build1_arm64.deb ... 308s Unpacking libkadm5srv-mit12:arm64 (1.20.1-5build1) ... 308s Selecting previously unselected package krb5-user. 308s Preparing to unpack .../5-krb5-user_1.20.1-5build1_arm64.deb ... 308s Unpacking krb5-user (1.20.1-5build1) ... 308s Selecting previously unselected package krb5-kdc. 308s Preparing to unpack .../6-krb5-kdc_1.20.1-5build1_arm64.deb ... 308s Unpacking krb5-kdc (1.20.1-5build1) ... 308s Selecting previously unselected package krb5-admin-server. 308s Preparing to unpack .../7-krb5-admin-server_1.20.1-5build1_arm64.deb ... 308s Unpacking krb5-admin-server (1.20.1-5build1) ... 309s Selecting previously unselected package autopkgtest-satdep. 309s Preparing to unpack .../8-2-autopkgtest-satdep.deb ... 309s Unpacking autopkgtest-satdep (0) ... 309s Setting up libgssrpc4:arm64 (1.20.1-5build1) ... 309s Setting up krb5-config (2.7) ... 310s Setting up libkadm5clnt-mit12:arm64 (1.20.1-5build1) ... 310s Setting up libkdb5-10:arm64 (1.20.1-5build1) ... 310s Setting up libkadm5srv-mit12:arm64 (1.20.1-5build1) ... 310s Setting up krb5-user (1.20.1-5build1) ... 310s update-alternatives: using /usr/bin/kinit.mit to provide /usr/bin/kinit (kinit) in auto mode 310s update-alternatives: using /usr/bin/klist.mit to provide /usr/bin/klist (klist) in auto mode 310s update-alternatives: using /usr/bin/kswitch.mit to provide /usr/bin/kswitch (kswitch) in auto mode 310s update-alternatives: using /usr/bin/ksu.mit to provide /usr/bin/ksu (ksu) in auto mode 310s update-alternatives: using /usr/bin/kpasswd.mit to provide /usr/bin/kpasswd (kpasswd) in auto mode 310s update-alternatives: using /usr/bin/kdestroy.mit to provide /usr/bin/kdestroy (kdestroy) in auto mode 310s update-alternatives: using /usr/bin/kadmin.mit to provide /usr/bin/kadmin (kadmin) in auto mode 310s update-alternatives: using /usr/bin/ktutil.mit to provide /usr/bin/ktutil (ktutil) in auto mode 310s Setting up krb5-kdc (1.20.1-5build1) ... 312s Created symlink /etc/systemd/system/multi-user.target.wants/krb5-kdc.service → /usr/lib/systemd/system/krb5-kdc.service. 314s Could not execute systemctl: at /usr/bin/deb-systemd-invoke line 148. 314s Setting up krb5-admin-server (1.20.1-5build1) ... 316s Created symlink /etc/systemd/system/multi-user.target.wants/krb5-admin-server.service → /usr/lib/systemd/system/krb5-admin-server.service. 318s Setting up autopkgtest-satdep (0) ... 318s Processing triggers for man-db (2.12.0-3) ... 319s Processing triggers for libc-bin (2.39-0ubuntu2) ... 337s (Reading database ... 77228 files and directories currently installed.) 337s Removing autopkgtest-satdep (0) ... 338s autopkgtest [04:48:25]: test ldap-user-group-krb5-auth: [----------------------- 339s + . debian/tests/util 339s + . debian/tests/common-tests 339s + mydomain=example.com 339s + myhostname=ldap.example.com 339s + mysuffix=dc=example,dc=com 339s + myrealm=EXAMPLE.COM 339s + admin_dn=cn=admin,dc=example,dc=com 339s + admin_pw=secret 339s + ldap_user=testuser1 339s + ldap_user_pw=testuser1secret 339s + kerberos_principal_pw=testuser1kerberos 339s + ldap_group=ldapusers 339s + adjust_hostname ldap.example.com 339s + local myhostname=ldap.example.com 339s + echo ldap.example.com 339s + hostname ldap.example.com 339s + grep -qE ldap.example.com /etc/hosts 339s + reconfigure_slapd 339s + debconf-set-selections 339s + rm -rf /var/backups/slapd-2.6.7+dfsg-1~exp1ubuntu1 /var/backups/unknown-2.6.7+dfsg-1~exp1ubuntu1-20240320-044738.ldapdb 339s + dpkg-reconfigure -fnoninteractive -pcritical slapd 340s Backing up /etc/ldap/slapd.d in /var/backups/slapd-2.6.7+dfsg-1~exp1ubuntu1... done. 340s Moving old database directory to /var/backups: 340s - directory unknown... done. 341s Creating initial configuration... done. 341s Creating LDAP directory... done. 343s + generate_certs ldap.example.com 343s + local cn=ldap.example.com 343s + local cert=/etc/ldap/server.pem 343s + local key=/etc/ldap/server.key 343s + local cnf=/etc/ldap/openssl.cnf 343s + cat 343s + openssl req -new -x509 -nodes -out /etc/ldap/server.pem -keyout /etc/ldap/server.key -config /etc/ldap/openssl.cnf 343s ...................++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 343s ..+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++modifying entry "cn=config" 343s 343s + 343s ----- 343s + chmod 0640 /etc/ldap/server.key 343s + chgrp openldap /etc/ldap/server.key 343s + [ ! -f /etc/ldap/server.pem ] 343s + [ ! -f /etc/ldap/server.key ] 343s + enable_ldap_ssl 343s + cat 343s + cat 343s + ldapmodify -H ldapi:/// -Y EXTERNAL -Q 343s + populate_ldap_rfc2307 343s + + cat 343s ldapadd -x -D cn=admin,dc=example,dc=com -w secret 343s adding new entry "ou=People,dc=example,dc=com" 343s 343s adding new entry "ou=Group,dc=example,dc=com" 343s 343s adding new entry "uid=testuser1,ou=People,dc=example,dc=com" 343s 343s adding new entry "cn=testuser1,ou=Group,dc=example,dc=com" 343s 343s adding new entry "cn=ldapusers,ou=Group,dc=example,dc=com" 343s 343s + create_realm EXAMPLE.COM ldap.example.com 343s + local realm_name=EXAMPLE.COM 343s + local kerberos_server=ldap.example.com 343s + rm -rf /var/lib/krb5kdc/* 343s + rm -rf /etc/krb5kdc/kdc.conf 343s + rm -f /etc/krb5.keytab 343s + cat 343s + cat 343s + echo # */admin * 343s + kdb5_util create -s -P secretpassword 343s Initializing database '/var/lib/krb5kdc/principal' for realm 'EXAMPLE.COM', 343s master key name 'K/M@EXAMPLE.COM' 343s + systemctl restart krb5-kdc.service krb5-admin-server.service 344s + create_krb_principal testuser1 testuser1kerberos 344s + local principal=testuser1 344s + local password=testuser1kerberos 344s + kadmin.local -q addprinc -pw testuser1kerberos testuser1 344s No policy specified for testuser1@EXAMPLE.COM; defaulting to no policy 344s Authenticating as principal root/admin@EXAMPLE.COM with password. 344s Principal "testuser1@EXAMPLE.COM" created. 344s + configure_sssd_ldap_rfc2307_krb5_auth 344s + cat 344s + chmod 0600 /etc/sssd/sssd.conf 344s + systemctl restart sssd 344s + enable_pam_mkhomedir 344s + grep -qE ^session.*pam_mkhomedir\.so /etc/pam.d/common-session 344s Assert local user databases do not have our LDAP test data 344s + run_common_tests 344s + echo Assert local user databases do not have our LDAP test data 344s + check_local_user testuser1 344s + local local_user=testuser1 344s + grep -q ^testuser1 /etc/passwd 344s + check_local_group testuser1 344s + local local_group=testuser1 344s + grep -q ^testuser1 /etc/group 344s + check_local_group ldapusers 344s + local local_group=ldapusers 344s + grep -q ^ldapusers /etc/group 344s + echo The LDAP user is known to the system via getent 344s The LDAP user is known to the system via getent 344s + check_getent_user testuser1 344s + local getent_user=testuser1 344s + local output 344s + getent passwd testuser1 344s + output=testuser1:*:10001:10001:testuser1:/home/testuser1:/bin/bash 344s + [ -z testuser1:*:10001:10001:testuser1:/home/testuser1:/bin/bash ] 344s + echo The LDAP user's private group is known to the system via getent 344s + check_getent_group testuser1 344s + local getent_group=testuser1 344s + local output 344s The LDAP user's private group is known to the system via getent 344s + getent group testuser1 344s The LDAP group ldapusers is known to the system via getent 344s + output=testuser1:*:10001:testuser1 344s + [ -z testuser1:*:10001:testuser1 ] 344s + echo The LDAP group ldapusers is known to the system via getent 344s + check_getent_group ldapusers 344s + local getent_group=ldapusers 344s + local output 344s + getent group ldapusers 344s + output=ldapusers:*:10100:testuser1 344s + [The id(1) command can resolve the group membership of the LDAP user 344s -z ldapusers:*:10100:testuser1 ] 344s + echo The id(1) command can resolve the group membership of the LDAP user 344s + id -Gn testuser1 345s + output=testuser1 ldapusersThe Kerberos principal can login on a terminal 345s 345s + [ testuser1 ldapusers != testuser1 ldapusers ] 345s + echo The Kerberos principal can login on a terminal 345s + kdestroy 345s + /usr/bin/expect -f debian/tests/login.exp testuser1 testuser1kerberos testuser1@EXAMPLE.COM 345s spawn login 345s ldap.example.com login: testuser1 345s Password: 346s Welcome to Ubuntu Noble Numbat (development branch) (GNU/Linux 6.8.0-11-generic aarch64) 346s 346s * Documentation: https://help.ubuntu.com 346s * Management: https://landscape.canonical.com 346s * Support: https://ubuntu.com/pro 346s 346s * Strictly confined Kubernetes makes edge and IoT secure. Learn how MicroK8s 346s just raised the bar for easy, resilient and secure K8s cluster deployment. 346s 346s https://ubuntu.com/engage/secure-kubernetes-at-the-edge 346s 346s The programs included with the Ubuntu system are free software; 346s the exact distribution terms for each program are described in the 346s individual files in /usr/share/doc/*/copyright. 346s 346s Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by 346s applicable law. 346s 346s Last login: Wed Mar 20 04:47:42 UTC 2024 on pts/0 346s [?2004htestuser1@ldap:~$ id -un 346s [?2004l testuser1 346s [?2004htestuser1@ldap:~$ klist 346s [?2004l Ticket cache: FILE:/tmp/krb5cc_10001_K2CcaR 346s Default principal: testuser1@EXAMPLE.COM 346s 346s Valid starting Expires Service principal 347s 03/20/24 04:48:32 03/20/24 14:48:32 krbtgt/EXAMPLE.COM@EXAMPLE.COMautopkgtest [04:48:34]: test ldap-user-group-krb5-auth: -----------------------] 347s autopkgtest [04:48:34]: test ldap-user-group-krb5-auth: - - - - - - - - - - results - - - - - - - - - - 347s ldap-user-group-krb5-auth PASS 348s autopkgtest [04:48:35]: test sssd-softhism2-certificates-tests.sh: preparing testbed 521s autopkgtest [04:51:28]: testbed dpkg architecture: arm64 521s autopkgtest [04:51:28]: testbed apt version: 2.7.12 521s autopkgtest [04:51:28]: @@@@@@@@@@@@@@@@@@@@ test bed setup 522s Get:1 http://ftpmaster.internal/ubuntu noble-proposed InRelease [117 kB] 523s Get:2 http://ftpmaster.internal/ubuntu noble-proposed/restricted Sources [6540 B] 523s Get:3 http://ftpmaster.internal/ubuntu noble-proposed/multiverse Sources [52.7 kB] 523s Get:4 http://ftpmaster.internal/ubuntu noble-proposed/main Sources [497 kB] 524s Get:5 http://ftpmaster.internal/ubuntu noble-proposed/universe Sources [3808 kB] 524s Get:6 http://ftpmaster.internal/ubuntu noble-proposed/main arm64 Packages [671 kB] 524s Get:7 http://ftpmaster.internal/ubuntu noble-proposed/main arm64 c-n-f Metadata [3144 B] 524s Get:8 http://ftpmaster.internal/ubuntu noble-proposed/restricted arm64 Packages [41.7 kB] 524s Get:9 http://ftpmaster.internal/ubuntu noble-proposed/restricted arm64 c-n-f Metadata [116 B] 524s Get:10 http://ftpmaster.internal/ubuntu noble-proposed/universe arm64 Packages [4217 kB] 525s Get:11 http://ftpmaster.internal/ubuntu noble-proposed/universe arm64 c-n-f Metadata [8528 B] 525s Get:12 http://ftpmaster.internal/ubuntu noble-proposed/multiverse arm64 Packages [56.7 kB] 525s Get:13 http://ftpmaster.internal/ubuntu noble-proposed/multiverse arm64 c-n-f Metadata [116 B] 536s Fetched 9478 kB in 6s (1648 kB/s) 536s Reading package lists... 543s Reading package lists... 543s Building dependency tree... 543s Reading state information... 545s Calculating upgrade... 546s The following packages will be upgraded: 546s libselinux1 546s 1 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 546s Need to get 79.8 kB of archives. 546s After this operation, 0 B of additional disk space will be used. 546s Get:1 http://ftpmaster.internal/ubuntu noble-proposed/main arm64 libselinux1 arm64 3.5-2ubuntu1 [79.8 kB] 547s Fetched 79.8 kB in 0s (267 kB/s) 548s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 75850 files and directories currently installed.) 548s Preparing to unpack .../libselinux1_3.5-2ubuntu1_arm64.deb ... 548s Unpacking libselinux1:arm64 (3.5-2ubuntu1) over (3.5-2build1) ... 548s Setting up libselinux1:arm64 (3.5-2ubuntu1) ... 548s Processing triggers for libc-bin (2.39-0ubuntu2) ... 549s Reading package lists... 550s Building dependency tree... 550s Reading state information... 552s 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 552s Hit:1 http://ftpmaster.internal/ubuntu noble-proposed InRelease 552s Hit:2 http://ftpmaster.internal/ubuntu noble InRelease 552s Hit:3 http://ftpmaster.internal/ubuntu noble-updates InRelease 552s Hit:4 http://ftpmaster.internal/ubuntu noble-security InRelease 559s Reading package lists... 559s Reading package lists... 560s Building dependency tree... 560s Reading state information... 561s Calculating upgrade... 562s 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 562s Reading package lists... 563s Building dependency tree... 563s Reading state information... 565s 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 573s Reading package lists... 573s Building dependency tree... 573s Reading state information... 574s Starting pkgProblemResolver with broken count: 0 575s Starting 2 pkgProblemResolver with broken count: 0 575s Done 577s The following additional packages will be installed: 577s gnutls-bin libavahi-client3 libavahi-common-data libavahi-common3 577s libbasicobjects0 libc-ares2 libcollection4 libcrack2 libdhash1 577s libevent-2.1-7 libgnutls-dane0 libini-config5 libipa-hbac0 libldb2 577s libnfsidmap1 libnss-sss libpam-pwquality libpam-sss libpath-utils1 577s libpwquality-common libpwquality1 libref-array1 libsmbclient libsofthsm2 577s libsss-certmap0 libsss-idmap0 libsss-nss-idmap0 libtalloc2 libtdb1 577s libtevent0 libunbound8 libwbclient0 python3-sss samba-libs softhsm2 577s softhsm2-common sssd sssd-ad sssd-ad-common sssd-common sssd-ipa sssd-krb5 577s sssd-krb5-common sssd-ldap sssd-proxy 577s Suggested packages: 577s dns-root-data adcli libsss-sudo sssd-tools libsasl2-modules-ldap 577s Recommended packages: 577s cracklib-runtime libsasl2-modules-gssapi-mit 577s | libsasl2-modules-gssapi-heimdal ldap-utils 577s The following NEW packages will be installed: 577s autopkgtest-satdep gnutls-bin libavahi-client3 libavahi-common-data 577s libavahi-common3 libbasicobjects0 libc-ares2 libcollection4 libcrack2 577s libdhash1 libevent-2.1-7 libgnutls-dane0 libini-config5 libipa-hbac0 libldb2 577s libnfsidmap1 libnss-sss libpam-pwquality libpam-sss libpath-utils1 577s libpwquality-common libpwquality1 libref-array1 libsmbclient libsofthsm2 577s libsss-certmap0 libsss-idmap0 libsss-nss-idmap0 libtalloc2 libtdb1 577s libtevent0 libunbound8 libwbclient0 python3-sss samba-libs softhsm2 577s softhsm2-common sssd sssd-ad sssd-ad-common sssd-common sssd-ipa sssd-krb5 577s sssd-krb5-common sssd-ldap sssd-proxy 577s 0 upgraded, 46 newly installed, 0 to remove and 0 not upgraded. 577s Need to get 10.1 MB/10.1 MB of archives. 577s After this operation, 48.6 MB of additional disk space will be used. 577s Get:1 /tmp/autopkgtest.imJSzo/3-autopkgtest-satdep.deb autopkgtest-satdep arm64 0 [748 B] 577s Get:2 http://ftpmaster.internal/ubuntu noble/main arm64 libevent-2.1-7 arm64 2.1.12-stable-9 [138 kB] 577s Get:3 http://ftpmaster.internal/ubuntu noble/main arm64 libunbound8 arm64 1.19.1-1ubuntu1 [423 kB] 578s Get:4 http://ftpmaster.internal/ubuntu noble/main arm64 libgnutls-dane0 arm64 3.8.3-1ubuntu1 [23.3 kB] 578s Get:5 http://ftpmaster.internal/ubuntu noble/universe arm64 gnutls-bin arm64 3.8.3-1ubuntu1 [267 kB] 578s Get:6 http://ftpmaster.internal/ubuntu noble/main arm64 libavahi-common-data arm64 0.8-13ubuntu2 [29.5 kB] 578s Get:7 http://ftpmaster.internal/ubuntu noble/main arm64 libavahi-common3 arm64 0.8-13ubuntu2 [23.2 kB] 578s Get:8 http://ftpmaster.internal/ubuntu noble/main arm64 libavahi-client3 arm64 0.8-13ubuntu2 [27.3 kB] 578s Get:9 http://ftpmaster.internal/ubuntu noble/main arm64 libcrack2 arm64 2.9.6-5.1 [28.7 kB] 578s Get:10 http://ftpmaster.internal/ubuntu noble/main arm64 libtalloc2 arm64 2.4.2-1 [26.6 kB] 578s Get:11 http://ftpmaster.internal/ubuntu noble/main arm64 libtdb1 arm64 1.4.10-1 [48.4 kB] 578s Get:12 http://ftpmaster.internal/ubuntu noble/main arm64 libtevent0 arm64 0.16.1-1 [41.8 kB] 578s Get:13 http://ftpmaster.internal/ubuntu noble/main arm64 libldb2 arm64 2:2.8.0+samba4.19.5+dfsg-1ubuntu1 [187 kB] 578s Get:14 http://ftpmaster.internal/ubuntu noble/main arm64 libnfsidmap1 arm64 1:2.6.3-3ubuntu1 [47.1 kB] 578s Get:15 http://ftpmaster.internal/ubuntu noble/main arm64 libpwquality-common all 1.4.5-3 [7658 B] 578s Get:16 http://ftpmaster.internal/ubuntu noble/main arm64 libpwquality1 arm64 1.4.5-3 [13.2 kB] 578s Get:17 http://ftpmaster.internal/ubuntu noble/main arm64 libpam-pwquality arm64 1.4.5-3 [11.6 kB] 578s Get:18 http://ftpmaster.internal/ubuntu noble/main arm64 libwbclient0 arm64 2:4.19.5+dfsg-1ubuntu1 [70.6 kB] 578s Get:19 http://ftpmaster.internal/ubuntu noble/main arm64 samba-libs arm64 2:4.19.5+dfsg-1ubuntu1 [6061 kB] 579s Get:20 http://ftpmaster.internal/ubuntu noble/universe arm64 softhsm2-common arm64 2.6.1-2.2 [5806 B] 579s Get:21 http://ftpmaster.internal/ubuntu noble/universe arm64 libsofthsm2 arm64 2.6.1-2.2 [246 kB] 579s Get:22 http://ftpmaster.internal/ubuntu noble/universe arm64 softhsm2 arm64 2.6.1-2.2 [167 kB] 579s Get:23 http://ftpmaster.internal/ubuntu noble/main arm64 python3-sss arm64 2.9.4-1ubuntu1 [46.5 kB] 580s Get:24 http://ftpmaster.internal/ubuntu noble/main arm64 libsss-idmap0 arm64 2.9.4-1ubuntu1 [21.8 kB] 580s Get:25 http://ftpmaster.internal/ubuntu noble/main arm64 libnss-sss arm64 2.9.4-1ubuntu1 [31.7 kB] 580s Get:26 http://ftpmaster.internal/ubuntu noble/main arm64 libpam-sss arm64 2.9.4-1ubuntu1 [48.8 kB] 580s Get:27 http://ftpmaster.internal/ubuntu noble/main arm64 libc-ares2 arm64 1.27.0-1 [74.1 kB] 580s Get:28 http://ftpmaster.internal/ubuntu noble/main arm64 libdhash1 arm64 0.6.2-2 [8540 B] 580s Get:29 http://ftpmaster.internal/ubuntu noble/main arm64 libbasicobjects0 arm64 0.6.2-2 [5586 B] 580s Get:30 http://ftpmaster.internal/ubuntu noble/main arm64 libcollection4 arm64 0.6.2-2 [23.0 kB] 580s Get:31 http://ftpmaster.internal/ubuntu noble/main arm64 libpath-utils1 arm64 0.6.2-2 [8722 B] 580s Get:32 http://ftpmaster.internal/ubuntu noble/main arm64 libref-array1 arm64 0.6.2-2 [7042 B] 580s Get:33 http://ftpmaster.internal/ubuntu noble/main arm64 libini-config5 arm64 0.6.2-2 [43.7 kB] 580s Get:34 http://ftpmaster.internal/ubuntu noble/main arm64 libsss-certmap0 arm64 2.9.4-1ubuntu1 [45.8 kB] 580s Get:35 http://ftpmaster.internal/ubuntu noble/main arm64 libsss-nss-idmap0 arm64 2.9.4-1ubuntu1 [30.3 kB] 580s Get:36 http://ftpmaster.internal/ubuntu noble/main arm64 sssd-common arm64 2.9.4-1ubuntu1 [1147 kB] 580s Get:37 http://ftpmaster.internal/ubuntu noble/main arm64 sssd-ad-common arm64 2.9.4-1ubuntu1 [75.4 kB] 580s Get:38 http://ftpmaster.internal/ubuntu noble/main arm64 sssd-krb5-common arm64 2.9.4-1ubuntu1 [87.9 kB] 580s Get:39 http://ftpmaster.internal/ubuntu noble/main arm64 libsmbclient arm64 2:4.19.5+dfsg-1ubuntu1 [62.2 kB] 580s Get:40 http://ftpmaster.internal/ubuntu noble/main arm64 sssd-ad arm64 2.9.4-1ubuntu1 [134 kB] 580s Get:41 http://ftpmaster.internal/ubuntu noble/main arm64 libipa-hbac0 arm64 2.9.4-1ubuntu1 [16.7 kB] 580s Get:42 http://ftpmaster.internal/ubuntu noble/main arm64 sssd-ipa arm64 2.9.4-1ubuntu1 [220 kB] 580s Get:43 http://ftpmaster.internal/ubuntu noble/main arm64 sssd-krb5 arm64 2.9.4-1ubuntu1 [14.3 kB] 580s Get:44 http://ftpmaster.internal/ubuntu noble/main arm64 sssd-ldap arm64 2.9.4-1ubuntu1 [31.3 kB] 580s Get:45 http://ftpmaster.internal/ubuntu noble/main arm64 sssd-proxy arm64 2.9.4-1ubuntu1 [44.6 kB] 580s Get:46 http://ftpmaster.internal/ubuntu noble/main arm64 sssd arm64 2.9.4-1ubuntu1 [4120 B] 581s Fetched 10.1 MB in 3s (3447 kB/s) 581s Selecting previously unselected package libevent-2.1-7:arm64. 581s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 75850 files and directories currently installed.) 581s Preparing to unpack .../00-libevent-2.1-7_2.1.12-stable-9_arm64.deb ... 581s Unpacking libevent-2.1-7:arm64 (2.1.12-stable-9) ... 581s Selecting previously unselected package libunbound8:arm64. 582s Preparing to unpack .../01-libunbound8_1.19.1-1ubuntu1_arm64.deb ... 582s Unpacking libunbound8:arm64 (1.19.1-1ubuntu1) ... 582s Selecting previously unselected package libgnutls-dane0:arm64. 582s Preparing to unpack .../02-libgnutls-dane0_3.8.3-1ubuntu1_arm64.deb ... 582s Unpacking libgnutls-dane0:arm64 (3.8.3-1ubuntu1) ... 582s Selecting previously unselected package gnutls-bin. 582s Preparing to unpack .../03-gnutls-bin_3.8.3-1ubuntu1_arm64.deb ... 582s Unpacking gnutls-bin (3.8.3-1ubuntu1) ... 582s Selecting previously unselected package libavahi-common-data:arm64. 582s Preparing to unpack .../04-libavahi-common-data_0.8-13ubuntu2_arm64.deb ... 582s Unpacking libavahi-common-data:arm64 (0.8-13ubuntu2) ... 582s Selecting previously unselected package libavahi-common3:arm64. 582s Preparing to unpack .../05-libavahi-common3_0.8-13ubuntu2_arm64.deb ... 582s Unpacking libavahi-common3:arm64 (0.8-13ubuntu2) ... 582s Selecting previously unselected package libavahi-client3:arm64. 582s Preparing to unpack .../06-libavahi-client3_0.8-13ubuntu2_arm64.deb ... 582s Unpacking libavahi-client3:arm64 (0.8-13ubuntu2) ... 582s Selecting previously unselected package libcrack2:arm64. 582s Preparing to unpack .../07-libcrack2_2.9.6-5.1_arm64.deb ... 582s Unpacking libcrack2:arm64 (2.9.6-5.1) ... 582s Selecting previously unselected package libtalloc2:arm64. 582s Preparing to unpack .../08-libtalloc2_2.4.2-1_arm64.deb ... 582s Unpacking libtalloc2:arm64 (2.4.2-1) ... 582s Selecting previously unselected package libtdb1:arm64. 582s Preparing to unpack .../09-libtdb1_1.4.10-1_arm64.deb ... 582s Unpacking libtdb1:arm64 (1.4.10-1) ... 582s Selecting previously unselected package libtevent0:arm64. 582s Preparing to unpack .../10-libtevent0_0.16.1-1_arm64.deb ... 582s Unpacking libtevent0:arm64 (0.16.1-1) ... 582s Selecting previously unselected package libldb2:arm64. 583s Preparing to unpack .../11-libldb2_2%3a2.8.0+samba4.19.5+dfsg-1ubuntu1_arm64.deb ... 583s Unpacking libldb2:arm64 (2:2.8.0+samba4.19.5+dfsg-1ubuntu1) ... 583s Selecting previously unselected package libnfsidmap1:arm64. 583s Preparing to unpack .../12-libnfsidmap1_1%3a2.6.3-3ubuntu1_arm64.deb ... 583s Unpacking libnfsidmap1:arm64 (1:2.6.3-3ubuntu1) ... 583s Selecting previously unselected package libpwquality-common. 583s Preparing to unpack .../13-libpwquality-common_1.4.5-3_all.deb ... 583s Unpacking libpwquality-common (1.4.5-3) ... 583s Selecting previously unselected package libpwquality1:arm64. 583s Preparing to unpack .../14-libpwquality1_1.4.5-3_arm64.deb ... 583s Unpacking libpwquality1:arm64 (1.4.5-3) ... 583s Selecting previously unselected package libpam-pwquality:arm64. 583s Preparing to unpack .../15-libpam-pwquality_1.4.5-3_arm64.deb ... 583s Unpacking libpam-pwquality:arm64 (1.4.5-3) ... 583s Selecting previously unselected package libwbclient0:arm64. 583s Preparing to unpack .../16-libwbclient0_2%3a4.19.5+dfsg-1ubuntu1_arm64.deb ... 583s Unpacking libwbclient0:arm64 (2:4.19.5+dfsg-1ubuntu1) ... 583s Selecting previously unselected package samba-libs:arm64. 583s Preparing to unpack .../17-samba-libs_2%3a4.19.5+dfsg-1ubuntu1_arm64.deb ... 583s Unpacking samba-libs:arm64 (2:4.19.5+dfsg-1ubuntu1) ... 584s Selecting previously unselected package softhsm2-common. 584s Preparing to unpack .../18-softhsm2-common_2.6.1-2.2_arm64.deb ... 584s Unpacking softhsm2-common (2.6.1-2.2) ... 584s Selecting previously unselected package libsofthsm2. 584s Preparing to unpack .../19-libsofthsm2_2.6.1-2.2_arm64.deb ... 584s Unpacking libsofthsm2 (2.6.1-2.2) ... 584s Selecting previously unselected package softhsm2. 584s Preparing to unpack .../20-softhsm2_2.6.1-2.2_arm64.deb ... 584s Unpacking softhsm2 (2.6.1-2.2) ... 584s Selecting previously unselected package python3-sss. 584s Preparing to unpack .../21-python3-sss_2.9.4-1ubuntu1_arm64.deb ... 584s Unpacking python3-sss (2.9.4-1ubuntu1) ... 584s Selecting previously unselected package libsss-idmap0. 584s Preparing to unpack .../22-libsss-idmap0_2.9.4-1ubuntu1_arm64.deb ... 584s Unpacking libsss-idmap0 (2.9.4-1ubuntu1) ... 584s Selecting previously unselected package libnss-sss:arm64. 584s Preparing to unpack .../23-libnss-sss_2.9.4-1ubuntu1_arm64.deb ... 584s Unpacking libnss-sss:arm64 (2.9.4-1ubuntu1) ... 584s Selecting previously unselected package libpam-sss:arm64. 584s Preparing to unpack .../24-libpam-sss_2.9.4-1ubuntu1_arm64.deb ... 584s Unpacking libpam-sss:arm64 (2.9.4-1ubuntu1) ... 585s Selecting previously unselected package libc-ares2:arm64. 585s Preparing to unpack .../25-libc-ares2_1.27.0-1_arm64.deb ... 585s Unpacking libc-ares2:arm64 (1.27.0-1) ... 585s Selecting previously unselected package libdhash1:arm64. 585s Preparing to unpack .../26-libdhash1_0.6.2-2_arm64.deb ... 585s Unpacking libdhash1:arm64 (0.6.2-2) ... 585s Selecting previously unselected package libbasicobjects0:arm64. 585s Preparing to unpack .../27-libbasicobjects0_0.6.2-2_arm64.deb ... 585s Unpacking libbasicobjects0:arm64 (0.6.2-2) ... 585s Selecting previously unselected package libcollection4:arm64. 585s Preparing to unpack .../28-libcollection4_0.6.2-2_arm64.deb ... 585s Unpacking libcollection4:arm64 (0.6.2-2) ... 585s Selecting previously unselected package libpath-utils1:arm64. 585s Preparing to unpack .../29-libpath-utils1_0.6.2-2_arm64.deb ... 585s Unpacking libpath-utils1:arm64 (0.6.2-2) ... 585s Selecting previously unselected package libref-array1:arm64. 585s Preparing to unpack .../30-libref-array1_0.6.2-2_arm64.deb ... 585s Unpacking libref-array1:arm64 (0.6.2-2) ... 585s Selecting previously unselected package libini-config5:arm64. 585s Preparing to unpack .../31-libini-config5_0.6.2-2_arm64.deb ... 585s Unpacking libini-config5:arm64 (0.6.2-2) ... 585s Selecting previously unselected package libsss-certmap0. 585s Preparing to unpack .../32-libsss-certmap0_2.9.4-1ubuntu1_arm64.deb ... 585s Unpacking libsss-certmap0 (2.9.4-1ubuntu1) ... 585s Selecting previously unselected package libsss-nss-idmap0. 585s Preparing to unpack .../33-libsss-nss-idmap0_2.9.4-1ubuntu1_arm64.deb ... 585s Unpacking libsss-nss-idmap0 (2.9.4-1ubuntu1) ... 585s Selecting previously unselected package sssd-common. 585s Preparing to unpack .../34-sssd-common_2.9.4-1ubuntu1_arm64.deb ... 585s Unpacking sssd-common (2.9.4-1ubuntu1) ... 586s Selecting previously unselected package sssd-ad-common. 586s Preparing to unpack .../35-sssd-ad-common_2.9.4-1ubuntu1_arm64.deb ... 586s Unpacking sssd-ad-common (2.9.4-1ubuntu1) ... 586s Selecting previously unselected package sssd-krb5-common. 586s Preparing to unpack .../36-sssd-krb5-common_2.9.4-1ubuntu1_arm64.deb ... 586s Unpacking sssd-krb5-common (2.9.4-1ubuntu1) ... 586s Selecting previously unselected package libsmbclient:arm64. 586s Preparing to unpack .../37-libsmbclient_2%3a4.19.5+dfsg-1ubuntu1_arm64.deb ... 586s Unpacking libsmbclient:arm64 (2:4.19.5+dfsg-1ubuntu1) ... 586s Selecting previously unselected package sssd-ad. 586s Preparing to unpack .../38-sssd-ad_2.9.4-1ubuntu1_arm64.deb ... 586s Unpacking sssd-ad (2.9.4-1ubuntu1) ... 586s Selecting previously unselected package libipa-hbac0. 586s Preparing to unpack .../39-libipa-hbac0_2.9.4-1ubuntu1_arm64.deb ... 586s Unpacking libipa-hbac0 (2.9.4-1ubuntu1) ... 586s Selecting previously unselected package sssd-ipa. 586s Preparing to unpack .../40-sssd-ipa_2.9.4-1ubuntu1_arm64.deb ... 586s Unpacking sssd-ipa (2.9.4-1ubuntu1) ... 586s Selecting previously unselected package sssd-krb5. 586s Preparing to unpack .../41-sssd-krb5_2.9.4-1ubuntu1_arm64.deb ... 586s Unpacking sssd-krb5 (2.9.4-1ubuntu1) ... 586s Selecting previously unselected package sssd-ldap. 586s Preparing to unpack .../42-sssd-ldap_2.9.4-1ubuntu1_arm64.deb ... 586s Unpacking sssd-ldap (2.9.4-1ubuntu1) ... 586s Selecting previously unselected package sssd-proxy. 587s Preparing to unpack .../43-sssd-proxy_2.9.4-1ubuntu1_arm64.deb ... 587s Unpacking sssd-proxy (2.9.4-1ubuntu1) ... 587s Selecting previously unselected package sssd. 587s Preparing to unpack .../44-sssd_2.9.4-1ubuntu1_arm64.deb ... 587s Unpacking sssd (2.9.4-1ubuntu1) ... 587s Selecting previously unselected package autopkgtest-satdep. 587s Preparing to unpack .../45-3-autopkgtest-satdep.deb ... 587s Unpacking autopkgtest-satdep (0) ... 587s Setting up libpwquality-common (1.4.5-3) ... 587s Setting up libpath-utils1:arm64 (0.6.2-2) ... 587s Setting up softhsm2-common (2.6.1-2.2) ... 588s 588s Creating config file /etc/softhsm/softhsm2.conf with new version 588s Setting up libnfsidmap1:arm64 (1:2.6.3-3ubuntu1) ... 588s Setting up libsss-idmap0 (2.9.4-1ubuntu1) ... 588s Setting up libbasicobjects0:arm64 (0.6.2-2) ... 588s Setting up libtdb1:arm64 (1.4.10-1) ... 588s Setting up libc-ares2:arm64 (1.27.0-1) ... 588s Setting up libwbclient0:arm64 (2:4.19.5+dfsg-1ubuntu1) ... 588s Setting up libtalloc2:arm64 (2.4.2-1) ... 588s Setting up libdhash1:arm64 (0.6.2-2) ... 588s Setting up libtevent0:arm64 (0.16.1-1) ... 588s Setting up libavahi-common-data:arm64 (0.8-13ubuntu2) ... 588s Setting up libevent-2.1-7:arm64 (2.1.12-stable-9) ... 588s Setting up libcrack2:arm64 (2.9.6-5.1) ... 588s Setting up libcollection4:arm64 (0.6.2-2) ... 588s Setting up libipa-hbac0 (2.9.4-1ubuntu1) ... 588s Setting up libref-array1:arm64 (0.6.2-2) ... 588s Setting up libldb2:arm64 (2:2.8.0+samba4.19.5+dfsg-1ubuntu1) ... 588s Setting up libsss-nss-idmap0 (2.9.4-1ubuntu1) ... 588s Setting up libnss-sss:arm64 (2.9.4-1ubuntu1) ... 588s Setting up libsofthsm2 (2.6.1-2.2) ... 588s Setting up softhsm2 (2.6.1-2.2) ... 588s Setting up libini-config5:arm64 (0.6.2-2) ... 588s Setting up libavahi-common3:arm64 (0.8-13ubuntu2) ... 588s Setting up python3-sss (2.9.4-1ubuntu1) ... 588s Setting up libsss-certmap0 (2.9.4-1ubuntu1) ... 588s Setting up libunbound8:arm64 (1.19.1-1ubuntu1) ... 588s Setting up libpwquality1:arm64 (1.4.5-3) ... 588s Setting up libavahi-client3:arm64 (0.8-13ubuntu2) ... 588s Setting up libgnutls-dane0:arm64 (3.8.3-1ubuntu1) ... 588s Setting up libpam-pwquality:arm64 (1.4.5-3) ... 589s Setting up samba-libs:arm64 (2:4.19.5+dfsg-1ubuntu1) ... 589s Setting up libsmbclient:arm64 (2:4.19.5+dfsg-1ubuntu1) ... 589s Setting up libpam-sss:arm64 (2.9.4-1ubuntu1) ... 590s Setting up gnutls-bin (3.8.3-1ubuntu1) ... 590s Setting up sssd-common (2.9.4-1ubuntu1) ... 590s Creating SSSD system user & group... 590s warn: The home directory `/var/lib/sss' already exists. Not touching this directory. 590s warn: Warning: The home directory `/var/lib/sss' does not belong to the user you are currently creating. 590s Warning: found usr.sbin.sssd in /etc/apparmor.d/force-complain, forcing complain mode 590s Warning from /etc/apparmor.d/usr.sbin.sssd (/etc/apparmor.d/usr.sbin.sssd line 63): Caching disabled for: 'usr.sbin.sssd' due to force complain 592s Created symlink /etc/systemd/system/sssd.service.wants/sssd-autofs.socket → /usr/lib/systemd/system/sssd-autofs.socket. 593s Created symlink /etc/systemd/system/sssd.service.wants/sssd-nss.socket → /usr/lib/systemd/system/sssd-nss.socket. 594s Created symlink /etc/systemd/system/sssd.service.wants/sssd-pam-priv.socket → /usr/lib/systemd/system/sssd-pam-priv.socket. 595s Created symlink /etc/systemd/system/sssd.service.wants/sssd-pam.socket → /usr/lib/systemd/system/sssd-pam.socket. 596s Created symlink /etc/systemd/system/sssd.service.wants/sssd-ssh.socket → /usr/lib/systemd/system/sssd-ssh.socket. 597s Created symlink /etc/systemd/system/sssd.service.wants/sssd-sudo.socket → /usr/lib/systemd/system/sssd-sudo.socket. 598s Created symlink /etc/systemd/system/multi-user.target.wants/sssd.service → /usr/lib/systemd/system/sssd.service. 599s sssd-autofs.service is a disabled or a static unit, not starting it. 599s sssd-nss.service is a disabled or a static unit, not starting it. 600s sssd-pam.service is a disabled or a static unit, not starting it. 600s sssd-ssh.service is a disabled or a static unit, not starting it. 600s sssd-sudo.service is a disabled or a static unit, not starting it. 600s Could not execute systemctl: at /usr/bin/deb-systemd-invoke line 148. 600s Setting up sssd-proxy (2.9.4-1ubuntu1) ... 600s Setting up sssd-ad-common (2.9.4-1ubuntu1) ... 601s Created symlink /etc/systemd/system/sssd.service.wants/sssd-pac.socket → /usr/lib/systemd/system/sssd-pac.socket. 603s sssd-pac.service is a disabled or a static unit, not starting it. 603s Could not execute systemctl: at /usr/bin/deb-systemd-invoke line 148. 603s Setting up sssd-krb5-common (2.9.4-1ubuntu1) ... 603s Setting up sssd-krb5 (2.9.4-1ubuntu1) ... 603s Setting up sssd-ldap (2.9.4-1ubuntu1) ... 603s Setting up sssd-ad (2.9.4-1ubuntu1) ... 603s Setting up sssd-ipa (2.9.4-1ubuntu1) ... 603s Setting up sssd (2.9.4-1ubuntu1) ... 603s Setting up autopkgtest-satdep (0) ... 603s Processing triggers for man-db (2.12.0-3) ... 605s Processing triggers for libc-bin (2.39-0ubuntu2) ... 615s (Reading database ... 76438 files and directories currently installed.) 615s Removing autopkgtest-satdep (0) ... 626s autopkgtest [04:53:13]: test sssd-softhism2-certificates-tests.sh: [----------------------- 626s + '[' -z ubuntu ']' 626s + required_tools=(p11tool openssl softhsm2-util) 626s + for cmd in "${required_tools[@]}" 626s + command -v p11tool 626s + for cmd in "${required_tools[@]}" 626s + command -v openssl 626s + for cmd in "${required_tools[@]}" 626s + command -v softhsm2-util 626s + PIN=053350 626s +++ find /usr/lib/softhsm/libsofthsm2.so 626s +++ head -n 1 626s ++ realpath /usr/lib/softhsm/libsofthsm2.so 626s + SOFTHSM2_MODULE=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so 626s + SSSD_P11_CHILD=/usr/libexec/sssd/p11_child 626s + TOKEN_ID=00112233445566778899FFAABBCCDDEEFF012345 626s + '[' '!' -v NO_SSSD_TESTS ']' 626s + '[' '!' -x /usr/libexec/sssd/p11_child ']' 626s + ca_db_arg=ca_db 626s ++ /usr/libexec/sssd/p11_child --help 626s + p11_child_help='Usage: p11_child [OPTION...] 626s -d, --debug-level=INT Debug level 626s --debug-timestamps=INT Add debug timestamps 626s --debug-microseconds=INT Show timestamps with microseconds 626s --dumpable=INT Allow core dumps 626s --debug-fd=INT An open file descriptor for the debug 626s logs 626s --logger=stderr|files|journald Set logger 626s --auth Run in auth mode 626s --pre Run in pre-auth mode 626s --wait_for_card Wait until card is available 626s --verification Run in verification mode 626s --pin Expect PIN on stdin 626s --keypad Expect PIN on keypad 626s --verify=STRING Tune validation 626s --ca_db=STRING CA DB to use 626s --module_name=STRING Module name for authentication 626s --token_name=STRING Token name for authentication 626s --key_id=STRING Key ID for authentication 626s --label=STRING Label for authentication 626s --certificate=STRING certificate to verify, base64 encoded 626s --uri=STRING PKCS#11 URI to restrict selection 626s --chain-id=LONG Tevent chain ID used for logging 626s purposes 626s 626s Help options: 626s -?, --help Show this help message 626s --usage Display brief usage message' 626s + echo 'Usage: p11_child [OPTION...] 626s -d, --debug-level=INT Debug level 626s + grep nssdb -qs 626s --debug-timestamps=INT Add debug timestamps 626s --debug-microseconds=INT Show timestamps with microseconds 626s --dumpable=INT Allow core dumps 626s --debug-fd=INT An open file descriptor for the debug 626s logs 626s --logger=stderr|files|journald Set logger 626s --auth Run in auth mode 626s --pre Run in pre-auth mode 626s --wait_for_card Wait until card is available 626s --verification Run in verification mode 626s --pin Expect PIN on stdin 626s --keypad Expect PIN on keypad 626s --verify=STRING Tune validation 626s --ca_db=STRING CA DB to use 626s --module_name=STRING Module name for authentication 626s --token_name=STRING Token name for authentication 626s --key_id=STRING Key ID for authentication 626s --label=STRING Label for authentication 626s --certificate=STRING certificate to verify, base64 encoded 626s --uri=STRING PKCS#11 URI to restrict selection 626s --chain-id=LONG Tevent chain ID used for logging 626s purposes 626s 626s Help options: 626s -?, --help Show this help message 626s --usage Display brief usage message' 626s + echo 'Usage: p11_child [OPTION...] 626s -d, --debug-level=INT Debug level 626s + grep -qs -- --ca_db 626s --debug-timestamps=INT Add debug timestamps 626s --debug-microseconds=INT Show timestamps with microseconds 626s --dumpable=INT Allow core dumps 626s --debug-fd=INT An open file descriptor for the debug 626s logs 626s --logger=stderr|files|journald Set logger 626s --auth Run in auth mode 626s --pre Run in pre-auth mode 626s --wait_for_card Wait until card is available 626s --verification Run in verification mode 626s --pin Expect PIN on stdin 626s --keypad Expect PIN on keypad 626s --verify=STRING Tune validation 626s --ca_db=STRING CA DB to use 626s --module_name=STRING Module name for authentication 626s --token_name=STRING Token name for authentication 626s --key_id=STRING Key ID for authentication 626s --label=STRING Label for authentication 626s --certificate=STRING certificate to verify, base64 encoded 626s --uri=STRING PKCS#11 URI to restrict selection 626s --chain-id=LONG Tevent chain ID used for logging 626s purposes 626s 626s Help options: 626s -?, --help Show this help message 626s --usage Display brief usage message' 626s + '[' '!' -e /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so ']' 626s ++ mktemp -d -t sssd-softhsm2-XXXXXX 626s + tmpdir=/tmp/sssd-softhsm2-cIPFgF 626s + keys_size=1024 626s + [[ ! -v KEEP_TEMPORARY_FILES ]] 626s + trap 'rm -rf "$tmpdir"' EXIT 626s + trap 'set +x; echo -e "\nUnexpected failure!!!"' ERR 626s + echo -n 01 626s + touch /tmp/sssd-softhsm2-cIPFgF/index.txt 626s + mkdir -p /tmp/sssd-softhsm2-cIPFgF/new_certs 626s + cat 626s + root_ca_key_pass=pass:random-root-CA-password-2844 626s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-cIPFgF/test-root-CA-key.pem -passout pass:random-root-CA-password-2844 1024 627s + openssl req -passin pass:random-root-CA-password-2844 -batch -config /tmp/sssd-softhsm2-cIPFgF/test-root-CA.config -x509 -new -nodes -key /tmp/sssd-softhsm2-cIPFgF/test-root-CA-key.pem -sha256 -days 1024 -set_serial 0 -extensions v3_ca -out /tmp/sssd-softhsm2-cIPFgF/test-root-CA.pem 627s + openssl x509 -noout -in /tmp/sssd-softhsm2-cIPFgF/test-root-CA.pem 627s + cat 627s + intermediate_ca_key_pass=pass:random-intermediate-CA-password-16912 627s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-cIPFgF/test-intermediate-CA-key.pem -passout pass:random-intermediate-CA-password-16912 1024 627s + openssl req -batch -new -nodes -passin pass:random-intermediate-CA-password-16912 -config /tmp/sssd-softhsm2-cIPFgF/test-intermediate-CA.config -key /tmp/sssd-softhsm2-cIPFgF/test-intermediate-CA-key.pem -passout pass:random-root-CA-password-2844 -sha256 -extensions v3_ca -out /tmp/sssd-softhsm2-cIPFgF/test-intermediate-CA-certificate-request.pem 627s + openssl req -text -noout -in /tmp/sssd-softhsm2-cIPFgF/test-intermediate-CA-certificate-request.pem 627s + openssl ca -batch -notext -config /tmp/sssd-softhsm2-cIPFgF/test-root-CA.config -passin pass:random-root-CA-password-2844 -keyfile /tmp/sssd-softhsm2-cIPFgF/test-root-CA-key.pem -in /tmp/sssd-softhsm2-cIPFgF/test-intermediate-CA-certificate-request.pem -days 365 -extensions v3_intermediate_ca -out /tmp/sssd-softhsm2-cIPFgF/test-intermediate-CA.pem 627s Certificate Request: 627s Data: 627s Version: 1 (0x0) 627s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 627s Subject Public Key Info: 627s Public Key Algorithm: rsaEncryption 627s Public-Key: (1024 bit) 627s Modulus: 627s 00:be:71:3d:bc:ca:a1:65:13:69:09:fe:9b:65:db: 627s 94:00:7c:5d:70:48:aa:00:98:df:68:48:77:69:66: 627s 66:5e:fb:b9:be:c7:b7:77:4e:3f:fc:e0:6e:0c:d5: 627s db:6f:cc:3b:c9:8c:52:af:7d:5a:3c:fb:b9:bd:0f: 627s 2e:e6:48:ac:4a:fa:e7:3c:4e:11:3a:a8:9a:0c:87: 627s 4a:ca:06:bb:f4:30:12:8e:01:ef:f3:46:c2:93:3b: 627s 2a:02:86:4f:74:fc:2c:51:f8:83:fd:52:26:66:63: 627s 8f:f2:29:cb:e2:2a:2b:3d:b1:fd:40:6d:80:99:7b: 627s 6b:13:0c:3d:74:44:f5:0c:d7 627s Exponent: 65537 (0x10001) 627s Attributes: 627s (none) 627s Requested Extensions: 627s Signature Algorithm: sha256WithRSAEncryption 627s Signature Value: 627s 96:0a:13:f8:d0:58:b9:9a:67:28:bc:81:ed:d2:24:6d:3e:c2: 627s b1:5f:5f:5b:87:b2:1e:53:48:cc:c3:fd:63:f7:4e:28:2a:5c: 627s 68:d2:55:e5:03:1c:e8:5d:91:d3:dc:ee:8a:46:14:c2:22:6a: 627s 83:a3:33:1d:83:ca:b6:94:2f:78:ef:a0:43:a2:3f:31:eb:f4: 627s dd:32:5f:6c:38:e8:29:4a:a8:16:b3:f9:c9:bc:28:f3:91:09: 627s 26:a4:d7:cd:83:0e:a7:bc:a4:20:0d:bd:8c:7c:e0:a5:8b:df: 627s 06:6f:cc:fb:78:50:7d:79:8c:23:8f:ba:6a:db:ea:e3:e2:c3: 627s 4c:2b 627s Using configuration from /tmp/sssd-softhsm2-cIPFgF/test-root-CA.config 627s Check that the request matches the signature 627s Signature ok 627s Certificate Details: 627s Serial Number: 1 (0x1) 627s Validity 627s Not Before: Mar 20 04:53:14 2024 GMT 627s Not After : Mar 20 04:53:14 2025 GMT 627s Subject: 627s organizationName = Test Organization 627s organizationalUnitName = Test Organization Unit 627s commonName = Test Organization Intermediate CA 627s X509v3 extensions: 627s X509v3 Subject Key Identifier: 627s ED:55:53:47:97:65:60:11:04:4D:6B:C3:68:A4:72:22:0A:9C:BE:C6 627s X509v3 Authority Key Identifier: 627s keyid:5E:A0:08:E3:EC:3B:DD:71:C2:47:D0:3B:FF:D8:5A:91:A1:E6:7D:AD 627s DirName:/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root CA 627s serial:00 627s X509v3 Basic Constraints: 627s CA:TRUE 627s X509v3 Key Usage: critical 627s Digital Signature, Certificate Sign, CRL Sign 627s Certificate is to be certified until Mar 20 04:53:14 2025 GMT (365 days) 627s 627s Write out database with 1 new entries 627s Database updated 627s + openssl x509 -noout -in /tmp/sssd-softhsm2-cIPFgF/test-intermediate-CA.pem 627s + openssl verify -CAfile /tmp/sssd-softhsm2-cIPFgF/test-root-CA.pem /tmp/sssd-softhsm2-cIPFgF/test-intermediate-CA.pem 627s /tmp/sssd-softhsm2-cIPFgF/test-intermediate-CA.pem: OK 627s + cat 627s + sub_intermediate_ca_key_pass=pass:random-sub-intermediate-CA-password-978 627s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-cIPFgF/test-sub-intermediate-CA-key.pem -passout pass:random-sub-intermediate-CA-password-978 1024 627s + openssl req -batch -new -nodes -passin pass:random-sub-intermediate-CA-password-978 -config /tmp/sssd-softhsm2-cIPFgF/test-sub-intermediate-CA.config -key /tmp/sssd-softhsm2-cIPFgF/test-sub-intermediate-CA-key.pem -passout pass:random-intermediate-CA-password-16912 -sha256 -extensions v3_ca -out /tmp/sssd-softhsm2-cIPFgF/test-sub-intermediate-CA-certificate-request.pem 627s + openssl req -text -noout -in /tmp/sssd-softhsm2-cIPFgF/test-sub-intermediate-CA-certificate-request.pem 627s Certificate Request: 627s Data: 627s Version: 1 (0x0) 627s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 627s Subject Public Key Info: 627s Public Key Algorithm: rsaEncryption 627s Public-Key: (1024 bit) 627s Modulus: 627s 00:d2:ba:a1:7d:e1:5d:9b:e7:1c:ba:d1:6f:50:ce: 627s 13:78:c7:0c:2a:de:eb:20:d6:c0:53:b5:8b:ce:68: 627s 1f:0e:24:cd:77:c3:6d:cd:2e:ce:2f:ea:9e:3b:2b: 627s 69:dd:9a:83:66:a1:e1:39:8a:bd:a6:0a:75:db:97: 627s 2d:5f:a8:d2:e2:cd:1b:c1:4d:e7:c3:e4:e2:db:91: 627s 60:14:8c:cf:de:52:58:a3:cc:ab:d6:99:cb:7d:17: 627s df:6e:3c:bc:d9:d4:fd:a3:01:5d:3d:86:c9:13:7d: 627s 24:d8:89:1b:d4:a5:f9:85:5a:9b:c1:cd:a3:21:45: 627s 5c:c1:4f:63:3c:b6:6c:96:47 627s Exponent: 65537 (0x10001) 627s Attributes: 627s (none) 627s Requested Extensions: 627s Signature Algorithm: sha256WithRSAEncryption 627s Signature Value: 627s b2:2b:55:8a:5a:a9:83:99:54:11:db:f2:1b:bc:52:23:09:c4: 627s a9:64:29:0a:62:d5:d6:3c:bf:2e:8b:ba:3f:fe:9c:1d:4f:4b: 627s 4a:60:df:9b:fe:07:de:ff:b4:6b:53:46:70:8e:a5:45:b8:76: 627s fb:49:3c:4a:28:6b:48:b2:da:2e:8a:da:e0:8b:2b:ad:dc:60: 627s 95:19:96:eb:d7:96:18:51:f6:dd:e8:ee:4a:62:1d:c6:bd:42: 627s 63:58:55:29:50:a9:e3:c6:2b:81:fd:07:c2:0f:31:c3:34:92: 627s e5:0a:e0:55:ef:74:7a:b5:ab:08:a3:dd:58:c2:b2:9c:0e:60: 627s 26:11 627s + openssl ca -batch -notext -config /tmp/sssd-softhsm2-cIPFgF/test-intermediate-CA.config -passin pass:random-intermediate-CA-password-16912 -keyfile /tmp/sssd-softhsm2-cIPFgF/test-intermediate-CA-key.pem -in /tmp/sssd-softhsm2-cIPFgF/test-sub-intermediate-CA-certificate-request.pem -days 365 -extensions v3_intermediate_ca -out /tmp/sssd-softhsm2-cIPFgF/test-sub-intermediate-CA.pem 627s Using configuration from /tmp/sssd-softhsm2-cIPFgF/test-intermediate-CA.config 627s Check that the request matches the signature 627s Signature ok 627s Certificate Details: 627s Serial Number: 2 (0x2) 627s Validity 627s Not Before: Mar 20 04:53:14 2024 GMT 627s Not After : Mar 20 04:53:14 2025 GMT 627s Subject: 627s organizationName = Test Organization 627s organizationalUnitName = Test Organization Unit 627s commonName = Test Organization Sub Intermediate CA 627s X509v3 extensions: 627s X509v3 Subject Key Identifier: 627s 21:85:DE:D1:F9:B1:57:62:BC:5E:71:3D:B3:83:E3:39:62:A5:72:5C 627s X509v3 Authority Key Identifier: 627s keyid:ED:55:53:47:97:65:60:11:04:4D:6B:C3:68:A4:72:22:0A:9C:BE:C6 627s DirName:/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root CA 627s serial:01 627s X509v3 Basic Constraints: 627s CA:TRUE 627s X509v3 Key Usage: critical 627s Digital Signature, Certificate Sign, CRL Sign 627s Certificate is to be certified until Mar 20 04:53:14 2025 GMT (365 days) 627s 627s Write out database with 1 new entries 627s Database updated 627s + openssl x509 -noout -in /tmp/sssd-softhsm2-cIPFgF/test-sub-intermediate-CA.pem 627s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-cIPFgF/test-intermediate-CA.pem /tmp/sssd-softhsm2-cIPFgF/test-sub-intermediate-CA.pem 627s /tmp/sssd-softhsm2-cIPFgF/test-sub-intermediate-CA.pem: OK 627s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-cIPFgF/test-root-CA.pem /tmp/sssd-softhsm2-cIPFgF/test-sub-intermediate-CA.pem 627s + local cmd=openssl 627s + shift 627s + openssl verify -CAfile /tmp/sssd-softhsm2-cIPFgF/test-root-CA.pem /tmp/sssd-softhsm2-cIPFgF/test-sub-intermediate-CA.pem 627s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 627s error 20 at 0 depth lookup: unable to get local issuer certificate 627s error /tmp/sssd-softhsm2-cIPFgF/test-sub-intermediate-CA.pem: verification failed 627s + cat 627s + root_ca_trusted_cert_0001_key_pass=pass:random-root-ca-trusted-cert-0001-16430 627s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-cIPFgF/test-root-CA-trusted-certificate-0001-key.pem -passout pass:random-root-ca-trusted-cert-0001-16430 1024 627s + openssl req -new -nodes -reqexts req_exts -passin pass:random-root-ca-trusted-cert-0001-16430 -key /tmp/sssd-softhsm2-cIPFgF/test-root-CA-trusted-certificate-0001-key.pem -config /tmp/sssd-softhsm2-cIPFgF/test-root-CA-trusted-certificate-0001.config -out /tmp/sssd-softhsm2-cIPFgF/test-root-CA-trusted-certificate-0001-request.pem 627s + openssl req -text -noout -in /tmp/sssd-softhsm2-cIPFgF/test-root-CA-trusted-certificate-0001-request.pem 627s Certificate Request: 627s Data: 627s Version: 1 (0x0) 627s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 627s Subject Public Key Info: 627s Public Key Algorithm: rsaEncryption 627s Public-Key: (1024 bit) 627s Modulus: 627s 00:ce:43:fd:ee:07:59:56:7f:db:bd:eb:42:6c:d7: 627s 79:d9:66:54:8a:df:c1:58:42:2b:33:b7:a1:0a:f2: 627s 14:6b:97:eb:b9:a6:4a:ae:96:9e:d6:92:fb:de:e8: 627s 83:8d:72:6f:44:16:f5:c7:7c:36:02:87:d3:8c:fd: 627s 48:de:ad:29:75:6e:29:99:c2:3f:53:3c:87:80:06: 627s 70:98:ca:d2:4f:fa:61:1d:68:75:7e:0e:a8:a7:be: 627s cc:59:35:62:a0:88:42:30:05:8a:5b:a5:57:ab:27: 627s fe:59:25:ca:45:58:bd:ca:7d:39:b7:07:66:87:62: 627s 00:33:06:9b:a8:ab:68:75:c5 627s Exponent: 65537 (0x10001) 627s Attributes: 627s Requested Extensions: 627s X509v3 Basic Constraints: 627s CA:FALSE 627s Netscape Cert Type: 627s SSL Client, S/MIME 627s Netscape Comment: 627s Test Organization Root CA trusted Certificate 627s X509v3 Subject Key Identifier: 627s 4B:AB:3E:68:B4:AB:F1:8A:FF:B8:C4:D5:50:38:68:28:D5:14:CF:25 627s X509v3 Key Usage: critical 627s Digital Signature, Non Repudiation, Key Encipherment 627s X509v3 Extended Key Usage: 627s TLS Web Client Authentication, E-mail Protection 627s X509v3 Subject Alternative Name: 627s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 627s Signature Algorithm: sha256WithRSAEncryption 627s Signature Value: 627s 16:38:2e:c9:6f:95:4e:5a:81:b8:e8:63:1c:63:91:e1:4e:e4: 627s b5:58:18:13:96:f5:dd:86:12:c4:92:30:e2:a9:42:68:88:57: 627s e7:56:a7:24:96:6c:a3:77:a7:5b:ed:5a:96:14:f7:e8:1b:48: 627s d4:30:e5:6e:83:9f:8f:f7:5c:f9:77:54:cd:98:76:d0:a0:11: 627s 97:fc:5a:b9:16:b8:cc:23:6a:b5:a6:32:7e:69:af:23:82:4c: 627s 23:7a:8a:30:71:f9:70:9a:2a:6c:94:0d:87:cb:cf:2d:3b:d3: 627s 02:02:a7:15:95:fd:2d:65:23:88:66:73:e1:9a:14:6a:d8:8d: 627s fb:22 627s + openssl ca -batch -notext -config /tmp/sssd-softhsm2-cIPFgF/test-root-CA.config -passin pass:random-root-CA-password-2844 -keyfile /tmp/sssd-softhsm2-cIPFgF/test-root-CA-key.pem -in /tmp/sssd-softhsm2-cIPFgF/test-root-CA-trusted-certificate-0001-request.pem -days 365 -extensions usr_cert -out /tmp/sssd-softhsm2-cIPFgF/test-root-CA-trusted-certificate-0001.pem 627s Using configuration from /tmp/sssd-softhsm2-cIPFgF/test-root-CA.config 627s Check that the request matches the signature 627s Signature ok 627s Certificate Details: 627s Serial Number: 3 (0x3) 627s Validity 627s Not Before: Mar 20 04:53:14 2024 GMT 627s Not After : Mar 20 04:53:14 2025 GMT 627s Subject: 627s organizationName = Test Organization 627s organizationalUnitName = Test Organization Unit 627s commonName = Test Organization Root Trusted Certificate 0001 627s X509v3 extensions: 627s X509v3 Authority Key Identifier: 627s 5E:A0:08:E3:EC:3B:DD:71:C2:47:D0:3B:FF:D8:5A:91:A1:E6:7D:AD 627s X509v3 Basic Constraints: 627s CA:FALSE 627s Netscape Cert Type: 627s SSL Client, S/MIME 627s Netscape Comment: 627s Test Organization Root CA trusted Certificate 627s X509v3 Subject Key Identifier: 627s 4B:AB:3E:68:B4:AB:F1:8A:FF:B8:C4:D5:50:38:68:28:D5:14:CF:25 627s X509v3 Key Usage: critical 627s Digital Signature, Non Repudiation, Key Encipherment 627s X509v3 Extended Key Usage: 627s TLS Web Client Authentication, E-mail Protection 627s X509v3 Subject Alternative Name: 627s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 627s Certificate is to be certified until Mar 20 04:53:14 2025 GMT (365 days) 627s 627s Write out database with 1 new entries 627s Database updated 627s + openssl x509 -noout -in /tmp/sssd-softhsm2-cIPFgF/test-root-CA-trusted-certificate-0001.pem 628s + openssl verify -CAfile /tmp/sssd-softhsm2-cIPFgF/test-root-CA.pem /tmp/sssd-softhsm2-cIPFgF/test-root-CA-trusted-certificate-0001.pem 628s /tmp/sssd-softhsm2-cIPFgF/test-root-CA-trusted-certificate-0001.pem: OK 628s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-cIPFgF/test-intermediate-CA.pem /tmp/sssd-softhsm2-cIPFgF/test-root-CA-trusted-certificate-0001.pem 628s + local cmd=openssl 628s + shift 628s + openssl verify -CAfile /tmp/sssd-softhsm2-cIPFgF/test-intermediate-CA.pem /tmp/sssd-softhsm2-cIPFgF/test-root-CA-trusted-certificate-0001.pem 628s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 628s error 20 at 0 depth lookup: unable to get local issuer certificate 628s error /tmp/sssd-softhsm2-cIPFgF/test-root-CA-trusted-certificate-0001.pem: verification failed 628s + cat 628s + intermediate_ca_trusted_cert_0001_key_pass=pass:random-intermediate-ca-trusted-cert-0001-17101 628s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-cIPFgF/test-intermediate-CA-trusted-certificate-0001-key.pem -passout pass:random-intermediate-ca-trusted-cert-0001-17101 1024 628s + openssl req -new -nodes -reqexts req_exts -passin pass:random-intermediate-ca-trusted-cert-0001-17101 -key /tmp/sssd-softhsm2-cIPFgF/test-intermediate-CA-trusted-certificate-0001-key.pem -config /tmp/sssd-softhsm2-cIPFgF/test-intermediate-CA-trusted-certificate-0001.config -out /tmp/sssd-softhsm2-cIPFgF/test-intermediate-CA-trusted-certificate-0001-request.pem 628s + openssl req -text -noout -in /tmp/sssd-softhsm2-cIPFgF/test-intermediate-CA-trusted-certificate-0001-request.pem 628s Certificate Request: 628s Data: 628s Version: 1 (0x0) 628s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 628s Subject Public Key Info: 628s Public Key Algorithm: rsaEncryption 628s Public-Key: (1024 bit) 628s Modulus: 628s 00:c3:6a:ba:7c:81:f6:63:c2:2c:89:e8:6e:03:2e: 628s 4d:6c:3c:62:b8:3c:6a:15:f2:73:0f:23:46:77:c3: 628s 5f:54:51:1a:5c:f8:cb:e9:7d:27:6c:1d:fb:51:0f: 628s d7:72:d9:70:86:0d:20:73:5e:c8:c0:57:a6:d8:e6: 628s fa:e9:21:24:73:e5:da:1a:2f:64:2d:0e:91:b6:ad: 628s 37:04:b2:c6:5e:ee:1f:b9:d1:e5:80:8f:63:b3:2f: 628s 53:5b:ae:e3:1b:33:cf:ab:d4:92:43:17:c1:bf:a2: 628s f6:5c:ad:2c:ff:c6:c6:fa:72:d7:21:c4:bf:80:3b: 628s 12:46:c6:8d:a7:26:c5:7f:87 628s Exponent: 65537 (0x10001) 628s Attributes: 628s Requested Extensions: 628s X509v3 Basic Constraints: 628s CA:FALSE 628s Netscape Cert Type: 628s SSL Client, S/MIME 628s Netscape Comment: 628s Test Organization Intermediate CA trusted Certificate 628s X509v3 Subject Key Identifier: 628s FD:85:BE:34:0D:22:B3:B6:02:06:4C:5A:CB:EF:4C:AC:C1:18:64:15 628s X509v3 Key Usage: critical 628s Digital Signature, Non Repudiation, Key Encipherment 628s X509v3 Extended Key Usage: 628s TLS Web Client Authentication, E-mail Protection 628s X509v3 Subject Alternative Name: 628s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 628s Signature Algorithm: sha256WithRSAEncryption 628s Signature Value: 628s 7f:b7:8d:69:39:9c:8d:a6:69:71:04:25:83:d4:90:c3:13:9a: 628s 25:b2:27:e0:73:c2:5f:f6:93:43:4b:ac:3a:1e:a5:3c:9a:6a: 628s 58:65:d6:ce:05:57:40:5f:de:cb:76:a7:66:10:85:da:14:75: 628s eb:9c:81:07:45:f4:f0:fe:a1:22:14:44:f6:e5:ac:03:2c:dd: 628s f5:33:fb:0c:fc:71:4e:31:8f:75:c5:3b:f9:0b:07:a0:a0:67: 628s bf:e7:57:9a:ca:e4:69:d1:eb:cf:35:ce:11:e2:15:b8:1b:78: 628s 40:f6:62:a0:99:1a:44:e6:54:3a:eb:3f:2e:d1:4d:4c:56:9d: 628s 8e:ce 628s + openssl ca -passin pass:random-intermediate-CA-password-16912 -config /tmp/sssd-softhsm2-cIPFgF/test-intermediate-CA.config -batch -notext -keyfile /tmp/sssd-softhsm2-cIPFgF/test-intermediate-CA-key.pem -in /tmp/sssd-softhsm2-cIPFgF/test-intermediate-CA-trusted-certificate-0001-request.pem -days 365 -extensions usr_cert -out /tmp/sssd-softhsm2-cIPFgF/test-intermediate-CA-trusted-certificate-0001.pem 628s Using configuration from /tmp/sssd-softhsm2-cIPFgF/test-intermediate-CA.config 628s Check that the request matches the signature 628s Signature ok 628s Certificate Details: 628s Serial Number: 4 (0x4) 628s Validity 628s Not Before: Mar 20 04:53:15 2024 GMT 628s Not After : Mar 20 04:53:15 2025 GMT 628s Subject: 628s organizationName = Test Organization 628s organizationalUnitName = Test Organization Unit 628s commonName = Test Organization Intermediate Trusted Certificate 0001 628s X509v3 extensions: 628s X509v3 Authority Key Identifier: 628s ED:55:53:47:97:65:60:11:04:4D:6B:C3:68:A4:72:22:0A:9C:BE:C6 628s X509v3 Basic Constraints: 628s CA:FALSE 628s Netscape Cert Type: 628s SSL Client, S/MIME 628s Netscape Comment: 628s Test Organization Intermediate CA trusted Certificate 628s X509v3 Subject Key Identifier: 628s FD:85:BE:34:0D:22:B3:B6:02:06:4C:5A:CB:EF:4C:AC:C1:18:64:15 628s X509v3 Key Usage: critical 628s Digital Signature, Non Repudiation, Key Encipherment 628s X509v3 Extended Key Usage: 628s TLS Web Client Authentication, E-mail Protection 628s X509v3 Subject Alternative Name: 628s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 628s Certificate is to be certified until Mar 20 04:53:15 2025 GMT (365 days) 628s 628s Write out database with 1 new entries 628s Database updated 628s + openssl x509 -noout -in /tmp/sssd-softhsm2-cIPFgF/test-intermediate-CA-trusted-certificate-0001.pem 628s + echo 'This certificate should not be trusted fully' 628s This certificate should not be trusted fully 628s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-cIPFgF/test-intermediate-CA.pem /tmp/sssd-softhsm2-cIPFgF/test-intermediate-CA-trusted-certificate-0001.pem 628s + local cmd=openssl 628s + shift 628s + openssl verify -CAfile /tmp/sssd-softhsm2-cIPFgF/test-intermediate-CA.pem /tmp/sssd-softhsm2-cIPFgF/test-intermediate-CA-trusted-certificate-0001.pem 628s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 628s error 2 at 1 depth lookup: unable to get issuer certificate 628s error /tmp/sssd-softhsm2-cIPFgF/test-intermediate-CA-trusted-certificate-0001.pem: verification failed 628s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-cIPFgF/test-intermediate-CA.pem /tmp/sssd-softhsm2-cIPFgF/test-intermediate-CA-trusted-certificate-0001.pem 628s /tmp/sssd-softhsm2-cIPFgF/test-intermediate-CA-trusted-certificate-0001.pem: OK 628s + cat 628s + sub_intermediate_ca_trusted_cert_0001_key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-13609 628s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-cIPFgF/test-sub-intermediate-CA-trusted-certificate-0001-key.pem -passout pass:random-sub-intermediate-ca-trusted-cert-0001-13609 1024 628s + openssl req -new -nodes -reqexts req_exts -passin pass:random-sub-intermediate-ca-trusted-cert-0001-13609 -key /tmp/sssd-softhsm2-cIPFgF/test-sub-intermediate-CA-trusted-certificate-0001-key.pem -config /tmp/sssd-softhsm2-cIPFgF/test-sub-intermediate-CA-trusted-certificate-0001.config -out /tmp/sssd-softhsm2-cIPFgF/test-sub-intermediate-CA-trusted-certificate-0001-request.pem 628s + openssl req -text -noout -in /tmp/sssd-softhsm2-cIPFgF/test-sub-intermediate-CA-trusted-certificate-0001-request.pem 628s Certificate Request: 628s Data: 628s Version: 1 (0x0) 628s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 628s Subject Public Key Info: 628s Public Key Algorithm: rsaEncryption 628s Public-Key: (1024 bit) 628s Modulus: 628s 00:e0:07:85:93:dd:40:c2:8f:be:ec:38:59:8a:f8: 628s f3:f0:37:b2:33:45:60:bf:a2:28:7b:63:9e:a8:45: 628s 1e:59:f5:33:b5:e3:64:2a:bb:c0:e6:3c:ce:5a:14: 628s 16:23:43:f2:05:af:d6:a2:e1:9a:b1:09:90:13:f8: 628s bb:1e:30:1a:4d:a4:07:ed:d1:ac:07:49:57:3c:fb: 628s 0d:4a:c7:70:30:2b:7d:63:dd:71:25:4c:77:2c:8e: 628s 39:9a:48:a1:38:33:a1:f6:12:49:9b:03:86:d8:64: 628s 44:ae:3c:db:91:ab:3b:7b:cf:eb:2a:cd:81:64:bc: 628s 5b:57:b7:47:8f:f0:4c:b5:af 628s Exponent: 65537 (0x10001) 628s Attributes: 628s Requested Extensions: 628s X509v3 Basic Constraints: 628s CA:FALSE 628s Netscape Cert Type: 628s SSL Client, S/MIME 628s Netscape Comment: 628s Test Organization Sub Intermediate CA trusted Certificate 628s X509v3 Subject Key Identifier: 628s 73:91:16:18:66:75:29:A1:2E:EF:F8:21:72:9B:AF:E9:E1:61:A7:58 628s X509v3 Key Usage: critical 628s Digital Signature, Non Repudiation, Key Encipherment 628s X509v3 Extended Key Usage: 628s TLS Web Client Authentication, E-mail Protection 628s X509v3 Subject Alternative Name: 628s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 628s Signature Algorithm: sha256WithRSAEncryption 628s Signature Value: 628s 65:f9:b5:55:36:0b:cd:59:16:7d:c4:1d:94:36:ac:3f:61:0a: 628s 8d:5e:e5:2e:5d:a7:d8:61:fd:56:c4:7a:00:35:3a:34:a0:ac: 628s be:8c:09:0d:e7:a6:04:f2:63:74:af:1e:08:60:09:d4:dc:df: 628s e5:7a:62:d8:e0:1a:07:a5:9c:1a:f6:13:ff:ab:7a:b6:f4:4d: 628s a3:04:49:3a:f5:98:c5:40:1d:e5:31:4e:9f:8f:04:e7:88:4d: 628s 8f:e7:96:98:3d:fb:34:70:48:3f:89:2c:db:d7:e2:98:6c:8d: 628s b5:90:08:68:37:50:f7:e8:5e:df:ee:8e:a0:78:10:e9:52:ac: 628s f5:ea 628s + openssl ca -passin pass:random-sub-intermediate-CA-password-978 -config /tmp/sssd-softhsm2-cIPFgF/test-sub-intermediate-CA.config -batch -notext -keyfile /tmp/sssd-softhsm2-cIPFgF/test-sub-intermediate-CA-key.pem -in /tmp/sssd-softhsm2-cIPFgF/test-sub-intermediate-CA-trusted-certificate-0001-request.pem -days 365 -extensions usr_cert -out /tmp/sssd-softhsm2-cIPFgF/test-sub-intermediate-CA-trusted-certificate-0001.pem 628s Using configuration from /tmp/sssd-softhsm2-cIPFgF/test-sub-intermediate-CA.config 628s Check that the request matches the signature 628s Signature ok 628s Certificate Details: 628s Serial Number: 5 (0x5) 628s Validity 628s Not Before: Mar 20 04:53:15 2024 GMT 628s Not After : Mar 20 04:53:15 2025 GMT 628s Subject: 628s organizationName = Test Organization 628s organizationalUnitName = Test Organization Unit 628s commonName = Test Organization Sub Intermediate Trusted Certificate 0001 628s X509v3 extensions: 628s X509v3 Authority Key Identifier: 628s 21:85:DE:D1:F9:B1:57:62:BC:5E:71:3D:B3:83:E3:39:62:A5:72:5C 628s X509v3 Basic Constraints: 628s CA:FALSE 628s Netscape Cert Type: 628s SSL Client, S/MIME 628s Netscape Comment: 628s Test Organization Sub Intermediate CA trusted Certificate 628s X509v3 Subject Key Identifier: 628s 73:91:16:18:66:75:29:A1:2E:EF:F8:21:72:9B:AF:E9:E1:61:A7:58 628s X509v3 Key Usage: critical 628s Digital Signature, Non Repudiation, Key Encipherment 628s X509v3 Extended Key Usage: 628s TLS Web Client Authentication, E-mail Protection 628s X509v3 Subject Alternative Name: 628s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 628s Certificate is to be certified until Mar 20 04:53:15 2025 GMT (365 days) 628s 628s Write out database with 1 new entries 628s Database updated 628s + openssl x509 -noout -in /tmp/sssd-softhsm2-cIPFgF/test-sub-intermediate-CA-trusted-certificate-0001.pem 628s + echo 'This certificate should not be trusted fully' 628s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-cIPFgF/test-sub-intermediate-CA.pem /tmp/sssd-softhsm2-cIPFgF/test-sub-intermediate-CA-trusted-certificate-0001.pem 628s This certificate should not be trusted fully 628s + local cmd=openssl 628s + shift 628s + openssl verify -CAfile /tmp/sssd-softhsm2-cIPFgF/test-sub-intermediate-CA.pem /tmp/sssd-softhsm2-cIPFgF/test-sub-intermediate-CA-trusted-certificate-0001.pem 628s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 628s error 2 at 1 depth lookup: unable to get issuer certificate 628s error /tmp/sssd-softhsm2-cIPFgF/test-sub-intermediate-CA-trusted-certificate-0001.pem: verification failed 628s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-cIPFgF/test-intermediate-CA.pem /tmp/sssd-softhsm2-cIPFgF/test-sub-intermediate-CA-trusted-certificate-0001.pem 628s + local cmd=openssl 628s + shift 628s + openssl verify -CAfile /tmp/sssd-softhsm2-cIPFgF/test-intermediate-CA.pem /tmp/sssd-softhsm2-cIPFgF/test-sub-intermediate-CA-trusted-certificate-0001.pem 628s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 628s error 20 at 0 depth lookup: unable to get local issuer certificate 628s error /tmp/sssd-softhsm2-cIPFgF/test-sub-intermediate-CA-trusted-certificate-0001.pem: verification failed 628s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-cIPFgF/test-sub-intermediate-CA.pem /tmp/sssd-softhsm2-cIPFgF/test-sub-intermediate-CA-trusted-certificate-0001.pem 628s /tmp/sssd-softhsm2-cIPFgF/test-sub-intermediate-CA-trusted-certificate-0001.pem: OK 628s + expect_fail openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-cIPFgF/test-intermediate-CA.pem /tmp/sssd-softhsm2-cIPFgF/test-sub-intermediate-CA-trusted-certificate-0001.pem 628s + local cmd=openssl 628s + shift 628s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-cIPFgF/test-intermediate-CA.pem /tmp/sssd-softhsm2-cIPFgF/test-sub-intermediate-CA-trusted-certificate-0001.pem 628s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 628s error 20 at 0 depth lookup: unable to get local issuer certificate 628s error /tmp/sssd-softhsm2-cIPFgF/test-sub-intermediate-CA-trusted-certificate-0001.pem: verification failed 628s Building a the full-chain CA file... 628s + echo 'Building a the full-chain CA file...' 628s + cat /tmp/sssd-softhsm2-cIPFgF/test-root-CA.pem /tmp/sssd-softhsm2-cIPFgF/test-intermediate-CA.pem /tmp/sssd-softhsm2-cIPFgF/test-sub-intermediate-CA.pem 628s + cat /tmp/sssd-softhsm2-cIPFgF/test-root-CA.pem /tmp/sssd-softhsm2-cIPFgF/test-intermediate-CA.pem 628s + cat /tmp/sssd-softhsm2-cIPFgF/test-intermediate-CA.pem /tmp/sssd-softhsm2-cIPFgF/test-sub-intermediate-CA.pem 628s + openssl crl2pkcs7 -nocrl -certfile /tmp/sssd-softhsm2-cIPFgF/test-full-chain-CA.pem 628s + openssl pkcs7 -print_certs -noout 628s subject=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 628s issuer=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 628s 628s subject=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 628s issuer=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 628s 628s subject=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 628s issuer=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 628s 628s + openssl verify -CAfile /tmp/sssd-softhsm2-cIPFgF/test-full-chain-CA.pem /tmp/sssd-softhsm2-cIPFgF/test-intermediate-CA.pem 628s /tmp/sssd-softhsm2-cIPFgF/test-intermediate-CA.pem: OK 628s + openssl verify -CAfile /tmp/sssd-softhsm2-cIPFgF/test-full-chain-CA.pem /tmp/sssd-softhsm2-cIPFgF/test-root-CA-trusted-certificate-0001.pem 628s /tmp/sssd-softhsm2-cIPFgF/test-root-CA-trusted-certificate-0001.pem: OK 628s + openssl verify -CAfile /tmp/sssd-softhsm2-cIPFgF/test-full-chain-CA.pem /tmp/sssd-softhsm2-cIPFgF/test-intermediate-CA-trusted-certificate-0001.pem 628s /tmp/sssd-softhsm2-cIPFgF/test-intermediate-CA-trusted-certificate-0001.pem: OK 628s + openssl verify -CAfile /tmp/sssd-softhsm2-cIPFgF/test-full-chain-CA.pem /tmp/sssd-softhsm2-cIPFgF/test-root-intermediate-chain-CA.pem 628s /tmp/sssd-softhsm2-cIPFgF/test-root-intermediate-chain-CA.pem: OK 628s + openssl verify -CAfile /tmp/sssd-softhsm2-cIPFgF/test-full-chain-CA.pem /tmp/sssd-softhsm2-cIPFgF/test-sub-intermediate-CA-trusted-certificate-0001.pem 628s /tmp/sssd-softhsm2-cIPFgF/test-sub-intermediate-CA-trusted-certificate-0001.pem: OK 628s + echo 'Certificates generation completed!' 628s + [[ -v NO_SSSD_TESTS ]] 628s Certificates generation completed! 628s + invalid_certificate /tmp/sssd-softhsm2-cIPFgF/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-16430 /dev/null 628s + check_certificate /tmp/sssd-softhsm2-cIPFgF/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-16430 /dev/null 628s + local certificate=/tmp/sssd-softhsm2-cIPFgF/test-root-CA-trusted-certificate-0001.pem 628s + local key_pass=pass:random-root-ca-trusted-cert-0001-16430 628s + local key_ring=/dev/null 628s + local verify_option= 628s + prepare_softhsm2_card /tmp/sssd-softhsm2-cIPFgF/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-16430 628s + local certificate=/tmp/sssd-softhsm2-cIPFgF/test-root-CA-trusted-certificate-0001.pem 628s + local key_pass=pass:random-root-ca-trusted-cert-0001-16430 628s + local key_cn 628s + local key_name 628s + local tokens_dir 628s + local output_cert_file 628s + token_name= 628s ++ basename /tmp/sssd-softhsm2-cIPFgF/test-root-CA-trusted-certificate-0001.pem .pem 628s + key_name=test-root-CA-trusted-certificate-0001 628s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-cIPFgF/test-root-CA-trusted-certificate-0001.pem 628s ++ sed -n 's/ *commonName *= //p' 629s + key_cn='Test Organization Root Trusted Certificate 0001' 629s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 629s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-cIPFgF/softhsm2-test-root-CA-trusted-certificate-0001.conf 629s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-cIPFgF/softhsm2-test-root-CA-trusted-certificate-0001.conf 629s ++ basename /tmp/sssd-softhsm2-cIPFgF/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 629s + tokens_dir=/tmp/sssd-softhsm2-cIPFgF/softhsm2-test-root-CA-trusted-certificate-0001 629s + token_name='Test Organization Root Tr Token' 629s + '[' '!' -e /tmp/sssd-softhsm2-cIPFgF/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 629s + local key_file 629s + local decrypted_key 629s + mkdir -p /tmp/sssd-softhsm2-cIPFgF/softhsm2-test-root-CA-trusted-certificate-0001 629s + key_file=/tmp/sssd-softhsm2-cIPFgF/test-root-CA-trusted-certificate-0001-key.pem 629s + decrypted_key=/tmp/sssd-softhsm2-cIPFgF/test-root-CA-trusted-certificate-0001-key-decrypted.pem 629s + cat 629s + softhsm2-util --init-token --label 'Test Organization Root Tr Token' --pin 053350 --so-pin 053350 --free 629s Slot 0 has a free/uninitialized token. 629s The token has been initialized and is reassigned to slot 905798783 629s + softhsm2-util --show-slots 629s Available slots: 629s Slot 905798783 629s Slot info: 629s Description: SoftHSM slot ID 0x35fd647f 629s Manufacturer ID: SoftHSM project 629s Hardware version: 2.6 629s Firmware version: 2.6 629s Token present: yes 629s Token info: 629s Manufacturer ID: SoftHSM project 629s Model: SoftHSM v2 629s Hardware version: 2.6 629s Firmware version: 2.6 629s Serial number: fb91280435fd647f 629s Initialized: yes 629s User PIN init.: yes 629s Label: Test Organization Root Tr Token 629s Slot 1 629s Slot info: 629s Description: SoftHSM slot ID 0x1 629s Manufacturer ID: SoftHSM project 629s Hardware version: 2.6 629s Firmware version: 2.6 629s Token present: yes 629s Token info: 629s Manufacturer ID: SoftHSM project 629s Model: SoftHSM v2 629s Hardware version: 2.6 629s Firmware version: 2.6 629s Serial number: 629s Initialized: no 629s User PIN init.: no 629s Label: 629s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=/tmp/sssd-softhsm2-cIPFgF/test-root-CA-trusted-certificate-0001.pem --login --set-pin=053350 --label 'Test Organization Root Trusted Certificate 0001' --id 00112233445566778899FFAABBCCDDEEFF012345 629s + openssl rsa -passin pass:random-root-ca-trusted-cert-0001-16430 -in /tmp/sssd-softhsm2-cIPFgF/test-root-CA-trusted-certificate-0001-key.pem -out /tmp/sssd-softhsm2-cIPFgF/test-root-CA-trusted-certificate-0001-key-decrypted.pem 629s writing RSA key 629s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --write --load-privkey=/tmp/sssd-softhsm2-cIPFgF/test-root-CA-trusted-certificate-0001-key-decrypted.pem --login --set-pin=053350 --label 'Test Organization Root Trusted Certificate 0001 Key' --id 00112233445566778899FFAABBCCDDEEFF012345 629s + rm /tmp/sssd-softhsm2-cIPFgF/test-root-CA-trusted-certificate-0001-key-decrypted.pem 629s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --list-all 629s Object 0: 629s URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=fb91280435fd647f;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert 629s Type: X.509 Certificate (RSA-1024) 629s Expires: Thu Mar 20 04:53:14 2025 629s Label: Test Organization Root Trusted Certificate 0001 629s ID: 00:11:22:33:44:55:66:77:88:99:ff:aa:bb:cc:dd:ee:ff:01:23:45 629s 629s + echo 'Test Organization Root Tr Token' 629s Test Organization Root Tr Token 629s + '[' -n '' ']' 629s + local output_base_name=SSSD-child-31445 629s + local output_file=/tmp/sssd-softhsm2-cIPFgF/SSSD-child-31445.output 629s + output_cert_file=/tmp/sssd-softhsm2-cIPFgF/SSSD-child-31445.pem 629s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/dev/null 629s [p11_child[3050]] [main] (0x0400): p11_child started. 629s [p11_child[3050]] [main] (0x2000): Running in [pre-auth] mode. 629s [p11_child[3050]] [main] (0x2000): Running with effective IDs: [0][0]. 629s [p11_child[3050]] [main] (0x2000): Running with real IDs [0][0]. 629s [p11_child[3050]] [init_verification] (0x0040): X509_LOOKUP_load_file [/dev/null] failed [92274824][error:05800088:x509 certificate routines::no certificate or crl found]. 629s [p11_child[3050]] [do_work] (0x0040): init_verification failed. 629s [p11_child[3050]] [main] (0x0020): p11_child failed (5) 629s + return 2 629s + valid_certificate /tmp/sssd-softhsm2-cIPFgF/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-16430 /dev/null no_verification 629s + check_certificate /tmp/sssd-softhsm2-cIPFgF/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-16430 /dev/null no_verification 629s + local certificate=/tmp/sssd-softhsm2-cIPFgF/test-root-CA-trusted-certificate-0001.pem 629s + local key_pass=pass:random-root-ca-trusted-cert-0001-16430 629s + local key_ring=/dev/null 629s + local verify_option=no_verification 629s + prepare_softhsm2_card /tmp/sssd-softhsm2-cIPFgF/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-16430 629s + local certificate=/tmp/sssd-softhsm2-cIPFgF/test-root-CA-trusted-certificate-0001.pem 629s + local key_pass=pass:random-root-ca-trusted-cert-0001-16430 629s + local key_cn 629s + local key_name 629s + local tokens_dir 629s + local output_cert_file 629s + token_name= 629s ++ basename /tmp/sssd-softhsm2-cIPFgF/test-root-CA-trusted-certificate-0001.pem .pem 629s + key_name=test-root-CA-trusted-certificate-0001 629s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-cIPFgF/test-root-CA-trusted-certificate-0001.pem 629s ++ sed -n 's/ *commonName *= //p' 629s + key_cn='Test Organization Root Trusted Certificate 0001' 629s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 629s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-cIPFgF/softhsm2-test-root-CA-trusted-certificate-0001.conf 629s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-cIPFgF/softhsm2-test-root-CA-trusted-certificate-0001.conf 629s ++ basename /tmp/sssd-softhsm2-cIPFgF/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 629s + tokens_dir=/tmp/sssd-softhsm2-cIPFgF/softhsm2-test-root-CA-trusted-certificate-0001 629s + token_name='Test Organization Root Tr Token' 629s + '[' '!' -e /tmp/sssd-softhsm2-cIPFgF/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 629s + '[' '!' -d /tmp/sssd-softhsm2-cIPFgF/softhsm2-test-root-CA-trusted-certificate-0001 ']' 629s + echo 'Test Organization Root Tr Token' 629s Test Organization Root Tr Token 629s + '[' -n no_verification ']' 629s + local verify_arg=--verify=no_verification 629s + local output_base_name=SSSD-child-4203 629s + local output_file=/tmp/sssd-softhsm2-cIPFgF/SSSD-child-4203.output 629s + output_cert_file=/tmp/sssd-softhsm2-cIPFgF/SSSD-child-4203.pem 629s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --verify=no_verification --ca_db=/dev/null 629s [p11_child[3056]] [main] (0x0400): p11_child started. 629s [p11_child[3056]] [main] (0x2000): Running in [pre-auth] mode. 629s [p11_child[3056]] [main] (0x2000): Running with effective IDs: [0][0]. 629s [p11_child[3056]] [main] (0x2000): Running with real IDs [0][0]. 629s [p11_child[3056]] [parse_cert_verify_opts] (0x0020): Found 'no_verification' option, disabling verification completely. This should not be used in production. 629s [p11_child[3056]] [do_card] (0x4000): Module List: 629s [p11_child[3056]] [do_card] (0x4000): common name: [softhsm2]. 629s [p11_child[3056]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 629s [p11_child[3056]] [do_card] (0x4000): Description [SoftHSM slot ID 0x35fd647f] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 629s [p11_child[3056]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 629s [p11_child[3056]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x35fd647f][905798783] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 629s [p11_child[3056]] [do_card] (0x4000): Login NOT required. 629s [p11_child[3056]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 629s [p11_child[3056]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Root Tr Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 629s [p11_child[3056]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x35fd647f;slot-manufacturer=SoftHSM%20project;slot-id=905798783;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=fb91280435fd647f;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 629s [p11_child[3056]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 629s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-cIPFgF/SSSD-child-4203.output 629s + echo '-----BEGIN CERTIFICATE-----' 629s + tail -n1 /tmp/sssd-softhsm2-cIPFgF/SSSD-child-4203.output 629s + echo '-----END CERTIFICATE-----' 629s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-cIPFgF/SSSD-child-4203.pem 629s Certificate: 629s Data: 629s Version: 3 (0x2) 629s Serial Number: 3 (0x3) 629s Signature Algorithm: sha256WithRSAEncryption 629s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 629s Validity 629s Not Before: Mar 20 04:53:14 2024 GMT 629s Not After : Mar 20 04:53:14 2025 GMT 629s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 629s Subject Public Key Info: 629s Public Key Algorithm: rsaEncryption 629s Public-Key: (1024 bit) 629s Modulus: 629s 00:ce:43:fd:ee:07:59:56:7f:db:bd:eb:42:6c:d7: 629s 79:d9:66:54:8a:df:c1:58:42:2b:33:b7:a1:0a:f2: 629s 14:6b:97:eb:b9:a6:4a:ae:96:9e:d6:92:fb:de:e8: 629s 83:8d:72:6f:44:16:f5:c7:7c:36:02:87:d3:8c:fd: 629s 48:de:ad:29:75:6e:29:99:c2:3f:53:3c:87:80:06: 629s 70:98:ca:d2:4f:fa:61:1d:68:75:7e:0e:a8:a7:be: 629s cc:59:35:62:a0:88:42:30:05:8a:5b:a5:57:ab:27: 629s fe:59:25:ca:45:58:bd:ca:7d:39:b7:07:66:87:62: 629s 00:33:06:9b:a8:ab:68:75:c5 629s Exponent: 65537 (0x10001) 629s X509v3 extensions: 629s X509v3 Authority Key Identifier: 629s 5E:A0:08:E3:EC:3B:DD:71:C2:47:D0:3B:FF:D8:5A:91:A1:E6:7D:AD 629s X509v3 Basic Constraints: 629s CA:FALSE 629s Netscape Cert Type: 629s SSL Client, S/MIME 629s Netscape Comment: 629s Test Organization Root CA trusted Certificate 629s X509v3 Subject Key Identifier: 629s 4B:AB:3E:68:B4:AB:F1:8A:FF:B8:C4:D5:50:38:68:28:D5:14:CF:25 629s X509v3 Key Usage: critical 629s Digital Signature, Non Repudiation, Key Encipherment 629s X509v3 Extended Key Usage: 629s TLS Web Client Authentication, E-mail Protection 629s X509v3 Subject Alternative Name: 629s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 629s Signature Algorithm: sha256WithRSAEncryption 629s Signature Value: 629s 25:aa:28:5a:21:ee:40:85:31:d6:52:34:82:4a:bd:5d:a8:1d: 629s 9e:b3:1e:03:1b:ef:9e:a9:5a:ab:c1:a7:dd:b1:e3:a0:5f:1d: 629s 43:f0:46:69:49:04:d2:d0:50:f3:71:bb:37:d6:d8:8d:11:9e: 629s cd:ef:56:63:8d:da:ee:bc:d0:b8:d3:21:54:d1:18:c6:fb:0a: 629s 63:8f:ae:07:ca:7a:13:48:ff:97:dc:3f:6d:96:e3:fa:19:60: 629s ca:8c:7f:97:c1:e9:fa:3f:15:72:ce:37:83:59:8c:54:fe:b7: 629s 9e:49:ed:5c:a1:48:24:25:8e:62:ca:b9:3e:cd:58:41:5b:97: 629s d7:e0 629s + local found_md5 expected_md5 629s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-cIPFgF/test-root-CA-trusted-certificate-0001.pem 629s + expected_md5=Modulus=CE43FDEE0759567FDBBDEB426CD779D966548ADFC158422B33B7A10AF2146B97EBB9A64AAE969ED692FBDEE8838D726F4416F5C77C360287D38CFD48DEAD29756E2999C23F533C8780067098CAD24FFA611D68757E0EA8A7BECC593562A0884230058A5BA557AB27FE5925CA4558BDCA7D39B7076687620033069BA8AB6875C5 629s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-cIPFgF/SSSD-child-4203.pem 630s + found_md5=Modulus=CE43FDEE0759567FDBBDEB426CD779D966548ADFC158422B33B7A10AF2146B97EBB9A64AAE969ED692FBDEE8838D726F4416F5C77C360287D38CFD48DEAD29756E2999C23F533C8780067098CAD24FFA611D68757E0EA8A7BECC593562A0884230058A5BA557AB27FE5925CA4558BDCA7D39B7076687620033069BA8AB6875C5 630s + '[' Modulus=CE43FDEE0759567FDBBDEB426CD779D966548ADFC158422B33B7A10AF2146B97EBB9A64AAE969ED692FBDEE8838D726F4416F5C77C360287D38CFD48DEAD29756E2999C23F533C8780067098CAD24FFA611D68757E0EA8A7BECC593562A0884230058A5BA557AB27FE5925CA4558BDCA7D39B7076687620033069BA8AB6875C5 '!=' Modulus=CE43FDEE0759567FDBBDEB426CD779D966548ADFC158422B33B7A10AF2146B97EBB9A64AAE969ED692FBDEE8838D726F4416F5C77C360287D38CFD48DEAD29756E2999C23F533C8780067098CAD24FFA611D68757E0EA8A7BECC593562A0884230058A5BA557AB27FE5925CA4558BDCA7D39B7076687620033069BA8AB6875C5 ']' 630s + output_file=/tmp/sssd-softhsm2-cIPFgF/SSSD-child-4203-auth.output 630s ++ basename /tmp/sssd-softhsm2-cIPFgF/SSSD-child-4203-auth.output .output 630s + output_cert_file=/tmp/sssd-softhsm2-cIPFgF/SSSD-child-4203-auth.pem 630s + echo -n 053350 630s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/dev/null --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=no_verification --token_name 'Test Organization Root Tr Token' --module_name /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so 630s [p11_child[3064]] [main] (0x0400): p11_child started. 630s [p11_child[3064]] [main] (0x2000): Running in [auth] mode. 630s [p11_child[3064]] [main] (0x2000): Running with effective IDs: [0][0]. 630s [p11_child[3064]] [main] (0x2000): Running with real IDs [0][0]. 630s [p11_child[3064]] [parse_cert_verify_opts] (0x0020): Found 'no_verification' option, disabling verification completely. This should not be used in production. 630s [p11_child[3064]] [do_card] (0x4000): Module List: 630s [p11_child[3064]] [do_card] (0x4000): common name: [softhsm2]. 630s [p11_child[3064]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 630s [p11_child[3064]] [do_card] (0x4000): Description [SoftHSM slot ID 0x35fd647f] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 630s [p11_child[3064]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 630s [p11_child[3064]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x35fd647f][905798783] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 630s [p11_child[3064]] [do_card] (0x4000): Login required. 630s [p11_child[3064]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 630s [p11_child[3064]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so Test Organization Root Tr Token Test Organization Root Tr Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 630s [p11_child[3064]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x35fd647f;slot-manufacturer=SoftHSM%20project;slot-id=905798783;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=fb91280435fd647f;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 630s [p11_child[3064]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 630s [p11_child[3064]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 630s [p11_child[3064]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 630s [p11_child[3064]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 630s [p11_child[3064]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 630s [p11_child[3064]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 630s [p11_child[3064]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 630s [p11_child[3064]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 630s [p11_child[3064]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 630s [p11_child[3064]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 630s [p11_child[3064]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 630s [p11_child[3064]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 630s [p11_child[3064]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 630s [p11_child[3064]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 630s [p11_child[3064]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 630s [p11_child[3064]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 630s [p11_child[3064]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 630s [p11_child[3064]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 630s [p11_child[3064]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 630s [p11_child[3064]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 630s [p11_child[3064]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 630s [p11_child[3064]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 630s [p11_child[3064]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 630s [p11_child[3064]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 630s [p11_child[3064]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 630s [p11_child[3064]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 630s [p11_child[3064]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 630s [p11_child[3064]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 630s [p11_child[3064]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 630s [p11_child[3064]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 630s [p11_child[3064]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 630s [p11_child[3064]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 630s [p11_child[3064]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 630s [p11_child[3064]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 630s [p11_child[3064]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 630s [p11_child[3064]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 630s [p11_child[3064]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 630s [p11_child[3064]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 630s [p11_child[3064]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 630s [p11_child[3064]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 630s [p11_child[3064]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 630s [p11_child[3064]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 630s [p11_child[3064]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 630s [p11_child[3064]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 630s [p11_child[3064]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 630s [p11_child[3064]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 630s [p11_child[3064]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 630s [p11_child[3064]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 630s [p11_child[3064]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 630s [p11_child[3064]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 630s [p11_child[3064]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 630s [p11_child[3064]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 630s [p11_child[3064]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 630s [p11_child[3064]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 630s [p11_child[3064]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 630s [p11_child[3064]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 630s [p11_child[3064]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 630s [p11_child[3064]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 630s [p11_child[3064]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 630s [p11_child[3064]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 630s [p11_child[3064]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 630s [p11_child[3064]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 630s [p11_child[3064]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 630s [p11_child[3064]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 630s [p11_child[3064]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 630s [p11_child[3064]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 630s [p11_child[3064]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 630s [p11_child[3064]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 630s [p11_child[3064]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 630s [p11_child[3064]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 630s [p11_child[3064]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 630s [p11_child[3064]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 630s [p11_child[3064]] [do_card] (0x4000): Certificate verified and validated. 630s [p11_child[3064]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 630s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-cIPFgF/SSSD-child-4203-auth.output 630s + echo '-----BEGIN CERTIFICATE-----' 630s + tail -n1 /tmp/sssd-softhsm2-cIPFgF/SSSD-child-4203-auth.output 630s + echo '-----END CERTIFICATE-----' 630s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-cIPFgF/SSSD-child-4203-auth.pem 630s Certificate: 630s Data: 630s Version: 3 (0x2) 630s Serial Number: 3 (0x3) 630s Signature Algorithm: sha256WithRSAEncryption 630s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 630s Validity 630s Not Before: Mar 20 04:53:14 2024 GMT 630s Not After : Mar 20 04:53:14 2025 GMT 630s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 630s Subject Public Key Info: 630s Public Key Algorithm: rsaEncryption 630s Public-Key: (1024 bit) 630s Modulus: 630s 00:ce:43:fd:ee:07:59:56:7f:db:bd:eb:42:6c:d7: 630s 79:d9:66:54:8a:df:c1:58:42:2b:33:b7:a1:0a:f2: 630s 14:6b:97:eb:b9:a6:4a:ae:96:9e:d6:92:fb:de:e8: 630s 83:8d:72:6f:44:16:f5:c7:7c:36:02:87:d3:8c:fd: 630s 48:de:ad:29:75:6e:29:99:c2:3f:53:3c:87:80:06: 630s 70:98:ca:d2:4f:fa:61:1d:68:75:7e:0e:a8:a7:be: 630s cc:59:35:62:a0:88:42:30:05:8a:5b:a5:57:ab:27: 630s fe:59:25:ca:45:58:bd:ca:7d:39:b7:07:66:87:62: 630s 00:33:06:9b:a8:ab:68:75:c5 630s Exponent: 65537 (0x10001) 630s X509v3 extensions: 630s X509v3 Authority Key Identifier: 630s 5E:A0:08:E3:EC:3B:DD:71:C2:47:D0:3B:FF:D8:5A:91:A1:E6:7D:AD 630s X509v3 Basic Constraints: 630s CA:FALSE 630s Netscape Cert Type: 630s SSL Client, S/MIME 630s Netscape Comment: 630s Test Organization Root CA trusted Certificate 630s X509v3 Subject Key Identifier: 630s 4B:AB:3E:68:B4:AB:F1:8A:FF:B8:C4:D5:50:38:68:28:D5:14:CF:25 630s X509v3 Key Usage: critical 630s Digital Signature, Non Repudiation, Key Encipherment 630s X509v3 Extended Key Usage: 630s TLS Web Client Authentication, E-mail Protection 630s X509v3 Subject Alternative Name: 630s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 630s Signature Algorithm: sha256WithRSAEncryption 630s Signature Value: 630s 25:aa:28:5a:21:ee:40:85:31:d6:52:34:82:4a:bd:5d:a8:1d: 630s 9e:b3:1e:03:1b:ef:9e:a9:5a:ab:c1:a7:dd:b1:e3:a0:5f:1d: 630s 43:f0:46:69:49:04:d2:d0:50:f3:71:bb:37:d6:d8:8d:11:9e: 630s cd:ef:56:63:8d:da:ee:bc:d0:b8:d3:21:54:d1:18:c6:fb:0a: 630s 63:8f:ae:07:ca:7a:13:48:ff:97:dc:3f:6d:96:e3:fa:19:60: 630s ca:8c:7f:97:c1:e9:fa:3f:15:72:ce:37:83:59:8c:54:fe:b7: 630s 9e:49:ed:5c:a1:48:24:25:8e:62:ca:b9:3e:cd:58:41:5b:97: 630s d7:e0 630s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-cIPFgF/SSSD-child-4203-auth.pem 630s + found_md5=Modulus=CE43FDEE0759567FDBBDEB426CD779D966548ADFC158422B33B7A10AF2146B97EBB9A64AAE969ED692FBDEE8838D726F4416F5C77C360287D38CFD48DEAD29756E2999C23F533C8780067098CAD24FFA611D68757E0EA8A7BECC593562A0884230058A5BA557AB27FE5925CA4558BDCA7D39B7076687620033069BA8AB6875C5 630s + '[' Modulus=CE43FDEE0759567FDBBDEB426CD779D966548ADFC158422B33B7A10AF2146B97EBB9A64AAE969ED692FBDEE8838D726F4416F5C77C360287D38CFD48DEAD29756E2999C23F533C8780067098CAD24FFA611D68757E0EA8A7BECC593562A0884230058A5BA557AB27FE5925CA4558BDCA7D39B7076687620033069BA8AB6875C5 '!=' Modulus=CE43FDEE0759567FDBBDEB426CD779D966548ADFC158422B33B7A10AF2146B97EBB9A64AAE969ED692FBDEE8838D726F4416F5C77C360287D38CFD48DEAD29756E2999C23F533C8780067098CAD24FFA611D68757E0EA8A7BECC593562A0884230058A5BA557AB27FE5925CA4558BDCA7D39B7076687620033069BA8AB6875C5 ']' 630s + valid_certificate /tmp/sssd-softhsm2-cIPFgF/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-16430 /tmp/sssd-softhsm2-cIPFgF/test-root-CA.pem 630s + check_certificate /tmp/sssd-softhsm2-cIPFgF/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-16430 /tmp/sssd-softhsm2-cIPFgF/test-root-CA.pem 630s + local certificate=/tmp/sssd-softhsm2-cIPFgF/test-root-CA-trusted-certificate-0001.pem 630s + local key_pass=pass:random-root-ca-trusted-cert-0001-16430 630s + local key_ring=/tmp/sssd-softhsm2-cIPFgF/test-root-CA.pem 630s + local verify_option= 630s + prepare_softhsm2_card /tmp/sssd-softhsm2-cIPFgF/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-16430 630s + local certificate=/tmp/sssd-softhsm2-cIPFgF/test-root-CA-trusted-certificate-0001.pem 630s + local key_pass=pass:random-root-ca-trusted-cert-0001-16430 630s + local key_cn 630s + local key_name 630s + local tokens_dir 630s + local output_cert_file 630s + token_name= 630s ++ basename /tmp/sssd-softhsm2-cIPFgF/test-root-CA-trusted-certificate-0001.pem .pem 630s + key_name=test-root-CA-trusted-certificate-0001 630s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-cIPFgF/test-root-CA-trusted-certificate-0001.pem 630s ++ sed -n 's/ *commonName *= //p' 630s + key_cn='Test Organization Root Trusted Certificate 0001' 630s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 630s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-cIPFgF/softhsm2-test-root-CA-trusted-certificate-0001.conf 630s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-cIPFgF/softhsm2-test-root-CA-trusted-certificate-0001.conf 630s ++ basename /tmp/sssd-softhsm2-cIPFgF/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 630s + tokens_dir=/tmp/sssd-softhsm2-cIPFgF/softhsm2-test-root-CA-trusted-certificate-0001 630s + token_name='Test Organization Root Tr Token' 630s + '[' '!' -e /tmp/sssd-softhsm2-cIPFgF/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 630s + '[' '!' -d /tmp/sssd-softhsm2-cIPFgF/softhsm2-test-root-CA-trusted-certificate-0001 ']' 630s + echo 'Test Organization Root Tr Token' 630s Test Organization Root Tr Token 630s + '[' -n '' ']' 630s + local output_base_name=SSSD-child-30110 630s + local output_file=/tmp/sssd-softhsm2-cIPFgF/SSSD-child-30110.output 630s + output_cert_file=/tmp/sssd-softhsm2-cIPFgF/SSSD-child-30110.pem 630s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-cIPFgF/test-root-CA.pem 630s [p11_child[3074]] [main] (0x0400): p11_child started. 630s [p11_child[3074]] [main] (0x2000): Running in [pre-auth] mode. 630s [p11_child[3074]] [main] (0x2000): Running with effective IDs: [0][0]. 630s [p11_child[3074]] [main] (0x2000): Running with real IDs [0][0]. 630s [p11_child[3074]] [do_card] (0x4000): Module List: 630s [p11_child[3074]] [do_card] (0x4000): common name: [softhsm2]. 630s [p11_child[3074]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 630s [p11_child[3074]] [do_card] (0x4000): Description [SoftHSM slot ID 0x35fd647f] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 630s [p11_child[3074]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 630s [p11_child[3074]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x35fd647f][905798783] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 630s [p11_child[3074]] [do_card] (0x4000): Login NOT required. 630s [p11_child[3074]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 630s [p11_child[3074]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 630s [p11_child[3074]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Root Tr Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 630s [p11_child[3074]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x35fd647f;slot-manufacturer=SoftHSM%20project;slot-id=905798783;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=fb91280435fd647f;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 630s [p11_child[3074]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 630s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-cIPFgF/SSSD-child-30110.output 630s + echo '-----BEGIN CERTIFICATE-----' 630s + tail -n1 /tmp/sssd-softhsm2-cIPFgF/SSSD-child-30110.output 630s + echo '-----END CERTIFICATE-----' 630s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-cIPFgF/SSSD-child-30110.pem 630s Certificate: 630s Data: 630s Version: 3 (0x2) 630s Serial Number: 3 (0x3) 630s Signature Algorithm: sha256WithRSAEncryption 630s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 630s Validity 630s Not Before: Mar 20 04:53:14 2024 GMT 630s Not After : Mar 20 04:53:14 2025 GMT 630s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 630s Subject Public Key Info: 630s Public Key Algorithm: rsaEncryption 630s Public-Key: (1024 bit) 630s Modulus: 630s 00:ce:43:fd:ee:07:59:56:7f:db:bd:eb:42:6c:d7: 630s 79:d9:66:54:8a:df:c1:58:42:2b:33:b7:a1:0a:f2: 630s 14:6b:97:eb:b9:a6:4a:ae:96:9e:d6:92:fb:de:e8: 630s 83:8d:72:6f:44:16:f5:c7:7c:36:02:87:d3:8c:fd: 630s 48:de:ad:29:75:6e:29:99:c2:3f:53:3c:87:80:06: 630s 70:98:ca:d2:4f:fa:61:1d:68:75:7e:0e:a8:a7:be: 630s cc:59:35:62:a0:88:42:30:05:8a:5b:a5:57:ab:27: 630s fe:59:25:ca:45:58:bd:ca:7d:39:b7:07:66:87:62: 630s 00:33:06:9b:a8:ab:68:75:c5 630s Exponent: 65537 (0x10001) 630s X509v3 extensions: 630s X509v3 Authority Key Identifier: 630s 5E:A0:08:E3:EC:3B:DD:71:C2:47:D0:3B:FF:D8:5A:91:A1:E6:7D:AD 630s X509v3 Basic Constraints: 630s CA:FALSE 630s Netscape Cert Type: 630s SSL Client, S/MIME 630s Netscape Comment: 630s Test Organization Root CA trusted Certificate 630s X509v3 Subject Key Identifier: 630s 4B:AB:3E:68:B4:AB:F1:8A:FF:B8:C4:D5:50:38:68:28:D5:14:CF:25 630s X509v3 Key Usage: critical 630s Digital Signature, Non Repudiation, Key Encipherment 630s X509v3 Extended Key Usage: 630s TLS Web Client Authentication, E-mail Protection 630s X509v3 Subject Alternative Name: 630s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 630s Signature Algorithm: sha256WithRSAEncryption 630s Signature Value: 630s 25:aa:28:5a:21:ee:40:85:31:d6:52:34:82:4a:bd:5d:a8:1d: 630s 9e:b3:1e:03:1b:ef:9e:a9:5a:ab:c1:a7:dd:b1:e3:a0:5f:1d: 630s 43:f0:46:69:49:04:d2:d0:50:f3:71:bb:37:d6:d8:8d:11:9e: 630s cd:ef:56:63:8d:da:ee:bc:d0:b8:d3:21:54:d1:18:c6:fb:0a: 630s 63:8f:ae:07:ca:7a:13:48:ff:97:dc:3f:6d:96:e3:fa:19:60: 630s ca:8c:7f:97:c1:e9:fa:3f:15:72:ce:37:83:59:8c:54:fe:b7: 630s 9e:49:ed:5c:a1:48:24:25:8e:62:ca:b9:3e:cd:58:41:5b:97: 630s d7:e0 630s + local found_md5 expected_md5 630s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-cIPFgF/test-root-CA-trusted-certificate-0001.pem 630s + expected_md5=Modulus=CE43FDEE0759567FDBBDEB426CD779D966548ADFC158422B33B7A10AF2146B97EBB9A64AAE969ED692FBDEE8838D726F4416F5C77C360287D38CFD48DEAD29756E2999C23F533C8780067098CAD24FFA611D68757E0EA8A7BECC593562A0884230058A5BA557AB27FE5925CA4558BDCA7D39B7076687620033069BA8AB6875C5 630s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-cIPFgF/SSSD-child-30110.pem 630s + found_md5=Modulus=CE43FDEE0759567FDBBDEB426CD779D966548ADFC158422B33B7A10AF2146B97EBB9A64AAE969ED692FBDEE8838D726F4416F5C77C360287D38CFD48DEAD29756E2999C23F533C8780067098CAD24FFA611D68757E0EA8A7BECC593562A0884230058A5BA557AB27FE5925CA4558BDCA7D39B7076687620033069BA8AB6875C5 630s + '[' Modulus=CE43FDEE0759567FDBBDEB426CD779D966548ADFC158422B33B7A10AF2146B97EBB9A64AAE969ED692FBDEE8838D726F4416F5C77C360287D38CFD48DEAD29756E2999C23F533C8780067098CAD24FFA611D68757E0EA8A7BECC593562A0884230058A5BA557AB27FE5925CA4558BDCA7D39B7076687620033069BA8AB6875C5 '!=' Modulus=CE43FDEE0759567FDBBDEB426CD779D966548ADFC158422B33B7A10AF2146B97EBB9A64AAE969ED692FBDEE8838D726F4416F5C77C360287D38CFD48DEAD29756E2999C23F533C8780067098CAD24FFA611D68757E0EA8A7BECC593562A0884230058A5BA557AB27FE5925CA4558BDCA7D39B7076687620033069BA8AB6875C5 ']' 630s + output_file=/tmp/sssd-softhsm2-cIPFgF/SSSD-child-30110-auth.output 630s ++ basename /tmp/sssd-softhsm2-cIPFgF/SSSD-child-30110-auth.output .output 630s + output_cert_file=/tmp/sssd-softhsm2-cIPFgF/SSSD-child-30110-auth.pem 630s + echo -n 053350 630s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-cIPFgF/test-root-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 '' --token_name 'Test Organization Root Tr Token' --module_name /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so 630s [p11_child[3082]] [main] (0x0400): p11_child started. 630s [p11_child[3082]] [main] (0x2000): Running in [auth] mode. 630s [p11_child[3082]] [main] (0x2000): Running with effective IDs: [0][0]. 630s [p11_child[3082]] [main] (0x2000): Running with real IDs [0][0]. 630s [p11_child[3082]] [do_card] (0x4000): Module List: 630s [p11_child[3082]] [do_card] (0x4000): common name: [softhsm2]. 630s [p11_child[3082]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 630s [p11_child[3082]] [do_card] (0x4000): Description [SoftHSM slot ID 0x35fd647f] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 630s [p11_child[3082]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 630s [p11_child[3082]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x35fd647f][905798783] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 630s [p11_child[3082]] [do_card] (0x4000): Login required. 630s [p11_child[3082]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 630s [p11_child[3082]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 630s [p11_child[3082]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so Test Organization Root Tr Token Test Organization Root Tr Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 630s [p11_child[3082]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x35fd647f;slot-manufacturer=SoftHSM%20project;slot-id=905798783;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=fb91280435fd647f;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 630s [p11_child[3082]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 630s [p11_child[3082]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 630s [p11_child[3082]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 630s [p11_child[3082]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 630s [p11_child[3082]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 630s [p11_child[3082]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 630s [p11_child[3082]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 630s [p11_child[3082]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 630s [p11_child[3082]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 630s [p11_child[3082]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 630s [p11_child[3082]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 630s [p11_child[3082]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 630s [p11_child[3082]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 630s [p11_child[3082]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 630s [p11_child[3082]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 630s [p11_child[3082]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 630s [p11_child[3082]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 630s [p11_child[3082]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 630s [p11_child[3082]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 630s [p11_child[3082]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 630s [p11_child[3082]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 630s [p11_child[3082]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 630s [p11_child[3082]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 630s [p11_child[3082]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 630s [p11_child[3082]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 630s [p11_child[3082]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 630s [p11_child[3082]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 630s [p11_child[3082]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 630s [p11_child[3082]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 630s [p11_child[3082]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 630s [p11_child[3082]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 630s [p11_child[3082]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 630s [p11_child[3082]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 630s [p11_child[3082]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 630s [p11_child[3082]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 630s [p11_child[3082]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 630s [p11_child[3082]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 630s [p11_child[3082]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 630s [p11_child[3082]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 630s [p11_child[3082]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 630s [p11_child[3082]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 630s [p11_child[3082]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 630s [p11_child[3082]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 630s [p11_child[3082]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 630s [p11_child[3082]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 630s [p11_child[3082]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 630s [p11_child[3082]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 630s [p11_child[3082]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 630s [p11_child[3082]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 630s [p11_child[3082]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 630s [p11_child[3082]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 630s [p11_child[3082]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 630s [p11_child[3082]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 630s [p11_child[3082]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 630s [p11_child[3082]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 630s [p11_child[3082]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 630s [p11_child[3082]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 630s [p11_child[3082]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 630s [p11_child[3082]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 630s [p11_child[3082]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 630s [p11_child[3082]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 630s [p11_child[3082]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 630s [p11_child[3082]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 630s [p11_child[3082]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 630s [p11_child[3082]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 630s [p11_child[3082]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 630s [p11_child[3082]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 630s [p11_child[3082]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 630s [p11_child[3082]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 630s [p11_child[3082]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 630s [p11_child[3082]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 630s [p11_child[3082]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 630s [p11_child[3082]] [do_card] (0x4000): Certificate verified and validated. 630s [p11_child[3082]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 630s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-cIPFgF/SSSD-child-30110-auth.output 630s + echo '-----BEGIN CERTIFICATE-----' 630s + tail -n1 /tmp/sssd-softhsm2-cIPFgF/SSSD-child-30110-auth.output 630s + echo '-----END CERTIFICATE-----' 630s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-cIPFgF/SSSD-child-30110-auth.pem 631s Certificate: 631s Data: 631s Version: 3 (0x2) 631s Serial Number: 3 (0x3) 631s Signature Algorithm: sha256WithRSAEncryption 631s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 631s Validity 631s Not Before: Mar 20 04:53:14 2024 GMT 631s Not After : Mar 20 04:53:14 2025 GMT 631s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 631s Subject Public Key Info: 631s Public Key Algorithm: rsaEncryption 631s Public-Key: (1024 bit) 631s Modulus: 631s 00:ce:43:fd:ee:07:59:56:7f:db:bd:eb:42:6c:d7: 631s 79:d9:66:54:8a:df:c1:58:42:2b:33:b7:a1:0a:f2: 631s 14:6b:97:eb:b9:a6:4a:ae:96:9e:d6:92:fb:de:e8: 631s 83:8d:72:6f:44:16:f5:c7:7c:36:02:87:d3:8c:fd: 631s 48:de:ad:29:75:6e:29:99:c2:3f:53:3c:87:80:06: 631s 70:98:ca:d2:4f:fa:61:1d:68:75:7e:0e:a8:a7:be: 631s cc:59:35:62:a0:88:42:30:05:8a:5b:a5:57:ab:27: 631s fe:59:25:ca:45:58:bd:ca:7d:39:b7:07:66:87:62: 631s 00:33:06:9b:a8:ab:68:75:c5 631s Exponent: 65537 (0x10001) 631s X509v3 extensions: 631s X509v3 Authority Key Identifier: 631s 5E:A0:08:E3:EC:3B:DD:71:C2:47:D0:3B:FF:D8:5A:91:A1:E6:7D:AD 631s X509v3 Basic Constraints: 631s CA:FALSE 631s Netscape Cert Type: 631s SSL Client, S/MIME 631s Netscape Comment: 631s Test Organization Root CA trusted Certificate 631s X509v3 Subject Key Identifier: 631s 4B:AB:3E:68:B4:AB:F1:8A:FF:B8:C4:D5:50:38:68:28:D5:14:CF:25 631s X509v3 Key Usage: critical 631s Digital Signature, Non Repudiation, Key Encipherment 631s X509v3 Extended Key Usage: 631s TLS Web Client Authentication, E-mail Protection 631s X509v3 Subject Alternative Name: 631s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 631s Signature Algorithm: sha256WithRSAEncryption 631s Signature Value: 631s 25:aa:28:5a:21:ee:40:85:31:d6:52:34:82:4a:bd:5d:a8:1d: 631s 9e:b3:1e:03:1b:ef:9e:a9:5a:ab:c1:a7:dd:b1:e3:a0:5f:1d: 631s 43:f0:46:69:49:04:d2:d0:50:f3:71:bb:37:d6:d8:8d:11:9e: 631s cd:ef:56:63:8d:da:ee:bc:d0:b8:d3:21:54:d1:18:c6:fb:0a: 631s 63:8f:ae:07:ca:7a:13:48:ff:97:dc:3f:6d:96:e3:fa:19:60: 631s ca:8c:7f:97:c1:e9:fa:3f:15:72:ce:37:83:59:8c:54:fe:b7: 631s 9e:49:ed:5c:a1:48:24:25:8e:62:ca:b9:3e:cd:58:41:5b:97: 631s d7:e0 631s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-cIPFgF/SSSD-child-30110-auth.pem 631s + found_md5=Modulus=CE43FDEE0759567FDBBDEB426CD779D966548ADFC158422B33B7A10AF2146B97EBB9A64AAE969ED692FBDEE8838D726F4416F5C77C360287D38CFD48DEAD29756E2999C23F533C8780067098CAD24FFA611D68757E0EA8A7BECC593562A0884230058A5BA557AB27FE5925CA4558BDCA7D39B7076687620033069BA8AB6875C5 631s + '[' Modulus=CE43FDEE0759567FDBBDEB426CD779D966548ADFC158422B33B7A10AF2146B97EBB9A64AAE969ED692FBDEE8838D726F4416F5C77C360287D38CFD48DEAD29756E2999C23F533C8780067098CAD24FFA611D68757E0EA8A7BECC593562A0884230058A5BA557AB27FE5925CA4558BDCA7D39B7076687620033069BA8AB6875C5 '!=' Modulus=CE43FDEE0759567FDBBDEB426CD779D966548ADFC158422B33B7A10AF2146B97EBB9A64AAE969ED692FBDEE8838D726F4416F5C77C360287D38CFD48DEAD29756E2999C23F533C8780067098CAD24FFA611D68757E0EA8A7BECC593562A0884230058A5BA557AB27FE5925CA4558BDCA7D39B7076687620033069BA8AB6875C5 ']' 631s + valid_certificate /tmp/sssd-softhsm2-cIPFgF/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-16430 /tmp/sssd-softhsm2-cIPFgF/test-root-CA.pem partial_chain 631s + check_certificate /tmp/sssd-softhsm2-cIPFgF/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-16430 /tmp/sssd-softhsm2-cIPFgF/test-root-CA.pem partial_chain 631s + local certificate=/tmp/sssd-softhsm2-cIPFgF/test-root-CA-trusted-certificate-0001.pem 631s + local key_pass=pass:random-root-ca-trusted-cert-0001-16430 631s + local key_ring=/tmp/sssd-softhsm2-cIPFgF/test-root-CA.pem 631s + local verify_option=partial_chain 631s + prepare_softhsm2_card /tmp/sssd-softhsm2-cIPFgF/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-16430 631s + local certificate=/tmp/sssd-softhsm2-cIPFgF/test-root-CA-trusted-certificate-0001.pem 631s + local key_pass=pass:random-root-ca-trusted-cert-0001-16430 631s + local key_cn 631s + local key_name 631s + local tokens_dir 631s + local output_cert_file 631s + token_name= 631s ++ basename /tmp/sssd-softhsm2-cIPFgF/test-root-CA-trusted-certificate-0001.pem .pem 631s + key_name=test-root-CA-trusted-certificate-0001 631s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-cIPFgF/test-root-CA-trusted-certificate-0001.pem 631s ++ sed -n 's/ *commonName *= //p' 631s + key_cn='Test Organization Root Trusted Certificate 0001' 631s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 631s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-cIPFgF/softhsm2-test-root-CA-trusted-certificate-0001.conf 631s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-cIPFgF/softhsm2-test-root-CA-trusted-certificate-0001.conf 631s ++ basename /tmp/sssd-softhsm2-cIPFgF/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 631s + tokens_dir=/tmp/sssd-softhsm2-cIPFgF/softhsm2-test-root-CA-trusted-certificate-0001 631s + token_name='Test Organization Root Tr Token' 631s + '[' '!' -e /tmp/sssd-softhsm2-cIPFgF/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 631s + '[' '!' -d /tmp/sssd-softhsm2-cIPFgF/softhsm2-test-root-CA-trusted-certificate-0001 ']' 631s Test Organization Root Tr Token 631s + echo 'Test Organization Root Tr Token' 631s + '[' -n partial_chain ']' 631s + local verify_arg=--verify=partial_chain 631s + local output_base_name=SSSD-child-28693 631s + local output_file=/tmp/sssd-softhsm2-cIPFgF/SSSD-child-28693.output 631s + output_cert_file=/tmp/sssd-softhsm2-cIPFgF/SSSD-child-28693.pem 631s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-cIPFgF/test-root-CA.pem 631s [p11_child[3092]] [main] (0x0400): p11_child started. 631s [p11_child[3092]] [main] (0x2000): Running in [pre-auth] mode. 631s [p11_child[3092]] [main] (0x2000): Running with effective IDs: [0][0]. 631s [p11_child[3092]] [main] (0x2000): Running with real IDs [0][0]. 631s [p11_child[3092]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 631s [p11_child[3092]] [do_card] (0x4000): Module List: 631s [p11_child[3092]] [do_card] (0x4000): common name: [softhsm2]. 631s [p11_child[3092]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 631s [p11_child[3092]] [do_card] (0x4000): Description [SoftHSM slot ID 0x35fd647f] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 631s [p11_child[3092]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 631s [p11_child[3092]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x35fd647f][905798783] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 631s [p11_child[3092]] [do_card] (0x4000): Login NOT required. 631s [p11_child[3092]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 631s [p11_child[3092]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 631s [p11_child[3092]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Root Tr Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 631s [p11_child[3092]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x35fd647f;slot-manufacturer=SoftHSM%20project;slot-id=905798783;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=fb91280435fd647f;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 631s [p11_child[3092]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 631s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-cIPFgF/SSSD-child-28693.output 631s + echo '-----BEGIN CERTIFICATE-----' 631s + tail -n1 /tmp/sssd-softhsm2-cIPFgF/SSSD-child-28693.output 631s + echo '-----END CERTIFICATE-----' 631s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-cIPFgF/SSSD-child-28693.pem 631s Certificate: 631s Data: 631s Version: 3 (0x2) 631s Serial Number: 3 (0x3) 631s Signature Algorithm: sha256WithRSAEncryption 631s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 631s Validity 631s Not Before: Mar 20 04:53:14 2024 GMT 631s Not After : Mar 20 04:53:14 2025 GMT 631s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 631s Subject Public Key Info: 631s Public Key Algorithm: rsaEncryption 631s Public-Key: (1024 bit) 631s Modulus: 631s 00:ce:43:fd:ee:07:59:56:7f:db:bd:eb:42:6c:d7: 631s 79:d9:66:54:8a:df:c1:58:42:2b:33:b7:a1:0a:f2: 631s 14:6b:97:eb:b9:a6:4a:ae:96:9e:d6:92:fb:de:e8: 631s 83:8d:72:6f:44:16:f5:c7:7c:36:02:87:d3:8c:fd: 631s 48:de:ad:29:75:6e:29:99:c2:3f:53:3c:87:80:06: 631s 70:98:ca:d2:4f:fa:61:1d:68:75:7e:0e:a8:a7:be: 631s cc:59:35:62:a0:88:42:30:05:8a:5b:a5:57:ab:27: 631s fe:59:25:ca:45:58:bd:ca:7d:39:b7:07:66:87:62: 631s 00:33:06:9b:a8:ab:68:75:c5 631s Exponent: 65537 (0x10001) 631s X509v3 extensions: 631s X509v3 Authority Key Identifier: 631s 5E:A0:08:E3:EC:3B:DD:71:C2:47:D0:3B:FF:D8:5A:91:A1:E6:7D:AD 631s X509v3 Basic Constraints: 631s CA:FALSE 631s Netscape Cert Type: 631s SSL Client, S/MIME 631s Netscape Comment: 631s Test Organization Root CA trusted Certificate 631s X509v3 Subject Key Identifier: 631s 4B:AB:3E:68:B4:AB:F1:8A:FF:B8:C4:D5:50:38:68:28:D5:14:CF:25 631s X509v3 Key Usage: critical 631s Digital Signature, Non Repudiation, Key Encipherment 631s X509v3 Extended Key Usage: 631s TLS Web Client Authentication, E-mail Protection 631s X509v3 Subject Alternative Name: 631s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 631s Signature Algorithm: sha256WithRSAEncryption 631s Signature Value: 631s 25:aa:28:5a:21:ee:40:85:31:d6:52:34:82:4a:bd:5d:a8:1d: 631s 9e:b3:1e:03:1b:ef:9e:a9:5a:ab:c1:a7:dd:b1:e3:a0:5f:1d: 631s 43:f0:46:69:49:04:d2:d0:50:f3:71:bb:37:d6:d8:8d:11:9e: 631s cd:ef:56:63:8d:da:ee:bc:d0:b8:d3:21:54:d1:18:c6:fb:0a: 631s 63:8f:ae:07:ca:7a:13:48:ff:97:dc:3f:6d:96:e3:fa:19:60: 631s ca:8c:7f:97:c1:e9:fa:3f:15:72:ce:37:83:59:8c:54:fe:b7: 631s 9e:49:ed:5c:a1:48:24:25:8e:62:ca:b9:3e:cd:58:41:5b:97: 631s d7:e0 631s + local found_md5 expected_md5 631s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-cIPFgF/test-root-CA-trusted-certificate-0001.pem 631s + expected_md5=Modulus=CE43FDEE0759567FDBBDEB426CD779D966548ADFC158422B33B7A10AF2146B97EBB9A64AAE969ED692FBDEE8838D726F4416F5C77C360287D38CFD48DEAD29756E2999C23F533C8780067098CAD24FFA611D68757E0EA8A7BECC593562A0884230058A5BA557AB27FE5925CA4558BDCA7D39B7076687620033069BA8AB6875C5 631s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-cIPFgF/SSSD-child-28693.pem 631s + found_md5=Modulus=CE43FDEE0759567FDBBDEB426CD779D966548ADFC158422B33B7A10AF2146B97EBB9A64AAE969ED692FBDEE8838D726F4416F5C77C360287D38CFD48DEAD29756E2999C23F533C8780067098CAD24FFA611D68757E0EA8A7BECC593562A0884230058A5BA557AB27FE5925CA4558BDCA7D39B7076687620033069BA8AB6875C5 631s + '[' Modulus=CE43FDEE0759567FDBBDEB426CD779D966548ADFC158422B33B7A10AF2146B97EBB9A64AAE969ED692FBDEE8838D726F4416F5C77C360287D38CFD48DEAD29756E2999C23F533C8780067098CAD24FFA611D68757E0EA8A7BECC593562A0884230058A5BA557AB27FE5925CA4558BDCA7D39B7076687620033069BA8AB6875C5 '!=' Modulus=CE43FDEE0759567FDBBDEB426CD779D966548ADFC158422B33B7A10AF2146B97EBB9A64AAE969ED692FBDEE8838D726F4416F5C77C360287D38CFD48DEAD29756E2999C23F533C8780067098CAD24FFA611D68757E0EA8A7BECC593562A0884230058A5BA557AB27FE5925CA4558BDCA7D39B7076687620033069BA8AB6875C5 ']' 631s + output_file=/tmp/sssd-softhsm2-cIPFgF/SSSD-child-28693-auth.output 631s ++ basename /tmp/sssd-softhsm2-cIPFgF/SSSD-child-28693-auth.output .output 631s + output_cert_file=/tmp/sssd-softhsm2-cIPFgF/SSSD-child-28693-auth.pem 631s + echo -n 053350 631s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-cIPFgF/test-root-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Root Tr Token' --module_name /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so 631s [p11_child[3100]] [main] (0x0400): p11_child started. 631s [p11_child[3100]] [main] (0x2000): Running in [auth] mode. 631s [p11_child[3100]] [main] (0x2000): Running with effective IDs: [0][0]. 631s [p11_child[3100]] [main] (0x2000): Running with real IDs [0][0]. 631s [p11_child[3100]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 631s [p11_child[3100]] [do_card] (0x4000): Module List: 631s [p11_child[3100]] [do_card] (0x4000): common name: [softhsm2]. 631s [p11_child[3100]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 631s [p11_child[3100]] [do_card] (0x4000): Description [SoftHSM slot ID 0x35fd647f] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 631s [p11_child[3100]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 631s [p11_child[3100]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x35fd647f][905798783] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 631s [p11_child[3100]] [do_card] (0x4000): Login required. 631s [p11_child[3100]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 631s [p11_child[3100]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 631s [p11_child[3100]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so Test Organization Root Tr Token Test Organization Root Tr Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 631s [p11_child[3100]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x35fd647f;slot-manufacturer=SoftHSM%20project;slot-id=905798783;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=fb91280435fd647f;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 631s [p11_child[3100]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 631s [p11_child[3100]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 631s [p11_child[3100]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 631s [p11_child[3100]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 631s [p11_child[3100]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 631s [p11_child[3100]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 631s [p11_child[3100]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 631s [p11_child[3100]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 631s [p11_child[3100]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 631s [p11_child[3100]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 631s [p11_child[3100]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 631s [p11_child[3100]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 631s [p11_child[3100]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 631s [p11_child[3100]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 631s [p11_child[3100]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 631s [p11_child[3100]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 631s [p11_child[3100]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 631s [p11_child[3100]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 631s [p11_child[3100]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 631s [p11_child[3100]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 631s [p11_child[3100]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 631s [p11_child[3100]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 631s [p11_child[3100]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 631s [p11_child[3100]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 631s [p11_child[3100]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 631s [p11_child[3100]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 631s [p11_child[3100]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 631s [p11_child[3100]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 631s [p11_child[3100]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 631s [p11_child[3100]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 631s [p11_child[3100]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 631s [p11_child[3100]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 631s [p11_child[3100]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 631s [p11_child[3100]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 631s [p11_child[3100]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 631s [p11_child[3100]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 631s [p11_child[3100]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 631s [p11_child[3100]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 631s [p11_child[3100]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 631s [p11_child[3100]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 631s [p11_child[3100]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 631s [p11_child[3100]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 631s [p11_child[3100]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 631s [p11_child[3100]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 631s [p11_child[3100]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 631s [p11_child[3100]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 631s [p11_child[3100]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 631s [p11_child[3100]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 631s [p11_child[3100]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 631s [p11_child[3100]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 631s [p11_child[3100]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 631s [p11_child[3100]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 631s [p11_child[3100]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 631s [p11_child[3100]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 631s [p11_child[3100]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 631s [p11_child[3100]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 631s [p11_child[3100]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 631s [p11_child[3100]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 631s [p11_child[3100]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 631s [p11_child[3100]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 631s [p11_child[3100]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 631s [p11_child[3100]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 631s [p11_child[3100]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 631s [p11_child[3100]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 631s [p11_child[3100]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 631s [p11_child[3100]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 631s [p11_child[3100]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 631s [p11_child[3100]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 631s [p11_child[3100]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 631s [p11_child[3100]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 631s [p11_child[3100]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 631s [p11_child[3100]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 631s [p11_child[3100]] [do_card] (0x4000): Certificate verified and validated. 631s [p11_child[3100]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 631s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-cIPFgF/SSSD-child-28693-auth.output 631s + echo '-----BEGIN CERTIFICATE-----' 631s + tail -n1 /tmp/sssd-softhsm2-cIPFgF/SSSD-child-28693-auth.output 631s + echo '-----END CERTIFICATE-----' 631s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-cIPFgF/SSSD-child-28693-auth.pem 631s Certificate: 631s Data: 631s Version: 3 (0x2) 631s Serial Number: 3 (0x3) 631s Signature Algorithm: sha256WithRSAEncryption 631s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 631s Validity 631s Not Before: Mar 20 04:53:14 2024 GMT 631s Not After : Mar 20 04:53:14 2025 GMT 631s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 631s Subject Public Key Info: 631s Public Key Algorithm: rsaEncryption 631s Public-Key: (1024 bit) 631s Modulus: 631s 00:ce:43:fd:ee:07:59:56:7f:db:bd:eb:42:6c:d7: 631s 79:d9:66:54:8a:df:c1:58:42:2b:33:b7:a1:0a:f2: 631s 14:6b:97:eb:b9:a6:4a:ae:96:9e:d6:92:fb:de:e8: 631s 83:8d:72:6f:44:16:f5:c7:7c:36:02:87:d3:8c:fd: 631s 48:de:ad:29:75:6e:29:99:c2:3f:53:3c:87:80:06: 631s 70:98:ca:d2:4f:fa:61:1d:68:75:7e:0e:a8:a7:be: 631s cc:59:35:62:a0:88:42:30:05:8a:5b:a5:57:ab:27: 631s fe:59:25:ca:45:58:bd:ca:7d:39:b7:07:66:87:62: 631s 00:33:06:9b:a8:ab:68:75:c5 631s Exponent: 65537 (0x10001) 631s X509v3 extensions: 631s X509v3 Authority Key Identifier: 631s 5E:A0:08:E3:EC:3B:DD:71:C2:47:D0:3B:FF:D8:5A:91:A1:E6:7D:AD 631s X509v3 Basic Constraints: 631s CA:FALSE 631s Netscape Cert Type: 631s SSL Client, S/MIME 631s Netscape Comment: 631s Test Organization Root CA trusted Certificate 631s X509v3 Subject Key Identifier: 631s 4B:AB:3E:68:B4:AB:F1:8A:FF:B8:C4:D5:50:38:68:28:D5:14:CF:25 631s X509v3 Key Usage: critical 631s Digital Signature, Non Repudiation, Key Encipherment 631s X509v3 Extended Key Usage: 631s TLS Web Client Authentication, E-mail Protection 631s X509v3 Subject Alternative Name: 631s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 631s Signature Algorithm: sha256WithRSAEncryption 631s Signature Value: 631s 25:aa:28:5a:21:ee:40:85:31:d6:52:34:82:4a:bd:5d:a8:1d: 631s 9e:b3:1e:03:1b:ef:9e:a9:5a:ab:c1:a7:dd:b1:e3:a0:5f:1d: 631s 43:f0:46:69:49:04:d2:d0:50:f3:71:bb:37:d6:d8:8d:11:9e: 631s cd:ef:56:63:8d:da:ee:bc:d0:b8:d3:21:54:d1:18:c6:fb:0a: 631s 63:8f:ae:07:ca:7a:13:48:ff:97:dc:3f:6d:96:e3:fa:19:60: 631s ca:8c:7f:97:c1:e9:fa:3f:15:72:ce:37:83:59:8c:54:fe:b7: 631s 9e:49:ed:5c:a1:48:24:25:8e:62:ca:b9:3e:cd:58:41:5b:97: 631s d7:e0 631s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-cIPFgF/SSSD-child-28693-auth.pem 632s + found_md5=Modulus=CE43FDEE0759567FDBBDEB426CD779D966548ADFC158422B33B7A10AF2146B97EBB9A64AAE969ED692FBDEE8838D726F4416F5C77C360287D38CFD48DEAD29756E2999C23F533C8780067098CAD24FFA611D68757E0EA8A7BECC593562A0884230058A5BA557AB27FE5925CA4558BDCA7D39B7076687620033069BA8AB6875C5 632s + '[' Modulus=CE43FDEE0759567FDBBDEB426CD779D966548ADFC158422B33B7A10AF2146B97EBB9A64AAE969ED692FBDEE8838D726F4416F5C77C360287D38CFD48DEAD29756E2999C23F533C8780067098CAD24FFA611D68757E0EA8A7BECC593562A0884230058A5BA557AB27FE5925CA4558BDCA7D39B7076687620033069BA8AB6875C5 '!=' Modulus=CE43FDEE0759567FDBBDEB426CD779D966548ADFC158422B33B7A10AF2146B97EBB9A64AAE969ED692FBDEE8838D726F4416F5C77C360287D38CFD48DEAD29756E2999C23F533C8780067098CAD24FFA611D68757E0EA8A7BECC593562A0884230058A5BA557AB27FE5925CA4558BDCA7D39B7076687620033069BA8AB6875C5 ']' 632s + valid_certificate /tmp/sssd-softhsm2-cIPFgF/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-16430 /tmp/sssd-softhsm2-cIPFgF/test-full-chain-CA.pem 632s + check_certificate /tmp/sssd-softhsm2-cIPFgF/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-16430 /tmp/sssd-softhsm2-cIPFgF/test-full-chain-CA.pem 632s + local certificate=/tmp/sssd-softhsm2-cIPFgF/test-root-CA-trusted-certificate-0001.pem 632s + local key_pass=pass:random-root-ca-trusted-cert-0001-16430 632s + local key_ring=/tmp/sssd-softhsm2-cIPFgF/test-full-chain-CA.pem 632s + local verify_option= 632s + prepare_softhsm2_card /tmp/sssd-softhsm2-cIPFgF/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-16430 632s + local certificate=/tmp/sssd-softhsm2-cIPFgF/test-root-CA-trusted-certificate-0001.pem 632s + local key_pass=pass:random-root-ca-trusted-cert-0001-16430 632s + local key_cn 632s + local key_name 632s + local tokens_dir 632s + local output_cert_file 632s + token_name= 632s ++ basename /tmp/sssd-softhsm2-cIPFgF/test-root-CA-trusted-certificate-0001.pem .pem 632s + key_name=test-root-CA-trusted-certificate-0001 632s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-cIPFgF/test-root-CA-trusted-certificate-0001.pem 632s ++ sed -n 's/ *commonName *= //p' 632s + key_cn='Test Organization Root Trusted Certificate 0001' 632s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 632s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-cIPFgF/softhsm2-test-root-CA-trusted-certificate-0001.conf 632s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-cIPFgF/softhsm2-test-root-CA-trusted-certificate-0001.conf 632s ++ basename /tmp/sssd-softhsm2-cIPFgF/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 632s + tokens_dir=/tmp/sssd-softhsm2-cIPFgF/softhsm2-test-root-CA-trusted-certificate-0001 632s + token_name='Test Organization Root Tr Token' 632s + '[' '!' -e /tmp/sssd-softhsm2-cIPFgF/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 632s + '[' '!' -d /tmp/sssd-softhsm2-cIPFgF/softhsm2-test-root-CA-trusted-certificate-0001 ']' 632s + echo 'Test Organization Root Tr Token' 632s Test Organization Root Tr Token 632s + '[' -n '' ']' 632s + local output_base_name=SSSD-child-8250 632s + local output_file=/tmp/sssd-softhsm2-cIPFgF/SSSD-child-8250.output 632s + output_cert_file=/tmp/sssd-softhsm2-cIPFgF/SSSD-child-8250.pem 632s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-cIPFgF/test-full-chain-CA.pem 632s [p11_child[3110]] [main] (0x0400): p11_child started. 632s [p11_child[3110]] [main] (0x2000): Running in [pre-auth] mode. 632s [p11_child[3110]] [main] (0x2000): Running with effective IDs: [0][0]. 632s [p11_child[3110]] [main] (0x2000): Running with real IDs [0][0]. 632s [p11_child[3110]] [do_card] (0x4000): Module List: 632s [p11_child[3110]] [do_card] (0x4000): common name: [softhsm2]. 632s [p11_child[3110]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 632s [p11_child[3110]] [do_card] (0x4000): Description [SoftHSM slot ID 0x35fd647f] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 632s [p11_child[3110]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 632s [p11_child[3110]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x35fd647f][905798783] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 632s [p11_child[3110]] [do_card] (0x4000): Login NOT required. 632s [p11_child[3110]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 632s [p11_child[3110]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 632s [p11_child[3110]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Root Tr Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 632s [p11_child[3110]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x35fd647f;slot-manufacturer=SoftHSM%20project;slot-id=905798783;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=fb91280435fd647f;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 632s [p11_child[3110]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 632s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-cIPFgF/SSSD-child-8250.output 632s + echo '-----BEGIN CERTIFICATE-----' 632s + tail -n1 /tmp/sssd-softhsm2-cIPFgF/SSSD-child-8250.output 632s + echo '-----END CERTIFICATE-----' 632s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-cIPFgF/SSSD-child-8250.pem 632s Certificate: 632s Data: 632s Version: 3 (0x2) 632s Serial Number: 3 (0x3) 632s Signature Algorithm: sha256WithRSAEncryption 632s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 632s Validity 632s Not Before: Mar 20 04:53:14 2024 GMT 632s Not After : Mar 20 04:53:14 2025 GMT 632s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 632s Subject Public Key Info: 632s Public Key Algorithm: rsaEncryption 632s Public-Key: (1024 bit) 632s Modulus: 632s 00:ce:43:fd:ee:07:59:56:7f:db:bd:eb:42:6c:d7: 632s 79:d9:66:54:8a:df:c1:58:42:2b:33:b7:a1:0a:f2: 632s 14:6b:97:eb:b9:a6:4a:ae:96:9e:d6:92:fb:de:e8: 632s 83:8d:72:6f:44:16:f5:c7:7c:36:02:87:d3:8c:fd: 632s 48:de:ad:29:75:6e:29:99:c2:3f:53:3c:87:80:06: 632s 70:98:ca:d2:4f:fa:61:1d:68:75:7e:0e:a8:a7:be: 632s cc:59:35:62:a0:88:42:30:05:8a:5b:a5:57:ab:27: 632s fe:59:25:ca:45:58:bd:ca:7d:39:b7:07:66:87:62: 632s 00:33:06:9b:a8:ab:68:75:c5 632s Exponent: 65537 (0x10001) 632s X509v3 extensions: 632s X509v3 Authority Key Identifier: 632s 5E:A0:08:E3:EC:3B:DD:71:C2:47:D0:3B:FF:D8:5A:91:A1:E6:7D:AD 632s X509v3 Basic Constraints: 632s CA:FALSE 632s Netscape Cert Type: 632s SSL Client, S/MIME 632s Netscape Comment: 632s Test Organization Root CA trusted Certificate 632s X509v3 Subject Key Identifier: 632s 4B:AB:3E:68:B4:AB:F1:8A:FF:B8:C4:D5:50:38:68:28:D5:14:CF:25 632s X509v3 Key Usage: critical 632s Digital Signature, Non Repudiation, Key Encipherment 632s X509v3 Extended Key Usage: 632s TLS Web Client Authentication, E-mail Protection 632s X509v3 Subject Alternative Name: 632s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 632s Signature Algorithm: sha256WithRSAEncryption 632s Signature Value: 632s 25:aa:28:5a:21:ee:40:85:31:d6:52:34:82:4a:bd:5d:a8:1d: 632s 9e:b3:1e:03:1b:ef:9e:a9:5a:ab:c1:a7:dd:b1:e3:a0:5f:1d: 632s 43:f0:46:69:49:04:d2:d0:50:f3:71:bb:37:d6:d8:8d:11:9e: 632s cd:ef:56:63:8d:da:ee:bc:d0:b8:d3:21:54:d1:18:c6:fb:0a: 632s 63:8f:ae:07:ca:7a:13:48:ff:97:dc:3f:6d:96:e3:fa:19:60: 632s ca:8c:7f:97:c1:e9:fa:3f:15:72:ce:37:83:59:8c:54:fe:b7: 632s 9e:49:ed:5c:a1:48:24:25:8e:62:ca:b9:3e:cd:58:41:5b:97: 632s d7:e0 632s + local found_md5 expected_md5 632s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-cIPFgF/test-root-CA-trusted-certificate-0001.pem 632s + expected_md5=Modulus=CE43FDEE0759567FDBBDEB426CD779D966548ADFC158422B33B7A10AF2146B97EBB9A64AAE969ED692FBDEE8838D726F4416F5C77C360287D38CFD48DEAD29756E2999C23F533C8780067098CAD24FFA611D68757E0EA8A7BECC593562A0884230058A5BA557AB27FE5925CA4558BDCA7D39B7076687620033069BA8AB6875C5 632s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-cIPFgF/SSSD-child-8250.pem 632s + found_md5=Modulus=CE43FDEE0759567FDBBDEB426CD779D966548ADFC158422B33B7A10AF2146B97EBB9A64AAE969ED692FBDEE8838D726F4416F5C77C360287D38CFD48DEAD29756E2999C23F533C8780067098CAD24FFA611D68757E0EA8A7BECC593562A0884230058A5BA557AB27FE5925CA4558BDCA7D39B7076687620033069BA8AB6875C5 632s + '[' Modulus=CE43FDEE0759567FDBBDEB426CD779D966548ADFC158422B33B7A10AF2146B97EBB9A64AAE969ED692FBDEE8838D726F4416F5C77C360287D38CFD48DEAD29756E2999C23F533C8780067098CAD24FFA611D68757E0EA8A7BECC593562A0884230058A5BA557AB27FE5925CA4558BDCA7D39B7076687620033069BA8AB6875C5 '!=' Modulus=CE43FDEE0759567FDBBDEB426CD779D966548ADFC158422B33B7A10AF2146B97EBB9A64AAE969ED692FBDEE8838D726F4416F5C77C360287D38CFD48DEAD29756E2999C23F533C8780067098CAD24FFA611D68757E0EA8A7BECC593562A0884230058A5BA557AB27FE5925CA4558BDCA7D39B7076687620033069BA8AB6875C5 ']' 632s + output_file=/tmp/sssd-softhsm2-cIPFgF/SSSD-child-8250-auth.output 632s ++ basename /tmp/sssd-softhsm2-cIPFgF/SSSD-child-8250-auth.output .output 632s + output_cert_file=/tmp/sssd-softhsm2-cIPFgF/SSSD-child-8250-auth.pem 632s + echo -n 053350 632s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-cIPFgF/test-full-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 '' --token_name 'Test Organization Root Tr Token' --module_name /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so 632s [p11_child[3118]] [main] (0x0400): p11_child started. 632s [p11_child[3118]] [main] (0x2000): Running in [auth] mode. 632s [p11_child[3118]] [main] (0x2000): Running with effective IDs: [0][0]. 632s [p11_child[3118]] [main] (0x2000): Running with real IDs [0][0]. 632s [p11_child[3118]] [do_card] (0x4000): Module List: 632s [p11_child[3118]] [do_card] (0x4000): common name: [softhsm2]. 632s [p11_child[3118]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 632s [p11_child[3118]] [do_card] (0x4000): Description [SoftHSM slot ID 0x35fd647f] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 632s [p11_child[3118]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 632s [p11_child[3118]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x35fd647f][905798783] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 632s [p11_child[3118]] [do_card] (0x4000): Login required. 632s [p11_child[3118]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 632s [p11_child[3118]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 632s [p11_child[3118]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so Test Organization Root Tr Token Test Organization Root Tr Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 632s [p11_child[3118]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x35fd647f;slot-manufacturer=SoftHSM%20project;slot-id=905798783;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=fb91280435fd647f;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 632s [p11_child[3118]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 632s [p11_child[3118]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 632s [p11_child[3118]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 632s [p11_child[3118]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 632s [p11_child[3118]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 632s [p11_child[3118]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 632s [p11_child[3118]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 632s [p11_child[3118]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 632s [p11_child[3118]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 632s [p11_child[3118]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 632s [p11_child[3118]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 632s [p11_child[3118]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 632s [p11_child[3118]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 632s [p11_child[3118]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 632s [p11_child[3118]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 632s [p11_child[3118]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 632s [p11_child[3118]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 632s [p11_child[3118]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 632s [p11_child[3118]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 632s [p11_child[3118]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 632s [p11_child[3118]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 632s [p11_child[3118]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 632s [p11_child[3118]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 632s [p11_child[3118]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 632s [p11_child[3118]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 632s [p11_child[3118]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 632s [p11_child[3118]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 632s [p11_child[3118]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 632s [p11_child[3118]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 632s [p11_child[3118]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 632s [p11_child[3118]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 632s [p11_child[3118]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 632s [p11_child[3118]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 632s [p11_child[3118]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 632s [p11_child[3118]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 632s [p11_child[3118]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 632s [p11_child[3118]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 632s [p11_child[3118]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 632s [p11_child[3118]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 632s [p11_child[3118]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 632s [p11_child[3118]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 632s [p11_child[3118]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 632s [p11_child[3118]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 632s [p11_child[3118]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 632s [p11_child[3118]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 632s [p11_child[3118]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 632s [p11_child[3118]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 632s [p11_child[3118]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 632s [p11_child[3118]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 632s [p11_child[3118]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 632s [p11_child[3118]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 632s [p11_child[3118]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 632s [p11_child[3118]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 632s [p11_child[3118]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 632s [p11_child[3118]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 632s [p11_child[3118]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 632s [p11_child[3118]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 632s [p11_child[3118]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 632s [p11_child[3118]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 632s [p11_child[3118]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 632s [p11_child[3118]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 632s [p11_child[3118]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 632s [p11_child[3118]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 632s [p11_child[3118]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 632s [p11_child[3118]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 632s [p11_child[3118]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 632s [p11_child[3118]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 632s [p11_child[3118]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 632s [p11_child[3118]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 632s [p11_child[3118]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 632s [p11_child[3118]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 632s [p11_child[3118]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 632s [p11_child[3118]] [do_card] (0x4000): Certificate verified and validated. 632s [p11_child[3118]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 632s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-cIPFgF/SSSD-child-8250-auth.output 632s + echo '-----BEGIN CERTIFICATE-----' 632s + tail -n1 /tmp/sssd-softhsm2-cIPFgF/SSSD-child-8250-auth.output 632s + echo '-----END CERTIFICATE-----' 632s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-cIPFgF/SSSD-child-8250-auth.pem 632s Certificate: 632s Data: 632s Version: 3 (0x2) 632s Serial Number: 3 (0x3) 632s Signature Algorithm: sha256WithRSAEncryption 632s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 632s Validity 632s Not Before: Mar 20 04:53:14 2024 GMT 632s Not After : Mar 20 04:53:14 2025 GMT 632s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 632s Subject Public Key Info: 632s Public Key Algorithm: rsaEncryption 632s Public-Key: (1024 bit) 632s Modulus: 632s 00:ce:43:fd:ee:07:59:56:7f:db:bd:eb:42:6c:d7: 632s 79:d9:66:54:8a:df:c1:58:42:2b:33:b7:a1:0a:f2: 632s 14:6b:97:eb:b9:a6:4a:ae:96:9e:d6:92:fb:de:e8: 632s 83:8d:72:6f:44:16:f5:c7:7c:36:02:87:d3:8c:fd: 632s 48:de:ad:29:75:6e:29:99:c2:3f:53:3c:87:80:06: 632s 70:98:ca:d2:4f:fa:61:1d:68:75:7e:0e:a8:a7:be: 632s cc:59:35:62:a0:88:42:30:05:8a:5b:a5:57:ab:27: 632s fe:59:25:ca:45:58:bd:ca:7d:39:b7:07:66:87:62: 632s 00:33:06:9b:a8:ab:68:75:c5 632s Exponent: 65537 (0x10001) 632s X509v3 extensions: 632s X509v3 Authority Key Identifier: 632s 5E:A0:08:E3:EC:3B:DD:71:C2:47:D0:3B:FF:D8:5A:91:A1:E6:7D:AD 632s X509v3 Basic Constraints: 632s CA:FALSE 632s Netscape Cert Type: 632s SSL Client, S/MIME 632s Netscape Comment: 632s Test Organization Root CA trusted Certificate 632s X509v3 Subject Key Identifier: 632s 4B:AB:3E:68:B4:AB:F1:8A:FF:B8:C4:D5:50:38:68:28:D5:14:CF:25 632s X509v3 Key Usage: critical 632s Digital Signature, Non Repudiation, Key Encipherment 632s X509v3 Extended Key Usage: 632s TLS Web Client Authentication, E-mail Protection 632s X509v3 Subject Alternative Name: 632s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 632s Signature Algorithm: sha256WithRSAEncryption 632s Signature Value: 632s 25:aa:28:5a:21:ee:40:85:31:d6:52:34:82:4a:bd:5d:a8:1d: 632s 9e:b3:1e:03:1b:ef:9e:a9:5a:ab:c1:a7:dd:b1:e3:a0:5f:1d: 632s 43:f0:46:69:49:04:d2:d0:50:f3:71:bb:37:d6:d8:8d:11:9e: 632s cd:ef:56:63:8d:da:ee:bc:d0:b8:d3:21:54:d1:18:c6:fb:0a: 632s 63:8f:ae:07:ca:7a:13:48:ff:97:dc:3f:6d:96:e3:fa:19:60: 632s ca:8c:7f:97:c1:e9:fa:3f:15:72:ce:37:83:59:8c:54:fe:b7: 632s 9e:49:ed:5c:a1:48:24:25:8e:62:ca:b9:3e:cd:58:41:5b:97: 632s d7:e0 632s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-cIPFgF/SSSD-child-8250-auth.pem 632s + found_md5=Modulus=CE43FDEE0759567FDBBDEB426CD779D966548ADFC158422B33B7A10AF2146B97EBB9A64AAE969ED692FBDEE8838D726F4416F5C77C360287D38CFD48DEAD29756E2999C23F533C8780067098CAD24FFA611D68757E0EA8A7BECC593562A0884230058A5BA557AB27FE5925CA4558BDCA7D39B7076687620033069BA8AB6875C5 632s + '[' Modulus=CE43FDEE0759567FDBBDEB426CD779D966548ADFC158422B33B7A10AF2146B97EBB9A64AAE969ED692FBDEE8838D726F4416F5C77C360287D38CFD48DEAD29756E2999C23F533C8780067098CAD24FFA611D68757E0EA8A7BECC593562A0884230058A5BA557AB27FE5925CA4558BDCA7D39B7076687620033069BA8AB6875C5 '!=' Modulus=CE43FDEE0759567FDBBDEB426CD779D966548ADFC158422B33B7A10AF2146B97EBB9A64AAE969ED692FBDEE8838D726F4416F5C77C360287D38CFD48DEAD29756E2999C23F533C8780067098CAD24FFA611D68757E0EA8A7BECC593562A0884230058A5BA557AB27FE5925CA4558BDCA7D39B7076687620033069BA8AB6875C5 ']' 632s + valid_certificate /tmp/sssd-softhsm2-cIPFgF/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-16430 /tmp/sssd-softhsm2-cIPFgF/test-full-chain-CA.pem partial_chain 632s + check_certificate /tmp/sssd-softhsm2-cIPFgF/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-16430 /tmp/sssd-softhsm2-cIPFgF/test-full-chain-CA.pem partial_chain 632s + local certificate=/tmp/sssd-softhsm2-cIPFgF/test-root-CA-trusted-certificate-0001.pem 632s + local key_pass=pass:random-root-ca-trusted-cert-0001-16430 632s + local key_ring=/tmp/sssd-softhsm2-cIPFgF/test-full-chain-CA.pem 632s + local verify_option=partial_chain 632s + prepare_softhsm2_card /tmp/sssd-softhsm2-cIPFgF/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-16430 632s + local certificate=/tmp/sssd-softhsm2-cIPFgF/test-root-CA-trusted-certificate-0001.pem 632s + local key_pass=pass:random-root-ca-trusted-cert-0001-16430 632s + local key_cn 632s + local key_name 632s + local tokens_dir 632s + local output_cert_file 632s + token_name= 632s ++ basename /tmp/sssd-softhsm2-cIPFgF/test-root-CA-trusted-certificate-0001.pem .pem 632s + key_name=test-root-CA-trusted-certificate-0001 632s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-cIPFgF/test-root-CA-trusted-certificate-0001.pem 632s ++ sed -n 's/ *commonName *= //p' 633s + key_cn='Test Organization Root Trusted Certificate 0001' 633s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 633s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-cIPFgF/softhsm2-test-root-CA-trusted-certificate-0001.conf 633s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-cIPFgF/softhsm2-test-root-CA-trusted-certificate-0001.conf 633s ++ basename /tmp/sssd-softhsm2-cIPFgF/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 633s + tokens_dir=/tmp/sssd-softhsm2-cIPFgF/softhsm2-test-root-CA-trusted-certificate-0001 633s + token_name='Test Organization Root Tr Token' 633s + '[' '!' -e /tmp/sssd-softhsm2-cIPFgF/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 633s Test Organization Root Tr Token 633s + '[' '!' -d /tmp/sssd-softhsm2-cIPFgF/softhsm2-test-root-CA-trusted-certificate-0001 ']' 633s + echo 'Test Organization Root Tr Token' 633s + '[' -n partial_chain ']' 633s + local verify_arg=--verify=partial_chain 633s + local output_base_name=SSSD-child-16948 633s + local output_file=/tmp/sssd-softhsm2-cIPFgF/SSSD-child-16948.output 633s + output_cert_file=/tmp/sssd-softhsm2-cIPFgF/SSSD-child-16948.pem 633s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-cIPFgF/test-full-chain-CA.pem 633s [p11_child[3128]] [main] (0x0400): p11_child started. 633s [p11_child[3128]] [main] (0x2000): Running in [pre-auth] mode. 633s [p11_child[3128]] [main] (0x2000): Running with effective IDs: [0][0]. 633s [p11_child[3128]] [main] (0x2000): Running with real IDs [0][0]. 633s [p11_child[3128]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 633s [p11_child[3128]] [do_card] (0x4000): Module List: 633s [p11_child[3128]] [do_card] (0x4000): common name: [softhsm2]. 633s [p11_child[3128]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 633s [p11_child[3128]] [do_card] (0x4000): Description [SoftHSM slot ID 0x35fd647f] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 633s [p11_child[3128]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 633s [p11_child[3128]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x35fd647f][905798783] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 633s [p11_child[3128]] [do_card] (0x4000): Login NOT required. 633s [p11_child[3128]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 633s [p11_child[3128]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 633s [p11_child[3128]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Root Tr Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 633s [p11_child[3128]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x35fd647f;slot-manufacturer=SoftHSM%20project;slot-id=905798783;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=fb91280435fd647f;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 633s [p11_child[3128]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 633s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-cIPFgF/SSSD-child-16948.output 633s + echo '-----BEGIN CERTIFICATE-----' 633s + tail -n1 /tmp/sssd-softhsm2-cIPFgF/SSSD-child-16948.output 633s + echo '-----END CERTIFICATE-----' 633s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-cIPFgF/SSSD-child-16948.pem 633s Certificate: 633s Data: 633s Version: 3 (0x2) 633s Serial Number: 3 (0x3) 633s Signature Algorithm: sha256WithRSAEncryption 633s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 633s Validity 633s Not Before: Mar 20 04:53:14 2024 GMT 633s Not After : Mar 20 04:53:14 2025 GMT 633s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 633s Subject Public Key Info: 633s Public Key Algorithm: rsaEncryption 633s Public-Key: (1024 bit) 633s Modulus: 633s 00:ce:43:fd:ee:07:59:56:7f:db:bd:eb:42:6c:d7: 633s 79:d9:66:54:8a:df:c1:58:42:2b:33:b7:a1:0a:f2: 633s 14:6b:97:eb:b9:a6:4a:ae:96:9e:d6:92:fb:de:e8: 633s 83:8d:72:6f:44:16:f5:c7:7c:36:02:87:d3:8c:fd: 633s 48:de:ad:29:75:6e:29:99:c2:3f:53:3c:87:80:06: 633s 70:98:ca:d2:4f:fa:61:1d:68:75:7e:0e:a8:a7:be: 633s cc:59:35:62:a0:88:42:30:05:8a:5b:a5:57:ab:27: 633s fe:59:25:ca:45:58:bd:ca:7d:39:b7:07:66:87:62: 633s 00:33:06:9b:a8:ab:68:75:c5 633s Exponent: 65537 (0x10001) 633s X509v3 extensions: 633s X509v3 Authority Key Identifier: 633s 5E:A0:08:E3:EC:3B:DD:71:C2:47:D0:3B:FF:D8:5A:91:A1:E6:7D:AD 633s X509v3 Basic Constraints: 633s CA:FALSE 633s Netscape Cert Type: 633s SSL Client, S/MIME 633s Netscape Comment: 633s Test Organization Root CA trusted Certificate 633s X509v3 Subject Key Identifier: 633s 4B:AB:3E:68:B4:AB:F1:8A:FF:B8:C4:D5:50:38:68:28:D5:14:CF:25 633s X509v3 Key Usage: critical 633s Digital Signature, Non Repudiation, Key Encipherment 633s X509v3 Extended Key Usage: 633s TLS Web Client Authentication, E-mail Protection 633s X509v3 Subject Alternative Name: 633s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 633s Signature Algorithm: sha256WithRSAEncryption 633s Signature Value: 633s 25:aa:28:5a:21:ee:40:85:31:d6:52:34:82:4a:bd:5d:a8:1d: 633s 9e:b3:1e:03:1b:ef:9e:a9:5a:ab:c1:a7:dd:b1:e3:a0:5f:1d: 633s 43:f0:46:69:49:04:d2:d0:50:f3:71:bb:37:d6:d8:8d:11:9e: 633s cd:ef:56:63:8d:da:ee:bc:d0:b8:d3:21:54:d1:18:c6:fb:0a: 633s 63:8f:ae:07:ca:7a:13:48:ff:97:dc:3f:6d:96:e3:fa:19:60: 633s ca:8c:7f:97:c1:e9:fa:3f:15:72:ce:37:83:59:8c:54:fe:b7: 633s 9e:49:ed:5c:a1:48:24:25:8e:62:ca:b9:3e:cd:58:41:5b:97: 633s d7:e0 633s + local found_md5 expected_md5 633s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-cIPFgF/test-root-CA-trusted-certificate-0001.pem 633s + expected_md5=Modulus=CE43FDEE0759567FDBBDEB426CD779D966548ADFC158422B33B7A10AF2146B97EBB9A64AAE969ED692FBDEE8838D726F4416F5C77C360287D38CFD48DEAD29756E2999C23F533C8780067098CAD24FFA611D68757E0EA8A7BECC593562A0884230058A5BA557AB27FE5925CA4558BDCA7D39B7076687620033069BA8AB6875C5 633s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-cIPFgF/SSSD-child-16948.pem 633s + found_md5=Modulus=CE43FDEE0759567FDBBDEB426CD779D966548ADFC158422B33B7A10AF2146B97EBB9A64AAE969ED692FBDEE8838D726F4416F5C77C360287D38CFD48DEAD29756E2999C23F533C8780067098CAD24FFA611D68757E0EA8A7BECC593562A0884230058A5BA557AB27FE5925CA4558BDCA7D39B7076687620033069BA8AB6875C5 633s + '[' Modulus=CE43FDEE0759567FDBBDEB426CD779D966548ADFC158422B33B7A10AF2146B97EBB9A64AAE969ED692FBDEE8838D726F4416F5C77C360287D38CFD48DEAD29756E2999C23F533C8780067098CAD24FFA611D68757E0EA8A7BECC593562A0884230058A5BA557AB27FE5925CA4558BDCA7D39B7076687620033069BA8AB6875C5 '!=' Modulus=CE43FDEE0759567FDBBDEB426CD779D966548ADFC158422B33B7A10AF2146B97EBB9A64AAE969ED692FBDEE8838D726F4416F5C77C360287D38CFD48DEAD29756E2999C23F533C8780067098CAD24FFA611D68757E0EA8A7BECC593562A0884230058A5BA557AB27FE5925CA4558BDCA7D39B7076687620033069BA8AB6875C5 ']' 633s + output_file=/tmp/sssd-softhsm2-cIPFgF/SSSD-child-16948-auth.output 633s ++ basename /tmp/sssd-softhsm2-cIPFgF/SSSD-child-16948-auth.output .output 633s + output_cert_file=/tmp/sssd-softhsm2-cIPFgF/SSSD-child-16948-auth.pem 633s + echo -n 053350 633s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-cIPFgF/test-full-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Root Tr Token' --module_name /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so 633s [p11_child[3136]] [main] (0x0400): p11_child started. 633s [p11_child[3136]] [main] (0x2000): Running in [auth] mode. 633s [p11_child[3136]] [main] (0x2000): Running with effective IDs: [0][0]. 633s [p11_child[3136]] [main] (0x2000): Running with real IDs [0][0]. 633s [p11_child[3136]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 633s [p11_child[3136]] [do_card] (0x4000): Module List: 633s [p11_child[3136]] [do_card] (0x4000): common name: [softhsm2]. 633s [p11_child[3136]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 633s [p11_child[3136]] [do_card] (0x4000): Description [SoftHSM slot ID 0x35fd647f] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 633s [p11_child[3136]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 633s [p11_child[3136]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x35fd647f][905798783] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 633s [p11_child[3136]] [do_card] (0x4000): Login required. 633s [p11_child[3136]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 633s [p11_child[3136]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 633s [p11_child[3136]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so Test Organization Root Tr Token Test Organization Root Tr Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 633s [p11_child[3136]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x35fd647f;slot-manufacturer=SoftHSM%20project;slot-id=905798783;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=fb91280435fd647f;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 633s [p11_child[3136]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 633s [p11_child[3136]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 633s [p11_child[3136]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 633s [p11_child[3136]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 633s [p11_child[3136]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 633s [p11_child[3136]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 633s [p11_child[3136]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 633s [p11_child[3136]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 633s [p11_child[3136]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 633s [p11_child[3136]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 633s [p11_child[3136]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 633s [p11_child[3136]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 633s [p11_child[3136]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 633s [p11_child[3136]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 633s [p11_child[3136]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 633s [p11_child[3136]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 633s [p11_child[3136]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 633s [p11_child[3136]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 633s [p11_child[3136]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 633s [p11_child[3136]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 633s [p11_child[3136]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 633s [p11_child[3136]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 633s [p11_child[3136]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 633s [p11_child[3136]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 633s [p11_child[3136]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 633s [p11_child[3136]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 633s [p11_child[3136]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 633s [p11_child[3136]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 633s [p11_child[3136]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 633s [p11_child[3136]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 633s [p11_child[3136]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 633s [p11_child[3136]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 633s [p11_child[3136]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 633s [p11_child[3136]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 633s [p11_child[3136]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 633s [p11_child[3136]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 633s [p11_child[3136]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 633s [p11_child[3136]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 633s [p11_child[3136]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 633s [p11_child[3136]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 633s [p11_child[3136]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 633s [p11_child[3136]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 633s [p11_child[3136]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 633s [p11_child[3136]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 633s [p11_child[3136]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 633s [p11_child[3136]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 633s [p11_child[3136]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 633s [p11_child[3136]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 633s [p11_child[3136]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 633s [p11_child[3136]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 633s [p11_child[3136]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 633s [p11_child[3136]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 633s [p11_child[3136]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 633s [p11_child[3136]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 633s [p11_child[3136]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 633s [p11_child[3136]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 633s [p11_child[3136]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 633s [p11_child[3136]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 633s [p11_child[3136]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 633s [p11_child[3136]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 633s [p11_child[3136]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 633s [p11_child[3136]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 633s [p11_child[3136]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 633s [p11_child[3136]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 633s [p11_child[3136]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 633s [p11_child[3136]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 633s [p11_child[3136]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 633s [p11_child[3136]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 633s [p11_child[3136]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 633s [p11_child[3136]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 633s [p11_child[3136]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 633s [p11_child[3136]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 633s [p11_child[3136]] [do_card] (0x4000): Certificate verified and validated. 633s [p11_child[3136]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 633s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-cIPFgF/SSSD-child-16948-auth.output 633s + echo '-----BEGIN CERTIFICATE-----' 633s + tail -n1 /tmp/sssd-softhsm2-cIPFgF/SSSD-child-16948-auth.output 633s + echo '-----END CERTIFICATE-----' 633s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-cIPFgF/SSSD-child-16948-auth.pem 633s Certificate: 633s Data: 633s Version: 3 (0x2) 633s Serial Number: 3 (0x3) 633s Signature Algorithm: sha256WithRSAEncryption 633s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 633s Validity 633s Not Before: Mar 20 04:53:14 2024 GMT 633s Not After : Mar 20 04:53:14 2025 GMT 633s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 633s Subject Public Key Info: 633s Public Key Algorithm: rsaEncryption 633s Public-Key: (1024 bit) 633s Modulus: 633s 00:ce:43:fd:ee:07:59:56:7f:db:bd:eb:42:6c:d7: 633s 79:d9:66:54:8a:df:c1:58:42:2b:33:b7:a1:0a:f2: 633s 14:6b:97:eb:b9:a6:4a:ae:96:9e:d6:92:fb:de:e8: 633s 83:8d:72:6f:44:16:f5:c7:7c:36:02:87:d3:8c:fd: 633s 48:de:ad:29:75:6e:29:99:c2:3f:53:3c:87:80:06: 633s 70:98:ca:d2:4f:fa:61:1d:68:75:7e:0e:a8:a7:be: 633s cc:59:35:62:a0:88:42:30:05:8a:5b:a5:57:ab:27: 633s fe:59:25:ca:45:58:bd:ca:7d:39:b7:07:66:87:62: 633s 00:33:06:9b:a8:ab:68:75:c5 633s Exponent: 65537 (0x10001) 633s X509v3 extensions: 633s X509v3 Authority Key Identifier: 633s 5E:A0:08:E3:EC:3B:DD:71:C2:47:D0:3B:FF:D8:5A:91:A1:E6:7D:AD 633s X509v3 Basic Constraints: 633s CA:FALSE 633s Netscape Cert Type: 633s SSL Client, S/MIME 633s Netscape Comment: 633s Test Organization Root CA trusted Certificate 633s X509v3 Subject Key Identifier: 633s 4B:AB:3E:68:B4:AB:F1:8A:FF:B8:C4:D5:50:38:68:28:D5:14:CF:25 633s X509v3 Key Usage: critical 633s Digital Signature, Non Repudiation, Key Encipherment 633s X509v3 Extended Key Usage: 633s TLS Web Client Authentication, E-mail Protection 633s X509v3 Subject Alternative Name: 633s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 633s Signature Algorithm: sha256WithRSAEncryption 633s Signature Value: 633s 25:aa:28:5a:21:ee:40:85:31:d6:52:34:82:4a:bd:5d:a8:1d: 633s 9e:b3:1e:03:1b:ef:9e:a9:5a:ab:c1:a7:dd:b1:e3:a0:5f:1d: 633s 43:f0:46:69:49:04:d2:d0:50:f3:71:bb:37:d6:d8:8d:11:9e: 633s cd:ef:56:63:8d:da:ee:bc:d0:b8:d3:21:54:d1:18:c6:fb:0a: 633s 63:8f:ae:07:ca:7a:13:48:ff:97:dc:3f:6d:96:e3:fa:19:60: 633s ca:8c:7f:97:c1:e9:fa:3f:15:72:ce:37:83:59:8c:54:fe:b7: 633s 9e:49:ed:5c:a1:48:24:25:8e:62:ca:b9:3e:cd:58:41:5b:97: 633s d7:e0 633s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-cIPFgF/SSSD-child-16948-auth.pem 633s + found_md5=Modulus=CE43FDEE0759567FDBBDEB426CD779D966548ADFC158422B33B7A10AF2146B97EBB9A64AAE969ED692FBDEE8838D726F4416F5C77C360287D38CFD48DEAD29756E2999C23F533C8780067098CAD24FFA611D68757E0EA8A7BECC593562A0884230058A5BA557AB27FE5925CA4558BDCA7D39B7076687620033069BA8AB6875C5 633s + '[' Modulus=CE43FDEE0759567FDBBDEB426CD779D966548ADFC158422B33B7A10AF2146B97EBB9A64AAE969ED692FBDEE8838D726F4416F5C77C360287D38CFD48DEAD29756E2999C23F533C8780067098CAD24FFA611D68757E0EA8A7BECC593562A0884230058A5BA557AB27FE5925CA4558BDCA7D39B7076687620033069BA8AB6875C5 '!=' Modulus=CE43FDEE0759567FDBBDEB426CD779D966548ADFC158422B33B7A10AF2146B97EBB9A64AAE969ED692FBDEE8838D726F4416F5C77C360287D38CFD48DEAD29756E2999C23F533C8780067098CAD24FFA611D68757E0EA8A7BECC593562A0884230058A5BA557AB27FE5925CA4558BDCA7D39B7076687620033069BA8AB6875C5 ']' 633s + invalid_certificate /tmp/sssd-softhsm2-cIPFgF/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-16430 /tmp/sssd-softhsm2-cIPFgF/test-intermediate-CA.pem 633s + check_certificate /tmp/sssd-softhsm2-cIPFgF/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-16430 /tmp/sssd-softhsm2-cIPFgF/test-intermediate-CA.pem 633s + local certificate=/tmp/sssd-softhsm2-cIPFgF/test-root-CA-trusted-certificate-0001.pem 633s + local key_pass=pass:random-root-ca-trusted-cert-0001-16430 633s + local key_ring=/tmp/sssd-softhsm2-cIPFgF/test-intermediate-CA.pem 633s + local verify_option= 633s + prepare_softhsm2_card /tmp/sssd-softhsm2-cIPFgF/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-16430 633s + local certificate=/tmp/sssd-softhsm2-cIPFgF/test-root-CA-trusted-certificate-0001.pem 633s + local key_pass=pass:random-root-ca-trusted-cert-0001-16430 633s + local key_cn 633s + local key_name 633s + local tokens_dir 633s + local output_cert_file 633s + token_name= 633s ++ basename /tmp/sssd-softhsm2-cIPFgF/test-root-CA-trusted-certificate-0001.pem .pem 633s + key_name=test-root-CA-trusted-certificate-0001 633s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-cIPFgF/test-root-CA-trusted-certificate-0001.pem 633s ++ sed -n 's/ *commonName *= //p' 633s + key_cn='Test Organization Root Trusted Certificate 0001' 633s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 633s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-cIPFgF/softhsm2-test-root-CA-trusted-certificate-0001.conf 633s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-cIPFgF/softhsm2-test-root-CA-trusted-certificate-0001.conf 633s ++ basename /tmp/sssd-softhsm2-cIPFgF/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 633s + tokens_dir=/tmp/sssd-softhsm2-cIPFgF/softhsm2-test-root-CA-trusted-certificate-0001 633s + token_name='Test Organization Root Tr Token' 633s + '[' '!' -e /tmp/sssd-softhsm2-cIPFgF/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 633s + '[' '!' -d /tmp/sssd-softhsm2-cIPFgF/softhsm2-test-root-CA-trusted-certificate-0001 ']' 633s + echo 'Test Organization Root Tr Token' 633s Test Organization Root Tr Token 633s + '[' -n '' ']' 633s + local output_base_name=SSSD-child-24749 633s + local output_file=/tmp/sssd-softhsm2-cIPFgF/SSSD-child-24749.output 633s + output_cert_file=/tmp/sssd-softhsm2-cIPFgF/SSSD-child-24749.pem 633s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-cIPFgF/test-intermediate-CA.pem 633s [p11_child[3146]] [main] (0x0400): p11_child started. 633s [p11_child[3146]] [main] (0x2000): Running in [pre-auth] mode. 633s [p11_child[3146]] [main] (0x2000): Running with effective IDs: [0][0]. 633s [p11_child[3146]] [main] (0x2000): Running with real IDs [0][0]. 633s [p11_child[3146]] [do_card] (0x4000): Module List: 633s [p11_child[3146]] [do_card] (0x4000): common name: [softhsm2]. 633s [p11_child[3146]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 633s [p11_child[3146]] [do_card] (0x4000): Description [SoftHSM slot ID 0x35fd647f] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 633s [p11_child[3146]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 633s [p11_child[3146]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x35fd647f][905798783] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 633s [p11_child[3146]] [do_card] (0x4000): Login NOT required. 633s [p11_child[3146]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 633s [p11_child[3146]] [do_verification] (0x0040): X509_verify_cert failed [0]. 633s [p11_child[3146]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 633s [p11_child[3146]] [read_certs] (0x0040): Certificate [Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] not valid, skipping. 633s [p11_child[3146]] [do_card] (0x4000): No certificate found. 633s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-cIPFgF/SSSD-child-24749.output 633s + return 2 633s + invalid_certificate /tmp/sssd-softhsm2-cIPFgF/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-16430 /tmp/sssd-softhsm2-cIPFgF/test-intermediate-CA.pem partial_chain 634s + check_certificate /tmp/sssd-softhsm2-cIPFgF/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-16430 /tmp/sssd-softhsm2-cIPFgF/test-intermediate-CA.pem partial_chain 634s + local certificate=/tmp/sssd-softhsm2-cIPFgF/test-root-CA-trusted-certificate-0001.pem 634s + local key_pass=pass:random-root-ca-trusted-cert-0001-16430 634s + local key_ring=/tmp/sssd-softhsm2-cIPFgF/test-intermediate-CA.pem 634s + local verify_option=partial_chain 634s + prepare_softhsm2_card /tmp/sssd-softhsm2-cIPFgF/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-16430 634s + local certificate=/tmp/sssd-softhsm2-cIPFgF/test-root-CA-trusted-certificate-0001.pem 634s + local key_pass=pass:random-root-ca-trusted-cert-0001-16430 634s + local key_cn 634s + local key_name 634s + local tokens_dir 634s + local output_cert_file 634s + token_name= 634s ++ basename /tmp/sssd-softhsm2-cIPFgF/test-root-CA-trusted-certificate-0001.pem .pem 634s + key_name=test-root-CA-trusted-certificate-0001 634s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-cIPFgF/test-root-CA-trusted-certificate-0001.pem 634s ++ sed -n 's/ *commonName *= //p' 634s + key_cn='Test Organization Root Trusted Certificate 0001' 634s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 634s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-cIPFgF/softhsm2-test-root-CA-trusted-certificate-0001.conf 634s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-cIPFgF/softhsm2-test-root-CA-trusted-certificate-0001.conf 634s ++ basename /tmp/sssd-softhsm2-cIPFgF/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 634s + tokens_dir=/tmp/sssd-softhsm2-cIPFgF/softhsm2-test-root-CA-trusted-certificate-0001 634s + token_name='Test Organization Root Tr Token' 634s Test Organization Root Tr Token 634s + '[' '!' -e /tmp/sssd-softhsm2-cIPFgF/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 634s + '[' '!' -d /tmp/sssd-softhsm2-cIPFgF/softhsm2-test-root-CA-trusted-certificate-0001 ']' 634s + echo 'Test Organization Root Tr Token' 634s + '[' -n partial_chain ']' 634s + local verify_arg=--verify=partial_chain 634s + local output_base_name=SSSD-child-30969 634s + local output_file=/tmp/sssd-softhsm2-cIPFgF/SSSD-child-30969.output 634s + output_cert_file=/tmp/sssd-softhsm2-cIPFgF/SSSD-child-30969.pem 634s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-cIPFgF/test-intermediate-CA.pem 634s [p11_child[3153]] [main] (0x0400): p11_child started. 634s [p11_child[3153]] [main] (0x2000): Running in [pre-auth] mode. 634s [p11_child[3153]] [main] (0x2000): Running with effective IDs: [0][0]. 634s [p11_child[3153]] [main] (0x2000): Running with real IDs [0][0]. 634s [p11_child[3153]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 634s [p11_child[3153]] [do_card] (0x4000): Module List: 634s [p11_child[3153]] [do_card] (0x4000): common name: [softhsm2]. 634s [p11_child[3153]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 634s [p11_child[3153]] [do_card] (0x4000): Description [SoftHSM slot ID 0x35fd647f] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 634s [p11_child[3153]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 634s [p11_child[3153]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x35fd647f][905798783] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 634s [p11_child[3153]] [do_card] (0x4000): Login NOT required. 634s [p11_child[3153]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 634s [p11_child[3153]] [do_verification] (0x0040): X509_verify_cert failed [0]. 634s [p11_child[3153]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 634s [p11_child[3153]] [read_certs] (0x0040): Certificate [Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] not valid, skipping. 634s [p11_child[3153]] [do_card] (0x4000): No certificate found. 634s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-cIPFgF/SSSD-child-30969.output 634s + return 2 634s + invalid_certificate /tmp/sssd-softhsm2-cIPFgF/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-17101 /dev/null 634s + check_certificate /tmp/sssd-softhsm2-cIPFgF/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-17101 /dev/null 634s + local certificate=/tmp/sssd-softhsm2-cIPFgF/test-intermediate-CA-trusted-certificate-0001.pem 634s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-17101 634s + local key_ring=/dev/null 634s + local verify_option= 634s + prepare_softhsm2_card /tmp/sssd-softhsm2-cIPFgF/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-17101 634s + local certificate=/tmp/sssd-softhsm2-cIPFgF/test-intermediate-CA-trusted-certificate-0001.pem 634s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-17101 634s + local key_cn 634s + local key_name 634s + local tokens_dir 634s + local output_cert_file 634s + token_name= 634s ++ basename /tmp/sssd-softhsm2-cIPFgF/test-intermediate-CA-trusted-certificate-0001.pem .pem 634s + key_name=test-intermediate-CA-trusted-certificate-0001 634s ++ sed -n 's/ *commonName *= //p' 634s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-cIPFgF/test-intermediate-CA-trusted-certificate-0001.pem 634s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 634s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 634s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-cIPFgF/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 634s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-cIPFgF/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 634s ++ basename /tmp/sssd-softhsm2-cIPFgF/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 634s + tokens_dir=/tmp/sssd-softhsm2-cIPFgF/softhsm2-test-intermediate-CA-trusted-certificate-0001 634s + token_name='Test Organization Interme Token' 634s + '[' '!' -e /tmp/sssd-softhsm2-cIPFgF/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 634s + local key_file 634s + local decrypted_key 634s + mkdir -p /tmp/sssd-softhsm2-cIPFgF/softhsm2-test-intermediate-CA-trusted-certificate-0001 634s + key_file=/tmp/sssd-softhsm2-cIPFgF/test-intermediate-CA-trusted-certificate-0001-key.pem 634s + decrypted_key=/tmp/sssd-softhsm2-cIPFgF/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 634s + cat 634s + softhsm2-util --init-token --label 'Test Organization Interme Token' --pin 053350 --so-pin 053350 --free 634s Slot 0 has a free/uninitialized token. 634s The token has been initialized and is reassigned to slot 1038845357 634s + softhsm2-util --show-slots 634s Available slots: 634s Slot 1038845357 634s Slot info: 634s Description: SoftHSM slot ID 0x3deb85ad 634s Manufacturer ID: SoftHSM project 634s Hardware version: 2.6 634s Firmware version: 2.6 634s Token present: yes 634s Token info: 634s Manufacturer ID: SoftHSM project 634s Model: SoftHSM v2 634s Hardware version: 2.6 634s Firmware version: 2.6 634s Serial number: ffe6f8193deb85ad 634s Initialized: yes 634s User PIN init.: yes 634s Label: Test Organization Interme Token 634s Slot 1 634s Slot info: 634s Description: SoftHSM slot ID 0x1 634s Manufacturer ID: SoftHSM project 634s Hardware version: 2.6 634s Firmware version: 2.6 634s Token present: yes 634s Token info: 634s Manufacturer ID: SoftHSM project 634s Model: SoftHSM v2 634s Hardware version: 2.6 634s Firmware version: 2.6 634s Serial number: 634s Initialized: no 634s User PIN init.: no 634s Label: 634s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=/tmp/sssd-softhsm2-cIPFgF/test-intermediate-CA-trusted-certificate-0001.pem --login --set-pin=053350 --label 'Test Organization Intermediate Trusted Certificate 0001' --id 00112233445566778899FFAABBCCDDEEFF012345 634s + openssl rsa -passin pass:random-intermediate-ca-trusted-cert-0001-17101 -in /tmp/sssd-softhsm2-cIPFgF/test-intermediate-CA-trusted-certificate-0001-key.pem -out /tmp/sssd-softhsm2-cIPFgF/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 634s writing RSA key 634s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --write --load-privkey=/tmp/sssd-softhsm2-cIPFgF/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem --login --set-pin=053350 --label 'Test Organization Intermediate Trusted Certificate 0001 Key' --id 00112233445566778899FFAABBCCDDEEFF012345 634s + rm /tmp/sssd-softhsm2-cIPFgF/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 634s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --list-all 634s Object 0: 634s URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=ffe6f8193deb85ad;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert 634s Type: X.509 Certificate (RSA-1024) 634s Expires: Thu Mar 20 04:53:15 2025 634s Label: Test Organization Intermediate Trusted Certificate 0001 634s ID: 00:11:22:33:44:55:66:77:88:99:ff:aa:bb:cc:dd:ee:ff:01:23:45 634s 634s Test Organization Interme Token 634s + echo 'Test Organization Interme Token' 634s + '[' -n '' ']' 634s + local output_base_name=SSSD-child-5450 634s + local output_file=/tmp/sssd-softhsm2-cIPFgF/SSSD-child-5450.output 634s + output_cert_file=/tmp/sssd-softhsm2-cIPFgF/SSSD-child-5450.pem 634s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/dev/null 634s [p11_child[3169]] [main] (0x0400): p11_child started. 634s [p11_child[3169]] [main] (0x2000): Running in [pre-auth] mode. 634s [p11_child[3169]] [main] (0x2000): Running with effective IDs: [0][0]. 634s [p11_child[3169]] [main] (0x2000): Running with real IDs [0][0]. 634s [p11_child[3169]] [init_verification] (0x0040): X509_LOOKUP_load_file [/dev/null] failed [92274824][error:05800088:x509 certificate routines::no certificate or crl found]. 634s [p11_child[3169]] [do_work] (0x0040): init_verification failed. 634s [p11_child[3169]] [main] (0x0020): p11_child failed (5) 634s + return 2 634s + valid_certificate /tmp/sssd-softhsm2-cIPFgF/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-17101 /dev/null no_verification 634s + check_certificate /tmp/sssd-softhsm2-cIPFgF/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-17101 /dev/null no_verification 634s + local certificate=/tmp/sssd-softhsm2-cIPFgF/test-intermediate-CA-trusted-certificate-0001.pem 634s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-17101 634s + local key_ring=/dev/null 634s + local verify_option=no_verification 634s + prepare_softhsm2_card /tmp/sssd-softhsm2-cIPFgF/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-17101 634s + local certificate=/tmp/sssd-softhsm2-cIPFgF/test-intermediate-CA-trusted-certificate-0001.pem 634s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-17101 634s + local key_cn 634s + local key_name 634s + local tokens_dir 634s + local output_cert_file 634s + token_name= 634s ++ basename /tmp/sssd-softhsm2-cIPFgF/test-intermediate-CA-trusted-certificate-0001.pem .pem 634s + key_name=test-intermediate-CA-trusted-certificate-0001 634s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-cIPFgF/test-intermediate-CA-trusted-certificate-0001.pem 634s ++ sed -n 's/ *commonName *= //p' 634s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 634s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 634s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-cIPFgF/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 634s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-cIPFgF/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 634s ++ basename /tmp/sssd-softhsm2-cIPFgF/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 634s + tokens_dir=/tmp/sssd-softhsm2-cIPFgF/softhsm2-test-intermediate-CA-trusted-certificate-0001 634s + token_name='Test Organization Interme Token' 634s + '[' '!' -e /tmp/sssd-softhsm2-cIPFgF/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 634s + '[' '!' -d /tmp/sssd-softhsm2-cIPFgF/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 634s + echo 'Test Organization Interme Token' 634s Test Organization Interme Token 634s + '[' -n no_verification ']' 634s + local verify_arg=--verify=no_verification 634s + local output_base_name=SSSD-child-156 634s + local output_file=/tmp/sssd-softhsm2-cIPFgF/SSSD-child-156.output 634s + output_cert_file=/tmp/sssd-softhsm2-cIPFgF/SSSD-child-156.pem 634s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --verify=no_verification --ca_db=/dev/null 634s [p11_child[3175]] [main] (0x0400): p11_child started. 634s [p11_child[3175]] [main] (0x2000): Running in [pre-auth] mode. 634s [p11_child[3175]] [main] (0x2000): Running with effective IDs: [0][0]. 634s [p11_child[3175]] [main] (0x2000): Running with real IDs [0][0]. 634s [p11_child[3175]] [parse_cert_verify_opts] (0x0020): Found 'no_verification' option, disabling verification completely. This should not be used in production. 634s [p11_child[3175]] [do_card] (0x4000): Module List: 634s [p11_child[3175]] [do_card] (0x4000): common name: [softhsm2]. 634s [p11_child[3175]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 634s [p11_child[3175]] [do_card] (0x4000): Description [SoftHSM slot ID 0x3deb85ad] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 634s [p11_child[3175]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 634s [p11_child[3175]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x3deb85ad][1038845357] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 634s [p11_child[3175]] [do_card] (0x4000): Login NOT required. 634s [p11_child[3175]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 634s [p11_child[3175]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Interme Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 634s [p11_child[3175]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x3deb85ad;slot-manufacturer=SoftHSM%20project;slot-id=1038845357;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=ffe6f8193deb85ad;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 634s [p11_child[3175]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 634s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-cIPFgF/SSSD-child-156.output 634s + echo '-----BEGIN CERTIFICATE-----' 634s + tail -n1 /tmp/sssd-softhsm2-cIPFgF/SSSD-child-156.output 634s + echo '-----END CERTIFICATE-----' 634s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-cIPFgF/SSSD-child-156.pem 634s Certificate: 634s Data: 634s Version: 3 (0x2) 634s Serial Number: 4 (0x4) 634s Signature Algorithm: sha256WithRSAEncryption 634s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 634s Validity 634s Not Before: Mar 20 04:53:15 2024 GMT 634s Not After : Mar 20 04:53:15 2025 GMT 634s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 634s Subject Public Key Info: 634s Public Key Algorithm: rsaEncryption 634s Public-Key: (1024 bit) 634s Modulus: 634s 00:c3:6a:ba:7c:81:f6:63:c2:2c:89:e8:6e:03:2e: 634s 4d:6c:3c:62:b8:3c:6a:15:f2:73:0f:23:46:77:c3: 634s 5f:54:51:1a:5c:f8:cb:e9:7d:27:6c:1d:fb:51:0f: 634s d7:72:d9:70:86:0d:20:73:5e:c8:c0:57:a6:d8:e6: 634s fa:e9:21:24:73:e5:da:1a:2f:64:2d:0e:91:b6:ad: 634s 37:04:b2:c6:5e:ee:1f:b9:d1:e5:80:8f:63:b3:2f: 634s 53:5b:ae:e3:1b:33:cf:ab:d4:92:43:17:c1:bf:a2: 634s f6:5c:ad:2c:ff:c6:c6:fa:72:d7:21:c4:bf:80:3b: 634s 12:46:c6:8d:a7:26:c5:7f:87 634s Exponent: 65537 (0x10001) 634s X509v3 extensions: 634s X509v3 Authority Key Identifier: 634s ED:55:53:47:97:65:60:11:04:4D:6B:C3:68:A4:72:22:0A:9C:BE:C6 634s X509v3 Basic Constraints: 634s CA:FALSE 634s Netscape Cert Type: 634s SSL Client, S/MIME 634s Netscape Comment: 634s Test Organization Intermediate CA trusted Certificate 634s X509v3 Subject Key Identifier: 634s FD:85:BE:34:0D:22:B3:B6:02:06:4C:5A:CB:EF:4C:AC:C1:18:64:15 634s X509v3 Key Usage: critical 634s Digital Signature, Non Repudiation, Key Encipherment 634s X509v3 Extended Key Usage: 634s TLS Web Client Authentication, E-mail Protection 634s X509v3 Subject Alternative Name: 634s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 634s Signature Algorithm: sha256WithRSAEncryption 634s Signature Value: 634s bb:74:de:d3:58:40:db:f1:df:ff:c8:8e:a0:f7:b0:ba:30:ae: 634s d3:58:65:7b:2d:c0:06:04:1f:fb:a2:fe:99:85:23:3b:fe:63: 634s b6:3c:42:5a:80:45:0b:97:4f:7f:82:d1:9e:af:ec:5a:f8:18: 634s 5e:b7:f1:54:36:76:0c:88:87:55:a9:5b:02:69:f4:6c:8d:70: 634s 7b:29:c3:66:80:fb:14:49:a1:d2:ea:a5:34:4b:4d:9a:eb:dd: 634s 9f:9c:e7:53:fa:7d:be:e9:d9:71:14:29:e8:4a:16:80:2e:b8: 634s 82:f1:90:cc:f5:a0:8e:0c:3b:9a:80:2d:8f:24:0c:aa:0f:ae: 634s ef:4a 634s + local found_md5 expected_md5 634s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-cIPFgF/test-intermediate-CA-trusted-certificate-0001.pem 635s + expected_md5=Modulus=C36ABA7C81F663C22C89E86E032E4D6C3C62B83C6A15F2730F234677C35F54511A5CF8CBE97D276C1DFB510FD772D970860D20735EC8C057A6D8E6FAE9212473E5DA1A2F642D0E91B6AD3704B2C65EEE1FB9D1E5808F63B32F535BAEE31B33CFABD4924317C1BFA2F65CAD2CFFC6C6FA72D721C4BF803B1246C68DA726C57F87 635s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-cIPFgF/SSSD-child-156.pem 635s + found_md5=Modulus=C36ABA7C81F663C22C89E86E032E4D6C3C62B83C6A15F2730F234677C35F54511A5CF8CBE97D276C1DFB510FD772D970860D20735EC8C057A6D8E6FAE9212473E5DA1A2F642D0E91B6AD3704B2C65EEE1FB9D1E5808F63B32F535BAEE31B33CFABD4924317C1BFA2F65CAD2CFFC6C6FA72D721C4BF803B1246C68DA726C57F87 635s + '[' Modulus=C36ABA7C81F663C22C89E86E032E4D6C3C62B83C6A15F2730F234677C35F54511A5CF8CBE97D276C1DFB510FD772D970860D20735EC8C057A6D8E6FAE9212473E5DA1A2F642D0E91B6AD3704B2C65EEE1FB9D1E5808F63B32F535BAEE31B33CFABD4924317C1BFA2F65CAD2CFFC6C6FA72D721C4BF803B1246C68DA726C57F87 '!=' Modulus=C36ABA7C81F663C22C89E86E032E4D6C3C62B83C6A15F2730F234677C35F54511A5CF8CBE97D276C1DFB510FD772D970860D20735EC8C057A6D8E6FAE9212473E5DA1A2F642D0E91B6AD3704B2C65EEE1FB9D1E5808F63B32F535BAEE31B33CFABD4924317C1BFA2F65CAD2CFFC6C6FA72D721C4BF803B1246C68DA726C57F87 ']' 635s + output_file=/tmp/sssd-softhsm2-cIPFgF/SSSD-child-156-auth.output 635s ++ basename /tmp/sssd-softhsm2-cIPFgF/SSSD-child-156-auth.output .output 635s + output_cert_file=/tmp/sssd-softhsm2-cIPFgF/SSSD-child-156-auth.pem 635s + echo -n 053350 635s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/dev/null --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=no_verification --token_name 'Test Organization Interme Token' --module_name /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so 635s [p11_child[3183]] [main] (0x0400): p11_child started. 635s [p11_child[3183]] [main] (0x2000): Running in [auth] mode. 635s [p11_child[3183]] [main] (0x2000): Running with effective IDs: [0][0]. 635s [p11_child[3183]] [main] (0x2000): Running with real IDs [0][0]. 635s [p11_child[3183]] [parse_cert_verify_opts] (0x0020): Found 'no_verification' option, disabling verification completely. This should not be used in production. 635s [p11_child[3183]] [do_card] (0x4000): Module List: 635s [p11_child[3183]] [do_card] (0x4000): common name: [softhsm2]. 635s [p11_child[3183]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 635s [p11_child[3183]] [do_card] (0x4000): Description [SoftHSM slot ID 0x3deb85ad] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 635s [p11_child[3183]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 635s [p11_child[3183]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x3deb85ad][1038845357] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 635s [p11_child[3183]] [do_card] (0x4000): Login required. 635s [p11_child[3183]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 635s [p11_child[3183]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so Test Organization Interme Token Test Organization Interme Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 635s [p11_child[3183]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x3deb85ad;slot-manufacturer=SoftHSM%20project;slot-id=1038845357;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=ffe6f8193deb85ad;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 635s [p11_child[3183]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 635s [p11_child[3183]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 635s [p11_child[3183]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 635s [p11_child[3183]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 635s [p11_child[3183]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 635s [p11_child[3183]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 635s [p11_child[3183]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 635s [p11_child[3183]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 635s [p11_child[3183]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 635s [p11_child[3183]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 635s [p11_child[3183]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 635s [p11_child[3183]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 635s [p11_child[3183]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 635s [p11_child[3183]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 635s [p11_child[3183]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 635s [p11_child[3183]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 635s [p11_child[3183]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 635s [p11_child[3183]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 635s [p11_child[3183]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 635s [p11_child[3183]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 635s [p11_child[3183]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 635s [p11_child[3183]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 635s [p11_child[3183]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 635s [p11_child[3183]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 635s [p11_child[3183]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 635s [p11_child[3183]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 635s [p11_child[3183]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 635s [p11_child[3183]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 635s [p11_child[3183]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 635s [p11_child[3183]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 635s [p11_child[3183]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 635s [p11_child[3183]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 635s [p11_child[3183]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 635s [p11_child[3183]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 635s [p11_child[3183]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 635s [p11_child[3183]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 635s [p11_child[3183]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 635s [p11_child[3183]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 635s [p11_child[3183]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 635s [p11_child[3183]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 635s [p11_child[3183]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 635s [p11_child[3183]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 635s [p11_child[3183]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 635s [p11_child[3183]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 635s [p11_child[3183]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 635s [p11_child[3183]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 635s [p11_child[3183]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 635s [p11_child[3183]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 635s [p11_child[3183]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 635s [p11_child[3183]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 635s [p11_child[3183]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 635s [p11_child[3183]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 635s [p11_child[3183]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 635s [p11_child[3183]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 635s [p11_child[3183]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 635s [p11_child[3183]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 635s [p11_child[3183]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 635s [p11_child[3183]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 635s [p11_child[3183]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 635s [p11_child[3183]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 635s [p11_child[3183]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 635s [p11_child[3183]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 635s [p11_child[3183]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 635s [p11_child[3183]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 635s [p11_child[3183]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 635s [p11_child[3183]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 635s [p11_child[3183]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 635s [p11_child[3183]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 635s [p11_child[3183]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 635s [p11_child[3183]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 635s [p11_child[3183]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 635s [p11_child[3183]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 635s [p11_child[3183]] [do_card] (0x4000): Certificate verified and validated. 635s [p11_child[3183]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 635s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-cIPFgF/SSSD-child-156-auth.output 635s + echo '-----BEGIN CERTIFICATE-----' 635s + tail -n1 /tmp/sssd-softhsm2-cIPFgF/SSSD-child-156-auth.output 635s + echo '-----END CERTIFICATE-----' 635s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-cIPFgF/SSSD-child-156-auth.pem 635s Certificate: 635s Data: 635s Version: 3 (0x2) 635s Serial Number: 4 (0x4) 635s Signature Algorithm: sha256WithRSAEncryption 635s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 635s Validity 635s Not Before: Mar 20 04:53:15 2024 GMT 635s Not After : Mar 20 04:53:15 2025 GMT 635s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 635s Subject Public Key Info: 635s Public Key Algorithm: rsaEncryption 635s Public-Key: (1024 bit) 635s Modulus: 635s 00:c3:6a:ba:7c:81:f6:63:c2:2c:89:e8:6e:03:2e: 635s 4d:6c:3c:62:b8:3c:6a:15:f2:73:0f:23:46:77:c3: 635s 5f:54:51:1a:5c:f8:cb:e9:7d:27:6c:1d:fb:51:0f: 635s d7:72:d9:70:86:0d:20:73:5e:c8:c0:57:a6:d8:e6: 635s fa:e9:21:24:73:e5:da:1a:2f:64:2d:0e:91:b6:ad: 635s 37:04:b2:c6:5e:ee:1f:b9:d1:e5:80:8f:63:b3:2f: 635s 53:5b:ae:e3:1b:33:cf:ab:d4:92:43:17:c1:bf:a2: 635s f6:5c:ad:2c:ff:c6:c6:fa:72:d7:21:c4:bf:80:3b: 635s 12:46:c6:8d:a7:26:c5:7f:87 635s Exponent: 65537 (0x10001) 635s X509v3 extensions: 635s X509v3 Authority Key Identifier: 635s ED:55:53:47:97:65:60:11:04:4D:6B:C3:68:A4:72:22:0A:9C:BE:C6 635s X509v3 Basic Constraints: 635s CA:FALSE 635s Netscape Cert Type: 635s SSL Client, S/MIME 635s Netscape Comment: 635s Test Organization Intermediate CA trusted Certificate 635s X509v3 Subject Key Identifier: 635s FD:85:BE:34:0D:22:B3:B6:02:06:4C:5A:CB:EF:4C:AC:C1:18:64:15 635s X509v3 Key Usage: critical 635s Digital Signature, Non Repudiation, Key Encipherment 635s X509v3 Extended Key Usage: 635s TLS Web Client Authentication, E-mail Protection 635s X509v3 Subject Alternative Name: 635s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 635s Signature Algorithm: sha256WithRSAEncryption 635s Signature Value: 635s bb:74:de:d3:58:40:db:f1:df:ff:c8:8e:a0:f7:b0:ba:30:ae: 635s d3:58:65:7b:2d:c0:06:04:1f:fb:a2:fe:99:85:23:3b:fe:63: 635s b6:3c:42:5a:80:45:0b:97:4f:7f:82:d1:9e:af:ec:5a:f8:18: 635s 5e:b7:f1:54:36:76:0c:88:87:55:a9:5b:02:69:f4:6c:8d:70: 635s 7b:29:c3:66:80:fb:14:49:a1:d2:ea:a5:34:4b:4d:9a:eb:dd: 635s 9f:9c:e7:53:fa:7d:be:e9:d9:71:14:29:e8:4a:16:80:2e:b8: 635s 82:f1:90:cc:f5:a0:8e:0c:3b:9a:80:2d:8f:24:0c:aa:0f:ae: 635s ef:4a 635s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-cIPFgF/SSSD-child-156-auth.pem 635s + found_md5=Modulus=C36ABA7C81F663C22C89E86E032E4D6C3C62B83C6A15F2730F234677C35F54511A5CF8CBE97D276C1DFB510FD772D970860D20735EC8C057A6D8E6FAE9212473E5DA1A2F642D0E91B6AD3704B2C65EEE1FB9D1E5808F63B32F535BAEE31B33CFABD4924317C1BFA2F65CAD2CFFC6C6FA72D721C4BF803B1246C68DA726C57F87 635s + '[' Modulus=C36ABA7C81F663C22C89E86E032E4D6C3C62B83C6A15F2730F234677C35F54511A5CF8CBE97D276C1DFB510FD772D970860D20735EC8C057A6D8E6FAE9212473E5DA1A2F642D0E91B6AD3704B2C65EEE1FB9D1E5808F63B32F535BAEE31B33CFABD4924317C1BFA2F65CAD2CFFC6C6FA72D721C4BF803B1246C68DA726C57F87 '!=' Modulus=C36ABA7C81F663C22C89E86E032E4D6C3C62B83C6A15F2730F234677C35F54511A5CF8CBE97D276C1DFB510FD772D970860D20735EC8C057A6D8E6FAE9212473E5DA1A2F642D0E91B6AD3704B2C65EEE1FB9D1E5808F63B32F535BAEE31B33CFABD4924317C1BFA2F65CAD2CFFC6C6FA72D721C4BF803B1246C68DA726C57F87 ']' 635s + invalid_certificate /tmp/sssd-softhsm2-cIPFgF/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-17101 /tmp/sssd-softhsm2-cIPFgF/test-root-CA.pem 635s + check_certificate /tmp/sssd-softhsm2-cIPFgF/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-17101 /tmp/sssd-softhsm2-cIPFgF/test-root-CA.pem 635s + local certificate=/tmp/sssd-softhsm2-cIPFgF/test-intermediate-CA-trusted-certificate-0001.pem 635s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-17101 635s + local key_ring=/tmp/sssd-softhsm2-cIPFgF/test-root-CA.pem 635s + local verify_option= 635s + prepare_softhsm2_card /tmp/sssd-softhsm2-cIPFgF/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-17101 635s + local certificate=/tmp/sssd-softhsm2-cIPFgF/test-intermediate-CA-trusted-certificate-0001.pem 635s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-17101 635s + local key_cn 635s + local key_name 635s + local tokens_dir 635s + local output_cert_file 635s + token_name= 635s ++ basename /tmp/sssd-softhsm2-cIPFgF/test-intermediate-CA-trusted-certificate-0001.pem .pem 635s + key_name=test-intermediate-CA-trusted-certificate-0001 635s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-cIPFgF/test-intermediate-CA-trusted-certificate-0001.pem 635s ++ sed -n 's/ *commonName *= //p' 635s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 635s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 635s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-cIPFgF/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 635s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-cIPFgF/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 635s ++ basename /tmp/sssd-softhsm2-cIPFgF/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 635s + tokens_dir=/tmp/sssd-softhsm2-cIPFgF/softhsm2-test-intermediate-CA-trusted-certificate-0001 635s + token_name='Test Organization Interme Token' 635s + '[' '!' -e /tmp/sssd-softhsm2-cIPFgF/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 635s + '[' '!' -d /tmp/sssd-softhsm2-cIPFgF/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 635s + echo 'Test Organization Interme Token' 635s + '[' -n '' ']' 635s + local output_base_name=SSSD-child-16279 635s + local output_file=/tmp/sssd-softhsm2-cIPFgF/SSSD-child-16279.output 635s + output_cert_file=/tmp/sssd-softhsm2-cIPFgF/SSSD-child-16279.pem 635s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-cIPFgF/test-root-CA.pem 635s Test Organization Interme Token 635s [p11_child[3193]] [main] (0x0400): p11_child started. 635s [p11_child[3193]] [main] (0x2000): Running in [pre-auth] mode. 635s [p11_child[3193]] [main] (0x2000): Running with effective IDs: [0][0]. 635s [p11_child[3193]] [main] (0x2000): Running with real IDs [0][0]. 635s [p11_child[3193]] [do_card] (0x4000): Module List: 635s [p11_child[3193]] [do_card] (0x4000): common name: [softhsm2]. 635s [p11_child[3193]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 635s [p11_child[3193]] [do_card] (0x4000): Description [SoftHSM slot ID 0x3deb85ad] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 635s [p11_child[3193]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 635s [p11_child[3193]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x3deb85ad][1038845357] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 635s [p11_child[3193]] [do_card] (0x4000): Login NOT required. 635s [p11_child[3193]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 635s [p11_child[3193]] [do_verification] (0x0040): X509_verify_cert failed [0]. 635s [p11_child[3193]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 635s [p11_child[3193]] [read_certs] (0x0040): Certificate [Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] not valid, skipping. 635s [p11_child[3193]] [do_card] (0x4000): No certificate found. 635s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-cIPFgF/SSSD-child-16279.output 635s + return 2 635s + invalid_certificate /tmp/sssd-softhsm2-cIPFgF/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-17101 /tmp/sssd-softhsm2-cIPFgF/test-root-CA.pem partial_chain 635s + check_certificate /tmp/sssd-softhsm2-cIPFgF/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-17101 /tmp/sssd-softhsm2-cIPFgF/test-root-CA.pem partial_chain 635s + local certificate=/tmp/sssd-softhsm2-cIPFgF/test-intermediate-CA-trusted-certificate-0001.pem 635s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-17101 635s + local key_ring=/tmp/sssd-softhsm2-cIPFgF/test-root-CA.pem 635s + local verify_option=partial_chain 635s + prepare_softhsm2_card /tmp/sssd-softhsm2-cIPFgF/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-17101 635s + local certificate=/tmp/sssd-softhsm2-cIPFgF/test-intermediate-CA-trusted-certificate-0001.pem 635s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-17101 635s + local key_cn 635s + local key_name 635s + local tokens_dir 635s + local output_cert_file 635s + token_name= 635s ++ basename /tmp/sssd-softhsm2-cIPFgF/test-intermediate-CA-trusted-certificate-0001.pem .pem 635s + key_name=test-intermediate-CA-trusted-certificate-0001 635s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-cIPFgF/test-intermediate-CA-trusted-certificate-0001.pem 635s ++ sed -n 's/ *commonName *= //p' 635s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 635s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 635s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-cIPFgF/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 635s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-cIPFgF/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 635s ++ basename /tmp/sssd-softhsm2-cIPFgF/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 635s + tokens_dir=/tmp/sssd-softhsm2-cIPFgF/softhsm2-test-intermediate-CA-trusted-certificate-0001 635s + token_name='Test Organization Interme Token' 635s + '[' '!' -e /tmp/sssd-softhsm2-cIPFgF/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 635s + '[' '!' -d /tmp/sssd-softhsm2-cIPFgF/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 635s + echo 'Test Organization Interme Token' 635s + '[' -n partial_chain ']' 635s Test Organization Interme Token 635s + local verify_arg=--verify=partial_chain 635s + local output_base_name=SSSD-child-656 635s + local output_file=/tmp/sssd-softhsm2-cIPFgF/SSSD-child-656.output 635s + output_cert_file=/tmp/sssd-softhsm2-cIPFgF/SSSD-child-656.pem 635s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-cIPFgF/test-root-CA.pem 635s [p11_child[3200]] [main] (0x0400): p11_child started. 635s [p11_child[3200]] [main] (0x2000): Running in [pre-auth] mode. 635s [p11_child[3200]] [main] (0x2000): Running with effective IDs: [0][0]. 635s [p11_child[3200]] [main] (0x2000): Running with real IDs [0][0]. 635s [p11_child[3200]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 635s [p11_child[3200]] [do_card] (0x4000): Module List: 635s [p11_child[3200]] [do_card] (0x4000): common name: [softhsm2]. 635s [p11_child[3200]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 635s [p11_child[3200]] [do_card] (0x4000): Description [SoftHSM slot ID 0x3deb85ad] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 635s [p11_child[3200]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 635s [p11_child[3200]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x3deb85ad][1038845357] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 635s [p11_child[3200]] [do_card] (0x4000): Login NOT required. 635s [p11_child[3200]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 635s [p11_child[3200]] [do_verification] (0x0040): X509_verify_cert failed [0]. 635s [p11_child[3200]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 635s [p11_child[3200]] [read_certs] (0x0040): Certificate [Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] not valid, skipping. 635s [p11_child[3200]] [do_card] (0x4000): No certificate found. 635s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-cIPFgF/SSSD-child-656.output 635s + return 2 635s + valid_certificate /tmp/sssd-softhsm2-cIPFgF/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-17101 /tmp/sssd-softhsm2-cIPFgF/test-full-chain-CA.pem 635s + check_certificate /tmp/sssd-softhsm2-cIPFgF/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-17101 /tmp/sssd-softhsm2-cIPFgF/test-full-chain-CA.pem 635s + local certificate=/tmp/sssd-softhsm2-cIPFgF/test-intermediate-CA-trusted-certificate-0001.pem 635s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-17101 635s + local key_ring=/tmp/sssd-softhsm2-cIPFgF/test-full-chain-CA.pem 635s + local verify_option= 635s + prepare_softhsm2_card /tmp/sssd-softhsm2-cIPFgF/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-17101 635s + local certificate=/tmp/sssd-softhsm2-cIPFgF/test-intermediate-CA-trusted-certificate-0001.pem 635s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-17101 635s + local key_cn 635s + local key_name 635s + local tokens_dir 635s + local output_cert_file 635s + token_name= 635s ++ basename /tmp/sssd-softhsm2-cIPFgF/test-intermediate-CA-trusted-certificate-0001.pem .pem 635s + key_name=test-intermediate-CA-trusted-certificate-0001 635s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-cIPFgF/test-intermediate-CA-trusted-certificate-0001.pem 635s ++ sed -n 's/ *commonName *= //p' 636s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 636s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 636s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-cIPFgF/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 636s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-cIPFgF/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 636s ++ basename /tmp/sssd-softhsm2-cIPFgF/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 636s + tokens_dir=/tmp/sssd-softhsm2-cIPFgF/softhsm2-test-intermediate-CA-trusted-certificate-0001 636s + token_name='Test Organization Interme Token' 636s + '[' '!' -e /tmp/sssd-softhsm2-cIPFgF/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 636s + '[' '!' -d /tmp/sssd-softhsm2-cIPFgF/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 636s + echo 'Test Organization Interme Token' 636s + '[' -n '' ']' 636s + local output_base_name=SSSD-child-14140 636s + local output_file=/tmp/sssd-softhsm2-cIPFgF/SSSD-child-14140.output 636s + output_cert_file=/tmp/sssd-softhsm2-cIPFgF/SSSD-child-14140.pem 636s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-cIPFgF/test-full-chain-CA.pem 636s Test Organization Interme Token 636s [p11_child[3207]] [main] (0x0400): p11_child started. 636s [p11_child[3207]] [main] (0x2000): Running in [pre-auth] mode. 636s [p11_child[3207]] [main] (0x2000): Running with effective IDs: [0][0]. 636s [p11_child[3207]] [main] (0x2000): Running with real IDs [0][0]. 636s [p11_child[3207]] [do_card] (0x4000): Module List: 636s [p11_child[3207]] [do_card] (0x4000): common name: [softhsm2]. 636s [p11_child[3207]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 636s [p11_child[3207]] [do_card] (0x4000): Description [SoftHSM slot ID 0x3deb85ad] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 636s [p11_child[3207]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 636s [p11_child[3207]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x3deb85ad][1038845357] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 636s [p11_child[3207]] [do_card] (0x4000): Login NOT required. 636s [p11_child[3207]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 636s [p11_child[3207]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 636s [p11_child[3207]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Interme Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 636s [p11_child[3207]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x3deb85ad;slot-manufacturer=SoftHSM%20project;slot-id=1038845357;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=ffe6f8193deb85ad;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 636s [p11_child[3207]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 636s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-cIPFgF/SSSD-child-14140.output 636s + echo '-----BEGIN CERTIFICATE-----' 636s + tail -n1 /tmp/sssd-softhsm2-cIPFgF/SSSD-child-14140.output 636s + echo '-----END CERTIFICATE-----' 636s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-cIPFgF/SSSD-child-14140.pem 636s Certificate: 636s Data: 636s Version: 3 (0x2) 636s Serial Number: 4 (0x4) 636s Signature Algorithm: sha256WithRSAEncryption 636s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 636s Validity 636s Not Before: Mar 20 04:53:15 2024 GMT 636s Not After : Mar 20 04:53:15 2025 GMT 636s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 636s Subject Public Key Info: 636s Public Key Algorithm: rsaEncryption 636s Public-Key: (1024 bit) 636s Modulus: 636s 00:c3:6a:ba:7c:81:f6:63:c2:2c:89:e8:6e:03:2e: 636s 4d:6c:3c:62:b8:3c:6a:15:f2:73:0f:23:46:77:c3: 636s 5f:54:51:1a:5c:f8:cb:e9:7d:27:6c:1d:fb:51:0f: 636s d7:72:d9:70:86:0d:20:73:5e:c8:c0:57:a6:d8:e6: 636s fa:e9:21:24:73:e5:da:1a:2f:64:2d:0e:91:b6:ad: 636s 37:04:b2:c6:5e:ee:1f:b9:d1:e5:80:8f:63:b3:2f: 636s 53:5b:ae:e3:1b:33:cf:ab:d4:92:43:17:c1:bf:a2: 636s f6:5c:ad:2c:ff:c6:c6:fa:72:d7:21:c4:bf:80:3b: 636s 12:46:c6:8d:a7:26:c5:7f:87 636s Exponent: 65537 (0x10001) 636s X509v3 extensions: 636s X509v3 Authority Key Identifier: 636s ED:55:53:47:97:65:60:11:04:4D:6B:C3:68:A4:72:22:0A:9C:BE:C6 636s X509v3 Basic Constraints: 636s CA:FALSE 636s Netscape Cert Type: 636s SSL Client, S/MIME 636s Netscape Comment: 636s Test Organization Intermediate CA trusted Certificate 636s X509v3 Subject Key Identifier: 636s FD:85:BE:34:0D:22:B3:B6:02:06:4C:5A:CB:EF:4C:AC:C1:18:64:15 636s X509v3 Key Usage: critical 636s Digital Signature, Non Repudiation, Key Encipherment 636s X509v3 Extended Key Usage: 636s TLS Web Client Authentication, E-mail Protection 636s X509v3 Subject Alternative Name: 636s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 636s Signature Algorithm: sha256WithRSAEncryption 636s Signature Value: 636s bb:74:de:d3:58:40:db:f1:df:ff:c8:8e:a0:f7:b0:ba:30:ae: 636s d3:58:65:7b:2d:c0:06:04:1f:fb:a2:fe:99:85:23:3b:fe:63: 636s b6:3c:42:5a:80:45:0b:97:4f:7f:82:d1:9e:af:ec:5a:f8:18: 636s 5e:b7:f1:54:36:76:0c:88:87:55:a9:5b:02:69:f4:6c:8d:70: 636s 7b:29:c3:66:80:fb:14:49:a1:d2:ea:a5:34:4b:4d:9a:eb:dd: 636s 9f:9c:e7:53:fa:7d:be:e9:d9:71:14:29:e8:4a:16:80:2e:b8: 636s 82:f1:90:cc:f5:a0:8e:0c:3b:9a:80:2d:8f:24:0c:aa:0f:ae: 636s ef:4a 636s + local found_md5 expected_md5 636s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-cIPFgF/test-intermediate-CA-trusted-certificate-0001.pem 636s + expected_md5=Modulus=C36ABA7C81F663C22C89E86E032E4D6C3C62B83C6A15F2730F234677C35F54511A5CF8CBE97D276C1DFB510FD772D970860D20735EC8C057A6D8E6FAE9212473E5DA1A2F642D0E91B6AD3704B2C65EEE1FB9D1E5808F63B32F535BAEE31B33CFABD4924317C1BFA2F65CAD2CFFC6C6FA72D721C4BF803B1246C68DA726C57F87 636s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-cIPFgF/SSSD-child-14140.pem 636s + found_md5=Modulus=C36ABA7C81F663C22C89E86E032E4D6C3C62B83C6A15F2730F234677C35F54511A5CF8CBE97D276C1DFB510FD772D970860D20735EC8C057A6D8E6FAE9212473E5DA1A2F642D0E91B6AD3704B2C65EEE1FB9D1E5808F63B32F535BAEE31B33CFABD4924317C1BFA2F65CAD2CFFC6C6FA72D721C4BF803B1246C68DA726C57F87 636s + '[' Modulus=C36ABA7C81F663C22C89E86E032E4D6C3C62B83C6A15F2730F234677C35F54511A5CF8CBE97D276C1DFB510FD772D970860D20735EC8C057A6D8E6FAE9212473E5DA1A2F642D0E91B6AD3704B2C65EEE1FB9D1E5808F63B32F535BAEE31B33CFABD4924317C1BFA2F65CAD2CFFC6C6FA72D721C4BF803B1246C68DA726C57F87 '!=' Modulus=C36ABA7C81F663C22C89E86E032E4D6C3C62B83C6A15F2730F234677C35F54511A5CF8CBE97D276C1DFB510FD772D970860D20735EC8C057A6D8E6FAE9212473E5DA1A2F642D0E91B6AD3704B2C65EEE1FB9D1E5808F63B32F535BAEE31B33CFABD4924317C1BFA2F65CAD2CFFC6C6FA72D721C4BF803B1246C68DA726C57F87 ']' 636s + output_file=/tmp/sssd-softhsm2-cIPFgF/SSSD-child-14140-auth.output 636s ++ basename /tmp/sssd-softhsm2-cIPFgF/SSSD-child-14140-auth.output .output 636s + output_cert_file=/tmp/sssd-softhsm2-cIPFgF/SSSD-child-14140-auth.pem 636s + echo -n 053350 636s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-cIPFgF/test-full-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 '' --token_name 'Test Organization Interme Token' --module_name /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so 636s [p11_child[3215]] [main] (0x0400): p11_child started. 636s [p11_child[3215]] [main] (0x2000): Running in [auth] mode. 636s [p11_child[3215]] [main] (0x2000): Running with effective IDs: [0][0]. 636s [p11_child[3215]] [main] (0x2000): Running with real IDs [0][0]. 636s [p11_child[3215]] [do_card] (0x4000): Module List: 636s [p11_child[3215]] [do_card] (0x4000): common name: [softhsm2]. 636s [p11_child[3215]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 636s [p11_child[3215]] [do_card] (0x4000): Description [SoftHSM slot ID 0x3deb85ad] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 636s [p11_child[3215]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 636s [p11_child[3215]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x3deb85ad][1038845357] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 636s [p11_child[3215]] [do_card] (0x4000): Login required. 636s [p11_child[3215]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 636s [p11_child[3215]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 636s [p11_child[3215]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so Test Organization Interme Token Test Organization Interme Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 636s [p11_child[3215]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x3deb85ad;slot-manufacturer=SoftHSM%20project;slot-id=1038845357;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=ffe6f8193deb85ad;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 636s [p11_child[3215]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 636s [p11_child[3215]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 636s [p11_child[3215]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 636s [p11_child[3215]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 636s [p11_child[3215]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 636s [p11_child[3215]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 636s [p11_child[3215]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 636s [p11_child[3215]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 636s [p11_child[3215]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 636s [p11_child[3215]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 636s [p11_child[3215]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 636s [p11_child[3215]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 636s [p11_child[3215]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 636s [p11_child[3215]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 636s [p11_child[3215]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 636s [p11_child[3215]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 636s [p11_child[3215]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 636s [p11_child[3215]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 636s [p11_child[3215]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 636s [p11_child[3215]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 636s [p11_child[3215]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 636s [p11_child[3215]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 636s [p11_child[3215]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 636s [p11_child[3215]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 636s [p11_child[3215]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 636s [p11_child[3215]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 636s [p11_child[3215]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 636s [p11_child[3215]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 636s [p11_child[3215]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 636s [p11_child[3215]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 636s [p11_child[3215]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 636s [p11_child[3215]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 636s [p11_child[3215]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 636s [p11_child[3215]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 636s [p11_child[3215]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 636s [p11_child[3215]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 636s [p11_child[3215]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 636s [p11_child[3215]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 636s [p11_child[3215]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 636s [p11_child[3215]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 636s [p11_child[3215]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 636s [p11_child[3215]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 636s [p11_child[3215]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 636s [p11_child[3215]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 636s [p11_child[3215]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 636s [p11_child[3215]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 636s [p11_child[3215]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 636s [p11_child[3215]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 636s [p11_child[3215]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 636s [p11_child[3215]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 636s [p11_child[3215]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 636s [p11_child[3215]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 636s [p11_child[3215]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 636s [p11_child[3215]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 636s [p11_child[3215]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 636s [p11_child[3215]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 636s [p11_child[3215]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 636s [p11_child[3215]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 636s [p11_child[3215]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 636s [p11_child[3215]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 636s [p11_child[3215]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 636s [p11_child[3215]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 636s [p11_child[3215]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 636s [p11_child[3215]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 636s [p11_child[3215]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 636s [p11_child[3215]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 636s [p11_child[3215]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 636s [p11_child[3215]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 636s [p11_child[3215]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 636s [p11_child[3215]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 636s [p11_child[3215]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 636s [p11_child[3215]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 636s [p11_child[3215]] [do_card] (0x4000): Certificate verified and validated. 636s [p11_child[3215]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 636s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-cIPFgF/SSSD-child-14140-auth.output 636s + echo '-----BEGIN CERTIFICATE-----' 636s + tail -n1 /tmp/sssd-softhsm2-cIPFgF/SSSD-child-14140-auth.output 636s + echo '-----END CERTIFICATE-----' 636s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-cIPFgF/SSSD-child-14140-auth.pem 636s Certificate: 636s Data: 636s Version: 3 (0x2) 636s Serial Number: 4 (0x4) 636s Signature Algorithm: sha256WithRSAEncryption 636s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 636s Validity 636s Not Before: Mar 20 04:53:15 2024 GMT 636s Not After : Mar 20 04:53:15 2025 GMT 636s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 636s Subject Public Key Info: 636s Public Key Algorithm: rsaEncryption 636s Public-Key: (1024 bit) 636s Modulus: 636s 00:c3:6a:ba:7c:81:f6:63:c2:2c:89:e8:6e:03:2e: 636s 4d:6c:3c:62:b8:3c:6a:15:f2:73:0f:23:46:77:c3: 636s 5f:54:51:1a:5c:f8:cb:e9:7d:27:6c:1d:fb:51:0f: 636s d7:72:d9:70:86:0d:20:73:5e:c8:c0:57:a6:d8:e6: 636s fa:e9:21:24:73:e5:da:1a:2f:64:2d:0e:91:b6:ad: 636s 37:04:b2:c6:5e:ee:1f:b9:d1:e5:80:8f:63:b3:2f: 636s 53:5b:ae:e3:1b:33:cf:ab:d4:92:43:17:c1:bf:a2: 636s f6:5c:ad:2c:ff:c6:c6:fa:72:d7:21:c4:bf:80:3b: 636s 12:46:c6:8d:a7:26:c5:7f:87 636s Exponent: 65537 (0x10001) 636s X509v3 extensions: 636s X509v3 Authority Key Identifier: 636s ED:55:53:47:97:65:60:11:04:4D:6B:C3:68:A4:72:22:0A:9C:BE:C6 636s X509v3 Basic Constraints: 636s CA:FALSE 636s Netscape Cert Type: 636s SSL Client, S/MIME 636s Netscape Comment: 636s Test Organization Intermediate CA trusted Certificate 636s X509v3 Subject Key Identifier: 636s FD:85:BE:34:0D:22:B3:B6:02:06:4C:5A:CB:EF:4C:AC:C1:18:64:15 636s X509v3 Key Usage: critical 636s Digital Signature, Non Repudiation, Key Encipherment 636s X509v3 Extended Key Usage: 636s TLS Web Client Authentication, E-mail Protection 636s X509v3 Subject Alternative Name: 636s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 636s Signature Algorithm: sha256WithRSAEncryption 636s Signature Value: 636s bb:74:de:d3:58:40:db:f1:df:ff:c8:8e:a0:f7:b0:ba:30:ae: 636s d3:58:65:7b:2d:c0:06:04:1f:fb:a2:fe:99:85:23:3b:fe:63: 636s b6:3c:42:5a:80:45:0b:97:4f:7f:82:d1:9e:af:ec:5a:f8:18: 636s 5e:b7:f1:54:36:76:0c:88:87:55:a9:5b:02:69:f4:6c:8d:70: 636s 7b:29:c3:66:80:fb:14:49:a1:d2:ea:a5:34:4b:4d:9a:eb:dd: 636s 9f:9c:e7:53:fa:7d:be:e9:d9:71:14:29:e8:4a:16:80:2e:b8: 636s 82:f1:90:cc:f5:a0:8e:0c:3b:9a:80:2d:8f:24:0c:aa:0f:ae: 636s ef:4a 636s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-cIPFgF/SSSD-child-14140-auth.pem 636s + found_md5=Modulus=C36ABA7C81F663C22C89E86E032E4D6C3C62B83C6A15F2730F234677C35F54511A5CF8CBE97D276C1DFB510FD772D970860D20735EC8C057A6D8E6FAE9212473E5DA1A2F642D0E91B6AD3704B2C65EEE1FB9D1E5808F63B32F535BAEE31B33CFABD4924317C1BFA2F65CAD2CFFC6C6FA72D721C4BF803B1246C68DA726C57F87 636s + '[' Modulus=C36ABA7C81F663C22C89E86E032E4D6C3C62B83C6A15F2730F234677C35F54511A5CF8CBE97D276C1DFB510FD772D970860D20735EC8C057A6D8E6FAE9212473E5DA1A2F642D0E91B6AD3704B2C65EEE1FB9D1E5808F63B32F535BAEE31B33CFABD4924317C1BFA2F65CAD2CFFC6C6FA72D721C4BF803B1246C68DA726C57F87 '!=' Modulus=C36ABA7C81F663C22C89E86E032E4D6C3C62B83C6A15F2730F234677C35F54511A5CF8CBE97D276C1DFB510FD772D970860D20735EC8C057A6D8E6FAE9212473E5DA1A2F642D0E91B6AD3704B2C65EEE1FB9D1E5808F63B32F535BAEE31B33CFABD4924317C1BFA2F65CAD2CFFC6C6FA72D721C4BF803B1246C68DA726C57F87 ']' 636s + valid_certificate /tmp/sssd-softhsm2-cIPFgF/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-17101 /tmp/sssd-softhsm2-cIPFgF/test-full-chain-CA.pem partial_chain 636s + check_certificate /tmp/sssd-softhsm2-cIPFgF/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-17101 /tmp/sssd-softhsm2-cIPFgF/test-full-chain-CA.pem partial_chain 636s + local certificate=/tmp/sssd-softhsm2-cIPFgF/test-intermediate-CA-trusted-certificate-0001.pem 636s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-17101 636s + local key_ring=/tmp/sssd-softhsm2-cIPFgF/test-full-chain-CA.pem 636s + local verify_option=partial_chain 636s + prepare_softhsm2_card /tmp/sssd-softhsm2-cIPFgF/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-17101 636s + local certificate=/tmp/sssd-softhsm2-cIPFgF/test-intermediate-CA-trusted-certificate-0001.pem 636s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-17101 636s + local key_cn 636s + local key_name 636s + local tokens_dir 636s + local output_cert_file 636s + token_name= 636s ++ basename /tmp/sssd-softhsm2-cIPFgF/test-intermediate-CA-trusted-certificate-0001.pem .pem 636s + key_name=test-intermediate-CA-trusted-certificate-0001 636s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-cIPFgF/test-intermediate-CA-trusted-certificate-0001.pem 636s ++ sed -n 's/ *commonName *= //p' 636s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 636s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 636s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-cIPFgF/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 636s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-cIPFgF/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 636s ++ basename /tmp/sssd-softhsm2-cIPFgF/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 636s + tokens_dir=/tmp/sssd-softhsm2-cIPFgF/softhsm2-test-intermediate-CA-trusted-certificate-0001 636s + token_name='Test Organization Interme Token' 636s + '[' '!' -e /tmp/sssd-softhsm2-cIPFgF/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 636s + '[' '!' -d /tmp/sssd-softhsm2-cIPFgF/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 636s Test Organization Interme Token 636s + echo 'Test Organization Interme Token' 636s + '[' -n partial_chain ']' 636s + local verify_arg=--verify=partial_chain 636s + local output_base_name=SSSD-child-20765 636s + local output_file=/tmp/sssd-softhsm2-cIPFgF/SSSD-child-20765.output 636s + output_cert_file=/tmp/sssd-softhsm2-cIPFgF/SSSD-child-20765.pem 636s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-cIPFgF/test-full-chain-CA.pem 636s [p11_child[3225]] [main] (0x0400): p11_child started. 636s [p11_child[3225]] [main] (0x2000): Running in [pre-auth] mode. 636s [p11_child[3225]] [main] (0x2000): Running with effective IDs: [0][0]. 636s [p11_child[3225]] [main] (0x2000): Running with real IDs [0][0]. 636s [p11_child[3225]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 636s [p11_child[3225]] [do_card] (0x4000): Module List: 636s [p11_child[3225]] [do_card] (0x4000): common name: [softhsm2]. 636s [p11_child[3225]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 636s [p11_child[3225]] [do_card] (0x4000): Description [SoftHSM slot ID 0x3deb85ad] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 636s [p11_child[3225]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 636s [p11_child[3225]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x3deb85ad][1038845357] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 636s [p11_child[3225]] [do_card] (0x4000): Login NOT required. 636s [p11_child[3225]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 636s [p11_child[3225]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 636s [p11_child[3225]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Interme Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 636s [p11_child[3225]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x3deb85ad;slot-manufacturer=SoftHSM%20project;slot-id=1038845357;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=ffe6f8193deb85ad;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 636s [p11_child[3225]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 636s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-cIPFgF/SSSD-child-20765.output 636s + echo '-----BEGIN CERTIFICATE-----' 636s + tail -n1 /tmp/sssd-softhsm2-cIPFgF/SSSD-child-20765.output 636s + echo '-----END CERTIFICATE-----' 636s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-cIPFgF/SSSD-child-20765.pem 637s Certificate: 637s Data: 637s Version: 3 (0x2) 637s Serial Number: 4 (0x4) 637s Signature Algorithm: sha256WithRSAEncryption 637s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 637s Validity 637s Not Before: Mar 20 04:53:15 2024 GMT 637s Not After : Mar 20 04:53:15 2025 GMT 637s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 637s Subject Public Key Info: 637s Public Key Algorithm: rsaEncryption 637s Public-Key: (1024 bit) 637s Modulus: 637s 00:c3:6a:ba:7c:81:f6:63:c2:2c:89:e8:6e:03:2e: 637s 4d:6c:3c:62:b8:3c:6a:15:f2:73:0f:23:46:77:c3: 637s 5f:54:51:1a:5c:f8:cb:e9:7d:27:6c:1d:fb:51:0f: 637s d7:72:d9:70:86:0d:20:73:5e:c8:c0:57:a6:d8:e6: 637s fa:e9:21:24:73:e5:da:1a:2f:64:2d:0e:91:b6:ad: 637s 37:04:b2:c6:5e:ee:1f:b9:d1:e5:80:8f:63:b3:2f: 637s 53:5b:ae:e3:1b:33:cf:ab:d4:92:43:17:c1:bf:a2: 637s f6:5c:ad:2c:ff:c6:c6:fa:72:d7:21:c4:bf:80:3b: 637s 12:46:c6:8d:a7:26:c5:7f:87 637s Exponent: 65537 (0x10001) 637s X509v3 extensions: 637s X509v3 Authority Key Identifier: 637s ED:55:53:47:97:65:60:11:04:4D:6B:C3:68:A4:72:22:0A:9C:BE:C6 637s X509v3 Basic Constraints: 637s CA:FALSE 637s Netscape Cert Type: 637s SSL Client, S/MIME 637s Netscape Comment: 637s Test Organization Intermediate CA trusted Certificate 637s X509v3 Subject Key Identifier: 637s FD:85:BE:34:0D:22:B3:B6:02:06:4C:5A:CB:EF:4C:AC:C1:18:64:15 637s X509v3 Key Usage: critical 637s Digital Signature, Non Repudiation, Key Encipherment 637s X509v3 Extended Key Usage: 637s TLS Web Client Authentication, E-mail Protection 637s X509v3 Subject Alternative Name: 637s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 637s Signature Algorithm: sha256WithRSAEncryption 637s Signature Value: 637s bb:74:de:d3:58:40:db:f1:df:ff:c8:8e:a0:f7:b0:ba:30:ae: 637s d3:58:65:7b:2d:c0:06:04:1f:fb:a2:fe:99:85:23:3b:fe:63: 637s b6:3c:42:5a:80:45:0b:97:4f:7f:82:d1:9e:af:ec:5a:f8:18: 637s 5e:b7:f1:54:36:76:0c:88:87:55:a9:5b:02:69:f4:6c:8d:70: 637s 7b:29:c3:66:80:fb:14:49:a1:d2:ea:a5:34:4b:4d:9a:eb:dd: 637s 9f:9c:e7:53:fa:7d:be:e9:d9:71:14:29:e8:4a:16:80:2e:b8: 637s 82:f1:90:cc:f5:a0:8e:0c:3b:9a:80:2d:8f:24:0c:aa:0f:ae: 637s ef:4a 637s + local found_md5 expected_md5 637s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-cIPFgF/test-intermediate-CA-trusted-certificate-0001.pem 637s + expected_md5=Modulus=C36ABA7C81F663C22C89E86E032E4D6C3C62B83C6A15F2730F234677C35F54511A5CF8CBE97D276C1DFB510FD772D970860D20735EC8C057A6D8E6FAE9212473E5DA1A2F642D0E91B6AD3704B2C65EEE1FB9D1E5808F63B32F535BAEE31B33CFABD4924317C1BFA2F65CAD2CFFC6C6FA72D721C4BF803B1246C68DA726C57F87 637s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-cIPFgF/SSSD-child-20765.pem 637s + found_md5=Modulus=C36ABA7C81F663C22C89E86E032E4D6C3C62B83C6A15F2730F234677C35F54511A5CF8CBE97D276C1DFB510FD772D970860D20735EC8C057A6D8E6FAE9212473E5DA1A2F642D0E91B6AD3704B2C65EEE1FB9D1E5808F63B32F535BAEE31B33CFABD4924317C1BFA2F65CAD2CFFC6C6FA72D721C4BF803B1246C68DA726C57F87 637s + '[' Modulus=C36ABA7C81F663C22C89E86E032E4D6C3C62B83C6A15F2730F234677C35F54511A5CF8CBE97D276C1DFB510FD772D970860D20735EC8C057A6D8E6FAE9212473E5DA1A2F642D0E91B6AD3704B2C65EEE1FB9D1E5808F63B32F535BAEE31B33CFABD4924317C1BFA2F65CAD2CFFC6C6FA72D721C4BF803B1246C68DA726C57F87 '!=' Modulus=C36ABA7C81F663C22C89E86E032E4D6C3C62B83C6A15F2730F234677C35F54511A5CF8CBE97D276C1DFB510FD772D970860D20735EC8C057A6D8E6FAE9212473E5DA1A2F642D0E91B6AD3704B2C65EEE1FB9D1E5808F63B32F535BAEE31B33CFABD4924317C1BFA2F65CAD2CFFC6C6FA72D721C4BF803B1246C68DA726C57F87 ']' 637s + output_file=/tmp/sssd-softhsm2-cIPFgF/SSSD-child-20765-auth.output 637s ++ basename /tmp/sssd-softhsm2-cIPFgF/SSSD-child-20765-auth.output .output 637s + output_cert_file=/tmp/sssd-softhsm2-cIPFgF/SSSD-child-20765-auth.pem 637s + echo -n 053350 637s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-cIPFgF/test-full-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Interme Token' --module_name /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so 637s [p11_child[3233]] [main] (0x0400): p11_child started. 637s [p11_child[3233]] [main] (0x2000): Running in [auth] mode. 637s [p11_child[3233]] [main] (0x2000): Running with effective IDs: [0][0]. 637s [p11_child[3233]] [main] (0x2000): Running with real IDs [0][0]. 637s [p11_child[3233]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 637s [p11_child[3233]] [do_card] (0x4000): Module List: 637s [p11_child[3233]] [do_card] (0x4000): common name: [softhsm2]. 637s [p11_child[3233]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 637s [p11_child[3233]] [do_card] (0x4000): Description [SoftHSM slot ID 0x3deb85ad] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 637s [p11_child[3233]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 637s [p11_child[3233]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x3deb85ad][1038845357] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 637s [p11_child[3233]] [do_card] (0x4000): Login required. 637s [p11_child[3233]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 637s [p11_child[3233]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 637s [p11_child[3233]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so Test Organization Interme Token Test Organization Interme Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 637s [p11_child[3233]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x3deb85ad;slot-manufacturer=SoftHSM%20project;slot-id=1038845357;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=ffe6f8193deb85ad;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 637s [p11_child[3233]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 637s [p11_child[3233]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 637s [p11_child[3233]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 637s [p11_child[3233]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 637s [p11_child[3233]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 637s [p11_child[3233]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 637s [p11_child[3233]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 637s [p11_child[3233]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 637s [p11_child[3233]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 637s [p11_child[3233]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 637s [p11_child[3233]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 637s [p11_child[3233]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 637s [p11_child[3233]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 637s [p11_child[3233]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 637s [p11_child[3233]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 637s [p11_child[3233]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 637s [p11_child[3233]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 637s [p11_child[3233]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 637s [p11_child[3233]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 637s [p11_child[3233]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 637s [p11_child[3233]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 637s [p11_child[3233]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 637s [p11_child[3233]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 637s [p11_child[3233]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 637s [p11_child[3233]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 637s [p11_child[3233]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 637s [p11_child[3233]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 637s [p11_child[3233]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 637s [p11_child[3233]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 637s [p11_child[3233]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 637s [p11_child[3233]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 637s [p11_child[3233]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 637s [p11_child[3233]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 637s [p11_child[3233]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 637s [p11_child[3233]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 637s [p11_child[3233]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 637s [p11_child[3233]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 637s [p11_child[3233]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 637s [p11_child[3233]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 637s [p11_child[3233]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 637s [p11_child[3233]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 637s [p11_child[3233]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 637s [p11_child[3233]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 637s [p11_child[3233]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 637s [p11_child[3233]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 637s [p11_child[3233]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 637s [p11_child[3233]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 637s [p11_child[3233]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 637s [p11_child[3233]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 637s [p11_child[3233]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 637s [p11_child[3233]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 637s [p11_child[3233]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 637s [p11_child[3233]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 637s [p11_child[3233]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 637s [p11_child[3233]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 637s [p11_child[3233]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 637s [p11_child[3233]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 637s [p11_child[3233]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 637s [p11_child[3233]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 637s [p11_child[3233]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 637s [p11_child[3233]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 637s [p11_child[3233]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 637s [p11_child[3233]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 637s [p11_child[3233]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 637s [p11_child[3233]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 637s [p11_child[3233]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 637s [p11_child[3233]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 637s [p11_child[3233]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 637s [p11_child[3233]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 637s [p11_child[3233]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 637s [p11_child[3233]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 637s [p11_child[3233]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 637s [p11_child[3233]] [do_card] (0x4000): Certificate verified and validated. 637s [p11_child[3233]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 637s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-cIPFgF/SSSD-child-20765-auth.output 637s + echo '-----BEGIN CERTIFICATE-----' 637s + tail -n1 /tmp/sssd-softhsm2-cIPFgF/SSSD-child-20765-auth.output 637s + echo '-----END CERTIFICATE-----' 637s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-cIPFgF/SSSD-child-20765-auth.pem 637s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-cIPFgF/SSSD-child-20765-auth.pem 637s Certificate: 637s Data: 637s Version: 3 (0x2) 637s Serial Number: 4 (0x4) 637s Signature Algorithm: sha256WithRSAEncryption 637s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 637s Validity 637s Not Before: Mar 20 04:53:15 2024 GMT 637s Not After : Mar 20 04:53:15 2025 GMT 637s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 637s Subject Public Key Info: 637s Public Key Algorithm: rsaEncryption 637s Public-Key: (1024 bit) 637s Modulus: 637s 00:c3:6a:ba:7c:81:f6:63:c2:2c:89:e8:6e:03:2e: 637s 4d:6c:3c:62:b8:3c:6a:15:f2:73:0f:23:46:77:c3: 637s 5f:54:51:1a:5c:f8:cb:e9:7d:27:6c:1d:fb:51:0f: 637s d7:72:d9:70:86:0d:20:73:5e:c8:c0:57:a6:d8:e6: 637s fa:e9:21:24:73:e5:da:1a:2f:64:2d:0e:91:b6:ad: 637s 37:04:b2:c6:5e:ee:1f:b9:d1:e5:80:8f:63:b3:2f: 637s 53:5b:ae:e3:1b:33:cf:ab:d4:92:43:17:c1:bf:a2: 637s f6:5c:ad:2c:ff:c6:c6:fa:72:d7:21:c4:bf:80:3b: 637s 12:46:c6:8d:a7:26:c5:7f:87 637s Exponent: 65537 (0x10001) 637s X509v3 extensions: 637s X509v3 Authority Key Identifier: 637s ED:55:53:47:97:65:60:11:04:4D:6B:C3:68:A4:72:22:0A:9C:BE:C6 637s X509v3 Basic Constraints: 637s CA:FALSE 637s Netscape Cert Type: 637s SSL Client, S/MIME 637s Netscape Comment: 637s Test Organization Intermediate CA trusted Certificate 637s X509v3 Subject Key Identifier: 637s FD:85:BE:34:0D:22:B3:B6:02:06:4C:5A:CB:EF:4C:AC:C1:18:64:15 637s X509v3 Key Usage: critical 637s Digital Signature, Non Repudiation, Key Encipherment 637s X509v3 Extended Key Usage: 637s TLS Web Client Authentication, E-mail Protection 637s X509v3 Subject Alternative Name: 637s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 637s Signature Algorithm: sha256WithRSAEncryption 637s Signature Value: 637s bb:74:de:d3:58:40:db:f1:df:ff:c8:8e:a0:f7:b0:ba:30:ae: 637s d3:58:65:7b:2d:c0:06:04:1f:fb:a2:fe:99:85:23:3b:fe:63: 637s b6:3c:42:5a:80:45:0b:97:4f:7f:82:d1:9e:af:ec:5a:f8:18: 637s 5e:b7:f1:54:36:76:0c:88:87:55:a9:5b:02:69:f4:6c:8d:70: 637s 7b:29:c3:66:80:fb:14:49:a1:d2:ea:a5:34:4b:4d:9a:eb:dd: 637s 9f:9c:e7:53:fa:7d:be:e9:d9:71:14:29:e8:4a:16:80:2e:b8: 637s 82:f1:90:cc:f5:a0:8e:0c:3b:9a:80:2d:8f:24:0c:aa:0f:ae: 637s ef:4a 637s + found_md5=Modulus=C36ABA7C81F663C22C89E86E032E4D6C3C62B83C6A15F2730F234677C35F54511A5CF8CBE97D276C1DFB510FD772D970860D20735EC8C057A6D8E6FAE9212473E5DA1A2F642D0E91B6AD3704B2C65EEE1FB9D1E5808F63B32F535BAEE31B33CFABD4924317C1BFA2F65CAD2CFFC6C6FA72D721C4BF803B1246C68DA726C57F87 637s + '[' Modulus=C36ABA7C81F663C22C89E86E032E4D6C3C62B83C6A15F2730F234677C35F54511A5CF8CBE97D276C1DFB510FD772D970860D20735EC8C057A6D8E6FAE9212473E5DA1A2F642D0E91B6AD3704B2C65EEE1FB9D1E5808F63B32F535BAEE31B33CFABD4924317C1BFA2F65CAD2CFFC6C6FA72D721C4BF803B1246C68DA726C57F87 '!=' Modulus=C36ABA7C81F663C22C89E86E032E4D6C3C62B83C6A15F2730F234677C35F54511A5CF8CBE97D276C1DFB510FD772D970860D20735EC8C057A6D8E6FAE9212473E5DA1A2F642D0E91B6AD3704B2C65EEE1FB9D1E5808F63B32F535BAEE31B33CFABD4924317C1BFA2F65CAD2CFFC6C6FA72D721C4BF803B1246C68DA726C57F87 ']' 637s + invalid_certificate /tmp/sssd-softhsm2-cIPFgF/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-17101 /tmp/sssd-softhsm2-cIPFgF/test-intermediate-CA.pem 637s + check_certificate /tmp/sssd-softhsm2-cIPFgF/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-17101 /tmp/sssd-softhsm2-cIPFgF/test-intermediate-CA.pem 637s + local certificate=/tmp/sssd-softhsm2-cIPFgF/test-intermediate-CA-trusted-certificate-0001.pem 637s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-17101 637s + local key_ring=/tmp/sssd-softhsm2-cIPFgF/test-intermediate-CA.pem 637s + local verify_option= 637s + prepare_softhsm2_card /tmp/sssd-softhsm2-cIPFgF/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-17101 637s + local certificate=/tmp/sssd-softhsm2-cIPFgF/test-intermediate-CA-trusted-certificate-0001.pem 637s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-17101 637s + local key_cn 637s + local key_name 637s + local tokens_dir 637s + local output_cert_file 637s + token_name= 637s ++ basename /tmp/sssd-softhsm2-cIPFgF/test-intermediate-CA-trusted-certificate-0001.pem .pem 637s + key_name=test-intermediate-CA-trusted-certificate-0001 637s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-cIPFgF/test-intermediate-CA-trusted-certificate-0001.pem 637s ++ sed -n 's/ *commonName *= //p' 637s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 637s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 637s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-cIPFgF/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 637s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-cIPFgF/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 637s ++ basename /tmp/sssd-softhsm2-cIPFgF/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 637s + tokens_dir=/tmp/sssd-softhsm2-cIPFgF/softhsm2-test-intermediate-CA-trusted-certificate-0001 637s + token_name='Test Organization Interme Token' 637s + '[' '!' -e /tmp/sssd-softhsm2-cIPFgF/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 637s Test Organization Interme Token 637s + '[' '!' -d /tmp/sssd-softhsm2-cIPFgF/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 637s + echo 'Test Organization Interme Token' 637s + '[' -n '' ']' 637s + local output_base_name=SSSD-child-28371 637s + local output_file=/tmp/sssd-softhsm2-cIPFgF/SSSD-child-28371.output 637s + output_cert_file=/tmp/sssd-softhsm2-cIPFgF/SSSD-child-28371.pem 637s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-cIPFgF/test-intermediate-CA.pem 637s [p11_child[3243]] [main] (0x0400): p11_child started. 637s [p11_child[3243]] [main] (0x2000): Running in [pre-auth] mode. 637s [p11_child[3243]] [main] (0x2000): Running with effective IDs: [0][0]. 637s [p11_child[3243]] [main] (0x2000): Running with real IDs [0][0]. 637s [p11_child[3243]] [do_card] (0x4000): Module List: 637s [p11_child[3243]] [do_card] (0x4000): common name: [softhsm2]. 637s [p11_child[3243]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 637s [p11_child[3243]] [do_card] (0x4000): Description [SoftHSM slot ID 0x3deb85ad] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 637s [p11_child[3243]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 637s [p11_child[3243]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x3deb85ad][1038845357] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 637s [p11_child[3243]] [do_card] (0x4000): Login NOT required. 637s [p11_child[3243]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 637s [p11_child[3243]] [do_verification] (0x0040): X509_verify_cert failed [0]. 637s [p11_child[3243]] [do_verification] (0x0040): X509_verify_cert failed [2][unable to get issuer certificate]. 637s [p11_child[3243]] [read_certs] (0x0040): Certificate [Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] not valid, skipping. 637s [p11_child[3243]] [do_card] (0x4000): No certificate found. 637s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-cIPFgF/SSSD-child-28371.output 637s + return 2 637s + valid_certificate /tmp/sssd-softhsm2-cIPFgF/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-17101 /tmp/sssd-softhsm2-cIPFgF/test-intermediate-CA.pem partial_chain 637s + check_certificate /tmp/sssd-softhsm2-cIPFgF/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-17101 /tmp/sssd-softhsm2-cIPFgF/test-intermediate-CA.pem partial_chain 637s + local certificate=/tmp/sssd-softhsm2-cIPFgF/test-intermediate-CA-trusted-certificate-0001.pem 637s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-17101 637s + local key_ring=/tmp/sssd-softhsm2-cIPFgF/test-intermediate-CA.pem 637s + local verify_option=partial_chain 637s + prepare_softhsm2_card /tmp/sssd-softhsm2-cIPFgF/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-17101 637s + local certificate=/tmp/sssd-softhsm2-cIPFgF/test-intermediate-CA-trusted-certificate-0001.pem 637s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-17101 637s + local key_cn 637s + local key_name 637s + local tokens_dir 637s + local output_cert_file 637s + token_name= 637s ++ basename /tmp/sssd-softhsm2-cIPFgF/test-intermediate-CA-trusted-certificate-0001.pem .pem 637s + key_name=test-intermediate-CA-trusted-certificate-0001 637s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-cIPFgF/test-intermediate-CA-trusted-certificate-0001.pem 637s ++ sed -n 's/ *commonName *= //p' 638s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 638s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 638s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-cIPFgF/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 638s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-cIPFgF/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 638s ++ basename /tmp/sssd-softhsm2-cIPFgF/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 638s + tokens_dir=/tmp/sssd-softhsm2-cIPFgF/softhsm2-test-intermediate-CA-trusted-certificate-0001 638s + token_name='Test Organization Interme Token' 638s + '[' '!' -e /tmp/sssd-softhsm2-cIPFgF/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 638s + '[' '!' -d /tmp/sssd-softhsm2-cIPFgF/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 638s + echo 'Test Organization Interme Token' 638s + '[' -n partial_chain ']' 638s + local verify_arg=--verify=partial_chain 638s + local output_base_name=SSSD-child-12608 638s + local output_file=/tmp/sssd-softhsm2-cIPFgF/SSSD-child-12608.output 638s + output_cert_file=/tmp/sssd-softhsm2-cIPFgF/SSSD-child-12608.pem 638s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-cIPFgF/test-intermediate-CA.pem 638s Test Organization Interme Token 638s [p11_child[3250]] [main] (0x0400): p11_child started. 638s [p11_child[3250]] [main] (0x2000): Running in [pre-auth] mode. 638s [p11_child[3250]] [main] (0x2000): Running with effective IDs: [0][0]. 638s [p11_child[3250]] [main] (0x2000): Running with real IDs [0][0]. 638s [p11_child[3250]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 638s [p11_child[3250]] [do_card] (0x4000): Module List: 638s [p11_child[3250]] [do_card] (0x4000): common name: [softhsm2]. 638s [p11_child[3250]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 638s [p11_child[3250]] [do_card] (0x4000): Description [SoftHSM slot ID 0x3deb85ad] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 638s [p11_child[3250]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 638s [p11_child[3250]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x3deb85ad][1038845357] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 638s [p11_child[3250]] [do_card] (0x4000): Login NOT required. 638s [p11_child[3250]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 638s [p11_child[3250]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 638s [p11_child[3250]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Interme Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 638s [p11_child[3250]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x3deb85ad;slot-manufacturer=SoftHSM%20project;slot-id=1038845357;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=ffe6f8193deb85ad;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 638s [p11_child[3250]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 638s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-cIPFgF/SSSD-child-12608.output 638s + echo '-----BEGIN CERTIFICATE-----' 638s + tail -n1 /tmp/sssd-softhsm2-cIPFgF/SSSD-child-12608.output 638s + echo '-----END CERTIFICATE-----' 638s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-cIPFgF/SSSD-child-12608.pem 638s Certificate: 638s Data: 638s Version: 3 (0x2) 638s Serial Number: 4 (0x4) 638s Signature Algorithm: sha256WithRSAEncryption 638s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 638s Validity 638s Not Before: Mar 20 04:53:15 2024 GMT 638s Not After : Mar 20 04:53:15 2025 GMT 638s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 638s Subject Public Key Info: 638s Public Key Algorithm: rsaEncryption 638s Public-Key: (1024 bit) 638s Modulus: 638s 00:c3:6a:ba:7c:81:f6:63:c2:2c:89:e8:6e:03:2e: 638s 4d:6c:3c:62:b8:3c:6a:15:f2:73:0f:23:46:77:c3: 638s 5f:54:51:1a:5c:f8:cb:e9:7d:27:6c:1d:fb:51:0f: 638s d7:72:d9:70:86:0d:20:73:5e:c8:c0:57:a6:d8:e6: 638s fa:e9:21:24:73:e5:da:1a:2f:64:2d:0e:91:b6:ad: 638s 37:04:b2:c6:5e:ee:1f:b9:d1:e5:80:8f:63:b3:2f: 638s 53:5b:ae:e3:1b:33:cf:ab:d4:92:43:17:c1:bf:a2: 638s f6:5c:ad:2c:ff:c6:c6:fa:72:d7:21:c4:bf:80:3b: 638s 12:46:c6:8d:a7:26:c5:7f:87 638s Exponent: 65537 (0x10001) 638s X509v3 extensions: 638s X509v3 Authority Key Identifier: 638s ED:55:53:47:97:65:60:11:04:4D:6B:C3:68:A4:72:22:0A:9C:BE:C6 638s X509v3 Basic Constraints: 638s CA:FALSE 638s Netscape Cert Type: 638s SSL Client, S/MIME 638s Netscape Comment: 638s Test Organization Intermediate CA trusted Certificate 638s X509v3 Subject Key Identifier: 638s FD:85:BE:34:0D:22:B3:B6:02:06:4C:5A:CB:EF:4C:AC:C1:18:64:15 638s X509v3 Key Usage: critical 638s Digital Signature, Non Repudiation, Key Encipherment 638s X509v3 Extended Key Usage: 638s TLS Web Client Authentication, E-mail Protection 638s X509v3 Subject Alternative Name: 638s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 638s Signature Algorithm: sha256WithRSAEncryption 638s Signature Value: 638s bb:74:de:d3:58:40:db:f1:df:ff:c8:8e:a0:f7:b0:ba:30:ae: 638s d3:58:65:7b:2d:c0:06:04:1f:fb:a2:fe:99:85:23:3b:fe:63: 638s b6:3c:42:5a:80:45:0b:97:4f:7f:82:d1:9e:af:ec:5a:f8:18: 638s 5e:b7:f1:54:36:76:0c:88:87:55:a9:5b:02:69:f4:6c:8d:70: 638s 7b:29:c3:66:80:fb:14:49:a1:d2:ea:a5:34:4b:4d:9a:eb:dd: 638s 9f:9c:e7:53:fa:7d:be:e9:d9:71:14:29:e8:4a:16:80:2e:b8: 638s 82:f1:90:cc:f5:a0:8e:0c:3b:9a:80:2d:8f:24:0c:aa:0f:ae: 638s ef:4a 638s + local found_md5 expected_md5 638s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-cIPFgF/test-intermediate-CA-trusted-certificate-0001.pem 638s + expected_md5=Modulus=C36ABA7C81F663C22C89E86E032E4D6C3C62B83C6A15F2730F234677C35F54511A5CF8CBE97D276C1DFB510FD772D970860D20735EC8C057A6D8E6FAE9212473E5DA1A2F642D0E91B6AD3704B2C65EEE1FB9D1E5808F63B32F535BAEE31B33CFABD4924317C1BFA2F65CAD2CFFC6C6FA72D721C4BF803B1246C68DA726C57F87 638s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-cIPFgF/SSSD-child-12608.pem 638s + found_md5=Modulus=C36ABA7C81F663C22C89E86E032E4D6C3C62B83C6A15F2730F234677C35F54511A5CF8CBE97D276C1DFB510FD772D970860D20735EC8C057A6D8E6FAE9212473E5DA1A2F642D0E91B6AD3704B2C65EEE1FB9D1E5808F63B32F535BAEE31B33CFABD4924317C1BFA2F65CAD2CFFC6C6FA72D721C4BF803B1246C68DA726C57F87 638s + '[' Modulus=C36ABA7C81F663C22C89E86E032E4D6C3C62B83C6A15F2730F234677C35F54511A5CF8CBE97D276C1DFB510FD772D970860D20735EC8C057A6D8E6FAE9212473E5DA1A2F642D0E91B6AD3704B2C65EEE1FB9D1E5808F63B32F535BAEE31B33CFABD4924317C1BFA2F65CAD2CFFC6C6FA72D721C4BF803B1246C68DA726C57F87 '!=' Modulus=C36ABA7C81F663C22C89E86E032E4D6C3C62B83C6A15F2730F234677C35F54511A5CF8CBE97D276C1DFB510FD772D970860D20735EC8C057A6D8E6FAE9212473E5DA1A2F642D0E91B6AD3704B2C65EEE1FB9D1E5808F63B32F535BAEE31B33CFABD4924317C1BFA2F65CAD2CFFC6C6FA72D721C4BF803B1246C68DA726C57F87 ']' 638s + output_file=/tmp/sssd-softhsm2-cIPFgF/SSSD-child-12608-auth.output 638s ++ basename /tmp/sssd-softhsm2-cIPFgF/SSSD-child-12608-auth.output .output 638s + output_cert_file=/tmp/sssd-softhsm2-cIPFgF/SSSD-child-12608-auth.pem 638s + echo -n 053350 638s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-cIPFgF/test-intermediate-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Interme Token' --module_name /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so 638s [p11_child[3258]] [main] (0x0400): p11_child started. 638s [p11_child[3258]] [main] (0x2000): Running in [auth] mode. 638s [p11_child[3258]] [main] (0x2000): Running with effective IDs: [0][0]. 638s [p11_child[3258]] [main] (0x2000): Running with real IDs [0][0]. 638s [p11_child[3258]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 638s [p11_child[3258]] [do_card] (0x4000): Module List: 638s [p11_child[3258]] [do_card] (0x4000): common name: [softhsm2]. 638s [p11_child[3258]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 638s [p11_child[3258]] [do_card] (0x4000): Description [SoftHSM slot ID 0x3deb85ad] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 638s [p11_child[3258]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 638s [p11_child[3258]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x3deb85ad][1038845357] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 638s [p11_child[3258]] [do_card] (0x4000): Login required. 638s [p11_child[3258]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 638s [p11_child[3258]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 638s [p11_child[3258]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so Test Organization Interme Token Test Organization Interme Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 638s [p11_child[3258]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x3deb85ad;slot-manufacturer=SoftHSM%20project;slot-id=1038845357;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=ffe6f8193deb85ad;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 638s [p11_child[3258]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 638s [p11_child[3258]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 638s [p11_child[3258]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 638s [p11_child[3258]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 638s [p11_child[3258]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 638s [p11_child[3258]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 638s [p11_child[3258]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 638s [p11_child[3258]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 638s [p11_child[3258]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 638s [p11_child[3258]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 638s [p11_child[3258]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 638s [p11_child[3258]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 638s [p11_child[3258]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 638s [p11_child[3258]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 638s [p11_child[3258]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 638s [p11_child[3258]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 638s [p11_child[3258]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 638s [p11_child[3258]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 638s [p11_child[3258]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 638s [p11_child[3258]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 638s [p11_child[3258]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 638s [p11_child[3258]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 638s [p11_child[3258]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 638s [p11_child[3258]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 638s [p11_child[3258]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 638s [p11_child[3258]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 638s [p11_child[3258]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 638s [p11_child[3258]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 638s [p11_child[3258]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 638s [p11_child[3258]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 638s [p11_child[3258]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 638s [p11_child[3258]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 638s [p11_child[3258]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 638s [p11_child[3258]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 638s [p11_child[3258]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 638s [p11_child[3258]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 638s [p11_child[3258]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 638s [p11_child[3258]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 638s [p11_child[3258]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 638s [p11_child[3258]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 638s [p11_child[3258]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 638s [p11_child[3258]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 638s [p11_child[3258]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 638s [p11_child[3258]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 638s [p11_child[3258]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 638s [p11_child[3258]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 638s [p11_child[3258]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 638s [p11_child[3258]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 638s [p11_child[3258]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 638s [p11_child[3258]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 638s [p11_child[3258]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 638s [p11_child[3258]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 638s [p11_child[3258]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 638s [p11_child[3258]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 638s [p11_child[3258]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 638s [p11_child[3258]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 638s [p11_child[3258]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 638s [p11_child[3258]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 638s [p11_child[3258]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 638s [p11_child[3258]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 638s [p11_child[3258]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 638s [p11_child[3258]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 638s [p11_child[3258]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 638s [p11_child[3258]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 638s [p11_child[3258]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 638s [p11_child[3258]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 638s [p11_child[3258]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 638s [p11_child[3258]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 638s [p11_child[3258]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 638s [p11_child[3258]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 638s [p11_child[3258]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 638s [p11_child[3258]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 638s [p11_child[3258]] [do_card] (0x4000): Certificate verified and validated. 638s [p11_child[3258]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 638s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-cIPFgF/SSSD-child-12608-auth.output 638s + echo '-----BEGIN CERTIFICATE-----' 638s + tail -n1 /tmp/sssd-softhsm2-cIPFgF/SSSD-child-12608-auth.output 638s + echo '-----END CERTIFICATE-----' 638s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-cIPFgF/SSSD-child-12608-auth.pem 638s Certificate: 638s Data: 638s Version: 3 (0x2) 638s Serial Number: 4 (0x4) 638s Signature Algorithm: sha256WithRSAEncryption 638s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 638s Validity 638s Not Before: Mar 20 04:53:15 2024 GMT 638s Not After : Mar 20 04:53:15 2025 GMT 638s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 638s Subject Public Key Info: 638s Public Key Algorithm: rsaEncryption 638s Public-Key: (1024 bit) 638s Modulus: 638s 00:c3:6a:ba:7c:81:f6:63:c2:2c:89:e8:6e:03:2e: 638s 4d:6c:3c:62:b8:3c:6a:15:f2:73:0f:23:46:77:c3: 638s 5f:54:51:1a:5c:f8:cb:e9:7d:27:6c:1d:fb:51:0f: 638s d7:72:d9:70:86:0d:20:73:5e:c8:c0:57:a6:d8:e6: 638s fa:e9:21:24:73:e5:da:1a:2f:64:2d:0e:91:b6:ad: 638s 37:04:b2:c6:5e:ee:1f:b9:d1:e5:80:8f:63:b3:2f: 638s 53:5b:ae:e3:1b:33:cf:ab:d4:92:43:17:c1:bf:a2: 638s f6:5c:ad:2c:ff:c6:c6:fa:72:d7:21:c4:bf:80:3b: 638s 12:46:c6:8d:a7:26:c5:7f:87 638s Exponent: 65537 (0x10001) 638s X509v3 extensions: 638s X509v3 Authority Key Identifier: 638s ED:55:53:47:97:65:60:11:04:4D:6B:C3:68:A4:72:22:0A:9C:BE:C6 638s X509v3 Basic Constraints: 638s CA:FALSE 638s Netscape Cert Type: 638s SSL Client, S/MIME 638s Netscape Comment: 638s Test Organization Intermediate CA trusted Certificate 638s X509v3 Subject Key Identifier: 638s FD:85:BE:34:0D:22:B3:B6:02:06:4C:5A:CB:EF:4C:AC:C1:18:64:15 638s X509v3 Key Usage: critical 638s Digital Signature, Non Repudiation, Key Encipherment 638s X509v3 Extended Key Usage: 638s TLS Web Client Authentication, E-mail Protection 638s X509v3 Subject Alternative Name: 638s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 638s Signature Algorithm: sha256WithRSAEncryption 638s Signature Value: 638s bb:74:de:d3:58:40:db:f1:df:ff:c8:8e:a0:f7:b0:ba:30:ae: 638s d3:58:65:7b:2d:c0:06:04:1f:fb:a2:fe:99:85:23:3b:fe:63: 638s b6:3c:42:5a:80:45:0b:97:4f:7f:82:d1:9e:af:ec:5a:f8:18: 638s 5e:b7:f1:54:36:76:0c:88:87:55:a9:5b:02:69:f4:6c:8d:70: 638s 7b:29:c3:66:80:fb:14:49:a1:d2:ea:a5:34:4b:4d:9a:eb:dd: 638s 9f:9c:e7:53:fa:7d:be:e9:d9:71:14:29:e8:4a:16:80:2e:b8: 638s 82:f1:90:cc:f5:a0:8e:0c:3b:9a:80:2d:8f:24:0c:aa:0f:ae: 638s ef:4a 638s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-cIPFgF/SSSD-child-12608-auth.pem 638s + found_md5=Modulus=C36ABA7C81F663C22C89E86E032E4D6C3C62B83C6A15F2730F234677C35F54511A5CF8CBE97D276C1DFB510FD772D970860D20735EC8C057A6D8E6FAE9212473E5DA1A2F642D0E91B6AD3704B2C65EEE1FB9D1E5808F63B32F535BAEE31B33CFABD4924317C1BFA2F65CAD2CFFC6C6FA72D721C4BF803B1246C68DA726C57F87 638s + '[' Modulus=C36ABA7C81F663C22C89E86E032E4D6C3C62B83C6A15F2730F234677C35F54511A5CF8CBE97D276C1DFB510FD772D970860D20735EC8C057A6D8E6FAE9212473E5DA1A2F642D0E91B6AD3704B2C65EEE1FB9D1E5808F63B32F535BAEE31B33CFABD4924317C1BFA2F65CAD2CFFC6C6FA72D721C4BF803B1246C68DA726C57F87 '!=' Modulus=C36ABA7C81F663C22C89E86E032E4D6C3C62B83C6A15F2730F234677C35F54511A5CF8CBE97D276C1DFB510FD772D970860D20735EC8C057A6D8E6FAE9212473E5DA1A2F642D0E91B6AD3704B2C65EEE1FB9D1E5808F63B32F535BAEE31B33CFABD4924317C1BFA2F65CAD2CFFC6C6FA72D721C4BF803B1246C68DA726C57F87 ']' 638s + invalid_certificate /tmp/sssd-softhsm2-cIPFgF/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-13609 /tmp/sssd-softhsm2-cIPFgF/test-root-CA.pem 638s + check_certificate /tmp/sssd-softhsm2-cIPFgF/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-13609 /tmp/sssd-softhsm2-cIPFgF/test-root-CA.pem 638s + local certificate=/tmp/sssd-softhsm2-cIPFgF/test-sub-intermediate-CA-trusted-certificate-0001.pem 638s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-13609 638s + local key_ring=/tmp/sssd-softhsm2-cIPFgF/test-root-CA.pem 638s + local verify_option= 638s + prepare_softhsm2_card /tmp/sssd-softhsm2-cIPFgF/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-13609 638s + local certificate=/tmp/sssd-softhsm2-cIPFgF/test-sub-intermediate-CA-trusted-certificate-0001.pem 638s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-13609 638s + local key_cn 638s + local key_name 638s + local tokens_dir 638s + local output_cert_file 638s + token_name= 638s ++ basename /tmp/sssd-softhsm2-cIPFgF/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 638s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 638s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-cIPFgF/test-sub-intermediate-CA-trusted-certificate-0001.pem 638s ++ sed -n 's/ *commonName *= //p' 639s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 639s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 639s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-cIPFgF/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 639s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-cIPFgF/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 639s ++ basename /tmp/sssd-softhsm2-cIPFgF/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 639s + tokens_dir=/tmp/sssd-softhsm2-cIPFgF/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 639s + token_name='Test Organization Sub Int Token' 639s + '[' '!' -e /tmp/sssd-softhsm2-cIPFgF/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 639s + local key_file 639s + local decrypted_key 639s + mkdir -p /tmp/sssd-softhsm2-cIPFgF/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 639s + key_file=/tmp/sssd-softhsm2-cIPFgF/test-sub-intermediate-CA-trusted-certificate-0001-key.pem 639s + decrypted_key=/tmp/sssd-softhsm2-cIPFgF/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 639s + cat 639s + softhsm2-util --init-token --label 'Test Organization Sub Int Token' --pin 053350 --so-pin 053350 --free 639s Slot 0 has a free/uninitialized token. 639s The token has been initialized and is reassigned to slot 1070165882 639s + softhsm2-util --show-slots 639s Available slots: 639s Slot 1070165882 639s Slot info: 639s Description: SoftHSM slot ID 0x3fc96f7a 639s Manufacturer ID: SoftHSM project 639s Hardware version: 2.6 639s Firmware version: 2.6 639s Token present: yes 639s Token info: 639s Manufacturer ID: SoftHSM project 639s Model: SoftHSM v2 639s Hardware version: 2.6 639s Firmware version: 2.6 639s Serial number: 868660683fc96f7a 639s Initialized: yes 639s User PIN init.: yes 639s Label: Test Organization Sub Int Token 639s Slot 1 639s Slot info: 639s Description: SoftHSM slot ID 0x1 639s Manufacturer ID: SoftHSM project 639s Hardware version: 2.6 639s Firmware version: 2.6 639s Token present: yes 639s Token info: 639s Manufacturer ID: SoftHSM project 639s Model: SoftHSM v2 639s Hardware version: 2.6 639s Firmware version: 2.6 639s Serial number: 639s Initialized: no 639s User PIN init.: no 639s Label: 639s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=/tmp/sssd-softhsm2-cIPFgF/test-sub-intermediate-CA-trusted-certificate-0001.pem --login --set-pin=053350 --label 'Test Organization Sub Intermediate Trusted Certificate 0001' --id 00112233445566778899FFAABBCCDDEEFF012345 639s + openssl rsa -passin pass:random-sub-intermediate-ca-trusted-cert-0001-13609 -in /tmp/sssd-softhsm2-cIPFgF/test-sub-intermediate-CA-trusted-certificate-0001-key.pem -out /tmp/sssd-softhsm2-cIPFgF/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 639s writing RSA key 639s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --write --load-privkey=/tmp/sssd-softhsm2-cIPFgF/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem --login --set-pin=053350 --label 'Test Organization Sub Intermediate Trusted Certificate 0001 Key' --id 00112233445566778899FFAABBCCDDEEFF012345 639s + rm /tmp/sssd-softhsm2-cIPFgF/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 639s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --list-all 639s Object 0: 639s URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=868660683fc96f7a;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert 639s Type: X.509 Certificate (RSA-1024) 639s Expires: Thu Mar 20 04:53:15 2025 639s Label: Test Organization Sub Intermediate Trusted Certificate 0001 639s ID: 00:11:22:33:44:55:66:77:88:99:ff:aa:bb:cc:dd:ee:ff:01:23:45 639s 639s Test Organization Sub Int Token 639s + echo 'Test Organization Sub Int Token' 639s + '[' -n '' ']' 639s + local output_base_name=SSSD-child-19881 639s + local output_file=/tmp/sssd-softhsm2-cIPFgF/SSSD-child-19881.output 639s + output_cert_file=/tmp/sssd-softhsm2-cIPFgF/SSSD-child-19881.pem 639s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-cIPFgF/test-root-CA.pem 639s [p11_child[3277]] [main] (0x0400): p11_child started. 639s [p11_child[3277]] [main] (0x2000): Running in [pre-auth] mode. 639s [p11_child[3277]] [main] (0x2000): Running with effective IDs: [0][0]. 639s [p11_child[3277]] [main] (0x2000): Running with real IDs [0][0]. 639s [p11_child[3277]] [do_card] (0x4000): Module List: 639s [p11_child[3277]] [do_card] (0x4000): common name: [softhsm2]. 639s [p11_child[3277]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 639s [p11_child[3277]] [do_card] (0x4000): Description [SoftHSM slot ID 0x3fc96f7a] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 639s [p11_child[3277]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 639s [p11_child[3277]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x3fc96f7a][1070165882] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 639s [p11_child[3277]] [do_card] (0x4000): Login NOT required. 639s [p11_child[3277]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 639s [p11_child[3277]] [do_verification] (0x0040): X509_verify_cert failed [0]. 639s [p11_child[3277]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 639s [p11_child[3277]] [read_certs] (0x0040): Certificate [Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] not valid, skipping. 639s [p11_child[3277]] [do_card] (0x4000): No certificate found. 639s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-cIPFgF/SSSD-child-19881.output 639s + return 2 639s + invalid_certificate /tmp/sssd-softhsm2-cIPFgF/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-13609 /tmp/sssd-softhsm2-cIPFgF/test-root-CA.pem partial_chain 639s + check_certificate /tmp/sssd-softhsm2-cIPFgF/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-13609 /tmp/sssd-softhsm2-cIPFgF/test-root-CA.pem partial_chain 639s + local certificate=/tmp/sssd-softhsm2-cIPFgF/test-sub-intermediate-CA-trusted-certificate-0001.pem 639s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-13609 639s + local key_ring=/tmp/sssd-softhsm2-cIPFgF/test-root-CA.pem 639s + local verify_option=partial_chain 639s + prepare_softhsm2_card /tmp/sssd-softhsm2-cIPFgF/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-13609 639s + local certificate=/tmp/sssd-softhsm2-cIPFgF/test-sub-intermediate-CA-trusted-certificate-0001.pem 639s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-13609 639s + local key_cn 639s + local key_name 639s + local tokens_dir 639s + local output_cert_file 639s + token_name= 639s ++ basename /tmp/sssd-softhsm2-cIPFgF/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 639s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 639s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-cIPFgF/test-sub-intermediate-CA-trusted-certificate-0001.pem 639s ++ sed -n 's/ *commonName *= //p' 639s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 639s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 639s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-cIPFgF/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 639s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-cIPFgF/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 639s ++ basename /tmp/sssd-softhsm2-cIPFgF/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 639s + tokens_dir=/tmp/sssd-softhsm2-cIPFgF/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 639s + token_name='Test Organization Sub Int Token' 639s + '[' '!' -e /tmp/sssd-softhsm2-cIPFgF/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 639s Test Organization Sub Int Token 639s + '[' '!' -d /tmp/sssd-softhsm2-cIPFgF/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 639s + echo 'Test Organization Sub Int Token' 639s + '[' -n partial_chain ']' 639s + local verify_arg=--verify=partial_chain 639s + local output_base_name=SSSD-child-6608 639s + local output_file=/tmp/sssd-softhsm2-cIPFgF/SSSD-child-6608.output 639s + output_cert_file=/tmp/sssd-softhsm2-cIPFgF/SSSD-child-6608.pem 639s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-cIPFgF/test-root-CA.pem 639s [p11_child[3284]] [main] (0x0400): p11_child started. 639s [p11_child[3284]] [main] (0x2000): Running in [pre-auth] mode. 639s [p11_child[3284]] [main] (0x2000): Running with effective IDs: [0][0]. 639s [p11_child[3284]] [main] (0x2000): Running with real IDs [0][0]. 639s [p11_child[3284]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 639s [p11_child[3284]] [do_card] (0x4000): Module List: 639s [p11_child[3284]] [do_card] (0x4000): common name: [softhsm2]. 639s [p11_child[3284]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 639s [p11_child[3284]] [do_card] (0x4000): Description [SoftHSM slot ID 0x3fc96f7a] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 639s [p11_child[3284]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 639s [p11_child[3284]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x3fc96f7a][1070165882] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 639s [p11_child[3284]] [do_card] (0x4000): Login NOT required. 639s [p11_child[3284]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 639s [p11_child[3284]] [do_verification] (0x0040): X509_verify_cert failed [0]. 639s [p11_child[3284]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 639s [p11_child[3284]] [read_certs] (0x0040): Certificate [Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] not valid, skipping. 639s [p11_child[3284]] [do_card] (0x4000): No certificate found. 639s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-cIPFgF/SSSD-child-6608.output 639s + return 2 639s + valid_certificate /tmp/sssd-softhsm2-cIPFgF/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-13609 /tmp/sssd-softhsm2-cIPFgF/test-full-chain-CA.pem 639s + check_certificate /tmp/sssd-softhsm2-cIPFgF/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-13609 /tmp/sssd-softhsm2-cIPFgF/test-full-chain-CA.pem 639s + local certificate=/tmp/sssd-softhsm2-cIPFgF/test-sub-intermediate-CA-trusted-certificate-0001.pem 639s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-13609 639s + local key_ring=/tmp/sssd-softhsm2-cIPFgF/test-full-chain-CA.pem 639s + local verify_option= 639s + prepare_softhsm2_card /tmp/sssd-softhsm2-cIPFgF/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-13609 639s + local certificate=/tmp/sssd-softhsm2-cIPFgF/test-sub-intermediate-CA-trusted-certificate-0001.pem 639s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-13609 639s + local key_cn 639s + local key_name 639s + local tokens_dir 639s + local output_cert_file 639s + token_name= 639s ++ basename /tmp/sssd-softhsm2-cIPFgF/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 639s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 639s ++ sed -n 's/ *commonName *= //p' 639s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-cIPFgF/test-sub-intermediate-CA-trusted-certificate-0001.pem 639s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 639s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 639s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-cIPFgF/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 639s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-cIPFgF/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 639s ++ basename /tmp/sssd-softhsm2-cIPFgF/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 639s + tokens_dir=/tmp/sssd-softhsm2-cIPFgF/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 639s + token_name='Test Organization Sub Int Token' 639s + '[' '!' -e /tmp/sssd-softhsm2-cIPFgF/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 639s + '[' '!' -d /tmp/sssd-softhsm2-cIPFgF/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 639s + echo 'Test Organization Sub Int Token' 639s Test Organization Sub Int Token 639s + '[' -n '' ']' 639s + local output_base_name=SSSD-child-8851 639s + local output_file=/tmp/sssd-softhsm2-cIPFgF/SSSD-child-8851.output 639s + output_cert_file=/tmp/sssd-softhsm2-cIPFgF/SSSD-child-8851.pem 639s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-cIPFgF/test-full-chain-CA.pem 639s [p11_child[3291]] [main] (0x0400): p11_child started. 639s [p11_child[3291]] [main] (0x2000): Running in [pre-auth] mode. 639s [p11_child[3291]] [main] (0x2000): Running with effective IDs: [0][0]. 639s [p11_child[3291]] [main] (0x2000): Running with real IDs [0][0]. 639s [p11_child[3291]] [do_card] (0x4000): Module List: 639s [p11_child[3291]] [do_card] (0x4000): common name: [softhsm2]. 639s [p11_child[3291]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 639s [p11_child[3291]] [do_card] (0x4000): Description [SoftHSM slot ID 0x3fc96f7a] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 639s [p11_child[3291]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 639s [p11_child[3291]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x3fc96f7a][1070165882] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 639s [p11_child[3291]] [do_card] (0x4000): Login NOT required. 639s [p11_child[3291]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 639s [p11_child[3291]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 639s [p11_child[3291]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Sub Int Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 639s [p11_child[3291]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x3fc96f7a;slot-manufacturer=SoftHSM%20project;slot-id=1070165882;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=868660683fc96f7a;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 639s [p11_child[3291]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 639s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-cIPFgF/SSSD-child-8851.output 639s + echo '-----BEGIN CERTIFICATE-----' 639s + tail -n1 /tmp/sssd-softhsm2-cIPFgF/SSSD-child-8851.output 639s + echo '-----END CERTIFICATE-----' 639s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-cIPFgF/SSSD-child-8851.pem 640s Certificate: 640s Data: 640s Version: 3 (0x2) 640s Serial Number: 5 (0x5) 640s Signature Algorithm: sha256WithRSAEncryption 640s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 640s Validity 640s Not Before: Mar 20 04:53:15 2024 GMT 640s Not After : Mar 20 04:53:15 2025 GMT 640s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 640s Subject Public Key Info: 640s Public Key Algorithm: rsaEncryption 640s Public-Key: (1024 bit) 640s Modulus: 640s 00:e0:07:85:93:dd:40:c2:8f:be:ec:38:59:8a:f8: 640s f3:f0:37:b2:33:45:60:bf:a2:28:7b:63:9e:a8:45: 640s 1e:59:f5:33:b5:e3:64:2a:bb:c0:e6:3c:ce:5a:14: 640s 16:23:43:f2:05:af:d6:a2:e1:9a:b1:09:90:13:f8: 640s bb:1e:30:1a:4d:a4:07:ed:d1:ac:07:49:57:3c:fb: 640s 0d:4a:c7:70:30:2b:7d:63:dd:71:25:4c:77:2c:8e: 640s 39:9a:48:a1:38:33:a1:f6:12:49:9b:03:86:d8:64: 640s 44:ae:3c:db:91:ab:3b:7b:cf:eb:2a:cd:81:64:bc: 640s 5b:57:b7:47:8f:f0:4c:b5:af 640s Exponent: 65537 (0x10001) 640s X509v3 extensions: 640s X509v3 Authority Key Identifier: 640s 21:85:DE:D1:F9:B1:57:62:BC:5E:71:3D:B3:83:E3:39:62:A5:72:5C 640s X509v3 Basic Constraints: 640s CA:FALSE 640s Netscape Cert Type: 640s SSL Client, S/MIME 640s Netscape Comment: 640s Test Organization Sub Intermediate CA trusted Certificate 640s X509v3 Subject Key Identifier: 640s 73:91:16:18:66:75:29:A1:2E:EF:F8:21:72:9B:AF:E9:E1:61:A7:58 640s X509v3 Key Usage: critical 640s Digital Signature, Non Repudiation, Key Encipherment 640s X509v3 Extended Key Usage: 640s TLS Web Client Authentication, E-mail Protection 640s X509v3 Subject Alternative Name: 640s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 640s Signature Algorithm: sha256WithRSAEncryption 640s Signature Value: 640s ba:1a:51:9e:61:27:ae:11:10:ba:da:f0:3c:c6:ec:b0:e9:51: 640s 44:6a:fe:fc:86:1c:11:f4:dc:64:0e:f4:92:d0:47:22:1e:6e: 640s 56:0e:c0:e9:93:73:1c:1e:92:42:91:18:a8:c8:57:8c:c1:62: 640s 96:16:db:1a:83:a2:8d:fd:b7:66:11:80:5d:4a:f0:51:83:1a: 640s 16:db:b4:95:f6:1b:a1:1e:5c:b6:24:40:c6:db:92:e9:42:4f: 640s 6e:13:ec:a7:64:6b:42:2c:b0:56:eb:68:12:be:f7:1b:60:36: 640s 31:53:c8:ba:3c:c1:03:c6:dd:42:2b:99:7c:86:61:45:c3:14: 640s 37:51 640s + local found_md5 expected_md5 640s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-cIPFgF/test-sub-intermediate-CA-trusted-certificate-0001.pem 640s + expected_md5=Modulus=E0078593DD40C28FBEEC38598AF8F3F037B2334560BFA2287B639EA8451E59F533B5E3642ABBC0E63CCE5A14162343F205AFD6A2E19AB1099013F8BB1E301A4DA407EDD1AC0749573CFB0D4AC770302B7D63DD71254C772C8E399A48A13833A1F612499B0386D86444AE3CDB91AB3B7BCFEB2ACD8164BC5B57B7478FF04CB5AF 640s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-cIPFgF/SSSD-child-8851.pem 640s + found_md5=Modulus=E0078593DD40C28FBEEC38598AF8F3F037B2334560BFA2287B639EA8451E59F533B5E3642ABBC0E63CCE5A14162343F205AFD6A2E19AB1099013F8BB1E301A4DA407EDD1AC0749573CFB0D4AC770302B7D63DD71254C772C8E399A48A13833A1F612499B0386D86444AE3CDB91AB3B7BCFEB2ACD8164BC5B57B7478FF04CB5AF 640s + '[' Modulus=E0078593DD40C28FBEEC38598AF8F3F037B2334560BFA2287B639EA8451E59F533B5E3642ABBC0E63CCE5A14162343F205AFD6A2E19AB1099013F8BB1E301A4DA407EDD1AC0749573CFB0D4AC770302B7D63DD71254C772C8E399A48A13833A1F612499B0386D86444AE3CDB91AB3B7BCFEB2ACD8164BC5B57B7478FF04CB5AF '!=' Modulus=E0078593DD40C28FBEEC38598AF8F3F037B2334560BFA2287B639EA8451E59F533B5E3642ABBC0E63CCE5A14162343F205AFD6A2E19AB1099013F8BB1E301A4DA407EDD1AC0749573CFB0D4AC770302B7D63DD71254C772C8E399A48A13833A1F612499B0386D86444AE3CDB91AB3B7BCFEB2ACD8164BC5B57B7478FF04CB5AF ']' 640s + output_file=/tmp/sssd-softhsm2-cIPFgF/SSSD-child-8851-auth.output 640s ++ basename /tmp/sssd-softhsm2-cIPFgF/SSSD-child-8851-auth.output .output 640s + output_cert_file=/tmp/sssd-softhsm2-cIPFgF/SSSD-child-8851-auth.pem 640s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-cIPFgF/test-full-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 '' --token_name 'Test Organization Sub Int Token' --module_name /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so 640s + echo -n 053350 640s [p11_child[3299]] [main] (0x0400): p11_child started. 640s [p11_child[3299]] [main] (0x2000): Running in [auth] mode. 640s [p11_child[3299]] [main] (0x2000): Running with effective IDs: [0][0]. 640s [p11_child[3299]] [main] (0x2000): Running with real IDs [0][0]. 640s [p11_child[3299]] [do_card] (0x4000): Module List: 640s [p11_child[3299]] [do_card] (0x4000): common name: [softhsm2]. 640s [p11_child[3299]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 640s [p11_child[3299]] [do_card] (0x4000): Description [SoftHSM slot ID 0x3fc96f7a] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 640s [p11_child[3299]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 640s [p11_child[3299]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x3fc96f7a][1070165882] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 640s [p11_child[3299]] [do_card] (0x4000): Login required. 640s [p11_child[3299]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 640s [p11_child[3299]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 640s [p11_child[3299]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so Test Organization Sub Int Token Test Organization Sub Int Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 640s [p11_child[3299]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x3fc96f7a;slot-manufacturer=SoftHSM%20project;slot-id=1070165882;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=868660683fc96f7a;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 640s [p11_child[3299]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 640s [p11_child[3299]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 640s [p11_child[3299]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 640s [p11_child[3299]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 640s [p11_child[3299]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 640s [p11_child[3299]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 640s [p11_child[3299]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 640s [p11_child[3299]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 640s [p11_child[3299]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 640s [p11_child[3299]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 640s [p11_child[3299]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 640s [p11_child[3299]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 640s [p11_child[3299]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 640s [p11_child[3299]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 640s [p11_child[3299]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 640s [p11_child[3299]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 640s [p11_child[3299]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 640s [p11_child[3299]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 640s [p11_child[3299]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 640s [p11_child[3299]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 640s [p11_child[3299]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 640s [p11_child[3299]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 640s [p11_child[3299]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 640s [p11_child[3299]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 640s [p11_child[3299]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 640s [p11_child[3299]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 640s [p11_child[3299]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 640s [p11_child[3299]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 640s [p11_child[3299]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 640s [p11_child[3299]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 640s [p11_child[3299]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 640s [p11_child[3299]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 640s [p11_child[3299]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 640s [p11_child[3299]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 640s [p11_child[3299]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 640s [p11_child[3299]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 640s [p11_child[3299]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 640s [p11_child[3299]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 640s [p11_child[3299]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 640s [p11_child[3299]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 640s [p11_child[3299]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 640s [p11_child[3299]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 640s [p11_child[3299]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 640s [p11_child[3299]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 640s [p11_child[3299]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 640s [p11_child[3299]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 640s [p11_child[3299]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 640s [p11_child[3299]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 640s [p11_child[3299]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 640s [p11_child[3299]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 640s [p11_child[3299]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 640s [p11_child[3299]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 640s [p11_child[3299]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 640s [p11_child[3299]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 640s [p11_child[3299]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 640s [p11_child[3299]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 640s [p11_child[3299]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 640s [p11_child[3299]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 640s [p11_child[3299]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 640s [p11_child[3299]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 640s [p11_child[3299]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 640s [p11_child[3299]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 640s [p11_child[3299]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 640s [p11_child[3299]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 640s [p11_child[3299]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 640s [p11_child[3299]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 640s [p11_child[3299]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 640s [p11_child[3299]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 640s [p11_child[3299]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 640s [p11_child[3299]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 640s [p11_child[3299]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 640s [p11_child[3299]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 640s [p11_child[3299]] [do_card] (0x4000): Certificate verified and validated. 640s [p11_child[3299]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 640s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-cIPFgF/SSSD-child-8851-auth.output 640s + echo '-----BEGIN CERTIFICATE-----' 640s + tail -n1 /tmp/sssd-softhsm2-cIPFgF/SSSD-child-8851-auth.output 640s + echo '-----END CERTIFICATE-----' 640s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-cIPFgF/SSSD-child-8851-auth.pem 640s Certificate: 640s Data: 640s Version: 3 (0x2) 640s Serial Number: 5 (0x5) 640s Signature Algorithm: sha256WithRSAEncryption 640s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 640s Validity 640s Not Before: Mar 20 04:53:15 2024 GMT 640s Not After : Mar 20 04:53:15 2025 GMT 640s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 640s Subject Public Key Info: 640s Public Key Algorithm: rsaEncryption 640s Public-Key: (1024 bit) 640s Modulus: 640s 00:e0:07:85:93:dd:40:c2:8f:be:ec:38:59:8a:f8: 640s f3:f0:37:b2:33:45:60:bf:a2:28:7b:63:9e:a8:45: 640s 1e:59:f5:33:b5:e3:64:2a:bb:c0:e6:3c:ce:5a:14: 640s 16:23:43:f2:05:af:d6:a2:e1:9a:b1:09:90:13:f8: 640s bb:1e:30:1a:4d:a4:07:ed:d1:ac:07:49:57:3c:fb: 640s 0d:4a:c7:70:30:2b:7d:63:dd:71:25:4c:77:2c:8e: 640s 39:9a:48:a1:38:33:a1:f6:12:49:9b:03:86:d8:64: 640s 44:ae:3c:db:91:ab:3b:7b:cf:eb:2a:cd:81:64:bc: 640s 5b:57:b7:47:8f:f0:4c:b5:af 640s Exponent: 65537 (0x10001) 640s X509v3 extensions: 640s X509v3 Authority Key Identifier: 640s 21:85:DE:D1:F9:B1:57:62:BC:5E:71:3D:B3:83:E3:39:62:A5:72:5C 640s X509v3 Basic Constraints: 640s CA:FALSE 640s Netscape Cert Type: 640s SSL Client, S/MIME 640s Netscape Comment: 640s Test Organization Sub Intermediate CA trusted Certificate 640s X509v3 Subject Key Identifier: 640s 73:91:16:18:66:75:29:A1:2E:EF:F8:21:72:9B:AF:E9:E1:61:A7:58 640s X509v3 Key Usage: critical 640s Digital Signature, Non Repudiation, Key Encipherment 640s X509v3 Extended Key Usage: 640s TLS Web Client Authentication, E-mail Protection 640s X509v3 Subject Alternative Name: 640s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 640s Signature Algorithm: sha256WithRSAEncryption 640s Signature Value: 640s ba:1a:51:9e:61:27:ae:11:10:ba:da:f0:3c:c6:ec:b0:e9:51: 640s 44:6a:fe:fc:86:1c:11:f4:dc:64:0e:f4:92:d0:47:22:1e:6e: 640s 56:0e:c0:e9:93:73:1c:1e:92:42:91:18:a8:c8:57:8c:c1:62: 640s 96:16:db:1a:83:a2:8d:fd:b7:66:11:80:5d:4a:f0:51:83:1a: 640s 16:db:b4:95:f6:1b:a1:1e:5c:b6:24:40:c6:db:92:e9:42:4f: 640s 6e:13:ec:a7:64:6b:42:2c:b0:56:eb:68:12:be:f7:1b:60:36: 640s 31:53:c8:ba:3c:c1:03:c6:dd:42:2b:99:7c:86:61:45:c3:14: 640s 37:51 640s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-cIPFgF/SSSD-child-8851-auth.pem 640s + found_md5=Modulus=E0078593DD40C28FBEEC38598AF8F3F037B2334560BFA2287B639EA8451E59F533B5E3642ABBC0E63CCE5A14162343F205AFD6A2E19AB1099013F8BB1E301A4DA407EDD1AC0749573CFB0D4AC770302B7D63DD71254C772C8E399A48A13833A1F612499B0386D86444AE3CDB91AB3B7BCFEB2ACD8164BC5B57B7478FF04CB5AF 640s + '[' Modulus=E0078593DD40C28FBEEC38598AF8F3F037B2334560BFA2287B639EA8451E59F533B5E3642ABBC0E63CCE5A14162343F205AFD6A2E19AB1099013F8BB1E301A4DA407EDD1AC0749573CFB0D4AC770302B7D63DD71254C772C8E399A48A13833A1F612499B0386D86444AE3CDB91AB3B7BCFEB2ACD8164BC5B57B7478FF04CB5AF '!=' Modulus=E0078593DD40C28FBEEC38598AF8F3F037B2334560BFA2287B639EA8451E59F533B5E3642ABBC0E63CCE5A14162343F205AFD6A2E19AB1099013F8BB1E301A4DA407EDD1AC0749573CFB0D4AC770302B7D63DD71254C772C8E399A48A13833A1F612499B0386D86444AE3CDB91AB3B7BCFEB2ACD8164BC5B57B7478FF04CB5AF ']' 640s + valid_certificate /tmp/sssd-softhsm2-cIPFgF/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-13609 /tmp/sssd-softhsm2-cIPFgF/test-full-chain-CA.pem partial_chain 640s + check_certificate /tmp/sssd-softhsm2-cIPFgF/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-13609 /tmp/sssd-softhsm2-cIPFgF/test-full-chain-CA.pem partial_chain 640s + local certificate=/tmp/sssd-softhsm2-cIPFgF/test-sub-intermediate-CA-trusted-certificate-0001.pem 640s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-13609 640s + local key_ring=/tmp/sssd-softhsm2-cIPFgF/test-full-chain-CA.pem 640s + local verify_option=partial_chain 640s + prepare_softhsm2_card /tmp/sssd-softhsm2-cIPFgF/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-13609 640s + local certificate=/tmp/sssd-softhsm2-cIPFgF/test-sub-intermediate-CA-trusted-certificate-0001.pem 640s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-13609 640s + local key_cn 640s + local key_name 640s + local tokens_dir 640s + local output_cert_file 640s + token_name= 640s ++ basename /tmp/sssd-softhsm2-cIPFgF/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 640s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 640s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-cIPFgF/test-sub-intermediate-CA-trusted-certificate-0001.pem 640s ++ sed -n 's/ *commonName *= //p' 640s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 640s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 640s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-cIPFgF/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 640s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-cIPFgF/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 640s ++ basename /tmp/sssd-softhsm2-cIPFgF/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 640s + tokens_dir=/tmp/sssd-softhsm2-cIPFgF/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 640s + token_name='Test Organization Sub Int Token' 640s + '[' '!' -e /tmp/sssd-softhsm2-cIPFgF/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 640s Test Organization Sub Int Token 640s + '[' '!' -d /tmp/sssd-softhsm2-cIPFgF/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 640s + echo 'Test Organization Sub Int Token' 640s + '[' -n partial_chain ']' 640s + local verify_arg=--verify=partial_chain 640s + local output_base_name=SSSD-child-9940 640s + local output_file=/tmp/sssd-softhsm2-cIPFgF/SSSD-child-9940.output 640s + output_cert_file=/tmp/sssd-softhsm2-cIPFgF/SSSD-child-9940.pem 640s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-cIPFgF/test-full-chain-CA.pem 640s [p11_child[3309]] [main] (0x0400): p11_child started. 640s [p11_child[3309]] [main] (0x2000): Running in [pre-auth] mode. 640s [p11_child[3309]] [main] (0x2000): Running with effective IDs: [0][0]. 640s [p11_child[3309]] [main] (0x2000): Running with real IDs [0][0]. 640s [p11_child[3309]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 640s [p11_child[3309]] [do_card] (0x4000): Module List: 640s [p11_child[3309]] [do_card] (0x4000): common name: [softhsm2]. 640s [p11_child[3309]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 640s [p11_child[3309]] [do_card] (0x4000): Description [SoftHSM slot ID 0x3fc96f7a] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 640s [p11_child[3309]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 640s [p11_child[3309]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x3fc96f7a][1070165882] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 640s [p11_child[3309]] [do_card] (0x4000): Login NOT required. 640s [p11_child[3309]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 640s [p11_child[3309]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 640s [p11_child[3309]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Sub Int Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 640s [p11_child[3309]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x3fc96f7a;slot-manufacturer=SoftHSM%20project;slot-id=1070165882;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=868660683fc96f7a;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 640s [p11_child[3309]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 640s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-cIPFgF/SSSD-child-9940.output 640s + echo '-----BEGIN CERTIFICATE-----' 640s + tail -n1 /tmp/sssd-softhsm2-cIPFgF/SSSD-child-9940.output 640s + echo '-----END CERTIFICATE-----' 640s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-cIPFgF/SSSD-child-9940.pem 640s Certificate: 640s Data: 640s Version: 3 (0x2) 640s Serial Number: 5 (0x5) 640s Signature Algorithm: sha256WithRSAEncryption 640s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 640s Validity 640s Not Before: Mar 20 04:53:15 2024 GMT 640s Not After : Mar 20 04:53:15 2025 GMT 640s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 640s Subject Public Key Info: 640s Public Key Algorithm: rsaEncryption 640s Public-Key: (1024 bit) 640s Modulus: 640s 00:e0:07:85:93:dd:40:c2:8f:be:ec:38:59:8a:f8: 640s f3:f0:37:b2:33:45:60:bf:a2:28:7b:63:9e:a8:45: 640s 1e:59:f5:33:b5:e3:64:2a:bb:c0:e6:3c:ce:5a:14: 640s 16:23:43:f2:05:af:d6:a2:e1:9a:b1:09:90:13:f8: 640s bb:1e:30:1a:4d:a4:07:ed:d1:ac:07:49:57:3c:fb: 640s 0d:4a:c7:70:30:2b:7d:63:dd:71:25:4c:77:2c:8e: 640s 39:9a:48:a1:38:33:a1:f6:12:49:9b:03:86:d8:64: 640s 44:ae:3c:db:91:ab:3b:7b:cf:eb:2a:cd:81:64:bc: 640s 5b:57:b7:47:8f:f0:4c:b5:af 640s Exponent: 65537 (0x10001) 640s X509v3 extensions: 640s X509v3 Authority Key Identifier: 640s 21:85:DE:D1:F9:B1:57:62:BC:5E:71:3D:B3:83:E3:39:62:A5:72:5C 640s X509v3 Basic Constraints: 640s CA:FALSE 640s Netscape Cert Type: 640s SSL Client, S/MIME 640s Netscape Comment: 640s Test Organization Sub Intermediate CA trusted Certificate 640s X509v3 Subject Key Identifier: 640s 73:91:16:18:66:75:29:A1:2E:EF:F8:21:72:9B:AF:E9:E1:61:A7:58 640s X509v3 Key Usage: critical 640s Digital Signature, Non Repudiation, Key Encipherment 640s X509v3 Extended Key Usage: 640s TLS Web Client Authentication, E-mail Protection 640s X509v3 Subject Alternative Name: 640s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 640s Signature Algorithm: sha256WithRSAEncryption 640s Signature Value: 640s ba:1a:51:9e:61:27:ae:11:10:ba:da:f0:3c:c6:ec:b0:e9:51: 640s 44:6a:fe:fc:86:1c:11:f4:dc:64:0e:f4:92:d0:47:22:1e:6e: 640s 56:0e:c0:e9:93:73:1c:1e:92:42:91:18:a8:c8:57:8c:c1:62: 640s 96:16:db:1a:83:a2:8d:fd:b7:66:11:80:5d:4a:f0:51:83:1a: 640s 16:db:b4:95:f6:1b:a1:1e:5c:b6:24:40:c6:db:92:e9:42:4f: 640s 6e:13:ec:a7:64:6b:42:2c:b0:56:eb:68:12:be:f7:1b:60:36: 640s 31:53:c8:ba:3c:c1:03:c6:dd:42:2b:99:7c:86:61:45:c3:14: 640s 37:51 640s + local found_md5 expected_md5 640s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-cIPFgF/test-sub-intermediate-CA-trusted-certificate-0001.pem 641s + expected_md5=Modulus=E0078593DD40C28FBEEC38598AF8F3F037B2334560BFA2287B639EA8451E59F533B5E3642ABBC0E63CCE5A14162343F205AFD6A2E19AB1099013F8BB1E301A4DA407EDD1AC0749573CFB0D4AC770302B7D63DD71254C772C8E399A48A13833A1F612499B0386D86444AE3CDB91AB3B7BCFEB2ACD8164BC5B57B7478FF04CB5AF 641s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-cIPFgF/SSSD-child-9940.pem 641s + found_md5=Modulus=E0078593DD40C28FBEEC38598AF8F3F037B2334560BFA2287B639EA8451E59F533B5E3642ABBC0E63CCE5A14162343F205AFD6A2E19AB1099013F8BB1E301A4DA407EDD1AC0749573CFB0D4AC770302B7D63DD71254C772C8E399A48A13833A1F612499B0386D86444AE3CDB91AB3B7BCFEB2ACD8164BC5B57B7478FF04CB5AF 641s + '[' Modulus=E0078593DD40C28FBEEC38598AF8F3F037B2334560BFA2287B639EA8451E59F533B5E3642ABBC0E63CCE5A14162343F205AFD6A2E19AB1099013F8BB1E301A4DA407EDD1AC0749573CFB0D4AC770302B7D63DD71254C772C8E399A48A13833A1F612499B0386D86444AE3CDB91AB3B7BCFEB2ACD8164BC5B57B7478FF04CB5AF '!=' Modulus=E0078593DD40C28FBEEC38598AF8F3F037B2334560BFA2287B639EA8451E59F533B5E3642ABBC0E63CCE5A14162343F205AFD6A2E19AB1099013F8BB1E301A4DA407EDD1AC0749573CFB0D4AC770302B7D63DD71254C772C8E399A48A13833A1F612499B0386D86444AE3CDB91AB3B7BCFEB2ACD8164BC5B57B7478FF04CB5AF ']' 641s + output_file=/tmp/sssd-softhsm2-cIPFgF/SSSD-child-9940-auth.output 641s ++ basename /tmp/sssd-softhsm2-cIPFgF/SSSD-child-9940-auth.output .output 641s + output_cert_file=/tmp/sssd-softhsm2-cIPFgF/SSSD-child-9940-auth.pem 641s + echo -n 053350 641s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-cIPFgF/test-full-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Sub Int Token' --module_name /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so 641s [p11_child[3317]] [main] (0x0400): p11_child started. 641s [p11_child[3317]] [main] (0x2000): Running in [auth] mode. 641s [p11_child[3317]] [main] (0x2000): Running with effective IDs: [0][0]. 641s [p11_child[3317]] [main] (0x2000): Running with real IDs [0][0]. 641s [p11_child[3317]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 641s [p11_child[3317]] [do_card] (0x4000): Module List: 641s [p11_child[3317]] [do_card] (0x4000): common name: [softhsm2]. 641s [p11_child[3317]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 641s [p11_child[3317]] [do_card] (0x4000): Description [SoftHSM slot ID 0x3fc96f7a] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 641s [p11_child[3317]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 641s [p11_child[3317]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x3fc96f7a][1070165882] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 641s [p11_child[3317]] [do_card] (0x4000): Login required. 641s [p11_child[3317]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 641s [p11_child[3317]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 641s [p11_child[3317]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so Test Organization Sub Int Token Test Organization Sub Int Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 641s [p11_child[3317]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x3fc96f7a;slot-manufacturer=SoftHSM%20project;slot-id=1070165882;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=868660683fc96f7a;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 641s [p11_child[3317]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 641s [p11_child[3317]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 641s [p11_child[3317]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 641s [p11_child[3317]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 641s [p11_child[3317]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 641s [p11_child[3317]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 641s [p11_child[3317]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 641s [p11_child[3317]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 641s [p11_child[3317]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 641s [p11_child[3317]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 641s [p11_child[3317]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 641s [p11_child[3317]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 641s [p11_child[3317]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 641s [p11_child[3317]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 641s [p11_child[3317]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 641s [p11_child[3317]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 641s [p11_child[3317]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 641s [p11_child[3317]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 641s [p11_child[3317]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 641s [p11_child[3317]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 641s [p11_child[3317]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 641s [p11_child[3317]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 641s [p11_child[3317]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 641s [p11_child[3317]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 641s [p11_child[3317]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 641s [p11_child[3317]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 641s [p11_child[3317]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 641s [p11_child[3317]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 641s [p11_child[3317]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 641s [p11_child[3317]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 641s [p11_child[3317]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 641s [p11_child[3317]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 641s [p11_child[3317]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 641s [p11_child[3317]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 641s [p11_child[3317]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 641s [p11_child[3317]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 641s [p11_child[3317]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 641s [p11_child[3317]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 641s [p11_child[3317]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 641s [p11_child[3317]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 641s [p11_child[3317]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 641s [p11_child[3317]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 641s [p11_child[3317]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 641s [p11_child[3317]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 641s [p11_child[3317]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 641s [p11_child[3317]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 641s [p11_child[3317]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 641s [p11_child[3317]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 641s [p11_child[3317]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 641s [p11_child[3317]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 641s [p11_child[3317]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 641s [p11_child[3317]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 641s [p11_child[3317]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 641s [p11_child[3317]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 641s [p11_child[3317]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 641s [p11_child[3317]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 641s [p11_child[3317]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 641s [p11_child[3317]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 641s [p11_child[3317]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 641s [p11_child[3317]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 641s [p11_child[3317]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 641s [p11_child[3317]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 641s [p11_child[3317]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 641s [p11_child[3317]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 641s [p11_child[3317]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 641s [p11_child[3317]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 641s [p11_child[3317]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 641s [p11_child[3317]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 641s [p11_child[3317]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 641s [p11_child[3317]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 641s [p11_child[3317]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 641s [p11_child[3317]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 641s [p11_child[3317]] [do_card] (0x4000): Certificate verified and validated. 641s [p11_child[3317]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 641s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-cIPFgF/SSSD-child-9940-auth.output 641s + echo '-----BEGIN CERTIFICATE-----' 641s + tail -n1 /tmp/sssd-softhsm2-cIPFgF/SSSD-child-9940-auth.output 641s + echo '-----END CERTIFICATE-----' 641s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-cIPFgF/SSSD-child-9940-auth.pem 641s Certificate: 641s Data: 641s Version: 3 (0x2) 641s Serial Number: 5 (0x5) 641s Signature Algorithm: sha256WithRSAEncryption 641s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 641s Validity 641s Not Before: Mar 20 04:53:15 2024 GMT 641s Not After : Mar 20 04:53:15 2025 GMT 641s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 641s Subject Public Key Info: 641s Public Key Algorithm: rsaEncryption 641s Public-Key: (1024 bit) 641s Modulus: 641s 00:e0:07:85:93:dd:40:c2:8f:be:ec:38:59:8a:f8: 641s f3:f0:37:b2:33:45:60:bf:a2:28:7b:63:9e:a8:45: 641s 1e:59:f5:33:b5:e3:64:2a:bb:c0:e6:3c:ce:5a:14: 641s 16:23:43:f2:05:af:d6:a2:e1:9a:b1:09:90:13:f8: 641s bb:1e:30:1a:4d:a4:07:ed:d1:ac:07:49:57:3c:fb: 641s 0d:4a:c7:70:30:2b:7d:63:dd:71:25:4c:77:2c:8e: 641s 39:9a:48:a1:38:33:a1:f6:12:49:9b:03:86:d8:64: 641s 44:ae:3c:db:91:ab:3b:7b:cf:eb:2a:cd:81:64:bc: 641s 5b:57:b7:47:8f:f0:4c:b5:af 641s Exponent: 65537 (0x10001) 641s X509v3 extensions: 641s X509v3 Authority Key Identifier: 641s 21:85:DE:D1:F9:B1:57:62:BC:5E:71:3D:B3:83:E3:39:62:A5:72:5C 641s X509v3 Basic Constraints: 641s CA:FALSE 641s Netscape Cert Type: 641s SSL Client, S/MIME 641s Netscape Comment: 641s Test Organization Sub Intermediate CA trusted Certificate 641s X509v3 Subject Key Identifier: 641s 73:91:16:18:66:75:29:A1:2E:EF:F8:21:72:9B:AF:E9:E1:61:A7:58 641s X509v3 Key Usage: critical 641s Digital Signature, Non Repudiation, Key Encipherment 641s X509v3 Extended Key Usage: 641s TLS Web Client Authentication, E-mail Protection 641s X509v3 Subject Alternative Name: 641s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 641s Signature Algorithm: sha256WithRSAEncryption 641s Signature Value: 641s ba:1a:51:9e:61:27:ae:11:10:ba:da:f0:3c:c6:ec:b0:e9:51: 641s 44:6a:fe:fc:86:1c:11:f4:dc:64:0e:f4:92:d0:47:22:1e:6e: 641s 56:0e:c0:e9:93:73:1c:1e:92:42:91:18:a8:c8:57:8c:c1:62: 641s 96:16:db:1a:83:a2:8d:fd:b7:66:11:80:5d:4a:f0:51:83:1a: 641s 16:db:b4:95:f6:1b:a1:1e:5c:b6:24:40:c6:db:92:e9:42:4f: 641s 6e:13:ec:a7:64:6b:42:2c:b0:56:eb:68:12:be:f7:1b:60:36: 641s 31:53:c8:ba:3c:c1:03:c6:dd:42:2b:99:7c:86:61:45:c3:14: 641s 37:51 641s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-cIPFgF/SSSD-child-9940-auth.pem 641s + found_md5=Modulus=E0078593DD40C28FBEEC38598AF8F3F037B2334560BFA2287B639EA8451E59F533B5E3642ABBC0E63CCE5A14162343F205AFD6A2E19AB1099013F8BB1E301A4DA407EDD1AC0749573CFB0D4AC770302B7D63DD71254C772C8E399A48A13833A1F612499B0386D86444AE3CDB91AB3B7BCFEB2ACD8164BC5B57B7478FF04CB5AF 641s + '[' Modulus=E0078593DD40C28FBEEC38598AF8F3F037B2334560BFA2287B639EA8451E59F533B5E3642ABBC0E63CCE5A14162343F205AFD6A2E19AB1099013F8BB1E301A4DA407EDD1AC0749573CFB0D4AC770302B7D63DD71254C772C8E399A48A13833A1F612499B0386D86444AE3CDB91AB3B7BCFEB2ACD8164BC5B57B7478FF04CB5AF '!=' Modulus=E0078593DD40C28FBEEC38598AF8F3F037B2334560BFA2287B639EA8451E59F533B5E3642ABBC0E63CCE5A14162343F205AFD6A2E19AB1099013F8BB1E301A4DA407EDD1AC0749573CFB0D4AC770302B7D63DD71254C772C8E399A48A13833A1F612499B0386D86444AE3CDB91AB3B7BCFEB2ACD8164BC5B57B7478FF04CB5AF ']' 641s + invalid_certificate /tmp/sssd-softhsm2-cIPFgF/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-13609 /tmp/sssd-softhsm2-cIPFgF/test-sub-intermediate-CA.pem 641s + check_certificate /tmp/sssd-softhsm2-cIPFgF/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-13609 /tmp/sssd-softhsm2-cIPFgF/test-sub-intermediate-CA.pem 641s + local certificate=/tmp/sssd-softhsm2-cIPFgF/test-sub-intermediate-CA-trusted-certificate-0001.pem 641s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-13609 641s + local key_ring=/tmp/sssd-softhsm2-cIPFgF/test-sub-intermediate-CA.pem 641s + local verify_option= 641s + prepare_softhsm2_card /tmp/sssd-softhsm2-cIPFgF/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-13609 641s + local certificate=/tmp/sssd-softhsm2-cIPFgF/test-sub-intermediate-CA-trusted-certificate-0001.pem 641s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-13609 641s + local key_cn 641s + local key_name 641s + local tokens_dir 641s + local output_cert_file 641s + token_name= 641s ++ basename /tmp/sssd-softhsm2-cIPFgF/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 641s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 641s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-cIPFgF/test-sub-intermediate-CA-trusted-certificate-0001.pem 641s ++ sed -n 's/ *commonName *= //p' 641s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 641s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 641s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-cIPFgF/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 641s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-cIPFgF/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 641s ++ basename /tmp/sssd-softhsm2-cIPFgF/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 641s + tokens_dir=/tmp/sssd-softhsm2-cIPFgF/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 641s + token_name='Test Organization Sub Int Token' 641s + '[' '!' -e /tmp/sssd-softhsm2-cIPFgF/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 641s + '[' '!' -d /tmp/sssd-softhsm2-cIPFgF/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 641s + echo 'Test Organization Sub Int Token' 641s Test Organization Sub Int Token 641s + '[' -n '' ']' 641s + local output_base_name=SSSD-child-10082 641s + local output_file=/tmp/sssd-softhsm2-cIPFgF/SSSD-child-10082.output 641s + output_cert_file=/tmp/sssd-softhsm2-cIPFgF/SSSD-child-10082.pem 641s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-cIPFgF/test-sub-intermediate-CA.pem 641s [p11_child[3327]] [main] (0x0400): p11_child started. 641s [p11_child[3327]] [main] (0x2000): Running in [pre-auth] mode. 641s [p11_child[3327]] [main] (0x2000): Running with effective IDs: [0][0]. 641s [p11_child[3327]] [main] (0x2000): Running with real IDs [0][0]. 641s [p11_child[3327]] [do_card] (0x4000): Module List: 641s [p11_child[3327]] [do_card] (0x4000): common name: [softhsm2]. 641s [p11_child[3327]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 641s [p11_child[3327]] [do_card] (0x4000): Description [SoftHSM slot ID 0x3fc96f7a] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 641s [p11_child[3327]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 641s [p11_child[3327]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x3fc96f7a][1070165882] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 641s [p11_child[3327]] [do_card] (0x4000): Login NOT required. 641s [p11_child[3327]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 641s [p11_child[3327]] [do_verification] (0x0040): X509_verify_cert failed [0]. 641s [p11_child[3327]] [do_verification] (0x0040): X509_verify_cert failed [2][unable to get issuer certificate]. 641s [p11_child[3327]] [read_certs] (0x0040): Certificate [Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] not valid, skipping. 641s [p11_child[3327]] [do_card] (0x4000): No certificate found. 641s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-cIPFgF/SSSD-child-10082.output 641s + return 2 641s + invalid_certificate /tmp/sssd-softhsm2-cIPFgF/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-13609 /tmp/sssd-softhsm2-cIPFgF/test-root-intermediate-chain-CA.pem partial_chain 641s + check_certificate /tmp/sssd-softhsm2-cIPFgF/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-13609 /tmp/sssd-softhsm2-cIPFgF/test-root-intermediate-chain-CA.pem partial_chain 641s + local certificate=/tmp/sssd-softhsm2-cIPFgF/test-sub-intermediate-CA-trusted-certificate-0001.pem 641s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-13609 641s + local key_ring=/tmp/sssd-softhsm2-cIPFgF/test-root-intermediate-chain-CA.pem 641s + local verify_option=partial_chain 641s + prepare_softhsm2_card /tmp/sssd-softhsm2-cIPFgF/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-13609 641s + local certificate=/tmp/sssd-softhsm2-cIPFgF/test-sub-intermediate-CA-trusted-certificate-0001.pem 641s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-13609 641s + local key_cn 641s + local key_name 641s + local tokens_dir 641s + local output_cert_file 641s + token_name= 641s ++ basename /tmp/sssd-softhsm2-cIPFgF/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 641s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 641s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-cIPFgF/test-sub-intermediate-CA-trusted-certificate-0001.pem 641s ++ sed -n 's/ *commonName *= //p' 641s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 641s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 641s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-cIPFgF/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 641s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-cIPFgF/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 641s ++ basename /tmp/sssd-softhsm2-cIPFgF/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 641s + tokens_dir=/tmp/sssd-softhsm2-cIPFgF/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 641s + token_name='Test Organization Sub Int Token' 641s + '[' '!' -e /tmp/sssd-softhsm2-cIPFgF/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 641s + '[' '!' -d /tmp/sssd-softhsm2-cIPFgF/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 641s + echo 'Test Organization Sub Int Token' 641s Test Organization Sub Int Token 641s + '[' -n partial_chain ']' 641s + local verify_arg=--verify=partial_chain 641s + local output_base_name=SSSD-child-5420 641s + local output_file=/tmp/sssd-softhsm2-cIPFgF/SSSD-child-5420.output 641s + output_cert_file=/tmp/sssd-softhsm2-cIPFgF/SSSD-child-5420.pem 641s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-cIPFgF/test-root-intermediate-chain-CA.pem 641s [p11_child[3334]] [main] (0x0400): p11_child started. 641s [p11_child[3334]] [main] (0x2000): Running in [pre-auth] mode. 641s [p11_child[3334]] [main] (0x2000): Running with effective IDs: [0][0]. 641s [p11_child[3334]] [main] (0x2000): Running with real IDs [0][0]. 641s [p11_child[3334]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 641s [p11_child[3334]] [do_card] (0x4000): Module List: 641s [p11_child[3334]] [do_card] (0x4000): common name: [softhsm2]. 641s [p11_child[3334]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 641s [p11_child[3334]] [do_card] (0x4000): Description [SoftHSM slot ID 0x3fc96f7a] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 641s [p11_child[3334]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 641s [p11_child[3334]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x3fc96f7a][1070165882] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 641s [p11_child[3334]] [do_card] (0x4000): Login NOT required. 641s [p11_child[3334]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 641s [p11_child[3334]] [do_verification] (0x0040): X509_verify_cert failed [0]. 641s [p11_child[3334]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 641s [p11_child[3334]] [read_certs] (0x0040): Certificate [Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] not valid, skipping. 641s [p11_child[3334]] [do_card] (0x4000): No certificate found. 641s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-cIPFgF/SSSD-child-5420.output 641s + return 2 641s + valid_certificate /tmp/sssd-softhsm2-cIPFgF/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-13609 /tmp/sssd-softhsm2-cIPFgF/test-sub-intermediate-CA.pem partial_chain 641s + check_certificate /tmp/sssd-softhsm2-cIPFgF/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-13609 /tmp/sssd-softhsm2-cIPFgF/test-sub-intermediate-CA.pem partial_chain 641s + local certificate=/tmp/sssd-softhsm2-cIPFgF/test-sub-intermediate-CA-trusted-certificate-0001.pem 641s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-13609 641s + local key_ring=/tmp/sssd-softhsm2-cIPFgF/test-sub-intermediate-CA.pem 641s + local verify_option=partial_chain 641s + prepare_softhsm2_card /tmp/sssd-softhsm2-cIPFgF/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-13609 641s + local certificate=/tmp/sssd-softhsm2-cIPFgF/test-sub-intermediate-CA-trusted-certificate-0001.pem 641s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-13609 641s + local key_cn 641s + local key_name 641s + local tokens_dir 641s + local output_cert_file 641s + token_name= 641s ++ basename /tmp/sssd-softhsm2-cIPFgF/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 641s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 641s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-cIPFgF/test-sub-intermediate-CA-trusted-certificate-0001.pem 641s ++ sed -n 's/ *commonName *= //p' 642s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 642s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 642s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-cIPFgF/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 642s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-cIPFgF/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 642s Test Organization Sub Int Token 642s ++ basename /tmp/sssd-softhsm2-cIPFgF/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 642s + tokens_dir=/tmp/sssd-softhsm2-cIPFgF/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 642s + token_name='Test Organization Sub Int Token' 642s + '[' '!' -e /tmp/sssd-softhsm2-cIPFgF/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 642s + '[' '!' -d /tmp/sssd-softhsm2-cIPFgF/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 642s + echo 'Test Organization Sub Int Token' 642s + '[' -n partial_chain ']' 642s + local verify_arg=--verify=partial_chain 642s + local output_base_name=SSSD-child-32679 642s + local output_file=/tmp/sssd-softhsm2-cIPFgF/SSSD-child-32679.output 642s + output_cert_file=/tmp/sssd-softhsm2-cIPFgF/SSSD-child-32679.pem 642s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-cIPFgF/test-sub-intermediate-CA.pem 642s [p11_child[3341]] [main] (0x0400): p11_child started. 642s [p11_child[3341]] [main] (0x2000): Running in [pre-auth] mode. 642s [p11_child[3341]] [main] (0x2000): Running with effective IDs: [0][0]. 642s [p11_child[3341]] [main] (0x2000): Running with real IDs [0][0]. 642s [p11_child[3341]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 642s [p11_child[3341]] [do_card] (0x4000): Module List: 642s [p11_child[3341]] [do_card] (0x4000): common name: [softhsm2]. 642s [p11_child[3341]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 642s [p11_child[3341]] [do_card] (0x4000): Description [SoftHSM slot ID 0x3fc96f7a] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 642s [p11_child[3341]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 642s [p11_child[3341]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x3fc96f7a][1070165882] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 642s [p11_child[3341]] [do_card] (0x4000): Login NOT required. 642s [p11_child[3341]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 642s [p11_child[3341]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 642s [p11_child[3341]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Sub Int Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 642s [p11_child[3341]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x3fc96f7a;slot-manufacturer=SoftHSM%20project;slot-id=1070165882;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=868660683fc96f7a;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 642s [p11_child[3341]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 642s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-cIPFgF/SSSD-child-32679.output 642s + echo '-----BEGIN CERTIFICATE-----' 642s + tail -n1 /tmp/sssd-softhsm2-cIPFgF/SSSD-child-32679.output 642s + echo '-----END CERTIFICATE-----' 642s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-cIPFgF/SSSD-child-32679.pem 642s Certificate: 642s Data: 642s Version: 3 (0x2) 642s Serial Number: 5 (0x5) 642s Signature Algorithm: sha256WithRSAEncryption 642s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 642s Validity 642s Not Before: Mar 20 04:53:15 2024 GMT 642s Not After : Mar 20 04:53:15 2025 GMT 642s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 642s Subject Public Key Info: 642s Public Key Algorithm: rsaEncryption 642s Public-Key: (1024 bit) 642s Modulus: 642s 00:e0:07:85:93:dd:40:c2:8f:be:ec:38:59:8a:f8: 642s f3:f0:37:b2:33:45:60:bf:a2:28:7b:63:9e:a8:45: 642s 1e:59:f5:33:b5:e3:64:2a:bb:c0:e6:3c:ce:5a:14: 642s 16:23:43:f2:05:af:d6:a2:e1:9a:b1:09:90:13:f8: 642s bb:1e:30:1a:4d:a4:07:ed:d1:ac:07:49:57:3c:fb: 642s 0d:4a:c7:70:30:2b:7d:63:dd:71:25:4c:77:2c:8e: 642s 39:9a:48:a1:38:33:a1:f6:12:49:9b:03:86:d8:64: 642s 44:ae:3c:db:91:ab:3b:7b:cf:eb:2a:cd:81:64:bc: 642s 5b:57:b7:47:8f:f0:4c:b5:af 642s Exponent: 65537 (0x10001) 642s X509v3 extensions: 642s X509v3 Authority Key Identifier: 642s 21:85:DE:D1:F9:B1:57:62:BC:5E:71:3D:B3:83:E3:39:62:A5:72:5C 642s X509v3 Basic Constraints: 642s CA:FALSE 642s Netscape Cert Type: 642s SSL Client, S/MIME 642s Netscape Comment: 642s Test Organization Sub Intermediate CA trusted Certificate 642s X509v3 Subject Key Identifier: 642s 73:91:16:18:66:75:29:A1:2E:EF:F8:21:72:9B:AF:E9:E1:61:A7:58 642s X509v3 Key Usage: critical 642s Digital Signature, Non Repudiation, Key Encipherment 642s X509v3 Extended Key Usage: 642s TLS Web Client Authentication, E-mail Protection 642s X509v3 Subject Alternative Name: 642s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 642s Signature Algorithm: sha256WithRSAEncryption 642s Signature Value: 642s ba:1a:51:9e:61:27:ae:11:10:ba:da:f0:3c:c6:ec:b0:e9:51: 642s 44:6a:fe:fc:86:1c:11:f4:dc:64:0e:f4:92:d0:47:22:1e:6e: 642s 56:0e:c0:e9:93:73:1c:1e:92:42:91:18:a8:c8:57:8c:c1:62: 642s 96:16:db:1a:83:a2:8d:fd:b7:66:11:80:5d:4a:f0:51:83:1a: 642s 16:db:b4:95:f6:1b:a1:1e:5c:b6:24:40:c6:db:92:e9:42:4f: 642s 6e:13:ec:a7:64:6b:42:2c:b0:56:eb:68:12:be:f7:1b:60:36: 642s 31:53:c8:ba:3c:c1:03:c6:dd:42:2b:99:7c:86:61:45:c3:14: 642s 37:51 642s + local found_md5 expected_md5 642s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-cIPFgF/test-sub-intermediate-CA-trusted-certificate-0001.pem 642s + expected_md5=Modulus=E0078593DD40C28FBEEC38598AF8F3F037B2334560BFA2287B639EA8451E59F533B5E3642ABBC0E63CCE5A14162343F205AFD6A2E19AB1099013F8BB1E301A4DA407EDD1AC0749573CFB0D4AC770302B7D63DD71254C772C8E399A48A13833A1F612499B0386D86444AE3CDB91AB3B7BCFEB2ACD8164BC5B57B7478FF04CB5AF 642s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-cIPFgF/SSSD-child-32679.pem 642s + found_md5=Modulus=E0078593DD40C28FBEEC38598AF8F3F037B2334560BFA2287B639EA8451E59F533B5E3642ABBC0E63CCE5A14162343F205AFD6A2E19AB1099013F8BB1E301A4DA407EDD1AC0749573CFB0D4AC770302B7D63DD71254C772C8E399A48A13833A1F612499B0386D86444AE3CDB91AB3B7BCFEB2ACD8164BC5B57B7478FF04CB5AF 642s + '[' Modulus=E0078593DD40C28FBEEC38598AF8F3F037B2334560BFA2287B639EA8451E59F533B5E3642ABBC0E63CCE5A14162343F205AFD6A2E19AB1099013F8BB1E301A4DA407EDD1AC0749573CFB0D4AC770302B7D63DD71254C772C8E399A48A13833A1F612499B0386D86444AE3CDB91AB3B7BCFEB2ACD8164BC5B57B7478FF04CB5AF '!=' Modulus=E0078593DD40C28FBEEC38598AF8F3F037B2334560BFA2287B639EA8451E59F533B5E3642ABBC0E63CCE5A14162343F205AFD6A2E19AB1099013F8BB1E301A4DA407EDD1AC0749573CFB0D4AC770302B7D63DD71254C772C8E399A48A13833A1F612499B0386D86444AE3CDB91AB3B7BCFEB2ACD8164BC5B57B7478FF04CB5AF ']' 642s + output_file=/tmp/sssd-softhsm2-cIPFgF/SSSD-child-32679-auth.output 642s ++ basename /tmp/sssd-softhsm2-cIPFgF/SSSD-child-32679-auth.output .output 642s + output_cert_file=/tmp/sssd-softhsm2-cIPFgF/SSSD-child-32679-auth.pem 642s + echo -n 053350 642s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-cIPFgF/test-sub-intermediate-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Sub Int Token' --module_name /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so 642s [p11_child[3349]] [main] (0x0400): p11_child started. 642s [p11_child[3349]] [main] (0x2000): Running in [auth] mode. 642s [p11_child[3349]] [main] (0x2000): Running with effective IDs: [0][0]. 642s [p11_child[3349]] [main] (0x2000): Running with real IDs [0][0]. 642s [p11_child[3349]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 642s [p11_child[3349]] [do_card] (0x4000): Module List: 642s [p11_child[3349]] [do_card] (0x4000): common name: [softhsm2]. 642s [p11_child[3349]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 642s [p11_child[3349]] [do_card] (0x4000): Description [SoftHSM slot ID 0x3fc96f7a] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 642s [p11_child[3349]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 642s [p11_child[3349]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x3fc96f7a][1070165882] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 642s [p11_child[3349]] [do_card] (0x4000): Login required. 642s [p11_child[3349]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 642s [p11_child[3349]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 642s [p11_child[3349]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so Test Organization Sub Int Token Test Organization Sub Int Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 642s [p11_child[3349]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x3fc96f7a;slot-manufacturer=SoftHSM%20project;slot-id=1070165882;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=868660683fc96f7a;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 642s [p11_child[3349]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 642s [p11_child[3349]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 642s [p11_child[3349]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 642s [p11_child[3349]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 642s [p11_child[3349]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 642s [p11_child[3349]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 642s [p11_child[3349]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 642s [p11_child[3349]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 642s [p11_child[3349]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 642s [p11_child[3349]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 642s [p11_child[3349]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 642s [p11_child[3349]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 642s [p11_child[3349]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 642s [p11_child[3349]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 642s [p11_child[3349]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 642s [p11_child[3349]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 642s [p11_child[3349]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 642s [p11_child[3349]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 642s [p11_child[3349]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 642s [p11_child[3349]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 642s [p11_child[3349]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 642s [p11_child[3349]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 642s [p11_child[3349]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 642s [p11_child[3349]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 642s [p11_child[3349]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 642s [p11_child[3349]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 642s [p11_child[3349]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 642s [p11_child[3349]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 642s [p11_child[3349]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 642s [p11_child[3349]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 642s [p11_child[3349]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 642s [p11_child[3349]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 642s [p11_child[3349]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 642s [p11_child[3349]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 642s [p11_child[3349]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 642s [p11_child[3349]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 642s [p11_child[3349]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 642s [p11_child[3349]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 642s [p11_child[3349]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 642s [p11_child[3349]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 642s [p11_child[3349]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 642s [p11_child[3349]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 642s [p11_child[3349]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 642s [p11_child[3349]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 642s [p11_child[3349]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 642s [p11_child[3349]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 642s [p11_child[3349]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 642s [p11_child[3349]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 642s [p11_child[3349]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 642s [p11_child[3349]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 642s [p11_child[3349]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 642s [p11_child[3349]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 642s [p11_child[3349]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 642s [p11_child[3349]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 642s [p11_child[3349]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 642s [p11_child[3349]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 642s [p11_child[3349]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 642s [p11_child[3349]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 642s [p11_child[3349]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 642s [p11_child[3349]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 642s [p11_child[3349]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 642s [p11_child[3349]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 642s [p11_child[3349]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 642s [p11_child[3349]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 642s [p11_child[3349]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 642s [p11_child[3349]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 642s [p11_child[3349]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 642s [p11_child[3349]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 642s [p11_child[3349]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 642s [p11_child[3349]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 642s [p11_child[3349]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 642s [p11_child[3349]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 642s [p11_child[3349]] [do_card] (0x4000): Certificate verified and validated. 642s [p11_child[3349]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 642s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-cIPFgF/SSSD-child-32679-auth.output 642s + echo '-----BEGIN CERTIFICATE-----' 642s + tail -n1 /tmp/sssd-softhsm2-cIPFgF/SSSD-child-32679-auth.output 642s + echo '-----END CERTIFICATE-----' 642s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-cIPFgF/SSSD-child-32679-auth.pem 642s Certificate: 642s Data: 642s Version: 3 (0x2) 642s Serial Number: 5 (0x5) 642s Signature Algorithm: sha256WithRSAEncryption 642s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 642s Validity 642s Not Before: Mar 20 04:53:15 2024 GMT 642s Not After : Mar 20 04:53:15 2025 GMT 642s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 642s Subject Public Key Info: 642s Public Key Algorithm: rsaEncryption 642s Public-Key: (1024 bit) 642s Modulus: 642s 00:e0:07:85:93:dd:40:c2:8f:be:ec:38:59:8a:f8: 642s f3:f0:37:b2:33:45:60:bf:a2:28:7b:63:9e:a8:45: 642s 1e:59:f5:33:b5:e3:64:2a:bb:c0:e6:3c:ce:5a:14: 642s 16:23:43:f2:05:af:d6:a2:e1:9a:b1:09:90:13:f8: 642s bb:1e:30:1a:4d:a4:07:ed:d1:ac:07:49:57:3c:fb: 642s 0d:4a:c7:70:30:2b:7d:63:dd:71:25:4c:77:2c:8e: 642s 39:9a:48:a1:38:33:a1:f6:12:49:9b:03:86:d8:64: 642s 44:ae:3c:db:91:ab:3b:7b:cf:eb:2a:cd:81:64:bc: 642s 5b:57:b7:47:8f:f0:4c:b5:af 642s Exponent: 65537 (0x10001) 642s X509v3 extensions: 642s X509v3 Authority Key Identifier: 642s 21:85:DE:D1:F9:B1:57:62:BC:5E:71:3D:B3:83:E3:39:62:A5:72:5C 642s X509v3 Basic Constraints: 642s CA:FALSE 642s Netscape Cert Type: 642s SSL Client, S/MIME 642s Netscape Comment: 642s Test Organization Sub Intermediate CA trusted Certificate 642s X509v3 Subject Key Identifier: 642s 73:91:16:18:66:75:29:A1:2E:EF:F8:21:72:9B:AF:E9:E1:61:A7:58 642s X509v3 Key Usage: critical 642s Digital Signature, Non Repudiation, Key Encipherment 642s X509v3 Extended Key Usage: 642s TLS Web Client Authentication, E-mail Protection 642s X509v3 Subject Alternative Name: 642s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 642s Signature Algorithm: sha256WithRSAEncryption 642s Signature Value: 642s ba:1a:51:9e:61:27:ae:11:10:ba:da:f0:3c:c6:ec:b0:e9:51: 642s 44:6a:fe:fc:86:1c:11:f4:dc:64:0e:f4:92:d0:47:22:1e:6e: 642s 56:0e:c0:e9:93:73:1c:1e:92:42:91:18:a8:c8:57:8c:c1:62: 642s 96:16:db:1a:83:a2:8d:fd:b7:66:11:80:5d:4a:f0:51:83:1a: 642s 16:db:b4:95:f6:1b:a1:1e:5c:b6:24:40:c6:db:92:e9:42:4f: 642s 6e:13:ec:a7:64:6b:42:2c:b0:56:eb:68:12:be:f7:1b:60:36: 642s 31:53:c8:ba:3c:c1:03:c6:dd:42:2b:99:7c:86:61:45:c3:14: 642s 37:51 642s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-cIPFgF/SSSD-child-32679-auth.pem 642s + found_md5=Modulus=E0078593DD40C28FBEEC38598AF8F3F037B2334560BFA2287B639EA8451E59F533B5E3642ABBC0E63CCE5A14162343F205AFD6A2E19AB1099013F8BB1E301A4DA407EDD1AC0749573CFB0D4AC770302B7D63DD71254C772C8E399A48A13833A1F612499B0386D86444AE3CDB91AB3B7BCFEB2ACD8164BC5B57B7478FF04CB5AF 642s + '[' Modulus=E0078593DD40C28FBEEC38598AF8F3F037B2334560BFA2287B639EA8451E59F533B5E3642ABBC0E63CCE5A14162343F205AFD6A2E19AB1099013F8BB1E301A4DA407EDD1AC0749573CFB0D4AC770302B7D63DD71254C772C8E399A48A13833A1F612499B0386D86444AE3CDB91AB3B7BCFEB2ACD8164BC5B57B7478FF04CB5AF '!=' Modulus=E0078593DD40C28FBEEC38598AF8F3F037B2334560BFA2287B639EA8451E59F533B5E3642ABBC0E63CCE5A14162343F205AFD6A2E19AB1099013F8BB1E301A4DA407EDD1AC0749573CFB0D4AC770302B7D63DD71254C772C8E399A48A13833A1F612499B0386D86444AE3CDB91AB3B7BCFEB2ACD8164BC5B57B7478FF04CB5AF ']' 642s + valid_certificate /tmp/sssd-softhsm2-cIPFgF/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-13609 /tmp/sssd-softhsm2-cIPFgF/test-intermediate-sub-chain-CA.pem partial_chain 642s + check_certificate /tmp/sssd-softhsm2-cIPFgF/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-13609 /tmp/sssd-softhsm2-cIPFgF/test-intermediate-sub-chain-CA.pem partial_chain 642s + local certificate=/tmp/sssd-softhsm2-cIPFgF/test-sub-intermediate-CA-trusted-certificate-0001.pem 642s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-13609 642s + local key_ring=/tmp/sssd-softhsm2-cIPFgF/test-intermediate-sub-chain-CA.pem 642s + local verify_option=partial_chain 642s + prepare_softhsm2_card /tmp/sssd-softhsm2-cIPFgF/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-13609 642s + local certificate=/tmp/sssd-softhsm2-cIPFgF/test-sub-intermediate-CA-trusted-certificate-0001.pem 642s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-13609 642s + local key_cn 642s + local key_name 642s + local tokens_dir 642s + local output_cert_file 642s + token_name= 642s ++ basename /tmp/sssd-softhsm2-cIPFgF/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 642s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 642s ++ sed -n 's/ *commonName *= //p' 642s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-cIPFgF/test-sub-intermediate-CA-trusted-certificate-0001.pem 642s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 642s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 642s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-cIPFgF/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 642s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-cIPFgF/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 642s ++ basename /tmp/sssd-softhsm2-cIPFgF/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 642s + tokens_dir=/tmp/sssd-softhsm2-cIPFgF/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 642s + token_name='Test Organization Sub Int Token' 642s + '[' '!' -e /tmp/sssd-softhsm2-cIPFgF/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 643s Test Organization Sub Int Token 643s + '[' '!' -d /tmp/sssd-softhsm2-cIPFgF/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 643s + echo 'Test Organization Sub Int Token' 643s + '[' -n partial_chain ']' 643s + local verify_arg=--verify=partial_chain 643s + local output_base_name=SSSD-child-28409 643s + local output_file=/tmp/sssd-softhsm2-cIPFgF/SSSD-child-28409.output 643s + output_cert_file=/tmp/sssd-softhsm2-cIPFgF/SSSD-child-28409.pem 643s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-cIPFgF/test-intermediate-sub-chain-CA.pem 643s [p11_child[3359]] [main] (0x0400): p11_child started. 643s [p11_child[3359]] [main] (0x2000): Running in [pre-auth] mode. 643s [p11_child[3359]] [main] (0x2000): Running with effective IDs: [0][0]. 643s [p11_child[3359]] [main] (0x2000): Running with real IDs [0][0]. 643s [p11_child[3359]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 643s [p11_child[3359]] [do_card] (0x4000): Module List: 643s [p11_child[3359]] [do_card] (0x4000): common name: [softhsm2]. 643s [p11_child[3359]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 643s [p11_child[3359]] [do_card] (0x4000): Description [SoftHSM slot ID 0x3fc96f7a] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 643s [p11_child[3359]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 643s [p11_child[3359]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x3fc96f7a][1070165882] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 643s [p11_child[3359]] [do_card] (0x4000): Login NOT required. 643s [p11_child[3359]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 643s [p11_child[3359]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 643s [p11_child[3359]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Sub Int Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 643s [p11_child[3359]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x3fc96f7a;slot-manufacturer=SoftHSM%20project;slot-id=1070165882;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=868660683fc96f7a;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 643s [p11_child[3359]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 643s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-cIPFgF/SSSD-child-28409.output 643s + echo '-----BEGIN CERTIFICATE-----' 643s + tail -n1 /tmp/sssd-softhsm2-cIPFgF/SSSD-child-28409.output 643s + echo '-----END CERTIFICATE-----' 643s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-cIPFgF/SSSD-child-28409.pem 643s Certificate: 643s Data: 643s Version: 3 (0x2) 643s Serial Number: 5 (0x5) 643s Signature Algorithm: sha256WithRSAEncryption 643s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 643s Validity 643s Not Before: Mar 20 04:53:15 2024 GMT 643s Not After : Mar 20 04:53:15 2025 GMT 643s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 643s Subject Public Key Info: 643s Public Key Algorithm: rsaEncryption 643s Public-Key: (1024 bit) 643s Modulus: 643s 00:e0:07:85:93:dd:40:c2:8f:be:ec:38:59:8a:f8: 643s f3:f0:37:b2:33:45:60:bf:a2:28:7b:63:9e:a8:45: 643s 1e:59:f5:33:b5:e3:64:2a:bb:c0:e6:3c:ce:5a:14: 643s 16:23:43:f2:05:af:d6:a2:e1:9a:b1:09:90:13:f8: 643s bb:1e:30:1a:4d:a4:07:ed:d1:ac:07:49:57:3c:fb: 643s 0d:4a:c7:70:30:2b:7d:63:dd:71:25:4c:77:2c:8e: 643s 39:9a:48:a1:38:33:a1:f6:12:49:9b:03:86:d8:64: 643s 44:ae:3c:db:91:ab:3b:7b:cf:eb:2a:cd:81:64:bc: 643s 5b:57:b7:47:8f:f0:4c:b5:af 643s Exponent: 65537 (0x10001) 643s X509v3 extensions: 643s X509v3 Authority Key Identifier: 643s 21:85:DE:D1:F9:B1:57:62:BC:5E:71:3D:B3:83:E3:39:62:A5:72:5C 643s X509v3 Basic Constraints: 643s CA:FALSE 643s Netscape Cert Type: 643s SSL Client, S/MIME 643s Netscape Comment: 643s Test Organization Sub Intermediate CA trusted Certificate 643s X509v3 Subject Key Identifier: 643s 73:91:16:18:66:75:29:A1:2E:EF:F8:21:72:9B:AF:E9:E1:61:A7:58 643s X509v3 Key Usage: critical 643s Digital Signature, Non Repudiation, Key Encipherment 643s X509v3 Extended Key Usage: 643s TLS Web Client Authentication, E-mail Protection 643s X509v3 Subject Alternative Name: 643s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 643s Signature Algorithm: sha256WithRSAEncryption 643s Signature Value: 643s ba:1a:51:9e:61:27:ae:11:10:ba:da:f0:3c:c6:ec:b0:e9:51: 643s 44:6a:fe:fc:86:1c:11:f4:dc:64:0e:f4:92:d0:47:22:1e:6e: 643s 56:0e:c0:e9:93:73:1c:1e:92:42:91:18:a8:c8:57:8c:c1:62: 643s 96:16:db:1a:83:a2:8d:fd:b7:66:11:80:5d:4a:f0:51:83:1a: 643s 16:db:b4:95:f6:1b:a1:1e:5c:b6:24:40:c6:db:92:e9:42:4f: 643s 6e:13:ec:a7:64:6b:42:2c:b0:56:eb:68:12:be:f7:1b:60:36: 643s 31:53:c8:ba:3c:c1:03:c6:dd:42:2b:99:7c:86:61:45:c3:14: 643s 37:51 643s + local found_md5 expected_md5 643s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-cIPFgF/test-sub-intermediate-CA-trusted-certificate-0001.pem 643s + expected_md5=Modulus=E0078593DD40C28FBEEC38598AF8F3F037B2334560BFA2287B639EA8451E59F533B5E3642ABBC0E63CCE5A14162343F205AFD6A2E19AB1099013F8BB1E301A4DA407EDD1AC0749573CFB0D4AC770302B7D63DD71254C772C8E399A48A13833A1F612499B0386D86444AE3CDB91AB3B7BCFEB2ACD8164BC5B57B7478FF04CB5AF 643s Certificate: 643s Data: 643s Version: 3 (0x2) 643s Serial Number: 5 (0x5) 643s Signature Algorithm: sha256WithRSAEncryption 643s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 643s Validity 643s Not Before: Mar 20 04:53:15 2024 GMT 643s Not After : Mar 20 04:53:15 2025 GMT 643s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 643s Subject Public Key Info: 643s Public Key Algorithm: rsaEncryption 643s Public-Key: (1024 bit) 643s Modulus: 643s 00:e0:07:85:93:dd:40:c2:8f:be:ec:38:59:8a:f8: 643s f3:f0:37:b2:33:45:60:bf:a2:28:7b:63:9e:a8:45: 643s 1e:59:f5:33:b5:e3:64:2a:bb:c0:e6:3c:ce:5a:14: 643s 16:23:43:f2:05:af:d6:a2:e1:9a:b1:09:90:13:f8: 643s bb:1e:30:1a:4d:a4:07:ed:d1:ac:07:49:57:3c:fb: 643s 0d:4a:c7:70:30:2b:7d:63:dd:71:25:4c:77:2c:8e: 643s 39:9a:48:a1:38:33:a1:f6:12:49:9b:03:86:d8:64: 643s 44:ae:3c:db:91:ab:3b:7b:cf:eb:2a:cd:81:64:bc: 643s 5b:57:b7:47:8f:f0:4c:b5:af 643s Exponent: 65537 (0x10001) 643s X509v3 extensions: 643s X509v3 Authority Key Identifier: 643s 21:85:DE:D1:F9:B1:57:62:BC:5E:71:3D:B3:83:E3:39:62:A5:72:5C 643s X509v3 Basic Constraints: 643s CA:FALSE 643s Netscape Cert Type: 643s SSL Client, S/MIME 643s Netscape Comment: 643s Test Organization Sub Intermediate CA trusted Certificate 643s X509v3 Subject Key Identifier: 643s 73:91:16:18:66:75:29:A1:2E:EF:F8:21:72:9B:AF:E9:E1:61:A7:58 643s X509v3 Key Usage: critical 643s Digital Signature, Non Repudiation, Key Encipherment 643s X509v3 Extended Key Usage: 643s TLS Web Client Authentication, E-mail Protection 643s X509v3 Subject Alternative Name: 643s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 643s Signature Algorithm: sha256WithRSAEncryption 643s Signature Value: 643s ba:1a:51:9e:61:27:ae:11:10:ba:da:f0:3c:c6:ec:b0:e9:51: 643s 44:6a:fe:fc:86:1c:11:f4:dc:64:0e:f4:92:d0:47:22:1e:6e: 643s 56:0e:c0:e9:93:73:1c:1e:92:42:91:18:a8:c8:57:8c:c1:62: 643s 96:16:db:1a:83:a2:8d:fd:b7:66:11:80:5d:4a:f0:51:83:1a: 643s 16:db:b4:95:f6:1b:a1:1e:5c:b6:24:40:c6:db:92:e9:42:4f: 643s 6e:13:ec:a7:64:6b:42:2c:b0:56:eb:68:12:be:f7:1b:60:36: 643s 31:53:c8:ba:3c:c1:03:c6:dd:42:2b:99:7c:86:61:45:c3:14: 643s 37:51 643s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-cIPFgF/SSSD-child-28409.pem 643s + found_md5=Modulus=E0078593DD40C28FBEEC38598AF8F3F037B2334560BFA2287B639EA8451E59F533B5E3642ABBC0E63CCE5A14162343F205AFD6A2E19AB1099013F8BB1E301A4DA407EDD1AC0749573CFB0D4AC770302B7D63DD71254C772C8E399A48A13833A1F612499B0386D86444AE3CDB91AB3B7BCFEB2ACD8164BC5B57B7478FF04CB5AF 643s + '[' Modulus=E0078593DD40C28FBEEC38598AF8F3F037B2334560BFA2287B639EA8451E59F533B5E3642ABBC0E63CCE5A14162343F205AFD6A2E19AB1099013F8BB1E301A4DA407EDD1AC0749573CFB0D4AC770302B7D63DD71254C772C8E399A48A13833A1F612499B0386D86444AE3CDB91AB3B7BCFEB2ACD8164BC5B57B7478FF04CB5AF '!=' Modulus=E0078593DD40C28FBEEC38598AF8F3F037B2334560BFA2287B639EA8451E59F533B5E3642ABBC0E63CCE5A14162343F205AFD6A2E19AB1099013F8BB1E301A4DA407EDD1AC0749573CFB0D4AC770302B7D63DD71254C772C8E399A48A13833A1F612499B0386D86444AE3CDB91AB3B7BCFEB2ACD8164BC5B57B7478FF04CB5AF ']' 643s + output_file=/tmp/sssd-softhsm2-cIPFgF/SSSD-child-28409-auth.output 643s ++ basename /tmp/sssd-softhsm2-cIPFgF/SSSD-child-28409-auth.output .output 643s + output_cert_file=/tmp/sssd-softhsm2-cIPFgF/SSSD-child-28409-auth.pem 643s + echo -n 053350 643s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-cIPFgF/test-intermediate-sub-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Sub Int Token' --module_name /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so 643s [p11_child[3367]] [main] (0x0400): p11_child started. 643s [p11_child[3367]] [main] (0x2000): Running in [auth] mode. 643s [p11_child[3367]] [main] (0x2000): Running with effective IDs: [0][0]. 643s [p11_child[3367]] [main] (0x2000): Running with real IDs [0][0]. 643s [p11_child[3367]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 643s [p11_child[3367]] [do_card] (0x4000): Module List: 643s [p11_child[3367]] [do_card] (0x4000): common name: [softhsm2]. 643s [p11_child[3367]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 643s [p11_child[3367]] [do_card] (0x4000): Description [SoftHSM slot ID 0x3fc96f7a] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 643s [p11_child[3367]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 643s [p11_child[3367]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x3fc96f7a][1070165882] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 643s [p11_child[3367]] [do_card] (0x4000): Login required. 643s [p11_child[3367]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 643s [p11_child[3367]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 643s [p11_child[3367]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so Test Organization Sub Int Token Test Organization Sub Int Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 643s [p11_child[3367]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x3fc96f7a;slot-manufacturer=SoftHSM%20project;slot-id=1070165882;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=868660683fc96f7a;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 643s [p11_child[3367]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 643s [p11_child[3367]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 643s [p11_child[3367]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 643s [p11_child[3367]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 643s [p11_child[3367]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 643s [p11_child[3367]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 643s [p11_child[3367]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 643s [p11_child[3367]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 643s [p11_child[3367]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 643s [p11_child[3367]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 643s [p11_child[3367]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 643s [p11_child[3367]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 643s [p11_child[3367]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 643s [p11_child[3367]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 643s [p11_child[3367]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 643s [p11_child[3367]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 643s [p11_child[3367]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 643s [p11_child[3367]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 643s [p11_child[3367]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 643s [p11_child[3367]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 643s [p11_child[3367]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 643s [p11_child[3367]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 643s [p11_child[3367]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 643s [p11_child[3367]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 643s [p11_child[3367]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 643s [p11_child[3367]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 643s [p11_child[3367]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 643s [p11_child[3367]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 643s [p11_child[3367]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 643s [p11_child[3367]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 643s [p11_child[3367]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 643s [p11_child[3367]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 643s [p11_child[3367]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 643s [p11_child[3367]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 643s [p11_child[3367]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 643s [p11_child[3367]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 643s [p11_child[3367]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 643s [p11_child[3367]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 643s [p11_child[3367]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 643s [p11_child[3367]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 643s [p11_child[3367]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 643s [p11_child[3367]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 643s [p11_child[3367]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 643s [p11_child[3367]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 643s [p11_child[3367]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 643s [p11_child[3367]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 643s [p11_child[3367]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 643s [p11_child[3367]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 643s [p11_child[3367]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 643s [p11_child[3367]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 643s [p11_child[3367]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 643s [p11_child[3367]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 643s [p11_child[3367]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 643s [p11_child[3367]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 643s [p11_child[3367]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 643s [p11_child[3367]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 643s [p11_child[3367]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 643s [p11_child[3367]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 643s [p11_child[3367]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 643s [p11_child[3367]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 643s [p11_child[3367]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 643s [p11_child[3367]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 643s [p11_child[3367]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 643s [p11_child[3367]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 643s [p11_child[3367]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 643s [p11_child[3367]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 643s [p11_child[3367]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 643s [p11_child[3367]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 643s [p11_child[3367]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 643s [p11_child[3367]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 643s [p11_child[3367]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 643s [p11_child[3367]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 643s [p11_child[3367]] [do_card] (0x4000): Certificate verified and validated. 643s [p11_child[3367]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 643s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-cIPFgF/SSSD-child-28409-auth.output 643s + echo '-----BEGIN CERTIFICATE-----' 643s + tail -n1 /tmp/sssd-softhsm2-cIPFgF/SSSD-child-28409-auth.output 643s + echo '-----END CERTIFICATE-----' 643s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-cIPFgF/SSSD-child-28409-auth.pem 643s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-cIPFgF/SSSD-child-28409-auth.pem 643s + found_md5=Modulus=E0078593DD40C28FBEEC38598AF8F3F037B2334560BFA2287B639EA8451E59F533B5E3642ABBC0E63CCE5A14162343F205AFD6A2E19AB1099013F8BB1E301A4DA407EDD1AC0749573CFB0D4AC770302B7D63DD71254C772C8E399A48A13833A1F612499B0386D86444AE3CDB91AB3B7BCFEB2ACD8164BC5B57B7478FF04CB5AF 643s + '[' Modulus=E0078593DD40C28FBEEC38598AF8F3F037B2334560BFA2287B639EA8451E59F533B5E3642ABBC0E63CCE5A14162343F205AFD6A2E19AB1099013F8BB1E301A4DA407EDD1AC0749573CFB0D4AC770302B7D63DD71254C772C8E399A48A13833A1F612499B0386D86444AE3CDB91AB3B7BCFEB2ACD8164BC5B57B7478FF04CB5AF '!=' Modulus=E0078593DD40C28FBEEC38598AF8F3F037B2334560BFA2287B639EA8451E59F533B5E3642ABBC0E63CCE5A14162343F205AFD6A2E19AB1099013F8BB1E301A4DA407EDD1AC0749573CFB0D4AC770302B7D63DD71254C772C8E399A48A13833A1F612499B0386D86444AE3CDB91AB3B7BCFEB2ACD8164BC5B57B7478FF04CB5AF ']' 643s + set +x 643s 643s Test completed, Root CA and intermediate issued certificates verified! 644s autopkgtest [04:53:31]: test sssd-softhism2-certificates-tests.sh: -----------------------] 645s autopkgtest [04:53:32]: test sssd-softhism2-certificates-tests.sh: - - - - - - - - - - results - - - - - - - - - - 645s sssd-softhism2-certificates-tests.sh PASS 646s autopkgtest [04:53:32]: test sssd-smart-card-pam-auth-configs: preparing testbed 650s Reading package lists... 651s Building dependency tree... 651s Reading state information... 652s Starting pkgProblemResolver with broken count: 0 653s Starting 2 pkgProblemResolver with broken count: 0 653s Done 655s The following additional packages will be installed: 655s pamtester 655s The following NEW packages will be installed: 655s autopkgtest-satdep pamtester 655s 0 upgraded, 2 newly installed, 0 to remove and 0 not upgraded. 655s Need to get 12.3 kB/13.0 kB of archives. 655s After this operation, 36.9 kB of additional disk space will be used. 655s Get:1 /tmp/autopkgtest.imJSzo/4-autopkgtest-satdep.deb autopkgtest-satdep arm64 0 [760 B] 655s Get:2 http://ftpmaster.internal/ubuntu noble/universe arm64 pamtester arm64 0.1.2-4 [12.3 kB] 656s Fetched 12.3 kB in 0s (59.3 kB/s) 656s Selecting previously unselected package pamtester. 656s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 76439 files and directories currently installed.) 656s Preparing to unpack .../pamtester_0.1.2-4_arm64.deb ... 656s Unpacking pamtester (0.1.2-4) ... 657s Selecting previously unselected package autopkgtest-satdep. 657s Preparing to unpack .../4-autopkgtest-satdep.deb ... 657s Unpacking autopkgtest-satdep (0) ... 657s Setting up pamtester (0.1.2-4) ... 657s Setting up autopkgtest-satdep (0) ... 657s Processing triggers for man-db (2.12.0-3) ... 666s (Reading database ... 76445 files and directories currently installed.) 666s Removing autopkgtest-satdep (0) ... 667s autopkgtest [04:53:54]: test sssd-smart-card-pam-auth-configs: env OFFLINE_MODE=1 bash debian/tests/sssd-smart-card-pam-auth-configs-tester.sh 667s autopkgtest [04:53:54]: test sssd-smart-card-pam-auth-configs: [----------------------- 667s + '[' -z ubuntu ']' 667s + export DEBIAN_FRONTEND=noninteractive 667s + DEBIAN_FRONTEND=noninteractive 667s + required_tools=(pamtester softhsm2-util sssd) 667s + [[ ! -v OFFLINE_MODE ]] 667s + for cmd in "${required_tools[@]}" 667s + command -v pamtester 667s + for cmd in "${required_tools[@]}" 667s + command -v softhsm2-util 667s + for cmd in "${required_tools[@]}" 667s + command -v sssd 667s + PIN=123456 667s ++ mktemp -d -t sssd-softhsm2-certs-XXXXXX 667s + tmpdir=/tmp/sssd-softhsm2-certs-ktlLbD 667s + backupsdir= 667s + alternative_pam_configs=(sss-smart-card-optional sss-smart-card-required) 667s + declare -a restore_paths 667s + declare -a delete_paths 667s + trap handle_exit EXIT 667s ++ dirname debian/tests/sssd-smart-card-pam-auth-configs-tester.sh 667s + tester=debian/tests/sssd-softhism2-certificates-tests.sh 667s + '[' '!' -e debian/tests/sssd-softhism2-certificates-tests.sh ']' 667s + '[' '!' -e debian/tests/sssd-softhism2-certificates-tests.sh ']' 667s + export PIN TEST_TMPDIR=/tmp/sssd-softhsm2-certs-ktlLbD GENERATE_SMART_CARDS=1 KEEP_TEMPORARY_FILES=1 NO_SSSD_TESTS=1 667s + TEST_TMPDIR=/tmp/sssd-softhsm2-certs-ktlLbD 667s + GENERATE_SMART_CARDS=1 667s + KEEP_TEMPORARY_FILES=1 667s + NO_SSSD_TESTS=1 667s + bash debian/tests/sssd-softhism2-certificates-tests.sh 667s + '[' -z ubuntu ']' 667s + required_tools=(p11tool openssl softhsm2-util) 667s + for cmd in "${required_tools[@]}" 667s + command -v p11tool 667s + for cmd in "${required_tools[@]}" 667s + command -v openssl 667s + for cmd in "${required_tools[@]}" 667s + command -v softhsm2-util 667s + PIN=123456 667s +++ find /usr/lib/softhsm/libsofthsm2.so 667s +++ head -n 1 667s ++ realpath /usr/lib/softhsm/libsofthsm2.so 667s + SOFTHSM2_MODULE=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so 667s + SSSD_P11_CHILD=/usr/libexec/sssd/p11_child 667s + TOKEN_ID=00112233445566778899FFAABBCCDDEEFF012345 667s + '[' '!' -v NO_SSSD_TESTS ']' 667s + '[' '!' -e /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so ']' 667s + tmpdir=/tmp/sssd-softhsm2-certs-ktlLbD 667s + keys_size=1024 667s + [[ ! -v KEEP_TEMPORARY_FILES ]] 667s + trap 'set +x; echo -e "\nUnexpected failure!!!"' ERR 667s + echo -n 01 667s + touch /tmp/sssd-softhsm2-certs-ktlLbD/index.txt 667s + mkdir -p /tmp/sssd-softhsm2-certs-ktlLbD/new_certs 667s + cat 667s + root_ca_key_pass=pass:random-root-CA-password-15292 667s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-certs-ktlLbD/test-root-CA-key.pem -passout pass:random-root-CA-password-15292 1024 667s + openssl req -passin pass:random-root-CA-password-15292 -batch -config /tmp/sssd-softhsm2-certs-ktlLbD/test-root-CA.config -x509 -new -nodes -key /tmp/sssd-softhsm2-certs-ktlLbD/test-root-CA-key.pem -sha256 -days 1024 -set_serial 0 -extensions v3_ca -out /tmp/sssd-softhsm2-certs-ktlLbD/test-root-CA.pem 667s + openssl x509 -noout -in /tmp/sssd-softhsm2-certs-ktlLbD/test-root-CA.pem 667s + cat 667s + intermediate_ca_key_pass=pass:random-intermediate-CA-password-2557 667s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-certs-ktlLbD/test-intermediate-CA-key.pem -passout pass:random-intermediate-CA-password-2557 1024 667s + openssl req -batch -new -nodes -passin pass:random-intermediate-CA-password-2557 -config /tmp/sssd-softhsm2-certs-ktlLbD/test-intermediate-CA.config -key /tmp/sssd-softhsm2-certs-ktlLbD/test-intermediate-CA-key.pem -passout pass:random-root-CA-password-15292 -sha256 -extensions v3_ca -out /tmp/sssd-softhsm2-certs-ktlLbD/test-intermediate-CA-certificate-request.pem 667s + openssl req -text -noout -in /tmp/sssd-softhsm2-certs-ktlLbD/test-intermediate-CA-certificate-request.pem 667s Certificate Request: 667s Data: 667s Version: 1 (0x0) 667s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 667s Subject Public Key Info: 667s Public Key Algorithm: rsaEncryption 667s Public-Key: (1024 bit) 667s Modulus: 667s 00:e1:1e:f7:ce:f7:36:11:0c:15:4e:2b:61:41:cf: 667s 9f:3d:58:bd:cd:27:30:7d:50:77:8a:8c:d3:84:82: 667s df:c8:1c:2c:74:e2:b5:b7:e6:2b:7f:fd:16:d2:85: 667s 56:80:ad:0d:ab:01:85:ee:ed:dd:0e:ae:17:00:4a: 667s ab:0d:57:6c:76:aa:ff:9c:95:49:d7:9c:2b:92:14: 667s f6:52:ac:e7:3f:dd:a0:d1:1e:5a:fd:da:9f:8a:76: 667s 15:22:6b:62:03:07:30:1a:50:e2:a8:ed:74:14:ab: 667s 07:8d:48:f4:61:07:be:ab:92:4e:9b:b0:0b:ff:7f: 667s 64:18:28:09:4e:ee:9c:c8:c7 667s Exponent: 65537 (0x10001) 667s Attributes: 667s (none) 667s Requested Extensions: 667s Signature Algorithm: sha256WithRSAEncryption 667s Signature Value: 667s 6d:b1:a8:1a:f8:38:f2:45:10:80:0d:f1:a6:3c:e2:f2:5c:dc: 667s 34:2e:82:31:18:e2:c0:08:58:98:e6:72:ad:31:ee:83:ae:93: 667s 36:58:00:f1:a5:26:48:bf:30:da:19:a9:d0:79:ae:30:68:53: 667s 9a:f1:0f:2b:ae:06:e4:dd:93:c3:c8:09:1c:18:ef:b7:4c:6c: 667s da:7a:5e:a3:d7:fd:58:a6:f1:44:3c:36:87:df:c5:a1:9d:45: 667s 67:68:1b:26:6c:42:c9:2b:3d:64:38:3f:59:8d:8b:31:43:e1: 667s af:c0:f4:ac:0c:fa:b3:b7:96:c6:ba:7a:e2:d0:33:95:d4:6b: 667s f6:df 667s + openssl ca -batch -notext -config /tmp/sssd-softhsm2-certs-ktlLbD/test-root-CA.config -passin pass:random-root-CA-password-15292 -keyfile /tmp/sssd-softhsm2-certs-ktlLbD/test-root-CA-key.pem -in /tmp/sssd-softhsm2-certs-ktlLbD/test-intermediate-CA-certificate-request.pem -days 365 -extensions v3_intermediate_ca -out /tmp/sssd-softhsm2-certs-ktlLbD/test-intermediate-CA.pem 667s Using configuration from /tmp/sssd-softhsm2-certs-ktlLbD/test-root-CA.config 667s Check that the request matches the signature 667s Signature ok 668s Certificate Details: 668s Serial Number: 1 (0x1) 668s Validity 668s Not Before: Mar 20 04:53:54 2024 GMT 668s Not After : Mar 20 04:53:54 2025 GMT 668s Subject: 668s organizationName = Test Organization 668s organizationalUnitName = Test Organization Unit 668s commonName = Test Organization Intermediate CA 668s X509v3 extensions: 668s X509v3 Subject Key Identifier: 668s F4:32:BC:05:A0:54:FF:56:AD:20:92:97:57:E2:22:66:87:E1:A0:9A 668s X509v3 Authority Key Identifier: 668s keyid:07:7A:80:90:E4:71:C1:B9:88:50:D3:96:9D:05:51:0D:E5:FC:02:55 668s DirName:/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root CA 668s serial:00 668s X509v3 Basic Constraints: 668s CA:TRUE 668s X509v3 Key Usage: critical 668s Digital Signature, Certificate Sign, CRL Sign 668s Certificate is to be certified until Mar 20 04:53:54 2025 GMT (365 days) 668s 668s Write out database with 1 new entries 668s Database updated 668s + openssl x509 -noout -in /tmp/sssd-softhsm2-certs-ktlLbD/test-intermediate-CA.pem 668s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-ktlLbD/test-root-CA.pem /tmp/sssd-softhsm2-certs-ktlLbD/test-intermediate-CA.pem 668s /tmp/sssd-softhsm2-certs-ktlLbD/test-intermediate-CA.pem: OK 668s + cat 668s + sub_intermediate_ca_key_pass=pass:random-sub-intermediate-CA-password-9527 668s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-certs-ktlLbD/test-sub-intermediate-CA-key.pem -passout pass:random-sub-intermediate-CA-password-9527 1024 668s + openssl req -batch -new -nodes -passin pass:random-sub-intermediate-CA-password-9527 -config /tmp/sssd-softhsm2-certs-ktlLbD/test-sub-intermediate-CA.config -key /tmp/sssd-softhsm2-certs-ktlLbD/test-sub-intermediate-CA-key.pem -passout pass:random-intermediate-CA-password-2557 -sha256 -extensions v3_ca -out /tmp/sssd-softhsm2-certs-ktlLbD/test-sub-intermediate-CA-certificate-request.pem 668s + openssl req -text -noout -in /tmp/sssd-softhsm2-certs-ktlLbD/test-sub-intermediate-CA-certificate-request.pem 668s Certificate Request: 668s Data: 668s Version: 1 (0x0) 668s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 668s Subject Public Key Info: 668s Public Key Algorithm: rsaEncryption 668s Public-Key: (1024 bit) 668s Modulus: 668s 00:be:03:5c:5e:08:de:e0:94:d4:d0:d1:7c:97:7a: 668s 1b:62:b6:23:80:78:81:64:83:dd:21:9e:06:96:c3: 668s 0b:aa:b3:8d:95:82:9b:53:7d:ea:62:9b:75:ad:96: 668s 0d:37:34:f4:af:e9:d9:25:09:48:82:a3:b9:ac:21: 668s 24:66:38:29:6b:37:7c:af:00:43:f0:29:e4:26:42: 668s 80:89:e6:3e:c1:9a:de:c9:2e:95:6c:b3:3e:01:c9: 668s 63:7a:c1:f7:f1:34:38:6d:07:48:e7:b7:ef:6d:43: 668s 6c:6f:fc:0e:c9:74:20:c8:6c:50:9a:4e:70:5c:01: 668s dc:ab:3f:b0:3a:24:6d:aa:31 668s Exponent: 65537 (0x10001) 668s Attributes: 668s (none) 668s Requested Extensions: 668s Signature Algorithm: sha256WithRSAEncryption 668s Signature Value: 668s 59:d6:b8:13:70:3d:dd:b4:fc:af:0e:e1:99:47:a3:09:39:54: 668s d9:09:0e:fb:1a:62:48:1d:e9:68:14:ae:35:cf:d2:51:50:1f: 668s 55:8b:76:7f:f6:7d:a7:60:0e:4d:e1:e5:9b:15:04:0f:aa:cf: 668s 93:1f:32:35:42:3e:cb:7b:9a:0a:3d:dc:c6:2d:9a:fa:2f:6b: 668s 76:c5:2d:18:f5:45:79:ff:59:55:df:9a:b0:f3:5d:15:97:27: 668s 59:d0:45:3f:84:29:fd:97:61:a5:91:50:ce:4d:c8:7c:dd:8a: 668s 95:ae:d3:d4:4d:0e:70:a4:7b:4b:fc:50:83:15:df:5f:ef:e4: 668s db:5e 668s + openssl ca -batch -notext -config /tmp/sssd-softhsm2-certs-ktlLbD/test-intermediate-CA.config -passin pass:random-intermediate-CA-password-2557 -keyfile /tmp/sssd-softhsm2-certs-ktlLbD/test-intermediate-CA-key.pem -in /tmp/sssd-softhsm2-certs-ktlLbD/test-sub-intermediate-CA-certificate-request.pem -days 365 -extensions v3_intermediate_ca -out /tmp/sssd-softhsm2-certs-ktlLbD/test-sub-intermediate-CA.pem 668s Using configuration from /tmp/sssd-softhsm2-certs-ktlLbD/test-intermediate-CA.config 668s Check that the request matches the signature 668s Signature ok 668s Certificate Details: 668s Serial Number: 2 (0x2) 668s Validity 668s Not Before: Mar 20 04:53:55 2024 GMT 668s Not After : Mar 20 04:53:55 2025 GMT 668s Subject: 668s organizationName = Test Organization 668s organizationalUnitName = Test Organization Unit 668s commonName = Test Organization Sub Intermediate CA 668s X509v3 extensions: 668s X509v3 Subject Key Identifier: 668s 0A:ED:DD:7C:3B:6F:A5:1E:6A:F3:2B:5F:D2:44:FA:86:61:46:03:89 668s X509v3 Authority Key Identifier: 668s keyid:F4:32:BC:05:A0:54:FF:56:AD:20:92:97:57:E2:22:66:87:E1:A0:9A 668s DirName:/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root CA 668s serial:01 668s X509v3 Basic Constraints: 668s CA:TRUE 668s X509v3 Key Usage: critical 668s Digital Signature, Certificate Sign, CRL Sign 668s Certificate is to be certified until Mar 20 04:53:55 2025 GMT (365 days) 668s 668s Write out database with 1 new entries 668s Database updated 668s + openssl x509 -noout -in /tmp/sssd-softhsm2-certs-ktlLbD/test-sub-intermediate-CA.pem 668s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-certs-ktlLbD/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-ktlLbD/test-sub-intermediate-CA.pem 668s /tmp/sssd-softhsm2-certs-ktlLbD/test-sub-intermediate-CA.pem: OK 668s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-certs-ktlLbD/test-root-CA.pem /tmp/sssd-softhsm2-certs-ktlLbD/test-sub-intermediate-CA.pem 668s + local cmd=openssl 668s + shift 668s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-ktlLbD/test-root-CA.pem /tmp/sssd-softhsm2-certs-ktlLbD/test-sub-intermediate-CA.pem 668s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 668s error 20 at 0 depth lookup: unable to get local issuer certificate 668s error /tmp/sssd-softhsm2-certs-ktlLbD/test-sub-intermediate-CA.pem: verification failed 668s + cat 668s + root_ca_trusted_cert_0001_key_pass=pass:random-root-ca-trusted-cert-0001-17138 668s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-certs-ktlLbD/test-root-CA-trusted-certificate-0001-key.pem -passout pass:random-root-ca-trusted-cert-0001-17138 1024 668s + openssl req -new -nodes -reqexts req_exts -passin pass:random-root-ca-trusted-cert-0001-17138 -key /tmp/sssd-softhsm2-certs-ktlLbD/test-root-CA-trusted-certificate-0001-key.pem -config /tmp/sssd-softhsm2-certs-ktlLbD/test-root-CA-trusted-certificate-0001.config -out /tmp/sssd-softhsm2-certs-ktlLbD/test-root-CA-trusted-certificate-0001-request.pem 668s + openssl req -text -noout -in /tmp/sssd-softhsm2-certs-ktlLbD/test-root-CA-trusted-certificate-0001-request.pem 668s Certificate Request: 668s Data: 668s Version: 1 (0x0) 668s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 668s Subject Public Key Info: 668s Public Key Algorithm: rsaEncryption 668s Public-Key: (1024 bit) 668s Modulus: 668s 00:ae:dc:3e:25:12:97:51:93:64:0a:24:81:ad:c9: 668s ae:38:d2:09:1f:13:b6:fa:22:d9:39:76:d9:6d:67: 668s 62:78:c4:f4:97:23:2c:40:67:65:29:83:0a:57:65: 668s 31:ca:d4:18:ec:22:20:5b:6c:d5:b3:ba:86:98:2c: 668s 7c:ce:f3:2b:df:4e:e2:8c:74:2d:e5:e3:28:ec:4b: 668s f4:08:2f:9d:ed:57:72:13:af:57:78:d6:6d:89:58: 668s 7e:e9:2b:af:94:9a:a5:56:dc:f7:a5:b3:b4:88:a3: 668s 29:f5:db:e8:8b:8e:aa:13:c6:16:e2:e6:9d:c7:f6: 668s d4:b0:64:4c:fc:23:d1:af:99 668s Exponent: 65537 (0x10001) 668s Attributes: 668s Requested Extensions: 668s X509v3 Basic Constraints: 668s CA:FALSE 668s Netscape Cert Type: 668s SSL Client, S/MIME 668s Netscape Comment: 668s Test Organization Root CA trusted Certificate 668s X509v3 Subject Key Identifier: 668s 91:21:97:E5:6D:C4:E7:D4:42:3B:D9:3A:F0:F8:F6:74:D0:2A:5F:B3 668s X509v3 Key Usage: critical 668s Digital Signature, Non Repudiation, Key Encipherment 668s X509v3 Extended Key Usage: 668s TLS Web Client Authentication, E-mail Protection 668s X509v3 Subject Alternative Name: 668s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 668s Signature Algorithm: sha256WithRSAEncryption 668s Signature Value: 668s 5b:87:c3:98:97:2a:29:68:1f:6a:1d:a3:69:33:53:90:f5:58: 668s 53:fc:27:e3:a5:9d:d7:ab:ef:e7:6a:39:23:34:b2:3a:87:a7: 668s a8:7f:dc:34:b1:3e:f2:6a:b6:ca:cc:c2:fc:45:7a:aa:a2:2f: 668s 9d:21:75:fb:19:e4:83:20:f8:4b:aa:ee:e0:48:40:af:9a:0c: 668s 19:77:77:8a:90:fd:a0:1c:3a:ff:34:5f:ba:2f:5b:0b:d9:44: 668s fc:87:18:e6:d6:06:c7:d5:0c:20:b3:93:70:f5:ce:38:f0:64: 668s 49:54:75:f7:50:4e:73:c3:5f:65:dd:b3:1c:7b:7b:92:14:54: 668s 61:93 668s + openssl ca -batch -notext -config /tmp/sssd-softhsm2-certs-ktlLbD/test-root-CA.config -passin pass:random-root-CA-password-15292 -keyfile /tmp/sssd-softhsm2-certs-ktlLbD/test-root-CA-key.pem -in /tmp/sssd-softhsm2-certs-ktlLbD/test-root-CA-trusted-certificate-0001-request.pem -days 365 -extensions usr_cert -out /tmp/sssd-softhsm2-certs-ktlLbD/test-root-CA-trusted-certificate-0001.pem 668s Using configuration from /tmp/sssd-softhsm2-certs-ktlLbD/test-root-CA.config 668s Check that the request matches the signature 668s Signature ok 668s Certificate Details: 668s Serial Number: 3 (0x3) 668s Validity 668s Not Before: Mar 20 04:53:55 2024 GMT 668s Not After : Mar 20 04:53:55 2025 GMT 668s Subject: 668s organizationName = Test Organization 668s organizationalUnitName = Test Organization Unit 668s commonName = Test Organization Root Trusted Certificate 0001 668s X509v3 extensions: 668s X509v3 Authority Key Identifier: 668s 07:7A:80:90:E4:71:C1:B9:88:50:D3:96:9D:05:51:0D:E5:FC:02:55 668s X509v3 Basic Constraints: 668s CA:FALSE 668s Netscape Cert Type: 668s SSL Client, S/MIME 668s Netscape Comment: 668s Test Organization Root CA trusted Certificate 668s X509v3 Subject Key Identifier: 668s 91:21:97:E5:6D:C4:E7:D4:42:3B:D9:3A:F0:F8:F6:74:D0:2A:5F:B3 668s X509v3 Key Usage: critical 668s Digital Signature, Non Repudiation, Key Encipherment 668s X509v3 Extended Key Usage: 668s TLS Web Client Authentication, E-mail Protection 668s X509v3 Subject Alternative Name: 668s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 668s Certificate is to be certified until Mar 20 04:53:55 2025 GMT (365 days) 668s 668s Write out database with 1 new entries 668s Database updated 668s + openssl x509 -noout -in /tmp/sssd-softhsm2-certs-ktlLbD/test-root-CA-trusted-certificate-0001.pem 668s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-ktlLbD/test-root-CA.pem /tmp/sssd-softhsm2-certs-ktlLbD/test-root-CA-trusted-certificate-0001.pem 668s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-certs-ktlLbD/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-ktlLbD/test-root-CA-trusted-certificate-0001.pem 668s /tmp/sssd-softhsm2-certs-ktlLbD/test-root-CA-trusted-certificate-0001.pem: OK 668s + local cmd=openssl 668s + shift 668s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-ktlLbD/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-ktlLbD/test-root-CA-trusted-certificate-0001.pem 668s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 668s error 20 at 0 depth lookup: unable to get local issuer certificate 668s error /tmp/sssd-softhsm2-certs-ktlLbD/test-root-CA-trusted-certificate-0001.pem: verification failed 668s + cat 668s + intermediate_ca_trusted_cert_0001_key_pass=pass:random-intermediate-ca-trusted-cert-0001-1855 668s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-certs-ktlLbD/test-intermediate-CA-trusted-certificate-0001-key.pem -passout pass:random-intermediate-ca-trusted-cert-0001-1855 1024 668s + openssl req -new -nodes -reqexts req_exts -passin pass:random-intermediate-ca-trusted-cert-0001-1855 -key /tmp/sssd-softhsm2-certs-ktlLbD/test-intermediate-CA-trusted-certificate-0001-key.pem -config /tmp/sssd-softhsm2-certs-ktlLbD/test-intermediate-CA-trusted-certificate-0001.config -out /tmp/sssd-softhsm2-certs-ktlLbD/test-intermediate-CA-trusted-certificate-0001-request.pem 668s + openssl req -text -noout -in /tmp/sssd-softhsm2-certs-ktlLbD/test-intermediate-CA-trusted-certificate-0001-request.pem 668s Certificate Request: 668s Data: 668s Version: 1 (0x0) 668s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 668s Subject Public Key Info: 668s Public Key Algorithm: rsaEncryption 668s Public-Key: (1024 bit) 668s Modulus: 668s 00:d6:a2:06:9a:83:cb:54:c6:9a:b2:32:db:db:81: 668s ad:c6:8a:19:6b:37:2f:65:ac:54:62:8d:0b:81:93: 668s ff:0e:4c:ac:a9:1d:0a:5a:c7:20:55:87:e5:75:51: 668s a1:5a:da:ec:49:5c:17:07:7c:aa:98:c5:87:ad:a0: 668s 4f:2d:d2:d0:d6:53:27:45:d0:36:82:2b:2b:ff:37: 668s 48:f6:df:ef:c0:25:d1:dc:d9:eb:f5:c7:f3:a0:c1: 668s 35:0e:56:3e:68:3f:22:82:b9:c5:3a:6d:b0:04:eb: 668s c3:e5:54:16:a8:cf:69:53:38:22:23:a0:cc:41:8e: 668s 05:1b:d9:23:5a:8f:99:e3:59 668s Exponent: 65537 (0x10001) 668s Attributes: 668s Requested Extensions: 668s X509v3 Basic Constraints: 668s CA:FALSE 668s Netscape Cert Type: 668s SSL Client, S/MIME 668s Netscape Comment: 668s Test Organization Intermediate CA trusted Certificate 668s X509v3 Subject Key Identifier: 668s 93:9E:A4:11:C0:BE:E7:62:DC:70:EC:72:8F:98:F4:9B:85:57:61:83 668s X509v3 Key Usage: critical 668s Digital Signature, Non Repudiation, Key Encipherment 668s X509v3 Extended Key Usage: 668s TLS Web Client Authentication, E-mail Protection 668s X509v3 Subject Alternative Name: 668s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 668s Signature Algorithm: sha256WithRSAEncryption 668s Signature Value: 668s 81:fa:39:7f:9b:f6:5e:2a:21:7e:37:3c:50:94:bb:44:f8:bb: 668s 0f:b2:aa:1c:e8:05:0c:18:d7:a5:ca:0b:46:e5:32:f6:c0:5c: 668s 36:52:76:73:0a:fb:85:74:bb:5b:29:85:a0:64:17:5e:aa:45: 668s 22:99:d7:2e:bc:f0:00:86:e9:0b:bf:50:91:3f:12:51:5a:dd: 668s a0:95:b2:d9:92:12:62:eb:81:93:0c:ae:e6:32:92:0d:6e:aa: 668s a6:29:da:08:f2:d1:e8:fd:70:4c:f8:05:c3:f7:b8:95:a9:95: 668s a1:75:6a:11:3f:b9:e7:3b:a6:a4:4d:b6:c7:0b:22:e6:86:a4: 668s 0e:e8 668s + openssl ca -passin pass:random-intermediate-CA-password-2557 -config /tmp/sssd-softhsm2-certs-ktlLbD/test-intermediate-CA.config -batch -notext -keyfile /tmp/sssd-softhsm2-certs-ktlLbD/test-intermediate-CA-key.pem -in /tmp/sssd-softhsm2-certs-ktlLbD/test-intermediate-CA-trusted-certificate-0001-request.pem -days 365 -extensions usr_cert -out /tmp/sssd-softhsm2-certs-ktlLbD/test-intermediate-CA-trusted-certificate-0001.pem 668s Using configuration from /tmp/sssd-softhsm2-certs-ktlLbD/test-intermediate-CA.config 668s Check that the request matches the signature 668s Signature ok 668s Certificate Details: 668s Serial Number: 4 (0x4) 668s Validity 668s Not Before: Mar 20 04:53:55 2024 GMT 668s Not After : Mar 20 04:53:55 2025 GMT 668s Subject: 668s organizationName = Test Organization 668s organizationalUnitName = Test Organization Unit 668s commonName = Test Organization Intermediate Trusted Certificate 0001 668s X509v3 extensions: 668s X509v3 Authority Key Identifier: 668s F4:32:BC:05:A0:54:FF:56:AD:20:92:97:57:E2:22:66:87:E1:A0:9A 668s X509v3 Basic Constraints: 668s CA:FALSE 668s Netscape Cert Type: 668s SSL Client, S/MIME 668s Netscape Comment: 668s Test Organization Intermediate CA trusted Certificate 668s X509v3 Subject Key Identifier: 668s 93:9E:A4:11:C0:BE:E7:62:DC:70:EC:72:8F:98:F4:9B:85:57:61:83 668s X509v3 Key Usage: critical 668s Digital Signature, Non Repudiation, Key Encipherment 668s X509v3 Extended Key Usage: 668s TLS Web Client Authentication, E-mail Protection 668s X509v3 Subject Alternative Name: 668s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 668s Certificate is to be certified until Mar 20 04:53:55 2025 GMT (365 days) 668s 668s Write out database with 1 new entries 668s Database updated 668s + openssl x509 -noout -in /tmp/sssd-softhsm2-certs-ktlLbD/test-intermediate-CA-trusted-certificate-0001.pem 669s + echo 'This certificate should not be trusted fully' 669s This certificate should not be trusted fully 669s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-certs-ktlLbD/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-ktlLbD/test-intermediate-CA-trusted-certificate-0001.pem 669s + local cmd=openssl 669s + shift 669s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-ktlLbD/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-ktlLbD/test-intermediate-CA-trusted-certificate-0001.pem 669s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 669s error 2 at 1 depth lookup: unable to get issuer certificate 669s error /tmp/sssd-softhsm2-certs-ktlLbD/test-intermediate-CA-trusted-certificate-0001.pem: verification failed 669s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-certs-ktlLbD/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-ktlLbD/test-intermediate-CA-trusted-certificate-0001.pem 669s /tmp/sssd-softhsm2-certs-ktlLbD/test-intermediate-CA-trusted-certificate-0001.pem: OK 669s + cat 669s + sub_intermediate_ca_trusted_cert_0001_key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-19853 669s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-certs-ktlLbD/test-sub-intermediate-CA-trusted-certificate-0001-key.pem -passout pass:random-sub-intermediate-ca-trusted-cert-0001-19853 1024 669s + openssl req -new -nodes -reqexts req_exts -passin pass:random-sub-intermediate-ca-trusted-cert-0001-19853 -key /tmp/sssd-softhsm2-certs-ktlLbD/test-sub-intermediate-CA-trusted-certificate-0001-key.pem -config /tmp/sssd-softhsm2-certs-ktlLbD/test-sub-intermediate-CA-trusted-certificate-0001.config -out /tmp/sssd-softhsm2-certs-ktlLbD/test-sub-intermediate-CA-trusted-certificate-0001-request.pem 669s + openssl req -text -noout -in /tmp/sssd-softhsm2-certs-ktlLbD/test-sub-intermediate-CA-trusted-certificate-0001-request.pem 669s Certificate Request: 669s Data: 669s Version: 1 (0x0) 669s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 669s Subject Public Key Info: 669s Public Key Algorithm: rsaEncryption 669s Public-Key: (1024 bit) 669s Modulus: 669s 00:e4:1d:df:fe:f3:ad:81:91:7e:9b:1f:82:2c:3e: 669s e4:a2:23:09:d0:96:06:74:3e:df:08:c3:21:9b:01: 669s 0d:7c:1c:12:1b:42:bd:95:b9:67:13:f1:dd:9b:2b: 669s 0e:d5:1a:b3:0a:e2:e3:93:31:f5:17:03:a2:fa:c9: 669s 72:24:c3:a6:80:4f:f6:27:32:d3:8f:20:90:9e:5a: 669s 3f:aa:11:74:48:eb:7b:2b:2c:b2:1e:0e:4c:9f:fa: 669s 6c:6d:a0:ef:01:94:6b:29:77:d0:94:29:7b:f8:8b: 669s b0:f9:bb:28:ad:8e:f0:6b:22:00:d5:12:74:b4:09: 669s 20:f8:aa:76:3c:c8:cd:a7:f3 669s Exponent: 65537 (0x10001) 669s Attributes: 669s Requested Extensions: 669s X509v3 Basic Constraints: 669s CA:FALSE 669s Netscape Cert Type: 669s SSL Client, S/MIME 669s Netscape Comment: 669s Test Organization Sub Intermediate CA trusted Certificate 669s X509v3 Subject Key Identifier: 669s 8D:4D:AA:88:F8:37:71:DB:5A:B6:10:5B:CA:6E:30:CC:F8:3C:04:8A 669s X509v3 Key Usage: critical 669s Digital Signature, Non Repudiation, Key Encipherment 669s X509v3 Extended Key Usage: 669s TLS Web Client Authentication, E-mail Protection 669s X509v3 Subject Alternative Name: 669s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 669s Signature Algorithm: sha256WithRSAEncryption 669s Signature Value: 669s 73:c3:41:5e:ea:d1:29:54:f5:f4:51:f4:74:36:69:30:c8:36: 669s e3:3d:9b:c5:3d:f8:73:9d:8d:f2:b4:a5:49:d5:71:b3:07:cc: 669s ef:55:5a:c9:e4:ca:72:e6:cd:2f:1b:b4:36:5b:bf:f0:27:37: 669s 4f:ae:36:b9:3d:aa:97:6e:3b:62:d6:13:ba:79:08:08:7e:b4: 669s ea:cd:b6:f0:8e:1b:29:76:e9:2b:a3:c3:2f:d7:48:94:bd:53: 669s 1c:17:d8:11:6c:42:b6:61:14:e6:e9:8e:eb:19:69:75:d2:3e: 669s fc:0e:2b:7a:79:4d:4a:dc:a2:ce:98:c5:65:de:77:cc:82:98: 669s 43:d1 669s + openssl ca -passin pass:random-sub-intermediate-CA-password-9527 -config /tmp/sssd-softhsm2-certs-ktlLbD/test-sub-intermediate-CA.config -batch -notext -keyfile /tmp/sssd-softhsm2-certs-ktlLbD/test-sub-intermediate-CA-key.pem -in /tmp/sssd-softhsm2-certs-ktlLbD/test-sub-intermediate-CA-trusted-certificate-0001-request.pem -days 365 -extensions usr_cert -out /tmp/sssd-softhsm2-certs-ktlLbD/test-sub-intermediate-CA-trusted-certificate-0001.pem 669s Using configuration from /tmp/sssd-softhsm2-certs-ktlLbD/test-sub-intermediate-CA.config 669s Check that the request matches the signature 669s Signature ok 669s Certificate Details: 669s Serial Number: 5 (0x5) 669s Validity 669s Not Before: Mar 20 04:53:56 2024 GMT 669s Not After : Mar 20 04:53:56 2025 GMT 669s Subject: 669s organizationName = Test Organization 669s organizationalUnitName = Test Organization Unit 669s commonName = Test Organization Sub Intermediate Trusted Certificate 0001 669s X509v3 extensions: 669s X509v3 Authority Key Identifier: 669s 0A:ED:DD:7C:3B:6F:A5:1E:6A:F3:2B:5F:D2:44:FA:86:61:46:03:89 669s X509v3 Basic Constraints: 669s CA:FALSE 669s Netscape Cert Type: 669s SSL Client, S/MIME 669s Netscape Comment: 669s Test Organization Sub Intermediate CA trusted Certificate 669s X509v3 Subject Key Identifier: 669s 8D:4D:AA:88:F8:37:71:DB:5A:B6:10:5B:CA:6E:30:CC:F8:3C:04:8A 669s X509v3 Key Usage: critical 669s Digital Signature, Non Repudiation, Key Encipherment 669s X509v3 Extended Key Usage: 669s TLS Web Client Authentication, E-mail Protection 669s X509v3 Subject Alternative Name: 669s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 669s Certificate is to be certified until Mar 20 04:53:56 2025 GMT (365 days) 669s 669s Write out database with 1 new entries 669s Database updated 669s + openssl x509 -noout -in /tmp/sssd-softhsm2-certs-ktlLbD/test-sub-intermediate-CA-trusted-certificate-0001.pem 669s + echo 'This certificate should not be trusted fully' 669s This certificate should not be trusted fully 669s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-certs-ktlLbD/test-sub-intermediate-CA.pem /tmp/sssd-softhsm2-certs-ktlLbD/test-sub-intermediate-CA-trusted-certificate-0001.pem 669s + local cmd=openssl 669s + shift 669s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-ktlLbD/test-sub-intermediate-CA.pem /tmp/sssd-softhsm2-certs-ktlLbD/test-sub-intermediate-CA-trusted-certificate-0001.pem 669s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 669s error 2 at 1 depth lookup: unable to get issuer certificate 669s error /tmp/sssd-softhsm2-certs-ktlLbD/test-sub-intermediate-CA-trusted-certificate-0001.pem: verification failed 669s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-certs-ktlLbD/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-ktlLbD/test-sub-intermediate-CA-trusted-certificate-0001.pem 669s + local cmd=openssl 669s + shift 669s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-ktlLbD/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-ktlLbD/test-sub-intermediate-CA-trusted-certificate-0001.pem 669s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 669s error 20 at 0 depth lookup: unable to get local issuer certificate 669s error /tmp/sssd-softhsm2-certs-ktlLbD/test-sub-intermediate-CA-trusted-certificate-0001.pem: verification failed 669s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-certs-ktlLbD/test-sub-intermediate-CA.pem /tmp/sssd-softhsm2-certs-ktlLbD/test-sub-intermediate-CA-trusted-certificate-0001.pem 669s /tmp/sssd-softhsm2-certs-ktlLbD/test-sub-intermediate-CA-trusted-certificate-0001.pem: OK 669s + expect_fail openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-certs-ktlLbD/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-ktlLbD/test-sub-intermediate-CA-trusted-certificate-0001.pem 669s + local cmd=openssl 669s + shift 669s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-certs-ktlLbD/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-ktlLbD/test-sub-intermediate-CA-trusted-certificate-0001.pem 669s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 669s error 20 at 0 depth lookup: unable to get local issuer certificate 669s error /tmp/sssd-softhsm2-certs-ktlLbD/test-sub-intermediate-CA-trusted-certificate-0001.pem: verification failed 669s + echo 'Building a the full-chain CA file...' 669s Building a the full-chain CA file... 669s + cat /tmp/sssd-softhsm2-certs-ktlLbD/test-root-CA.pem /tmp/sssd-softhsm2-certs-ktlLbD/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-ktlLbD/test-sub-intermediate-CA.pem 669s + cat /tmp/sssd-softhsm2-certs-ktlLbD/test-root-CA.pem /tmp/sssd-softhsm2-certs-ktlLbD/test-intermediate-CA.pem 669s + cat /tmp/sssd-softhsm2-certs-ktlLbD/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-ktlLbD/test-sub-intermediate-CA.pem 669s + openssl crl2pkcs7 -nocrl -certfile /tmp/sssd-softhsm2-certs-ktlLbD/test-full-chain-CA.pem 669s + openssl pkcs7 -print_certs -noout 669s subject=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 669s issuer=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 669s 669s subject=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 669s issuer=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 669s 669s subject=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 669s issuer=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 669s 669s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-ktlLbD/test-full-chain-CA.pem /tmp/sssd-softhsm2-certs-ktlLbD/test-intermediate-CA.pem 669s /tmp/sssd-softhsm2-certs-ktlLbD/test-intermediate-CA.pem: OK 669s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-ktlLbD/test-full-chain-CA.pem /tmp/sssd-softhsm2-certs-ktlLbD/test-root-CA-trusted-certificate-0001.pem 669s /tmp/sssd-softhsm2-certs-ktlLbD/test-root-CA-trusted-certificate-0001.pem: OK 669s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-ktlLbD/test-full-chain-CA.pem /tmp/sssd-softhsm2-certs-ktlLbD/test-intermediate-CA-trusted-certificate-0001.pem 669s /tmp/sssd-softhsm2-certs-ktlLbD/test-intermediate-CA-trusted-certificate-0001.pem: OK 669s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-ktlLbD/test-full-chain-CA.pem /tmp/sssd-softhsm2-certs-ktlLbD/test-root-intermediate-chain-CA.pem 669s /tmp/sssd-softhsm2-certs-ktlLbD/test-root-intermediate-chain-CA.pem: OK 669s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-ktlLbD/test-full-chain-CA.pem /tmp/sssd-softhsm2-certs-ktlLbD/test-sub-intermediate-CA-trusted-certificate-0001.pem 669s /tmp/sssd-softhsm2-certs-ktlLbD/test-sub-intermediate-CA-trusted-certificate-0001.pem: OK 669s + echo 'Certificates generation completed!' 669s + [[ -v NO_SSSD_TESTS ]] 669s + [[ -v GENERATE_SMART_CARDS ]] 669s + prepare_softhsm2_card /tmp/sssd-softhsm2-certs-ktlLbD/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-17138 669s + local certificate=/tmp/sssd-softhsm2-certs-ktlLbD/test-root-CA-trusted-certificate-0001.pem 669s + local key_pass=pass:random-root-ca-trusted-cert-0001-17138 669s + local key_cn 669s Certificates generation completed! 669s + local key_name 669s + local tokens_dir 669s + local output_cert_file 669s + token_name= 669s ++ basename /tmp/sssd-softhsm2-certs-ktlLbD/test-root-CA-trusted-certificate-0001.pem .pem 669s + key_name=test-root-CA-trusted-certificate-0001 669s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-certs-ktlLbD/test-root-CA-trusted-certificate-0001.pem 669s ++ sed -n 's/ *commonName *= //p' 669s + key_cn='Test Organization Root Trusted Certificate 0001' 669s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 669s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-certs-ktlLbD/softhsm2-test-root-CA-trusted-certificate-0001.conf 669s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-certs-ktlLbD/softhsm2-test-root-CA-trusted-certificate-0001.conf 669s ++ basename /tmp/sssd-softhsm2-certs-ktlLbD/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 669s + tokens_dir=/tmp/sssd-softhsm2-certs-ktlLbD/softhsm2-test-root-CA-trusted-certificate-0001 669s + token_name='Test Organization Root Tr Token' 669s + '[' '!' -e /tmp/sssd-softhsm2-certs-ktlLbD/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 669s + local key_file 669s + local decrypted_key 669s + mkdir -p /tmp/sssd-softhsm2-certs-ktlLbD/softhsm2-test-root-CA-trusted-certificate-0001 669s + key_file=/tmp/sssd-softhsm2-certs-ktlLbD/test-root-CA-trusted-certificate-0001-key.pem 669s + decrypted_key=/tmp/sssd-softhsm2-certs-ktlLbD/test-root-CA-trusted-certificate-0001-key-decrypted.pem 669s + cat 669s + softhsm2-util --init-token --label 'Test Organization Root Tr Token' --pin 123456 --so-pin 123456 --free 669s Slot 0 has a free/uninitialized token. 669s The token has been initialized and is reassigned to slot 918615065 669s + softhsm2-util --show-slots 669s Available slots: 669s Slot 918615065 669s Slot info: 669s Description: SoftHSM slot ID 0x36c0f419 669s Manufacturer ID: SoftHSM project 669s Hardware version: 2.6 669s Firmware version: 2.6 669s Token present: yes 669s Token info: 669s Manufacturer ID: SoftHSM project 669s Model: SoftHSM v2 669s Hardware version: 2.6 669s Firmware version: 2.6 669s Serial number: a5a8b06e36c0f419 669s Initialized: yes 669s User PIN init.: yes 669s Label: Test Organization Root Tr Token 669s Slot 1 669s Slot info: 669s Description: SoftHSM slot ID 0x1 669s Manufacturer ID: SoftHSM project 669s Hardware version: 2.6 669s Firmware version: 2.6 669s Token present: yes 669s Token info: 669s Manufacturer ID: SoftHSM project 669s Model: SoftHSM v2 669s Hardware version: 2.6 669s Firmware version: 2.6 669s Serial number: 669s Initialized: no 669s User PIN init.: no 669s Label: 669s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=/tmp/sssd-softhsm2-certs-ktlLbD/test-root-CA-trusted-certificate-0001.pem --login --set-pin=123456 --label 'Test Organization Root Trusted Certificate 0001' --id 00112233445566778899FFAABBCCDDEEFF012345 669s + openssl rsa -passin pass:random-root-ca-trusted-cert-0001-17138 -in /tmp/sssd-softhsm2-certs-ktlLbD/test-root-CA-trusted-certificate-0001-key.pem -out /tmp/sssd-softhsm2-certs-ktlLbD/test-root-CA-trusted-certificate-0001-key-decrypted.pem 669s writing RSA key 669s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --write --load-privkey=/tmp/sssd-softhsm2-certs-ktlLbD/test-root-CA-trusted-certificate-0001-key-decrypted.pem --login --set-pin=123456 --label 'Test Organization Root Trusted Certificate 0001 Key' --id 00112233445566778899FFAABBCCDDEEFF012345 669s + rm /tmp/sssd-softhsm2-certs-ktlLbD/test-root-CA-trusted-certificate-0001-key-decrypted.pem 669s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --list-all 669s Object 0: 669s URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=a5a8b06e36c0f419;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert 669s Type: X.509 Certificate (RSA-1024) 669s Expires: Thu Mar 20 04:53:55 2025 669s Label: Test Organization Root Trusted Certificate 0001 669s ID: 00:11:22:33:44:55:66:77:88:99:ff:aa:bb:cc:dd:ee:ff:01:23:45 669s 669s + echo 'Test Organization Root Tr Token' 669s Test Organization Root Tr Token 669s + prepare_softhsm2_card /tmp/sssd-softhsm2-certs-ktlLbD/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-1855 669s + local certificate=/tmp/sssd-softhsm2-certs-ktlLbD/test-intermediate-CA-trusted-certificate-0001.pem 669s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-1855 669s + local key_cn 669s + local key_name 669s + local tokens_dir 669s + local output_cert_file 669s + token_name= 669s ++ basename /tmp/sssd-softhsm2-certs-ktlLbD/test-intermediate-CA-trusted-certificate-0001.pem .pem 669s + key_name=test-intermediate-CA-trusted-certificate-0001 669s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-certs-ktlLbD/test-intermediate-CA-trusted-certificate-0001.pem 669s ++ sed -n 's/ *commonName *= //p' 670s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 670s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 670s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-certs-ktlLbD/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 670s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-certs-ktlLbD/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 670s ++ basename /tmp/sssd-softhsm2-certs-ktlLbD/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 670s + tokens_dir=/tmp/sssd-softhsm2-certs-ktlLbD/softhsm2-test-intermediate-CA-trusted-certificate-0001 670s + token_name='Test Organization Interme Token' 670s + '[' '!' -e /tmp/sssd-softhsm2-certs-ktlLbD/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 670s + local key_file 670s + local decrypted_key 670s + mkdir -p /tmp/sssd-softhsm2-certs-ktlLbD/softhsm2-test-intermediate-CA-trusted-certificate-0001 670s + key_file=/tmp/sssd-softhsm2-certs-ktlLbD/test-intermediate-CA-trusted-certificate-0001-key.pem 670s + decrypted_key=/tmp/sssd-softhsm2-certs-ktlLbD/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 670s + cat 670s + softhsm2-util --init-token --label 'Test Organization Interme Token' --pin 123456 --so-pin 123456 --free 670s Slot 0 has a free/uninitialized token. 670s The token has been initialized and is reassigned to slot 437663485 670s + softhsm2-util --show-slots 670s Available slots: 670s Slot 437663485 670s Slot info: 670s Description: SoftHSM slot ID 0x1a1636fd 670s Manufacturer ID: SoftHSM project 670s Hardware version: 2.6 670s Firmware version: 2.6 670s Token present: yes 670s Token info: 670s Manufacturer ID: SoftHSM project 670s Model: SoftHSM v2 670s Hardware version: 2.6 670s Firmware version: 2.6 670s Serial number: c8f058211a1636fd 670s Initialized: yes 670s User PIN init.: yes 670s Label: Test Organization Interme Token 670s Slot 1 670s Slot info: 670s Description: SoftHSM slot ID 0x1 670s Manufacturer ID: SoftHSM project 670s Hardware version: 2.6 670s Firmware version: 2.6 670s Token present: yes 670s Token info: 670s Manufacturer ID: SoftHSM project 670s Model: SoftHSM v2 670s Hardware version: 2.6 670s Firmware version: 2.6 670s Serial number: 670s Initialized: no 670s User PIN init.: no 670s Label: 670s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=/tmp/sssd-softhsm2-certs-ktlLbD/test-intermediate-CA-trusted-certificate-0001.pem --login --set-pin=123456 --label 'Test Organization Intermediate Trusted Certificate 0001' --id 00112233445566778899FFAABBCCDDEEFF012345 670s + openssl rsa -passin pass:random-intermediate-ca-trusted-cert-0001-1855 -in /tmp/sssd-softhsm2-certs-ktlLbD/test-intermediate-CA-trusted-certificate-0001-key.pem -out /tmp/sssd-softhsm2-certs-ktlLbD/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 670s writing RSA key 670s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --write --load-privkey=/tmp/sssd-softhsm2-certs-ktlLbD/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem --login --set-pin=123456 --label 'Test Organization Intermediate Trusted Certificate 0001 Key' --id 00112233445566778899FFAABBCCDDEEFF012345 670s + rm /tmp/sssd-softhsm2-certs-ktlLbD/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 670s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --list-all 670s + echo 'Test Organization Interme Token' 670s + prepare_softhsm2_card /tmp/sssd-softhsm2-certs-ktlLbD/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-19853 670s + local certificate=/tmp/sssd-softhsm2-certs-ktlLbD/test-sub-intermediate-CA-trusted-certificate-0001.pem 670s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-19853 670s + local key_cn 670s + local key_name 670s + local tokens_dir 670s + local output_cert_file 670s + token_name= 670s ++ basename /tmp/sssd-softhsm2-certs-ktlLbD/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 670s Object 0: 670s URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=c8f058211a1636fd;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert 670s Type: X.509 Certificate (RSA-1024) 670s Expires: Thu Mar 20 04:53:55 2025 670s Label: Test Organization Intermediate Trusted Certificate 0001 670s ID: 00:11:22:33:44:55:66:77:88:99:ff:aa:bb:cc:dd:ee:ff:01:23:45 670s 670s Test Organization Interme Token 670s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 670s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-certs-ktlLbD/test-sub-intermediate-CA-trusted-certificate-0001.pem 670s ++ sed -n 's/ *commonName *= //p' 670s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 670s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 670s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-certs-ktlLbD/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 670s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-certs-ktlLbD/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 670s ++ basename /tmp/sssd-softhsm2-certs-ktlLbD/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 670s + tokens_dir=/tmp/sssd-softhsm2-certs-ktlLbD/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 670s + token_name='Test Organization Sub Int Token' 670s + '[' '!' -e /tmp/sssd-softhsm2-certs-ktlLbD/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 670s + local key_file 670s + local decrypted_key 670s + mkdir -p /tmp/sssd-softhsm2-certs-ktlLbD/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 670s + key_file=/tmp/sssd-softhsm2-certs-ktlLbD/test-sub-intermediate-CA-trusted-certificate-0001-key.pem 670s + decrypted_key=/tmp/sssd-softhsm2-certs-ktlLbD/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 670s + cat 670s + softhsm2-util --init-token --label 'Test Organization Sub Int Token' --pin 123456 --so-pin 123456 --free 670s Slot 0 has a free/uninitialized token. 670s The token has been initialized and is reassigned to slot 851421702 670s + softhsm2-util --show-slots 670s Available slots: 670s Slot 851421702 670s Slot info: 670s Description: SoftHSM slot ID 0x32bfaa06 670s Manufacturer ID: SoftHSM project 670s Hardware version: 2.6 670s Firmware version: 2.6 670s Token present: yes 670s Token info: 670s Manufacturer ID: SoftHSM project 670s Model: SoftHSM v2 670s Hardware version: 2.6 670s Firmware version: 2.6 670s Serial number: dc82e00eb2bfaa06 670s Initialized: yes 670s User PIN init.: yes 670s Label: Test Organization Sub Int Token 670s Slot 1 670s Slot info: 670s Description: SoftHSM slot ID 0x1 670s Manufacturer ID: SoftHSM project 670s Hardware version: 2.6 670s Firmware version: 2.6 670s Token present: yes 670s Token info: 670s Manufacturer ID: SoftHSM project 670s Model: SoftHSM v2 670s Hardware version: 2.6 670s Firmware version: 2.6 670s Serial number: 670s Initialized: no 670s User PIN init.: no 670s Label: 670s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=/tmp/sssd-softhsm2-certs-ktlLbD/test-sub-intermediate-CA-trusted-certificate-0001.pem --login --set-pin=123456 --label 'Test Organization Sub Intermediate Trusted Certificate 0001' --id 00112233445566778899FFAABBCCDDEEFF012345 670s + openssl rsa -passin pass:random-sub-intermediate-ca-trusted-cert-0001-19853 -in /tmp/sssd-softhsm2-certs-ktlLbD/test-sub-intermediate-CA-trusted-certificate-0001-key.pem -out /tmp/sssd-softhsm2-certs-ktlLbD/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 670s writing RSA key 670s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --write --load-privkey=/tmp/sssd-softhsm2-certs-ktlLbD/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem --login --set-pin=123456 --label 'Test Organization Sub Intermediate Trusted Certificate 0001 Key' --id 00112233445566778899FFAABBCCDDEEFF012345 670s + rm /tmp/sssd-softhsm2-certs-ktlLbD/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 670s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --list-all 670s Object 0: 670s URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=dc82e00eb2bfaa06;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert 670s Type: X.509 Certificate (RSA-1024) 670s Expires: Thu Mar 20 04:53:56 2025 670s Label: Test Organization Sub Intermediate Trusted Certificate 0001 670s ID: 00:11:22:33:44:55:66:77:88:99:ff:aa:bb:cc:dd:ee:ff:01:23:45 670s 670s + echo 'Test Organization Sub Int Token' 670s + echo 'Certificates generation completed!' 670s Test Organization Sub Int Token 670s + exit 0 670s Certificates generation completed! 670s + find /tmp/sssd-softhsm2-certs-ktlLbD -type d -exec chmod 777 '{}' ';' 670s + find /tmp/sssd-softhsm2-certs-ktlLbD -type f -exec chmod 666 '{}' ';' 671s + backup_file /etc/sssd/sssd.conf 671s + '[' -z '' ']' 671s ++ mktemp -d -t sssd-softhsm2-backups-XXXXXX 671s + backupsdir=/tmp/sssd-softhsm2-backups-MLKnA9 671s + '[' -e /etc/sssd/sssd.conf ']' 671s + delete_paths+=("$1") 671s + rm -f /etc/sssd/sssd.conf 671s ++ runuser -u ubuntu -- sh -c 'echo ~' 671s + user_home=/home/ubuntu 671s + mkdir -p /home/ubuntu 671s + chown ubuntu:ubuntu /home/ubuntu 671s ++ runuser -u ubuntu -- sh -c 'echo ${XDG_CONFIG_HOME:-~/.config}' 671s + user_config=/home/ubuntu/.config 671s + system_config=/etc 671s + softhsm2_conf_paths=("${AUTOPKGTEST_NORMAL_USER}:$user_config/softhsm2/softhsm2.conf" "root:$system_config/softhsm/softhsm2.conf") 671s + for path_pair in "${softhsm2_conf_paths[@]}" 671s + IFS=: 671s + read -r -a path 671s + path=/home/ubuntu/.config/softhsm2/softhsm2.conf 671s + backup_file /home/ubuntu/.config/softhsm2/softhsm2.conf 671s + '[' -z /tmp/sssd-softhsm2-backups-MLKnA9 ']' 671s + '[' -e /home/ubuntu/.config/softhsm2/softhsm2.conf ']' 671s + delete_paths+=("$1") 671s + rm -f /home/ubuntu/.config/softhsm2/softhsm2.conf 671s + for path_pair in "${softhsm2_conf_paths[@]}" 671s + IFS=: 671s + read -r -a path 671s + path=/etc/softhsm/softhsm2.conf 671s + backup_file /etc/softhsm/softhsm2.conf 671s + '[' -z /tmp/sssd-softhsm2-backups-MLKnA9 ']' 671s + '[' -e /etc/softhsm/softhsm2.conf ']' 671s ++ dirname /etc/softhsm/softhsm2.conf 671s + local back_dir=/tmp/sssd-softhsm2-backups-MLKnA9//etc/softhsm 671s ++ basename /etc/softhsm/softhsm2.conf 671s + local back_path=/tmp/sssd-softhsm2-backups-MLKnA9//etc/softhsm/softhsm2.conf 671s + '[' '!' -e /tmp/sssd-softhsm2-backups-MLKnA9//etc/softhsm/softhsm2.conf ']' 671s + mkdir -p /tmp/sssd-softhsm2-backups-MLKnA9//etc/softhsm 671s + cp -a /etc/softhsm/softhsm2.conf /tmp/sssd-softhsm2-backups-MLKnA9//etc/softhsm/softhsm2.conf 671s + restore_paths+=("$back_path") 671s + rm -f /etc/softhsm/softhsm2.conf 671s + test_authentication login /tmp/sssd-softhsm2-certs-ktlLbD/softhsm2-test-root-CA-trusted-certificate-0001.conf /tmp/sssd-softhsm2-certs-ktlLbD/test-full-chain-CA.pem 671s + pam_service=login 671s + certificate_config=/tmp/sssd-softhsm2-certs-ktlLbD/softhsm2-test-root-CA-trusted-certificate-0001.conf 671s + ca_db=/tmp/sssd-softhsm2-certs-ktlLbD/test-full-chain-CA.pem 671s + verification_options= 671s + mkdir -p -m 700 /etc/sssd 671s Using CA DB '/tmp/sssd-softhsm2-certs-ktlLbD/test-full-chain-CA.pem' with verification options: '' 671s + echo 'Using CA DB '\''/tmp/sssd-softhsm2-certs-ktlLbD/test-full-chain-CA.pem'\'' with verification options: '\'''\''' 671s + cat 671s + chmod 600 /etc/sssd/sssd.conf 671s + for path_pair in "${softhsm2_conf_paths[@]}" 671s + IFS=: 671s + read -r -a path 671s + user=ubuntu 671s + path=/home/ubuntu/.config/softhsm2/softhsm2.conf 671s ++ dirname /home/ubuntu/.config/softhsm2/softhsm2.conf 671s + runuser -u ubuntu -- mkdir -p /home/ubuntu/.config/softhsm2 671s + runuser -u ubuntu -- ln -sf /tmp/sssd-softhsm2-certs-ktlLbD/softhsm2-test-root-CA-trusted-certificate-0001.conf /home/ubuntu/.config/softhsm2/softhsm2.conf 671s + runuser -u ubuntu -- softhsm2-util --show-slots 671s + grep 'Test Organization' 671s Label: Test Organization Root Tr Token 671s + for path_pair in "${softhsm2_conf_paths[@]}" 671s + IFS=: 671s + read -r -a path 671s + user=root 671s + path=/etc/softhsm/softhsm2.conf 671s ++ dirname /etc/softhsm/softhsm2.conf 671s + runuser -u root -- mkdir -p /etc/softhsm 671s + runuser -u root -- ln -sf /tmp/sssd-softhsm2-certs-ktlLbD/softhsm2-test-root-CA-trusted-certificate-0001.conf /etc/softhsm/softhsm2.conf 671s + grep 'Test Organization' 671s + runuser -u root -- softhsm2-util --show-slots 671s Label: Test Organization Root Tr Token 671s + systemctl restart sssd 672s + pam-auth-update --disable sss-smart-card-optional sss-smart-card-required 673s + for alternative in "${alternative_pam_configs[@]}" 673s + pam-auth-update --enable sss-smart-card-optional 673s + cat /etc/pam.d/common-auth 673s # 673s # /etc/pam.d/common-auth - authentication settings common to all services 673s # 673s # This file is included from other service-specific PAM config files, 673s # and should contain a list of the authentication modules that define 673s # the central authentication scheme for use on the system 673s # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the 673s # traditional Unix authentication mechanisms. 673s # 673s # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. 673s # To take advantage of this, it is recommended that you configure any 673s # local modules either before or after the default block, and use 673s # pam-auth-update to manage selection of other modules. See 673s # pam-auth-update(8) for details. 673s 673s # here are the per-package modules (the "Primary" block) 673s auth [success=3 default=ignore] pam_sss.so allow_missing_name try_cert_auth 673s auth [success=2 default=ignore] pam_unix.so nullok try_first_pass 673s auth [success=1 default=ignore] pam_sss.so use_first_pass 673s # here's the fallback if no module succeeds 673s auth requisite pam_deny.so 673s # prime the stack with a positive return value if there isn't one already; 673s # this avoids us returning an error just because nothing sets a success code 673s # since the modules above will each just jump around 673s auth required pam_permit.so 673s # and here are more per-package modules (the "Additional" block) 673s auth optional pam_cap.so 673s # end of pam-auth-update config 673s + echo -n -e 123456 673s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 674s pamtester: invoking pam_start(login, ubuntu, ...) 674s pamtester: performing operation - authenticate 674s PIN for Test Organization Root Tr Token: pamtester: successfully authenticated 674s + echo -n -e 123456 674s + runuser -u ubuntu -- pamtester -v login '' authenticate 674s pamtester: invoking pam_start(login, , ...) 674s pamtester: performing operation - authenticate 674s PIN for Test Organization Root Tr Token: pamtester: successfully authenticated 674s + echo -n -e wrong123456 674s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 674s pamtester: invoking pam_start(login, ubuntu, ...) 674s pamtester: performing operation - authenticate 677s PIN for Test Organization Root Tr Token: Password: pamtester: Authentication failure 677s + echo -n -e wrong123456 677s + runuser -u ubuntu -- pamtester -v login '' authenticate 677s pamtester: invoking pam_start(login, , ...) 677s pamtester: performing operation - authenticate 680s PIN for Test Organization Root Tr Token: Password: pamtester: Authentication failure 680s + pamtester -v login root authenticate 680s + echo -n -e 123456 680s pamtester: invoking pam_start(login, root, ...) 680s pamtester: performing operation - authenticate 683s Password: pamtester: Authentication failure 683s + for alternative in "${alternative_pam_configs[@]}" 683s + pam-auth-update --enable sss-smart-card-required 684s PAM configuration 684s ----------------- 684s 684s Incompatible PAM profiles selected. 684s 684s The following PAM profiles cannot be used together: 684s 684s SSS required smart card authentication, SSS optional smart card 684s authentication 684s 684s Please select a different set of modules to enable. 684s 684s + cat /etc/pam.d/common-auth 684s # 684s # /etc/pam.d/common-auth - authentication settings common to all services 684s # 684s # This file is included from other service-specific PAM config files, 684s # and should contain a list of the authentication modules that define 684s # the central authentication scheme for use on the system 684s # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the 684s # traditional Unix authentication mechanisms. 684s # 684s # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. 684s # To take advantage of this, it is recommended that you configure any 684s # local modules either before or after the default block, and use 684s # pam-auth-update to manage selection of other modules. See 684s # pam-auth-update(8) for details. 684s 684s # here are the per-package modules (the "Primary" block) 684s auth [success=3 ignore=ignore default=die] pam_sss.so allow_missing_name require_cert_auth 684s auth [success=2 default=ignore] pam_unix.so nullok try_first_pass 684s auth [success=1 default=ignore] pam_sss.so use_first_pass 684s # here's the fallback if no module succeeds 684s auth requisite pam_deny.so 684s # prime the stack with a positive return value if there isn't one already; 684s # this avoids us returning an error just because nothing sets a success code 684s # since the modules above will each just jump around 684s auth required pam_permit.so 684s # and here are more per-package modules (the "Additional" block) 684s auth optional pam_cap.so 684s # end of pam-auth-update config 684s + echo -n -e 123456 684s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 684s pamtester: invoking pam_start(login, ubuntu, ...) 684s pamtester: performing operation - authenticate 684s PIN for Test Organization Root Tr Token: pamtester: successfully authenticated 684s + echo -n -e 123456 684s + runuser -u ubuntu -- pamtester -v login '' authenticate 684s pamtester: invoking pam_start(login, , ...) 684s pamtester: performing operation - authenticate 684s PIN for Test Organization Root Tr Token: pamtester: successfully authenticated 684s + echo -n -e wrong123456 684s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 684s pamtester: invoking pam_start(login, ubuntu, ...) 684s pamtester: performing operation - authenticate 688s PIN for Test Organization Root Tr Token: pamtester: Authentication failure 688s + echo -n -e wrong123456 688s + runuser -u ubuntu -- pamtester -v login '' authenticate 688s pamtester: invoking pam_start(login, , ...) 688s pamtester: performing operation - authenticate 691s PIN for Test Organization Root Tr Token: pamtester: Authentication failure 691s + echo -n -e 123456 691s + pamtester -v login root authenticate 691s pamtester: invoking pam_start(login, root, ...) 691s pamtester: performing operation - authenticate 695s pamtester: Authentication service cannot retrieve authentication info 695s + test_authentication login /tmp/sssd-softhsm2-certs-ktlLbD/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf /tmp/sssd-softhsm2-certs-ktlLbD/test-full-chain-CA.pem 695s + pam_service=login 695s + certificate_config=/tmp/sssd-softhsm2-certs-ktlLbD/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 695s + ca_db=/tmp/sssd-softhsm2-certs-ktlLbD/test-full-chain-CA.pem 695s + verification_options= 695s + mkdir -p -m 700 /etc/sssd 695s Using CA DB '/tmp/sssd-softhsm2-certs-ktlLbD/test-full-chain-CA.pem' with verification options: '' 695s + echo 'Using CA DB '\''/tmp/sssd-softhsm2-certs-ktlLbD/test-full-chain-CA.pem'\'' with verification options: '\'''\''' 695s + cat 695s + chmod 600 /etc/sssd/sssd.conf 695s + for path_pair in "${softhsm2_conf_paths[@]}" 695s + IFS=: 695s + read -r -a path 695s + user=ubuntu 695s + path=/home/ubuntu/.config/softhsm2/softhsm2.conf 695s ++ dirname /home/ubuntu/.config/softhsm2/softhsm2.conf 695s + runuser -u ubuntu -- mkdir -p /home/ubuntu/.config/softhsm2 695s + runuser -u ubuntu -- ln -sf /tmp/sssd-softhsm2-certs-ktlLbD/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf /home/ubuntu/.config/softhsm2/softhsm2.conf 695s + runuser -u ubuntu -- softhsm2-util --show-slots 695s + grep 'Test Organization' 695s Label: Test Organization Sub Int Token 695s + for path_pair in "${softhsm2_conf_paths[@]}" 695s + IFS=: 695s + read -r -a path 695s + user=root 695s + path=/etc/softhsm/softhsm2.conf 695s ++ dirname /etc/softhsm/softhsm2.conf 695s + runuser -u root -- mkdir -p /etc/softhsm 695s + runuser -u root -- ln -sf /tmp/sssd-softhsm2-certs-ktlLbD/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf /etc/softhsm/softhsm2.conf 695s + runuser -u root -- softhsm2-util --show-slots 695s + grep 'Test Organization' 695s Label: Test Organization Sub Int Token 695s + systemctl restart sssd 696s + pam-auth-update --disable sss-smart-card-optional sss-smart-card-required 697s + for alternative in "${alternative_pam_configs[@]}" 697s + pam-auth-update --enable sss-smart-card-optional 698s + cat /etc/pam.d/common-auth 698s # 698s # /etc/pam.d/common-auth - authentication settings common to all services 698s # 698s # This file is included from other service-specific PAM config files, 698s # and should contain a list of the authentication modules that define 698s # the central authentication scheme for use on the system 698s # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the 698s # traditional Unix authentication mechanisms. 698s # 698s # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. 698s # To take advantage of this, it is recommended that you configure any 698s # local modules either before or after the default block, and use 698s # pam-auth-update to manage selection of other modules. See 698s # pam-auth-update(8) for details. 698s 698s # here are the per-package modules (the "Primary" block) 698s auth [success=3 default=ignore] pam_sss.so allow_missing_name try_cert_auth 698s auth [success=2 default=ignore] pam_unix.so nullok try_first_pass 698s auth [success=1 default=ignore] pam_sss.so use_first_pass 698s # here's the fallback if no module succeeds 698s auth requisite pam_deny.so 698s # prime the stack with a positive return value if there isn't one already; 698s # this avoids us returning an error just because nothing sets a success code 698s # since the modules above will each just jump around 698s auth required pam_permit.so 698s # and here are more per-package modules (the "Additional" block) 698s auth optional pam_cap.so 698s # end of pam-auth-update config 698s + echo -n -e 123456 698s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 698s pamtester: invoking pam_start(login, ubuntu, ...) 698s pamtester: performing operation - authenticate 698s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 698s + echo -n -e 123456 698s + runuser -u ubuntu -- pamtester -v login '' authenticate 698s pamtester: invoking pam_start(login, , ...) 698s pamtester: performing operation - authenticate 698s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 698s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 698s + echo -n -e wrong123456 698s pamtester: invoking pam_start(login, ubuntu, ...) 698s pamtester: performing operation - authenticate 701s PIN for Test Organization Sub Int Token: Password: pamtester: Authentication failure 701s + echo -n -e wrong123456 701s + runuser -u ubuntu -- pamtester -v login '' authenticate 701s pamtester: invoking pam_start(login, , ...) 701s pamtester: performing operation - authenticate 704s PIN for Test Organization Sub Int Token: Password: pamtester: Authentication failure 704s + echo -n -e 123456 704s + pamtester -v login root authenticate 704s pamtester: invoking pam_start(login, root, ...) 704s pamtester: performing operation - authenticate 707s Password: pamtester: Authentication failure 707s + for alternative in "${alternative_pam_configs[@]}" 707s + pam-auth-update --enable sss-smart-card-required 707s PAM configuration 707s ----------------- 707s 707s Incompatible PAM profiles selected. 707s 707s The following PAM profiles cannot be used together: 707s 707s SSS required smart card authentication, SSS optional smart card 707s authentication 707s 707s Please select a different set of modules to enable. 707s 707s + cat /etc/pam.d/common-auth 707s # 707s # /etc/pam.d/common-auth - authentication settings common to all services 707s # 707s # This file is included from other service-specific PAM config files, 707s # and should contain a list of the authentication modules that define 707s # the central authentication scheme for use on the system 707s # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the 707s # traditional Unix authentication mechanisms. 707s # 707s # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. 707s # To take advantage of this, it is recommended that you configure any 707s # local modules either before or after the default block, and use 707s # pam-auth-update to manage selection of other modules. See 707s # pam-auth-update(8) for details. 707s 707s # here are the per-package modules (the "Primary" block) 707s auth [success=3 ignore=ignore default=die] pam_sss.so allow_missing_name require_cert_auth 707s auth [success=2 default=ignore] pam_unix.so nullok try_first_pass 707s auth [success=1 default=ignore] pam_sss.so use_first_pass 707s # here's the fallback if no module succeeds 707s auth requisite pam_deny.so 707s # prime the stack with a positive return value if there isn't one already; 707s # this avoids us returning an error just because nothing sets a success code 707s # since the modules above will each just jump around 707s auth required pam_permit.so 707s # and here are more per-package modules (the "Additional" block) 707s auth optional pam_cap.so 707s # end of pam-auth-update config 707s + echo -n -e 123456 707s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 707s pamtester: invoking pam_start(login, ubuntu, ...) 707s pamtester: performing operation - authenticate 708s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 708s + echo -n -e 123456 708s + runuser -u ubuntu -- pamtester -v login '' authenticate 708s pamtester: invoking pam_start(login, , ...) 708s pamtester: performing operation - authenticate 708s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 708s + echo -n -e wrong123456 708s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 708s pamtester: invoking pam_start(login, ubuntu, ...) 708s pamtester: performing operation - authenticate 711s PIN for Test Organization Sub Int Token: pamtester: Authentication failure 711s + echo -n -e wrong123456 711s + runuser -u ubuntu -- pamtester -v login '' authenticate 711s pamtester: invoking pam_start(login, , ...) 711s pamtester: performing operation - authenticate 714s PIN for Test Organization Sub Int Token: pamtester: Authentication failure 714s + pamtester -v login root authenticate 714s + echo -n -e 123456 714s pamtester: invoking pam_start(login, root, ...) 714s pamtester: performing operation - authenticate 717s pamtester: Authentication service cannot retrieve authentication info 717s + test_authentication login /tmp/sssd-softhsm2-certs-ktlLbD/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf /tmp/sssd-softhsm2-certs-ktlLbD/test-sub-intermediate-CA.pem partial_chain 717s + pam_service=login 717s + certificate_config=/tmp/sssd-softhsm2-certs-ktlLbD/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 717s + ca_db=/tmp/sssd-softhsm2-certs-ktlLbD/test-sub-intermediate-CA.pem 717s + verification_options=partial_chain 717s + mkdir -p -m 700 /etc/sssd 717s + echo 'Using CA DB '\''/tmp/sssd-softhsm2-certs-ktlLbD/test-sub-intermediate-CA.pem'\'' with verification options: '\''partial_chain'\''' 717s Using CA DB '/tmp/sssd-softhsm2-certs-ktlLbD/test-sub-intermediate-CA.pem' with verification options: 'partial_chain' 717s + cat 717s + chmod 600 /etc/sssd/sssd.conf 717s + for path_pair in "${softhsm2_conf_paths[@]}" 717s + IFS=: 717s + read -r -a path 717s + user=ubuntu 717s + path=/home/ubuntu/.config/softhsm2/softhsm2.conf 717s ++ dirname /home/ubuntu/.config/softhsm2/softhsm2.conf 717s + runuser -u ubuntu -- mkdir -p /home/ubuntu/.config/softhsm2 717s + runuser -u ubuntu -- ln -sf /tmp/sssd-softhsm2-certs-ktlLbD/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf /home/ubuntu/.config/softhsm2/softhsm2.conf 717s + runuser -u ubuntu -- softhsm2-util --show-slots 717s + grep 'Test Organization' 717s Label: Test Organization Sub Int Token 717s + for path_pair in "${softhsm2_conf_paths[@]}" 717s + IFS=: 717s + read -r -a path 717s + user=root 717s + path=/etc/softhsm/softhsm2.conf 717s ++ dirname /etc/softhsm/softhsm2.conf 717s + runuser -u root -- mkdir -p /etc/softhsm 718s + runuser -u root -- ln -sf /tmp/sssd-softhsm2-certs-ktlLbD/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf /etc/softhsm/softhsm2.conf 718s + runuser -u root -- softhsm2-util --show-slots 718s + grep 'Test Organization' 720s Label: Test Organization Sub Int Token 721s + systemctl restart sssd 721s + pam-auth-update --disable sss-smart-card-optional sss-smart-card-required 721s + for alternative in "${alternative_pam_configs[@]}" 721s + pam-auth-update --enable sss-smart-card-optional 721s + cat /etc/pam.d/common-auth 721s # 721s # /etc/pam.d/common-auth - authentication settings common to all services 721s # 721s # This file is included from other service-specific PAM config files, 721s # and should contain a list of the authentication modules that define 721s # the central authentication scheme for use on the system 721s # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the 721s # traditional Unix authentication mechanisms. 721s # 721s # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. 721s # To take advantage of this, it is recommended that you configure any 721s # local modules either before or after the default block, and use 721s # pam-auth-update to manage selection of other modules. See 721s # pam-auth-update(8) for details. 721s 721s # here are the per-package modules (the "Primary" block) 721s auth [success=3 default=ignore] pam_sss.so allow_missing_name try_cert_auth 721s auth [success=2 default=ignore] pam_unix.so nullok try_first_pass 721s auth [success=1 default=ignore] pam_sss.so use_first_pass 721s # here's the fallback if no module succeeds 721s auth requisite pam_deny.so 721s # prime the stack with a positive return value if there isn't one already; 721s # this avoids us returning an error just because nothing sets a success code 721s # since the modules above will each just jump around 721s auth required pam_permit.so 721s # and here are more per-package modules (the "Additional" block) 721s auth optional pam_cap.so 721s # end of pam-auth-update config 721s + echo -n -e 123456 721s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 721s pamtester: invoking pam_start(login, ubuntu, ...) 721s pamtester: performing operation - authenticate 721s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 721s + echo -n -e 123456 721s + runuser -u ubuntu -- pamtester -v login '' authenticate 721s pamtester: invoking pam_start(login, , ...) 721s pamtester: performing operation - authenticate 721s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 722s + echo -n -e wrong123456 722s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 722s pamtester: invoking pam_start(login, ubuntu, ...) 722s pamtester: performing operation - authenticate 725s PIN for Test Organization Sub Int Token: Password: pamtester: Authentication failure 725s + echo -n -e wrong123456 725s + runuser -u ubuntu -- pamtester -v login '' authenticate 726s pamtester: invoking pam_start(login, , ...) 726s pamtester: performing operation - authenticate 729s PIN for Test Organization Sub Int Token: Password: pamtester: Authentication failure 729s + echo -n -e 123456 729s + pamtester -v login root authenticate 729s pamtester: invoking pam_start(login, root, ...) 729s pamtester: performing operation - authenticate 732s Password: pamtester: Authentication failure 732s + for alternative in "${alternative_pam_configs[@]}" 732s + pam-auth-update --enable sss-smart-card-required 732s PAM configuration 732s ----------------- 732s 732s Incompatible PAM profiles selected. 732s 732s The following PAM profiles cannot be used together: 732s 732s SSS required smart card authentication, SSS optional smart card 732s authentication 732s 732s Please select a different set of modules to enable. 732s 732s + cat /etc/pam.d/common-auth 733s # 733s # /etc/pam.d/common-auth - authentication settings common to all services 733s # 733s # This file is included from other service-specific PAM config files, 733s # and should contain a list of the authentication modules that define 733s # the central authentication scheme for use on the system 733s # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the 733s # traditional Unix authentication mechanisms. 733s # 733s # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. 733s # To take advantage of this, it is recommended that you configure any 733s # local modules either before or after the default block, and use 733s # pam-auth-update to manage selection of other modules. See 733s # pam-auth-update(8) for details. 733s 733s # here are the per-package modules (the "Primary" block) 733s auth [success=3 ignore=ignore default=die] pam_sss.so allow_missing_name require_cert_auth 733s auth [success=2 default=ignore] pam_unix.so nullok try_first_pass 733s auth [success=1 default=ignore] pam_sss.so use_first_pass 733s # here's the fallback if no module succeeds 733s auth requisite pam_deny.so 733s # prime the stack with a positive return value if there isn't one already; 733s # this avoids us returning an error just because nothing sets a success code 733s # since the modules above will each just jump around 733s auth required pam_permit.so 733s # and here are more per-package modules (the "Additional" block) 733s auth optional pam_cap.so 733s # end of pam-auth-update config 733s + echo -n -e 123456 733s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 733s pamtester: invoking pam_start(login, ubuntu, ...) 733s pamtester: performing operation - authenticate 733s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 733s + echo -n -e 123456 733s + runuser -u ubuntu -- pamtester -v login '' authenticate 733s pamtester: invoking pam_start(login, , ...) 733s pamtester: performing operation - authenticate 733s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 733s + echo -n -e wrong123456 733s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 733s pamtester: invoking pam_start(login, ubuntu, ...) 733s pamtester: performing operation - authenticate 736s PIN for Test Organization Sub Int Token: pamtester: Authentication failure 737s + echo -n -e wrong123456 737s + runuser -u ubuntu -- pamtester -v login '' authenticate 737s pamtester: invoking pam_start(login, , ...) 737s pamtester: performing operation - authenticate 739s PIN for Test Organization Sub Int Token: pamtester: Authentication failure 739s + echo -n -e 123456 739s + pamtester -v login root authenticate 739s pamtester: invoking pam_start(login, root, ...) 739s pamtester: performing operation - authenticate 743s pamtester: Authentication service cannot retrieve authentication info 743s + handle_exit 743s + exit_code=0 743s + restore_changes 743s + for path in "${restore_paths[@]}" 743s + local original_path 743s ++ realpath --strip --relative-base=/tmp/sssd-softhsm2-backups-MLKnA9 /tmp/sssd-softhsm2-backups-MLKnA9//etc/softhsm/softhsm2.conf 743s + original_path=/etc/softhsm/softhsm2.conf 743s + rm /etc/softhsm/softhsm2.conf 743s + mv /tmp/sssd-softhsm2-backups-MLKnA9//etc/softhsm/softhsm2.conf /etc/softhsm/softhsm2.conf 743s + for path in "${delete_paths[@]}" 743s + rm -f /etc/sssd/sssd.conf 743s + for path in "${delete_paths[@]}" 743s + rm -f /home/ubuntu/.config/softhsm2/softhsm2.conf 743s + pam-auth-update --disable sss-smart-card-optional sss-smart-card-required 743s + '[' -e /etc/sssd/sssd.conf ']' 743s + systemctl stop sssd 743s + '[' -e /etc/softhsm/softhsm2.conf ']' 743s + chmod 600 /etc/softhsm/softhsm2.conf 743s + rm -rf /tmp/sssd-softhsm2-certs-ktlLbD 743s + '[' 0 = 0 ']' 743s + rm -rf /tmp/sssd-softhsm2-backups-MLKnA9 743s + set +x 743s Script completed successfully! 744s autopkgtest [04:55:11]: test sssd-smart-card-pam-auth-configs: -----------------------] 745s autopkgtest [04:55:12]: test sssd-smart-card-pam-auth-configs: - - - - - - - - - - results - - - - - - - - - - 745s sssd-smart-card-pam-auth-configs PASS 745s autopkgtest [04:55:12]: @@@@@@@@@@@@@@@@@@@@ summary 745s ldap-user-group-ldap-auth PASS 745s ldap-user-group-krb5-auth PASS 745s sssd-softhism2-certificates-tests.sh PASS 745s sssd-smart-card-pam-auth-configs PASS 757s Creating nova instance adt-noble-arm64-sssd-20240320-044247-juju-7f2275-prod-proposed-migration-environment-2 from image adt/ubuntu-noble-arm64-server-20240319.img (UUID bfed3386-9aa1-4bc1-82f0-b2c10d5a6a9e)... 757s Creating nova instance adt-noble-arm64-sssd-20240320-044247-juju-7f2275-prod-proposed-migration-environment-2 from image adt/ubuntu-noble-arm64-server-20240319.img (UUID bfed3386-9aa1-4bc1-82f0-b2c10d5a6a9e)...