0s autopkgtest [17:50:49]: starting date and time: 2024-03-21 17:50:49+0000 0s autopkgtest [17:50:49]: git checkout: 4a1cd702 l/adt_testbed: don't blame the testbed for unsolvable build deps 0s autopkgtest [17:50:49]: host juju-7f2275-prod-proposed-migration-environment-2; command line: /home/ubuntu/autopkgtest/runner/autopkgtest --output-dir /tmp/autopkgtest-work.bd50dw0k/out --timeout-copy=6000 --setup-commands /home/ubuntu/autopkgtest-cloud/worker-config-production/setup-canonical.sh --setup-commands /home/ubuntu/autopkgtest/setup-commands/setup-testbed --apt-pocket=proposed=src:cyrus-sasl2,src:db5.3,src:heimdal,src:openssl --apt-upgrade sssd --timeout-short=300 --timeout-copy=20000 --timeout-build=20000 '--env=ADT_TEST_TRIGGERS=cyrus-sasl2/2.1.28+dfsg1-5ubuntu1 db5.3/5.3.28+dfsg2-6 heimdal/7.8.git20221117.28daf24+dfsg-5ubuntu2 openssl/3.0.13-0ubuntu2' -- ssh -s /home/ubuntu/autopkgtest/ssh-setup/nova -- --flavor autopkgtest --security-groups autopkgtest-juju-7f2275-prod-proposed-migration-environment-2@bos03-arm64-7.secgroup --name adt-noble-arm64-sssd-20240321-172258-juju-7f2275-prod-proposed-migration-environment-2 --image adt/ubuntu-noble-arm64-server --keyname testbed-juju-7f2275-prod-proposed-migration-environment-2 --net-id=net_prod-proposed-migration -e TERM=linux -e ''"'"'http_proxy=http://squid.internal:3128'"'"'' -e ''"'"'https_proxy=http://squid.internal:3128'"'"'' -e ''"'"'no_proxy=127.0.0.1,127.0.1.1,login.ubuntu.com,localhost,localdomain,novalocal,internal,archive.ubuntu.com,ports.ubuntu.com,security.ubuntu.com,ddebs.ubuntu.com,changelogs.ubuntu.com,launchpadlibrarian.net,launchpadcontent.net,launchpad.net,10.24.0.0/24,keystone.ps5.canonical.com,objectstorage.prodstack5.canonical.com'"'"'' --mirror=http://ftpmaster.internal/ubuntu/ 71s autopkgtest [17:52:00]: testbed dpkg architecture: arm64 71s autopkgtest [17:52:00]: testbed apt version: 2.7.12 71s autopkgtest [17:52:00]: @@@@@@@@@@@@@@@@@@@@ test bed setup 71s Get:1 http://ftpmaster.internal/ubuntu noble-proposed InRelease [117 kB] 72s Get:2 http://ftpmaster.internal/ubuntu noble-proposed/multiverse Sources [53.9 kB] 72s Get:3 http://ftpmaster.internal/ubuntu noble-proposed/main Sources [497 kB] 72s Get:4 http://ftpmaster.internal/ubuntu noble-proposed/restricted Sources [6540 B] 72s Get:5 http://ftpmaster.internal/ubuntu noble-proposed/universe Sources [3765 kB] 72s Get:6 http://ftpmaster.internal/ubuntu noble-proposed/main arm64 Packages [677 kB] 72s Get:7 http://ftpmaster.internal/ubuntu noble-proposed/main arm64 c-n-f Metadata [3144 B] 72s Get:8 http://ftpmaster.internal/ubuntu noble-proposed/restricted arm64 Packages [33.7 kB] 72s Get:9 http://ftpmaster.internal/ubuntu noble-proposed/restricted arm64 c-n-f Metadata [116 B] 72s Get:10 http://ftpmaster.internal/ubuntu noble-proposed/universe arm64 Packages [4184 kB] 72s Get:11 http://ftpmaster.internal/ubuntu noble-proposed/universe arm64 c-n-f Metadata [8528 B] 72s Get:12 http://ftpmaster.internal/ubuntu noble-proposed/multiverse arm64 Packages [67.4 kB] 72s Get:13 http://ftpmaster.internal/ubuntu noble-proposed/multiverse arm64 c-n-f Metadata [116 B] 74s Fetched 9413 kB in 2s (5508 kB/s) 74s Reading package lists... 78s Reading package lists... 79s Building dependency tree... 79s Reading state information... 79s Calculating upgrade... 79s The following packages will be REMOVED: 79s libssl3 79s The following NEW packages will be installed: 79s libssl3t64 79s The following packages have been kept back: 79s libsasl2-2 libsasl2-modules-db 79s The following packages will be upgraded: 79s libsasl2-modules openssl 79s 2 upgraded, 1 newly installed, 1 to remove and 2 not upgraded. 79s Need to get 2847 kB of archives. 79s After this operation, 139 kB of additional disk space will be used. 79s Get:1 http://ftpmaster.internal/ubuntu noble-proposed/main arm64 openssl arm64 3.0.13-0ubuntu2 [985 kB] 80s Get:2 http://ftpmaster.internal/ubuntu noble-proposed/main arm64 libsasl2-modules arm64 2.1.28+dfsg1-5ubuntu1 [69.3 kB] 80s Get:3 http://ftpmaster.internal/ubuntu noble-proposed/main arm64 libssl3t64 arm64 3.0.13-0ubuntu2 [1793 kB] 80s Fetched 2847 kB in 1s (3926 kB/s) 81s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 74820 files and directories currently installed.) 81s Preparing to unpack .../openssl_3.0.13-0ubuntu2_arm64.deb ... 81s Unpacking openssl (3.0.13-0ubuntu2) over (3.0.10-1ubuntu4) ... 81s Preparing to unpack .../libsasl2-modules_2.1.28+dfsg1-5ubuntu1_arm64.deb ... 81s Unpacking libsasl2-modules:arm64 (2.1.28+dfsg1-5ubuntu1) over (2.1.28+dfsg1-4) ... 81s dpkg: libssl3:arm64: dependency problems, but removing anyway as you requested: 81s wget depends on libssl3 (>= 3.0.0). 81s u-boot-tools depends on libssl3 (>= 3.0.0). 81s tnftp depends on libssl3 (>= 3.0.0). 81s tcpdump depends on libssl3 (>= 3.0.0). 81s systemd-resolved depends on libssl3 (>= 3.0.0). 81s systemd depends on libssl3 (>= 3.0.0). 81s sudo depends on libssl3 (>= 3.0.0). 81s sbsigntool depends on libssl3 (>= 3.0.0). 81s rsync depends on libssl3 (>= 3.0.0). 81s python3-cryptography depends on libssl3 (>= 3.0.0). 81s openssh-server depends on libssl3 (>= 3.0.10). 81s openssh-client depends on libssl3 (>= 3.0.10). 81s mtd-utils depends on libssl3 (>= 3.0.0). 81s mokutil depends on libssl3 (>= 3.0.0). 81s linux-headers-6.8.0-11-generic depends on libssl3 (>= 3.0.0). 81s libsystemd-shared:arm64 depends on libssl3 (>= 3.0.0). 81s libssh-4:arm64 depends on libssl3 (>= 3.0.0). 81s libsasl2-2:arm64 depends on libssl3 (>= 3.0.0). 81s libpython3.12-minimal:arm64 depends on libssl3 (>= 3.0.0). 81s libnvme1 depends on libssl3 (>= 3.0.0). 81s libkrb5-3:arm64 depends on libssl3 (>= 3.0.0). 81s libkmod2:arm64 depends on libssl3 (>= 3.0.0). 81s libfido2-1:arm64 depends on libssl3 (>= 3.0.0). 81s libcurl4:arm64 depends on libssl3 (>= 3.0.0). 81s libcryptsetup12:arm64 depends on libssl3 (>= 3.0.0). 81s kmod depends on libssl3 (>= 3.0.0). 81s dhcpcd-base depends on libssl3 (>= 3.0.0). 81s bind9-libs:arm64 depends on libssl3 (>= 3.0.0). 81s 81s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 74820 files and directories currently installed.) 81s Removing libssl3:arm64 (3.0.10-1ubuntu4) ... 81s Selecting previously unselected package libssl3t64:arm64. 81s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 74809 files and directories currently installed.) 81s Preparing to unpack .../libssl3t64_3.0.13-0ubuntu2_arm64.deb ... 81s Unpacking libssl3t64:arm64 (3.0.13-0ubuntu2) ... 81s Setting up libssl3t64:arm64 (3.0.13-0ubuntu2) ... 81s Setting up libsasl2-modules:arm64 (2.1.28+dfsg1-5ubuntu1) ... 81s Setting up openssl (3.0.13-0ubuntu2) ... 81s Processing triggers for man-db (2.12.0-3) ... 82s Processing triggers for libc-bin (2.39-0ubuntu2) ... 82s Reading package lists... 82s Building dependency tree... 82s Reading state information... 83s 0 upgraded, 0 newly installed, 0 to remove and 2 not upgraded. 84s sh: Attempting to set up Debian/Ubuntu apt sources automatically 84s sh: Distribution appears to be Ubuntu 84s Reading package lists... 84s Building dependency tree... 84s Reading state information... 85s eatmydata is already the newest version (131-1). 85s 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 85s Reading package lists... 85s Building dependency tree... 85s Reading state information... 86s dbus is already the newest version (1.14.10-4ubuntu1). 86s 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 86s Reading package lists... 86s Building dependency tree... 86s Reading state information... 86s rng-tools-debian is already the newest version (2.4). 86s 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 86s Reading package lists... 87s Building dependency tree... 87s Reading state information... 87s The following packages will be REMOVED: 87s cloud-init* python3-configobj* python3-debconf* 87s 0 upgraded, 0 newly installed, 3 to remove and 0 not upgraded. 87s After this operation, 3252 kB disk space will be freed. 87s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 74822 files and directories currently installed.) 87s Removing cloud-init (24.1.1-0ubuntu1) ... 88s Removing python3-configobj (5.0.8-3) ... 88s Removing python3-debconf (1.5.86) ... 88s Processing triggers for man-db (2.12.0-3) ... 88s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 74433 files and directories currently installed.) 88s Purging configuration files for cloud-init (24.1.1-0ubuntu1) ... 89s dpkg: warning: while removing cloud-init, directory '/etc/cloud/cloud.cfg.d' not empty so not removed 89s Processing triggers for rsyslog (8.2312.0-3ubuntu3) ... 89s invoke-rc.d: policy-rc.d denied execution of try-restart. 89s Reading package lists... 89s Building dependency tree... 89s Reading state information... 90s linux-generic is already the newest version (6.8.0-11.11+1). 90s 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 90s Hit:1 http://ftpmaster.internal/ubuntu noble InRelease 90s Hit:2 http://ftpmaster.internal/ubuntu noble-updates InRelease 90s Hit:3 http://ftpmaster.internal/ubuntu noble-security InRelease 92s Reading package lists... 92s Reading package lists... 93s Building dependency tree... 93s Reading state information... 93s Calculating upgrade... 93s 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 93s Reading package lists... 94s Building dependency tree... 94s Reading state information... 94s 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 94s autopkgtest [17:52:23]: rebooting testbed after setup commands that affected boot 123s autopkgtest [17:52:52]: testbed running kernel: Linux 6.8.0-11-generic #11-Ubuntu SMP PREEMPT_DYNAMIC Wed Feb 14 02:53:31 UTC 2024 126s autopkgtest [17:52:55]: @@@@@@@@@@@@@@@@@@@@ apt-source sssd 146s Get:1 http://ftpmaster.internal/ubuntu noble/main sssd 2.9.4-1ubuntu1 (dsc) [5269 B] 146s Get:2 http://ftpmaster.internal/ubuntu noble/main sssd 2.9.4-1ubuntu1 (tar) [7983 kB] 146s Get:3 http://ftpmaster.internal/ubuntu noble/main sssd 2.9.4-1ubuntu1 (asc) [833 B] 146s Get:4 http://ftpmaster.internal/ubuntu noble/main sssd 2.9.4-1ubuntu1 (diff) [48.4 kB] 147s gpgv: Signature made Mon Feb 26 21:56:54 2024 UTC 147s gpgv: using RSA key E92FD0B36B14F1F4D8E0EB2F106DA1C8C3CBBF14 147s gpgv: Can't check signature: No public key 147s dpkg-source: warning: cannot verify inline signature for ./sssd_2.9.4-1ubuntu1.dsc: no acceptable signature found 147s autopkgtest [17:53:16]: testing package sssd version 2.9.4-1ubuntu1 150s autopkgtest [17:53:19]: build not needed 152s autopkgtest [17:53:21]: test ldap-user-group-ldap-auth: preparing testbed 164s Reading package lists... 164s Building dependency tree... 164s Reading state information... 165s Starting pkgProblemResolver with broken count: 0 165s Starting 2 pkgProblemResolver with broken count: 0 165s Done 165s The following additional packages will be installed: 165s expect ldap-utils libavahi-client3 libavahi-common-data libavahi-common3 165s libbasicobjects0 libc-ares2 libcollection4 libcrack2 libdhash1 165s libevent-2.1-7 libini-config5 libipa-hbac-dev libipa-hbac0 libjose0 libkrad0 165s libldb2 libltdl7 libnfsidmap1 libnss-sss libnss-sudo libodbc2 165s libpam-pwquality libpam-sss libpath-utils1 libpwquality-common libpwquality1 165s libref-array1 libsmbclient libsss-certmap-dev libsss-certmap0 165s libsss-idmap-dev libsss-idmap0 libsss-nss-idmap-dev libsss-nss-idmap0 165s libsss-sudo libtalloc2 libtcl8.6 libtdb1 libtevent0 libverto-libevent1 165s libverto1 libwbclient0 python3-libipa-hbac python3-libsss-nss-idmap 165s python3-sss samba-libs slapd sssd sssd-ad sssd-ad-common sssd-common 165s sssd-dbus sssd-idp sssd-ipa sssd-kcm sssd-krb5 sssd-krb5-common sssd-ldap 165s sssd-passkey sssd-proxy sssd-tools tcl-expect tcl8.6 165s Suggested packages: 165s tk8.6 libsasl2-modules-gssapi-mit | libsasl2-modules-gssapi-heimdal 165s odbc-postgresql tdsodbc adcli libsasl2-modules-ldap tcl-tclreadline 165s Recommended packages: 165s cracklib-runtime libsasl2-modules-gssapi-mit 165s | libsasl2-modules-gssapi-heimdal 165s The following NEW packages will be installed: 165s autopkgtest-satdep expect ldap-utils libavahi-client3 libavahi-common-data 165s libavahi-common3 libbasicobjects0 libc-ares2 libcollection4 libcrack2 165s libdhash1 libevent-2.1-7 libini-config5 libipa-hbac-dev libipa-hbac0 165s libjose0 libkrad0 libldb2 libltdl7 libnfsidmap1 libnss-sss libnss-sudo 165s libodbc2 libpam-pwquality libpam-sss libpath-utils1 libpwquality-common 165s libpwquality1 libref-array1 libsmbclient libsss-certmap-dev libsss-certmap0 165s libsss-idmap-dev libsss-idmap0 libsss-nss-idmap-dev libsss-nss-idmap0 165s libsss-sudo libtalloc2 libtcl8.6 libtdb1 libtevent0 libverto-libevent1 165s libverto1 libwbclient0 python3-libipa-hbac python3-libsss-nss-idmap 165s python3-sss samba-libs slapd sssd sssd-ad sssd-ad-common sssd-common 165s sssd-dbus sssd-idp sssd-ipa sssd-kcm sssd-krb5 sssd-krb5-common sssd-ldap 165s sssd-passkey sssd-proxy sssd-tools tcl-expect tcl8.6 166s 0 upgraded, 65 newly installed, 0 to remove and 0 not upgraded. 166s Need to get 12.6 MB/12.6 MB of archives. 166s After this operation, 59.9 MB of additional disk space will be used. 166s Get:1 /tmp/autopkgtest.P0n92v/1-autopkgtest-satdep.deb autopkgtest-satdep arm64 0 [864 B] 166s Get:2 http://ftpmaster.internal/ubuntu noble/main arm64 libltdl7 arm64 2.4.7-7 [40.3 kB] 166s Get:3 http://ftpmaster.internal/ubuntu noble/main arm64 libodbc2 arm64 2.3.12-1 [144 kB] 166s Get:4 http://ftpmaster.internal/ubuntu noble/main arm64 slapd arm64 2.6.7+dfsg-1~exp1ubuntu1 [1515 kB] 167s Get:5 http://ftpmaster.internal/ubuntu noble/main arm64 libtcl8.6 arm64 8.6.13+dfsg-2 [980 kB] 167s Get:6 http://ftpmaster.internal/ubuntu noble/main arm64 tcl8.6 arm64 8.6.13+dfsg-2 [14.6 kB] 167s Get:7 http://ftpmaster.internal/ubuntu noble/universe arm64 tcl-expect arm64 5.45.4-2build1 [103 kB] 167s Get:8 http://ftpmaster.internal/ubuntu noble/universe arm64 expect arm64 5.45.4-2build1 [137 kB] 167s Get:9 http://ftpmaster.internal/ubuntu noble/main arm64 ldap-utils arm64 2.6.7+dfsg-1~exp1ubuntu1 [149 kB] 167s Get:10 http://ftpmaster.internal/ubuntu noble/main arm64 libavahi-common-data arm64 0.8-13ubuntu2 [29.5 kB] 167s Get:11 http://ftpmaster.internal/ubuntu noble/main arm64 libavahi-common3 arm64 0.8-13ubuntu2 [23.2 kB] 167s Get:12 http://ftpmaster.internal/ubuntu noble/main arm64 libavahi-client3 arm64 0.8-13ubuntu2 [27.3 kB] 167s Get:13 http://ftpmaster.internal/ubuntu noble/main arm64 libcrack2 arm64 2.9.6-5.1 [28.7 kB] 167s Get:14 http://ftpmaster.internal/ubuntu noble/main arm64 libevent-2.1-7 arm64 2.1.12-stable-9 [138 kB] 168s Get:15 http://ftpmaster.internal/ubuntu noble/universe arm64 libjose0 arm64 11-3 [44.1 kB] 168s Get:16 http://ftpmaster.internal/ubuntu noble/main arm64 libverto-libevent1 arm64 0.3.1-1ubuntu5 [5848 B] 168s Get:17 http://ftpmaster.internal/ubuntu noble/main arm64 libverto1 arm64 0.3.1-1ubuntu5 [10.2 kB] 168s Get:18 http://ftpmaster.internal/ubuntu noble/main arm64 libkrad0 arm64 1.20.1-5build1 [22.1 kB] 168s Get:19 http://ftpmaster.internal/ubuntu noble/main arm64 libtalloc2 arm64 2.4.2-1 [26.6 kB] 168s Get:20 http://ftpmaster.internal/ubuntu noble/main arm64 libtdb1 arm64 1.4.10-1 [48.4 kB] 168s Get:21 http://ftpmaster.internal/ubuntu noble/main arm64 libtevent0 arm64 0.16.1-1 [41.8 kB] 168s Get:22 http://ftpmaster.internal/ubuntu noble/main arm64 libldb2 arm64 2:2.8.0+samba4.19.5+dfsg-1ubuntu1 [187 kB] 168s Get:23 http://ftpmaster.internal/ubuntu noble/main arm64 libnfsidmap1 arm64 1:2.6.3-3ubuntu1 [47.1 kB] 168s Get:24 http://ftpmaster.internal/ubuntu noble/universe arm64 libnss-sudo all 1.9.15p5-3ubuntu1 [14.9 kB] 168s Get:25 http://ftpmaster.internal/ubuntu noble/main arm64 libpwquality-common all 1.4.5-3 [7658 B] 168s Get:26 http://ftpmaster.internal/ubuntu noble/main arm64 libpwquality1 arm64 1.4.5-3 [13.2 kB] 168s Get:27 http://ftpmaster.internal/ubuntu noble/main arm64 libpam-pwquality arm64 1.4.5-3 [11.6 kB] 168s Get:28 http://ftpmaster.internal/ubuntu noble/main arm64 libwbclient0 arm64 2:4.19.5+dfsg-1ubuntu1 [70.6 kB] 168s Get:29 http://ftpmaster.internal/ubuntu noble/main arm64 samba-libs arm64 2:4.19.5+dfsg-1ubuntu1 [6061 kB] 169s Get:30 http://ftpmaster.internal/ubuntu noble/main arm64 libnss-sss arm64 2.9.4-1ubuntu1 [31.7 kB] 169s Get:31 http://ftpmaster.internal/ubuntu noble/main arm64 libpam-sss arm64 2.9.4-1ubuntu1 [48.8 kB] 169s Get:32 http://ftpmaster.internal/ubuntu noble/main arm64 python3-sss arm64 2.9.4-1ubuntu1 [46.5 kB] 169s Get:33 http://ftpmaster.internal/ubuntu noble/main arm64 libc-ares2 arm64 1.27.0-1 [74.1 kB] 169s Get:34 http://ftpmaster.internal/ubuntu noble/main arm64 libdhash1 arm64 0.6.2-2 [8540 B] 169s Get:35 http://ftpmaster.internal/ubuntu noble/main arm64 libbasicobjects0 arm64 0.6.2-2 [5586 B] 169s Get:36 http://ftpmaster.internal/ubuntu noble/main arm64 libcollection4 arm64 0.6.2-2 [23.0 kB] 169s Get:37 http://ftpmaster.internal/ubuntu noble/main arm64 libpath-utils1 arm64 0.6.2-2 [8722 B] 169s Get:38 http://ftpmaster.internal/ubuntu noble/main arm64 libref-array1 arm64 0.6.2-2 [7042 B] 169s Get:39 http://ftpmaster.internal/ubuntu noble/main arm64 libini-config5 arm64 0.6.2-2 [43.7 kB] 169s Get:40 http://ftpmaster.internal/ubuntu noble/main arm64 libsss-certmap0 arm64 2.9.4-1ubuntu1 [45.8 kB] 169s Get:41 http://ftpmaster.internal/ubuntu noble/main arm64 libsss-idmap0 arm64 2.9.4-1ubuntu1 [21.8 kB] 169s Get:42 http://ftpmaster.internal/ubuntu noble/main arm64 libsss-nss-idmap0 arm64 2.9.4-1ubuntu1 [30.3 kB] 169s Get:43 http://ftpmaster.internal/ubuntu noble/main arm64 sssd-common arm64 2.9.4-1ubuntu1 [1147 kB] 169s Get:44 http://ftpmaster.internal/ubuntu noble/universe arm64 sssd-idp arm64 2.9.4-1ubuntu1 [27.9 kB] 169s Get:45 http://ftpmaster.internal/ubuntu noble/universe arm64 sssd-passkey arm64 2.9.4-1ubuntu1 [32.7 kB] 169s Get:46 http://ftpmaster.internal/ubuntu noble/main arm64 sssd-ad-common arm64 2.9.4-1ubuntu1 [75.4 kB] 169s Get:47 http://ftpmaster.internal/ubuntu noble/main arm64 sssd-krb5-common arm64 2.9.4-1ubuntu1 [87.9 kB] 169s Get:48 http://ftpmaster.internal/ubuntu noble/main arm64 libsmbclient arm64 2:4.19.5+dfsg-1ubuntu1 [62.2 kB] 169s Get:49 http://ftpmaster.internal/ubuntu noble/main arm64 sssd-ad arm64 2.9.4-1ubuntu1 [134 kB] 169s Get:50 http://ftpmaster.internal/ubuntu noble/main arm64 libipa-hbac0 arm64 2.9.4-1ubuntu1 [16.7 kB] 169s Get:51 http://ftpmaster.internal/ubuntu noble/main arm64 sssd-ipa arm64 2.9.4-1ubuntu1 [220 kB] 169s Get:52 http://ftpmaster.internal/ubuntu noble/main arm64 sssd-krb5 arm64 2.9.4-1ubuntu1 [14.3 kB] 169s Get:53 http://ftpmaster.internal/ubuntu noble/main arm64 sssd-ldap arm64 2.9.4-1ubuntu1 [31.3 kB] 169s Get:54 http://ftpmaster.internal/ubuntu noble/main arm64 sssd-proxy arm64 2.9.4-1ubuntu1 [44.6 kB] 169s Get:55 http://ftpmaster.internal/ubuntu noble/main arm64 sssd arm64 2.9.4-1ubuntu1 [4120 B] 169s Get:56 http://ftpmaster.internal/ubuntu noble/main arm64 sssd-dbus arm64 2.9.4-1ubuntu1 [103 kB] 169s Get:57 http://ftpmaster.internal/ubuntu noble/universe arm64 sssd-kcm arm64 2.9.4-1ubuntu1 [139 kB] 169s Get:58 http://ftpmaster.internal/ubuntu noble/main arm64 sssd-tools arm64 2.9.4-1ubuntu1 [97.5 kB] 169s Get:59 http://ftpmaster.internal/ubuntu noble/main arm64 libipa-hbac-dev arm64 2.9.4-1ubuntu1 [6660 B] 169s Get:60 http://ftpmaster.internal/ubuntu noble/main arm64 libsss-certmap-dev arm64 2.9.4-1ubuntu1 [5722 B] 169s Get:61 http://ftpmaster.internal/ubuntu noble/main arm64 libsss-idmap-dev arm64 2.9.4-1ubuntu1 [8380 B] 169s Get:62 http://ftpmaster.internal/ubuntu noble/main arm64 libsss-nss-idmap-dev arm64 2.9.4-1ubuntu1 [6714 B] 169s Get:63 http://ftpmaster.internal/ubuntu noble/universe arm64 libsss-sudo arm64 2.9.4-1ubuntu1 [20.4 kB] 169s Get:64 http://ftpmaster.internal/ubuntu noble/universe arm64 python3-libipa-hbac arm64 2.9.4-1ubuntu1 [16.6 kB] 169s Get:65 http://ftpmaster.internal/ubuntu noble/universe arm64 python3-libsss-nss-idmap arm64 2.9.4-1ubuntu1 [9160 B] 170s Preconfiguring packages ... 170s Fetched 12.6 MB in 4s (3248 kB/s) 170s Selecting previously unselected package libltdl7:arm64. 171s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 74378 files and directories currently installed.) 171s Preparing to unpack .../00-libltdl7_2.4.7-7_arm64.deb ... 171s Unpacking libltdl7:arm64 (2.4.7-7) ... 171s Selecting previously unselected package libodbc2:arm64. 171s Preparing to unpack .../01-libodbc2_2.3.12-1_arm64.deb ... 171s Unpacking libodbc2:arm64 (2.3.12-1) ... 171s Selecting previously unselected package slapd. 171s Preparing to unpack .../02-slapd_2.6.7+dfsg-1~exp1ubuntu1_arm64.deb ... 171s Unpacking slapd (2.6.7+dfsg-1~exp1ubuntu1) ... 171s Selecting previously unselected package libtcl8.6:arm64. 171s Preparing to unpack .../03-libtcl8.6_8.6.13+dfsg-2_arm64.deb ... 171s Unpacking libtcl8.6:arm64 (8.6.13+dfsg-2) ... 171s Selecting previously unselected package tcl8.6. 171s Preparing to unpack .../04-tcl8.6_8.6.13+dfsg-2_arm64.deb ... 171s Unpacking tcl8.6 (8.6.13+dfsg-2) ... 171s Selecting previously unselected package tcl-expect:arm64. 171s Preparing to unpack .../05-tcl-expect_5.45.4-2build1_arm64.deb ... 171s Unpacking tcl-expect:arm64 (5.45.4-2build1) ... 171s Selecting previously unselected package expect. 171s Preparing to unpack .../06-expect_5.45.4-2build1_arm64.deb ... 171s Unpacking expect (5.45.4-2build1) ... 171s Selecting previously unselected package ldap-utils. 171s Preparing to unpack .../07-ldap-utils_2.6.7+dfsg-1~exp1ubuntu1_arm64.deb ... 171s Unpacking ldap-utils (2.6.7+dfsg-1~exp1ubuntu1) ... 171s Selecting previously unselected package libavahi-common-data:arm64. 171s Preparing to unpack .../08-libavahi-common-data_0.8-13ubuntu2_arm64.deb ... 171s Unpacking libavahi-common-data:arm64 (0.8-13ubuntu2) ... 171s Selecting previously unselected package libavahi-common3:arm64. 171s Preparing to unpack .../09-libavahi-common3_0.8-13ubuntu2_arm64.deb ... 171s Unpacking libavahi-common3:arm64 (0.8-13ubuntu2) ... 171s Selecting previously unselected package libavahi-client3:arm64. 171s Preparing to unpack .../10-libavahi-client3_0.8-13ubuntu2_arm64.deb ... 171s Unpacking libavahi-client3:arm64 (0.8-13ubuntu2) ... 171s Selecting previously unselected package libcrack2:arm64. 171s Preparing to unpack .../11-libcrack2_2.9.6-5.1_arm64.deb ... 171s Unpacking libcrack2:arm64 (2.9.6-5.1) ... 171s Selecting previously unselected package libevent-2.1-7:arm64. 171s Preparing to unpack .../12-libevent-2.1-7_2.1.12-stable-9_arm64.deb ... 171s Unpacking libevent-2.1-7:arm64 (2.1.12-stable-9) ... 171s Selecting previously unselected package libjose0:arm64. 171s Preparing to unpack .../13-libjose0_11-3_arm64.deb ... 171s Unpacking libjose0:arm64 (11-3) ... 171s Selecting previously unselected package libverto-libevent1:arm64. 171s Preparing to unpack .../14-libverto-libevent1_0.3.1-1ubuntu5_arm64.deb ... 171s Unpacking libverto-libevent1:arm64 (0.3.1-1ubuntu5) ... 171s Selecting previously unselected package libverto1:arm64. 171s Preparing to unpack .../15-libverto1_0.3.1-1ubuntu5_arm64.deb ... 171s Unpacking libverto1:arm64 (0.3.1-1ubuntu5) ... 171s Selecting previously unselected package libkrad0:arm64. 171s Preparing to unpack .../16-libkrad0_1.20.1-5build1_arm64.deb ... 171s Unpacking libkrad0:arm64 (1.20.1-5build1) ... 171s Selecting previously unselected package libtalloc2:arm64. 171s Preparing to unpack .../17-libtalloc2_2.4.2-1_arm64.deb ... 171s Unpacking libtalloc2:arm64 (2.4.2-1) ... 171s Selecting previously unselected package libtdb1:arm64. 171s Preparing to unpack .../18-libtdb1_1.4.10-1_arm64.deb ... 171s Unpacking libtdb1:arm64 (1.4.10-1) ... 172s Selecting previously unselected package libtevent0:arm64. 172s Preparing to unpack .../19-libtevent0_0.16.1-1_arm64.deb ... 172s Unpacking libtevent0:arm64 (0.16.1-1) ... 172s Selecting previously unselected package libldb2:arm64. 172s Preparing to unpack .../20-libldb2_2%3a2.8.0+samba4.19.5+dfsg-1ubuntu1_arm64.deb ... 172s Unpacking libldb2:arm64 (2:2.8.0+samba4.19.5+dfsg-1ubuntu1) ... 172s Selecting previously unselected package libnfsidmap1:arm64. 172s Preparing to unpack .../21-libnfsidmap1_1%3a2.6.3-3ubuntu1_arm64.deb ... 172s Unpacking libnfsidmap1:arm64 (1:2.6.3-3ubuntu1) ... 172s Selecting previously unselected package libnss-sudo. 172s Preparing to unpack .../22-libnss-sudo_1.9.15p5-3ubuntu1_all.deb ... 172s Unpacking libnss-sudo (1.9.15p5-3ubuntu1) ... 172s Selecting previously unselected package libpwquality-common. 172s Preparing to unpack .../23-libpwquality-common_1.4.5-3_all.deb ... 172s Unpacking libpwquality-common (1.4.5-3) ... 172s Selecting previously unselected package libpwquality1:arm64. 172s Preparing to unpack .../24-libpwquality1_1.4.5-3_arm64.deb ... 172s Unpacking libpwquality1:arm64 (1.4.5-3) ... 172s Selecting previously unselected package libpam-pwquality:arm64. 172s Preparing to unpack .../25-libpam-pwquality_1.4.5-3_arm64.deb ... 172s Unpacking libpam-pwquality:arm64 (1.4.5-3) ... 172s Selecting previously unselected package libwbclient0:arm64. 172s Preparing to unpack .../26-libwbclient0_2%3a4.19.5+dfsg-1ubuntu1_arm64.deb ... 172s Unpacking libwbclient0:arm64 (2:4.19.5+dfsg-1ubuntu1) ... 172s Selecting previously unselected package samba-libs:arm64. 172s Preparing to unpack .../27-samba-libs_2%3a4.19.5+dfsg-1ubuntu1_arm64.deb ... 172s Unpacking samba-libs:arm64 (2:4.19.5+dfsg-1ubuntu1) ... 172s Selecting previously unselected package libnss-sss:arm64. 172s Preparing to unpack .../28-libnss-sss_2.9.4-1ubuntu1_arm64.deb ... 172s Unpacking libnss-sss:arm64 (2.9.4-1ubuntu1) ... 172s Selecting previously unselected package libpam-sss:arm64. 172s Preparing to unpack .../29-libpam-sss_2.9.4-1ubuntu1_arm64.deb ... 172s Unpacking libpam-sss:arm64 (2.9.4-1ubuntu1) ... 172s Selecting previously unselected package python3-sss. 172s Preparing to unpack .../30-python3-sss_2.9.4-1ubuntu1_arm64.deb ... 172s Unpacking python3-sss (2.9.4-1ubuntu1) ... 172s Selecting previously unselected package libc-ares2:arm64. 172s Preparing to unpack .../31-libc-ares2_1.27.0-1_arm64.deb ... 172s Unpacking libc-ares2:arm64 (1.27.0-1) ... 172s Selecting previously unselected package libdhash1:arm64. 172s Preparing to unpack .../32-libdhash1_0.6.2-2_arm64.deb ... 172s Unpacking libdhash1:arm64 (0.6.2-2) ... 172s Selecting previously unselected package libbasicobjects0:arm64. 172s Preparing to unpack .../33-libbasicobjects0_0.6.2-2_arm64.deb ... 172s Unpacking libbasicobjects0:arm64 (0.6.2-2) ... 172s Selecting previously unselected package libcollection4:arm64. 172s Preparing to unpack .../34-libcollection4_0.6.2-2_arm64.deb ... 172s Unpacking libcollection4:arm64 (0.6.2-2) ... 172s Selecting previously unselected package libpath-utils1:arm64. 172s Preparing to unpack .../35-libpath-utils1_0.6.2-2_arm64.deb ... 172s Unpacking libpath-utils1:arm64 (0.6.2-2) ... 172s Selecting previously unselected package libref-array1:arm64. 172s Preparing to unpack .../36-libref-array1_0.6.2-2_arm64.deb ... 172s Unpacking libref-array1:arm64 (0.6.2-2) ... 172s Selecting previously unselected package libini-config5:arm64. 172s Preparing to unpack .../37-libini-config5_0.6.2-2_arm64.deb ... 172s Unpacking libini-config5:arm64 (0.6.2-2) ... 172s Selecting previously unselected package libsss-certmap0. 173s Preparing to unpack .../38-libsss-certmap0_2.9.4-1ubuntu1_arm64.deb ... 173s Unpacking libsss-certmap0 (2.9.4-1ubuntu1) ... 173s Selecting previously unselected package libsss-idmap0. 173s Preparing to unpack .../39-libsss-idmap0_2.9.4-1ubuntu1_arm64.deb ... 173s Unpacking libsss-idmap0 (2.9.4-1ubuntu1) ... 173s Selecting previously unselected package libsss-nss-idmap0. 173s Preparing to unpack .../40-libsss-nss-idmap0_2.9.4-1ubuntu1_arm64.deb ... 173s Unpacking libsss-nss-idmap0 (2.9.4-1ubuntu1) ... 173s Selecting previously unselected package sssd-common. 173s Preparing to unpack .../41-sssd-common_2.9.4-1ubuntu1_arm64.deb ... 173s Unpacking sssd-common (2.9.4-1ubuntu1) ... 173s Selecting previously unselected package sssd-idp. 173s Preparing to unpack .../42-sssd-idp_2.9.4-1ubuntu1_arm64.deb ... 173s Unpacking sssd-idp (2.9.4-1ubuntu1) ... 173s Selecting previously unselected package sssd-passkey. 173s Preparing to unpack .../43-sssd-passkey_2.9.4-1ubuntu1_arm64.deb ... 173s Unpacking sssd-passkey (2.9.4-1ubuntu1) ... 173s Selecting previously unselected package sssd-ad-common. 173s Preparing to unpack .../44-sssd-ad-common_2.9.4-1ubuntu1_arm64.deb ... 173s Unpacking sssd-ad-common (2.9.4-1ubuntu1) ... 173s Selecting previously unselected package sssd-krb5-common. 173s Preparing to unpack .../45-sssd-krb5-common_2.9.4-1ubuntu1_arm64.deb ... 173s Unpacking sssd-krb5-common (2.9.4-1ubuntu1) ... 173s Selecting previously unselected package libsmbclient:arm64. 173s Preparing to unpack .../46-libsmbclient_2%3a4.19.5+dfsg-1ubuntu1_arm64.deb ... 173s Unpacking libsmbclient:arm64 (2:4.19.5+dfsg-1ubuntu1) ... 173s Selecting previously unselected package sssd-ad. 173s Preparing to unpack .../47-sssd-ad_2.9.4-1ubuntu1_arm64.deb ... 173s Unpacking sssd-ad (2.9.4-1ubuntu1) ... 173s Selecting previously unselected package libipa-hbac0. 173s Preparing to unpack .../48-libipa-hbac0_2.9.4-1ubuntu1_arm64.deb ... 173s Unpacking libipa-hbac0 (2.9.4-1ubuntu1) ... 173s Selecting previously unselected package sssd-ipa. 173s Preparing to unpack .../49-sssd-ipa_2.9.4-1ubuntu1_arm64.deb ... 173s Unpacking sssd-ipa (2.9.4-1ubuntu1) ... 173s Selecting previously unselected package sssd-krb5. 173s Preparing to unpack .../50-sssd-krb5_2.9.4-1ubuntu1_arm64.deb ... 173s Unpacking sssd-krb5 (2.9.4-1ubuntu1) ... 173s Selecting previously unselected package sssd-ldap. 173s Preparing to unpack .../51-sssd-ldap_2.9.4-1ubuntu1_arm64.deb ... 173s Unpacking sssd-ldap (2.9.4-1ubuntu1) ... 173s Selecting previously unselected package sssd-proxy. 173s Preparing to unpack .../52-sssd-proxy_2.9.4-1ubuntu1_arm64.deb ... 173s Unpacking sssd-proxy (2.9.4-1ubuntu1) ... 173s Selecting previously unselected package sssd. 173s Preparing to unpack .../53-sssd_2.9.4-1ubuntu1_arm64.deb ... 173s Unpacking sssd (2.9.4-1ubuntu1) ... 173s Selecting previously unselected package sssd-dbus. 173s Preparing to unpack .../54-sssd-dbus_2.9.4-1ubuntu1_arm64.deb ... 173s Unpacking sssd-dbus (2.9.4-1ubuntu1) ... 173s Selecting previously unselected package sssd-kcm. 173s Preparing to unpack .../55-sssd-kcm_2.9.4-1ubuntu1_arm64.deb ... 173s Unpacking sssd-kcm (2.9.4-1ubuntu1) ... 173s Selecting previously unselected package sssd-tools. 173s Preparing to unpack .../56-sssd-tools_2.9.4-1ubuntu1_arm64.deb ... 173s Unpacking sssd-tools (2.9.4-1ubuntu1) ... 173s Selecting previously unselected package libipa-hbac-dev. 173s Preparing to unpack .../57-libipa-hbac-dev_2.9.4-1ubuntu1_arm64.deb ... 173s Unpacking libipa-hbac-dev (2.9.4-1ubuntu1) ... 173s Selecting previously unselected package libsss-certmap-dev. 173s Preparing to unpack .../58-libsss-certmap-dev_2.9.4-1ubuntu1_arm64.deb ... 173s Unpacking libsss-certmap-dev (2.9.4-1ubuntu1) ... 173s Selecting previously unselected package libsss-idmap-dev. 173s Preparing to unpack .../59-libsss-idmap-dev_2.9.4-1ubuntu1_arm64.deb ... 173s Unpacking libsss-idmap-dev (2.9.4-1ubuntu1) ... 173s Selecting previously unselected package libsss-nss-idmap-dev. 173s Preparing to unpack .../60-libsss-nss-idmap-dev_2.9.4-1ubuntu1_arm64.deb ... 173s Unpacking libsss-nss-idmap-dev (2.9.4-1ubuntu1) ... 173s Selecting previously unselected package libsss-sudo. 173s Preparing to unpack .../61-libsss-sudo_2.9.4-1ubuntu1_arm64.deb ... 173s Unpacking libsss-sudo (2.9.4-1ubuntu1) ... 173s Selecting previously unselected package python3-libipa-hbac. 173s Preparing to unpack .../62-python3-libipa-hbac_2.9.4-1ubuntu1_arm64.deb ... 173s Unpacking python3-libipa-hbac (2.9.4-1ubuntu1) ... 173s Selecting previously unselected package python3-libsss-nss-idmap. 173s Preparing to unpack .../63-python3-libsss-nss-idmap_2.9.4-1ubuntu1_arm64.deb ... 173s Unpacking python3-libsss-nss-idmap (2.9.4-1ubuntu1) ... 173s Selecting previously unselected package autopkgtest-satdep. 173s Preparing to unpack .../64-1-autopkgtest-satdep.deb ... 173s Unpacking autopkgtest-satdep (0) ... 173s Setting up libpwquality-common (1.4.5-3) ... 173s Setting up libpath-utils1:arm64 (0.6.2-2) ... 173s Setting up libnfsidmap1:arm64 (1:2.6.3-3ubuntu1) ... 173s Setting up libsss-idmap0 (2.9.4-1ubuntu1) ... 173s Setting up libbasicobjects0:arm64 (0.6.2-2) ... 173s Setting up libsss-idmap-dev (2.9.4-1ubuntu1) ... 173s Setting up libtdb1:arm64 (1.4.10-1) ... 173s Setting up libc-ares2:arm64 (1.27.0-1) ... 173s Setting up ldap-utils (2.6.7+dfsg-1~exp1ubuntu1) ... 173s Setting up libjose0:arm64 (11-3) ... 173s Setting up libwbclient0:arm64 (2:4.19.5+dfsg-1ubuntu1) ... 173s Setting up libtalloc2:arm64 (2.4.2-1) ... 173s Setting up libdhash1:arm64 (0.6.2-2) ... 173s Setting up libtevent0:arm64 (0.16.1-1) ... 173s Setting up libavahi-common-data:arm64 (0.8-13ubuntu2) ... 173s Setting up libevent-2.1-7:arm64 (2.1.12-stable-9) ... 173s Setting up libtcl8.6:arm64 (8.6.13+dfsg-2) ... 173s Setting up libltdl7:arm64 (2.4.7-7) ... 173s Setting up libcrack2:arm64 (2.9.6-5.1) ... 173s Setting up libcollection4:arm64 (0.6.2-2) ... 173s Setting up libodbc2:arm64 (2.3.12-1) ... 173s Setting up libipa-hbac0 (2.9.4-1ubuntu1) ... 173s Setting up python3-libipa-hbac (2.9.4-1ubuntu1) ... 173s Setting up libref-array1:arm64 (0.6.2-2) ... 173s Setting up libnss-sudo (1.9.15p5-3ubuntu1) ... 173s Setting up libldb2:arm64 (2:2.8.0+samba4.19.5+dfsg-1ubuntu1) ... 173s Setting up libsss-nss-idmap0 (2.9.4-1ubuntu1) ... 173s Setting up libnss-sss:arm64 (2.9.4-1ubuntu1) ... 173s Setting up slapd (2.6.7+dfsg-1~exp1ubuntu1) ... 174s Creating new user openldap... done. 174s Creating initial configuration... done. 174s Creating LDAP directory... done. 175s Setting up tcl8.6 (8.6.13+dfsg-2) ... 175s Setting up libsss-sudo (2.9.4-1ubuntu1) ... 175s Setting up libsss-nss-idmap-dev (2.9.4-1ubuntu1) ... 175s Setting up libipa-hbac-dev (2.9.4-1ubuntu1) ... 175s Setting up libini-config5:arm64 (0.6.2-2) ... 175s Setting up libavahi-common3:arm64 (0.8-13ubuntu2) ... 175s Setting up tcl-expect:arm64 (5.45.4-2build1) ... 175s Setting up python3-sss (2.9.4-1ubuntu1) ... 175s Setting up libsss-certmap0 (2.9.4-1ubuntu1) ... 175s Setting up libpwquality1:arm64 (1.4.5-3) ... 175s Setting up python3-libsss-nss-idmap (2.9.4-1ubuntu1) ... 175s Setting up libavahi-client3:arm64 (0.8-13ubuntu2) ... 175s Setting up expect (5.45.4-2build1) ... 175s Setting up libpam-pwquality:arm64 (1.4.5-3) ... 175s Setting up samba-libs:arm64 (2:4.19.5+dfsg-1ubuntu1) ... 175s Setting up libsss-certmap-dev (2.9.4-1ubuntu1) ... 175s Setting up libsmbclient:arm64 (2:4.19.5+dfsg-1ubuntu1) ... 175s Setting up libpam-sss:arm64 (2.9.4-1ubuntu1) ... 175s Setting up sssd-common (2.9.4-1ubuntu1) ... 175s Creating SSSD system user & group... 175s warn: The home directory `/var/lib/sss' already exists. Not touching this directory. 175s warn: Warning: The home directory `/var/lib/sss' does not belong to the user you are currently creating. 175s Warning: found usr.sbin.sssd in /etc/apparmor.d/force-complain, forcing complain mode 175s Warning from /etc/apparmor.d/usr.sbin.sssd (/etc/apparmor.d/usr.sbin.sssd line 63): Caching disabled for: 'usr.sbin.sssd' due to force complain 176s Created symlink /etc/systemd/system/sssd.service.wants/sssd-autofs.socket → /usr/lib/systemd/system/sssd-autofs.socket. 176s Created symlink /etc/systemd/system/sssd.service.wants/sssd-nss.socket → /usr/lib/systemd/system/sssd-nss.socket. 176s Created symlink /etc/systemd/system/sssd.service.wants/sssd-pam-priv.socket → /usr/lib/systemd/system/sssd-pam-priv.socket. 176s Created symlink /etc/systemd/system/sssd.service.wants/sssd-pam.socket → /usr/lib/systemd/system/sssd-pam.socket. 176s Created symlink /etc/systemd/system/sssd.service.wants/sssd-ssh.socket → /usr/lib/systemd/system/sssd-ssh.socket. 177s Created symlink /etc/systemd/system/sssd.service.wants/sssd-sudo.socket → /usr/lib/systemd/system/sssd-sudo.socket. 177s Created symlink /etc/systemd/system/multi-user.target.wants/sssd.service → /usr/lib/systemd/system/sssd.service. 177s sssd-autofs.service is a disabled or a static unit, not starting it. 177s sssd-nss.service is a disabled or a static unit, not starting it. 177s sssd-pam.service is a disabled or a static unit, not starting it. 177s sssd-ssh.service is a disabled or a static unit, not starting it. 177s sssd-sudo.service is a disabled or a static unit, not starting it. 177s Could not execute systemctl: at /usr/bin/deb-systemd-invoke line 148. 177s Setting up sssd-proxy (2.9.4-1ubuntu1) ... 177s Setting up sssd-kcm (2.9.4-1ubuntu1) ... 177s Created symlink /etc/systemd/system/sockets.target.wants/sssd-kcm.socket → /usr/lib/systemd/system/sssd-kcm.socket. 178s sssd-kcm.service is a disabled or a static unit, not starting it. 178s Setting up sssd-dbus (2.9.4-1ubuntu1) ... 178s sssd-ifp.service is a disabled or a static unit, not starting it. 178s Setting up sssd-ad-common (2.9.4-1ubuntu1) ... 178s Created symlink /etc/systemd/system/sssd.service.wants/sssd-pac.socket → /usr/lib/systemd/system/sssd-pac.socket. 179s sssd-pac.service is a disabled or a static unit, not starting it. 179s Could not execute systemctl: at /usr/bin/deb-systemd-invoke line 148. 179s Setting up sssd-krb5-common (2.9.4-1ubuntu1) ... 179s Setting up sssd-krb5 (2.9.4-1ubuntu1) ... 179s Setting up sssd-ldap (2.9.4-1ubuntu1) ... 179s Setting up sssd-ad (2.9.4-1ubuntu1) ... 179s Setting up sssd-tools (2.9.4-1ubuntu1) ... 179s Setting up sssd-ipa (2.9.4-1ubuntu1) ... 179s Setting up sssd (2.9.4-1ubuntu1) ... 179s Setting up libverto-libevent1:arm64 (0.3.1-1ubuntu5) ... 179s Setting up libverto1:arm64 (0.3.1-1ubuntu5) ... 179s Setting up libkrad0:arm64 (1.20.1-5build1) ... 179s Setting up sssd-passkey (2.9.4-1ubuntu1) ... 179s Setting up sssd-idp (2.9.4-1ubuntu1) ... 179s Setting up autopkgtest-satdep (0) ... 179s Processing triggers for libc-bin (2.39-0ubuntu2) ... 179s Processing triggers for ufw (0.36.2-5) ... 179s Processing triggers for man-db (2.12.0-3) ... 180s Processing triggers for dbus (1.14.10-4ubuntu1) ... 190s (Reading database ... 75663 files and directories currently installed.) 190s Removing autopkgtest-satdep (0) ... 190s autopkgtest [17:53:59]: test ldap-user-group-ldap-auth: [----------------------- 191s + . debian/tests/util 191s + . debian/tests/common-tests 191s + mydomain=example.com 191s + myhostname=ldap.example.com 191s + mysuffix=dc=example,dc=com 191s + admin_dn=cn=admin,dc=example,dc=com 191s + admin_pw=secret 191s + ldap_user=testuser1 191s + ldap_user_pw=testuser1secret 191s + ldap_group=ldapusers 191s + adjust_hostname ldap.example.com 191s + local myhostname=ldap.example.com 191s + echo ldap.example.com 191s + hostname ldap.example.com 191s + grep -qE ldap.example.com /etc/hosts 191s + echo 127.0.1.10 ldap.example.com 191s + reconfigure_slapd 191s + debconf-set-selections 191s + rm -rf /var/backups/*slapd* /var/backups/unknown*ldapdb 191s + dpkg-reconfigure -fnoninteractive -pcritical slapd 191s Backing up /etc/ldap/slapd.d in /var/backups/slapd-2.6.7+dfsg-1~exp1ubuntu1... done. 191s Moving old database directory to /var/backups: 191s - directory unknown... done. 191s Creating initial configuration... done. 191s Creating LDAP directory... done. 192s + generate_certs ldap.example.com 192s + local cn=ldap.example.com 192s + local cert=/etc/ldap/server.pem 192s + local key=/etc/ldap/server.key 192s + local cnf=/etc/ldap/openssl.cnf 192s + cat 192s + openssl req -new -x509 -nodes -out /etc/ldap/server.pem -keyout /etc/ldap/server.key -config /etc/ldap/openssl.cnf 192s ...................++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 192s ...............................................................................................................................++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 192s ----- 192s + chmod 0640 /etc/ldap/server.key 192s + chgrp openldap /etc/ldap/server.key 192s + [ ! -f /etc/ldap/server.pem ] 192s + [ ! -f /etc/ldap/server.key ] 192s + enable_ldap_ssl 192s + cat 192s + cat 192s + ldapmodify -H ldapi:/// -Y EXTERNAL -Q 192s modifying entry "cn=config" 192s 192s + populate_ldap_rfc2307 192s + ldapadd -x -D cn=admin,dc=example,dc=com -w secret 192s + cat 192s adding new entry "ou=People,dc=example,dc=com" 192s 192s adding new entry "ou=Group,dc=example,dc=com" 192s 192s adding new entry "uid=testuser1,ou=People,dc=example,dc=com" 192s 192s adding new entry "cn=testuser1,ou=Group,dc=example,dc=com" 192s 192s adding new entry "cn=ldapusers,ou=Group,dc=example,dc=com" 192s 192s + configure_sssd_ldap_rfc2307 192s + cat 192s + chmod 0600 /etc/sssd/sssd.conf 192s + systemctl restart sssd 193s + enable_pam_mkhomedir 193s + grep -qE ^session.*pam_mkhomedir\.so /etc/pam.d/common-session 193s + echo session optional pam_mkhomedir.so 193s + run_common_tests 193s + echo Assert local user databases do not have our LDAP test data 193s + check_local_user testuser1 193s + local local_user=testuser1 193s + grep -q ^testuser1 /etc/passwd 193s Assert local user databases do not have our LDAP test data 193s + check_local_group testuser1 193s + local local_group=testuser1 193s + grep -q ^testuser1 /etc/group 193s + check_local_group ldapusers 193s + local local_group=ldapusers 193s + grep -q ^ldapusers /etc/group 193s The LDAP user is known to the system via getent 193s + echo The LDAP user is known to the system via getent 193s + check_getent_user testuser1 193s + local getent_user=testuser1 193s + local output 193s + getent passwd testuser1 193s The LDAP user's private group is known to the system via getent 193s + output=testuser1:*:10001:10001:testuser1:/home/testuser1:/bin/bash 193s + [ -z testuser1:*:10001:10001:testuser1:/home/testuser1:/bin/bash ] 193s + echo The LDAP user's private group is known to the system via getent 193s + check_getent_group testuser1 193s + local getent_group=testuser1 193s + local output 193s + getent group testuser1 193s The LDAP group ldapusers is known to the system via getent 193s + output=testuser1:*:10001:testuser1 193s + [ -z testuser1:*:10001:testuser1 ] 193s + echo The LDAP group ldapusers is known to the system via getent 193s + check_getent_group ldapusers 193s + local getent_group=ldapusers 193s + local output 193s + getent group ldapusers 193s + output=ldapusers:*:10100:testuser1 193s + [ -z ldapusers:*:10100:testuser1 ] 193s + echo The id(1) command can resolve the group membership of the LDAP user 193s + id -Gn testuser1 193s The id(1) command can resolve the group membership of the LDAP user 193s + output=testuser1 ldapusers 193s + [ testuser1 ldapusers != testuser1 ldapusers ] 193s + echo The LDAP user can login on a terminal 193s + /usr/bin/expect -f debian/tests/login.exp testuser1 testuser1secret 193s The LDAP user can login on a terminal 193s spawn login 193s ldap.example.com login: testuser1 193s Password: 193s Welcome to Ubuntu Noble Numbat (development branch) (GNU/Linux 6.8.0-11-generic aarch64) 193s 193s * Documentation: https://help.ubuntu.com 193s * Management: https://landscape.canonical.com 193s * Support: https://ubuntu.com/pro 193s 193s 193s The programs included with the Ubuntu system are free software; 193s the exact distribution terms for each program are described in the 193s individual files in /usr/share/doc/*/copyright. 193s 193s Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by 193s applicable law. 193s 193s 193s The programs included with the Ubuntu system are free software; 193s the exact distribution terms for each program are described in the 193s individual files in /usr/share/doc/*/copyright. 193s 193s Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by 193s applicable law. 193s 193s Creating directory '/home/testuser1'. 193s [?2004htestuser1@ldap:~$ id -un 193s [?2004l testuser1 193s [?2004htestuser1@ldap:~$ autopkgtest [17:54:02]: test ldap-user-group-ldap-auth: -----------------------] 194s ldap-user-group-ldap-auth PASS 194s autopkgtest [17:54:03]: test ldap-user-group-ldap-auth: - - - - - - - - - - results - - - - - - - - - - 194s autopkgtest [17:54:03]: test ldap-user-group-krb5-auth: preparing testbed 196s Reading package lists... 197s Building dependency tree... 197s Reading state information... 197s Starting pkgProblemResolver with broken count: 0 197s Starting 2 pkgProblemResolver with broken count: 0 197s Done 197s The following additional packages will be installed: 197s krb5-admin-server krb5-config krb5-kdc krb5-user libgssrpc4 197s libkadm5clnt-mit12 libkadm5srv-mit12 libkdb5-10 197s Suggested packages: 197s krb5-kdc-ldap krb5-kpropd krb5-k5tls krb5-doc 197s The following NEW packages will be installed: 197s autopkgtest-satdep krb5-admin-server krb5-config krb5-kdc krb5-user 197s libgssrpc4 libkadm5clnt-mit12 libkadm5srv-mit12 libkdb5-10 198s 0 upgraded, 9 newly installed, 0 to remove and 0 not upgraded. 198s Need to get 594 kB/595 kB of archives. 198s After this operation, 2907 kB of additional disk space will be used. 198s Get:1 /tmp/autopkgtest.P0n92v/2-autopkgtest-satdep.deb autopkgtest-satdep arm64 0 [884 B] 198s Get:2 http://ftpmaster.internal/ubuntu noble/main arm64 krb5-config all 2.7 [22.0 kB] 198s Get:3 http://ftpmaster.internal/ubuntu noble/main arm64 libgssrpc4 arm64 1.20.1-5build1 [57.4 kB] 198s Get:4 http://ftpmaster.internal/ubuntu noble/main arm64 libkadm5clnt-mit12 arm64 1.20.1-5build1 [39.9 kB] 198s Get:5 http://ftpmaster.internal/ubuntu noble/main arm64 libkdb5-10 arm64 1.20.1-5build1 [39.8 kB] 198s Get:6 http://ftpmaster.internal/ubuntu noble/main arm64 libkadm5srv-mit12 arm64 1.20.1-5build1 [53.2 kB] 198s Get:7 http://ftpmaster.internal/ubuntu noble/universe arm64 krb5-user arm64 1.20.1-5build1 [108 kB] 198s Get:8 http://ftpmaster.internal/ubuntu noble/universe arm64 krb5-kdc arm64 1.20.1-5build1 [180 kB] 198s Get:9 http://ftpmaster.internal/ubuntu noble/universe arm64 krb5-admin-server arm64 1.20.1-5build1 [94.6 kB] 198s Preconfiguring packages ... 200s Fetched 594 kB in 1s (951 kB/s) 200s Selecting previously unselected package krb5-config. 200s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 75663 files and directories currently installed.) 200s Preparing to unpack .../0-krb5-config_2.7_all.deb ... 200s Unpacking krb5-config (2.7) ... 200s Selecting previously unselected package libgssrpc4:arm64. 200s Preparing to unpack .../1-libgssrpc4_1.20.1-5build1_arm64.deb ... 200s Unpacking libgssrpc4:arm64 (1.20.1-5build1) ... 200s Selecting previously unselected package libkadm5clnt-mit12:arm64. 200s Preparing to unpack .../2-libkadm5clnt-mit12_1.20.1-5build1_arm64.deb ... 200s Unpacking libkadm5clnt-mit12:arm64 (1.20.1-5build1) ... 200s Selecting previously unselected package libkdb5-10:arm64. 200s Preparing to unpack .../3-libkdb5-10_1.20.1-5build1_arm64.deb ... 200s Unpacking libkdb5-10:arm64 (1.20.1-5build1) ... 200s Selecting previously unselected package libkadm5srv-mit12:arm64. 200s Preparing to unpack .../4-libkadm5srv-mit12_1.20.1-5build1_arm64.deb ... 200s Unpacking libkadm5srv-mit12:arm64 (1.20.1-5build1) ... 200s Selecting previously unselected package krb5-user. 200s Preparing to unpack .../5-krb5-user_1.20.1-5build1_arm64.deb ... 200s Unpacking krb5-user (1.20.1-5build1) ... 200s Selecting previously unselected package krb5-kdc. 200s Preparing to unpack .../6-krb5-kdc_1.20.1-5build1_arm64.deb ... 200s Unpacking krb5-kdc (1.20.1-5build1) ... 200s Selecting previously unselected package krb5-admin-server. 200s Preparing to unpack .../7-krb5-admin-server_1.20.1-5build1_arm64.deb ... 200s Unpacking krb5-admin-server (1.20.1-5build1) ... 200s Selecting previously unselected package autopkgtest-satdep. 200s Preparing to unpack .../8-2-autopkgtest-satdep.deb ... 200s Unpacking autopkgtest-satdep (0) ... 200s Setting up libgssrpc4:arm64 (1.20.1-5build1) ... 200s Setting up krb5-config (2.7) ... 200s Setting up libkadm5clnt-mit12:arm64 (1.20.1-5build1) ... 200s Setting up libkdb5-10:arm64 (1.20.1-5build1) ... 200s Setting up libkadm5srv-mit12:arm64 (1.20.1-5build1) ... 200s Setting up krb5-user (1.20.1-5build1) ... 200s update-alternatives: using /usr/bin/kinit.mit to provide /usr/bin/kinit (kinit) in auto mode 200s update-alternatives: using /usr/bin/klist.mit to provide /usr/bin/klist (klist) in auto mode 200s update-alternatives: using /usr/bin/kswitch.mit to provide /usr/bin/kswitch (kswitch) in auto mode 200s update-alternatives: using /usr/bin/ksu.mit to provide /usr/bin/ksu (ksu) in auto mode 200s update-alternatives: using /usr/bin/kpasswd.mit to provide /usr/bin/kpasswd (kpasswd) in auto mode 200s update-alternatives: using /usr/bin/kdestroy.mit to provide /usr/bin/kdestroy (kdestroy) in auto mode 200s update-alternatives: using /usr/bin/kadmin.mit to provide /usr/bin/kadmin (kadmin) in auto mode 200s update-alternatives: using /usr/bin/ktutil.mit to provide /usr/bin/ktutil (ktutil) in auto mode 200s Setting up krb5-kdc (1.20.1-5build1) ... 201s Created symlink /etc/systemd/system/multi-user.target.wants/krb5-kdc.service → /usr/lib/systemd/system/krb5-kdc.service. 201s Could not execute systemctl: at /usr/bin/deb-systemd-invoke line 148. 201s Setting up krb5-admin-server (1.20.1-5build1) ... 202s Created symlink /etc/systemd/system/multi-user.target.wants/krb5-admin-server.service → /usr/lib/systemd/system/krb5-admin-server.service. 202s Setting up autopkgtest-satdep (0) ... 202s Processing triggers for man-db (2.12.0-3) ... 202s Processing triggers for libc-bin (2.39-0ubuntu2) ... 210s (Reading database ... 75756 files and directories currently installed.) 210s Removing autopkgtest-satdep (0) ... 210s autopkgtest [17:54:19]: test ldap-user-group-krb5-auth: [----------------------- 211s + . debian/tests/util 211s + . debian/tests/common-tests 211s + mydomain=example.com 211s + myhostname=ldap.example.com 211s + mysuffix=dc=example,dc=com 211s + myrealm=EXAMPLE.COM 211s + admin_dn=cn=admin,dc=example,dc=com 211s + admin_pw=secret 211s + ldap_user=testuser1 211s + ldap_user_pw=testuser1secret 211s + kerberos_principal_pw=testuser1kerberos 211s + ldap_group=ldapusers 211s + adjust_hostname ldap.example.com 211s + local myhostname=ldap.example.com 211s + echo ldap.example.com 211s + hostname ldap.example.com 211s + grep -qE ldap.example.com /etc/hosts 211s + reconfigure_slapd 211s + debconf-set-selections 211s + rm -rf /var/backups/slapd-2.6.7+dfsg-1~exp1ubuntu1 /var/backups/unknown-2.6.7+dfsg-1~exp1ubuntu1-20240321-175400.ldapdb 211s + dpkg-reconfigure -fnoninteractive -pcritical slapd 211s Backing up /etc/ldap/slapd.d in /var/backups/slapd-2.6.7+dfsg-1~exp1ubuntu1... done. 211s Moving old database directory to /var/backups: 211s - directory unknown... done. 211s Creating initial configuration... done. 211s Creating LDAP directory... done. 211s + generate_certs ldap.example.com 211s + local cn=ldap.example.com 211s + local cert=/etc/ldap/server.pem 211s + local key=/etc/ldap/server.key 211s + local cnf=/etc/ldap/openssl.cnf 211s + cat 211s + openssl req -new -x509 -nodes -out /etc/ldap/server.pem -keyout /etc/ldap/server.key -config /etc/ldap/openssl.cnf 211s ....................................++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 211s ...............++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 211s ----- 211s + chmod 0640 /etc/ldap/server.key 211s + chgrp openldap /etc/ldap/server.key 211s + [ ! -f /etc/ldap/server.pem ] 211s + [ ! -f /etc/ldap/server.key ] 211s + enable_ldap_ssl 211s + cat 211s + cat 211s + ldapmodify -H ldapi:/// -Y EXTERNAL -Q 211s + populate_ldap_rfc2307 211s + + cat 211s ldapadd -x -D cn=admin,dc=example,dc=com -w secret 211s modifying entry "cn=config" 211s 211s + create_realm EXAMPLE.COM ldap.example.com 211s + local realm_name=EXAMPLE.COM 211s + local kerberos_server=ldap.example.com 211s + rm -rf /var/lib/krb5kdc/* 211s adding new entry "ou=People,dc=example,dc=com" 211s 211s adding new entry "ou=Group,dc=example,dc=com" 211s 211s adding new entry "uid=testuser1,ou=People,dc=example,dc=com" 211s 211s adding new entry "cn=testuser1,ou=Group,dc=example,dc=com" 211s 211s adding new entry "cn=ldapusers,ou=Group,dc=example,dc=com" 211s 211s + rm -rf /etc/krb5kdc/kdc.conf 211s + rm -f /etc/krb5.keytab 211s + cat 211s + cat 211s + echo # */admin * 211s + kdb5_util create -s -P secretpassword 212s + systemctl restart krb5-kdc.service krb5-admin-server.service 212s Initializing database '/var/lib/krb5kdc/principal' for realm 'EXAMPLE.COM', 212s master key name 'K/M@EXAMPLE.COM' 212s + create_krb_principal testuser1 testuser1kerberos 212s + local principal=testuser1 212s + local password=testuser1kerberos 212s + kadmin.local -q addprinc -pw testuser1kerberos testuser1 212s No policy specified for testuser1@EXAMPLE.COM; defaulting to no policy 212s Authenticating as principal root/admin@EXAMPLE.COM with password. 212s Principal "testuser1@EXAMPLE.COM" created. 212s + configure_sssd_ldap_rfc2307_krb5_auth 212s + cat 212s + chmod 0600 /etc/sssd/sssd.conf 212s + systemctl restart sssd 212s + enable_pam_mkhomedir 212s + grep -qE ^session.*pam_mkhomedir\.so /etc/pam.d/common-session 212s Assert local user databases do not have our LDAP test data 212s + run_common_tests 212s + echo Assert local user databases do not have our LDAP test data 212s + check_local_user testuser1 212s + local local_user=testuser1 212s + grep -q ^testuser1 /etc/passwd 212s + check_local_group testuser1 212s + local local_group=testuser1 212s + grep -q ^testuser1 /etc/group 212s + check_local_group ldapusers 212s + local local_group=ldapusers 212s + grep -q ^ldapusers /etc/group 212s The LDAP user is known to the system via getent 212s + echo The LDAP user is known to the system via getent 212s + check_getent_user testuser1 212s + local getent_user=testuser1 212s + local output 212s + getent passwd testuser1 212s The LDAP user's private group is known to the system via getent 212s + output=testuser1:*:10001:10001:testuser1:/home/testuser1:/bin/bash 212s + [ -z testuser1:*:10001:10001:testuser1:/home/testuser1:/bin/bash ] 212s + echo The LDAP user's private group is known to the system via getent 212s + check_getent_group testuser1 212s + local getent_group=testuser1 212s + local output 212s + getent group testuser1 212s The LDAP group ldapusers is known to the system via getent 212s + output=testuser1:*:10001:testuser1 212s + [ -z testuser1:*:10001:testuser1 ] 212s + echo The LDAP group ldapusers is known to the system via getent 212s + check_getent_group ldapusers 212s + local getent_group=ldapusers 212s + local output 212s + getent group ldapusers 212s The id(1) command can resolve the group membership of the LDAP user 212s + output=ldapusers:*:10100:testuser1 212s + [ -z ldapusers:*:10100:testuser1 ] 212s + echo The id(1) command can resolve the group membership of the LDAP user 212s + id -Gn testuser1 212s The Kerberos principal can login on a terminal 212s + output=testuser1 ldapusers 212s + [ testuser1 ldapusers != testuser1 ldapusers ] 212s + echo The Kerberos principal can login on a terminal 212s + kdestroy 212s + /usr/bin/expect -f debian/tests/login.exp testuser1 testuser1kerberos testuser1@EXAMPLE.COM 212s spawn login 212s ldap.example.com login: testuser1 212s Password: 212s Welcome to Ubuntu Noble Numbat (development branch) (GNU/Linux 6.8.0-11-generic aarch64) 212s 212s * Documentation: https://help.ubuntu.com 212s * Management: https://landscape.canonical.com 212s * Support: https://ubuntu.com/pro 212s 212s 212s The programs included with the Ubuntu system are free software; 212s the exact distribution terms for each program are described in the 212s individual files in /usr/share/doc/*/copyright. 212s 212s Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by 212s applicable law. 212s 212s Last login: Thu Mar 21 17:54:02 UTC 2024 on pts/0 212s [?2004htestuser1@ldap:~$ id -un 212s [?2004l testuser1 212s [?2004htestuser1@ldap:~$ klist 212s [?2004l Ticket cache: FILE:/tmp/krb5cc_10001_zvm474 212s Default principal: testuser1@EXAMPLE.COM 212s 212s Valid starting Expires Service principal 212s 03/21/24 17:54:21 03/22/24 03:54:21 krbtgt/EXAMPLE.COM@EXAMPLE.COM 212s renew until 03/22/24 17:54:21 212s [?2004hautopkgtest [17:54:21]: test ldap-user-group-krb5-auth: -----------------------] 213s autopkgtest [17:54:22]: test ldap-user-group-krb5-auth: - - - - - - - - - - results - - - - - - - - - - 213s ldap-user-group-krb5-auth PASS 213s autopkgtest [17:54:22]: test sssd-softhism2-certificates-tests.sh: preparing testbed 286s autopkgtest [17:55:35]: testbed dpkg architecture: arm64 286s autopkgtest [17:55:35]: testbed apt version: 2.7.12 286s autopkgtest [17:55:35]: @@@@@@@@@@@@@@@@@@@@ test bed setup 287s Get:1 http://ftpmaster.internal/ubuntu noble-proposed InRelease [117 kB] 287s Get:2 http://ftpmaster.internal/ubuntu noble-proposed/universe Sources [3765 kB] 288s Get:3 http://ftpmaster.internal/ubuntu noble-proposed/main Sources [497 kB] 288s Get:4 http://ftpmaster.internal/ubuntu noble-proposed/multiverse Sources [53.9 kB] 288s Get:5 http://ftpmaster.internal/ubuntu noble-proposed/restricted Sources [6540 B] 288s Get:6 http://ftpmaster.internal/ubuntu noble-proposed/main arm64 Packages [677 kB] 288s Get:7 http://ftpmaster.internal/ubuntu noble-proposed/main arm64 c-n-f Metadata [3144 B] 288s Get:8 http://ftpmaster.internal/ubuntu noble-proposed/restricted arm64 Packages [33.7 kB] 288s Get:9 http://ftpmaster.internal/ubuntu noble-proposed/restricted arm64 c-n-f Metadata [116 B] 288s Get:10 http://ftpmaster.internal/ubuntu noble-proposed/universe arm64 Packages [4184 kB] 288s Get:11 http://ftpmaster.internal/ubuntu noble-proposed/universe arm64 c-n-f Metadata [8528 B] 288s Get:12 http://ftpmaster.internal/ubuntu noble-proposed/multiverse arm64 Packages [67.4 kB] 288s Get:13 http://ftpmaster.internal/ubuntu noble-proposed/multiverse arm64 c-n-f Metadata [116 B] 290s Fetched 9413 kB in 2s (5133 kB/s) 290s Reading package lists... 293s Reading package lists... 293s Building dependency tree... 293s Reading state information... 294s Calculating upgrade... 294s The following packages will be REMOVED: 294s libssl3 294s The following NEW packages will be installed: 294s libssl3t64 294s The following packages have been kept back: 294s libsasl2-2 libsasl2-modules-db 294s The following packages will be upgraded: 294s libsasl2-modules openssl 295s 2 upgraded, 1 newly installed, 1 to remove and 2 not upgraded. 295s Need to get 2847 kB of archives. 295s After this operation, 139 kB of additional disk space will be used. 295s Get:1 http://ftpmaster.internal/ubuntu noble-proposed/main arm64 openssl arm64 3.0.13-0ubuntu2 [985 kB] 295s Get:2 http://ftpmaster.internal/ubuntu noble-proposed/main arm64 libsasl2-modules arm64 2.1.28+dfsg1-5ubuntu1 [69.3 kB] 295s Get:3 http://ftpmaster.internal/ubuntu noble-proposed/main arm64 libssl3t64 arm64 3.0.13-0ubuntu2 [1793 kB] 296s Fetched 2847 kB in 1s (4226 kB/s) 296s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 74820 files and directories currently installed.) 296s Preparing to unpack .../openssl_3.0.13-0ubuntu2_arm64.deb ... 296s Unpacking openssl (3.0.13-0ubuntu2) over (3.0.10-1ubuntu4) ... 296s Preparing to unpack .../libsasl2-modules_2.1.28+dfsg1-5ubuntu1_arm64.deb ... 296s Unpacking libsasl2-modules:arm64 (2.1.28+dfsg1-5ubuntu1) over (2.1.28+dfsg1-4) ... 296s dpkg: libssl3:arm64: dependency problems, but removing anyway as you requested: 296s wget depends on libssl3 (>= 3.0.0). 296s u-boot-tools depends on libssl3 (>= 3.0.0). 296s tnftp depends on libssl3 (>= 3.0.0). 296s tcpdump depends on libssl3 (>= 3.0.0). 296s systemd-resolved depends on libssl3 (>= 3.0.0). 296s systemd depends on libssl3 (>= 3.0.0). 296s sudo depends on libssl3 (>= 3.0.0). 296s sbsigntool depends on libssl3 (>= 3.0.0). 296s rsync depends on libssl3 (>= 3.0.0). 296s python3-cryptography depends on libssl3 (>= 3.0.0). 296s openssh-server depends on libssl3 (>= 3.0.10). 296s openssh-client depends on libssl3 (>= 3.0.10). 296s mtd-utils depends on libssl3 (>= 3.0.0). 296s mokutil depends on libssl3 (>= 3.0.0). 296s linux-headers-6.8.0-11-generic depends on libssl3 (>= 3.0.0). 296s libsystemd-shared:arm64 depends on libssl3 (>= 3.0.0). 296s libssh-4:arm64 depends on libssl3 (>= 3.0.0). 296s libsasl2-2:arm64 depends on libssl3 (>= 3.0.0). 296s libpython3.12-minimal:arm64 depends on libssl3 (>= 3.0.0). 296s libnvme1 depends on libssl3 (>= 3.0.0). 296s libkrb5-3:arm64 depends on libssl3 (>= 3.0.0). 296s libkmod2:arm64 depends on libssl3 (>= 3.0.0). 296s libfido2-1:arm64 depends on libssl3 (>= 3.0.0). 296s libcurl4:arm64 depends on libssl3 (>= 3.0.0). 296s libcryptsetup12:arm64 depends on libssl3 (>= 3.0.0). 296s kmod depends on libssl3 (>= 3.0.0). 296s dhcpcd-base depends on libssl3 (>= 3.0.0). 296s bind9-libs:arm64 depends on libssl3 (>= 3.0.0). 296s 296s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 74820 files and directories currently installed.) 296s Removing libssl3:arm64 (3.0.10-1ubuntu4) ... 296s Selecting previously unselected package libssl3t64:arm64. 296s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 74809 files and directories currently installed.) 296s Preparing to unpack .../libssl3t64_3.0.13-0ubuntu2_arm64.deb ... 296s Unpacking libssl3t64:arm64 (3.0.13-0ubuntu2) ... 296s Setting up libssl3t64:arm64 (3.0.13-0ubuntu2) ... 296s Setting up libsasl2-modules:arm64 (2.1.28+dfsg1-5ubuntu1) ... 296s Setting up openssl (3.0.13-0ubuntu2) ... 296s Processing triggers for man-db (2.12.0-3) ... 297s Processing triggers for libc-bin (2.39-0ubuntu2) ... 298s Reading package lists... 298s Building dependency tree... 298s Reading state information... 298s 0 upgraded, 0 newly installed, 0 to remove and 2 not upgraded. 299s sh: Attempting to set up Debian/Ubuntu apt sources automatically 299s sh: Distribution appears to be Ubuntu 300s Reading package lists... 300s Building dependency tree... 300s Reading state information... 301s eatmydata is already the newest version (131-1). 301s 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 301s Reading package lists... 301s Building dependency tree... 301s Reading state information... 302s dbus is already the newest version (1.14.10-4ubuntu1). 302s 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 302s Reading package lists... 303s Building dependency tree... 303s Reading state information... 303s rng-tools-debian is already the newest version (2.4). 303s 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 303s Reading package lists... 303s Building dependency tree... 303s Reading state information... 304s The following packages will be REMOVED: 304s cloud-init* python3-configobj* python3-debconf* 304s 0 upgraded, 0 newly installed, 3 to remove and 0 not upgraded. 304s After this operation, 3252 kB disk space will be freed. 304s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 74822 files and directories currently installed.) 304s Removing cloud-init (24.1.1-0ubuntu1) ... 305s Removing python3-configobj (5.0.8-3) ... 305s Removing python3-debconf (1.5.86) ... 305s Processing triggers for man-db (2.12.0-3) ... 305s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 74433 files and directories currently installed.) 305s Purging configuration files for cloud-init (24.1.1-0ubuntu1) ... 306s dpkg: warning: while removing cloud-init, directory '/etc/cloud/cloud.cfg.d' not empty so not removed 306s Processing triggers for rsyslog (8.2312.0-3ubuntu3) ... 306s invoke-rc.d: policy-rc.d denied execution of try-restart. 306s Reading package lists... 306s Building dependency tree... 306s Reading state information... 307s linux-generic is already the newest version (6.8.0-11.11+1). 307s 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 307s Hit:1 http://ftpmaster.internal/ubuntu noble InRelease 307s Hit:2 http://ftpmaster.internal/ubuntu noble-updates InRelease 308s Hit:3 http://ftpmaster.internal/ubuntu noble-security InRelease 309s Reading package lists... 310s Reading package lists... 310s Building dependency tree... 310s Reading state information... 310s Calculating upgrade... 311s 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 311s Reading package lists... 311s Building dependency tree... 311s Reading state information... 312s 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 312s autopkgtest [17:56:01]: rebooting testbed after setup commands that affected boot 348s Reading package lists... 348s Building dependency tree... 348s Reading state information... 348s Starting pkgProblemResolver with broken count: 0 348s Starting 2 pkgProblemResolver with broken count: 0 348s Done 349s The following additional packages will be installed: 349s gnutls-bin libavahi-client3 libavahi-common-data libavahi-common3 349s libbasicobjects0 libc-ares2 libcollection4 libcrack2 libdhash1 349s libevent-2.1-7 libgnutls-dane0 libini-config5 libipa-hbac0 libldb2 349s libnfsidmap1 libnss-sss libpam-pwquality libpam-sss libpath-utils1 349s libpwquality-common libpwquality1 libref-array1 libsmbclient libsofthsm2 349s libsss-certmap0 libsss-idmap0 libsss-nss-idmap0 libtalloc2 libtdb1 349s libtevent0 libunbound8 libwbclient0 python3-sss samba-libs softhsm2 349s softhsm2-common sssd sssd-ad sssd-ad-common sssd-common sssd-ipa sssd-krb5 349s sssd-krb5-common sssd-ldap sssd-proxy 349s Suggested packages: 349s dns-root-data adcli libsss-sudo sssd-tools libsasl2-modules-ldap 349s Recommended packages: 349s cracklib-runtime libsasl2-modules-gssapi-mit 349s | libsasl2-modules-gssapi-heimdal ldap-utils 349s The following NEW packages will be installed: 349s autopkgtest-satdep gnutls-bin libavahi-client3 libavahi-common-data 349s libavahi-common3 libbasicobjects0 libc-ares2 libcollection4 libcrack2 349s libdhash1 libevent-2.1-7 libgnutls-dane0 libini-config5 libipa-hbac0 libldb2 349s libnfsidmap1 libnss-sss libpam-pwquality libpam-sss libpath-utils1 349s libpwquality-common libpwquality1 libref-array1 libsmbclient libsofthsm2 349s libsss-certmap0 libsss-idmap0 libsss-nss-idmap0 libtalloc2 libtdb1 349s libtevent0 libunbound8 libwbclient0 python3-sss samba-libs softhsm2 349s softhsm2-common sssd sssd-ad sssd-ad-common sssd-common sssd-ipa sssd-krb5 349s sssd-krb5-common sssd-ldap sssd-proxy 349s 0 upgraded, 46 newly installed, 0 to remove and 0 not upgraded. 349s Need to get 10.1 MB/10.1 MB of archives. 349s After this operation, 48.6 MB of additional disk space will be used. 349s Get:1 /tmp/autopkgtest.P0n92v/3-autopkgtest-satdep.deb autopkgtest-satdep arm64 0 [744 B] 349s Get:2 http://ftpmaster.internal/ubuntu noble/main arm64 libevent-2.1-7 arm64 2.1.12-stable-9 [138 kB] 350s Get:3 http://ftpmaster.internal/ubuntu noble/main arm64 libunbound8 arm64 1.19.1-1ubuntu1 [423 kB] 350s Get:4 http://ftpmaster.internal/ubuntu noble/main arm64 libgnutls-dane0 arm64 3.8.3-1ubuntu1 [23.3 kB] 350s Get:5 http://ftpmaster.internal/ubuntu noble/universe arm64 gnutls-bin arm64 3.8.3-1ubuntu1 [267 kB] 350s Get:6 http://ftpmaster.internal/ubuntu noble/main arm64 libavahi-common-data arm64 0.8-13ubuntu2 [29.5 kB] 350s Get:7 http://ftpmaster.internal/ubuntu noble/main arm64 libavahi-common3 arm64 0.8-13ubuntu2 [23.2 kB] 350s Get:8 http://ftpmaster.internal/ubuntu noble/main arm64 libavahi-client3 arm64 0.8-13ubuntu2 [27.3 kB] 350s Get:9 http://ftpmaster.internal/ubuntu noble/main arm64 libcrack2 arm64 2.9.6-5.1 [28.7 kB] 350s Get:10 http://ftpmaster.internal/ubuntu noble/main arm64 libtalloc2 arm64 2.4.2-1 [26.6 kB] 350s Get:11 http://ftpmaster.internal/ubuntu noble/main arm64 libtdb1 arm64 1.4.10-1 [48.4 kB] 350s Get:12 http://ftpmaster.internal/ubuntu noble/main arm64 libtevent0 arm64 0.16.1-1 [41.8 kB] 350s Get:13 http://ftpmaster.internal/ubuntu noble/main arm64 libldb2 arm64 2:2.8.0+samba4.19.5+dfsg-1ubuntu1 [187 kB] 350s Get:14 http://ftpmaster.internal/ubuntu noble/main arm64 libnfsidmap1 arm64 1:2.6.3-3ubuntu1 [47.1 kB] 350s Get:15 http://ftpmaster.internal/ubuntu noble/main arm64 libpwquality-common all 1.4.5-3 [7658 B] 350s Get:16 http://ftpmaster.internal/ubuntu noble/main arm64 libpwquality1 arm64 1.4.5-3 [13.2 kB] 350s Get:17 http://ftpmaster.internal/ubuntu noble/main arm64 libpam-pwquality arm64 1.4.5-3 [11.6 kB] 350s Get:18 http://ftpmaster.internal/ubuntu noble/main arm64 libwbclient0 arm64 2:4.19.5+dfsg-1ubuntu1 [70.6 kB] 350s Get:19 http://ftpmaster.internal/ubuntu noble/main arm64 samba-libs arm64 2:4.19.5+dfsg-1ubuntu1 [6061 kB] 350s Get:20 http://ftpmaster.internal/ubuntu noble/universe arm64 softhsm2-common arm64 2.6.1-2.2 [5806 B] 350s Get:21 http://ftpmaster.internal/ubuntu noble/universe arm64 libsofthsm2 arm64 2.6.1-2.2 [246 kB] 350s Get:22 http://ftpmaster.internal/ubuntu noble/universe arm64 softhsm2 arm64 2.6.1-2.2 [167 kB] 350s Get:23 http://ftpmaster.internal/ubuntu noble/main arm64 python3-sss arm64 2.9.4-1ubuntu1 [46.5 kB] 350s Get:24 http://ftpmaster.internal/ubuntu noble/main arm64 libsss-idmap0 arm64 2.9.4-1ubuntu1 [21.8 kB] 350s Get:25 http://ftpmaster.internal/ubuntu noble/main arm64 libnss-sss arm64 2.9.4-1ubuntu1 [31.7 kB] 350s Get:26 http://ftpmaster.internal/ubuntu noble/main arm64 libpam-sss arm64 2.9.4-1ubuntu1 [48.8 kB] 350s Get:27 http://ftpmaster.internal/ubuntu noble/main arm64 libc-ares2 arm64 1.27.0-1 [74.1 kB] 350s Get:28 http://ftpmaster.internal/ubuntu noble/main arm64 libdhash1 arm64 0.6.2-2 [8540 B] 350s Get:29 http://ftpmaster.internal/ubuntu noble/main arm64 libbasicobjects0 arm64 0.6.2-2 [5586 B] 350s Get:30 http://ftpmaster.internal/ubuntu noble/main arm64 libcollection4 arm64 0.6.2-2 [23.0 kB] 350s Get:31 http://ftpmaster.internal/ubuntu noble/main arm64 libpath-utils1 arm64 0.6.2-2 [8722 B] 350s Get:32 http://ftpmaster.internal/ubuntu noble/main arm64 libref-array1 arm64 0.6.2-2 [7042 B] 350s Get:33 http://ftpmaster.internal/ubuntu noble/main arm64 libini-config5 arm64 0.6.2-2 [43.7 kB] 350s Get:34 http://ftpmaster.internal/ubuntu noble/main arm64 libsss-certmap0 arm64 2.9.4-1ubuntu1 [45.8 kB] 350s Get:35 http://ftpmaster.internal/ubuntu noble/main arm64 libsss-nss-idmap0 arm64 2.9.4-1ubuntu1 [30.3 kB] 350s Get:36 http://ftpmaster.internal/ubuntu noble/main arm64 sssd-common arm64 2.9.4-1ubuntu1 [1147 kB] 350s Get:37 http://ftpmaster.internal/ubuntu noble/main arm64 sssd-ad-common arm64 2.9.4-1ubuntu1 [75.4 kB] 350s Get:38 http://ftpmaster.internal/ubuntu noble/main arm64 sssd-krb5-common arm64 2.9.4-1ubuntu1 [87.9 kB] 350s Get:39 http://ftpmaster.internal/ubuntu noble/main arm64 libsmbclient arm64 2:4.19.5+dfsg-1ubuntu1 [62.2 kB] 350s Get:40 http://ftpmaster.internal/ubuntu noble/main arm64 sssd-ad arm64 2.9.4-1ubuntu1 [134 kB] 350s Get:41 http://ftpmaster.internal/ubuntu noble/main arm64 libipa-hbac0 arm64 2.9.4-1ubuntu1 [16.7 kB] 350s Get:42 http://ftpmaster.internal/ubuntu noble/main arm64 sssd-ipa arm64 2.9.4-1ubuntu1 [220 kB] 350s Get:43 http://ftpmaster.internal/ubuntu noble/main arm64 sssd-krb5 arm64 2.9.4-1ubuntu1 [14.3 kB] 350s Get:44 http://ftpmaster.internal/ubuntu noble/main arm64 sssd-ldap arm64 2.9.4-1ubuntu1 [31.3 kB] 350s Get:45 http://ftpmaster.internal/ubuntu noble/main arm64 sssd-proxy arm64 2.9.4-1ubuntu1 [44.6 kB] 350s Get:46 http://ftpmaster.internal/ubuntu noble/main arm64 sssd arm64 2.9.4-1ubuntu1 [4120 B] 351s Fetched 10.1 MB in 1s (8449 kB/s) 351s Selecting previously unselected package libevent-2.1-7:arm64. 351s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 74378 files and directories currently installed.) 351s Preparing to unpack .../00-libevent-2.1-7_2.1.12-stable-9_arm64.deb ... 351s Unpacking libevent-2.1-7:arm64 (2.1.12-stable-9) ... 351s Selecting previously unselected package libunbound8:arm64. 351s Preparing to unpack .../01-libunbound8_1.19.1-1ubuntu1_arm64.deb ... 351s Unpacking libunbound8:arm64 (1.19.1-1ubuntu1) ... 351s Selecting previously unselected package libgnutls-dane0:arm64. 351s Preparing to unpack .../02-libgnutls-dane0_3.8.3-1ubuntu1_arm64.deb ... 351s Unpacking libgnutls-dane0:arm64 (3.8.3-1ubuntu1) ... 351s Selecting previously unselected package gnutls-bin. 351s Preparing to unpack .../03-gnutls-bin_3.8.3-1ubuntu1_arm64.deb ... 351s Unpacking gnutls-bin (3.8.3-1ubuntu1) ... 351s Selecting previously unselected package libavahi-common-data:arm64. 351s Preparing to unpack .../04-libavahi-common-data_0.8-13ubuntu2_arm64.deb ... 351s Unpacking libavahi-common-data:arm64 (0.8-13ubuntu2) ... 351s Selecting previously unselected package libavahi-common3:arm64. 351s Preparing to unpack .../05-libavahi-common3_0.8-13ubuntu2_arm64.deb ... 351s Unpacking libavahi-common3:arm64 (0.8-13ubuntu2) ... 352s Selecting previously unselected package libavahi-client3:arm64. 352s Preparing to unpack .../06-libavahi-client3_0.8-13ubuntu2_arm64.deb ... 352s Unpacking libavahi-client3:arm64 (0.8-13ubuntu2) ... 352s Selecting previously unselected package libcrack2:arm64. 352s Preparing to unpack .../07-libcrack2_2.9.6-5.1_arm64.deb ... 352s Unpacking libcrack2:arm64 (2.9.6-5.1) ... 352s Selecting previously unselected package libtalloc2:arm64. 352s Preparing to unpack .../08-libtalloc2_2.4.2-1_arm64.deb ... 352s Unpacking libtalloc2:arm64 (2.4.2-1) ... 352s Selecting previously unselected package libtdb1:arm64. 352s Preparing to unpack .../09-libtdb1_1.4.10-1_arm64.deb ... 352s Unpacking libtdb1:arm64 (1.4.10-1) ... 352s Selecting previously unselected package libtevent0:arm64. 352s Preparing to unpack .../10-libtevent0_0.16.1-1_arm64.deb ... 352s Unpacking libtevent0:arm64 (0.16.1-1) ... 352s Selecting previously unselected package libldb2:arm64. 352s Preparing to unpack .../11-libldb2_2%3a2.8.0+samba4.19.5+dfsg-1ubuntu1_arm64.deb ... 352s Unpacking libldb2:arm64 (2:2.8.0+samba4.19.5+dfsg-1ubuntu1) ... 352s Selecting previously unselected package libnfsidmap1:arm64. 352s Preparing to unpack .../12-libnfsidmap1_1%3a2.6.3-3ubuntu1_arm64.deb ... 352s Unpacking libnfsidmap1:arm64 (1:2.6.3-3ubuntu1) ... 352s Selecting previously unselected package libpwquality-common. 352s Preparing to unpack .../13-libpwquality-common_1.4.5-3_all.deb ... 352s Unpacking libpwquality-common (1.4.5-3) ... 352s Selecting previously unselected package libpwquality1:arm64. 352s Preparing to unpack .../14-libpwquality1_1.4.5-3_arm64.deb ... 352s Unpacking libpwquality1:arm64 (1.4.5-3) ... 352s Selecting previously unselected package libpam-pwquality:arm64. 352s Preparing to unpack .../15-libpam-pwquality_1.4.5-3_arm64.deb ... 352s Unpacking libpam-pwquality:arm64 (1.4.5-3) ... 352s Selecting previously unselected package libwbclient0:arm64. 352s Preparing to unpack .../16-libwbclient0_2%3a4.19.5+dfsg-1ubuntu1_arm64.deb ... 352s Unpacking libwbclient0:arm64 (2:4.19.5+dfsg-1ubuntu1) ... 352s Selecting previously unselected package samba-libs:arm64. 352s Preparing to unpack .../17-samba-libs_2%3a4.19.5+dfsg-1ubuntu1_arm64.deb ... 352s Unpacking samba-libs:arm64 (2:4.19.5+dfsg-1ubuntu1) ... 352s Selecting previously unselected package softhsm2-common. 352s Preparing to unpack .../18-softhsm2-common_2.6.1-2.2_arm64.deb ... 352s Unpacking softhsm2-common (2.6.1-2.2) ... 352s Selecting previously unselected package libsofthsm2. 352s Preparing to unpack .../19-libsofthsm2_2.6.1-2.2_arm64.deb ... 352s Unpacking libsofthsm2 (2.6.1-2.2) ... 352s Selecting previously unselected package softhsm2. 352s Preparing to unpack .../20-softhsm2_2.6.1-2.2_arm64.deb ... 352s Unpacking softhsm2 (2.6.1-2.2) ... 352s Selecting previously unselected package python3-sss. 352s Preparing to unpack .../21-python3-sss_2.9.4-1ubuntu1_arm64.deb ... 352s Unpacking python3-sss (2.9.4-1ubuntu1) ... 352s Selecting previously unselected package libsss-idmap0. 352s Preparing to unpack .../22-libsss-idmap0_2.9.4-1ubuntu1_arm64.deb ... 352s Unpacking libsss-idmap0 (2.9.4-1ubuntu1) ... 352s Selecting previously unselected package libnss-sss:arm64. 352s Preparing to unpack .../23-libnss-sss_2.9.4-1ubuntu1_arm64.deb ... 352s Unpacking libnss-sss:arm64 (2.9.4-1ubuntu1) ... 352s Selecting previously unselected package libpam-sss:arm64. 352s Preparing to unpack .../24-libpam-sss_2.9.4-1ubuntu1_arm64.deb ... 352s Unpacking libpam-sss:arm64 (2.9.4-1ubuntu1) ... 352s Selecting previously unselected package libc-ares2:arm64. 352s Preparing to unpack .../25-libc-ares2_1.27.0-1_arm64.deb ... 352s Unpacking libc-ares2:arm64 (1.27.0-1) ... 352s Selecting previously unselected package libdhash1:arm64. 352s Preparing to unpack .../26-libdhash1_0.6.2-2_arm64.deb ... 352s Unpacking libdhash1:arm64 (0.6.2-2) ... 352s Selecting previously unselected package libbasicobjects0:arm64. 352s Preparing to unpack .../27-libbasicobjects0_0.6.2-2_arm64.deb ... 352s Unpacking libbasicobjects0:arm64 (0.6.2-2) ... 352s Selecting previously unselected package libcollection4:arm64. 352s Preparing to unpack .../28-libcollection4_0.6.2-2_arm64.deb ... 352s Unpacking libcollection4:arm64 (0.6.2-2) ... 353s Selecting previously unselected package libpath-utils1:arm64. 353s Preparing to unpack .../29-libpath-utils1_0.6.2-2_arm64.deb ... 353s Unpacking libpath-utils1:arm64 (0.6.2-2) ... 353s Selecting previously unselected package libref-array1:arm64. 353s Preparing to unpack .../30-libref-array1_0.6.2-2_arm64.deb ... 353s Unpacking libref-array1:arm64 (0.6.2-2) ... 353s Selecting previously unselected package libini-config5:arm64. 353s Preparing to unpack .../31-libini-config5_0.6.2-2_arm64.deb ... 353s Unpacking libini-config5:arm64 (0.6.2-2) ... 353s Selecting previously unselected package libsss-certmap0. 353s Preparing to unpack .../32-libsss-certmap0_2.9.4-1ubuntu1_arm64.deb ... 353s Unpacking libsss-certmap0 (2.9.4-1ubuntu1) ... 353s Selecting previously unselected package libsss-nss-idmap0. 353s Preparing to unpack .../33-libsss-nss-idmap0_2.9.4-1ubuntu1_arm64.deb ... 353s Unpacking libsss-nss-idmap0 (2.9.4-1ubuntu1) ... 353s Selecting previously unselected package sssd-common. 353s Preparing to unpack .../34-sssd-common_2.9.4-1ubuntu1_arm64.deb ... 353s Unpacking sssd-common (2.9.4-1ubuntu1) ... 353s Selecting previously unselected package sssd-ad-common. 353s Preparing to unpack .../35-sssd-ad-common_2.9.4-1ubuntu1_arm64.deb ... 353s Unpacking sssd-ad-common (2.9.4-1ubuntu1) ... 353s Selecting previously unselected package sssd-krb5-common. 353s Preparing to unpack .../36-sssd-krb5-common_2.9.4-1ubuntu1_arm64.deb ... 353s Unpacking sssd-krb5-common (2.9.4-1ubuntu1) ... 353s Selecting previously unselected package libsmbclient:arm64. 353s Preparing to unpack .../37-libsmbclient_2%3a4.19.5+dfsg-1ubuntu1_arm64.deb ... 353s Unpacking libsmbclient:arm64 (2:4.19.5+dfsg-1ubuntu1) ... 353s Selecting previously unselected package sssd-ad. 353s Preparing to unpack .../38-sssd-ad_2.9.4-1ubuntu1_arm64.deb ... 353s Unpacking sssd-ad (2.9.4-1ubuntu1) ... 353s Selecting previously unselected package libipa-hbac0. 353s Preparing to unpack .../39-libipa-hbac0_2.9.4-1ubuntu1_arm64.deb ... 353s Unpacking libipa-hbac0 (2.9.4-1ubuntu1) ... 353s Selecting previously unselected package sssd-ipa. 353s Preparing to unpack .../40-sssd-ipa_2.9.4-1ubuntu1_arm64.deb ... 353s Unpacking sssd-ipa (2.9.4-1ubuntu1) ... 353s Selecting previously unselected package sssd-krb5. 353s Preparing to unpack .../41-sssd-krb5_2.9.4-1ubuntu1_arm64.deb ... 353s Unpacking sssd-krb5 (2.9.4-1ubuntu1) ... 353s Selecting previously unselected package sssd-ldap. 353s Preparing to unpack .../42-sssd-ldap_2.9.4-1ubuntu1_arm64.deb ... 353s Unpacking sssd-ldap (2.9.4-1ubuntu1) ... 353s Selecting previously unselected package sssd-proxy. 353s Preparing to unpack .../43-sssd-proxy_2.9.4-1ubuntu1_arm64.deb ... 353s Unpacking sssd-proxy (2.9.4-1ubuntu1) ... 353s Selecting previously unselected package sssd. 353s Preparing to unpack .../44-sssd_2.9.4-1ubuntu1_arm64.deb ... 353s Unpacking sssd (2.9.4-1ubuntu1) ... 353s Selecting previously unselected package autopkgtest-satdep. 353s Preparing to unpack .../45-3-autopkgtest-satdep.deb ... 353s Unpacking autopkgtest-satdep (0) ... 354s Setting up libpwquality-common (1.4.5-3) ... 354s Setting up libpath-utils1:arm64 (0.6.2-2) ... 354s Setting up softhsm2-common (2.6.1-2.2) ... 354s 354s Creating config file /etc/softhsm/softhsm2.conf with new version 354s Setting up libnfsidmap1:arm64 (1:2.6.3-3ubuntu1) ... 354s Setting up libsss-idmap0 (2.9.4-1ubuntu1) ... 354s Setting up libbasicobjects0:arm64 (0.6.2-2) ... 354s Setting up libtdb1:arm64 (1.4.10-1) ... 354s Setting up libc-ares2:arm64 (1.27.0-1) ... 354s Setting up libwbclient0:arm64 (2:4.19.5+dfsg-1ubuntu1) ... 354s Setting up libtalloc2:arm64 (2.4.2-1) ... 354s Setting up libdhash1:arm64 (0.6.2-2) ... 354s Setting up libtevent0:arm64 (0.16.1-1) ... 354s Setting up libavahi-common-data:arm64 (0.8-13ubuntu2) ... 354s Setting up libevent-2.1-7:arm64 (2.1.12-stable-9) ... 354s Setting up libcrack2:arm64 (2.9.6-5.1) ... 354s Setting up libcollection4:arm64 (0.6.2-2) ... 354s Setting up libipa-hbac0 (2.9.4-1ubuntu1) ... 354s Setting up libref-array1:arm64 (0.6.2-2) ... 354s Setting up libldb2:arm64 (2:2.8.0+samba4.19.5+dfsg-1ubuntu1) ... 354s Setting up libsss-nss-idmap0 (2.9.4-1ubuntu1) ... 354s Setting up libnss-sss:arm64 (2.9.4-1ubuntu1) ... 354s Setting up libsofthsm2 (2.6.1-2.2) ... 354s Setting up softhsm2 (2.6.1-2.2) ... 354s Setting up libini-config5:arm64 (0.6.2-2) ... 354s Setting up libavahi-common3:arm64 (0.8-13ubuntu2) ... 354s Setting up python3-sss (2.9.4-1ubuntu1) ... 354s Setting up libsss-certmap0 (2.9.4-1ubuntu1) ... 354s Setting up libunbound8:arm64 (1.19.1-1ubuntu1) ... 354s Setting up libpwquality1:arm64 (1.4.5-3) ... 354s Setting up libavahi-client3:arm64 (0.8-13ubuntu2) ... 354s Setting up libgnutls-dane0:arm64 (3.8.3-1ubuntu1) ... 354s Setting up libpam-pwquality:arm64 (1.4.5-3) ... 354s Setting up samba-libs:arm64 (2:4.19.5+dfsg-1ubuntu1) ... 354s Setting up libsmbclient:arm64 (2:4.19.5+dfsg-1ubuntu1) ... 354s Setting up libpam-sss:arm64 (2.9.4-1ubuntu1) ... 355s Setting up gnutls-bin (3.8.3-1ubuntu1) ... 355s Setting up sssd-common (2.9.4-1ubuntu1) ... 355s Creating SSSD system user & group... 355s warn: The home directory `/var/lib/sss' already exists. Not touching this directory. 355s warn: Warning: The home directory `/var/lib/sss' does not belong to the user you are currently creating. 355s Warning: found usr.sbin.sssd in /etc/apparmor.d/force-complain, forcing complain mode 355s Warning from /etc/apparmor.d/usr.sbin.sssd (/etc/apparmor.d/usr.sbin.sssd line 63): Caching disabled for: 'usr.sbin.sssd' due to force complain 355s Created symlink /etc/systemd/system/sssd.service.wants/sssd-autofs.socket → /usr/lib/systemd/system/sssd-autofs.socket. 356s Created symlink /etc/systemd/system/sssd.service.wants/sssd-nss.socket → /usr/lib/systemd/system/sssd-nss.socket. 356s Created symlink /etc/systemd/system/sssd.service.wants/sssd-pam-priv.socket → /usr/lib/systemd/system/sssd-pam-priv.socket. 356s Created symlink /etc/systemd/system/sssd.service.wants/sssd-pam.socket → /usr/lib/systemd/system/sssd-pam.socket. 356s Created symlink /etc/systemd/system/sssd.service.wants/sssd-ssh.socket → /usr/lib/systemd/system/sssd-ssh.socket. 356s Created symlink /etc/systemd/system/sssd.service.wants/sssd-sudo.socket → /usr/lib/systemd/system/sssd-sudo.socket. 357s Created symlink /etc/systemd/system/multi-user.target.wants/sssd.service → /usr/lib/systemd/system/sssd.service. 357s sssd-autofs.service is a disabled or a static unit, not starting it. 357s sssd-nss.service is a disabled or a static unit, not starting it. 357s sssd-pam.service is a disabled or a static unit, not starting it. 357s sssd-ssh.service is a disabled or a static unit, not starting it. 357s sssd-sudo.service is a disabled or a static unit, not starting it. 357s Could not execute systemctl: at /usr/bin/deb-systemd-invoke line 148. 357s Setting up sssd-proxy (2.9.4-1ubuntu1) ... 357s Setting up sssd-ad-common (2.9.4-1ubuntu1) ... 357s Created symlink /etc/systemd/system/sssd.service.wants/sssd-pac.socket → /usr/lib/systemd/system/sssd-pac.socket. 358s sssd-pac.service is a disabled or a static unit, not starting it. 358s Could not execute systemctl: at /usr/bin/deb-systemd-invoke line 148. 358s Setting up sssd-krb5-common (2.9.4-1ubuntu1) ... 358s Setting up sssd-krb5 (2.9.4-1ubuntu1) ... 358s Setting up sssd-ldap (2.9.4-1ubuntu1) ... 358s Setting up sssd-ad (2.9.4-1ubuntu1) ... 358s Setting up sssd-ipa (2.9.4-1ubuntu1) ... 358s Setting up sssd (2.9.4-1ubuntu1) ... 358s Setting up autopkgtest-satdep (0) ... 358s Processing triggers for man-db (2.12.0-3) ... 359s Processing triggers for libc-bin (2.39-0ubuntu2) ... 364s (Reading database ... 74966 files and directories currently installed.) 364s Removing autopkgtest-satdep (0) ... 376s autopkgtest [17:57:05]: test sssd-softhism2-certificates-tests.sh: [----------------------- 376s + '[' -z ubuntu ']' 376s + required_tools=(p11tool openssl softhsm2-util) 376s + for cmd in "${required_tools[@]}" 376s + command -v p11tool 376s + for cmd in "${required_tools[@]}" 376s + command -v openssl 376s + for cmd in "${required_tools[@]}" 376s + command -v softhsm2-util 376s + PIN=053350 376s +++ find /usr/lib/softhsm/libsofthsm2.so 376s +++ head -n 1 376s ++ realpath /usr/lib/softhsm/libsofthsm2.so 376s + SOFTHSM2_MODULE=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so 376s + SSSD_P11_CHILD=/usr/libexec/sssd/p11_child 376s + TOKEN_ID=00112233445566778899FFAABBCCDDEEFF012345 376s + '[' '!' -v NO_SSSD_TESTS ']' 376s + '[' '!' -x /usr/libexec/sssd/p11_child ']' 376s + ca_db_arg=ca_db 376s ++ /usr/libexec/sssd/p11_child --help 376s + p11_child_help='Usage: p11_child [OPTION...] 376s -d, --debug-level=INT Debug level 376s --debug-timestamps=INT Add debug timestamps 376s --debug-microseconds=INT Show timestamps with microseconds 376s --dumpable=INT Allow core dumps 376s --debug-fd=INT An open file descriptor for the debug 376s logs 376s --logger=stderr|files|journald Set logger 376s --auth Run in auth mode 376s --pre Run in pre-auth mode 376s --wait_for_card Wait until card is available 376s --verification Run in verification mode 376s --pin Expect PIN on stdin 376s --keypad Expect PIN on keypad 376s --verify=STRING Tune validation 376s --ca_db=STRING CA DB to use 376s --module_name=STRING Module name for authentication 376s --token_name=STRING Token name for authentication 376s --key_id=STRING Key ID for authentication 376s --label=STRING Label for authentication 376s --certificate=STRING certificate to verify, base64 encoded 376s --uri=STRING PKCS#11 URI to restrict selection 376s --chain-id=LONG Tevent chain ID used for logging 376s purposes 376s 376s Help options: 376s -?, --help Show this help message 376s --usage Display brief usage message' 376s + echo 'Usage: p11_child [OPTION...] 376s -d, --debug-level=INT Debug level 376s --debug-timestamps=INT Add debug timestamps 376s --debug-microseconds=INT Show timestamps with microseconds 376s --dumpable=INT Allow core dumps 376s --debug-fd=INT An open file descriptor for the debug 376s logs 376s --logger=stderr|files|journald Set logger 376s --auth Run in auth mode 376s --pre Run in pre-auth mode 376s --wait_for_card Wait until card is available 376s --verification Run in verification mode 376s --pin Expect PIN on stdin 376s --keypad Expect PIN on keypad 376s --verify=STRING Tune validation 376s --ca_db=STRING CA DB to use 376s --module_name=STRING Module name for authentication 376s --token_name=STRING Token name for authentication 376s --key_id=STRING Key ID for authentication 376s --label=STRING Label for authentication 376s --certificate=STRING certificate to verify, base64 encoded 376s --uri=STRING PKCS#11 URI to restrict selection 376s --chain-id=LONG Tevent chain ID used for logging 376s purposes 376s 376s Help options: 376s -?, --help Show this help message 376s --usage Display brief usage message' 376s + grep nssdb -qs 376s + echo 'Usage: p11_child [OPTION...] 376s -d, --debug-level=INT Debug level 376s --debug-timestamps=INT Add debug timestamps 376s --debug-microseconds=INT Show timestamps with microseconds 376s --dumpable=INT Allow core dumps 376s --debug-fd=INT An open file descriptor for the debug 376s logs 376s --logger=stderr|files|journald Set logger 376s --auth Run in auth mode 376s --pre Run in pre-auth mode 376s --wait_for_card Wait until card is available 376s --verification Run in verification mode 376s --pin Expect PIN on stdin 376s --keypad Expect PIN on keypad 376s --verify=STRING Tune validation 376s --ca_db=STRING CA DB to use 376s --module_name=STRING Module name for authentication 376s --token_name=STRING Token name for authentication 376s --key_id=STRING Key ID for authentication 376s --label=STRING Label for authentication 376s --certificate=STRING certificate to verify, base64 encoded 376s --uri=STRING PKCS#11 URI to restrict selection 376s --chain-id=LONG Tevent chain ID used for logging 376s purposes 376s 376s Help options: 376s -?, --help Show this help message 376s --usage Display brief usage message' 376s + grep -qs -- --ca_db 376s + '[' '!' -e /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so ']' 376s ++ mktemp -d -t sssd-softhsm2-XXXXXX 376s + tmpdir=/tmp/sssd-softhsm2-DT6xzB 376s + keys_size=1024 376s + [[ ! -v KEEP_TEMPORARY_FILES ]] 376s + trap 'rm -rf "$tmpdir"' EXIT 376s + trap 'set +x; echo -e "\nUnexpected failure!!!"' ERR 376s + echo -n 01 376s + touch /tmp/sssd-softhsm2-DT6xzB/index.txt 376s + mkdir -p /tmp/sssd-softhsm2-DT6xzB/new_certs 376s + cat 376s + root_ca_key_pass=pass:random-root-CA-password-4718 376s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-DT6xzB/test-root-CA-key.pem -passout pass:random-root-CA-password-4718 1024 376s + openssl req -passin pass:random-root-CA-password-4718 -batch -config /tmp/sssd-softhsm2-DT6xzB/test-root-CA.config -x509 -new -nodes -key /tmp/sssd-softhsm2-DT6xzB/test-root-CA-key.pem -sha256 -days 1024 -set_serial 0 -extensions v3_ca -out /tmp/sssd-softhsm2-DT6xzB/test-root-CA.pem 376s Certificate Request: 376s Data: 376s Version: 1 (0x0) 376s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 376s Subject Public Key Info: 376s Public Key Algorithm: rsaEncryption 376s Public-Key: (1024 bit) 376s Modulus: 376s 00:a1:82:80:f4:88:7c:db:06:e3:e0:9b:da:48:fb: 376s 3f:b3:a3:e7:45:2e:fb:fc:1e:07:2b:c2:1a:35:b6: 376s 26:99:3c:43:41:95:65:e7:2d:d4:e5:e3:04:bd:72: 376s a5:30:10:7d:c3:27:d5:77:1a:08:0e:7b:29:06:3d: 376s 84:9e:2f:5e:35:22:43:6a:a2:76:6b:22:19:b7:f1: 376s 39:24:6e:67:12:1a:ca:e2:2c:67:23:3e:30:6e:f1: 376s 4c:0e:b7:e8:55:e4:5b:34:e2:21:33:60:43:fa:fb: 376s db:51:95:f6:87:e9:6d:b7:32:7e:c5:27:d2:97:06: 376s 7c:7d:38:7d:23:9c:8d:05:1f 376s Exponent: 65537 (0x10001) 376s Attributes: 376s (none) 376s Requested Extensions: 376s Signature Algorithm: sha256WithRSAEncryption 376s Signature Value: 376s 28:4e:35:d7:6f:ff:a4:d8:94:07:02:81:96:8a:be:66:b3:e9: 376s 17:36:2c:cd:2b:52:45:b8:b7:7e:64:9d:d0:a6:13:42:a5:fb: 376s 5e:ae:18:36:66:b3:8b:38:ed:82:1c:83:5b:9e:9a:4c:a1:ea: 376s 10:cf:b5:d0:30:92:05:55:b4:f8:14:1b:65:20:c3:21:f2:de: 376s ec:9f:72:c6:dc:02:34:82:b9:8a:b5:f1:45:8e:4b:0c:b5:62: 376s b7:fa:f4:81:14:c9:18:72:1b:00:db:68:22:0e:6e:e2:5f:37: 376s 4f:17:8a:a8:5d:fa:eb:56:12:4c:28:e3:d7:15:8d:cb:57:3d: 376s dc:2a 376s + openssl x509 -noout -in /tmp/sssd-softhsm2-DT6xzB/test-root-CA.pem 376s + cat 376s + intermediate_ca_key_pass=pass:random-intermediate-CA-password-24275 376s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-DT6xzB/test-intermediate-CA-key.pem -passout pass:random-intermediate-CA-password-24275 1024 376s + openssl req -batch -new -nodes -passin pass:random-intermediate-CA-password-24275 -config /tmp/sssd-softhsm2-DT6xzB/test-intermediate-CA.config -key /tmp/sssd-softhsm2-DT6xzB/test-intermediate-CA-key.pem -passout pass:random-root-CA-password-4718 -sha256 -extensions v3_ca -out /tmp/sssd-softhsm2-DT6xzB/test-intermediate-CA-certificate-request.pem 376s + openssl req -text -noout -in /tmp/sssd-softhsm2-DT6xzB/test-intermediate-CA-certificate-request.pem 376s + openssl ca -batch -notext -config /tmp/sssd-softhsm2-DT6xzB/test-root-CA.config -passin pass:random-root-CA-password-4718 -keyfile /tmp/sssd-softhsm2-DT6xzB/test-root-CA-key.pem -in /tmp/sssd-softhsm2-DT6xzB/test-intermediate-CA-certificate-request.pem -days 365 -extensions v3_intermediate_ca -out /tmp/sssd-softhsm2-DT6xzB/test-intermediate-CA.pem 376s Using configuration from /tmp/sssd-softhsm2-DT6xzB/test-root-CA.config 376s Check that the request matches the signature 376s Signature ok 376s Certificate Details: 376s Serial Number: 1 (0x1) 376s Validity 376s Not Before: Mar 21 17:57:05 2024 GMT 376s Not After : Mar 21 17:57:05 2025 GMT 376s Subject: 376s organizationName = Test Organization 376s organizationalUnitName = Test Organization Unit 376s commonName = Test Organization Intermediate CA 376s X509v3 extensions: 376s X509v3 Subject Key Identifier: 376s 68:6C:AB:B5:42:9E:09:54:23:7B:CB:95:04:A5:A1:45:BF:27:D5:62 376s X509v3 Authority Key Identifier: 376s keyid:B7:73:2A:6E:B8:5E:08:0B:DC:0F:97:0A:04:62:81:B4:04:58:2B:2E 376s DirName:/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root CA 376s serial:00 376s X509v3 Basic Constraints: 376s CA:TRUE 376s X509v3 Key Usage: critical 376s Digital Signature, Certificate Sign, CRL Sign 376s Certificate is to be certified until Mar 21 17:57:05 2025 GMT (365 days) 376s 376s Write out database with 1 new entries 376s Database updated 376s + openssl x509 -noout -in /tmp/sssd-softhsm2-DT6xzB/test-intermediate-CA.pem 376s + openssl verify -CAfile /tmp/sssd-softhsm2-DT6xzB/test-root-CA.pem /tmp/sssd-softhsm2-DT6xzB/test-intermediate-CA.pem 376s + cat 376s + sub_intermediate_ca_key_pass=pass:random-sub-intermediate-CA-password-14600 376s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-DT6xzB/test-sub-intermediate-CA-key.pem -passout pass:random-sub-intermediate-CA-password-14600 1024 376s + openssl req -batch -new -nodes -passin pass:random-sub-intermediate-CA-password-14600 -config /tmp/sssd-softhsm2-DT6xzB/test-sub-intermediate-CA.config -key /tmp/sssd-softhsm2-DT6xzB/test-sub-intermediate-CA-key.pem -passout pass:random-intermediate-CA-password-24275 -sha256 -extensions v3_ca -out /tmp/sssd-softhsm2-DT6xzB/test-sub-intermediate-CA-certificate-request.pem 376s + openssl req -text -noout -in /tmp/sssd-softhsm2-DT6xzB/test-sub-intermediate-CA-certificate-request.pem 376s + openssl ca -batch -notext -config /tmp/sssd-softhsm2-DT6xzB/test-intermediate-CA.config -passin pass:random-intermediate-CA-password-24275 -keyfile /tmp/sssd-softhsm2-DT6xzB/test-intermediate-CA-key.pem -in /tmp/sssd-softhsm2-DT6xzB/test-sub-intermediate-CA-certificate-request.pem -days 365 -extensions v3_intermediate_ca -out /tmp/sssd-softhsm2-DT6xzB/test-sub-intermediate-CA.pem 376s Using configuration from /tmp/sssd-softhsm2-DT6xzB/test-intermediate-CA.config 376s Check that the request matches the signature 376s Signature ok 376s Certificate Details: 376s Serial Number: 2 (0x2) 376s Validity 376s Not Before: Mar 21 17:57:05 2024 GMT 376s Not After : Mar 21 17:57:05 2025 GMT 376s Subject: 376s organizationName = Test Organization 376s organizationalUnitName = Test Organization Unit 376s commonName = Test Organization Sub Intermediate CA 376s X509v3 extensions: 376s X509v3 Subject Key Identifier: 376s DB:25:87:A1:B9:69:5C:7C:59:84:E6:42:AD:1F:25:F9:D9:A8:6A:F9 376s X509v3 Authority Key Identifier: 376s keyid:68:6C:AB:B5:42:9E:09:54:23:7B:CB:95:04:A5:A1:45:BF:27:D5:62 376s DirName:/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root CA 376s serial:01 376s X509v3 Basic Constraints: 376s CA:TRUE 376s X509v3 Key Usage: critical 376s Digital Signature, Certificate Sign, CRL Sign 376s Certificate is to be certified until Mar 21 17:57:05 2025 GMT (365 days) 376s 376s Write out database with 1 new entries 376s Database updated 376s + openssl x509 -noout -in /tmp/sssd-softhsm2-DT6xzB/test-sub-intermediate-CA.pem 376s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-DT6xzB/test-intermediate-CA.pem /tmp/sssd-softhsm2-DT6xzB/test-sub-intermediate-CA.pem 376s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-DT6xzB/test-root-CA.pem /tmp/sssd-softhsm2-DT6xzB/test-sub-intermediate-CA.pem 376s + local cmd=openssl 376s + shift 376s + openssl verify -CAfile /tmp/sssd-softhsm2-DT6xzB/test-root-CA.pem /tmp/sssd-softhsm2-DT6xzB/test-sub-intermediate-CA.pem 376s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 376s error 20 at 0 depth lookup: unable to get local issuer certificate 376s error /tmp/sssd-softhsm2-DT6xzB/test-sub-intermediate-CA.pem: verification failed 376s + cat 376s + root_ca_trusted_cert_0001_key_pass=pass:random-root-ca-trusted-cert-0001-13079 376s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-DT6xzB/test-root-CA-trusted-certificate-0001-key.pem -passout pass:random-root-ca-trusted-cert-0001-13079 1024 376s /tmp/sssd-softhsm2-DT6xzB/test-intermediate-CA.pem: OK 376s Certificate Request: 376s Data: 376s Version: 1 (0x0) 376s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 376s Subject Public Key Info: 376s Public Key Algorithm: rsaEncryption 376s Public-Key: (1024 bit) 376s Modulus: 376s 00:cd:3c:74:f1:f5:28:29:7a:1a:b0:5a:10:4f:ee: 376s a6:14:c5:54:47:b1:5c:61:59:79:1b:6c:d0:ab:86: 376s 73:5d:91:99:99:66:48:41:83:13:38:a2:d7:6b:1d: 376s ed:cb:cc:3d:55:b8:80:63:67:19:6a:af:97:e5:c4: 376s 02:00:33:f0:14:21:05:f9:88:f3:a8:44:a3:dd:0a: 376s e4:18:42:25:c1:82:15:33:15:34:c2:01:36:69:7d: 376s a6:00:d2:37:48:ea:7b:b6:ea:da:6f:84:e7:04:e8: 376s 8d:d3:f6:1f:b1:b6:e4:83:ad:51:64:62:22:f9:04: 376s 0a:03:57:45:cb:76:10:13:f7 376s Exponent: 65537 (0x10001) 376s Attributes: 376s (none) 376s Requested Extensions: 376s Signature Algorithm: sha256WithRSAEncryption 376s Signature Value: 376s 03:e5:31:b1:e3:80:5d:7d:5c:04:25:0b:70:bc:1c:76:1d:77: 376s 25:43:e9:12:c0:1f:95:f8:72:40:dc:4c:fc:2a:3d:6f:91:06: 376s 26:11:33:a9:c8:6c:66:b5:53:de:52:2c:01:a3:ed:96:cb:fa: 376s 73:c0:bd:56:9c:54:4f:17:b2:28:f2:71:b9:04:fd:83:4e:65: 376s 30:b2:08:b9:ff:5b:3c:7a:4c:da:0d:c6:17:c1:05:26:ed:ad: 376s 9c:99:7f:de:82:ed:aa:fb:2a:35:65:0f:0d:6e:36:3d:d3:44: 376s 25:49:56:5f:b4:a4:b4:ea:1d:8b:04:40:76:c2:10:d0:d8:7c: 376s 59:b9 376s /tmp/sssd-softhsm2-DT6xzB/test-sub-intermediate-CA.pem: OK 376s + openssl req -new -nodes -reqexts req_exts -passin pass:random-root-ca-trusted-cert-0001-13079 -key /tmp/sssd-softhsm2-DT6xzB/test-root-CA-trusted-certificate-0001-key.pem -config /tmp/sssd-softhsm2-DT6xzB/test-root-CA-trusted-certificate-0001.config -out /tmp/sssd-softhsm2-DT6xzB/test-root-CA-trusted-certificate-0001-request.pem 376s + openssl req -text -noout -in /tmp/sssd-softhsm2-DT6xzB/test-root-CA-trusted-certificate-0001-request.pem 376s Certificate Request: 376s Data: 376s Version: 1 (0x0) 376s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 376s Subject Public Key Info: 376s Public Key Algorithm: rsaEncryption 376s Public-Key: (1024 bit) 376s Modulus: 376s 00:df:b4:89:1d:7c:5d:90:5e:18:c2:27:2e:09:bb: 376s 77:b6:9a:22:82:1b:c5:33:5f:3f:99:b9:4e:a0:d2: 376s 85:fc:12:90:14:0b:a1:08:77:c6:b1:91:f6:1c:55: 376s 3d:93:4f:ef:cc:7f:5c:d8:df:40:d0:21:b0:b7:3f: 376s 1e:88:0d:32:56:d4:50:7a:72:21:71:ff:98:52:5b: 376s 63:d2:b4:bf:85:19:39:b1:b7:03:b6:9c:ff:f5:50: 376s c1:15:c6:e3:57:09:8d:ec:2a:e0:0c:2d:4f:7b:2e: 376s c6:7e:aa:a7:aa:71:79:e7:eb:0f:99:1b:dc:2b:f4: 376s 47:a3:37:0d:d7:88:8c:d8:49 376s Exponent: 65537 (0x10001) 376s Attributes: 376s Requested Extensions: 376s X509v3 Basic Constraints: 376s CA:FALSE 376s Netscape Cert Type: 376s SSL Client, S/MIME 376s Netscape Comment: 376s Test Organization Root CA trusted Certificate 376s X509v3 Subject Key Identifier: 376s 50:64:E9:F5:62:D2:B8:88:38:18:5E:F1:80:C2:51:D7:8C:7C:81:8A 376s X509v3 Key Usage: critical 376s Digital Signature, Non Repudiation, Key Encipherment 376s X509v3 Extended Key Usage: 376s TLS Web Client Authentication, E-mail Protection 376s X509v3 Subject Alternative Name: 376s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 376s Signature Algorithm: sha256WithRSAEncryption 376s Signature Value: 376s aa:59:fc:db:94:e3:09:5c:fc:6f:ee:2a:06:8c:67:3e:3b:42: 376s f2:ac:14:1c:54:86:e5:90:5d:19:1f:58:f5:84:38:d8:08:9c: 376s b2:fc:c0:cb:69:59:22:e8:f7:5f:54:da:1b:cb:14:db:1d:d7: 376s 69:76:51:c6:81:48:42:bb:5a:cc:ee:52:d4:00:c8:e8:10:7b: 376s a3:e1:57:0a:6e:fc:65:71:6a:f1:ab:63:1f:2d:46:94:1b:c4: 376s 31:93:ad:be:5a:57:98:7a:ae:3f:1f:20:bc:09:f5:68:3b:5e: 376s 7e:e0:fc:78:51:93:d5:4b:9c:ea:89:92:2c:6b:7e:8f:62:1b: 376s b8:4e 376s + openssl ca -batch -notext -config /tmp/sssd-softhsm2-DT6xzB/test-root-CA.config -passin pass:random-root-CA-password-4718 -keyfile /tmp/sssd-softhsm2-DT6xzB/test-root-CA-key.pem -in /tmp/sssd-softhsm2-DT6xzB/test-root-CA-trusted-certificate-0001-request.pem -days 365 -extensions usr_cert -out /tmp/sssd-softhsm2-DT6xzB/test-root-CA-trusted-certificate-0001.pem 376s Using configuration from /tmp/sssd-softhsm2-DT6xzB/test-root-CA.config 376s Check that the request matches the signature 376s Signature ok 376s Certificate Details: 376s Serial Number: 3 (0x3) 376s Validity 376s Not Before: Mar 21 17:57:05 2024 GMT 376s Not After : Mar 21 17:57:05 2025 GMT 376s Subject: 376s organizationName = Test Organization 376s organizationalUnitName = Test Organization Unit 376s commonName = Test Organization Root Trusted Certificate 0001 376s X509v3 extensions: 376s X509v3 Authority Key Identifier: 376s B7:73:2A:6E:B8:5E:08:0B:DC:0F:97:0A:04:62:81:B4:04:58:2B:2E 376s X509v3 Basic Constraints: 376s CA:FALSE 376s Netscape Cert Type: 376s SSL Client, S/MIME 376s Netscape Comment: 376s Test Organization Root CA trusted Certificate 376s X509v3 Subject Key Identifier: 376s 50:64:E9:F5:62:D2:B8:88:38:18:5E:F1:80:C2:51:D7:8C:7C:81:8A 376s X509v3 Key Usage: critical 376s Digital Signature, Non Repudiation, Key Encipherment 376s X509v3 Extended Key Usage: 376s TLS Web Client Authentication, E-mail Protection 376s X509v3 Subject Alternative Name: 376s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 376s Certificate is to be certified until Mar 21 17:57:05 2025 GMT (365 days) 376s 376s Write out database with 1 new entries 376s Database updated 376s + openssl x509 -noout -in /tmp/sssd-softhsm2-DT6xzB/test-root-CA-trusted-certificate-0001.pem 376s + openssl verify -CAfile /tmp/sssd-softhsm2-DT6xzB/test-root-CA.pem /tmp/sssd-softhsm2-DT6xzB/test-root-CA-trusted-certificate-0001.pem 376s /tmp/sssd-softhsm2-DT6xzB/test-root-CA-trusted-certificate-0001.pem: OK 376s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-DT6xzB/test-intermediate-CA.pem /tmp/sssd-softhsm2-DT6xzB/test-root-CA-trusted-certificate-0001.pem 376s + local cmd=openssl 376s + shift 376s + openssl verify -CAfile /tmp/sssd-softhsm2-DT6xzB/test-intermediate-CA.pem /tmp/sssd-softhsm2-DT6xzB/test-root-CA-trusted-certificate-0001.pem 376s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 376s error 20 at 0 depth lookup: unable to get local issuer certificate 376s error /tmp/sssd-softhsm2-DT6xzB/test-root-CA-trusted-certificate-0001.pem: verification failed 376s + cat 376s + intermediate_ca_trusted_cert_0001_key_pass=pass:random-intermediate-ca-trusted-cert-0001-31576 376s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-DT6xzB/test-intermediate-CA-trusted-certificate-0001-key.pem -passout pass:random-intermediate-ca-trusted-cert-0001-31576 1024 376s + openssl req -new -nodes -reqexts req_exts -passin pass:random-intermediate-ca-trusted-cert-0001-31576 -key /tmp/sssd-softhsm2-DT6xzB/test-intermediate-CA-trusted-certificate-0001-key.pem -config /tmp/sssd-softhsm2-DT6xzB/test-intermediate-CA-trusted-certificate-0001.config -out /tmp/sssd-softhsm2-DT6xzB/test-intermediate-CA-trusted-certificate-0001-request.pem 376s + openssl req -text -noout -in /tmp/sssd-softhsm2-DT6xzB/test-intermediate-CA-trusted-certificate-0001-request.pem 376s Certificate Request: 376s Data: 376s Version: 1 (0x0) 376s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 376s Subject Public Key Info: 376s Public Key Algorithm: rsaEncryption 376s Public-Key: (1024 bit) 376s Modulus: 376s 00:cb:b8:c2:59:09:47:0c:11:2f:95:0b:17:28:e3: 376s 42:f6:fa:4a:b7:12:76:df:c9:0e:4e:d2:df:97:0d: 376s 5e:4e:e7:cd:c5:7d:21:86:55:e8:05:82:e7:a2:08: 376s 75:93:8e:dd:57:d6:c7:ce:87:6f:75:23:2d:81:90: 376s c9:a0:b5:93:b3:0a:67:c0:ea:24:45:79:40:18:c6: 376s 40:2c:35:30:31:9e:5b:c3:00:96:1b:9d:1b:49:d3: 376s 4d:b7:ca:69:00:13:b0:9a:bb:2b:03:06:da:d0:ce: 376s 54:6e:c3:ca:a1:72:19:ad:14:6c:ae:5c:8e:49:1c: 376s e1:41:84:8a:fa:11:72:3f:7b 376s Exponent: 65537 (0x10001) 376s Attributes: 376s Requested Extensions: 376s X509v3 Basic Constraints: 376s CA:FALSE 376s Netscape Cert Type: 376s SSL Client, S/MIME 376s Netscape Comment: 376s Test Organization Intermediate CA trusted Certificate 376s X509v3 Subject Key Identifier: 376s F8:D3:78:6C:9C:73:31:9A:F5:5E:F7:B2:19:6E:75:35:68:56:5C:B3 376s X509v3 Key Usage: critical 376s Digital Signature, Non Repudiation, Key Encipherment 376s X509v3 Extended Key Usage: 376s TLS Web Client Authentication, E-mail Protection 376s X509v3 Subject Alternative Name: 376s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 376s Signature Algorithm: sha256WithRSAEncryption 376s Signature Value: 376s a8:6f:6c:a0:45:10:ca:11:c7:a5:0d:6b:39:77:4d:96:9e:04: 376s 98:68:95:43:5f:dc:58:9b:8f:87:48:76:9d:67:7c:30:d5:5f: 376s d9:31:b3:6d:6b:92:b4:44:be:9e:f3:81:33:8e:78:4c:4d:4b: 376s 23:03:47:a1:8a:63:72:f2:5a:00:0f:0f:9b:f0:fd:dc:a8:2c: 376s d5:49:a8:d4:3a:d6:e0:e8:4a:3f:dd:68:2d:aa:8f:7c:ae:58: 376s 99:28:41:80:e1:15:2b:1a:b7:ee:f1:c6:fa:c3:e5:48:4b:1c: 376s c2:03:ce:8e:17:85:76:73:a0:ba:86:ef:eb:2a:cf:45:fc:b6: 376s d7:ee 376s + openssl ca -passin pass:random-intermediate-CA-password-24275 -config /tmp/sssd-softhsm2-DT6xzB/test-intermediate-CA.config -batch -notext -keyfile /tmp/sssd-softhsm2-DT6xzB/test-intermediate-CA-key.pem -in /tmp/sssd-softhsm2-DT6xzB/test-intermediate-CA-trusted-certificate-0001-request.pem -days 365 -extensions usr_cert -out /tmp/sssd-softhsm2-DT6xzB/test-intermediate-CA-trusted-certificate-0001.pem 376s Using configuration from /tmp/sssd-softhsm2-DT6xzB/test-intermediate-CA.config 376s Check that the request matches the signature 376s Signature ok 376s Certificate Details: 376s Serial Number: 4 (0x4) 376s Validity 376s Not Before: Mar 21 17:57:05 2024 GMT 376s Not After : Mar 21 17:57:05 2025 GMT 376s Subject: 376s organizationName = Test Organization 376s organizationalUnitName = Test Organization Unit 376s commonName = Test Organization Intermediate Trusted Certificate 0001 376s X509v3 extensions: 376s X509v3 Authority Key Identifier: 376s 68:6C:AB:B5:42:9E:09:54:23:7B:CB:95:04:A5:A1:45:BF:27:D5:62 376s X509v3 Basic Constraints: 376s CA:FALSE 376s Netscape Cert Type: 376s SSL Client, S/MIME 376s Netscape Comment: 376s Test Organization Intermediate CA trusted Certificate 376s X509v3 Subject Key Identifier: 376s F8:D3:78:6C:9C:73:31:9A:F5:5E:F7:B2:19:6E:75:35:68:56:5C:B3 376s X509v3 Key Usage: critical 376s Digital Signature, Non Repudiation, Key Encipherment 376s X509v3 Extended Key Usage: 376s TLS Web Client Authentication, E-mail Protection 376s X509v3 Subject Alternative Name: 376s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 376s Certificate is to be certified until Mar 21 17:57:05 2025 GMT (365 days) 376s 376s Write out database with 1 new entries 376s Database updated 376s + openssl x509 -noout -in /tmp/sssd-softhsm2-DT6xzB/test-intermediate-CA-trusted-certificate-0001.pem 377s This certificate should not be trusted fully 377s + echo 'This certificate should not be trusted fully' 377s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-DT6xzB/test-intermediate-CA.pem /tmp/sssd-softhsm2-DT6xzB/test-intermediate-CA-trusted-certificate-0001.pem 377s + local cmd=openssl 377s + shift 377s + openssl verify -CAfile /tmp/sssd-softhsm2-DT6xzB/test-intermediate-CA.pem /tmp/sssd-softhsm2-DT6xzB/test-intermediate-CA-trusted-certificate-0001.pem 377s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 377s error 2 at 1 depth lookup: unable to get issuer certificate 377s error /tmp/sssd-softhsm2-DT6xzB/test-intermediate-CA-trusted-certificate-0001.pem: verification failed 377s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-DT6xzB/test-intermediate-CA.pem /tmp/sssd-softhsm2-DT6xzB/test-intermediate-CA-trusted-certificate-0001.pem 377s /tmp/sssd-softhsm2-DT6xzB/test-intermediate-CA-trusted-certificate-0001.pem: OK 377s + cat 377s + sub_intermediate_ca_trusted_cert_0001_key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-30543 377s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-DT6xzB/test-sub-intermediate-CA-trusted-certificate-0001-key.pem -passout pass:random-sub-intermediate-ca-trusted-cert-0001-30543 1024 377s + openssl req -new -nodes -reqexts req_exts -passin pass:random-sub-intermediate-ca-trusted-cert-0001-30543 -key /tmp/sssd-softhsm2-DT6xzB/test-sub-intermediate-CA-trusted-certificate-0001-key.pem -config /tmp/sssd-softhsm2-DT6xzB/test-sub-intermediate-CA-trusted-certificate-0001.config -out /tmp/sssd-softhsm2-DT6xzB/test-sub-intermediate-CA-trusted-certificate-0001-request.pem 377s + openssl req -text -noout -in /tmp/sssd-softhsm2-DT6xzB/test-sub-intermediate-CA-trusted-certificate-0001-request.pem 377s Certificate Request: 377s Data: 377s Version: 1 (0x0) 377s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 377s Subject Public Key Info: 377s Public Key Algorithm: rsaEncryption 377s Public-Key: (1024 bit) 377s Modulus: 377s 00:bf:55:67:46:17:0d:54:50:e2:b1:69:d9:fc:0c: 377s 99:8f:ad:79:23:fd:a8:16:fb:4b:c5:28:aa:9d:84: 377s e1:a1:1d:25:36:b7:6c:53:af:9b:84:02:9d:2c:91: 377s 58:fa:c7:6c:96:94:f1:9b:cb:ed:0e:b3:60:2a:dc: 377s f6:e0:14:13:61:96:4b:57:e8:ba:51:c9:df:6d:86: 377s ee:ea:81:df:8f:24:30:5f:01:f8:f9:1c:cb:ed:38: 377s 38:dd:ba:65:a9:ce:0f:3b:b1:5a:6c:6d:c1:f3:a0: 377s b2:e3:40:51:11:81:f9:ed:21:72:74:37:53:ad:27: 377s 97:eb:2e:09:1a:fc:bd:95:b7 377s Exponent: 65537 (0x10001) 377s Attributes: 377s Requested Extensions: 377s X509v3 Basic Constraints: 377s CA:FALSE 377s Netscape Cert Type: 377s SSL Client, S/MIME 377s Netscape Comment: 377s Test Organization Sub Intermediate CA trusted Certificate 377s X509v3 Subject Key Identifier: 377s D4:E7:39:1F:77:9F:1E:30:41:56:A7:84:7E:0C:0A:3C:7C:77:F4:5A 377s X509v3 Key Usage: critical 377s Digital Signature, Non Repudiation, Key Encipherment 377s X509v3 Extended Key Usage: 377s TLS Web Client Authentication, E-mail Protection 377s X509v3 Subject Alternative Name: 377s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 377s Signature Algorithm: sha256WithRSAEncryption 377s Signature Value: 377s 7b:87:78:32:c6:a0:ff:bb:de:57:bc:4f:42:16:d9:83:f1:27: 377s c8:d2:3e:89:ad:2c:01:e1:ae:6f:eb:74:a0:6e:70:c6:b5:4c: 377s b9:9e:57:ad:ee:40:a1:b7:67:96:20:45:bb:1d:e6:cc:43:f3: 377s 45:89:a4:b7:15:d8:91:0a:56:57:ef:4f:cf:be:0a:74:f3:fa: 377s 07:af:48:3e:9d:6a:82:5d:5f:90:3b:7c:98:c3:89:04:1f:4f: 377s 8f:5d:ba:6b:9d:11:0a:7b:ae:f6:36:07:e3:f1:01:2b:e9:9a: 377s 2c:a8:9b:81:97:5a:9f:1c:63:75:d0:76:61:93:27:a8:fa:86: 377s 4c:a3 377s + openssl ca -passin pass:random-sub-intermediate-CA-password-14600 -config /tmp/sssd-softhsm2-DT6xzB/test-sub-intermediate-CA.config -batch -notext -keyfile /tmp/sssd-softhsm2-DT6xzB/test-sub-intermediate-CA-key.pem -in /tmp/sssd-softhsm2-DT6xzB/test-sub-intermediate-CA-trusted-certificate-0001-request.pem -days 365 -extensions usr_cert -out /tmp/sssd-softhsm2-DT6xzB/test-sub-intermediate-CA-trusted-certificate-0001.pem 377s Using configuration from /tmp/sssd-softhsm2-DT6xzB/test-sub-intermediate-CA.config 377s Check that the request matches the signature 377s Signature ok 377s Certificate Details: 377s Serial Number: 5 (0x5) 377s Validity 377s Not Before: Mar 21 17:57:06 2024 GMT 377s Not After : Mar 21 17:57:06 2025 GMT 377s Subject: 377s organizationName = Test Organization 377s organizationalUnitName = Test Organization Unit 377s commonName = Test Organization Sub Intermediate Trusted Certificate 0001 377s X509v3 extensions: 377s X509v3 Authority Key Identifier: 377s DB:25:87:A1:B9:69:5C:7C:59:84:E6:42:AD:1F:25:F9:D9:A8:6A:F9 377s X509v3 Basic Constraints: 377s CA:FALSE 377s Netscape Cert Type: 377s SSL Client, S/MIME 377s Netscape Comment: 377s Test Organization Sub Intermediate CA trusted Certificate 377s X509v3 Subject Key Identifier: 377s D4:E7:39:1F:77:9F:1E:30:41:56:A7:84:7E:0C:0A:3C:7C:77:F4:5A 377s X509v3 Key Usage: critical 377s Digital Signature, Non Repudiation, Key Encipherment 377s X509v3 Extended Key Usage: 377s TLS Web Client Authentication, E-mail Protection 377s X509v3 Subject Alternative Name: 377s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 377s Certificate is to be certified until Mar 21 17:57:06 2025 GMT (365 days) 377s 377s Write out database with 1 new entries 377s Database updated 377s + openssl x509 -noout -in /tmp/sssd-softhsm2-DT6xzB/test-sub-intermediate-CA-trusted-certificate-0001.pem 377s This certificate should not be trusted fully 377s + echo 'This certificate should not be trusted fully' 377s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-DT6xzB/test-sub-intermediate-CA.pem /tmp/sssd-softhsm2-DT6xzB/test-sub-intermediate-CA-trusted-certificate-0001.pem 377s + local cmd=openssl 377s + shift 377s + openssl verify -CAfile /tmp/sssd-softhsm2-DT6xzB/test-sub-intermediate-CA.pem /tmp/sssd-softhsm2-DT6xzB/test-sub-intermediate-CA-trusted-certificate-0001.pem 377s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 377s error 2 at 1 depth lookup: unable to get issuer certificate 377s error /tmp/sssd-softhsm2-DT6xzB/test-sub-intermediate-CA-trusted-certificate-0001.pem: verification failed 377s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-DT6xzB/test-intermediate-CA.pem /tmp/sssd-softhsm2-DT6xzB/test-sub-intermediate-CA-trusted-certificate-0001.pem 377s + local cmd=openssl 377s + shift 377s + openssl verify -CAfile /tmp/sssd-softhsm2-DT6xzB/test-intermediate-CA.pem /tmp/sssd-softhsm2-DT6xzB/test-sub-intermediate-CA-trusted-certificate-0001.pem 377s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 377s error 20 at 0 depth lookup: unable to get local issuer certificate 377s error /tmp/sssd-softhsm2-DT6xzB/test-sub-intermediate-CA-trusted-certificate-0001.pem: verification failed 377s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-DT6xzB/test-sub-intermediate-CA.pem /tmp/sssd-softhsm2-DT6xzB/test-sub-intermediate-CA-trusted-certificate-0001.pem 377s /tmp/sssd-softhsm2-DT6xzB/test-sub-intermediate-CA-trusted-certificate-0001.pem: OK 377s + expect_fail openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-DT6xzB/test-intermediate-CA.pem /tmp/sssd-softhsm2-DT6xzB/test-sub-intermediate-CA-trusted-certificate-0001.pem 377s + local cmd=openssl 377s + shift 377s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-DT6xzB/test-intermediate-CA.pem /tmp/sssd-softhsm2-DT6xzB/test-sub-intermediate-CA-trusted-certificate-0001.pem 377s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 377s error 20 at 0 depth lookup: unable to get local issuer certificate 377s error /tmp/sssd-softhsm2-DT6xzB/test-sub-intermediate-CA-trusted-certificate-0001.pem: verification failed 377s + echo 'Building a the full-chain CA file...' 377s + cat /tmp/sssd-softhsm2-DT6xzB/test-root-CA.pem /tmp/sssd-softhsm2-DT6xzB/test-intermediate-CA.pem /tmp/sssd-softhsm2-DT6xzB/test-sub-intermediate-CA.pem 377s Building a the full-chain CA file... 377s + cat /tmp/sssd-softhsm2-DT6xzB/test-root-CA.pem /tmp/sssd-softhsm2-DT6xzB/test-intermediate-CA.pem 377s + cat /tmp/sssd-softhsm2-DT6xzB/test-intermediate-CA.pem /tmp/sssd-softhsm2-DT6xzB/test-sub-intermediate-CA.pem 377s + openssl crl2pkcs7 -nocrl -certfile /tmp/sssd-softhsm2-DT6xzB/test-full-chain-CA.pem 377s + openssl pkcs7 -print_certs -noout 377s subject=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 377s issuer=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 377s 377s subject=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 377s issuer=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 377s 377s subject=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 377s issuer=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 377s 377s + openssl verify -CAfile /tmp/sssd-softhsm2-DT6xzB/test-full-chain-CA.pem /tmp/sssd-softhsm2-DT6xzB/test-intermediate-CA.pem 377s /tmp/sssd-softhsm2-DT6xzB/test-intermediate-CA.pem: OK 377s + openssl verify -CAfile /tmp/sssd-softhsm2-DT6xzB/test-full-chain-CA.pem /tmp/sssd-softhsm2-DT6xzB/test-root-CA-trusted-certificate-0001.pem 377s /tmp/sssd-softhsm2-DT6xzB/test-root-CA-trusted-certificate-0001.pem: OK 377s + openssl verify -CAfile /tmp/sssd-softhsm2-DT6xzB/test-full-chain-CA.pem /tmp/sssd-softhsm2-DT6xzB/test-intermediate-CA-trusted-certificate-0001.pem 377s /tmp/sssd-softhsm2-DT6xzB/test-intermediate-CA-trusted-certificate-0001.pem: OK 377s + openssl verify -CAfile /tmp/sssd-softhsm2-DT6xzB/test-full-chain-CA.pem /tmp/sssd-softhsm2-DT6xzB/test-root-intermediate-chain-CA.pem 377s /tmp/sssd-softhsm2-DT6xzB/test-root-intermediate-chain-CA.pem: OK 377s + openssl verify -CAfile /tmp/sssd-softhsm2-DT6xzB/test-full-chain-CA.pem /tmp/sssd-softhsm2-DT6xzB/test-sub-intermediate-CA-trusted-certificate-0001.pem 377s /tmp/sssd-softhsm2-DT6xzB/test-sub-intermediate-CA-trusted-certificate-0001.pem: OK 377s Certificates generation completed! 377s + echo 'Certificates generation completed!' 377s + [[ -v NO_SSSD_TESTS ]] 377s + invalid_certificate /tmp/sssd-softhsm2-DT6xzB/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-13079 /dev/null 377s + check_certificate /tmp/sssd-softhsm2-DT6xzB/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-13079 /dev/null 377s + local certificate=/tmp/sssd-softhsm2-DT6xzB/test-root-CA-trusted-certificate-0001.pem 377s + local key_pass=pass:random-root-ca-trusted-cert-0001-13079 377s + local key_ring=/dev/null 377s + local verify_option= 377s + prepare_softhsm2_card /tmp/sssd-softhsm2-DT6xzB/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-13079 377s + local certificate=/tmp/sssd-softhsm2-DT6xzB/test-root-CA-trusted-certificate-0001.pem 377s + local key_pass=pass:random-root-ca-trusted-cert-0001-13079 377s + local key_cn 377s + local key_name 377s + local tokens_dir 377s + local output_cert_file 377s + token_name= 377s ++ basename /tmp/sssd-softhsm2-DT6xzB/test-root-CA-trusted-certificate-0001.pem .pem 377s + key_name=test-root-CA-trusted-certificate-0001 377s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-DT6xzB/test-root-CA-trusted-certificate-0001.pem 377s ++ sed -n 's/ *commonName *= //p' 377s + key_cn='Test Organization Root Trusted Certificate 0001' 377s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 377s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-DT6xzB/softhsm2-test-root-CA-trusted-certificate-0001.conf 377s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-DT6xzB/softhsm2-test-root-CA-trusted-certificate-0001.conf 377s ++ basename /tmp/sssd-softhsm2-DT6xzB/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 377s + tokens_dir=/tmp/sssd-softhsm2-DT6xzB/softhsm2-test-root-CA-trusted-certificate-0001 377s + token_name='Test Organization Root Tr Token' 377s + '[' '!' -e /tmp/sssd-softhsm2-DT6xzB/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 377s + local key_file 377s + local decrypted_key 377s + mkdir -p /tmp/sssd-softhsm2-DT6xzB/softhsm2-test-root-CA-trusted-certificate-0001 377s + key_file=/tmp/sssd-softhsm2-DT6xzB/test-root-CA-trusted-certificate-0001-key.pem 377s + decrypted_key=/tmp/sssd-softhsm2-DT6xzB/test-root-CA-trusted-certificate-0001-key-decrypted.pem 377s + cat 377s + softhsm2-util --init-token --label 'Test Organization Root Tr Token' --pin 053350 --so-pin 053350 --free 377s Slot 0 has a free/uninitialized token. 377s The token has been initialized and is reassigned to slot 471301172 377s + softhsm2-util --show-slots 377s Available slots: 377s Slot 471301172 377s Slot info: 377s Description: SoftHSM slot ID 0x1c177c34 377s Manufacturer ID: SoftHSM project 377s Hardware version: 2.6 377s Firmware version: 2.6 377s Token present: yes 377s Token info: 377s Manufacturer ID: SoftHSM project 377s Model: SoftHSM v2 377s Hardware version: 2.6 377s Firmware version: 2.6 377s Serial number: ab0b71829c177c34 377s Initialized: yes 377s User PIN init.: yes 377s Label: Test Organization Root Tr Token 377s Slot 1 377s Slot info: 377s Description: SoftHSM slot ID 0x1 377s Manufacturer ID: SoftHSM project 377s Hardware version: 2.6 377s Firmware version: 2.6 377s Token present: yes 377s Token info: 377s Manufacturer ID: SoftHSM project 377s Model: SoftHSM v2 377s Hardware version: 2.6 377s Firmware version: 2.6 377s Serial number: 377s Initialized: no 377s User PIN init.: no 377s Label: 377s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=/tmp/sssd-softhsm2-DT6xzB/test-root-CA-trusted-certificate-0001.pem --login --set-pin=053350 --label 'Test Organization Root Trusted Certificate 0001' --id 00112233445566778899FFAABBCCDDEEFF012345 377s + openssl rsa -passin pass:random-root-ca-trusted-cert-0001-13079 -in /tmp/sssd-softhsm2-DT6xzB/test-root-CA-trusted-certificate-0001-key.pem -out /tmp/sssd-softhsm2-DT6xzB/test-root-CA-trusted-certificate-0001-key-decrypted.pem 377s writing RSA key 377s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --write --load-privkey=/tmp/sssd-softhsm2-DT6xzB/test-root-CA-trusted-certificate-0001-key-decrypted.pem --login --set-pin=053350 --label 'Test Organization Root Trusted Certificate 0001 Key' --id 00112233445566778899FFAABBCCDDEEFF012345 377s + rm /tmp/sssd-softhsm2-DT6xzB/test-root-CA-trusted-certificate-0001-key-decrypted.pem 377s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --list-all 377s Object 0: 377s URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=ab0b71829c177c34;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert 377s Type: X.509 Certificate (RSA-1024) 377s Expires: Fri Mar 21 17:57:05 2025 377s Label: Test Organization Root Trusted Certificate 0001 377s ID: 00:11:22:33:44:55:66:77:88:99:ff:aa:bb:cc:dd:ee:ff:01:23:45 377s 377s + echo 'Test Organization Root Tr Token' 377s + '[' -n '' ']' 377s + local output_base_name=SSSD-child-27768 377s + local output_file=/tmp/sssd-softhsm2-DT6xzB/SSSD-child-27768.output 377s + output_cert_file=/tmp/sssd-softhsm2-DT6xzB/SSSD-child-27768.pem 377s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/dev/null 377s Test Organization Root Tr Token 377s [p11_child[2117]] [main] (0x0400): p11_child started. 377s [p11_child[2117]] [main] (0x2000): Running in [pre-auth] mode. 377s [p11_child[2117]] [main] (0x2000): Running with effective IDs: [0][0]. 377s [p11_child[2117]] [main] (0x2000): Running with real IDs [0][0]. 377s [p11_child[2117]] [init_verification] (0x0040): X509_LOOKUP_load_file [/dev/null] failed [92274824][error:05800088:x509 certificate routines::no certificate or crl found]. 377s [p11_child[2117]] [do_work] (0x0040): init_verification failed. 377s [p11_child[2117]] [main] (0x0020): p11_child failed (5) 377s + return 2 377s + valid_certificate /tmp/sssd-softhsm2-DT6xzB/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-13079 /dev/null no_verification 377s + check_certificate /tmp/sssd-softhsm2-DT6xzB/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-13079 /dev/null no_verification 377s + local certificate=/tmp/sssd-softhsm2-DT6xzB/test-root-CA-trusted-certificate-0001.pem 377s + local key_pass=pass:random-root-ca-trusted-cert-0001-13079 377s + local key_ring=/dev/null 377s + local verify_option=no_verification 377s + prepare_softhsm2_card /tmp/sssd-softhsm2-DT6xzB/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-13079 377s + local certificate=/tmp/sssd-softhsm2-DT6xzB/test-root-CA-trusted-certificate-0001.pem 377s + local key_pass=pass:random-root-ca-trusted-cert-0001-13079 377s + local key_cn 377s + local key_name 377s + local tokens_dir 377s + local output_cert_file 377s + token_name= 377s ++ basename /tmp/sssd-softhsm2-DT6xzB/test-root-CA-trusted-certificate-0001.pem .pem 377s + key_name=test-root-CA-trusted-certificate-0001 377s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-DT6xzB/test-root-CA-trusted-certificate-0001.pem 377s ++ sed -n 's/ *commonName *= //p' 377s + key_cn='Test Organization Root Trusted Certificate 0001' 377s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 377s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-DT6xzB/softhsm2-test-root-CA-trusted-certificate-0001.conf 377s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-DT6xzB/softhsm2-test-root-CA-trusted-certificate-0001.conf 377s ++ basename /tmp/sssd-softhsm2-DT6xzB/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 377s + tokens_dir=/tmp/sssd-softhsm2-DT6xzB/softhsm2-test-root-CA-trusted-certificate-0001 377s + token_name='Test Organization Root Tr Token' 377s + '[' '!' -e /tmp/sssd-softhsm2-DT6xzB/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 377s + '[' '!' -d /tmp/sssd-softhsm2-DT6xzB/softhsm2-test-root-CA-trusted-certificate-0001 ']' 377s + echo 'Test Organization Root Tr Token' 377s Test Organization Root Tr Token 377s + '[' -n no_verification ']' 377s + local verify_arg=--verify=no_verification 377s + local output_base_name=SSSD-child-21651 377s + local output_file=/tmp/sssd-softhsm2-DT6xzB/SSSD-child-21651.output 377s + output_cert_file=/tmp/sssd-softhsm2-DT6xzB/SSSD-child-21651.pem 377s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --verify=no_verification --ca_db=/dev/null 377s [p11_child[2123]] [main] (0x0400): p11_child started. 377s [p11_child[2123]] [main] (0x2000): Running in [pre-auth] mode. 377s [p11_child[2123]] [main] (0x2000): Running with effective IDs: [0][0]. 377s [p11_child[2123]] [main] (0x2000): Running with real IDs [0][0]. 377s [p11_child[2123]] [parse_cert_verify_opts] (0x0020): Found 'no_verification' option, disabling verification completely. This should not be used in production. 377s [p11_child[2123]] [do_card] (0x4000): Module List: 377s [p11_child[2123]] [do_card] (0x4000): common name: [softhsm2]. 377s [p11_child[2123]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 377s [p11_child[2123]] [do_card] (0x4000): Description [SoftHSM slot ID 0x1c177c34] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 377s [p11_child[2123]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 377s [p11_child[2123]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x1c177c34][471301172] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 377s [p11_child[2123]] [do_card] (0x4000): Login NOT required. 377s [p11_child[2123]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 377s [p11_child[2123]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Root Tr Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 377s [p11_child[2123]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x1c177c34;slot-manufacturer=SoftHSM%20project;slot-id=471301172;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=ab0b71829c177c34;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 377s [p11_child[2123]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 377s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-DT6xzB/SSSD-child-21651.output 377s + echo '-----BEGIN CERTIFICATE-----' 377s + tail -n1 /tmp/sssd-softhsm2-DT6xzB/SSSD-child-21651.output 377s + echo '-----END CERTIFICATE-----' 377s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-DT6xzB/SSSD-child-21651.pem 377s + local found_md5 expected_md5 377s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-DT6xzB/test-root-CA-trusted-certificate-0001.pem 377s Certificate: 377s Data: 377s Version: 3 (0x2) 377s Serial Number: 3 (0x3) 377s Signature Algorithm: sha256WithRSAEncryption 377s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 377s Validity 377s Not Before: Mar 21 17:57:05 2024 GMT 377s Not After : Mar 21 17:57:05 2025 GMT 377s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 377s Subject Public Key Info: 377s Public Key Algorithm: rsaEncryption 377s Public-Key: (1024 bit) 377s Modulus: 377s 00:df:b4:89:1d:7c:5d:90:5e:18:c2:27:2e:09:bb: 377s 77:b6:9a:22:82:1b:c5:33:5f:3f:99:b9:4e:a0:d2: 377s 85:fc:12:90:14:0b:a1:08:77:c6:b1:91:f6:1c:55: 377s 3d:93:4f:ef:cc:7f:5c:d8:df:40:d0:21:b0:b7:3f: 377s 1e:88:0d:32:56:d4:50:7a:72:21:71:ff:98:52:5b: 377s 63:d2:b4:bf:85:19:39:b1:b7:03:b6:9c:ff:f5:50: 377s c1:15:c6:e3:57:09:8d:ec:2a:e0:0c:2d:4f:7b:2e: 377s c6:7e:aa:a7:aa:71:79:e7:eb:0f:99:1b:dc:2b:f4: 377s 47:a3:37:0d:d7:88:8c:d8:49 377s Exponent: 65537 (0x10001) 377s X509v3 extensions: 377s X509v3 Authority Key Identifier: 377s B7:73:2A:6E:B8:5E:08:0B:DC:0F:97:0A:04:62:81:B4:04:58:2B:2E 377s X509v3 Basic Constraints: 377s CA:FALSE 377s Netscape Cert Type: 377s SSL Client, S/MIME 377s Netscape Comment: 377s Test Organization Root CA trusted Certificate 377s X509v3 Subject Key Identifier: 377s 50:64:E9:F5:62:D2:B8:88:38:18:5E:F1:80:C2:51:D7:8C:7C:81:8A 377s X509v3 Key Usage: critical 377s Digital Signature, Non Repudiation, Key Encipherment 377s X509v3 Extended Key Usage: 377s TLS Web Client Authentication, E-mail Protection 377s X509v3 Subject Alternative Name: 377s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 377s Signature Algorithm: sha256WithRSAEncryption 377s Signature Value: 377s ab:47:46:8c:e4:f9:61:1a:b5:da:90:61:26:83:4a:41:ec:9c: 377s 89:f7:a3:7b:f3:93:f1:9f:f1:8c:7f:be:53:f4:5f:e6:ac:3a: 377s 98:07:ea:be:3e:f4:c1:8c:ae:cf:e3:ad:65:b6:35:f6:75:ca: 377s 42:67:35:7d:b4:64:dd:90:b6:ba:6e:52:15:57:c2:ff:bb:e6: 377s 51:b6:a6:c8:f3:dc:f1:b8:01:ad:45:b2:22:4d:e1:d8:74:d9: 377s 2c:ae:9d:23:ed:93:c0:bf:02:97:bd:cc:06:ca:92:c4:43:29: 377s cf:71:5e:56:5a:d8:13:08:04:34:24:54:ba:e5:32:4c:f4:83: 377s 0b:64 377s + expected_md5=Modulus=DFB4891D7C5D905E18C2272E09BB77B69A22821BC5335F3F99B94EA0D285FC1290140BA10877C6B191F61C553D934FEFCC7F5CD8DF40D021B0B73F1E880D3256D4507A722171FF98525B63D2B4BF851939B1B703B69CFFF550C115C6E357098DEC2AE00C2D4F7B2EC67EAAA7AA7179E7EB0F991BDC2BF447A3370DD7888CD849 377s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-DT6xzB/SSSD-child-21651.pem 377s + found_md5=Modulus=DFB4891D7C5D905E18C2272E09BB77B69A22821BC5335F3F99B94EA0D285FC1290140BA10877C6B191F61C553D934FEFCC7F5CD8DF40D021B0B73F1E880D3256D4507A722171FF98525B63D2B4BF851939B1B703B69CFFF550C115C6E357098DEC2AE00C2D4F7B2EC67EAAA7AA7179E7EB0F991BDC2BF447A3370DD7888CD849 377s + '[' Modulus=DFB4891D7C5D905E18C2272E09BB77B69A22821BC5335F3F99B94EA0D285FC1290140BA10877C6B191F61C553D934FEFCC7F5CD8DF40D021B0B73F1E880D3256D4507A722171FF98525B63D2B4BF851939B1B703B69CFFF550C115C6E357098DEC2AE00C2D4F7B2EC67EAAA7AA7179E7EB0F991BDC2BF447A3370DD7888CD849 '!=' Modulus=DFB4891D7C5D905E18C2272E09BB77B69A22821BC5335F3F99B94EA0D285FC1290140BA10877C6B191F61C553D934FEFCC7F5CD8DF40D021B0B73F1E880D3256D4507A722171FF98525B63D2B4BF851939B1B703B69CFFF550C115C6E357098DEC2AE00C2D4F7B2EC67EAAA7AA7179E7EB0F991BDC2BF447A3370DD7888CD849 ']' 377s + output_file=/tmp/sssd-softhsm2-DT6xzB/SSSD-child-21651-auth.output 377s ++ basename /tmp/sssd-softhsm2-DT6xzB/SSSD-child-21651-auth.output .output 377s + output_cert_file=/tmp/sssd-softhsm2-DT6xzB/SSSD-child-21651-auth.pem 377s + echo -n 053350 377s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/dev/null --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=no_verification --token_name 'Test Organization Root Tr Token' --module_name /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so 377s [p11_child[2131]] [main] (0x0400): p11_child started. 377s [p11_child[2131]] [main] (0x2000): Running in [auth] mode. 377s [p11_child[2131]] [main] (0x2000): Running with effective IDs: [0][0]. 377s [p11_child[2131]] [main] (0x2000): Running with real IDs [0][0]. 377s [p11_child[2131]] [parse_cert_verify_opts] (0x0020): Found 'no_verification' option, disabling verification completely. This should not be used in production. 377s [p11_child[2131]] [do_card] (0x4000): Module List: 377s [p11_child[2131]] [do_card] (0x4000): common name: [softhsm2]. 377s [p11_child[2131]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 377s [p11_child[2131]] [do_card] (0x4000): Description [SoftHSM slot ID 0x1c177c34] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 377s [p11_child[2131]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 377s [p11_child[2131]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x1c177c34][471301172] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 377s [p11_child[2131]] [do_card] (0x4000): Login required. 377s [p11_child[2131]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 377s [p11_child[2131]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so Test Organization Root Tr Token Test Organization Root Tr Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 377s [p11_child[2131]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x1c177c34;slot-manufacturer=SoftHSM%20project;slot-id=471301172;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=ab0b71829c177c34;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 377s [p11_child[2131]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 377s [p11_child[2131]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 377s [p11_child[2131]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 377s [p11_child[2131]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 377s [p11_child[2131]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 377s [p11_child[2131]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 377s [p11_child[2131]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 377s [p11_child[2131]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 377s [p11_child[2131]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 377s [p11_child[2131]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 377s [p11_child[2131]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 377s [p11_child[2131]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 377s [p11_child[2131]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 377s [p11_child[2131]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 377s [p11_child[2131]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 377s [p11_child[2131]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 377s [p11_child[2131]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 377s [p11_child[2131]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 377s [p11_child[2131]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 377s [p11_child[2131]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 377s [p11_child[2131]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 377s [p11_child[2131]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 377s [p11_child[2131]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 377s [p11_child[2131]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 377s [p11_child[2131]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 377s [p11_child[2131]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 377s [p11_child[2131]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 377s [p11_child[2131]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 377s [p11_child[2131]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 377s [p11_child[2131]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 377s [p11_child[2131]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 377s [p11_child[2131]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 377s [p11_child[2131]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 377s [p11_child[2131]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 377s [p11_child[2131]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 377s [p11_child[2131]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 377s [p11_child[2131]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 377s [p11_child[2131]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 377s [p11_child[2131]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 377s [p11_child[2131]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 377s [p11_child[2131]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 377s [p11_child[2131]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 377s [p11_child[2131]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 377s [p11_child[2131]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 377s [p11_child[2131]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 377s [p11_child[2131]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 377s [p11_child[2131]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 377s [p11_child[2131]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 377s [p11_child[2131]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 377s [p11_child[2131]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 377s [p11_child[2131]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 377s [p11_child[2131]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 377s [p11_child[2131]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 377s [p11_child[2131]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 377s [p11_child[2131]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 377s [p11_child[2131]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 377s [p11_child[2131]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 377s [p11_child[2131]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 377s [p11_child[2131]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 377s [p11_child[2131]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 377s [p11_child[2131]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 377s [p11_child[2131]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 377s [p11_child[2131]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 377s [p11_child[2131]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 377s [p11_child[2131]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 377s [p11_child[2131]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 377s [p11_child[2131]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 377s [p11_child[2131]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 377s [p11_child[2131]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 377s [p11_child[2131]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 377s [p11_child[2131]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 377s [p11_child[2131]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 377s [p11_child[2131]] [do_card] (0x4000): Certificate verified and validated. 377s [p11_child[2131]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 377s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-DT6xzB/SSSD-child-21651-auth.output 377s + echo '-----BEGIN CERTIFICATE-----' 377s + tail -n1 /tmp/sssd-softhsm2-DT6xzB/SSSD-child-21651-auth.output 377s + echo '-----END CERTIFICATE-----' 377s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-DT6xzB/SSSD-child-21651-auth.pem 377s Certificate: 377s Data: 377s Version: 3 (0x2) 377s Serial Number: 3 (0x3) 377s Signature Algorithm: sha256WithRSAEncryption 377s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 377s Validity 377s Not Before: Mar 21 17:57:05 2024 GMT 377s Not After : Mar 21 17:57:05 2025 GMT 377s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 377s Subject Public Key Info: 377s Public Key Algorithm: rsaEncryption 377s Public-Key: (1024 bit) 377s Modulus: 377s 00:df:b4:89:1d:7c:5d:90:5e:18:c2:27:2e:09:bb: 377s 77:b6:9a:22:82:1b:c5:33:5f:3f:99:b9:4e:a0:d2: 377s 85:fc:12:90:14:0b:a1:08:77:c6:b1:91:f6:1c:55: 377s 3d:93:4f:ef:cc:7f:5c:d8:df:40:d0:21:b0:b7:3f: 377s 1e:88:0d:32:56:d4:50:7a:72:21:71:ff:98:52:5b: 377s 63:d2:b4:bf:85:19:39:b1:b7:03:b6:9c:ff:f5:50: 377s c1:15:c6:e3:57:09:8d:ec:2a:e0:0c:2d:4f:7b:2e: 377s c6:7e:aa:a7:aa:71:79:e7:eb:0f:99:1b:dc:2b:f4: 377s 47:a3:37:0d:d7:88:8c:d8:49 377s Exponent: 65537 (0x10001) 377s X509v3 extensions: 377s X509v3 Authority Key Identifier: 377s B7:73:2A:6E:B8:5E:08:0B:DC:0F:97:0A:04:62:81:B4:04:58:2B:2E 377s X509v3 Basic Constraints: 377s CA:FALSE 377s Netscape Cert Type: 377s SSL Client, S/MIME 377s Netscape Comment: 377s Test Organization Root CA trusted Certificate 377s X509v3 Subject Key Identifier: 377s 50:64:E9:F5:62:D2:B8:88:38:18:5E:F1:80:C2:51:D7:8C:7C:81:8A 377s X509v3 Key Usage: critical 377s Digital Signature, Non Repudiation, Key Encipherment 377s X509v3 Extended Key Usage: 377s TLS Web Client Authentication, E-mail Protection 377s X509v3 Subject Alternative Name: 377s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 377s Signature Algorithm: sha256WithRSAEncryption 377s Signature Value: 377s ab:47:46:8c:e4:f9:61:1a:b5:da:90:61:26:83:4a:41:ec:9c: 377s 89:f7:a3:7b:f3:93:f1:9f:f1:8c:7f:be:53:f4:5f:e6:ac:3a: 377s 98:07:ea:be:3e:f4:c1:8c:ae:cf:e3:ad:65:b6:35:f6:75:ca: 377s 42:67:35:7d:b4:64:dd:90:b6:ba:6e:52:15:57:c2:ff:bb:e6: 377s 51:b6:a6:c8:f3:dc:f1:b8:01:ad:45:b2:22:4d:e1:d8:74:d9: 377s 2c:ae:9d:23:ed:93:c0:bf:02:97:bd:cc:06:ca:92:c4:43:29: 377s cf:71:5e:56:5a:d8:13:08:04:34:24:54:ba:e5:32:4c:f4:83: 377s 0b:64 377s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-DT6xzB/SSSD-child-21651-auth.pem 377s + found_md5=Modulus=DFB4891D7C5D905E18C2272E09BB77B69A22821BC5335F3F99B94EA0D285FC1290140BA10877C6B191F61C553D934FEFCC7F5CD8DF40D021B0B73F1E880D3256D4507A722171FF98525B63D2B4BF851939B1B703B69CFFF550C115C6E357098DEC2AE00C2D4F7B2EC67EAAA7AA7179E7EB0F991BDC2BF447A3370DD7888CD849 377s + '[' Modulus=DFB4891D7C5D905E18C2272E09BB77B69A22821BC5335F3F99B94EA0D285FC1290140BA10877C6B191F61C553D934FEFCC7F5CD8DF40D021B0B73F1E880D3256D4507A722171FF98525B63D2B4BF851939B1B703B69CFFF550C115C6E357098DEC2AE00C2D4F7B2EC67EAAA7AA7179E7EB0F991BDC2BF447A3370DD7888CD849 '!=' Modulus=DFB4891D7C5D905E18C2272E09BB77B69A22821BC5335F3F99B94EA0D285FC1290140BA10877C6B191F61C553D934FEFCC7F5CD8DF40D021B0B73F1E880D3256D4507A722171FF98525B63D2B4BF851939B1B703B69CFFF550C115C6E357098DEC2AE00C2D4F7B2EC67EAAA7AA7179E7EB0F991BDC2BF447A3370DD7888CD849 ']' 377s + valid_certificate /tmp/sssd-softhsm2-DT6xzB/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-13079 /tmp/sssd-softhsm2-DT6xzB/test-root-CA.pem 377s + check_certificate /tmp/sssd-softhsm2-DT6xzB/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-13079 /tmp/sssd-softhsm2-DT6xzB/test-root-CA.pem 377s + local certificate=/tmp/sssd-softhsm2-DT6xzB/test-root-CA-trusted-certificate-0001.pem 377s + local key_pass=pass:random-root-ca-trusted-cert-0001-13079 377s + local key_ring=/tmp/sssd-softhsm2-DT6xzB/test-root-CA.pem 377s + local verify_option= 377s + prepare_softhsm2_card /tmp/sssd-softhsm2-DT6xzB/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-13079 377s + local certificate=/tmp/sssd-softhsm2-DT6xzB/test-root-CA-trusted-certificate-0001.pem 377s + local key_pass=pass:random-root-ca-trusted-cert-0001-13079 377s + local key_cn 377s + local key_name 377s + local tokens_dir 377s + local output_cert_file 377s + token_name= 377s ++ basename /tmp/sssd-softhsm2-DT6xzB/test-root-CA-trusted-certificate-0001.pem .pem 377s + key_name=test-root-CA-trusted-certificate-0001 377s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-DT6xzB/test-root-CA-trusted-certificate-0001.pem 377s ++ sed -n 's/ *commonName *= //p' 377s + key_cn='Test Organization Root Trusted Certificate 0001' 377s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 377s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-DT6xzB/softhsm2-test-root-CA-trusted-certificate-0001.conf 377s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-DT6xzB/softhsm2-test-root-CA-trusted-certificate-0001.conf 377s ++ basename /tmp/sssd-softhsm2-DT6xzB/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 377s + tokens_dir=/tmp/sssd-softhsm2-DT6xzB/softhsm2-test-root-CA-trusted-certificate-0001 377s + token_name='Test Organization Root Tr Token' 377s Test Organization Root Tr Token 377s + '[' '!' -e /tmp/sssd-softhsm2-DT6xzB/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 377s + '[' '!' -d /tmp/sssd-softhsm2-DT6xzB/softhsm2-test-root-CA-trusted-certificate-0001 ']' 377s + echo 'Test Organization Root Tr Token' 377s + '[' -n '' ']' 377s + local output_base_name=SSSD-child-25918 377s + local output_file=/tmp/sssd-softhsm2-DT6xzB/SSSD-child-25918.output 377s + output_cert_file=/tmp/sssd-softhsm2-DT6xzB/SSSD-child-25918.pem 377s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-DT6xzB/test-root-CA.pem 377s [p11_child[2141]] [main] (0x0400): p11_child started. 377s [p11_child[2141]] [main] (0x2000): Running in [pre-auth] mode. 377s [p11_child[2141]] [main] (0x2000): Running with effective IDs: [0][0]. 377s [p11_child[2141]] [main] (0x2000): Running with real IDs [0][0]. 377s [p11_child[2141]] [do_card] (0x4000): Module List: 377s [p11_child[2141]] [do_card] (0x4000): common name: [softhsm2]. 377s [p11_child[2141]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 377s [p11_child[2141]] [do_card] (0x4000): Description [SoftHSM slot ID 0x1c177c34] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 377s [p11_child[2141]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 377s [p11_child[2141]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x1c177c34][471301172] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 377s [p11_child[2141]] [do_card] (0x4000): Login NOT required. 377s [p11_child[2141]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 377s [p11_child[2141]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 377s [p11_child[2141]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Root Tr Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 377s [p11_child[2141]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x1c177c34;slot-manufacturer=SoftHSM%20project;slot-id=471301172;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=ab0b71829c177c34;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 377s [p11_child[2141]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 377s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-DT6xzB/SSSD-child-25918.output 377s + echo '-----BEGIN CERTIFICATE-----' 377s + tail -n1 /tmp/sssd-softhsm2-DT6xzB/SSSD-child-25918.output 377s + echo '-----END CERTIFICATE-----' 377s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-DT6xzB/SSSD-child-25918.pem 377s Certificate: 377s Data: 377s Version: 3 (0x2) 377s Serial Number: 3 (0x3) 377s Signature Algorithm: sha256WithRSAEncryption 377s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 377s Validity 377s Not Before: Mar 21 17:57:05 2024 GMT 377s Not After : Mar 21 17:57:05 2025 GMT 377s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 377s Subject Public Key Info: 377s Public Key Algorithm: rsaEncryption 377s Public-Key: (1024 bit) 377s Modulus: 377s 00:df:b4:89:1d:7c:5d:90:5e:18:c2:27:2e:09:bb: 377s 77:b6:9a:22:82:1b:c5:33:5f:3f:99:b9:4e:a0:d2: 377s 85:fc:12:90:14:0b:a1:08:77:c6:b1:91:f6:1c:55: 377s 3d:93:4f:ef:cc:7f:5c:d8:df:40:d0:21:b0:b7:3f: 377s 1e:88:0d:32:56:d4:50:7a:72:21:71:ff:98:52:5b: 377s 63:d2:b4:bf:85:19:39:b1:b7:03:b6:9c:ff:f5:50: 377s c1:15:c6:e3:57:09:8d:ec:2a:e0:0c:2d:4f:7b:2e: 377s c6:7e:aa:a7:aa:71:79:e7:eb:0f:99:1b:dc:2b:f4: 377s 47:a3:37:0d:d7:88:8c:d8:49 377s Exponent: 65537 (0x10001) 377s X509v3 extensions: 377s X509v3 Authority Key Identifier: 377s B7:73:2A:6E:B8:5E:08:0B:DC:0F:97:0A:04:62:81:B4:04:58:2B:2E 377s X509v3 Basic Constraints: 377s CA:FALSE 377s Netscape Cert Type: 377s SSL Client, S/MIME 377s Netscape Comment: 377s Test Organization Root CA trusted Certificate 377s X509v3 Subject Key Identifier: 377s 50:64:E9:F5:62:D2:B8:88:38:18:5E:F1:80:C2:51:D7:8C:7C:81:8A 377s X509v3 Key Usage: critical 377s Digital Signature, Non Repudiation, Key Encipherment 377s X509v3 Extended Key Usage: 377s TLS Web Client Authentication, E-mail Protection 377s X509v3 Subject Alternative Name: 377s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 377s Signature Algorithm: sha256WithRSAEncryption 377s Signature Value: 377s ab:47:46:8c:e4:f9:61:1a:b5:da:90:61:26:83:4a:41:ec:9c: 377s 89:f7:a3:7b:f3:93:f1:9f:f1:8c:7f:be:53:f4:5f:e6:ac:3a: 377s 98:07:ea:be:3e:f4:c1:8c:ae:cf:e3:ad:65:b6:35:f6:75:ca: 377s 42:67:35:7d:b4:64:dd:90:b6:ba:6e:52:15:57:c2:ff:bb:e6: 377s 51:b6:a6:c8:f3:dc:f1:b8:01:ad:45:b2:22:4d:e1:d8:74:d9: 377s 2c:ae:9d:23:ed:93:c0:bf:02:97:bd:cc:06:ca:92:c4:43:29: 377s cf:71:5e:56:5a:d8:13:08:04:34:24:54:ba:e5:32:4c:f4:83: 377s 0b:64 377s + local found_md5 expected_md5 377s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-DT6xzB/test-root-CA-trusted-certificate-0001.pem 377s + expected_md5=Modulus=DFB4891D7C5D905E18C2272E09BB77B69A22821BC5335F3F99B94EA0D285FC1290140BA10877C6B191F61C553D934FEFCC7F5CD8DF40D021B0B73F1E880D3256D4507A722171FF98525B63D2B4BF851939B1B703B69CFFF550C115C6E357098DEC2AE00C2D4F7B2EC67EAAA7AA7179E7EB0F991BDC2BF447A3370DD7888CD849 377s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-DT6xzB/SSSD-child-25918.pem 377s + found_md5=Modulus=DFB4891D7C5D905E18C2272E09BB77B69A22821BC5335F3F99B94EA0D285FC1290140BA10877C6B191F61C553D934FEFCC7F5CD8DF40D021B0B73F1E880D3256D4507A722171FF98525B63D2B4BF851939B1B703B69CFFF550C115C6E357098DEC2AE00C2D4F7B2EC67EAAA7AA7179E7EB0F991BDC2BF447A3370DD7888CD849 377s + '[' Modulus=DFB4891D7C5D905E18C2272E09BB77B69A22821BC5335F3F99B94EA0D285FC1290140BA10877C6B191F61C553D934FEFCC7F5CD8DF40D021B0B73F1E880D3256D4507A722171FF98525B63D2B4BF851939B1B703B69CFFF550C115C6E357098DEC2AE00C2D4F7B2EC67EAAA7AA7179E7EB0F991BDC2BF447A3370DD7888CD849 '!=' Modulus=DFB4891D7C5D905E18C2272E09BB77B69A22821BC5335F3F99B94EA0D285FC1290140BA10877C6B191F61C553D934FEFCC7F5CD8DF40D021B0B73F1E880D3256D4507A722171FF98525B63D2B4BF851939B1B703B69CFFF550C115C6E357098DEC2AE00C2D4F7B2EC67EAAA7AA7179E7EB0F991BDC2BF447A3370DD7888CD849 ']' 377s + output_file=/tmp/sssd-softhsm2-DT6xzB/SSSD-child-25918-auth.output 377s ++ basename /tmp/sssd-softhsm2-DT6xzB/SSSD-child-25918-auth.output .output 377s + output_cert_file=/tmp/sssd-softhsm2-DT6xzB/SSSD-child-25918-auth.pem 377s + echo -n 053350 377s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-DT6xzB/test-root-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 '' --token_name 'Test Organization Root Tr Token' --module_name /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so 377s [p11_child[2149]] [main] (0x0400): p11_child started. 377s [p11_child[2149]] [main] (0x2000): Running in [auth] mode. 377s [p11_child[2149]] [main] (0x2000): Running with effective IDs: [0][0]. 377s [p11_child[2149]] [main] (0x2000): Running with real IDs [0][0]. 377s [p11_child[2149]] [do_card] (0x4000): Module List: 377s [p11_child[2149]] [do_card] (0x4000): common name: [softhsm2]. 377s [p11_child[2149]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 377s [p11_child[2149]] [do_card] (0x4000): Description [SoftHSM slot ID 0x1c177c34] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 377s [p11_child[2149]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 377s [p11_child[2149]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x1c177c34][471301172] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 377s [p11_child[2149]] [do_card] (0x4000): Login required. 377s [p11_child[2149]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 377s [p11_child[2149]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 377s [p11_child[2149]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so Test Organization Root Tr Token Test Organization Root Tr Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 377s [p11_child[2149]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x1c177c34;slot-manufacturer=SoftHSM%20project;slot-id=471301172;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=ab0b71829c177c34;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 377s [p11_child[2149]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 377s [p11_child[2149]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 377s [p11_child[2149]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 377s [p11_child[2149]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 377s [p11_child[2149]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 377s [p11_child[2149]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 377s [p11_child[2149]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 377s [p11_child[2149]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 377s [p11_child[2149]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 377s [p11_child[2149]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 377s [p11_child[2149]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 377s [p11_child[2149]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 377s [p11_child[2149]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 377s [p11_child[2149]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 377s [p11_child[2149]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 377s [p11_child[2149]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 377s [p11_child[2149]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 377s [p11_child[2149]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 377s [p11_child[2149]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 377s [p11_child[2149]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 377s [p11_child[2149]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 377s [p11_child[2149]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 377s [p11_child[2149]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 377s [p11_child[2149]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 377s [p11_child[2149]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 377s [p11_child[2149]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 377s [p11_child[2149]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 377s [p11_child[2149]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 377s [p11_child[2149]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 377s [p11_child[2149]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 377s [p11_child[2149]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 377s [p11_child[2149]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 377s [p11_child[2149]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 377s [p11_child[2149]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 377s [p11_child[2149]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 377s [p11_child[2149]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 377s [p11_child[2149]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 377s [p11_child[2149]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 377s [p11_child[2149]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 377s [p11_child[2149]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 377s [p11_child[2149]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 377s [p11_child[2149]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 377s [p11_child[2149]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 377s [p11_child[2149]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 377s [p11_child[2149]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 377s [p11_child[2149]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 377s [p11_child[2149]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 377s [p11_child[2149]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 377s [p11_child[2149]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 377s [p11_child[2149]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 377s [p11_child[2149]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 377s [p11_child[2149]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 377s [p11_child[2149]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 377s [p11_child[2149]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 377s [p11_child[2149]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 377s [p11_child[2149]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 377s [p11_child[2149]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 377s [p11_child[2149]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 377s [p11_child[2149]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 377s [p11_child[2149]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 377s [p11_child[2149]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 377s [p11_child[2149]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 377s [p11_child[2149]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 377s [p11_child[2149]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 377s [p11_child[2149]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 377s [p11_child[2149]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 377s [p11_child[2149]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 377s [p11_child[2149]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 377s [p11_child[2149]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 377s [p11_child[2149]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 377s [p11_child[2149]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 377s [p11_child[2149]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 377s [p11_child[2149]] [do_card] (0x4000): Certificate verified and validated. 377s [p11_child[2149]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 377s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-DT6xzB/SSSD-child-25918-auth.output 377s + echo '-----BEGIN CERTIFICATE-----' 377s + tail -n1 /tmp/sssd-softhsm2-DT6xzB/SSSD-child-25918-auth.output 377s + echo '-----END CERTIFICATE-----' 377s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-DT6xzB/SSSD-child-25918-auth.pem 378s Certificate: 378s Data: 378s Version: 3 (0x2) 378s Serial Number: 3 (0x3) 378s Signature Algorithm: sha256WithRSAEncryption 378s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 378s Validity 378s Not Before: Mar 21 17:57:05 2024 GMT 378s Not After : Mar 21 17:57:05 2025 GMT 378s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 378s Subject Public Key Info: 378s Public Key Algorithm: rsaEncryption 378s Public-Key: (1024 bit) 378s Modulus: 378s 00:df:b4:89:1d:7c:5d:90:5e:18:c2:27:2e:09:bb: 378s 77:b6:9a:22:82:1b:c5:33:5f:3f:99:b9:4e:a0:d2: 378s 85:fc:12:90:14:0b:a1:08:77:c6:b1:91:f6:1c:55: 378s 3d:93:4f:ef:cc:7f:5c:d8:df:40:d0:21:b0:b7:3f: 378s 1e:88:0d:32:56:d4:50:7a:72:21:71:ff:98:52:5b: 378s 63:d2:b4:bf:85:19:39:b1:b7:03:b6:9c:ff:f5:50: 378s c1:15:c6:e3:57:09:8d:ec:2a:e0:0c:2d:4f:7b:2e: 378s c6:7e:aa:a7:aa:71:79:e7:eb:0f:99:1b:dc:2b:f4: 378s 47:a3:37:0d:d7:88:8c:d8:49 378s Exponent: 65537 (0x10001) 378s X509v3 extensions: 378s X509v3 Authority Key Identifier: 378s B7:73:2A:6E:B8:5E:08:0B:DC:0F:97:0A:04:62:81:B4:04:58:2B:2E 378s X509v3 Basic Constraints: 378s CA:FALSE 378s Netscape Cert Type: 378s SSL Client, S/MIME 378s Netscape Comment: 378s Test Organization Root CA trusted Certificate 378s X509v3 Subject Key Identifier: 378s 50:64:E9:F5:62:D2:B8:88:38:18:5E:F1:80:C2:51:D7:8C:7C:81:8A 378s X509v3 Key Usage: critical 378s Digital Signature, Non Repudiation, Key Encipherment 378s X509v3 Extended Key Usage: 378s TLS Web Client Authentication, E-mail Protection 378s X509v3 Subject Alternative Name: 378s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 378s Signature Algorithm: sha256WithRSAEncryption 378s Signature Value: 378s ab:47:46:8c:e4:f9:61:1a:b5:da:90:61:26:83:4a:41:ec:9c: 378s 89:f7:a3:7b:f3:93:f1:9f:f1:8c:7f:be:53:f4:5f:e6:ac:3a: 378s 98:07:ea:be:3e:f4:c1:8c:ae:cf:e3:ad:65:b6:35:f6:75:ca: 378s 42:67:35:7d:b4:64:dd:90:b6:ba:6e:52:15:57:c2:ff:bb:e6: 378s 51:b6:a6:c8:f3:dc:f1:b8:01:ad:45:b2:22:4d:e1:d8:74:d9: 378s 2c:ae:9d:23:ed:93:c0:bf:02:97:bd:cc:06:ca:92:c4:43:29: 378s cf:71:5e:56:5a:d8:13:08:04:34:24:54:ba:e5:32:4c:f4:83: 378s 0b:64 378s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-DT6xzB/SSSD-child-25918-auth.pem 378s + found_md5=Modulus=DFB4891D7C5D905E18C2272E09BB77B69A22821BC5335F3F99B94EA0D285FC1290140BA10877C6B191F61C553D934FEFCC7F5CD8DF40D021B0B73F1E880D3256D4507A722171FF98525B63D2B4BF851939B1B703B69CFFF550C115C6E357098DEC2AE00C2D4F7B2EC67EAAA7AA7179E7EB0F991BDC2BF447A3370DD7888CD849 378s + '[' Modulus=DFB4891D7C5D905E18C2272E09BB77B69A22821BC5335F3F99B94EA0D285FC1290140BA10877C6B191F61C553D934FEFCC7F5CD8DF40D021B0B73F1E880D3256D4507A722171FF98525B63D2B4BF851939B1B703B69CFFF550C115C6E357098DEC2AE00C2D4F7B2EC67EAAA7AA7179E7EB0F991BDC2BF447A3370DD7888CD849 '!=' Modulus=DFB4891D7C5D905E18C2272E09BB77B69A22821BC5335F3F99B94EA0D285FC1290140BA10877C6B191F61C553D934FEFCC7F5CD8DF40D021B0B73F1E880D3256D4507A722171FF98525B63D2B4BF851939B1B703B69CFFF550C115C6E357098DEC2AE00C2D4F7B2EC67EAAA7AA7179E7EB0F991BDC2BF447A3370DD7888CD849 ']' 378s + valid_certificate /tmp/sssd-softhsm2-DT6xzB/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-13079 /tmp/sssd-softhsm2-DT6xzB/test-root-CA.pem partial_chain 378s + check_certificate /tmp/sssd-softhsm2-DT6xzB/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-13079 /tmp/sssd-softhsm2-DT6xzB/test-root-CA.pem partial_chain 378s + local certificate=/tmp/sssd-softhsm2-DT6xzB/test-root-CA-trusted-certificate-0001.pem 378s + local key_pass=pass:random-root-ca-trusted-cert-0001-13079 378s + local key_ring=/tmp/sssd-softhsm2-DT6xzB/test-root-CA.pem 378s + local verify_option=partial_chain 378s + prepare_softhsm2_card /tmp/sssd-softhsm2-DT6xzB/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-13079 378s + local certificate=/tmp/sssd-softhsm2-DT6xzB/test-root-CA-trusted-certificate-0001.pem 378s + local key_pass=pass:random-root-ca-trusted-cert-0001-13079 378s + local key_cn 378s + local key_name 378s + local tokens_dir 378s + local output_cert_file 378s + token_name= 378s ++ basename /tmp/sssd-softhsm2-DT6xzB/test-root-CA-trusted-certificate-0001.pem .pem 378s + key_name=test-root-CA-trusted-certificate-0001 378s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-DT6xzB/test-root-CA-trusted-certificate-0001.pem 378s ++ sed -n 's/ *commonName *= //p' 378s + key_cn='Test Organization Root Trusted Certificate 0001' 378s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 378s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-DT6xzB/softhsm2-test-root-CA-trusted-certificate-0001.conf 378s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-DT6xzB/softhsm2-test-root-CA-trusted-certificate-0001.conf 378s ++ basename /tmp/sssd-softhsm2-DT6xzB/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 378s + tokens_dir=/tmp/sssd-softhsm2-DT6xzB/softhsm2-test-root-CA-trusted-certificate-0001 378s + token_name='Test Organization Root Tr Token' 378s + '[' '!' -e /tmp/sssd-softhsm2-DT6xzB/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 378s + '[' '!' -d /tmp/sssd-softhsm2-DT6xzB/softhsm2-test-root-CA-trusted-certificate-0001 ']' 378s + echo 'Test Organization Root Tr Token' 378s + '[' -n partial_chain ']' 378s + local verify_arg=--verify=partial_chain 378s + local output_base_name=SSSD-child-12849 378s + local output_file=/tmp/sssd-softhsm2-DT6xzB/SSSD-child-12849.output 378s + output_cert_file=/tmp/sssd-softhsm2-DT6xzB/SSSD-child-12849.pem 378s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-DT6xzB/test-root-CA.pem 378s Test Organization Root Tr Token 378s [p11_child[2159]] [main] (0x0400): p11_child started. 378s [p11_child[2159]] [main] (0x2000): Running in [pre-auth] mode. 378s [p11_child[2159]] [main] (0x2000): Running with effective IDs: [0][0]. 378s [p11_child[2159]] [main] (0x2000): Running with real IDs [0][0]. 378s [p11_child[2159]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 378s [p11_child[2159]] [do_card] (0x4000): Module List: 378s [p11_child[2159]] [do_card] (0x4000): common name: [softhsm2]. 378s [p11_child[2159]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 378s [p11_child[2159]] [do_card] (0x4000): Description [SoftHSM slot ID 0x1c177c34] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 378s [p11_child[2159]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 378s [p11_child[2159]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x1c177c34][471301172] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 378s [p11_child[2159]] [do_card] (0x4000): Login NOT required. 378s [p11_child[2159]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 378s [p11_child[2159]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 378s [p11_child[2159]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Root Tr Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 378s [p11_child[2159]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x1c177c34;slot-manufacturer=SoftHSM%20project;slot-id=471301172;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=ab0b71829c177c34;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 378s [p11_child[2159]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 378s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-DT6xzB/SSSD-child-12849.output 378s + echo '-----BEGIN CERTIFICATE-----' 378s + tail -n1 /tmp/sssd-softhsm2-DT6xzB/SSSD-child-12849.output 378s + echo '-----END CERTIFICATE-----' 378s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-DT6xzB/SSSD-child-12849.pem 378s + local found_md5 expected_md5 378s Certificate: 378s Data: 378s Version: 3 (0x2) 378s Serial Number: 3 (0x3) 378s Signature Algorithm: sha256WithRSAEncryption 378s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 378s Validity 378s Not Before: Mar 21 17:57:05 2024 GMT 378s Not After : Mar 21 17:57:05 2025 GMT 378s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 378s Subject Public Key Info: 378s Public Key Algorithm: rsaEncryption 378s Public-Key: (1024 bit) 378s Modulus: 378s 00:df:b4:89:1d:7c:5d:90:5e:18:c2:27:2e:09:bb: 378s 77:b6:9a:22:82:1b:c5:33:5f:3f:99:b9:4e:a0:d2: 378s 85:fc:12:90:14:0b:a1:08:77:c6:b1:91:f6:1c:55: 378s 3d:93:4f:ef:cc:7f:5c:d8:df:40:d0:21:b0:b7:3f: 378s 1e:88:0d:32:56:d4:50:7a:72:21:71:ff:98:52:5b: 378s 63:d2:b4:bf:85:19:39:b1:b7:03:b6:9c:ff:f5:50: 378s c1:15:c6:e3:57:09:8d:ec:2a:e0:0c:2d:4f:7b:2e: 378s c6:7e:aa:a7:aa:71:79:e7:eb:0f:99:1b:dc:2b:f4: 378s 47:a3:37:0d:d7:88:8c:d8:49 378s Exponent: 65537 (0x10001) 378s X509v3 extensions: 378s X509v3 Authority Key Identifier: 378s B7:73:2A:6E:B8:5E:08:0B:DC:0F:97:0A:04:62:81:B4:04:58:2B:2E 378s X509v3 Basic Constraints: 378s CA:FALSE 378s Netscape Cert Type: 378s SSL Client, S/MIME 378s Netscape Comment: 378s Test Organization Root CA trusted Certificate 378s X509v3 Subject Key Identifier: 378s 50:64:E9:F5:62:D2:B8:88:38:18:5E:F1:80:C2:51:D7:8C:7C:81:8A 378s X509v3 Key Usage: critical 378s Digital Signature, Non Repudiation, Key Encipherment 378s X509v3 Extended Key Usage: 378s TLS Web Client Authentication, E-mail Protection 378s X509v3 Subject Alternative Name: 378s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 378s Signature Algorithm: sha256WithRSAEncryption 378s Signature Value: 378s ab:47:46:8c:e4:f9:61:1a:b5:da:90:61:26:83:4a:41:ec:9c: 378s 89:f7:a3:7b:f3:93:f1:9f:f1:8c:7f:be:53:f4:5f:e6:ac:3a: 378s 98:07:ea:be:3e:f4:c1:8c:ae:cf:e3:ad:65:b6:35:f6:75:ca: 378s 42:67:35:7d:b4:64:dd:90:b6:ba:6e:52:15:57:c2:ff:bb:e6: 378s 51:b6:a6:c8:f3:dc:f1:b8:01:ad:45:b2:22:4d:e1:d8:74:d9: 378s 2c:ae:9d:23:ed:93:c0:bf:02:97:bd:cc:06:ca:92:c4:43:29: 378s cf:71:5e:56:5a:d8:13:08:04:34:24:54:ba:e5:32:4c:f4:83: 378s 0b:64 378s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-DT6xzB/test-root-CA-trusted-certificate-0001.pem 379s + expected_md5=Modulus=DFB4891D7C5D905E18C2272E09BB77B69A22821BC5335F3F99B94EA0D285FC1290140BA10877C6B191F61C553D934FEFCC7F5CD8DF40D021B0B73F1E880D3256D4507A722171FF98525B63D2B4BF851939B1B703B69CFFF550C115C6E357098DEC2AE00C2D4F7B2EC67EAAA7AA7179E7EB0F991BDC2BF447A3370DD7888CD849 379s Certificate: 379s Data: 379s Version: 3 (0x2) 379s Serial Number: 3 (0x3) 379s Signature Algorithm: sha256WithRSAEncryption 379s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 379s Validity 379s Not Before: Mar 21 17:57:05 2024 GMT 379s Not After : Mar 21 17:57:05 2025 GMT 379s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 379s Subject Public Key Info: 379s Public Key Algorithm: rsaEncryption 379s Public-Key: (1024 bit) 379s Modulus: 379s 00:df:b4:89:1d:7c:5d:90:5e:18:c2:27:2e:09:bb: 379s 77:b6:9a:22:82:1b:c5:33:5f:3f:99:b9:4e:a0:d2: 379s 85:fc:12:90:14:0b:a1:08:77:c6:b1:91:f6:1c:55: 379s 3d:93:4f:ef:cc:7f:5c:d8:df:40:d0:21:b0:b7:3f: 379s 1e:88:0d:32:56:d4:50:7a:72:21:71:ff:98:52:5b: 379s 63:d2:b4:bf:85:19:39:b1:b7:03:b6:9c:ff:f5:50: 379s c1:15:c6:e3:57:09:8d:ec:2a:e0:0c:2d:4f:7b:2e: 379s c6:7e:aa:a7:aa:71:79:e7:eb:0f:99:1b:dc:2b:f4: 379s 47:a3:37:0d:d7:88:8c:d8:49 379s Exponent: 65537 (0x10001) 379s X509v3 extensions: 379s X509v3 Authority Key Identifier: 379s B7:73:2A:6E:B8:5E:08:0B:DC:0F:97:0A:04:62:81:B4:04:58:2B:2E 379s X509v3 Basic Constraints: 379s CA:FALSE 379s Netscape Cert Type: 379s SSL Client, S/MIME 379s Netscape Comment: 379s Test Organization Root CA trusted Certificate 379s X509v3 Subject Key Identifier: 379s 50:64:E9:F5:62:D2:B8:88:38:18:5E:F1:80:C2:51:D7:8C:7C:81:8A 379s X509v3 Key Usage: critical 379s Digital Signature, Non Repudiation, Key Encipherment 379s X509v3 Extended Key Usage: 379s TLS Web Client Authentication, E-mail Protection 379s X509v3 Subject Alternative Name: 379s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 379s Signature Algorithm: sha256WithRSAEncryption 379s Signature Value: 379s ab:47:46:8c:e4:f9:61:1a:b5:da:90:61:26:83:4a:41:ec:9c: 379s 89:f7:a3:7b:f3:93:f1:9f:f1:8c:7f:be:53:f4:5f:e6:ac:3a: 379s 98:07:ea:be:3e:f4:c1:8c:ae:cf:e3:ad:65:b6:35:f6:75:ca: 379s 42:67:35:7d:b4:64:dd:90:b6:ba:6e:52:15:57:c2:ff:bb:e6: 379s 51:b6:a6:c8:f3:dc:f1:b8:01:ad:45:b2:22:4d:e1:d8:74:d9: 379s 2c:ae:9d:23:ed:93:c0:bf:02:97:bd:cc:06:ca:92:c4:43:29: 379s cf:71:5e:56:5a:d8:13:08:04:34:24:54:ba:e5:32:4c:f4:83: 379s 0b:64 379s Test Organization Root Tr Token 379s Certificate: 379s Data: 379s Version: 3 (0x2) 379s Serial Number: 3 (0x3) 379s Signature Algorithm: sha256WithRSAEncryption 379s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 379s Validity 379s Not Before: Mar 21 17:57:05 2024 GMT 379s Not After : Mar 21 17:57:05 2025 GMT 379s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 379s Subject Public Key Info: 379s Public Key Algorithm: rsaEncryption 379s Public-Key: (1024 bit) 379s Modulus: 379s 00:df:b4:89:1d:7c:5d:90:5e:18:c2:27:2e:09:bb: 379s 77:b6:9a:22:82:1b:c5:33:5f:3f:99:b9:4e:a0:d2: 379s 85:fc:12:90:14:0b:a1:08:77:c6:b1:91:f6:1c:55: 379s 3d:93:4f:ef:cc:7f:5c:d8:df:40:d0:21:b0:b7:3f: 379s 1e:88:0d:32:56:d4:50:7a:72:21:71:ff:98:52:5b: 379s 63:d2:b4:bf:85:19:39:b1:b7:03:b6:9c:ff:f5:50: 379s c1:15:c6:e3:57:09:8d:ec:2a:e0:0c:2d:4f:7b:2e: 379s c6:7e:aa:a7:aa:71:79:e7:eb:0f:99:1b:dc:2b:f4: 379s 47:a3:37:0d:d7:88:8c:d8:49 379s Exponent: 65537 (0x10001) 379s X509v3 extensions: 379s X509v3 Authority Key Identifier: 379s B7:73:2A:6E:B8:5E:08:0B:DC:0F:97:0A:04:62:81:B4:04:58:2B:2E 379s X509v3 Basic Constraints: 379s CA:FALSE 379s Netscape Cert Type: 379s SSL Client, S/MIME 379s Netscape Comment: 379s Test Organization Root CA trusted Certificate 379s X509v3 Subject Key Identifier: 379s 50:64:E9:F5:62:D2:B8:88:38:18:5E:F1:80:C2:51:D7:8C:7C:81:8A 379s X509v3 Key Usage: critical 379s Digital Signature, Non Repudiation, Key Encipherment 379s X509v3 Extended Key Usage: 379s TLS Web Client Authentication, E-mail Protection 379s X509v3 Subject Alternative Name: 379s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 379s Signature Algorithm: sha256WithRSAEncryption 379s Signature Value: 379s ab:47:46:8c:e4:f9:61:1a:b5:da:90:61:26:83:4a:41:ec:9c: 379s 89:f7:a3:7b:f3:93:f1:9f:f1:8c:7f:be:53:f4:5f:e6:ac:3a: 379s 98:07:ea:be:3e:f4:c1:8c:ae:cf:e3:ad:65:b6:35:f6:75:ca: 379s 42:67:35:7d:b4:64:dd:90:b6:ba:6e:52:15:57:c2:ff:bb:e6: 379s 51:b6:a6:c8:f3:dc:f1:b8:01:ad:45:b2:22:4d:e1:d8:74:d9: 379s 2c:ae:9d:23:ed:93:c0:bf:02:97:bd:cc:06:ca:92:c4:43:29: 379s cf:71:5e:56:5a:d8:13:08:04:34:24:54:ba:e5:32:4c:f4:83: 379s 0b:64 379s Certificate: 379s Data: 379s Version: 3 (0x2) 379s Serial Number: 3 (0x3) 379s Signature Algorithm: sha256WithRSAEncryption 379s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 379s Validity 379s Not Before: Mar 21 17:57:05 2024 GMT 379s Not After : Mar 21 17:57:05 2025 GMT 379s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 379s Subject Public Key Info: 379s Public Key Algorithm: rsaEncryption 379s Public-Key: (1024 bit) 379s Modulus: 379s 00:df:b4:89:1d:7c:5d:90:5e:18:c2:27:2e:09:bb: 379s 77:b6:9a:22:82:1b:c5:33:5f:3f:99:b9:4e:a0:d2: 379s 85:fc:12:90:14:0b:a1:08:77:c6:b1:91:f6:1c:55: 379s 3d:93:4f:ef:cc:7f:5c:d8:df:40:d0:21:b0:b7:3f: 379s 1e:88:0d:32:56:d4:50:7a:72:21:71:ff:98:52:5b: 379s 63:d2:b4:bf:85:19:39:b1:b7:03:b6:9c:ff:f5:50: 379s c1:15:c6:e3:57:09:8d:ec:2a:e0:0c:2d:4f:7b:2e: 379s c6:7e:aa:a7:aa:71:79:e7:eb:0f:99:1b:dc:2b:f4: 379s 47:a3:37:0d:d7:88:8c:d8:49 379s Exponent: 65537 (0x10001) 379s X509v3 extensions: 379s X509v3 Authority Key Identifier: 379s B7:73:2A:6E:B8:5E:08:0B:DC:0F:97:0A:04:62:81:B4:04:58:2B:2E 379s X509v3 Basic Constraints: 379s CA:FALSE 379s Netscape Cert Type: 379s SSL Client, S/MIME 379s Netscape Comment: 379s Test Organization Root CA trusted Certificate 379s X509v3 Subject Key Identifier: 379s 50:64:E9:F5:62:D2:B8:88:38:18:5E:F1:80:C2:51:D7:8C:7C:81:8A 379s X509v3 Key Usage: critical 379s Digital Signature, Non Repudiation, Key Encipherment 379s X509v3 Extended Key Usage: 379s TLS Web Client Authentication, E-mail Protection 379s X509v3 Subject Alternative Name: 379s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 379s Signature Algorithm: sha256WithRSAEncryption 379s Signature Value: 379s ab:47:46:8c:e4:f9:61:1a:b5:da:90:61:26:83:4a:41:ec:9c: 379s 89:f7:a3:7b:f3:93:f1:9f:f1:8c:7f:be:53:f4:5f:e6:ac:3a: 379s 98:07:ea:be:3e:f4:c1:8c:ae:cf:e3:ad:65:b6:35:f6:75:ca: 379s 42:67:35:7d:b4:64:dd:90:b6:ba:6e:52:15:57:c2:ff:bb:e6: 379s 51:b6:a6:c8:f3:dc:f1:b8:01:ad:45:b2:22:4d:e1:d8:74:d9: 379s 2c:ae:9d:23:ed:93:c0:bf:02:97:bd:cc:06:ca:92:c4:43:29: 379s cf:71:5e:56:5a:d8:13:08:04:34:24:54:ba:e5:32:4c:f4:83: 379s 0b:64 379s Test Organization Root Tr Token 379s Certificate: 379s Data: 379s Version: 3 (0x2) 379s Serial Number: 3 (0x3) 379s Signature Algorithm: sha256WithRSAEncryption 379s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 379s Validity 379s Not Before: Mar 21 17:57:05 2024 GMT 379s Not After : Mar 21 17:57:05 2025 GMT 379s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 379s Subject Public Key Info: 379s Public Key Algorithm: rsaEncryption 379s Public-Key: (1024 bit) 379s Modulus: 379s 00:df:b4:89:1d:7c:5d:90:5e:18:c2:27:2e:09:bb: 379s 77:b6:9a:22:82:1b:c5:33:5f:3f:99:b9:4e:a0:d2: 379s 85:fc:12:90:14:0b:a1:08:77:c6:b1:91:f6:1c:55: 379s 3d:93:4f:ef:cc:7f:5c:d8:df:40:d0:21:b0:b7:3f: 379s 1e:88:0d:32:56:d4:50:7a:72:21:71:ff:98:52:5b: 379s 63:d2:b4:bf:85:19:39:b1:b7:03:b6:9c:ff:f5:50: 379s c1:15:c6:e3:57:09:8d:ec:2a:e0:0c:2d:4f:7b:2e: 379s c6:7e:aa:a7:aa:71:79:e7:eb:0f:99:1b:dc:2b:f4: 379s 47:a3:37:0d:d7:88:8c:d8:49 379s Exponent: 65537 (0x10001) 379s X509v3 extensions: 379s X509v3 Authority Key Identifier: 379s B7:73:2A:6E:B8:5E:08:0B:DC:0F:97:0A:04:62:81:B4:04:58:2B:2E 379s X509v3 Basic Constraints: 379s CA:FALSE 379s Netscape Cert Type: 379s SSL Client, S/MIME 379s Netscape Comment: 379s Test Organization Root CA trusted Certificate 379s X509v3 Subject Key Identifier: 379s 50:64:E9:F5:62:D2:B8:88:38:18:5E:F1:80:C2:51:D7:8C:7C:81:8A 379s X509v3 Key Usage: critical 379s Digital Signature, Non Repudiation, Key Encipherment 379s X509v3 Extended Key Usage: 379s TLS Web Client Authentication, E-mail Protection 379s X509v3 Subject Alternative Name: 379s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 379s Signature Algorithm: sha256WithRSAEncryption 379s Signature Value: 379s ab:47:46:8c:e4:f9:61:1a:b5:da:90:61:26:83:4a:41:ec:9c: 379s 89:f7:a3:7b:f3:93:f1:9f:f1:8c:7f:be:53:f4:5f:e6:ac:3a: 379s 98:07:ea:be:3e:f4:c1:8c:ae:cf:e3:ad:65:b6:35:f6:75:ca: 379s 42:67:35:7d:b4:64:dd:90:b6:ba:6e:52:15:57:c2:ff:bb:e6: 379s 51:b6:a6:c8:f3:dc:f1:b8:01:ad:45:b2:22:4d:e1:d8:74:d9: 379s 2c:ae:9d:23:ed:93:c0:bf:02:97:bd:cc:06:ca:92:c4:43:29: 379s cf:71:5e:56:5a:d8:13:08:04:34:24:54:ba:e5:32:4c:f4:83: 379s 0b:64 379s Certificate: 379s Data: 379s Version: 3 (0x2) 379s Serial Number: 3 (0x3) 379s Signature Algorithm: sha256WithRSAEncryption 379s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 379s Validity 379s Not Before: Mar 21 17:57:05 2024 GMT 379s Not After : Mar 21 17:57:05 2025 GMT 379s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 379s Subject Public Key Info: 379s Public Key Algorithm: rsaEncryption 379s Public-Key: (1024 bit) 379s Modulus: 379s 00:df:b4:89:1d:7c:5d:90:5e:18:c2:27:2e:09:bb: 379s 77:b6:9a:22:82:1b:c5:33:5f:3f:99:b9:4e:a0:d2: 379s 85:fc:12:90:14:0b:a1:08:77:c6:b1:91:f6:1c:55: 379s 3d:93:4f:ef:cc:7f:5c:d8:df:40:d0:21:b0:b7:3f: 379s 1e:88:0d:32:56:d4:50:7a:72:21:71:ff:98:52:5b: 379s 63:d2:b4:bf:85:19:39:b1:b7:03:b6:9c:ff:f5:50: 379s c1:15:c6:e3:57:09:8d:ec:2a:e0:0c:2d:4f:7b:2e: 379s c6:7e:aa:a7:aa:71:79:e7:eb:0f:99:1b:dc:2b:f4: 379s 47:a3:37:0d:d7:88:8c:d8:49 379s Exponent: 65537 (0x10001) 379s X509v3 extensions: 379s X509v3 Authority Key Identifier: 379s B7:73:2A:6E:B8:5E:08:0B:DC:0F:97:0A:04:62:81:B4:04:58:2B:2E 379s X509v3 Basic Constraints: 379s CA:FALSE 379s Netscape Cert Type: 379s SSL Client, S/MIME 379s Netscape Comment: 379s Test Organization Root CA trusted Certificate 379s X509v3 Subject Key Identifier: 379s 50:64:E9:F5:62:D2:B8:88:38:18:5E:F1:80:C2:51:D7:8C:7C:81:8A 379s X509v3 Key Usage: critical 379s Digital Signature, Non Repudiation, Key Encipherment 379s X509v3 Extended Key Usage: 379s TLS Web Client Authentication, E-mail Protection 379s X509v3 Subject Alternative Name: 379s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 379s Signature Algorithm: sha256WithRSAEncryption 379s Signature Value: 379s ab:47:46:8c:e4:f9:61:1a:b5:da:90:61:26:83:4a:41:ec:9c: 379s 89:f7:a3:7b:f3:93:f1:9f:f1:8c:7f:be:53:f4:5f:e6:ac:3a: 379s 98:07:ea:be:3e:f4:c1:8c:ae:cf:e3:ad:65:b6:35:f6:75:ca: 379s 42:67:35:7d:b4:64:dd:90:b6:ba:6e:52:15:57:c2:ff:bb:e6: 379s 51:b6:a6:c8:f3:dc:f1:b8:01:ad:45:b2:22:4d:e1:d8:74:d9: 379s 2c:ae:9d:23:ed:93:c0:bf:02:97:bd:cc:06:ca:92:c4:43:29: 379s cf:71:5e:56:5a:d8:13:08:04:34:24:54:ba:e5:32:4c:f4:83: 379s 0b:64 379s Test Organization Root Tr Token 379s Test Organization Root Tr Token 379s Slot 0 has a free/uninitialized token. 379s The token has been initialized and is reassigned to slot 1295235411 379s Available slots: 379s Slot 1295235411 379s Slot info: 379s Description: SoftHSM slot ID 0x4d33b953 379s Manufacturer ID: SoftHSM project 379s Hardware version: 2.6 379s Firmware version: 2.6 379s Token present: yes 379s Token info: 379s Manufacturer ID: SoftHSM project 379s Model: SoftHSM v2 379s Hardware version: 2.6 379s Firmware version: 2.6 379s Serial number: 71555415cd33b953 379s Initialized: yes 379s User PIN init.: yes 379s Label: Test Organization Interme Token 379s Slot 1 379s Slot info: 379s Description: SoftHSM slot ID 0x1 379s Manufacturer ID: SoftHSM project 379s Hardware version: 2.6 379s Firmware version: 2.6 379s Token present: yes 379s Token info: 379s Manufacturer ID: SoftHSM project 379s Model: SoftHSM v2 379s Hardware version: 2.6 379s Firmware version: 2.6 379s Serial number: 379s Initialized: no 379s User PIN init.: no 379s Label: 379s Object 0: 379s URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=71555415cd33b953;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert 379s Type: X.509 Certificate (RSA-1024) 379s Expires: Fri Mar 21 17:57:05 2025 379s Label: Test Organization Intermediate Trusted Certificate 0001 379s ID: 00:11:22:33:44:55:66:77:88:99:ff:aa:bb:cc:dd:ee:ff:01:23:45 379s 379s Test Organization Interme Token 379s Test Organization Interme Token 379s Certificate: 379s Data: 379s Version: 3 (0x2) 379s Serial Number: 4 (0x4) 379s Signature Algorithm: sha256WithRSAEncryption 379s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 379s Validity 379s Not Before: Mar 21 17:57:05 2024 GMT 379s Not After : Mar 21 17:57:05 2025 GMT 379s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 379s Subject Public Key Info: 379s Public Key Algorithm: rsaEncryption 379s Public-Key: (1024 bit) 379s Modulus: 379s 00:cb:b8:c2:59:09:47:0c:11:2f:95:0b:17:28:e3: 379s 42:f6:fa:4a:b7:12:76:df:c9:0e:4e:d2:df:97:0d: 379s 5e:4e:e7:cd:c5:7d:21:86:55:e8:05:82:e7:a2:08: 379s 75:93:8e:dd:57:d6:c7:ce:87:6f:75:23:2d:81:90: 379s c9:a0:b5:93:b3:0a:67:c0:ea:24:45:79:40:18:c6: 379s 40:2c:35:30:31:9e:5b:c3:00:96:1b:9d:1b:49:d3: 379s 4d:b7:ca:69:00:13:b0:9a:bb:2b:03:06:da:d0:ce: 379s 54:6e:c3:ca:a1:72:19:ad:14:6c:ae:5c:8e:49:1c: 379s e1:41:84:8a:fa:11:72:3f:7b 379s Exponent: 65537 (0x10001) 379s X509v3 extensions: 379s X509v3 Authority Key Identifier: 379s 68:6C:AB:B5:42:9E:09:54:23:7B:CB:95:04:A5:A1:45:BF:27:D5:62 379s X509v3 Basic Constraints: 379s CA:FALSE 379s Netscape Cert Type: 379s SSL Client, S/MIME 379s Netscape Comment: 379s Test Organization Intermediate CA trusted Certificate 379s X509v3 Subject Key Identifier: 379s F8:D3:78:6C:9C:73:31:9A:F5:5E:F7:B2:19:6E:75:35:68:56:5C:B3 379s X509v3 Key Usage: critical 379s Digital Signature, Non Repudiation, Key Encipherment 379s X509v3 Extended Key Usage: 379s TLS Web Client Authentication, E-mail Protection 379s X509v3 Subject Alternative Name: 379s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 379s Signature Algorithm: sha256WithRSAEncryption 379s Signature Value: 379s 81:c1:31:1b:f3:d8:69:76:c0:10:51:a1:88:97:5b:80:9d:0e: 379s e0:01:41:d9:65:d1:2b:f0:97:18:16:cf:cd:bf:d1:15:bb:76: 379s 48:6e:8a:5d:62:d3:b1:28:4d:18:e8:f0:90:e4:ee:f8:64:2b: 379s 1c:d6:5c:1e:97:e2:4c:43:32:72:e5:a3:c2:4f:a7:00:be:8b: 379s 95:14:8d:41:ca:84:cc:d0:4e:3b:27:27:b3:ae:e8:3b:af:3b: 379s 67:24:ec:b7:e0:f6:63:81:c8:60:c1:bc:31:71:80:48:1d:9f: 379s ff:9e:d2:7b:36:1f:ea:39:5f:0e:c0:88:df:e2:df:6e:e0:3d: 379s b7:92 379s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-DT6xzB/SSSD-child-12849.pem 379s + found_md5=Modulus=DFB4891D7C5D905E18C2272E09BB77B69A22821BC5335F3F99B94EA0D285FC1290140BA10877C6B191F61C553D934FEFCC7F5CD8DF40D021B0B73F1E880D3256D4507A722171FF98525B63D2B4BF851939B1B703B69CFFF550C115C6E357098DEC2AE00C2D4F7B2EC67EAAA7AA7179E7EB0F991BDC2BF447A3370DD7888CD849 379s + '[' Modulus=DFB4891D7C5D905E18C2272E09BB77B69A22821BC5335F3F99B94EA0D285FC1290140BA10877C6B191F61C553D934FEFCC7F5CD8DF40D021B0B73F1E880D3256D4507A722171FF98525B63D2B4BF851939B1B703B69CFFF550C115C6E357098DEC2AE00C2D4F7B2EC67EAAA7AA7179E7EB0F991BDC2BF447A3370DD7888CD849 '!=' Modulus=DFB4891D7C5D905E18C2272E09BB77B69A22821BC5335F3F99B94EA0D285FC1290140BA10877C6B191F61C553D934FEFCC7F5CD8DF40D021B0B73F1E880D3256D4507A722171FF98525B63D2B4BF851939B1B703B69CFFF550C115C6E357098DEC2AE00C2D4F7B2EC67EAAA7AA7179E7EB0F991BDC2BF447A3370DD7888CD849 ']' 379s + output_file=/tmp/sssd-softhsm2-DT6xzB/SSSD-child-12849-auth.output 379s ++ basename /tmp/sssd-softhsm2-DT6xzB/SSSD-child-12849-auth.output .output 379s + output_cert_file=/tmp/sssd-softhsm2-DT6xzB/SSSD-child-12849-auth.pem 379s + echo -n 053350 379s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-DT6xzB/test-root-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Root Tr Token' --module_name /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so 379s [p11_child[2167]] [main] (0x0400): p11_child started. 379s [p11_child[2167]] [main] (0x2000): Running in [auth] mode. 379s [p11_child[2167]] [main] (0x2000): Running with effective IDs: [0][0]. 379s [p11_child[2167]] [main] (0x2000): Running with real IDs [0][0]. 379s [p11_child[2167]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 379s [p11_child[2167]] [do_card] (0x4000): Module List: 379s [p11_child[2167]] [do_card] (0x4000): common name: [softhsm2]. 379s [p11_child[2167]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 379s [p11_child[2167]] [do_card] (0x4000): Description [SoftHSM slot ID 0x1c177c34] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 379s [p11_child[2167]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 379s [p11_child[2167]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x1c177c34][471301172] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 379s [p11_child[2167]] [do_card] (0x4000): Login required. 379s [p11_child[2167]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 379s [p11_child[2167]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 379s [p11_child[2167]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so Test Organization Root Tr Token Test Organization Root Tr Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 379s [p11_child[2167]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x1c177c34;slot-manufacturer=SoftHSM%20project;slot-id=471301172;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=ab0b71829c177c34;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 379s [p11_child[2167]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 379s [p11_child[2167]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 379s [p11_child[2167]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 379s [p11_child[2167]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 379s [p11_child[2167]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 379s [p11_child[2167]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 379s [p11_child[2167]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 379s [p11_child[2167]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 379s [p11_child[2167]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 379s [p11_child[2167]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 379s [p11_child[2167]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 379s [p11_child[2167]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 379s [p11_child[2167]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 379s [p11_child[2167]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 379s [p11_child[2167]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 379s [p11_child[2167]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 379s [p11_child[2167]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 379s [p11_child[2167]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 379s [p11_child[2167]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 379s [p11_child[2167]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 379s [p11_child[2167]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 379s [p11_child[2167]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 379s [p11_child[2167]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 379s [p11_child[2167]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 379s [p11_child[2167]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 379s [p11_child[2167]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 379s [p11_child[2167]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 379s [p11_child[2167]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 379s [p11_child[2167]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 379s [p11_child[2167]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 379s [p11_child[2167]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 379s [p11_child[2167]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 379s [p11_child[2167]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 379s [p11_child[2167]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 379s [p11_child[2167]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 379s [p11_child[2167]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 379s [p11_child[2167]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 379s [p11_child[2167]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 379s [p11_child[2167]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 379s [p11_child[2167]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 379s [p11_child[2167]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 379s [p11_child[2167]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 379s [p11_child[2167]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 379s [p11_child[2167]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 379s [p11_child[2167]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 379s [p11_child[2167]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 379s [p11_child[2167]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 379s [p11_child[2167]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 379s [p11_child[2167]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 379s [p11_child[2167]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 379s [p11_child[2167]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 379s [p11_child[2167]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 379s [p11_child[2167]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 379s [p11_child[2167]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 379s [p11_child[2167]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 379s [p11_child[2167]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 379s [p11_child[2167]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 379s [p11_child[2167]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 379s [p11_child[2167]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 379s [p11_child[2167]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 379s [p11_child[2167]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 379s [p11_child[2167]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 379s [p11_child[2167]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 379s [p11_child[2167]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 379s [p11_child[2167]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 379s [p11_child[2167]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 379s [p11_child[2167]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 379s [p11_child[2167]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 379s [p11_child[2167]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 379s [p11_child[2167]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 379s [p11_child[2167]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 379s [p11_child[2167]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 379s [p11_child[2167]] [do_card] (0x4000): Certificate verified and validated. 379s [p11_child[2167]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 379s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-DT6xzB/SSSD-child-12849-auth.output 379s + echo '-----BEGIN CERTIFICATE-----' 379s + tail -n1 /tmp/sssd-softhsm2-DT6xzB/SSSD-child-12849-auth.output 379s + echo '-----END CERTIFICATE-----' 379s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-DT6xzB/SSSD-child-12849-auth.pem 379s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-DT6xzB/SSSD-child-12849-auth.pem 379s + found_md5=Modulus=DFB4891D7C5D905E18C2272E09BB77B69A22821BC5335F3F99B94EA0D285FC1290140BA10877C6B191F61C553D934FEFCC7F5CD8DF40D021B0B73F1E880D3256D4507A722171FF98525B63D2B4BF851939B1B703B69CFFF550C115C6E357098DEC2AE00C2D4F7B2EC67EAAA7AA7179E7EB0F991BDC2BF447A3370DD7888CD849 379s + '[' Modulus=DFB4891D7C5D905E18C2272E09BB77B69A22821BC5335F3F99B94EA0D285FC1290140BA10877C6B191F61C553D934FEFCC7F5CD8DF40D021B0B73F1E880D3256D4507A722171FF98525B63D2B4BF851939B1B703B69CFFF550C115C6E357098DEC2AE00C2D4F7B2EC67EAAA7AA7179E7EB0F991BDC2BF447A3370DD7888CD849 '!=' Modulus=DFB4891D7C5D905E18C2272E09BB77B69A22821BC5335F3F99B94EA0D285FC1290140BA10877C6B191F61C553D934FEFCC7F5CD8DF40D021B0B73F1E880D3256D4507A722171FF98525B63D2B4BF851939B1B703B69CFFF550C115C6E357098DEC2AE00C2D4F7B2EC67EAAA7AA7179E7EB0F991BDC2BF447A3370DD7888CD849 ']' 379s + valid_certificate /tmp/sssd-softhsm2-DT6xzB/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-13079 /tmp/sssd-softhsm2-DT6xzB/test-full-chain-CA.pem 379s + check_certificate /tmp/sssd-softhsm2-DT6xzB/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-13079 /tmp/sssd-softhsm2-DT6xzB/test-full-chain-CA.pem 379s + local certificate=/tmp/sssd-softhsm2-DT6xzB/test-root-CA-trusted-certificate-0001.pem 379s + local key_pass=pass:random-root-ca-trusted-cert-0001-13079 379s + local key_ring=/tmp/sssd-softhsm2-DT6xzB/test-full-chain-CA.pem 379s + local verify_option= 379s + prepare_softhsm2_card /tmp/sssd-softhsm2-DT6xzB/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-13079 379s + local certificate=/tmp/sssd-softhsm2-DT6xzB/test-root-CA-trusted-certificate-0001.pem 379s + local key_pass=pass:random-root-ca-trusted-cert-0001-13079 379s + local key_cn 379s + local key_name 379s + local tokens_dir 379s + local output_cert_file 379s + token_name= 379s ++ basename /tmp/sssd-softhsm2-DT6xzB/test-root-CA-trusted-certificate-0001.pem .pem 379s + key_name=test-root-CA-trusted-certificate-0001 379s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-DT6xzB/test-root-CA-trusted-certificate-0001.pem 379s ++ sed -n 's/ *commonName *= //p' 379s + key_cn='Test Organization Root Trusted Certificate 0001' 379s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 379s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-DT6xzB/softhsm2-test-root-CA-trusted-certificate-0001.conf 379s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-DT6xzB/softhsm2-test-root-CA-trusted-certificate-0001.conf 379s ++ basename /tmp/sssd-softhsm2-DT6xzB/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 379s + tokens_dir=/tmp/sssd-softhsm2-DT6xzB/softhsm2-test-root-CA-trusted-certificate-0001 379s + token_name='Test Organization Root Tr Token' 379s + '[' '!' -e /tmp/sssd-softhsm2-DT6xzB/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 379s + '[' '!' -d /tmp/sssd-softhsm2-DT6xzB/softhsm2-test-root-CA-trusted-certificate-0001 ']' 379s + echo 'Test Organization Root Tr Token' 379s + '[' -n '' ']' 379s + local output_base_name=SSSD-child-2188 379s + local output_file=/tmp/sssd-softhsm2-DT6xzB/SSSD-child-2188.output 379s + output_cert_file=/tmp/sssd-softhsm2-DT6xzB/SSSD-child-2188.pem 379s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-DT6xzB/test-full-chain-CA.pem 379s [p11_child[2177]] [main] (0x0400): p11_child started. 379s [p11_child[2177]] [main] (0x2000): Running in [pre-auth] mode. 379s [p11_child[2177]] [main] (0x2000): Running with effective IDs: [0][0]. 379s [p11_child[2177]] [main] (0x2000): Running with real IDs [0][0]. 379s [p11_child[2177]] [do_card] (0x4000): Module List: 379s [p11_child[2177]] [do_card] (0x4000): common name: [softhsm2]. 379s [p11_child[2177]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 379s [p11_child[2177]] [do_card] (0x4000): Description [SoftHSM slot ID 0x1c177c34] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 379s [p11_child[2177]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 379s [p11_child[2177]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x1c177c34][471301172] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 379s [p11_child[2177]] [do_card] (0x4000): Login NOT required. 379s [p11_child[2177]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 379s [p11_child[2177]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 379s [p11_child[2177]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Root Tr Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 379s [p11_child[2177]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x1c177c34;slot-manufacturer=SoftHSM%20project;slot-id=471301172;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=ab0b71829c177c34;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 379s [p11_child[2177]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 379s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-DT6xzB/SSSD-child-2188.output 379s + echo '-----BEGIN CERTIFICATE-----' 379s + tail -n1 /tmp/sssd-softhsm2-DT6xzB/SSSD-child-2188.output 379s + echo '-----END CERTIFICATE-----' 379s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-DT6xzB/SSSD-child-2188.pem 379s + local found_md5 expected_md5 379s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-DT6xzB/test-root-CA-trusted-certificate-0001.pem 379s + expected_md5=Modulus=DFB4891D7C5D905E18C2272E09BB77B69A22821BC5335F3F99B94EA0D285FC1290140BA10877C6B191F61C553D934FEFCC7F5CD8DF40D021B0B73F1E880D3256D4507A722171FF98525B63D2B4BF851939B1B703B69CFFF550C115C6E357098DEC2AE00C2D4F7B2EC67EAAA7AA7179E7EB0F991BDC2BF447A3370DD7888CD849 379s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-DT6xzB/SSSD-child-2188.pem 379s + found_md5=Modulus=DFB4891D7C5D905E18C2272E09BB77B69A22821BC5335F3F99B94EA0D285FC1290140BA10877C6B191F61C553D934FEFCC7F5CD8DF40D021B0B73F1E880D3256D4507A722171FF98525B63D2B4BF851939B1B703B69CFFF550C115C6E357098DEC2AE00C2D4F7B2EC67EAAA7AA7179E7EB0F991BDC2BF447A3370DD7888CD849 379s + '[' Modulus=DFB4891D7C5D905E18C2272E09BB77B69A22821BC5335F3F99B94EA0D285FC1290140BA10877C6B191F61C553D934FEFCC7F5CD8DF40D021B0B73F1E880D3256D4507A722171FF98525B63D2B4BF851939B1B703B69CFFF550C115C6E357098DEC2AE00C2D4F7B2EC67EAAA7AA7179E7EB0F991BDC2BF447A3370DD7888CD849 '!=' Modulus=DFB4891D7C5D905E18C2272E09BB77B69A22821BC5335F3F99B94EA0D285FC1290140BA10877C6B191F61C553D934FEFCC7F5CD8DF40D021B0B73F1E880D3256D4507A722171FF98525B63D2B4BF851939B1B703B69CFFF550C115C6E357098DEC2AE00C2D4F7B2EC67EAAA7AA7179E7EB0F991BDC2BF447A3370DD7888CD849 ']' 379s + output_file=/tmp/sssd-softhsm2-DT6xzB/SSSD-child-2188-auth.output 379s ++ basename /tmp/sssd-softhsm2-DT6xzB/SSSD-child-2188-auth.output .output 379s + output_cert_file=/tmp/sssd-softhsm2-DT6xzB/SSSD-child-2188-auth.pem 379s + echo -n 053350 379s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-DT6xzB/test-full-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 '' --token_name 'Test Organization Root Tr Token' --module_name /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so 379s [p11_child[2185]] [main] (0x0400): p11_child started. 379s [p11_child[2185]] [main] (0x2000): Running in [auth] mode. 379s [p11_child[2185]] [main] (0x2000): Running with effective IDs: [0][0]. 379s [p11_child[2185]] [main] (0x2000): Running with real IDs [0][0]. 379s [p11_child[2185]] [do_card] (0x4000): Module List: 379s [p11_child[2185]] [do_card] (0x4000): common name: [softhsm2]. 379s [p11_child[2185]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 379s [p11_child[2185]] [do_card] (0x4000): Description [SoftHSM slot ID 0x1c177c34] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 379s [p11_child[2185]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 379s [p11_child[2185]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x1c177c34][471301172] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 379s [p11_child[2185]] [do_card] (0x4000): Login required. 379s [p11_child[2185]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 379s [p11_child[2185]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 379s [p11_child[2185]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so Test Organization Root Tr Token Test Organization Root Tr Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 379s [p11_child[2185]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x1c177c34;slot-manufacturer=SoftHSM%20project;slot-id=471301172;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=ab0b71829c177c34;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 379s [p11_child[2185]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 379s [p11_child[2185]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 379s [p11_child[2185]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 379s [p11_child[2185]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 379s [p11_child[2185]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 379s [p11_child[2185]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 379s [p11_child[2185]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 379s [p11_child[2185]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 379s [p11_child[2185]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 379s [p11_child[2185]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 379s [p11_child[2185]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 379s [p11_child[2185]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 379s [p11_child[2185]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 379s [p11_child[2185]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 379s [p11_child[2185]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 379s [p11_child[2185]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 379s [p11_child[2185]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 379s [p11_child[2185]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 379s [p11_child[2185]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 379s [p11_child[2185]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 379s [p11_child[2185]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 379s [p11_child[2185]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 379s [p11_child[2185]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 379s [p11_child[2185]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 379s [p11_child[2185]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 379s [p11_child[2185]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 379s [p11_child[2185]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 379s [p11_child[2185]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 379s [p11_child[2185]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 379s [p11_child[2185]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 379s [p11_child[2185]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 379s [p11_child[2185]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 379s [p11_child[2185]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 379s [p11_child[2185]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 379s [p11_child[2185]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 379s [p11_child[2185]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 379s [p11_child[2185]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 379s [p11_child[2185]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 379s [p11_child[2185]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 379s [p11_child[2185]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 379s [p11_child[2185]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 379s [p11_child[2185]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 379s [p11_child[2185]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 379s [p11_child[2185]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 379s [p11_child[2185]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 379s [p11_child[2185]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 379s [p11_child[2185]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 379s [p11_child[2185]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 379s [p11_child[2185]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 379s [p11_child[2185]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 379s [p11_child[2185]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 379s [p11_child[2185]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 379s [p11_child[2185]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 379s [p11_child[2185]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 379s [p11_child[2185]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 379s [p11_child[2185]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 379s [p11_child[2185]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 379s [p11_child[2185]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 379s [p11_child[2185]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 379s [p11_child[2185]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 379s [p11_child[2185]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 379s [p11_child[2185]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 379s [p11_child[2185]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 379s [p11_child[2185]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 379s [p11_child[2185]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 379s [p11_child[2185]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 379s [p11_child[2185]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 379s [p11_child[2185]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 379s [p11_child[2185]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 379s [p11_child[2185]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 379s [p11_child[2185]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 379s [p11_child[2185]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 379s [p11_child[2185]] [do_card] (0x4000): Certificate verified and validated. 379s [p11_child[2185]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 379s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-DT6xzB/SSSD-child-2188-auth.output 379s + echo '-----BEGIN CERTIFICATE-----' 379s + tail -n1 /tmp/sssd-softhsm2-DT6xzB/SSSD-child-2188-auth.output 379s + echo '-----END CERTIFICATE-----' 379s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-DT6xzB/SSSD-child-2188-auth.pem 379s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-DT6xzB/SSSD-child-2188-auth.pem 379s + found_md5=Modulus=DFB4891D7C5D905E18C2272E09BB77B69A22821BC5335F3F99B94EA0D285FC1290140BA10877C6B191F61C553D934FEFCC7F5CD8DF40D021B0B73F1E880D3256D4507A722171FF98525B63D2B4BF851939B1B703B69CFFF550C115C6E357098DEC2AE00C2D4F7B2EC67EAAA7AA7179E7EB0F991BDC2BF447A3370DD7888CD849 379s + '[' Modulus=DFB4891D7C5D905E18C2272E09BB77B69A22821BC5335F3F99B94EA0D285FC1290140BA10877C6B191F61C553D934FEFCC7F5CD8DF40D021B0B73F1E880D3256D4507A722171FF98525B63D2B4BF851939B1B703B69CFFF550C115C6E357098DEC2AE00C2D4F7B2EC67EAAA7AA7179E7EB0F991BDC2BF447A3370DD7888CD849 '!=' Modulus=DFB4891D7C5D905E18C2272E09BB77B69A22821BC5335F3F99B94EA0D285FC1290140BA10877C6B191F61C553D934FEFCC7F5CD8DF40D021B0B73F1E880D3256D4507A722171FF98525B63D2B4BF851939B1B703B69CFFF550C115C6E357098DEC2AE00C2D4F7B2EC67EAAA7AA7179E7EB0F991BDC2BF447A3370DD7888CD849 ']' 379s + valid_certificate /tmp/sssd-softhsm2-DT6xzB/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-13079 /tmp/sssd-softhsm2-DT6xzB/test-full-chain-CA.pem partial_chain 379s + check_certificate /tmp/sssd-softhsm2-DT6xzB/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-13079 /tmp/sssd-softhsm2-DT6xzB/test-full-chain-CA.pem partial_chain 379s + local certificate=/tmp/sssd-softhsm2-DT6xzB/test-root-CA-trusted-certificate-0001.pem 379s + local key_pass=pass:random-root-ca-trusted-cert-0001-13079 379s + local key_ring=/tmp/sssd-softhsm2-DT6xzB/test-full-chain-CA.pem 379s + local verify_option=partial_chain 379s + prepare_softhsm2_card /tmp/sssd-softhsm2-DT6xzB/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-13079 379s + local certificate=/tmp/sssd-softhsm2-DT6xzB/test-root-CA-trusted-certificate-0001.pem 379s + local key_pass=pass:random-root-ca-trusted-cert-0001-13079 379s + local key_cn 379s + local key_name 379s + local tokens_dir 379s + local output_cert_file 379s + token_name= 379s ++ basename /tmp/sssd-softhsm2-DT6xzB/test-root-CA-trusted-certificate-0001.pem .pem 379s + key_name=test-root-CA-trusted-certificate-0001 379s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-DT6xzB/test-root-CA-trusted-certificate-0001.pem 379s ++ sed -n 's/ *commonName *= //p' 379s + key_cn='Test Organization Root Trusted Certificate 0001' 379s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 379s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-DT6xzB/softhsm2-test-root-CA-trusted-certificate-0001.conf 379s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-DT6xzB/softhsm2-test-root-CA-trusted-certificate-0001.conf 379s ++ basename /tmp/sssd-softhsm2-DT6xzB/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 379s + tokens_dir=/tmp/sssd-softhsm2-DT6xzB/softhsm2-test-root-CA-trusted-certificate-0001 379s + token_name='Test Organization Root Tr Token' 379s + '[' '!' -e /tmp/sssd-softhsm2-DT6xzB/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 379s + '[' '!' -d /tmp/sssd-softhsm2-DT6xzB/softhsm2-test-root-CA-trusted-certificate-0001 ']' 379s + echo 'Test Organization Root Tr Token' 379s + '[' -n partial_chain ']' 379s + local verify_arg=--verify=partial_chain 379s + local output_base_name=SSSD-child-6635 379s + local output_file=/tmp/sssd-softhsm2-DT6xzB/SSSD-child-6635.output 379s + output_cert_file=/tmp/sssd-softhsm2-DT6xzB/SSSD-child-6635.pem 379s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-DT6xzB/test-full-chain-CA.pem 379s [p11_child[2195]] [main] (0x0400): p11_child started. 379s [p11_child[2195]] [main] (0x2000): Running in [pre-auth] mode. 379s [p11_child[2195]] [main] (0x2000): Running with effective IDs: [0][0]. 379s [p11_child[2195]] [main] (0x2000): Running with real IDs [0][0]. 379s [p11_child[2195]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 379s [p11_child[2195]] [do_card] (0x4000): Module List: 379s [p11_child[2195]] [do_card] (0x4000): common name: [softhsm2]. 379s [p11_child[2195]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 379s [p11_child[2195]] [do_card] (0x4000): Description [SoftHSM slot ID 0x1c177c34] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 379s [p11_child[2195]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 379s [p11_child[2195]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x1c177c34][471301172] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 379s [p11_child[2195]] [do_card] (0x4000): Login NOT required. 379s [p11_child[2195]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 379s [p11_child[2195]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 379s [p11_child[2195]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Root Tr Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 379s [p11_child[2195]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x1c177c34;slot-manufacturer=SoftHSM%20project;slot-id=471301172;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=ab0b71829c177c34;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 379s [p11_child[2195]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 379s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-DT6xzB/SSSD-child-6635.output 379s + echo '-----BEGIN CERTIFICATE-----' 379s + tail -n1 /tmp/sssd-softhsm2-DT6xzB/SSSD-child-6635.output 379s + echo '-----END CERTIFICATE-----' 379s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-DT6xzB/SSSD-child-6635.pem 379s + local found_md5 expected_md5 379s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-DT6xzB/test-root-CA-trusted-certificate-0001.pem 379s + expected_md5=Modulus=DFB4891D7C5D905E18C2272E09BB77B69A22821BC5335F3F99B94EA0D285FC1290140BA10877C6B191F61C553D934FEFCC7F5CD8DF40D021B0B73F1E880D3256D4507A722171FF98525B63D2B4BF851939B1B703B69CFFF550C115C6E357098DEC2AE00C2D4F7B2EC67EAAA7AA7179E7EB0F991BDC2BF447A3370DD7888CD849 379s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-DT6xzB/SSSD-child-6635.pem 379s + found_md5=Modulus=DFB4891D7C5D905E18C2272E09BB77B69A22821BC5335F3F99B94EA0D285FC1290140BA10877C6B191F61C553D934FEFCC7F5CD8DF40D021B0B73F1E880D3256D4507A722171FF98525B63D2B4BF851939B1B703B69CFFF550C115C6E357098DEC2AE00C2D4F7B2EC67EAAA7AA7179E7EB0F991BDC2BF447A3370DD7888CD849 379s + '[' Modulus=DFB4891D7C5D905E18C2272E09BB77B69A22821BC5335F3F99B94EA0D285FC1290140BA10877C6B191F61C553D934FEFCC7F5CD8DF40D021B0B73F1E880D3256D4507A722171FF98525B63D2B4BF851939B1B703B69CFFF550C115C6E357098DEC2AE00C2D4F7B2EC67EAAA7AA7179E7EB0F991BDC2BF447A3370DD7888CD849 '!=' Modulus=DFB4891D7C5D905E18C2272E09BB77B69A22821BC5335F3F99B94EA0D285FC1290140BA10877C6B191F61C553D934FEFCC7F5CD8DF40D021B0B73F1E880D3256D4507A722171FF98525B63D2B4BF851939B1B703B69CFFF550C115C6E357098DEC2AE00C2D4F7B2EC67EAAA7AA7179E7EB0F991BDC2BF447A3370DD7888CD849 ']' 379s + output_file=/tmp/sssd-softhsm2-DT6xzB/SSSD-child-6635-auth.output 379s ++ basename /tmp/sssd-softhsm2-DT6xzB/SSSD-child-6635-auth.output .output 379s + output_cert_file=/tmp/sssd-softhsm2-DT6xzB/SSSD-child-6635-auth.pem 379s + echo -n 053350 379s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-DT6xzB/test-full-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Root Tr Token' --module_name /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so 379s [p11_child[2203]] [main] (0x0400): p11_child started. 379s [p11_child[2203]] [main] (0x2000): Running in [auth] mode. 379s [p11_child[2203]] [main] (0x2000): Running with effective IDs: [0][0]. 379s [p11_child[2203]] [main] (0x2000): Running with real IDs [0][0]. 379s [p11_child[2203]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 379s [p11_child[2203]] [do_card] (0x4000): Module List: 379s [p11_child[2203]] [do_card] (0x4000): common name: [softhsm2]. 379s [p11_child[2203]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 379s [p11_child[2203]] [do_card] (0x4000): Description [SoftHSM slot ID 0x1c177c34] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 379s [p11_child[2203]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 379s [p11_child[2203]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x1c177c34][471301172] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 379s [p11_child[2203]] [do_card] (0x4000): Login required. 379s [p11_child[2203]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 379s [p11_child[2203]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 379s [p11_child[2203]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so Test Organization Root Tr Token Test Organization Root Tr Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 379s [p11_child[2203]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x1c177c34;slot-manufacturer=SoftHSM%20project;slot-id=471301172;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=ab0b71829c177c34;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 379s [p11_child[2203]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 379s [p11_child[2203]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 379s [p11_child[2203]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 379s [p11_child[2203]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 379s [p11_child[2203]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 379s [p11_child[2203]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 379s [p11_child[2203]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 379s [p11_child[2203]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 379s [p11_child[2203]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 379s [p11_child[2203]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 379s [p11_child[2203]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 379s [p11_child[2203]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 379s [p11_child[2203]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 379s [p11_child[2203]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 379s [p11_child[2203]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 379s [p11_child[2203]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 379s [p11_child[2203]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 379s [p11_child[2203]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 379s [p11_child[2203]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 379s [p11_child[2203]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 379s [p11_child[2203]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 379s [p11_child[2203]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 379s [p11_child[2203]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 379s [p11_child[2203]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 379s [p11_child[2203]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 379s [p11_child[2203]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 379s [p11_child[2203]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 379s [p11_child[2203]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 379s [p11_child[2203]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 379s [p11_child[2203]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 379s [p11_child[2203]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 379s [p11_child[2203]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 379s [p11_child[2203]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 379s [p11_child[2203]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 379s [p11_child[2203]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 379s [p11_child[2203]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 379s [p11_child[2203]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 379s [p11_child[2203]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 379s [p11_child[2203]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 379s [p11_child[2203]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 379s [p11_child[2203]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 379s [p11_child[2203]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 379s [p11_child[2203]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 379s [p11_child[2203]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 379s [p11_child[2203]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 379s [p11_child[2203]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 379s [p11_child[2203]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 379s [p11_child[2203]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 379s [p11_child[2203]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 379s [p11_child[2203]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 379s [p11_child[2203]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 379s [p11_child[2203]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 379s [p11_child[2203]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 379s [p11_child[2203]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 379s [p11_child[2203]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 379s [p11_child[2203]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 379s [p11_child[2203]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 379s [p11_child[2203]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 379s [p11_child[2203]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 379s [p11_child[2203]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 379s [p11_child[2203]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 379s [p11_child[2203]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 379s [p11_child[2203]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 379s [p11_child[2203]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 379s [p11_child[2203]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 379s [p11_child[2203]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 379s [p11_child[2203]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 379s [p11_child[2203]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 379s [p11_child[2203]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 379s [p11_child[2203]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 379s [p11_child[2203]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 379s [p11_child[2203]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 379s [p11_child[2203]] [do_card] (0x4000): Certificate verified and validated. 379s [p11_child[2203]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 379s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-DT6xzB/SSSD-child-6635-auth.output 379s + echo '-----BEGIN CERTIFICATE-----' 379s + tail -n1 /tmp/sssd-softhsm2-DT6xzB/SSSD-child-6635-auth.output 379s + echo '-----END CERTIFICATE-----' 379s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-DT6xzB/SSSD-child-6635-auth.pem 379s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-DT6xzB/SSSD-child-6635-auth.pem 379s + found_md5=Modulus=DFB4891D7C5D905E18C2272E09BB77B69A22821BC5335F3F99B94EA0D285FC1290140BA10877C6B191F61C553D934FEFCC7F5CD8DF40D021B0B73F1E880D3256D4507A722171FF98525B63D2B4BF851939B1B703B69CFFF550C115C6E357098DEC2AE00C2D4F7B2EC67EAAA7AA7179E7EB0F991BDC2BF447A3370DD7888CD849 379s + '[' Modulus=DFB4891D7C5D905E18C2272E09BB77B69A22821BC5335F3F99B94EA0D285FC1290140BA10877C6B191F61C553D934FEFCC7F5CD8DF40D021B0B73F1E880D3256D4507A722171FF98525B63D2B4BF851939B1B703B69CFFF550C115C6E357098DEC2AE00C2D4F7B2EC67EAAA7AA7179E7EB0F991BDC2BF447A3370DD7888CD849 '!=' Modulus=DFB4891D7C5D905E18C2272E09BB77B69A22821BC5335F3F99B94EA0D285FC1290140BA10877C6B191F61C553D934FEFCC7F5CD8DF40D021B0B73F1E880D3256D4507A722171FF98525B63D2B4BF851939B1B703B69CFFF550C115C6E357098DEC2AE00C2D4F7B2EC67EAAA7AA7179E7EB0F991BDC2BF447A3370DD7888CD849 ']' 379s + invalid_certificate /tmp/sssd-softhsm2-DT6xzB/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-13079 /tmp/sssd-softhsm2-DT6xzB/test-intermediate-CA.pem 379s + check_certificate /tmp/sssd-softhsm2-DT6xzB/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-13079 /tmp/sssd-softhsm2-DT6xzB/test-intermediate-CA.pem 379s + local certificate=/tmp/sssd-softhsm2-DT6xzB/test-root-CA-trusted-certificate-0001.pem 379s + local key_pass=pass:random-root-ca-trusted-cert-0001-13079 379s + local key_ring=/tmp/sssd-softhsm2-DT6xzB/test-intermediate-CA.pem 379s + local verify_option= 379s + prepare_softhsm2_card /tmp/sssd-softhsm2-DT6xzB/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-13079 379s + local certificate=/tmp/sssd-softhsm2-DT6xzB/test-root-CA-trusted-certificate-0001.pem 379s + local key_pass=pass:random-root-ca-trusted-cert-0001-13079 379s + local key_cn 379s + local key_name 379s + local tokens_dir 379s + local output_cert_file 379s + token_name= 379s ++ basename /tmp/sssd-softhsm2-DT6xzB/test-root-CA-trusted-certificate-0001.pem .pem 379s + key_name=test-root-CA-trusted-certificate-0001 379s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-DT6xzB/test-root-CA-trusted-certificate-0001.pem 379s ++ sed -n 's/ *commonName *= //p' 379s + key_cn='Test Organization Root Trusted Certificate 0001' 379s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 379s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-DT6xzB/softhsm2-test-root-CA-trusted-certificate-0001.conf 379s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-DT6xzB/softhsm2-test-root-CA-trusted-certificate-0001.conf 379s ++ basename /tmp/sssd-softhsm2-DT6xzB/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 379s + tokens_dir=/tmp/sssd-softhsm2-DT6xzB/softhsm2-test-root-CA-trusted-certificate-0001 379s + token_name='Test Organization Root Tr Token' 379s + '[' '!' -e /tmp/sssd-softhsm2-DT6xzB/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 379s + '[' '!' -d /tmp/sssd-softhsm2-DT6xzB/softhsm2-test-root-CA-trusted-certificate-0001 ']' 379s + echo 'Test Organization Root Tr Token' 379s + '[' -n '' ']' 379s + local output_base_name=SSSD-child-31811 379s + local output_file=/tmp/sssd-softhsm2-DT6xzB/SSSD-child-31811.output 379s + output_cert_file=/tmp/sssd-softhsm2-DT6xzB/SSSD-child-31811.pem 379s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-DT6xzB/test-intermediate-CA.pem 379s [p11_child[2213]] [main] (0x0400): p11_child started. 379s [p11_child[2213]] [main] (0x2000): Running in [pre-auth] mode. 379s [p11_child[2213]] [main] (0x2000): Running with effective IDs: [0][0]. 379s [p11_child[2213]] [main] (0x2000): Running with real IDs [0][0]. 379s [p11_child[2213]] [do_card] (0x4000): Module List: 379s [p11_child[2213]] [do_card] (0x4000): common name: [softhsm2]. 379s [p11_child[2213]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 379s [p11_child[2213]] [do_card] (0x4000): Description [SoftHSM slot ID 0x1c177c34] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 379s [p11_child[2213]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 379s [p11_child[2213]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x1c177c34][471301172] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 379s [p11_child[2213]] [do_card] (0x4000): Login NOT required. 379s [p11_child[2213]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 379s [p11_child[2213]] [do_verification] (0x0040): X509_verify_cert failed [0]. 379s [p11_child[2213]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 379s [p11_child[2213]] [read_certs] (0x0040): Certificate [Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] not valid, skipping. 379s [p11_child[2213]] [do_card] (0x4000): No certificate found. 379s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-DT6xzB/SSSD-child-31811.output 379s + return 2 379s + invalid_certificate /tmp/sssd-softhsm2-DT6xzB/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-13079 /tmp/sssd-softhsm2-DT6xzB/test-intermediate-CA.pem partial_chain 379s + check_certificate /tmp/sssd-softhsm2-DT6xzB/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-13079 /tmp/sssd-softhsm2-DT6xzB/test-intermediate-CA.pem partial_chain 379s + local certificate=/tmp/sssd-softhsm2-DT6xzB/test-root-CA-trusted-certificate-0001.pem 379s + local key_pass=pass:random-root-ca-trusted-cert-0001-13079 379s + local key_ring=/tmp/sssd-softhsm2-DT6xzB/test-intermediate-CA.pem 379s + local verify_option=partial_chain 379s + prepare_softhsm2_card /tmp/sssd-softhsm2-DT6xzB/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-13079 379s + local certificate=/tmp/sssd-softhsm2-DT6xzB/test-root-CA-trusted-certificate-0001.pem 379s + local key_pass=pass:random-root-ca-trusted-cert-0001-13079 379s + local key_cn 379s + local key_name 379s + local tokens_dir 379s + local output_cert_file 379s + token_name= 379s ++ basename /tmp/sssd-softhsm2-DT6xzB/test-root-CA-trusted-certificate-0001.pem .pem 379s + key_name=test-root-CA-trusted-certificate-0001 379s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-DT6xzB/test-root-CA-trusted-certificate-0001.pem 379s ++ sed -n 's/ *commonName *= //p' 379s + key_cn='Test Organization Root Trusted Certificate 0001' 379s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 379s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-DT6xzB/softhsm2-test-root-CA-trusted-certificate-0001.conf 379s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-DT6xzB/softhsm2-test-root-CA-trusted-certificate-0001.conf 379s ++ basename /tmp/sssd-softhsm2-DT6xzB/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 379s + tokens_dir=/tmp/sssd-softhsm2-DT6xzB/softhsm2-test-root-CA-trusted-certificate-0001 379s + token_name='Test Organization Root Tr Token' 379s + '[' '!' -e /tmp/sssd-softhsm2-DT6xzB/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 379s + '[' '!' -d /tmp/sssd-softhsm2-DT6xzB/softhsm2-test-root-CA-trusted-certificate-0001 ']' 379s + echo 'Test Organization Root Tr Token' 379s + '[' -n partial_chain ']' 379s + local verify_arg=--verify=partial_chain 379s + local output_base_name=SSSD-child-12702 379s + local output_file=/tmp/sssd-softhsm2-DT6xzB/SSSD-child-12702.output 379s + output_cert_file=/tmp/sssd-softhsm2-DT6xzB/SSSD-child-12702.pem 379s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-DT6xzB/test-intermediate-CA.pem 379s [p11_child[2220]] [main] (0x0400): p11_child started. 379s [p11_child[2220]] [main] (0x2000): Running in [pre-auth] mode. 379s [p11_child[2220]] [main] (0x2000): Running with effective IDs: [0][0]. 379s [p11_child[2220]] [main] (0x2000): Running with real IDs [0][0]. 379s [p11_child[2220]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 379s [p11_child[2220]] [do_card] (0x4000): Module List: 379s [p11_child[2220]] [do_card] (0x4000): common name: [softhsm2]. 379s [p11_child[2220]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 379s [p11_child[2220]] [do_card] (0x4000): Description [SoftHSM slot ID 0x1c177c34] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 379s [p11_child[2220]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 379s [p11_child[2220]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x1c177c34][471301172] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 379s [p11_child[2220]] [do_card] (0x4000): Login NOT required. 379s [p11_child[2220]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 379s [p11_child[2220]] [do_verification] (0x0040): X509_verify_cert failed [0]. 379s [p11_child[2220]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 379s [p11_child[2220]] [read_certs] (0x0040): Certificate [Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] not valid, skipping. 379s [p11_child[2220]] [do_card] (0x4000): No certificate found. 379s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-DT6xzB/SSSD-child-12702.output 379s + return 2 379s + invalid_certificate /tmp/sssd-softhsm2-DT6xzB/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-31576 /dev/null 379s + check_certificate /tmp/sssd-softhsm2-DT6xzB/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-31576 /dev/null 379s + local certificate=/tmp/sssd-softhsm2-DT6xzB/test-intermediate-CA-trusted-certificate-0001.pem 379s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-31576 379s + local key_ring=/dev/null 379s + local verify_option= 379s + prepare_softhsm2_card /tmp/sssd-softhsm2-DT6xzB/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-31576 379s + local certificate=/tmp/sssd-softhsm2-DT6xzB/test-intermediate-CA-trusted-certificate-0001.pem 379s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-31576 379s + local key_cn 379s + local key_name 379s + local tokens_dir 379s + local output_cert_file 379s + token_name= 379s ++ basename /tmp/sssd-softhsm2-DT6xzB/test-intermediate-CA-trusted-certificate-0001.pem .pem 379s + key_name=test-intermediate-CA-trusted-certificate-0001 379s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-DT6xzB/test-intermediate-CA-trusted-certificate-0001.pem 379s ++ sed -n 's/ *commonName *= //p' 379s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 379s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 379s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-DT6xzB/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 379s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-DT6xzB/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 379s ++ basename /tmp/sssd-softhsm2-DT6xzB/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 379s + tokens_dir=/tmp/sssd-softhsm2-DT6xzB/softhsm2-test-intermediate-CA-trusted-certificate-0001 379s + token_name='Test Organization Interme Token' 379s + '[' '!' -e /tmp/sssd-softhsm2-DT6xzB/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 379s + local key_file 379s + local decrypted_key 379s + mkdir -p /tmp/sssd-softhsm2-DT6xzB/softhsm2-test-intermediate-CA-trusted-certificate-0001 379s + key_file=/tmp/sssd-softhsm2-DT6xzB/test-intermediate-CA-trusted-certificate-0001-key.pem 379s + decrypted_key=/tmp/sssd-softhsm2-DT6xzB/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 379s + cat 379s + softhsm2-util --init-token --label 'Test Organization Interme Token' --pin 053350 --so-pin 053350 --free 379s + softhsm2-util --show-slots 379s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=/tmp/sssd-softhsm2-DT6xzB/test-intermediate-CA-trusted-certificate-0001.pem --login --set-pin=053350 --label 'Test Organization Intermediate Trusted Certificate 0001' --id 00112233445566778899FFAABBCCDDEEFF012345 379s + openssl rsa -passin pass:random-intermediate-ca-trusted-cert-0001-31576 -in /tmp/sssd-softhsm2-DT6xzB/test-intermediate-CA-trusted-certificate-0001-key.pem -out /tmp/sssd-softhsm2-DT6xzB/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 379s writing RSA key 379s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --write --load-privkey=/tmp/sssd-softhsm2-DT6xzB/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem --login --set-pin=053350 --label 'Test Organization Intermediate Trusted Certificate 0001 Key' --id 00112233445566778899FFAABBCCDDEEFF012345 379s + rm /tmp/sssd-softhsm2-DT6xzB/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 379s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --list-all 379s + echo 'Test Organization Interme Token' 379s + '[' -n '' ']' 379s + local output_base_name=SSSD-child-3037 379s + local output_file=/tmp/sssd-softhsm2-DT6xzB/SSSD-child-3037.output 379s + output_cert_file=/tmp/sssd-softhsm2-DT6xzB/SSSD-child-3037.pem 379s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/dev/null 379s [p11_child[2236]] [main] (0x0400): p11_child started. 379s [p11_child[2236]] [main] (0x2000): Running in [pre-auth] mode. 379s [p11_child[2236]] [main] (0x2000): Running with effective IDs: [0][0]. 379s [p11_child[2236]] [main] (0x2000): Running with real IDs [0][0]. 379s [p11_child[2236]] [init_verification] (0x0040): X509_LOOKUP_load_file [/dev/null] failed [92274824][error:05800088:x509 certificate routines::no certificate or crl found]. 379s [p11_child[2236]] [do_work] (0x0040): init_verification failed. 379s [p11_child[2236]] [main] (0x0020): p11_child failed (5) 379s + return 2 379s + valid_certificate /tmp/sssd-softhsm2-DT6xzB/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-31576 /dev/null no_verification 379s + check_certificate /tmp/sssd-softhsm2-DT6xzB/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-31576 /dev/null no_verification 379s + local certificate=/tmp/sssd-softhsm2-DT6xzB/test-intermediate-CA-trusted-certificate-0001.pem 379s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-31576 379s + local key_ring=/dev/null 379s + local verify_option=no_verification 379s + prepare_softhsm2_card /tmp/sssd-softhsm2-DT6xzB/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-31576 379s + local certificate=/tmp/sssd-softhsm2-DT6xzB/test-intermediate-CA-trusted-certificate-0001.pem 379s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-31576 379s + local key_cn 379s + local key_name 379s + local tokens_dir 379s + local output_cert_file 379s + token_name= 379s ++ basename /tmp/sssd-softhsm2-DT6xzB/test-intermediate-CA-trusted-certificate-0001.pem .pem 379s + key_name=test-intermediate-CA-trusted-certificate-0001 379s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-DT6xzB/test-intermediate-CA-trusted-certificate-0001.pem 379s ++ sed -n 's/ *commonName *= //p' 379s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 379s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 379s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-DT6xzB/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 379s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-DT6xzB/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 379s ++ basename /tmp/sssd-softhsm2-DT6xzB/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 379s + tokens_dir=/tmp/sssd-softhsm2-DT6xzB/softhsm2-test-intermediate-CA-trusted-certificate-0001 379s + token_name='Test Organization Interme Token' 379s + '[' '!' -e /tmp/sssd-softhsm2-DT6xzB/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 379s + '[' '!' -d /tmp/sssd-softhsm2-DT6xzB/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 379s + echo 'Test Organization Interme Token' 379s + '[' -n no_verification ']' 379s + local verify_arg=--verify=no_verification 379s + local output_base_name=SSSD-child-24104 379s + local output_file=/tmp/sssd-softhsm2-DT6xzB/SSSD-child-24104.output 379s + output_cert_file=/tmp/sssd-softhsm2-DT6xzB/SSSD-child-24104.pem 379s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --verify=no_verification --ca_db=/dev/null 379s [p11_child[2242]] [main] (0x0400): p11_child started. 379s [p11_child[2242]] [main] (0x2000): Running in [pre-auth] mode. 379s [p11_child[2242]] [main] (0x2000): Running with effective IDs: [0][0]. 379s [p11_child[2242]] [main] (0x2000): Running with real IDs [0][0]. 379s [p11_child[2242]] [parse_cert_verify_opts] (0x0020): Found 'no_verification' option, disabling verification completely. This should not be used in production. 379s [p11_child[2242]] [do_card] (0x4000): Module List: 379s [p11_child[2242]] [do_card] (0x4000): common name: [softhsm2]. 379s [p11_child[2242]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 379s [p11_child[2242]] [do_card] (0x4000): Description [SoftHSM slot ID 0x4d33b953] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 379s [p11_child[2242]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 379s [p11_child[2242]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x4d33b953][1295235411] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 379s [p11_child[2242]] [do_card] (0x4000): Login NOT required. 379s [p11_child[2242]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 379s [p11_child[2242]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Interme Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 379s [p11_child[2242]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x4d33b953;slot-manufacturer=SoftHSM%20project;slot-id=1295235411;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=71555415cd33b953;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 379s [p11_child[2242]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 379s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-DT6xzB/SSSD-child-24104.output 379s + echo '-----BEGIN CERTIFICATE-----' 379s + tail -n1 /tmp/sssd-softhsm2-DT6xzB/SSSD-child-24104.output 379s + echo '-----END CERTIFICATE-----' 379s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-DT6xzB/SSSD-child-24104.pem 379s + local found_md5 expected_md5 379s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-DT6xzB/test-intermediate-CA-trusted-certificate-0001.pem 379s + expected_md5=Modulus=CBB8C25909470C112F950B1728E342F6FA4AB71276DFC90E4ED2DF970D5E4EE7CDC57D218655E80582E7A20875938EDD57D6C7CE876F75232D8190C9A0B593B30A67C0EA2445794018C6402C3530319E5BC300961B9D1B49D34DB7CA690013B09ABB2B0306DAD0CE546EC3CAA17219AD146CAE5C8E491CE141848AFA11723F7B 379s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-DT6xzB/SSSD-child-24104.pem 379s + found_md5=Modulus=CBB8C25909470C112F950B1728E342F6FA4AB71276DFC90E4ED2DF970D5E4EE7CDC57D218655E80582E7A20875938EDD57D6C7CE876F75232D8190C9A0B593B30A67C0EA2445794018C6402C3530319E5BC300961B9D1B49D34DB7CA690013B09ABB2B0306DAD0CE546EC3CAA17219AD146CAE5C8E491CE141848AFA11723F7B 379s + '[' Modulus=CBB8C25909470C112F950B1728E342F6FA4AB71276DFC90E4ED2DF970D5E4EE7CDC57D218655E80582E7A20875938EDD57D6C7CE876F75232D8190C9A0B593B30A67C0EA2445794018C6402C3530319E5BC300961B9D1B49D34DB7CA690013B09ABB2B0306DAD0CE546EC3CAA17219AD146CAE5C8E491CE141848AFA11723F7B '!=' Modulus=CBB8C25909470C112F950B1728E342F6FA4AB71276DFC90E4ED2DF970D5E4EE7CDC57D218655E80582E7A20875938EDD57D6C7CE876F75232D8190C9A0B593B30A67C0EA2445794018C6402C3530319E5BC300961B9D1B49D34DB7CA690013B09ABB2B0306DAD0CE546EC3CAA17219AD146CAE5C8E491CE141848AFA11723F7B ']' 379s + output_file=/tmp/sssd-softhsm2-DT6xzB/SSSD-child-24104-auth.output 379s ++ basename /tmp/sssd-softhsm2-DT6xzB/SSSD-child-24104-auth.output .output 379s + output_cert_file=/tmp/sssd-softhsm2-DT6xzB/SSSD-child-24104-auth.pem 379s + echo -n 053350 379s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/dev/null --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=no_verification --token_name 'Test Organization Interme Token' --module_name /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so 379s [p11_child[2250]] [main] (0x0400): p11_child started. 379s [p11_child[2250]] [main] (0x2000): Running in [auth] mode. 379s [p11_child[2250]] [main] (0x2000): Running with effective IDs: [0][0]. 379s [p11_child[2250]] [main] (0x2000): Running with real IDs [0][0]. 379s [p11_child[2250]] [parse_cert_verify_opts] (0x0020): Found 'no_verification' option, disabling verification completely. This should not be used in production. 379s [p11_child[2250]] [do_card] (0x4000): Module List: 379s [p11_child[2250]] [do_card] (0x4000): common name: [softhsm2]. 379s [p11_child[2250]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 379s [p11_child[2250]] [do_card] (0x4000): Description [SoftHSM slot ID 0x4d33b953] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 379s [p11_child[2250]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 379s [p11_child[2250]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x4d33b953][1295235411] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 379s [p11_child[2250]] [do_card] (0x4000): Login required. 379s [p11_child[2250]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 379s [p11_child[2250]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so Test Organization Interme Token Test Organization Interme Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 379s [p11_child[2250]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x4d33b953;slot-manufacturer=SoftHSM%20project;slot-id=1295235411;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=71555415cd33b953;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 379s [p11_child[2250]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 379s [p11_child[2250]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 379s [p11_child[2250]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 379s [p11_child[2250]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 379s [p11_child[2250]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 379s [p11_child[2250]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 379s [p11_child[2250]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 379s [p11_child[2250]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 379s [p11_child[2250]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 379s [p11_child[2250]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 379s [p11_child[2250]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 379s [p11_child[2250]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 379s [p11_child[2250]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 379s [p11_child[2250]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 379s [p11_child[2250]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 379s [p11_child[2250]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 379s [p11_child[2250]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 379s [p11_child[2250]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 379s [p11_child[2250]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 379s [p11_child[2250]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 379s [p11_child[2250]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 379s [p11_child[2250]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 379s [p11_child[2250]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 379s [p11_child[2250]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 379s [p11_child[2250]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 379s [p11_child[2250]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 379s [p11_child[2250]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 379s [p11_child[2250]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 379s [p11_child[2250]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 379s [p11_child[2250]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 379s [p11_child[2250]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 379s [p11_child[2250]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 379s [p11_child[2250]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 379s [p11_child[2250]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 379s [p11_child[2250]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 379s [p11_child[2250]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 379s [p11_child[2250]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 379s [p11_child[2250]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 379s [p11_child[2250]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 379s [p11_child[2250]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 379s [p11_child[2250]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 379s [p11_child[2250]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 379s [p11_child[2250]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 379s [p11_child[2250]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 379s [p11_child[2250]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 379s [p11_child[2250]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 379s [p11_child[2250]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 379s [p11_child[2250]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 379s [p11_child[2250]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 379s [p11_child[2250]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 379s [p11_child[2250]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 379s [p11_child[2250]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 379s [p11_child[2250]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 379s [p11_child[2250]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 379s [p11_child[2250]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 379s [p11_child[2250]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 379s [p11_child[2250]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 379s [p11_child[2250]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 379s [p11_child[2250]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 379s [p11_child[2250]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 379s [p11_child[2250]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 379s [p11_child[2250]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 379s [p11_child[2250]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 379s [p11_child[2250]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 379s [p11_child[2250]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 379s [p11_child[2250]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 379s [p11_child[2250]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 379s [p11_child[2250]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 379s [p11_child[2250]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 379s [p11_child[2250]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 379s [p11_child[2250]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 379s [p11_child[2250]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 379s [p11_child[2250]] [do_card] (0x4000): Certificate verified and validated. 379s [p11_child[2250]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 379s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-DT6xzB/SSSD-child-24104-auth.output 379s + echo '-----BEGIN CERTIFICATE-----' 379s + tail -n1 /tmp/sssd-softhsm2-DT6xzB/SSSD-child-24104-auth.output 379s + echo '-----END CERTIFICATE-----' 379s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-DT6xzB/SSSD-child-24104-auth.pem 379s Certificate: 379s Data: 379s Version: 3 (0x2) 379s Serial Number: 4 (0x4) 379s Signature Algorithm: sha256WithRSAEncryption 379s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 379s Validity 379s Not Before: Mar 21 17:57:05 2024 GMT 379s Not After : Mar 21 17:57:05 2025 GMT 379s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 379s Subject Public Key Info: 379s Public Key Algorithm: rsaEncryption 379s Public-Key: (1024 bit) 379s Modulus: 379s 00:cb:b8:c2:59:09:47:0c:11:2f:95:0b:17:28:e3: 379s 42:f6:fa:4a:b7:12:76:df:c9:0e:4e:d2:df:97:0d: 379s 5e:4e:e7:cd:c5:7d:21:86:55:e8:05:82:e7:a2:08: 379s 75:93:8e:dd:57:d6:c7:ce:87:6f:75:23:2d:81:90: 379s c9:a0:b5:93:b3:0a:67:c0:ea:24:45:79:40:18:c6: 379s 40:2c:35:30:31:9e:5b:c3:00:96:1b:9d:1b:49:d3: 379s 4d:b7:ca:69:00:13:b0:9a:bb:2b:03:06:da:d0:ce: 379s 54:6e:c3:ca:a1:72:19:ad:14:6c:ae:5c:8e:49:1c: 379s e1:41:84:8a:fa:11:72:3f:7b 379s Exponent: 65537 (0x10001) 379s X509v3 extensions: 379s X509v3 Authority Key Identifier: 379s 68:6C:AB:B5:42:9E:09:54:23:7B:CB:95:04:A5:A1:45:BF:27:D5:62 379s X509v3 Basic Constraints: 379s CA:FALSE 379s Netscape Cert Type: 379s SSL Client, S/MIME 379s Netscape Comment: 379s Test Organization Intermediate CA trusted Certificate 379s X509v3 Subject Key Identifier: 379s F8:D3:78:6C:9C:73:31:9A:F5:5E:F7:B2:19:6E:75:35:68:56:5C:B3 379s X509v3 Key Usage: critical 379s Digital Signature, Non Repudiation, Key Encipherment 379s X509v3 Extended Key Usage: 379s TLS Web Client Authentication, E-mail Protection 379s X509v3 Subject Alternative Name: 379s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 379s Signature Algorithm: sha256WithRSAEncryption 379s Signature Value: 379s 81:c1:31:1b:f3:d8:69:76:c0:10:51:a1:88:97:5b:80:9d:0e: 379s e0:01:41:d9:65:d1:2b:f0:97:18:16:cf:cd:bf:d1:15:bb:76: 379s 48:6e:8a:5d:62:d3:b1:28:4d:18:e8:f0:90:e4:ee:f8:64:2b: 379s 1c:d6:5c:1e:97:e2:4c:43:32:72:e5:a3:c2:4f:a7:00:be:8b: 379s 95:14:8d:41:ca:84:cc:d0:4e:3b:27:27:b3:ae:e8:3b:af:3b: 379s 67:24:ec:b7:e0:f6:63:81:c8:60:c1:bc:31:71:80:48:1d:9f: 379s ff:9e:d2:7b:36:1f:ea:39:5f:0e:c0:88:df:e2:df:6e:e0:3d: 379s b7:92 379s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-DT6xzB/SSSD-child-24104-auth.pem 379s + found_md5=Modulus=CBB8C25909470C112F950B1728E342F6FA4AB71276DFC90E4ED2DF970D5E4EE7CDC57D218655E80582E7A20875938EDD57D6C7CE876F75232D8190C9A0B593B30A67C0EA2445794018C6402C3530319E5BC300961B9D1B49D34DB7CA690013B09ABB2B0306DAD0CE546EC3CAA17219AD146CAE5C8E491CE141848AFA11723F7B 379s + '[' Modulus=CBB8C25909470C112F950B1728E342F6FA4AB71276DFC90E4ED2DF970D5E4EE7CDC57D218655E80582E7A20875938EDD57D6C7CE876F75232D8190C9A0B593B30A67C0EA2445794018C6402C3530319E5BC300961B9D1B49D34DB7CA690013B09ABB2B0306DAD0CE546EC3CAA17219AD146CAE5C8E491CE141848AFA11723F7B '!=' Modulus=CBB8C25909470C112F950B1728E342F6FA4AB71276DFC90E4ED2DF970D5E4EE7CDC57D218655E80582E7A20875938EDD57D6C7CE876F75232D8190C9A0B593B30A67C0EA2445794018C6402C3530319E5BC300961B9D1B49D34DB7CA690013B09ABB2B0306DAD0CE546EC3CAA17219AD146CAE5C8E491CE141848AFA11723F7B ']' 379s + invalid_certificate /tmp/sssd-softhsm2-DT6xzB/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-31576 /tmp/sssd-softhsm2-DT6xzB/test-root-CA.pem 379s + check_certificate /tmp/sssd-softhsm2-DT6xzB/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-31576 /tmp/sssd-softhsm2-DT6xzB/test-root-CA.pem 379s + local certificate=/tmp/sssd-softhsm2-DT6xzB/test-intermediate-CA-trusted-certificate-0001.pem 379s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-31576 379s + local key_ring=/tmp/sssd-softhsm2-DT6xzB/test-root-CA.pem 379s + local verify_option= 379s + prepare_softhsm2_card /tmp/sssd-softhsm2-DT6xzB/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-31576 379s + local certificate=/tmp/sssd-softhsm2-DT6xzB/test-intermediate-CA-trusted-certificate-0001.pem 379s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-31576 379s + local key_cn 379s + local key_name 379s + local tokens_dir 379s + local output_cert_file 379s + token_name= 379s ++ basename /tmp/sssd-softhsm2-DT6xzB/test-intermediate-CA-trusted-certificate-0001.pem .pem 379s + key_name=test-intermediate-CA-trusted-certificate-0001 379s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-DT6xzB/test-intermediate-CA-trusted-certificate-0001.pem 379s ++ sed -n 's/ *commonName *= //p' 379s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 379s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 379s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-DT6xzB/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 379s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-DT6xzB/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 379s ++ basename /tmp/sssd-softhsm2-DT6xzB/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 379s Test Organization Interme Token 379s + tokens_dir=/tmp/sssd-softhsm2-DT6xzB/softhsm2-test-intermediate-CA-trusted-certificate-0001 379s + token_name='Test Organization Interme Token' 379s + '[' '!' -e /tmp/sssd-softhsm2-DT6xzB/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 379s + '[' '!' -d /tmp/sssd-softhsm2-DT6xzB/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 379s + echo 'Test Organization Interme Token' 379s + '[' -n '' ']' 379s + local output_base_name=SSSD-child-11645 379s + local output_file=/tmp/sssd-softhsm2-DT6xzB/SSSD-child-11645.output 379s + output_cert_file=/tmp/sssd-softhsm2-DT6xzB/SSSD-child-11645.pem 379s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-DT6xzB/test-root-CA.pem 379s [p11_child[2260]] [main] (0x0400): p11_child started. 379s [p11_child[2260]] [main] (0x2000): Running in [pre-auth] mode. 379s [p11_child[2260]] [main] (0x2000): Running with effective IDs: [0][0]. 379s [p11_child[2260]] [main] (0x2000): Running with real IDs [0][0]. 379s [p11_child[2260]] [do_card] (0x4000): Module List: 379s [p11_child[2260]] [do_card] (0x4000): common name: [softhsm2]. 379s [p11_child[2260]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 379s [p11_child[2260]] [do_card] (0x4000): Description [SoftHSM slot ID 0x4d33b953] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 379s [p11_child[2260]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 379s [p11_child[2260]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x4d33b953][1295235411] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 379s [p11_child[2260]] [do_card] (0x4000): Login NOT required. 379s [p11_child[2260]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 379s [p11_child[2260]] [do_verification] (0x0040): X509_verify_cert failed [0]. 379s [p11_child[2260]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 379s [p11_child[2260]] [read_certs] (0x0040): Certificate [Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] not valid, skipping. 379s [p11_child[2260]] [do_card] (0x4000): No certificate found. 379s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-DT6xzB/SSSD-child-11645.output 379s + return 2 379s + invalid_certificate /tmp/sssd-softhsm2-DT6xzB/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-31576 /tmp/sssd-softhsm2-DT6xzB/test-root-CA.pem partial_chain 379s + check_certificate /tmp/sssd-softhsm2-DT6xzB/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-31576 /tmp/sssd-softhsm2-DT6xzB/test-root-CA.pem partial_chain 379s + local certificate=/tmp/sssd-softhsm2-DT6xzB/test-intermediate-CA-trusted-certificate-0001.pem 379s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-31576 379s + local key_ring=/tmp/sssd-softhsm2-DT6xzB/test-root-CA.pem 379s + local verify_option=partial_chain 379s + prepare_softhsm2_card /tmp/sssd-softhsm2-DT6xzB/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-31576 379s + local certificate=/tmp/sssd-softhsm2-DT6xzB/test-intermediate-CA-trusted-certificate-0001.pem 379s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-31576 379s + local key_cn 379s + local key_name 379s + local tokens_dir 379s + local output_cert_file 379s + token_name= 379s ++ basename /tmp/sssd-softhsm2-DT6xzB/test-intermediate-CA-trusted-certificate-0001.pem .pem 379s + key_name=test-intermediate-CA-trusted-certificate-0001 379s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-DT6xzB/test-intermediate-CA-trusted-certificate-0001.pem 379s ++ sed -n 's/ *commonName *= //p' 379s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 379s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 379s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-DT6xzB/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 379s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-DT6xzB/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 379s ++ basename /tmp/sssd-softhsm2-DT6xzB/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 379s + tokens_dir=/tmp/sssd-softhsm2-DT6xzB/softhsm2-test-intermediate-CA-trusted-certificate-0001 379s + token_name='Test Organization Interme Token' 379s + '[' '!' -e /tmp/sssd-softhsm2-DT6xzB/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 379s Test Organization Interme Token 379s + '[' '!' -d /tmp/sssd-softhsm2-DT6xzB/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 379s + echo 'Test Organization Interme Token' 379s + '[' -n partial_chain ']' 379s + local verify_arg=--verify=partial_chain 379s + local output_base_name=SSSD-child-9470 379s + local output_file=/tmp/sssd-softhsm2-DT6xzB/SSSD-child-9470.output 379s + output_cert_file=/tmp/sssd-softhsm2-DT6xzB/SSSD-child-9470.pem 379s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-DT6xzB/test-root-CA.pem 379s [p11_child[2267]] [main] (0x0400): p11_child started. 379s [p11_child[2267]] [main] (0x2000): Running in [pre-auth] mode. 379s [p11_child[2267]] [main] (0x2000): Running with effective IDs: [0][0]. 379s [p11_child[2267]] [main] (0x2000): Running with real IDs [0][0]. 379s [p11_child[2267]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 379s [p11_child[2267]] [do_card] (0x4000): Module List: 379s [p11_child[2267]] [do_card] (0x4000): common name: [softhsm2]. 379s [p11_child[2267]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 379s [p11_child[2267]] [do_card] (0x4000): Description [SoftHSM slot ID 0x4d33b953] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 379s [p11_child[2267]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 379s [p11_child[2267]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x4d33b953][1295235411] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 379s [p11_child[2267]] [do_card] (0x4000): Login NOT required. 379s [p11_child[2267]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 379s [p11_child[2267]] [do_verification] (0x0040): X509_verify_cert failed [0]. 379s [p11_child[2267]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 379s [p11_child[2267]] [read_certs] (0x0040): Certificate [Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] not valid, skipping. 379s [p11_child[2267]] [do_card] (0x4000): No certificate found. 379s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-DT6xzB/SSSD-child-9470.output 379s + return 2 379s + valid_certificate /tmp/sssd-softhsm2-DT6xzB/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-31576 /tmp/sssd-softhsm2-DT6xzB/test-full-chain-CA.pem 379s + check_certificate /tmp/sssd-softhsm2-DT6xzB/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-31576 /tmp/sssd-softhsm2-DT6xzB/test-full-chain-CA.pem 379s + local certificate=/tmp/sssd-softhsm2-DT6xzB/test-intermediate-CA-trusted-certificate-0001.pem 379s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-31576 379s + local key_ring=/tmp/sssd-softhsm2-DT6xzB/test-full-chain-CA.pem 379s + local verify_option= 379s + prepare_softhsm2_card /tmp/sssd-softhsm2-DT6xzB/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-31576 379s + local certificate=/tmp/sssd-softhsm2-DT6xzB/test-intermediate-CA-trusted-certificate-0001.pem 379s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-31576 379s + local key_cn 379s + local key_name 379s + local tokens_dir 379s + local output_cert_file 379s + token_name= 379s ++ basename /tmp/sssd-softhsm2-DT6xzB/test-intermediate-CA-trusted-certificate-0001.pem .pem 379s + key_name=test-intermediate-CA-trusted-certificate-0001 379s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-DT6xzB/test-intermediate-CA-trusted-certificate-0001.pem 379s ++ sed -n 's/ *commonName *= //p' 379s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 379s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 379s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-DT6xzB/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 379s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-DT6xzB/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 379s ++ basename /tmp/sssd-softhsm2-DT6xzB/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 379s + tokens_dir=/tmp/sssd-softhsm2-DT6xzB/softhsm2-test-intermediate-CA-trusted-certificate-0001 379s + token_name='Test Organization Interme Token' 379s + '[' '!' -e /tmp/sssd-softhsm2-DT6xzB/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 379s + '[' '!' -d /tmp/sssd-softhsm2-DT6xzB/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 379s + echo 'Test Organization Interme Token' 379s + '[' -n '' ']' 379s + local output_base_name=SSSD-child-6986 379s + local output_file=/tmp/sssd-softhsm2-DT6xzB/SSSD-child-6986.output 379s + output_cert_file=/tmp/sssd-softhsm2-DT6xzB/SSSD-child-6986.pem 379s Test Organization Interme Token 379s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-DT6xzB/test-full-chain-CA.pem 379s [p11_child[2274]] [main] (0x0400): p11_child started. 379s [p11_child[2274]] [main] (0x2000): Running in [pre-auth] mode. 379s [p11_child[2274]] [main] (0x2000): Running with effective IDs: [0][0]. 379s [p11_child[2274]] [main] (0x2000): Running with real IDs [0][0]. 379s [p11_child[2274]] [do_card] (0x4000): Module List: 379s [p11_child[2274]] [do_card] (0x4000): common name: [softhsm2]. 379s [p11_child[2274]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 379s [p11_child[2274]] [do_card] (0x4000): Description [SoftHSM slot ID 0x4d33b953] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 379s [p11_child[2274]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 379s [p11_child[2274]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x4d33b953][1295235411] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 379s [p11_child[2274]] [do_card] (0x4000): Login NOT required. 379s [p11_child[2274]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 379s [p11_child[2274]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 379s [p11_child[2274]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Interme Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 379s [p11_child[2274]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x4d33b953;slot-manufacturer=SoftHSM%20project;slot-id=1295235411;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=71555415cd33b953;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 379s [p11_child[2274]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 379s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-DT6xzB/SSSD-child-6986.output 379s + echo '-----BEGIN CERTIFICATE-----' 379s + tail -n1 /tmp/sssd-softhsm2-DT6xzB/SSSD-child-6986.output 379s + echo '-----END CERTIFICATE-----' 379s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-DT6xzB/SSSD-child-6986.pem 379s Certificate: 379s Data: 379s Version: 3 (0x2) 379s Serial Number: 4 (0x4) 379s Signature Algorithm: sha256WithRSAEncryption 379s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 379s Validity 379s Not Before: Mar 21 17:57:05 2024 GMT 379s Not After : Mar 21 17:57:05 2025 GMT 379s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 379s Subject Public Key Info: 379s Public Key Algorithm: rsaEncryption 379s Public-Key: (1024 bit) 379s Modulus: 379s 00:cb:b8:c2:59:09:47:0c:11:2f:95:0b:17:28:e3: 379s 42:f6:fa:4a:b7:12:76:df:c9:0e:4e:d2:df:97:0d: 379s 5e:4e:e7:cd:c5:7d:21:86:55:e8:05:82:e7:a2:08: 379s 75:93:8e:dd:57:d6:c7:ce:87:6f:75:23:2d:81:90: 379s c9:a0:b5:93:b3:0a:67:c0:ea:24:45:79:40:18:c6: 379s 40:2c:35:30:31:9e:5b:c3:00:96:1b:9d:1b:49:d3: 379s 4d:b7:ca:69:00:13:b0:9a:bb:2b:03:06:da:d0:ce: 379s 54:6e:c3:ca:a1:72:19:ad:14:6c:ae:5c:8e:49:1c: 379s e1:41:84:8a:fa:11:72:3f:7b 379s Exponent: 65537 (0x10001) 379s X509v3 extensions: 379s X509v3 Authority Key Identifier: 379s 68:6C:AB:B5:42:9E:09:54:23:7B:CB:95:04:A5:A1:45:BF:27:D5:62 379s X509v3 Basic Constraints: 379s CA:FALSE 379s Netscape Cert Type: 379s SSL Client, S/MIME 379s Netscape Comment: 379s Test Organization Intermediate CA trusted Certificate 379s X509v3 Subject Key Identifier: 379s F8:D3:78:6C:9C:73:31:9A:F5:5E:F7:B2:19:6E:75:35:68:56:5C:B3 379s X509v3 Key Usage: critical 379s Digital Signature, Non Repudiation, Key Encipherment 379s X509v3 Extended Key Usage: 379s TLS Web Client Authentication, E-mail Protection 379s X509v3 Subject Alternative Name: 379s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 379s Signature Algorithm: sha256WithRSAEncryption 379s Signature Value: 379s 81:c1:31:1b:f3:d8:69:76:c0:10:51:a1:88:97:5b:80:9d:0e: 379s e0:01:41:d9:65:d1:2b:f0:97:18:16:cf:cd:bf:d1:15:bb:76: 379s 48:6e:8a:5d:62:d3:b1:28:4d:18:e8:f0:90:e4:ee:f8:64:2b: 379s 1c:d6:5c:1e:97:e2:4c:43:32:72:e5:a3:c2:4f:a7:00:be:8b: 379s 95:14:8d:41:ca:84:cc:d0:4e:3b:27:27:b3:ae:e8:3b:af:3b: 379s 67:24:ec:b7:e0:f6:63:81:c8:60:c1:bc:31:71:80:48:1d:9f: 379s ff:9e:d2:7b:36:1f:ea:39:5f:0e:c0:88:df:e2:df:6e:e0:3d: 379s b7:92 379s + local found_md5 expected_md5 379s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-DT6xzB/test-intermediate-CA-trusted-certificate-0001.pem 379s + expected_md5=Modulus=CBB8C25909470C112F950B1728E342F6FA4AB71276DFC90E4ED2DF970D5E4EE7CDC57D218655E80582E7A20875938EDD57D6C7CE876F75232D8190C9A0B593B30A67C0EA2445794018C6402C3530319E5BC300961B9D1B49D34DB7CA690013B09ABB2B0306DAD0CE546EC3CAA17219AD146CAE5C8E491CE141848AFA11723F7B 379s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-DT6xzB/SSSD-child-6986.pem 379s + found_md5=Modulus=CBB8C25909470C112F950B1728E342F6FA4AB71276DFC90E4ED2DF970D5E4EE7CDC57D218655E80582E7A20875938EDD57D6C7CE876F75232D8190C9A0B593B30A67C0EA2445794018C6402C3530319E5BC300961B9D1B49D34DB7CA690013B09ABB2B0306DAD0CE546EC3CAA17219AD146CAE5C8E491CE141848AFA11723F7B 379s + '[' Modulus=CBB8C25909470C112F950B1728E342F6FA4AB71276DFC90E4ED2DF970D5E4EE7CDC57D218655E80582E7A20875938EDD57D6C7CE876F75232D8190C9A0B593B30A67C0EA2445794018C6402C3530319E5BC300961B9D1B49D34DB7CA690013B09ABB2B0306DAD0CE546EC3CAA17219AD146CAE5C8E491CE141848AFA11723F7B '!=' Modulus=CBB8C25909470C112F950B1728E342F6FA4AB71276DFC90E4ED2DF970D5E4EE7CDC57D218655E80582E7A20875938EDD57D6C7CE876F75232D8190C9A0B593B30A67C0EA2445794018C6402C3530319E5BC300961B9D1B49D34DB7CA690013B09ABB2B0306DAD0CE546EC3CAA17219AD146CAE5C8E491CE141848AFA11723F7B ']' 379s + output_file=/tmp/sssd-softhsm2-DT6xzB/SSSD-child-6986-auth.output 379s ++ basename /tmp/sssd-softhsm2-DT6xzB/SSSD-child-6986-auth.output .output 379s + output_cert_file=/tmp/sssd-softhsm2-DT6xzB/SSSD-child-6986-auth.pem 379s + echo -n 053350 379s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-DT6xzB/test-full-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 '' --token_name 'Test Organization Interme Token' --module_name /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so 379s [p11_child[2282]] [main] (0x0400): p11_child started. 379s [p11_child[2282]] [main] (0x2000): Running in [auth] mode. 379s [p11_child[2282]] [main] (0x2000): Running with effective IDs: [0][0]. 379s [p11_child[2282]] [main] (0x2000): Running with real IDs [0][0]. 379s [p11_child[2282]] [do_card] (0x4000): Module List: 379s [p11_child[2282]] [do_card] (0x4000): common name: [softhsm2]. 379s [p11_child[2282]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 379s [p11_child[2282]] [do_card] (0x4000): Description [SoftHSM slot ID 0x4d33b953] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 379s [p11_child[2282]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 379s [p11_child[2282]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x4d33b953][1295235411] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 379s [p11_child[2282]] [do_card] (0x4000): Login required. 379s [p11_child[2282]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 379s [p11_child[2282]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 379s [p11_child[2282]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so Test Organization Interme Token Test Organization Interme Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 379s [p11_child[2282]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x4d33b953;slot-manufacturer=SoftHSM%20project;slot-id=1295235411;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=71555415cd33b953;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 379s [p11_child[2282]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 379s [p11_child[2282]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 379s [p11_child[2282]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 379s [p11_child[2282]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 379s [p11_child[2282]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 379s [p11_child[2282]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 379s [p11_child[2282]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 379s [p11_child[2282]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 379s [p11_child[2282]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 379s [p11_child[2282]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 379s [p11_child[2282]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 379s [p11_child[2282]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 379s [p11_child[2282]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 379s [p11_child[2282]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 379s [p11_child[2282]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 379s [p11_child[2282]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 379s [p11_child[2282]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 379s [p11_child[2282]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 379s [p11_child[2282]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 379s [p11_child[2282]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 379s [p11_child[2282]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 379s [p11_child[2282]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 379s [p11_child[2282]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 379s [p11_child[2282]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 379s [p11_child[2282]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 379s [p11_child[2282]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 379s [p11_child[2282]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 379s [p11_child[2282]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 379s [p11_child[2282]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 379s [p11_child[2282]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 379s [p11_child[2282]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 379s [p11_child[2282]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 379s [p11_child[2282]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 379s [p11_child[2282]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 379s [p11_child[2282]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 379s [p11_child[2282]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 379s [p11_child[2282]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 379s [p11_child[2282]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 379s [p11_child[2282]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 379s [p11_child[2282]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 379s [p11_child[2282]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 379s [p11_child[2282]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 379s [p11_child[2282]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 379s [p11_child[2282]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 379s [p11_child[2282]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 379s [p11_child[2282]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 379s [p11_child[2282]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 379s [p11_child[2282]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 379s [p11_child[2282]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 379s [p11_child[2282]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 379s [p11_child[2282]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 379s [p11_child[2282]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 379s [p11_child[2282]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 379s [p11_child[2282]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 379s [p11_child[2282]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 379s [p11_child[2282]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 379s [p11_child[2282]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 379s [p11_child[2282]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 379s [p11_child[2282]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 379s [p11_child[2282]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 379s [p11_child[2282]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 379s [p11_child[2282]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 379s [p11_child[2282]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 379s [p11_child[2282]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 379s [p11_child[2282]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 379s [p11_child[2282]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 379s [p11_child[2282]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 379s [p11_child[2282]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 379s [p11_child[2282]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 379s [p11_child[2282]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 379s [p11_child[2282]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 379s [p11_child[2282]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 379s [p11_child[2282]] [do_card] (0x4000): Certificate verified and validated. 379s [p11_child[2282]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 379s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-DT6xzB/SSSD-child-6986-auth.output 379s + echo '-----BEGIN CERTIFICATE-----' 379s + tail -n1 /tmp/sssd-softhsm2-DT6xzB/SSSD-child-6986-auth.output 379s + echo '-----END CERTIFICATE-----' 379s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-DT6xzB/SSSD-child-6986-auth.pem 379s Certificate: 379s Data: 379s Version: 3 (0x2) 379s Serial Number: 4 (0x4) 379s Signature Algorithm: sha256WithRSAEncryption 379s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 379s Validity 379s Not Before: Mar 21 17:57:05 2024 GMT 379s Not After : Mar 21 17:57:05 2025 GMT 379s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 379s Subject Public Key Info: 379s Public Key Algorithm: rsaEncryption 379s Public-Key: (1024 bit) 379s Modulus: 379s 00:cb:b8:c2:59:09:47:0c:11:2f:95:0b:17:28:e3: 379s 42:f6:fa:4a:b7:12:76:df:c9:0e:4e:d2:df:97:0d: 379s 5e:4e:e7:cd:c5:7d:21:86:55:e8:05:82:e7:a2:08: 379s 75:93:8e:dd:57:d6:c7:ce:87:6f:75:23:2d:81:90: 379s c9:a0:b5:93:b3:0a:67:c0:ea:24:45:79:40:18:c6: 379s 40:2c:35:30:31:9e:5b:c3:00:96:1b:9d:1b:49:d3: 379s 4d:b7:ca:69:00:13:b0:9a:bb:2b:03:06:da:d0:ce: 379s 54:6e:c3:ca:a1:72:19:ad:14:6c:ae:5c:8e:49:1c: 379s e1:41:84:8a:fa:11:72:3f:7b 379s Exponent: 65537 (0x10001) 379s X509v3 extensions: 379s X509v3 Authority Key Identifier: 379s 68:6C:AB:B5:42:9E:09:54:23:7B:CB:95:04:A5:A1:45:BF:27:D5:62 379s X509v3 Basic Constraints: 379s CA:FALSE 379s Netscape Cert Type: 379s SSL Client, S/MIME 379s Netscape Comment: 379s Test Organization Intermediate CA trusted Certificate 379s X509v3 Subject Key Identifier: 379s F8:D3:78:6C:9C:73:31:9A:F5:5E:F7:B2:19:6E:75:35:68:56:5C:B3 379s X509v3 Key Usage: critical 379s Digital Signature, Non Repudiation, Key Encipherment 379s X509v3 Extended Key Usage: 379s TLS Web Client Authentication, E-mail Protection 379s X509v3 Subject Alternative Name: 379s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 379s Signature Algorithm: sha256WithRSAEncryption 379s Signature Value: 379s 81:c1:31:1b:f3:d8:69:76:c0:10:51:a1:88:97:5b:80:9d:0e: 379s e0:01:41:d9:65:d1:2b:f0:97:18:16:cf:cd:bf:d1:15:bb:76: 379s 48:6e:8a:5d:62:d3:b1:28:4d:18:e8:f0:90:e4:ee:f8:64:2b: 379s 1c:d6:5c:1e:97:e2:4c:43:32:72:e5:a3:c2:4f:a7:00:be:8b: 379s 95:14:8d:41:ca:84:cc:d0:4e:3b:27:27:b3:ae:e8:3b:af:3b: 379s 67:24:ec:b7:e0:f6:63:81:c8:60:c1:bc:31:71:80:48:1d:9f: 379s ff:9e:d2:7b:36:1f:ea:39:5f:0e:c0:88:df:e2:df:6e:e0:3d: 379s b7:92 379s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-DT6xzB/SSSD-child-6986-auth.pem 379s + found_md5=Modulus=CBB8C25909470C112F950B1728E342F6FA4AB71276DFC90E4ED2DF970D5E4EE7CDC57D218655E80582E7A20875938EDD57D6C7CE876F75232D8190C9A0B593B30A67C0EA2445794018C6402C3530319E5BC300961B9D1B49D34DB7CA690013B09ABB2B0306DAD0CE546EC3CAA17219AD146CAE5C8E491CE141848AFA11723F7B 379s + '[' Modulus=CBB8C25909470C112F950B1728E342F6FA4AB71276DFC90E4ED2DF970D5E4EE7CDC57D218655E80582E7A20875938EDD57D6C7CE876F75232D8190C9A0B593B30A67C0EA2445794018C6402C3530319E5BC300961B9D1B49D34DB7CA690013B09ABB2B0306DAD0CE546EC3CAA17219AD146CAE5C8E491CE141848AFA11723F7B '!=' Modulus=CBB8C25909470C112F950B1728E342F6FA4AB71276DFC90E4ED2DF970D5E4EE7CDC57D218655E80582E7A20875938EDD57D6C7CE876F75232D8190C9A0B593B30A67C0EA2445794018C6402C3530319E5BC300961B9D1B49D34DB7CA690013B09ABB2B0306DAD0CE546EC3CAA17219AD146CAE5C8E491CE141848AFA11723F7B ']' 379s + valid_certificate /tmp/sssd-softhsm2-DT6xzB/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-31576 /tmp/sssd-softhsm2-DT6xzB/test-full-chain-CA.pem partial_chain 379s + check_certificate /tmp/sssd-softhsm2-DT6xzB/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-31576 /tmp/sssd-softhsm2-DT6xzB/test-full-chain-CA.pem partial_chain 379s + local certificate=/tmp/sssd-softhsm2-DT6xzB/test-intermediate-CA-trusted-certificate-0001.pem 379s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-31576 379s + local key_ring=/tmp/sssd-softhsm2-DT6xzB/test-full-chain-CA.pem 379s + local verify_option=partial_chain 379s + prepare_softhsm2_card /tmp/sssd-softhsm2-DT6xzB/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-31576 379s + local certificate=/tmp/sssd-softhsm2-DT6xzB/test-intermediate-CA-trusted-certificate-0001.pem 379s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-31576 379s + local key_cn 379s + local key_name 379s + local tokens_dir 379s + local output_cert_file 379s + token_name= 379s ++ basename /tmp/sssd-softhsm2-DT6xzB/test-intermediate-CA-trusted-certificate-0001.pem .pem 379s + key_name=test-intermediate-CA-trusted-certificate-0001 379s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-DT6xzB/test-intermediate-CA-trusted-certificate-0001.pem 379s ++ sed -n 's/ *commonName *= //p' 379s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 379s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 379s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-DT6xzB/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 379s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-DT6xzB/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 379s ++ basename /tmp/sssd-softhsm2-DT6xzB/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 379s Test Organization Interme Token 379s + tokens_dir=/tmp/sssd-softhsm2-DT6xzB/softhsm2-test-intermediate-CA-trusted-certificate-0001 379s + token_name='Test Organization Interme Token' 379s + '[' '!' -e /tmp/sssd-softhsm2-DT6xzB/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 379s + '[' '!' -d /tmp/sssd-softhsm2-DT6xzB/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 379s + echo 'Test Organization Interme Token' 379s + '[' -n partial_chain ']' 379s + local verify_arg=--verify=partial_chain 379s + local output_base_name=SSSD-child-22349 379s + local output_file=/tmp/sssd-softhsm2-DT6xzB/SSSD-child-22349.output 379s + output_cert_file=/tmp/sssd-softhsm2-DT6xzB/SSSD-child-22349.pem 379s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-DT6xzB/test-full-chain-CA.pem 379s [p11_child[2292]] [main] (0x0400): p11_child started. 379s [p11_child[2292]] [main] (0x2000): Running in [pre-auth] mode. 379s [p11_child[2292]] [main] (0x2000): Running with effective IDs: [0][0]. 379s [p11_child[2292]] [main] (0x2000): Running with real IDs [0][0]. 379s [p11_child[2292]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 379s [p11_child[2292]] [do_card] (0x4000): Module List: 379s [p11_child[2292]] [do_card] (0x4000): common name: [softhsm2]. 379s [p11_child[2292]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 379s [p11_child[2292]] [do_card] (0x4000): Description [SoftHSM slot ID 0x4d33b953] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 379s [p11_child[2292]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 379s [p11_child[2292]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x4d33b953][1295235411] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 379s [p11_child[2292]] [do_card] (0x4000): Login NOT required. 379s [p11_child[2292]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 379s [p11_child[2292]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 379s [p11_child[2292]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Interme Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 379s [p11_child[2292]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x4d33b953;slot-manufacturer=SoftHSM%20project;slot-id=1295235411;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=71555415cd33b953;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 379s [p11_child[2292]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 379s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-DT6xzB/SSSD-child-22349.output 379s + echo '-----BEGIN CERTIFICATE-----' 379s + tail -n1 /tmp/sssd-softhsm2-DT6xzB/SSSD-child-22349.output 379s + echo '-----END CERTIFICATE-----' 379s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-DT6xzB/SSSD-child-22349.pem 379s Certificate: 379s Data: 379s Version: 3 (0x2) 379s Serial Number: 4 (0x4) 379s Signature Algorithm: sha256WithRSAEncryption 379s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 379s Validity 379s Not Before: Mar 21 17:57:05 2024 GMT 379s Not After : Mar 21 17:57:05 2025 GMT 379s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 379s Subject Public Key Info: 379s Public Key Algorithm: rsaEncryption 379s Public-Key: (1024 bit) 379s Modulus: 379s 00:cb:b8:c2:59:09:47:0c:11:2f:95:0b:17:28:e3: 379s 42:f6:fa:4a:b7:12:76:df:c9:0e:4e:d2:df:97:0d: 379s 5e:4e:e7:cd:c5:7d:21:86:55:e8:05:82:e7:a2:08: 379s 75:93:8e:dd:57:d6:c7:ce:87:6f:75:23:2d:81:90: 379s c9:a0:b5:93:b3:0a:67:c0:ea:24:45:79:40:18:c6: 379s 40:2c:35:30:31:9e:5b:c3:00:96:1b:9d:1b:49:d3: 379s 4d:b7:ca:69:00:13:b0:9a:bb:2b:03:06:da:d0:ce: 379s 54:6e:c3:ca:a1:72:19:ad:14:6c:ae:5c:8e:49:1c: 379s e1:41:84:8a:fa:11:72:3f:7b 379s Exponent: 65537 (0x10001) 379s X509v3 extensions: 379s X509v3 Authority Key Identifier: 379s 68:6C:AB:B5:42:9E:09:54:23:7B:CB:95:04:A5:A1:45:BF:27:D5:62 379s X509v3 Basic Constraints: 379s CA:FALSE 379s Netscape Cert Type: 379s SSL Client, S/MIME 379s Netscape Comment: 379s Test Organization Intermediate CA trusted Certificate 379s X509v3 Subject Key Identifier: 379s F8:D3:78:6C:9C:73:31:9A:F5:5E:F7:B2:19:6E:75:35:68:56:5C:B3 379s X509v3 Key Usage: critical 379s Digital Signature, Non Repudiation, Key Encipherment 379s X509v3 Extended Key Usage: 379s TLS Web Client Authentication, E-mail Protection 379s X509v3 Subject Alternative Name: 379s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 379s Signature Algorithm: sha256WithRSAEncryption 379s Signature Value: 379s 81:c1:31:1b:f3:d8:69:76:c0:10:51:a1:88:97:5b:80:9d:0e: 379s e0:01:41:d9:65:d1:2b:f0:97:18:16:cf:cd:bf:d1:15:bb:76: 379s 48:6e:8a:5d:62:d3:b1:28:4d:18:e8:f0:90:e4:ee:f8:64:2b: 379s 1c:d6:5c:1e:97:e2:4c:43:32:72:e5:a3:c2:4f:a7:00:be:8b: 379s 95:14:8d:41:ca:84:cc:d0:4e:3b:27:27:b3:ae:e8:3b:af:3b: 379s 67:24:ec:b7:e0:f6:63:81:c8:60:c1:bc:31:71:80:48:1d:9f: 379s ff:9e:d2:7b:36:1f:ea:39:5f:0e:c0:88:df:e2:df:6e:e0:3d: 379s b7:92 379s + local found_md5 expected_md5 379s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-DT6xzB/test-intermediate-CA-trusted-certificate-0001.pem 379s + expected_md5=Modulus=CBB8C25909470C112F950B1728E342F6FA4AB71276DFC90E4ED2DF970D5E4EE7CDC57D218655E80582E7A20875938EDD57D6C7CE876F75232D8190C9A0B593B30A67C0EA2445794018C6402C3530319E5BC300961B9D1B49D34DB7CA690013B09ABB2B0306DAD0CE546EC3CAA17219AD146CAE5C8E491CE141848AFA11723F7B 379s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-DT6xzB/SSSD-child-22349.pem 379s + found_md5=Modulus=CBB8C25909470C112F950B1728E342F6FA4AB71276DFC90E4ED2DF970D5E4EE7CDC57D218655E80582E7A20875938EDD57D6C7CE876F75232D8190C9A0B593B30A67C0EA2445794018C6402C3530319E5BC300961B9D1B49D34DB7CA690013B09ABB2B0306DAD0CE546EC3CAA17219AD146CAE5C8E491CE141848AFA11723F7B 379s + '[' Modulus=CBB8C25909470C112F950B1728E342F6FA4AB71276DFC90E4ED2DF970D5E4EE7CDC57D218655E80582E7A20875938EDD57D6C7CE876F75232D8190C9A0B593B30A67C0EA2445794018C6402C3530319E5BC300961B9D1B49D34DB7CA690013B09ABB2B0306DAD0CE546EC3CAA17219AD146CAE5C8E491CE141848AFA11723F7B '!=' Modulus=CBB8C25909470C112F950B1728E342F6FA4AB71276DFC90E4ED2DF970D5E4EE7CDC57D218655E80582E7A20875938EDD57D6C7CE876F75232D8190C9A0B593B30A67C0EA2445794018C6402C3530319E5BC300961B9D1B49D34DB7CA690013B09ABB2B0306DAD0CE546EC3CAA17219AD146CAE5C8E491CE141848AFA11723F7B ']' 379s + output_file=/tmp/sssd-softhsm2-DT6xzB/SSSD-child-22349-auth.output 379s ++ basename /tmp/sssd-softhsm2-DT6xzB/SSSD-child-22349-auth.output .output 379s + output_cert_file=/tmp/sssd-softhsm2-DT6xzB/SSSD-child-22349-auth.pem 379s + echo -n 053350 379s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-DT6xzB/test-full-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Interme Token' --module_name /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so 379s [p11_child[2300]] [main] (0x0400): p11_child started. 379s [p11_child[2300]] [main] (0x2000): Running in [auth] mode. 379s [p11_child[2300]] [main] (0x2000): Running with effective IDs: [0][0]. 379s [p11_child[2300]] [main] (0x2000): Running with real IDs [0][0]. 379s [p11_child[2300]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 379s [p11_child[2300]] [do_card] (0x4000): Module List: 379s [p11_child[2300]] [do_card] (0x4000): common name: [softhsm2]. 379s [p11_child[2300]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 379s [p11_child[2300]] [do_card] (0x4000): Description [SoftHSM slot ID 0x4d33b953] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 379s [p11_child[2300]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 379s [p11_child[2300]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x4d33b953][1295235411] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 379s [p11_child[2300]] [do_card] (0x4000): Login required. 379s [p11_child[2300]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 379s [p11_child[2300]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 379s [p11_child[2300]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so Test Organization Interme Token Test Organization Interme Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 379s [p11_child[2300]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x4d33b953;slot-manufacturer=SoftHSM%20project;slot-id=1295235411;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=71555415cd33b953;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 379s [p11_child[2300]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 379s [p11_child[2300]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 379s [p11_child[2300]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 379s [p11_child[2300]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 379s [p11_child[2300]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 379s [p11_child[2300]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 379s [p11_child[2300]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 379s [p11_child[2300]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 379s [p11_child[2300]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 379s [p11_child[2300]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 379s [p11_child[2300]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 379s [p11_child[2300]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 379s [p11_child[2300]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 379s [p11_child[2300]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 379s [p11_child[2300]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 379s [p11_child[2300]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 379s [p11_child[2300]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 379s [p11_child[2300]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 379s [p11_child[2300]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 379s [p11_child[2300]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 379s [p11_child[2300]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 379s [p11_child[2300]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 379s [p11_child[2300]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 379s [p11_child[2300]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 379s [p11_child[2300]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 379s [p11_child[2300]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 379s [p11_child[2300]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 379s [p11_child[2300]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 379s [p11_child[2300]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 379s [p11_child[2300]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 379s [p11_child[2300]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 379s [p11_child[2300]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 379s [p11_child[2300]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 379s [p11_child[2300]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 379s [p11_child[2300]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 379s [p11_child[2300]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 379s [p11_child[2300]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 379s [p11_child[2300]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 379s [p11_child[2300]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 379s [p11_child[2300]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 379s [p11_child[2300]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 379s [p11_child[2300]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 379s [p11_child[2300]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 379s [p11_child[2300]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 379s [p11_child[2300]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 379s [p11_child[2300]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 379s [p11_child[2300]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 379s [p11_child[2300]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 379s [p11_child[2300]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 379s [p11_child[2300]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 379s [p11_child[2300]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 379s [p11_child[2300]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 379s [p11_child[2300]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 379s [p11_child[2300]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 379s [p11_child[2300]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 379s [p11_child[2300]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 379s [p11_child[2300]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 379s [p11_child[2300]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 379s [p11_child[2300]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 379s [p11_child[2300]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 379s [p11_child[2300]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 379s [p11_child[2300]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 379s [p11_child[2300]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 379s [p11_child[2300]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 379s [p11_child[2300]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 379s [p11_child[2300]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 379s [p11_child[2300]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 379s [p11_child[2300]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 379s [p11_child[2300]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 379s [p11_child[2300]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 379s [p11_child[2300]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 379s [p11_child[2300]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 379s [p11_child[2300]] [do_card] (0x4000): Certificate verified and validated. 379s [p11_child[2300]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 379s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-DT6xzB/SSSD-child-22349-auth.output 379s + echo '-----BEGIN CERTIFICATE-----' 379s + tail -n1 /tmp/sssd-softhsm2-DT6xzB/SSSD-child-22349-auth.output 379s + echo '-----END CERTIFICATE-----' 379s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-DT6xzB/SSSD-child-22349-auth.pem 379s Certificate: 379s Data: 379s Version: 3 (0x2) 379s Serial Number: 4 (0x4) 379s Signature Algorithm: sha256WithRSAEncryption 379s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 379s Validity 379s Not Before: Mar 21 17:57:05 2024 GMT 379s Not After : Mar 21 17:57:05 2025 GMT 379s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 379s Subject Public Key Info: 379s Public Key Algorithm: rsaEncryption 379s Public-Key: (1024 bit) 379s Modulus: 379s 00:cb:b8:c2:59:09:47:0c:11:2f:95:0b:17:28:e3: 379s 42:f6:fa:4a:b7:12:76:df:c9:0e:4e:d2:df:97:0d: 379s 5e:4e:e7:cd:c5:7d:21:86:55:e8:05:82:e7:a2:08: 379s 75:93:8e:dd:57:d6:c7:ce:87:6f:75:23:2d:81:90: 379s c9:a0:b5:93:b3:0a:67:c0:ea:24:45:79:40:18:c6: 379s 40:2c:35:30:31:9e:5b:c3:00:96:1b:9d:1b:49:d3: 379s 4d:b7:ca:69:00:13:b0:9a:bb:2b:03:06:da:d0:ce: 379s 54:6e:c3:ca:a1:72:19:ad:14:6c:ae:5c:8e:49:1c: 379s e1:41:84:8a:fa:11:72:3f:7b 379s Exponent: 65537 (0x10001) 379s X509v3 extensions: 379s X509v3 Authority Key Identifier: 379s 68:6C:AB:B5:42:9E:09:54:23:7B:CB:95:04:A5:A1:45:BF:27:D5:62 379s X509v3 Basic Constraints: 379s CA:FALSE 379s Netscape Cert Type: 379s SSL Client, S/MIME 379s Netscape Comment: 379s Test Organization Intermediate CA trusted Certificate 379s X509v3 Subject Key Identifier: 379s F8:D3:78:6C:9C:73:31:9A:F5:5E:F7:B2:19:6E:75:35:68:56:5C:B3 379s X509v3 Key Usage: critical 379s Digital Signature, Non Repudiation, Key Encipherment 379s X509v3 Extended Key Usage: 379s TLS Web Client Authentication, E-mail Protection 379s X509v3 Subject Alternative Name: 379s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 379s Signature Algorithm: sha256WithRSAEncryption 379s Signature Value: 379s 81:c1:31:1b:f3:d8:69:76:c0:10:51:a1:88:97:5b:80:9d:0e: 379s e0:01:41:d9:65:d1:2b:f0:97:18:16:cf:cd:bf:d1:15:bb:76: 379s 48:6e:8a:5d:62:d3:b1:28:4d:18:e8:f0:90:e4:ee:f8:64:2b: 379s 1c:d6:5c:1e:97:e2:4c:43:32:72:e5:a3:c2:4f:a7:00:be:8b: 379s 95:14:8d:41:ca:84:cc:d0:4e:3b:27:27:b3:ae:e8:3b:af:3b: 379s 67:24:ec:b7:e0:f6:63:81:c8:60:c1:bc:31:71:80:48:1d:9f: 379s ff:9e:d2:7b:36:1f:ea:39:5f:0e:c0:88:df:e2:df:6e:e0:3d: 379s b7:92 379s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-DT6xzB/SSSD-child-22349-auth.pem 379s + found_md5=Modulus=CBB8C25909470C112F950B1728E342F6FA4AB71276DFC90E4ED2DF970D5E4EE7CDC57D218655E80582E7A20875938EDD57D6C7CE876F75232D8190C9A0B593B30A67C0EA2445794018C6402C3530319E5BC300961B9D1B49D34DB7CA690013B09ABB2B0306DAD0CE546EC3CAA17219AD146CAE5C8E491CE141848AFA11723F7B 379s + '[' Modulus=CBB8C25909470C112F950B1728E342F6FA4AB71276DFC90E4ED2DF970D5E4EE7CDC57D218655E80582E7A20875938EDD57D6C7CE876F75232D8190C9A0B593B30A67C0EA2445794018C6402C3530319E5BC300961B9D1B49D34DB7CA690013B09ABB2B0306DAD0CE546EC3CAA17219AD146CAE5C8E491CE141848AFA11723F7B '!=' Modulus=CBB8C25909470C112F950B1728E342F6FA4AB71276DFC90E4ED2DF970D5E4EE7CDC57D218655E80582E7A20875938EDD57D6C7CE876F75232D8190C9A0B593B30A67C0EA2445794018C6402C3530319E5BC300961B9D1B49D34DB7CA690013B09ABB2B0306DAD0CE546EC3CAA17219AD146CAE5C8E491CE141848AFA11723F7B ']' 379s + invalid_certificate /tmp/sssd-softhsm2-DT6xzB/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-31576 /tmp/sssd-softhsm2-DT6xzB/test-intermediate-CA.pem 379s + check_certificate /tmp/sssd-softhsm2-DT6xzB/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-31576 /tmp/sssd-softhsm2-DT6xzB/test-intermediate-CA.pem 379s + local certificate=/tmp/sssd-softhsm2-DT6xzB/test-intermediate-CA-trusted-certificate-0001.pem 379s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-31576 379s + local key_ring=/tmp/sssd-softhsm2-DT6xzB/test-intermediate-CA.pem 379s + local verify_option= 379s + prepare_softhsm2_card /tmp/sssd-softhsm2-DT6xzB/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-31576 379s + local certificate=/tmp/sssd-softhsm2-DT6xzB/test-intermediate-CA-trusted-certificate-0001.pem 379s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-31576 379s + local key_cn 379s + local key_name 379s + local tokens_dir 379s + local output_cert_file 379s + token_name= 379s ++ basename /tmp/sssd-softhsm2-DT6xzB/test-intermediate-CA-trusted-certificate-0001.pem .pem 379s + key_name=test-intermediate-CA-trusted-certificate-0001 379s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-DT6xzB/test-intermediate-CA-trusted-certificate-0001.pem 379s ++ sed -n 's/ *commonName *= //p' 380s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 380s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 380s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-DT6xzB/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 380s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-DT6xzB/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 380s ++ basename /tmp/sssd-softhsm2-DT6xzB/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 380s + tokens_dir=/tmp/sssd-softhsm2-DT6xzB/softhsm2-test-intermediate-CA-trusted-certificate-0001 380s + token_name='Test Organization Interme Token' 380s + '[' '!' -e /tmp/sssd-softhsm2-DT6xzB/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 380s + '[' '!' -d /tmp/sssd-softhsm2-DT6xzB/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 380s + echo 'Test Organization Interme Token' 380s Test Organization Interme Token 380s + '[' -n '' ']' 380s + local output_base_name=SSSD-child-9691 380s + local output_file=/tmp/sssd-softhsm2-DT6xzB/SSSD-child-9691.output 380s + output_cert_file=/tmp/sssd-softhsm2-DT6xzB/SSSD-child-9691.pem 380s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-DT6xzB/test-intermediate-CA.pem 380s [p11_child[2310]] [main] (0x0400): p11_child started. 380s [p11_child[2310]] [main] (0x2000): Running in [pre-auth] mode. 380s [p11_child[2310]] [main] (0x2000): Running with effective IDs: [0][0]. 380s [p11_child[2310]] [main] (0x2000): Running with real IDs [0][0]. 380s [p11_child[2310]] [do_card] (0x4000): Module List: 380s [p11_child[2310]] [do_card] (0x4000): common name: [softhsm2]. 380s [p11_child[2310]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 380s [p11_child[2310]] [do_card] (0x4000): Description [SoftHSM slot ID 0x4d33b953] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 380s [p11_child[2310]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 380s [p11_child[2310]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x4d33b953][1295235411] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 380s [p11_child[2310]] [do_card] (0x4000): Login NOT required. 380s [p11_child[2310]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 380s [p11_child[2310]] [do_verification] (0x0040): X509_verify_cert failed [0]. 380s [p11_child[2310]] [do_verification] (0x0040): X509_verify_cert failed [2][unable to get issuer certificate]. 380s [p11_child[2310]] [read_certs] (0x0040): Certificate [Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] not valid, skipping. 380s [p11_child[2310]] [do_card] (0x4000): No certificate found. 380s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-DT6xzB/SSSD-child-9691.output 380s + return 2 380s + valid_certificate /tmp/sssd-softhsm2-DT6xzB/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-31576 /tmp/sssd-softhsm2-DT6xzB/test-intermediate-CA.pem partial_chain 380s + check_certificate /tmp/sssd-softhsm2-DT6xzB/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-31576 /tmp/sssd-softhsm2-DT6xzB/test-intermediate-CA.pem partial_chain 380s + local certificate=/tmp/sssd-softhsm2-DT6xzB/test-intermediate-CA-trusted-certificate-0001.pem 380s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-31576 380s + local key_ring=/tmp/sssd-softhsm2-DT6xzB/test-intermediate-CA.pem 380s + local verify_option=partial_chain 380s + prepare_softhsm2_card /tmp/sssd-softhsm2-DT6xzB/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-31576 380s + local certificate=/tmp/sssd-softhsm2-DT6xzB/test-intermediate-CA-trusted-certificate-0001.pem 380s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-31576 380s + local key_cn 380s + local key_name 380s + local tokens_dir 380s + local output_cert_file 380s + token_name= 380s ++ basename /tmp/sssd-softhsm2-DT6xzB/test-intermediate-CA-trusted-certificate-0001.pem .pem 380s + key_name=test-intermediate-CA-trusted-certificate-0001 380s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-DT6xzB/test-intermediate-CA-trusted-certificate-0001.pem 380s ++ sed -n 's/ *commonName *= //p' 380s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 380s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 380s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-DT6xzB/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 380s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-DT6xzB/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 380s ++ basename /tmp/sssd-softhsm2-DT6xzB/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 380s + tokens_dir=/tmp/sssd-softhsm2-DT6xzB/softhsm2-test-intermediate-CA-trusted-certificate-0001 380s + token_name='Test Organization Interme Token' 380s + '[' '!' -e /tmp/sssd-softhsm2-DT6xzB/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 380s + '[' '!' -d /tmp/sssd-softhsm2-DT6xzB/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 380s + echo 'Test Organization Interme Token' 380s Test Organization Interme Token 380s + '[' -n partial_chain ']' 380s + local verify_arg=--verify=partial_chain 380s + local output_base_name=SSSD-child-32509 380s + local output_file=/tmp/sssd-softhsm2-DT6xzB/SSSD-child-32509.output 380s + output_cert_file=/tmp/sssd-softhsm2-DT6xzB/SSSD-child-32509.pem 380s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-DT6xzB/test-intermediate-CA.pem 380s [p11_child[2317]] [main] (0x0400): p11_child started. 380s [p11_child[2317]] [main] (0x2000): Running in [pre-auth] mode. 380s [p11_child[2317]] [main] (0x2000): Running with effective IDs: [0][0]. 380s [p11_child[2317]] [main] (0x2000): Running with real IDs [0][0]. 380s [p11_child[2317]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 380s [p11_child[2317]] [do_card] (0x4000): Module List: 380s [p11_child[2317]] [do_card] (0x4000): common name: [softhsm2]. 380s [p11_child[2317]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 380s [p11_child[2317]] [do_card] (0x4000): Description [SoftHSM slot ID 0x4d33b953] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 380s [p11_child[2317]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 380s [p11_child[2317]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x4d33b953][1295235411] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 380s [p11_child[2317]] [do_card] (0x4000): Login NOT required. 380s [p11_child[2317]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 380s [p11_child[2317]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 380s [p11_child[2317]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Interme Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 380s [p11_child[2317]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x4d33b953;slot-manufacturer=SoftHSM%20project;slot-id=1295235411;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=71555415cd33b953;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 380s [p11_child[2317]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 380s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-DT6xzB/SSSD-child-32509.output 380s + echo '-----BEGIN CERTIFICATE-----' 380s + tail -n1 /tmp/sssd-softhsm2-DT6xzB/SSSD-child-32509.output 380s + echo '-----END CERTIFICATE-----' 380s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-DT6xzB/SSSD-child-32509.pem 380s + local found_md5 expected_md5 380s Certificate: 380s Data: 380s Version: 3 (0x2) 380s Serial Number: 4 (0x4) 380s Signature Algorithm: sha256WithRSAEncryption 380s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 380s Validity 380s Not Before: Mar 21 17:57:05 2024 GMT 380s Not After : Mar 21 17:57:05 2025 GMT 380s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 380s Subject Public Key Info: 380s Public Key Algorithm: rsaEncryption 380s Public-Key: (1024 bit) 380s Modulus: 380s 00:cb:b8:c2:59:09:47:0c:11:2f:95:0b:17:28:e3: 380s 42:f6:fa:4a:b7:12:76:df:c9:0e:4e:d2:df:97:0d: 380s 5e:4e:e7:cd:c5:7d:21:86:55:e8:05:82:e7:a2:08: 380s 75:93:8e:dd:57:d6:c7:ce:87:6f:75:23:2d:81:90: 380s c9:a0:b5:93:b3:0a:67:c0:ea:24:45:79:40:18:c6: 380s 40:2c:35:30:31:9e:5b:c3:00:96:1b:9d:1b:49:d3: 380s 4d:b7:ca:69:00:13:b0:9a:bb:2b:03:06:da:d0:ce: 380s 54:6e:c3:ca:a1:72:19:ad:14:6c:ae:5c:8e:49:1c: 380s e1:41:84:8a:fa:11:72:3f:7b 380s Exponent: 65537 (0x10001) 380s X509v3 extensions: 380s X509v3 Authority Key Identifier: 380s 68:6C:AB:B5:42:9E:09:54:23:7B:CB:95:04:A5:A1:45:BF:27:D5:62 380s X509v3 Basic Constraints: 380s CA:FALSE 380s Netscape Cert Type: 380s SSL Client, S/MIME 380s Netscape Comment: 380s Test Organization Intermediate CA trusted Certificate 380s X509v3 Subject Key Identifier: 380s F8:D3:78:6C:9C:73:31:9A:F5:5E:F7:B2:19:6E:75:35:68:56:5C:B3 380s X509v3 Key Usage: critical 380s Digital Signature, Non Repudiation, Key Encipherment 380s X509v3 Extended Key Usage: 380s TLS Web Client Authentication, E-mail Protection 380s X509v3 Subject Alternative Name: 380s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 380s Signature Algorithm: sha256WithRSAEncryption 380s Signature Value: 380s 81:c1:31:1b:f3:d8:69:76:c0:10:51:a1:88:97:5b:80:9d:0e: 380s e0:01:41:d9:65:d1:2b:f0:97:18:16:cf:cd:bf:d1:15:bb:76: 380s 48:6e:8a:5d:62:d3:b1:28:4d:18:e8:f0:90:e4:ee:f8:64:2b: 380s 1c:d6:5c:1e:97:e2:4c:43:32:72:e5:a3:c2:4f:a7:00:be:8b: 380s 95:14:8d:41:ca:84:cc:d0:4e:3b:27:27:b3:ae:e8:3b:af:3b: 380s 67:24:ec:b7:e0:f6:63:81:c8:60:c1:bc:31:71:80:48:1d:9f: 380s ff:9e:d2:7b:36:1f:ea:39:5f:0e:c0:88:df:e2:df:6e:e0:3d: 380s b7:92 380s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-DT6xzB/test-intermediate-CA-trusted-certificate-0001.pem 380s + expected_md5=Modulus=CBB8C25909470C112F950B1728E342F6FA4AB71276DFC90E4ED2DF970D5E4EE7CDC57D218655E80582E7A20875938EDD57D6C7CE876F75232D8190C9A0B593B30A67C0EA2445794018C6402C3530319E5BC300961B9D1B49D34DB7CA690013B09ABB2B0306DAD0CE546EC3CAA17219AD146CAE5C8E491CE141848AFA11723F7B 380s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-DT6xzB/SSSD-child-32509.pem 380s + found_md5=Modulus=CBB8C25909470C112F950B1728E342F6FA4AB71276DFC90E4ED2DF970D5E4EE7CDC57D218655E80582E7A20875938EDD57D6C7CE876F75232D8190C9A0B593B30A67C0EA2445794018C6402C3530319E5BC300961B9D1B49D34DB7CA690013B09ABB2B0306DAD0CE546EC3CAA17219AD146CAE5C8E491CE141848AFA11723F7B 380s + '[' Modulus=CBB8C25909470C112F950B1728E342F6FA4AB71276DFC90E4ED2DF970D5E4EE7CDC57D218655E80582E7A20875938EDD57D6C7CE876F75232D8190C9A0B593B30A67C0EA2445794018C6402C3530319E5BC300961B9D1B49D34DB7CA690013B09ABB2B0306DAD0CE546EC3CAA17219AD146CAE5C8E491CE141848AFA11723F7B '!=' Modulus=CBB8C25909470C112F950B1728E342F6FA4AB71276DFC90E4ED2DF970D5E4EE7CDC57D218655E80582E7A20875938EDD57D6C7CE876F75232D8190C9A0B593B30A67C0EA2445794018C6402C3530319E5BC300961B9D1B49D34DB7CA690013B09ABB2B0306DAD0CE546EC3CAA17219AD146CAE5C8E491CE141848AFA11723F7B ']' 380s + output_file=/tmp/sssd-softhsm2-DT6xzB/SSSD-child-32509-auth.output 380s ++ basename /tmp/sssd-softhsm2-DT6xzB/SSSD-child-32509-auth.output .output 380s + output_cert_file=/tmp/sssd-softhsm2-DT6xzB/SSSD-child-32509-auth.pem 380s + echo -n 053350 380s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-DT6xzB/test-intermediate-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Interme Token' --module_name /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so 380s [p11_child[2325]] [main] (0x0400): p11_child started. 380s [p11_child[2325]] [main] (0x2000): Running in [auth] mode. 380s [p11_child[2325]] [main] (0x2000): Running with effective IDs: [0][0]. 380s [p11_child[2325]] [main] (0x2000): Running with real IDs [0][0]. 380s [p11_child[2325]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 380s [p11_child[2325]] [do_card] (0x4000): Module List: 380s [p11_child[2325]] [do_card] (0x4000): common name: [softhsm2]. 380s [p11_child[2325]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 380s [p11_child[2325]] [do_card] (0x4000): Description [SoftHSM slot ID 0x4d33b953] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 380s [p11_child[2325]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 380s [p11_child[2325]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x4d33b953][1295235411] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 380s [p11_child[2325]] [do_card] (0x4000): Login required. 380s [p11_child[2325]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 380s [p11_child[2325]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 380s [p11_child[2325]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so Test Organization Interme Token Test Organization Interme Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 380s [p11_child[2325]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x4d33b953;slot-manufacturer=SoftHSM%20project;slot-id=1295235411;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=71555415cd33b953;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 380s [p11_child[2325]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 380s [p11_child[2325]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 380s [p11_child[2325]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 380s [p11_child[2325]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 380s [p11_child[2325]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 380s [p11_child[2325]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 380s [p11_child[2325]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 380s [p11_child[2325]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 380s [p11_child[2325]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 380s [p11_child[2325]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 380s [p11_child[2325]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 380s [p11_child[2325]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 380s [p11_child[2325]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 380s [p11_child[2325]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 380s [p11_child[2325]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 380s [p11_child[2325]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 380s [p11_child[2325]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 380s [p11_child[2325]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 380s [p11_child[2325]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 380s [p11_child[2325]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 380s [p11_child[2325]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 380s [p11_child[2325]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 380s [p11_child[2325]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 380s [p11_child[2325]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 380s [p11_child[2325]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 380s [p11_child[2325]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 380s [p11_child[2325]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 380s [p11_child[2325]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 380s [p11_child[2325]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 380s [p11_child[2325]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 380s [p11_child[2325]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 380s [p11_child[2325]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 380s [p11_child[2325]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 380s [p11_child[2325]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 380s [p11_child[2325]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 380s [p11_child[2325]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 380s [p11_child[2325]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 380s [p11_child[2325]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 380s [p11_child[2325]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 380s [p11_child[2325]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 380s [p11_child[2325]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 380s [p11_child[2325]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 380s [p11_child[2325]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 380s [p11_child[2325]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 380s [p11_child[2325]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 380s [p11_child[2325]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 380s [p11_child[2325]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 380s [p11_child[2325]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 380s [p11_child[2325]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 380s [p11_child[2325]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 380s [p11_child[2325]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 380s [p11_child[2325]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 380s [p11_child[2325]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 380s [p11_child[2325]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 380s [p11_child[2325]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 380s [p11_child[2325]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 380s [p11_child[2325]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 380s [p11_child[2325]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 380s [p11_child[2325]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 380s [p11_child[2325]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 380s [p11_child[2325]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 380s [p11_child[2325]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 380s [p11_child[2325]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 380s [p11_child[2325]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 380s [p11_child[2325]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 380s [p11_child[2325]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 380s [p11_child[2325]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 380s [p11_child[2325]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 380s [p11_child[2325]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 380s [p11_child[2325]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 380s [p11_child[2325]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 380s [p11_child[2325]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 380s [p11_child[2325]] [do_card] (0x4000): Certificate verified and validated. 380s [p11_child[2325]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 380s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-DT6xzB/SSSD-child-32509-auth.output 380s + echo '-----BEGIN CERTIFICATE-----' 380s + tail -n1 /tmp/sssd-softhsm2-DT6xzB/SSSD-child-32509-auth.output 380s + echo '-----END CERTIFICATE-----' 380s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-DT6xzB/SSSD-child-32509-auth.pem 380s Certificate: 380s Data: 380s Version: 3 (0x2) 380s Serial Number: 4 (0x4) 380s Signature Algorithm: sha256WithRSAEncryption 380s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 380s Validity 380s Not Before: Mar 21 17:57:05 2024 GMT 380s Not After : Mar 21 17:57:05 2025 GMT 380s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 380s Subject Public Key Info: 380s Public Key Algorithm: rsaEncryption 380s Public-Key: (1024 bit) 380s Modulus: 380s 00:cb:b8:c2:59:09:47:0c:11:2f:95:0b:17:28:e3: 380s 42:f6:fa:4a:b7:12:76:df:c9:0e:4e:d2:df:97:0d: 380s 5e:4e:e7:cd:c5:7d:21:86:55:e8:05:82:e7:a2:08: 380s 75:93:8e:dd:57:d6:c7:ce:87:6f:75:23:2d:81:90: 380s c9:a0:b5:93:b3:0a:67:c0:ea:24:45:79:40:18:c6: 380s 40:2c:35:30:31:9e:5b:c3:00:96:1b:9d:1b:49:d3: 380s 4d:b7:ca:69:00:13:b0:9a:bb:2b:03:06:da:d0:ce: 380s 54:6e:c3:ca:a1:72:19:ad:14:6c:ae:5c:8e:49:1c: 380s e1:41:84:8a:fa:11:72:3f:7b 380s Exponent: 65537 (0x10001) 380s X509v3 extensions: 380s X509v3 Authority Key Identifier: 380s 68:6C:AB:B5:42:9E:09:54:23:7B:CB:95:04:A5:A1:45:BF:27:D5:62 380s X509v3 Basic Constraints: 380s CA:FALSE 380s Netscape Cert Type: 380s SSL Client, S/MIME 380s Netscape Comment: 380s Test Organization Intermediate CA trusted Certificate 380s X509v3 Subject Key Identifier: 380s F8:D3:78:6C:9C:73:31:9A:F5:5E:F7:B2:19:6E:75:35:68:56:5C:B3 380s X509v3 Key Usage: critical 380s Digital Signature, Non Repudiation, Key Encipherment 380s X509v3 Extended Key Usage: 380s TLS Web Client Authentication, E-mail Protection 380s X509v3 Subject Alternative Name: 380s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 380s Signature Algorithm: sha256WithRSAEncryption 380s Signature Value: 380s 81:c1:31:1b:f3:d8:69:76:c0:10:51:a1:88:97:5b:80:9d:0e: 380s e0:01:41:d9:65:d1:2b:f0:97:18:16:cf:cd:bf:d1:15:bb:76: 380s 48:6e:8a:5d:62:d3:b1:28:4d:18:e8:f0:90:e4:ee:f8:64:2b: 380s 1c:d6:5c:1e:97:e2:4c:43:32:72:e5:a3:c2:4f:a7:00:be:8b: 380s 95:14:8d:41:ca:84:cc:d0:4e:3b:27:27:b3:ae:e8:3b:af:3b: 380s 67:24:ec:b7:e0:f6:63:81:c8:60:c1:bc:31:71:80:48:1d:9f: 380s ff:9e:d2:7b:36:1f:ea:39:5f:0e:c0:88:df:e2:df:6e:e0:3d: 380s b7:92 380s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-DT6xzB/SSSD-child-32509-auth.pem 380s + found_md5=Modulus=CBB8C25909470C112F950B1728E342F6FA4AB71276DFC90E4ED2DF970D5E4EE7CDC57D218655E80582E7A20875938EDD57D6C7CE876F75232D8190C9A0B593B30A67C0EA2445794018C6402C3530319E5BC300961B9D1B49D34DB7CA690013B09ABB2B0306DAD0CE546EC3CAA17219AD146CAE5C8E491CE141848AFA11723F7B 380s + '[' Modulus=CBB8C25909470C112F950B1728E342F6FA4AB71276DFC90E4ED2DF970D5E4EE7CDC57D218655E80582E7A20875938EDD57D6C7CE876F75232D8190C9A0B593B30A67C0EA2445794018C6402C3530319E5BC300961B9D1B49D34DB7CA690013B09ABB2B0306DAD0CE546EC3CAA17219AD146CAE5C8E491CE141848AFA11723F7B '!=' Modulus=CBB8C25909470C112F950B1728E342F6FA4AB71276DFC90E4ED2DF970D5E4EE7CDC57D218655E80582E7A20875938EDD57D6C7CE876F75232D8190C9A0B593B30A67C0EA2445794018C6402C3530319E5BC300961B9D1B49D34DB7CA690013B09ABB2B0306DAD0CE546EC3CAA17219AD146CAE5C8E491CE141848AFA11723F7B ']' 380s + invalid_certificate /tmp/sssd-softhsm2-DT6xzB/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-30543 /tmp/sssd-softhsm2-DT6xzB/test-root-CA.pem 380s + check_certificate /tmp/sssd-softhsm2-DT6xzB/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-30543 /tmp/sssd-softhsm2-DT6xzB/test-root-CA.pem 380s + local certificate=/tmp/sssd-softhsm2-DT6xzB/test-sub-intermediate-CA-trusted-certificate-0001.pem 380s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-30543 380s + local key_ring=/tmp/sssd-softhsm2-DT6xzB/test-root-CA.pem 380s + local verify_option= 380s + prepare_softhsm2_card /tmp/sssd-softhsm2-DT6xzB/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-30543 380s + local certificate=/tmp/sssd-softhsm2-DT6xzB/test-sub-intermediate-CA-trusted-certificate-0001.pem 380s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-30543 380s + local key_cn 380s + local key_name 380s + local tokens_dir 380s + local output_cert_file 380s + token_name= 380s ++ basename /tmp/sssd-softhsm2-DT6xzB/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 380s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 380s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-DT6xzB/test-sub-intermediate-CA-trusted-certificate-0001.pem 380s ++ sed -n 's/ *commonName *= //p' 380s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 380s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 380s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-DT6xzB/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 380s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-DT6xzB/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 380s ++ basename /tmp/sssd-softhsm2-DT6xzB/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 380s + tokens_dir=/tmp/sssd-softhsm2-DT6xzB/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 380s + token_name='Test Organization Sub Int Token' 380s + '[' '!' -e /tmp/sssd-softhsm2-DT6xzB/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 380s + local key_file 380s + local decrypted_key 380s + mkdir -p /tmp/sssd-softhsm2-DT6xzB/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 380s + key_file=/tmp/sssd-softhsm2-DT6xzB/test-sub-intermediate-CA-trusted-certificate-0001-key.pem 380s + decrypted_key=/tmp/sssd-softhsm2-DT6xzB/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 380s + cat 380s + softhsm2-util --init-token --label 'Test Organization Sub Int Token' --pin 053350 --so-pin 053350 --free 380s Slot 0 has a free/uninitialized token. 380s The token has been initialized and is reassigned to slot 1305671480 380s + softhsm2-util --show-slots 380s Available slots: 380s Slot 1305671480 380s Slot info: 380s Description: SoftHSM slot ID 0x4dd2f738 380s Manufacturer ID: SoftHSM project 380s Hardware version: 2.6 380s Firmware version: 2.6 380s Token present: yes 380s Token info: 380s Manufacturer ID: SoftHSM project 380s Model: SoftHSM v2 380s Hardware version: 2.6 380s Firmware version: 2.6 380s Serial number: dc4d6bc0cdd2f738 380s Initialized: yes 380s User PIN init.: yes 380s Label: Test Organization Sub Int Token 380s Slot 1 380s Slot info: 380s Description: SoftHSM slot ID 0x1 380s Manufacturer ID: SoftHSM project 380s Hardware version: 2.6 380s Firmware version: 2.6 380s Token present: yes 380s Token info: 380s Manufacturer ID: SoftHSM project 380s Model: SoftHSM v2 380s Hardware version: 2.6 380s Firmware version: 2.6 380s Serial number: 380s Initialized: no 380s User PIN init.: no 380s Label: 380s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=/tmp/sssd-softhsm2-DT6xzB/test-sub-intermediate-CA-trusted-certificate-0001.pem --login --set-pin=053350 --label 'Test Organization Sub Intermediate Trusted Certificate 0001' --id 00112233445566778899FFAABBCCDDEEFF012345 380s + openssl rsa -passin pass:random-sub-intermediate-ca-trusted-cert-0001-30543 -in /tmp/sssd-softhsm2-DT6xzB/test-sub-intermediate-CA-trusted-certificate-0001-key.pem -out /tmp/sssd-softhsm2-DT6xzB/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 380s writing RSA key 380s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --write --load-privkey=/tmp/sssd-softhsm2-DT6xzB/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem --login --set-pin=053350 --label 'Test Organization Sub Intermediate Trusted Certificate 0001 Key' --id 00112233445566778899FFAABBCCDDEEFF012345 380s + rm /tmp/sssd-softhsm2-DT6xzB/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 380s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --list-all 380s Object 0: 380s URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=dc4d6bc0cdd2f738;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert 380s Type: X.509 Certificate (RSA-1024) 380s Expires: Fri Mar 21 17:57:06 2025 380s Label: Test Organization Sub Intermediate Trusted Certificate 0001 380s ID: 00:11:22:33:44:55:66:77:88:99:ff:aa:bb:cc:dd:ee:ff:01:23:45 380s 380s Test Organization Sub Int Token 380s + echo 'Test Organization Sub Int Token' 380s + '[' -n '' ']' 380s + local output_base_name=SSSD-child-26969 380s + local output_file=/tmp/sssd-softhsm2-DT6xzB/SSSD-child-26969.output 380s + output_cert_file=/tmp/sssd-softhsm2-DT6xzB/SSSD-child-26969.pem 380s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-DT6xzB/test-root-CA.pem 380s [p11_child[2344]] [main] (0x0400): p11_child started. 380s [p11_child[2344]] [main] (0x2000): Running in [pre-auth] mode. 380s [p11_child[2344]] [main] (0x2000): Running with effective IDs: [0][0]. 380s [p11_child[2344]] [main] (0x2000): Running with real IDs [0][0]. 380s [p11_child[2344]] [do_card] (0x4000): Module List: 380s [p11_child[2344]] [do_card] (0x4000): common name: [softhsm2]. 380s [p11_child[2344]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 380s [p11_child[2344]] [do_card] (0x4000): Description [SoftHSM slot ID 0x4dd2f738] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 380s [p11_child[2344]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 380s [p11_child[2344]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x4dd2f738][1305671480] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 380s [p11_child[2344]] [do_card] (0x4000): Login NOT required. 380s [p11_child[2344]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 380s [p11_child[2344]] [do_verification] (0x0040): X509_verify_cert failed [0]. 380s [p11_child[2344]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 380s [p11_child[2344]] [read_certs] (0x0040): Certificate [Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] not valid, skipping. 380s [p11_child[2344]] [do_card] (0x4000): No certificate found. 380s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-DT6xzB/SSSD-child-26969.output 380s + return 2 380s + invalid_certificate /tmp/sssd-softhsm2-DT6xzB/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-30543 /tmp/sssd-softhsm2-DT6xzB/test-root-CA.pem partial_chain 380s + check_certificate /tmp/sssd-softhsm2-DT6xzB/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-30543 /tmp/sssd-softhsm2-DT6xzB/test-root-CA.pem partial_chain 380s + local certificate=/tmp/sssd-softhsm2-DT6xzB/test-sub-intermediate-CA-trusted-certificate-0001.pem 380s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-30543 380s + local key_ring=/tmp/sssd-softhsm2-DT6xzB/test-root-CA.pem 380s + local verify_option=partial_chain 380s + prepare_softhsm2_card /tmp/sssd-softhsm2-DT6xzB/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-30543 380s + local certificate=/tmp/sssd-softhsm2-DT6xzB/test-sub-intermediate-CA-trusted-certificate-0001.pem 380s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-30543 380s + local key_cn 380s + local key_name 380s + local tokens_dir 380s + local output_cert_file 380s + token_name= 380s ++ basename /tmp/sssd-softhsm2-DT6xzB/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 380s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 380s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-DT6xzB/test-sub-intermediate-CA-trusted-certificate-0001.pem 380s ++ sed -n 's/ *commonName *= //p' 380s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 380s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 380s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-DT6xzB/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 380s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-DT6xzB/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 380s ++ basename /tmp/sssd-softhsm2-DT6xzB/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 380s + tokens_dir=/tmp/sssd-softhsm2-DT6xzB/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 380s + token_name='Test Organization Sub Int Token' 380s + '[' '!' -e /tmp/sssd-softhsm2-DT6xzB/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 380s + '[' '!' -d /tmp/sssd-softhsm2-DT6xzB/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 380s + echo 'Test Organization Sub Int Token' 380s + '[' -n partial_chain ']' 380s + local verify_arg=--verify=partial_chain 380s + local output_base_name=SSSD-child-21827 380s + local output_file=/tmp/sssd-softhsm2-DT6xzB/SSSD-child-21827.output 380s Test Organization Sub Int Token 380s + output_cert_file=/tmp/sssd-softhsm2-DT6xzB/SSSD-child-21827.pem 380s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-DT6xzB/test-root-CA.pem 380s [p11_child[2351]] [main] (0x0400): p11_child started. 380s [p11_child[2351]] [main] (0x2000): Running in [pre-auth] mode. 380s [p11_child[2351]] [main] (0x2000): Running with effective IDs: [0][0]. 380s [p11_child[2351]] [main] (0x2000): Running with real IDs [0][0]. 380s [p11_child[2351]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 380s [p11_child[2351]] [do_card] (0x4000): Module List: 380s [p11_child[2351]] [do_card] (0x4000): common name: [softhsm2]. 380s [p11_child[2351]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 380s [p11_child[2351]] [do_card] (0x4000): Description [SoftHSM slot ID 0x4dd2f738] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 380s [p11_child[2351]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 380s [p11_child[2351]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x4dd2f738][1305671480] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 380s [p11_child[2351]] [do_card] (0x4000): Login NOT required. 380s [p11_child[2351]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 380s [p11_child[2351]] [do_verification] (0x0040): X509_verify_cert failed [0]. 380s [p11_child[2351]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 380s [p11_child[2351]] [read_certs] (0x0040): Certificate [Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] not valid, skipping. 380s [p11_child[2351]] [do_card] (0x4000): No certificate found. 380s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-DT6xzB/SSSD-child-21827.output 380s + return 2 380s + valid_certificate /tmp/sssd-softhsm2-DT6xzB/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-30543 /tmp/sssd-softhsm2-DT6xzB/test-full-chain-CA.pem 380s + check_certificate /tmp/sssd-softhsm2-DT6xzB/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-30543 /tmp/sssd-softhsm2-DT6xzB/test-full-chain-CA.pem 380s + local certificate=/tmp/sssd-softhsm2-DT6xzB/test-sub-intermediate-CA-trusted-certificate-0001.pem 380s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-30543 380s + local key_ring=/tmp/sssd-softhsm2-DT6xzB/test-full-chain-CA.pem 380s + local verify_option= 380s + prepare_softhsm2_card /tmp/sssd-softhsm2-DT6xzB/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-30543 380s + local certificate=/tmp/sssd-softhsm2-DT6xzB/test-sub-intermediate-CA-trusted-certificate-0001.pem 380s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-30543 380s + local key_cn 380s + local key_name 380s + local tokens_dir 380s + local output_cert_file 380s + token_name= 380s ++ basename /tmp/sssd-softhsm2-DT6xzB/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 380s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 380s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-DT6xzB/test-sub-intermediate-CA-trusted-certificate-0001.pem 380s ++ sed -n 's/ *commonName *= //p' 380s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 380s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 380s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-DT6xzB/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 380s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-DT6xzB/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 380s ++ basename /tmp/sssd-softhsm2-DT6xzB/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 380s + tokens_dir=/tmp/sssd-softhsm2-DT6xzB/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 380s + token_name='Test Organization Sub Int Token' 380s + '[' '!' -e /tmp/sssd-softhsm2-DT6xzB/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 380s + '[' '!' -d /tmp/sssd-softhsm2-DT6xzB/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 380s + echo 'Test Organization Sub Int Token' 380s Test Organization Sub Int Token 380s + '[' -n '' ']' 380s + local output_base_name=SSSD-child-24028 380s + local output_file=/tmp/sssd-softhsm2-DT6xzB/SSSD-child-24028.output 380s + output_cert_file=/tmp/sssd-softhsm2-DT6xzB/SSSD-child-24028.pem 380s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-DT6xzB/test-full-chain-CA.pem 380s [p11_child[2358]] [main] (0x0400): p11_child started. 380s [p11_child[2358]] [main] (0x2000): Running in [pre-auth] mode. 380s [p11_child[2358]] [main] (0x2000): Running with effective IDs: [0][0]. 380s [p11_child[2358]] [main] (0x2000): Running with real IDs [0][0]. 380s [p11_child[2358]] [do_card] (0x4000): Module List: 380s [p11_child[2358]] [do_card] (0x4000): common name: [softhsm2]. 380s [p11_child[2358]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 380s [p11_child[2358]] [do_card] (0x4000): Description [SoftHSM slot ID 0x4dd2f738] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 380s [p11_child[2358]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 380s [p11_child[2358]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x4dd2f738][1305671480] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 380s [p11_child[2358]] [do_card] (0x4000): Login NOT required. 380s [p11_child[2358]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 380s [p11_child[2358]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 380s [p11_child[2358]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Sub Int Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 380s [p11_child[2358]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x4dd2f738;slot-manufacturer=SoftHSM%20project;slot-id=1305671480;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=dc4d6bc0cdd2f738;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 380s [p11_child[2358]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 380s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-DT6xzB/SSSD-child-24028.output 380s + echo '-----BEGIN CERTIFICATE-----' 380s + tail -n1 /tmp/sssd-softhsm2-DT6xzB/SSSD-child-24028.output 380s + echo '-----END CERTIFICATE-----' 380s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-DT6xzB/SSSD-child-24028.pem 380s Certificate: 380s Data: 380s Version: 3 (0x2) 380s Serial Number: 5 (0x5) 380s Signature Algorithm: sha256WithRSAEncryption 380s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 380s Validity 380s Not Before: Mar 21 17:57:06 2024 GMT 380s Not After : Mar 21 17:57:06 2025 GMT 380s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 380s Subject Public Key Info: 380s Public Key Algorithm: rsaEncryption 380s Public-Key: (1024 bit) 380s Modulus: 380s 00:bf:55:67:46:17:0d:54:50:e2:b1:69:d9:fc:0c: 380s 99:8f:ad:79:23:fd:a8:16:fb:4b:c5:28:aa:9d:84: 380s e1:a1:1d:25:36:b7:6c:53:af:9b:84:02:9d:2c:91: 380s 58:fa:c7:6c:96:94:f1:9b:cb:ed:0e:b3:60:2a:dc: 380s f6:e0:14:13:61:96:4b:57:e8:ba:51:c9:df:6d:86: 380s ee:ea:81:df:8f:24:30:5f:01:f8:f9:1c:cb:ed:38: 380s 38:dd:ba:65:a9:ce:0f:3b:b1:5a:6c:6d:c1:f3:a0: 380s b2:e3:40:51:11:81:f9:ed:21:72:74:37:53:ad:27: 380s 97:eb:2e:09:1a:fc:bd:95:b7 380s Exponent: 65537 (0x10001) 380s X509v3 extensions: 380s X509v3 Authority Key Identifier: 380s DB:25:87:A1:B9:69:5C:7C:59:84:E6:42:AD:1F:25:F9:D9:A8:6A:F9 380s X509v3 Basic Constraints: 380s CA:FALSE 380s Netscape Cert Type: 380s SSL Client, S/MIME 380s Netscape Comment: 380s Test Organization Sub Intermediate CA trusted Certificate 380s X509v3 Subject Key Identifier: 380s D4:E7:39:1F:77:9F:1E:30:41:56:A7:84:7E:0C:0A:3C:7C:77:F4:5A 380s X509v3 Key Usage: critical 380s Digital Signature, Non Repudiation, Key Encipherment 380s X509v3 Extended Key Usage: 380s TLS Web Client Authentication, E-mail Protection 380s X509v3 Subject Alternative Name: 380s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 380s Signature Algorithm: sha256WithRSAEncryption 380s Signature Value: 380s 18:21:79:69:a0:bb:89:53:2c:9b:3e:22:ff:b7:89:98:c3:2e: 380s 18:83:54:0e:dc:af:22:3a:d2:1f:fc:37:17:71:f6:f6:50:f7: 380s 38:c4:2a:6c:19:c7:7c:93:77:fd:6b:9a:0a:2b:e1:6b:98:0c: 380s 84:7b:13:48:9b:f2:c8:bf:1e:bc:b9:08:5b:8f:91:0d:86:35: 380s 50:d1:d7:10:5c:c8:9e:7a:06:85:a7:dc:ed:9e:70:fd:9b:87: 380s 32:e0:9b:17:b9:29:ad:4c:49:8c:f1:14:51:91:74:9a:12:95: 380s 82:2f:80:d9:3d:5b:ec:58:9d:2d:c2:78:73:e9:57:e5:31:63: 380s a3:8d 380s + local found_md5 expected_md5 380s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-DT6xzB/test-sub-intermediate-CA-trusted-certificate-0001.pem 380s + expected_md5=Modulus=BF556746170D5450E2B169D9FC0C998FAD7923FDA816FB4BC528AA9D84E1A11D2536B76C53AF9B84029D2C9158FAC76C9694F19BCBED0EB3602ADCF6E0141361964B57E8BA51C9DF6D86EEEA81DF8F24305F01F8F91CCBED3838DDBA65A9CE0F3BB15A6C6DC1F3A0B2E340511181F9ED2172743753AD2797EB2E091AFCBD95B7 380s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-DT6xzB/SSSD-child-24028.pem 380s + found_md5=Modulus=BF556746170D5450E2B169D9FC0C998FAD7923FDA816FB4BC528AA9D84E1A11D2536B76C53AF9B84029D2C9158FAC76C9694F19BCBED0EB3602ADCF6E0141361964B57E8BA51C9DF6D86EEEA81DF8F24305F01F8F91CCBED3838DDBA65A9CE0F3BB15A6C6DC1F3A0B2E340511181F9ED2172743753AD2797EB2E091AFCBD95B7 380s + '[' Modulus=BF556746170D5450E2B169D9FC0C998FAD7923FDA816FB4BC528AA9D84E1A11D2536B76C53AF9B84029D2C9158FAC76C9694F19BCBED0EB3602ADCF6E0141361964B57E8BA51C9DF6D86EEEA81DF8F24305F01F8F91CCBED3838DDBA65A9CE0F3BB15A6C6DC1F3A0B2E340511181F9ED2172743753AD2797EB2E091AFCBD95B7 '!=' Modulus=BF556746170D5450E2B169D9FC0C998FAD7923FDA816FB4BC528AA9D84E1A11D2536B76C53AF9B84029D2C9158FAC76C9694F19BCBED0EB3602ADCF6E0141361964B57E8BA51C9DF6D86EEEA81DF8F24305F01F8F91CCBED3838DDBA65A9CE0F3BB15A6C6DC1F3A0B2E340511181F9ED2172743753AD2797EB2E091AFCBD95B7 ']' 380s + output_file=/tmp/sssd-softhsm2-DT6xzB/SSSD-child-24028-auth.output 380s ++ basename /tmp/sssd-softhsm2-DT6xzB/SSSD-child-24028-auth.output .output 380s + output_cert_file=/tmp/sssd-softhsm2-DT6xzB/SSSD-child-24028-auth.pem 380s + echo -n 053350 380s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-DT6xzB/test-full-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 '' --token_name 'Test Organization Sub Int Token' --module_name /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so 380s [p11_child[2366]] [main] (0x0400): p11_child started. 380s [p11_child[2366]] [main] (0x2000): Running in [auth] mode. 380s [p11_child[2366]] [main] (0x2000): Running with effective IDs: [0][0]. 380s [p11_child[2366]] [main] (0x2000): Running with real IDs [0][0]. 380s [p11_child[2366]] [do_card] (0x4000): Module List: 380s [p11_child[2366]] [do_card] (0x4000): common name: [softhsm2]. 380s [p11_child[2366]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 380s [p11_child[2366]] [do_card] (0x4000): Description [SoftHSM slot ID 0x4dd2f738] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 380s [p11_child[2366]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 380s [p11_child[2366]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x4dd2f738][1305671480] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 380s [p11_child[2366]] [do_card] (0x4000): Login required. 380s [p11_child[2366]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 380s [p11_child[2366]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 380s [p11_child[2366]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so Test Organization Sub Int Token Test Organization Sub Int Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 380s [p11_child[2366]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x4dd2f738;slot-manufacturer=SoftHSM%20project;slot-id=1305671480;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=dc4d6bc0cdd2f738;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 380s [p11_child[2366]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 380s [p11_child[2366]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 380s [p11_child[2366]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 380s [p11_child[2366]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 380s [p11_child[2366]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 380s [p11_child[2366]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 380s [p11_child[2366]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 380s [p11_child[2366]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 380s [p11_child[2366]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 380s [p11_child[2366]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 380s [p11_child[2366]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 380s [p11_child[2366]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 380s [p11_child[2366]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 380s [p11_child[2366]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 380s [p11_child[2366]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 380s [p11_child[2366]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 380s [p11_child[2366]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 380s [p11_child[2366]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 380s [p11_child[2366]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 380s [p11_child[2366]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 380s [p11_child[2366]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 380s [p11_child[2366]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 380s [p11_child[2366]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 380s [p11_child[2366]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 380s [p11_child[2366]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 380s [p11_child[2366]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 380s [p11_child[2366]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 380s [p11_child[2366]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 380s [p11_child[2366]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 380s [p11_child[2366]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 380s [p11_child[2366]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 380s [p11_child[2366]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 380s [p11_child[2366]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 380s [p11_child[2366]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 380s [p11_child[2366]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 380s [p11_child[2366]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 380s [p11_child[2366]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 380s [p11_child[2366]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 380s [p11_child[2366]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 380s [p11_child[2366]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 380s [p11_child[2366]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 380s [p11_child[2366]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 380s [p11_child[2366]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 380s [p11_child[2366]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 380s [p11_child[2366]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 380s [p11_child[2366]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 380s [p11_child[2366]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 380s [p11_child[2366]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 380s [p11_child[2366]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 380s [p11_child[2366]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 380s [p11_child[2366]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 380s [p11_child[2366]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 380s [p11_child[2366]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 380s [p11_child[2366]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 380s [p11_child[2366]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 380s [p11_child[2366]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 380s [p11_child[2366]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 380s [p11_child[2366]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 380s [p11_child[2366]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 380s [p11_child[2366]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 380s [p11_child[2366]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 380s [p11_child[2366]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 380s [p11_child[2366]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 380s [p11_child[2366]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 380s [p11_child[2366]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 380s [p11_child[2366]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 380s [p11_child[2366]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 380s [p11_child[2366]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 380s [p11_child[2366]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 380s [p11_child[2366]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 380s [p11_child[2366]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 380s [p11_child[2366]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 380s [p11_child[2366]] [do_card] (0x4000): Certificate verified and validated. 380s [p11_child[2366]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 380s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-DT6xzB/SSSD-child-24028-auth.output 380s + echo '-----BEGIN CERTIFICATE-----' 380s + tail -n1 /tmp/sssd-softhsm2-DT6xzB/SSSD-child-24028-auth.output 380s + echo '-----END CERTIFICATE-----' 380s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-DT6xzB/SSSD-child-24028-auth.pem 380s Certificate: 380s Data: 380s Version: 3 (0x2) 380s Serial Number: 5 (0x5) 380s Signature Algorithm: sha256WithRSAEncryption 380s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 380s Validity 380s Not Before: Mar 21 17:57:06 2024 GMT 380s Not After : Mar 21 17:57:06 2025 GMT 380s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 380s Subject Public Key Info: 380s Public Key Algorithm: rsaEncryption 380s Public-Key: (1024 bit) 380s Modulus: 380s 00:bf:55:67:46:17:0d:54:50:e2:b1:69:d9:fc:0c: 380s 99:8f:ad:79:23:fd:a8:16:fb:4b:c5:28:aa:9d:84: 380s e1:a1:1d:25:36:b7:6c:53:af:9b:84:02:9d:2c:91: 380s 58:fa:c7:6c:96:94:f1:9b:cb:ed:0e:b3:60:2a:dc: 380s f6:e0:14:13:61:96:4b:57:e8:ba:51:c9:df:6d:86: 380s ee:ea:81:df:8f:24:30:5f:01:f8:f9:1c:cb:ed:38: 380s 38:dd:ba:65:a9:ce:0f:3b:b1:5a:6c:6d:c1:f3:a0: 380s b2:e3:40:51:11:81:f9:ed:21:72:74:37:53:ad:27: 380s 97:eb:2e:09:1a:fc:bd:95:b7 380s Exponent: 65537 (0x10001) 380s X509v3 extensions: 380s X509v3 Authority Key Identifier: 380s DB:25:87:A1:B9:69:5C:7C:59:84:E6:42:AD:1F:25:F9:D9:A8:6A:F9 380s X509v3 Basic Constraints: 380s CA:FALSE 380s Netscape Cert Type: 380s SSL Client, S/MIME 380s Netscape Comment: 380s Test Organization Sub Intermediate CA trusted Certificate 380s X509v3 Subject Key Identifier: 380s D4:E7:39:1F:77:9F:1E:30:41:56:A7:84:7E:0C:0A:3C:7C:77:F4:5A 380s X509v3 Key Usage: critical 380s Digital Signature, Non Repudiation, Key Encipherment 380s X509v3 Extended Key Usage: 380s TLS Web Client Authentication, E-mail Protection 380s X509v3 Subject Alternative Name: 380s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 380s Signature Algorithm: sha256WithRSAEncryption 380s Signature Value: 380s 18:21:79:69:a0:bb:89:53:2c:9b:3e:22:ff:b7:89:98:c3:2e: 380s 18:83:54:0e:dc:af:22:3a:d2:1f:fc:37:17:71:f6:f6:50:f7: 380s 38:c4:2a:6c:19:c7:7c:93:77:fd:6b:9a:0a:2b:e1:6b:98:0c: 380s 84:7b:13:48:9b:f2:c8:bf:1e:bc:b9:08:5b:8f:91:0d:86:35: 380s 50:d1:d7:10:5c:c8:9e:7a:06:85:a7:dc:ed:9e:70:fd:9b:87: 380s 32:e0:9b:17:b9:29:ad:4c:49:8c:f1:14:51:91:74:9a:12:95: 380s 82:2f:80:d9:3d:5b:ec:58:9d:2d:c2:78:73:e9:57:e5:31:63: 380s a3:8d 380s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-DT6xzB/SSSD-child-24028-auth.pem 380s + found_md5=Modulus=BF556746170D5450E2B169D9FC0C998FAD7923FDA816FB4BC528AA9D84E1A11D2536B76C53AF9B84029D2C9158FAC76C9694F19BCBED0EB3602ADCF6E0141361964B57E8BA51C9DF6D86EEEA81DF8F24305F01F8F91CCBED3838DDBA65A9CE0F3BB15A6C6DC1F3A0B2E340511181F9ED2172743753AD2797EB2E091AFCBD95B7 380s + '[' Modulus=BF556746170D5450E2B169D9FC0C998FAD7923FDA816FB4BC528AA9D84E1A11D2536B76C53AF9B84029D2C9158FAC76C9694F19BCBED0EB3602ADCF6E0141361964B57E8BA51C9DF6D86EEEA81DF8F24305F01F8F91CCBED3838DDBA65A9CE0F3BB15A6C6DC1F3A0B2E340511181F9ED2172743753AD2797EB2E091AFCBD95B7 '!=' Modulus=BF556746170D5450E2B169D9FC0C998FAD7923FDA816FB4BC528AA9D84E1A11D2536B76C53AF9B84029D2C9158FAC76C9694F19BCBED0EB3602ADCF6E0141361964B57E8BA51C9DF6D86EEEA81DF8F24305F01F8F91CCBED3838DDBA65A9CE0F3BB15A6C6DC1F3A0B2E340511181F9ED2172743753AD2797EB2E091AFCBD95B7 ']' 380s + valid_certificate /tmp/sssd-softhsm2-DT6xzB/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-30543 /tmp/sssd-softhsm2-DT6xzB/test-full-chain-CA.pem partial_chain 380s + check_certificate /tmp/sssd-softhsm2-DT6xzB/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-30543 /tmp/sssd-softhsm2-DT6xzB/test-full-chain-CA.pem partial_chain 380s + local certificate=/tmp/sssd-softhsm2-DT6xzB/test-sub-intermediate-CA-trusted-certificate-0001.pem 380s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-30543 380s + local key_ring=/tmp/sssd-softhsm2-DT6xzB/test-full-chain-CA.pem 380s + local verify_option=partial_chain 380s + prepare_softhsm2_card /tmp/sssd-softhsm2-DT6xzB/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-30543 380s + local certificate=/tmp/sssd-softhsm2-DT6xzB/test-sub-intermediate-CA-trusted-certificate-0001.pem 380s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-30543 380s + local key_cn 380s + local key_name 380s + local tokens_dir 380s + local output_cert_file 380s + token_name= 380s ++ basename /tmp/sssd-softhsm2-DT6xzB/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 380s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 380s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-DT6xzB/test-sub-intermediate-CA-trusted-certificate-0001.pem 380s ++ sed -n 's/ *commonName *= //p' 380s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 380s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 380s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-DT6xzB/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 380s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-DT6xzB/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 380s ++ basename /tmp/sssd-softhsm2-DT6xzB/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 380s + tokens_dir=/tmp/sssd-softhsm2-DT6xzB/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 380s + token_name='Test Organization Sub Int Token' 380s + '[' '!' -e /tmp/sssd-softhsm2-DT6xzB/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 380s + '[' '!' -d /tmp/sssd-softhsm2-DT6xzB/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 380s + echo 'Test Organization Sub Int Token' 380s + '[' -n partial_chain ']' 380s + local verify_arg=--verify=partial_chain 380s + local output_base_name=SSSD-child-13035 380s + local output_file=/tmp/sssd-softhsm2-DT6xzB/SSSD-child-13035.output 380s + output_cert_file=/tmp/sssd-softhsm2-DT6xzB/SSSD-child-13035.pem 380s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-DT6xzB/test-full-chain-CA.pem 380s Test Organization Sub Int Token 380s [p11_child[2376]] [main] (0x0400): p11_child started. 380s [p11_child[2376]] [main] (0x2000): Running in [pre-auth] mode. 380s [p11_child[2376]] [main] (0x2000): Running with effective IDs: [0][0]. 380s [p11_child[2376]] [main] (0x2000): Running with real IDs [0][0]. 380s [p11_child[2376]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 380s [p11_child[2376]] [do_card] (0x4000): Module List: 380s [p11_child[2376]] [do_card] (0x4000): common name: [softhsm2]. 380s [p11_child[2376]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 380s [p11_child[2376]] [do_card] (0x4000): Description [SoftHSM slot ID 0x4dd2f738] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 380s [p11_child[2376]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 380s [p11_child[2376]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x4dd2f738][1305671480] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 380s [p11_child[2376]] [do_card] (0x4000): Login NOT required. 380s [p11_child[2376]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 380s [p11_child[2376]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 380s [p11_child[2376]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Sub Int Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 380s [p11_child[2376]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x4dd2f738;slot-manufacturer=SoftHSM%20project;slot-id=1305671480;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=dc4d6bc0cdd2f738;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 380s [p11_child[2376]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 380s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-DT6xzB/SSSD-child-13035.output 380s + echo '-----BEGIN CERTIFICATE-----' 380s + tail -n1 /tmp/sssd-softhsm2-DT6xzB/SSSD-child-13035.output 380s + echo '-----END CERTIFICATE-----' 380s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-DT6xzB/SSSD-child-13035.pem 380s Certificate: 380s Data: 380s Version: 3 (0x2) 380s Serial Number: 5 (0x5) 380s Signature Algorithm: sha256WithRSAEncryption 380s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 380s Validity 380s Not Before: Mar 21 17:57:06 2024 GMT 380s Not After : Mar 21 17:57:06 2025 GMT 380s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 380s Subject Public Key Info: 380s Public Key Algorithm: rsaEncryption 380s Public-Key: (1024 bit) 380s Modulus: 380s 00:bf:55:67:46:17:0d:54:50:e2:b1:69:d9:fc:0c: 380s 99:8f:ad:79:23:fd:a8:16:fb:4b:c5:28:aa:9d:84: 380s e1:a1:1d:25:36:b7:6c:53:af:9b:84:02:9d:2c:91: 380s 58:fa:c7:6c:96:94:f1:9b:cb:ed:0e:b3:60:2a:dc: 380s f6:e0:14:13:61:96:4b:57:e8:ba:51:c9:df:6d:86: 380s ee:ea:81:df:8f:24:30:5f:01:f8:f9:1c:cb:ed:38: 380s 38:dd:ba:65:a9:ce:0f:3b:b1:5a:6c:6d:c1:f3:a0: 380s b2:e3:40:51:11:81:f9:ed:21:72:74:37:53:ad:27: 380s 97:eb:2e:09:1a:fc:bd:95:b7 380s Exponent: 65537 (0x10001) 380s X509v3 extensions: 380s X509v3 Authority Key Identifier: 380s DB:25:87:A1:B9:69:5C:7C:59:84:E6:42:AD:1F:25:F9:D9:A8:6A:F9 380s X509v3 Basic Constraints: 380s CA:FALSE 380s Netscape Cert Type: 380s SSL Client, S/MIME 380s Netscape Comment: 380s Test Organization Sub Intermediate CA trusted Certificate 380s X509v3 Subject Key Identifier: 380s D4:E7:39:1F:77:9F:1E:30:41:56:A7:84:7E:0C:0A:3C:7C:77:F4:5A 380s X509v3 Key Usage: critical 380s Digital Signature, Non Repudiation, Key Encipherment 380s X509v3 Extended Key Usage: 380s TLS Web Client Authentication, E-mail Protection 380s X509v3 Subject Alternative Name: 380s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 380s Signature Algorithm: sha256WithRSAEncryption 380s Signature Value: 380s 18:21:79:69:a0:bb:89:53:2c:9b:3e:22:ff:b7:89:98:c3:2e: 380s 18:83:54:0e:dc:af:22:3a:d2:1f:fc:37:17:71:f6:f6:50:f7: 380s 38:c4:2a:6c:19:c7:7c:93:77:fd:6b:9a:0a:2b:e1:6b:98:0c: 380s 84:7b:13:48:9b:f2:c8:bf:1e:bc:b9:08:5b:8f:91:0d:86:35: 380s 50:d1:d7:10:5c:c8:9e:7a:06:85:a7:dc:ed:9e:70:fd:9b:87: 380s 32:e0:9b:17:b9:29:ad:4c:49:8c:f1:14:51:91:74:9a:12:95: 380s 82:2f:80:d9:3d:5b:ec:58:9d:2d:c2:78:73:e9:57:e5:31:63: 380s a3:8d 380s + local found_md5 expected_md5 380s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-DT6xzB/test-sub-intermediate-CA-trusted-certificate-0001.pem 380s + expected_md5=Modulus=BF556746170D5450E2B169D9FC0C998FAD7923FDA816FB4BC528AA9D84E1A11D2536B76C53AF9B84029D2C9158FAC76C9694F19BCBED0EB3602ADCF6E0141361964B57E8BA51C9DF6D86EEEA81DF8F24305F01F8F91CCBED3838DDBA65A9CE0F3BB15A6C6DC1F3A0B2E340511181F9ED2172743753AD2797EB2E091AFCBD95B7 380s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-DT6xzB/SSSD-child-13035.pem 380s + found_md5=Modulus=BF556746170D5450E2B169D9FC0C998FAD7923FDA816FB4BC528AA9D84E1A11D2536B76C53AF9B84029D2C9158FAC76C9694F19BCBED0EB3602ADCF6E0141361964B57E8BA51C9DF6D86EEEA81DF8F24305F01F8F91CCBED3838DDBA65A9CE0F3BB15A6C6DC1F3A0B2E340511181F9ED2172743753AD2797EB2E091AFCBD95B7 380s + '[' Modulus=BF556746170D5450E2B169D9FC0C998FAD7923FDA816FB4BC528AA9D84E1A11D2536B76C53AF9B84029D2C9158FAC76C9694F19BCBED0EB3602ADCF6E0141361964B57E8BA51C9DF6D86EEEA81DF8F24305F01F8F91CCBED3838DDBA65A9CE0F3BB15A6C6DC1F3A0B2E340511181F9ED2172743753AD2797EB2E091AFCBD95B7 '!=' Modulus=BF556746170D5450E2B169D9FC0C998FAD7923FDA816FB4BC528AA9D84E1A11D2536B76C53AF9B84029D2C9158FAC76C9694F19BCBED0EB3602ADCF6E0141361964B57E8BA51C9DF6D86EEEA81DF8F24305F01F8F91CCBED3838DDBA65A9CE0F3BB15A6C6DC1F3A0B2E340511181F9ED2172743753AD2797EB2E091AFCBD95B7 ']' 380s + output_file=/tmp/sssd-softhsm2-DT6xzB/SSSD-child-13035-auth.output 380s ++ basename /tmp/sssd-softhsm2-DT6xzB/SSSD-child-13035-auth.output .output 380s + output_cert_file=/tmp/sssd-softhsm2-DT6xzB/SSSD-child-13035-auth.pem 380s + echo -n 053350 380s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-DT6xzB/test-full-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Sub Int Token' --module_name /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so 380s [p11_child[2384]] [main] (0x0400): p11_child started. 380s [p11_child[2384]] [main] (0x2000): Running in [auth] mode. 380s [p11_child[2384]] [main] (0x2000): Running with effective IDs: [0][0]. 380s [p11_child[2384]] [main] (0x2000): Running with real IDs [0][0]. 380s [p11_child[2384]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 380s [p11_child[2384]] [do_card] (0x4000): Module List: 380s [p11_child[2384]] [do_card] (0x4000): common name: [softhsm2]. 380s [p11_child[2384]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 380s [p11_child[2384]] [do_card] (0x4000): Description [SoftHSM slot ID 0x4dd2f738] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 380s [p11_child[2384]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 380s [p11_child[2384]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x4dd2f738][1305671480] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 380s [p11_child[2384]] [do_card] (0x4000): Login required. 380s [p11_child[2384]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 380s [p11_child[2384]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 380s [p11_child[2384]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so Test Organization Sub Int Token Test Organization Sub Int Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 380s [p11_child[2384]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x4dd2f738;slot-manufacturer=SoftHSM%20project;slot-id=1305671480;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=dc4d6bc0cdd2f738;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 380s [p11_child[2384]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 380s [p11_child[2384]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 380s [p11_child[2384]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 380s [p11_child[2384]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 380s [p11_child[2384]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 380s [p11_child[2384]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 380s [p11_child[2384]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 380s [p11_child[2384]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 380s [p11_child[2384]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 380s [p11_child[2384]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 380s [p11_child[2384]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 380s [p11_child[2384]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 380s [p11_child[2384]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 380s [p11_child[2384]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 380s [p11_child[2384]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 380s [p11_child[2384]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 380s [p11_child[2384]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 380s [p11_child[2384]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 380s [p11_child[2384]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 380s [p11_child[2384]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 380s [p11_child[2384]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 380s [p11_child[2384]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 380s [p11_child[2384]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 380s [p11_child[2384]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 380s [p11_child[2384]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 380s [p11_child[2384]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 380s [p11_child[2384]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 380s [p11_child[2384]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 380s [p11_child[2384]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 380s [p11_child[2384]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 380s [p11_child[2384]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 380s [p11_child[2384]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 380s [p11_child[2384]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 380s [p11_child[2384]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 380s [p11_child[2384]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 380s [p11_child[2384]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 380s [p11_child[2384]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 380s [p11_child[2384]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 380s [p11_child[2384]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 380s [p11_child[2384]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 380s [p11_child[2384]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 380s [p11_child[2384]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 380s [p11_child[2384]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 380s [p11_child[2384]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 380s [p11_child[2384]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 380s [p11_child[2384]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 380s [p11_child[2384]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 380s [p11_child[2384]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 380s [p11_child[2384]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 380s [p11_child[2384]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 380s [p11_child[2384]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 380s [p11_child[2384]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 380s [p11_child[2384]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 380s [p11_child[2384]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 380s [p11_child[2384]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 380s [p11_child[2384]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 380s [p11_child[2384]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 380s [p11_child[2384]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 380s [p11_child[2384]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 380s [p11_child[2384]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 380s [p11_child[2384]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 380s [p11_child[2384]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 380s [p11_child[2384]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 380s [p11_child[2384]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 380s [p11_child[2384]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 380s [p11_child[2384]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 380s [p11_child[2384]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 380s [p11_child[2384]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 380s [p11_child[2384]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 380s [p11_child[2384]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 380s [p11_child[2384]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 380s [p11_child[2384]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 380s [p11_child[2384]] [do_card] (0x4000): Certificate verified and validated. 380s [p11_child[2384]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 380s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-DT6xzB/SSSD-child-13035-auth.output 380s + echo '-----BEGIN CERTIFICATE-----' 380s + tail -n1 /tmp/sssd-softhsm2-DT6xzB/SSSD-child-13035-auth.output 380s + echo '-----END CERTIFICATE-----' 380s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-DT6xzB/SSSD-child-13035-auth.pem 380s Certificate: 380s Data: 380s Version: 3 (0x2) 380s Serial Number: 5 (0x5) 380s Signature Algorithm: sha256WithRSAEncryption 380s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 380s Validity 380s Not Before: Mar 21 17:57:06 2024 GMT 380s Not After : Mar 21 17:57:06 2025 GMT 380s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 380s Subject Public Key Info: 380s Public Key Algorithm: rsaEncryption 380s Public-Key: (1024 bit) 380s Modulus: 380s 00:bf:55:67:46:17:0d:54:50:e2:b1:69:d9:fc:0c: 380s 99:8f:ad:79:23:fd:a8:16:fb:4b:c5:28:aa:9d:84: 380s e1:a1:1d:25:36:b7:6c:53:af:9b:84:02:9d:2c:91: 380s 58:fa:c7:6c:96:94:f1:9b:cb:ed:0e:b3:60:2a:dc: 380s f6:e0:14:13:61:96:4b:57:e8:ba:51:c9:df:6d:86: 380s ee:ea:81:df:8f:24:30:5f:01:f8:f9:1c:cb:ed:38: 380s 38:dd:ba:65:a9:ce:0f:3b:b1:5a:6c:6d:c1:f3:a0: 380s b2:e3:40:51:11:81:f9:ed:21:72:74:37:53:ad:27: 380s 97:eb:2e:09:1a:fc:bd:95:b7 380s Exponent: 65537 (0x10001) 380s X509v3 extensions: 380s X509v3 Authority Key Identifier: 380s DB:25:87:A1:B9:69:5C:7C:59:84:E6:42:AD:1F:25:F9:D9:A8:6A:F9 380s X509v3 Basic Constraints: 380s CA:FALSE 380s Netscape Cert Type: 380s SSL Client, S/MIME 380s Netscape Comment: 380s Test Organization Sub Intermediate CA trusted Certificate 380s X509v3 Subject Key Identifier: 380s D4:E7:39:1F:77:9F:1E:30:41:56:A7:84:7E:0C:0A:3C:7C:77:F4:5A 380s X509v3 Key Usage: critical 380s Digital Signature, Non Repudiation, Key Encipherment 380s X509v3 Extended Key Usage: 380s TLS Web Client Authentication, E-mail Protection 380s X509v3 Subject Alternative Name: 380s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 380s Signature Algorithm: sha256WithRSAEncryption 380s Signature Value: 380s 18:21:79:69:a0:bb:89:53:2c:9b:3e:22:ff:b7:89:98:c3:2e: 380s 18:83:54:0e:dc:af:22:3a:d2:1f:fc:37:17:71:f6:f6:50:f7: 380s 38:c4:2a:6c:19:c7:7c:93:77:fd:6b:9a:0a:2b:e1:6b:98:0c: 380s 84:7b:13:48:9b:f2:c8:bf:1e:bc:b9:08:5b:8f:91:0d:86:35: 380s 50:d1:d7:10:5c:c8:9e:7a:06:85:a7:dc:ed:9e:70:fd:9b:87: 380s 32:e0:9b:17:b9:29:ad:4c:49:8c:f1:14:51:91:74:9a:12:95: 380s 82:2f:80:d9:3d:5b:ec:58:9d:2d:c2:78:73:e9:57:e5:31:63: 380s a3:8d 380s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-DT6xzB/SSSD-child-13035-auth.pem 380s + found_md5=Modulus=BF556746170D5450E2B169D9FC0C998FAD7923FDA816FB4BC528AA9D84E1A11D2536B76C53AF9B84029D2C9158FAC76C9694F19BCBED0EB3602ADCF6E0141361964B57E8BA51C9DF6D86EEEA81DF8F24305F01F8F91CCBED3838DDBA65A9CE0F3BB15A6C6DC1F3A0B2E340511181F9ED2172743753AD2797EB2E091AFCBD95B7 380s + '[' Modulus=BF556746170D5450E2B169D9FC0C998FAD7923FDA816FB4BC528AA9D84E1A11D2536B76C53AF9B84029D2C9158FAC76C9694F19BCBED0EB3602ADCF6E0141361964B57E8BA51C9DF6D86EEEA81DF8F24305F01F8F91CCBED3838DDBA65A9CE0F3BB15A6C6DC1F3A0B2E340511181F9ED2172743753AD2797EB2E091AFCBD95B7 '!=' Modulus=BF556746170D5450E2B169D9FC0C998FAD7923FDA816FB4BC528AA9D84E1A11D2536B76C53AF9B84029D2C9158FAC76C9694F19BCBED0EB3602ADCF6E0141361964B57E8BA51C9DF6D86EEEA81DF8F24305F01F8F91CCBED3838DDBA65A9CE0F3BB15A6C6DC1F3A0B2E340511181F9ED2172743753AD2797EB2E091AFCBD95B7 ']' 380s + invalid_certificate /tmp/sssd-softhsm2-DT6xzB/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-30543 /tmp/sssd-softhsm2-DT6xzB/test-sub-intermediate-CA.pem 380s + check_certificate /tmp/sssd-softhsm2-DT6xzB/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-30543 /tmp/sssd-softhsm2-DT6xzB/test-sub-intermediate-CA.pem 380s + local certificate=/tmp/sssd-softhsm2-DT6xzB/test-sub-intermediate-CA-trusted-certificate-0001.pem 380s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-30543 380s + local key_ring=/tmp/sssd-softhsm2-DT6xzB/test-sub-intermediate-CA.pem 380s + local verify_option= 380s + prepare_softhsm2_card /tmp/sssd-softhsm2-DT6xzB/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-30543 380s + local certificate=/tmp/sssd-softhsm2-DT6xzB/test-sub-intermediate-CA-trusted-certificate-0001.pem 380s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-30543 380s + local key_cn 380s + local key_name 380s + local tokens_dir 380s + local output_cert_file 380s + token_name= 380s ++ basename /tmp/sssd-softhsm2-DT6xzB/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 380s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 380s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-DT6xzB/test-sub-intermediate-CA-trusted-certificate-0001.pem 380s ++ sed -n 's/ *commonName *= //p' 380s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 380s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 380s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-DT6xzB/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 380s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-DT6xzB/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 380s ++ basename /tmp/sssd-softhsm2-DT6xzB/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 380s + tokens_dir=/tmp/sssd-softhsm2-DT6xzB/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 380s + token_name='Test Organization Sub Int Token' 380s + '[' '!' -e /tmp/sssd-softhsm2-DT6xzB/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 380s + '[' '!' -d /tmp/sssd-softhsm2-DT6xzB/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 380s + echo 'Test Organization Sub Int Token' 380s + '[' -n '' ']' 380s + local output_base_name=SSSD-child-20367 380s + local output_file=/tmp/sssd-softhsm2-DT6xzB/SSSD-child-20367.output 380s + output_cert_file=/tmp/sssd-softhsm2-DT6xzB/SSSD-child-20367.pem 380s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-DT6xzB/test-sub-intermediate-CA.pem 380s Test Organization Sub Int Token 380s [p11_child[2394]] [main] (0x0400): p11_child started. 380s [p11_child[2394]] [main] (0x2000): Running in [pre-auth] mode. 380s [p11_child[2394]] [main] (0x2000): Running with effective IDs: [0][0]. 380s [p11_child[2394]] [main] (0x2000): Running with real IDs [0][0]. 380s [p11_child[2394]] [do_card] (0x4000): Module List: 380s [p11_child[2394]] [do_card] (0x4000): common name: [softhsm2]. 380s [p11_child[2394]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 380s [p11_child[2394]] [do_card] (0x4000): Description [SoftHSM slot ID 0x4dd2f738] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 380s [p11_child[2394]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 380s [p11_child[2394]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x4dd2f738][1305671480] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 380s [p11_child[2394]] [do_card] (0x4000): Login NOT required. 380s [p11_child[2394]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 380s [p11_child[2394]] [do_verification] (0x0040): X509_verify_cert failed [0]. 380s [p11_child[2394]] [do_verification] (0x0040): X509_verify_cert failed [2][unable to get issuer certificate]. 380s [p11_child[2394]] [read_certs] (0x0040): Certificate [Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] not valid, skipping. 380s [p11_child[2394]] [do_card] (0x4000): No certificate found. 380s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-DT6xzB/SSSD-child-20367.output 380s + return 2 380s + invalid_certificate /tmp/sssd-softhsm2-DT6xzB/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-30543 /tmp/sssd-softhsm2-DT6xzB/test-root-intermediate-chain-CA.pem partial_chain 380s + check_certificate /tmp/sssd-softhsm2-DT6xzB/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-30543 /tmp/sssd-softhsm2-DT6xzB/test-root-intermediate-chain-CA.pem partial_chain 380s + local certificate=/tmp/sssd-softhsm2-DT6xzB/test-sub-intermediate-CA-trusted-certificate-0001.pem 380s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-30543 380s + local key_ring=/tmp/sssd-softhsm2-DT6xzB/test-root-intermediate-chain-CA.pem 380s + local verify_option=partial_chain 380s + prepare_softhsm2_card /tmp/sssd-softhsm2-DT6xzB/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-30543 380s + local certificate=/tmp/sssd-softhsm2-DT6xzB/test-sub-intermediate-CA-trusted-certificate-0001.pem 380s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-30543 380s + local key_cn 380s + local key_name 380s + local tokens_dir 380s + local output_cert_file 380s + token_name= 380s ++ basename /tmp/sssd-softhsm2-DT6xzB/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 380s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 380s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-DT6xzB/test-sub-intermediate-CA-trusted-certificate-0001.pem 380s ++ sed -n 's/ *commonName *= //p' 381s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 381s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 381s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-DT6xzB/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 381s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-DT6xzB/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 381s ++ basename /tmp/sssd-softhsm2-DT6xzB/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 381s + tokens_dir=/tmp/sssd-softhsm2-DT6xzB/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 381s + token_name='Test Organization Sub Int Token' 381s + '[' '!' -e /tmp/sssd-softhsm2-DT6xzB/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 381s + '[' '!' -d /tmp/sssd-softhsm2-DT6xzB/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 381s + echo 'Test Organization Sub Int Token' 381s + '[' -n partial_chain ']' 381s + local verify_arg=--verify=partial_chain 381s + local output_base_name=SSSD-child-891 381s + local output_file=/tmp/sssd-softhsm2-DT6xzB/SSSD-child-891.output 381s + output_cert_file=/tmp/sssd-softhsm2-DT6xzB/SSSD-child-891.pem 381s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-DT6xzB/test-root-intermediate-chain-CA.pem 381s Test Organization Sub Int Token 381s [p11_child[2401]] [main] (0x0400): p11_child started. 381s [p11_child[2401]] [main] (0x2000): Running in [pre-auth] mode. 381s [p11_child[2401]] [main] (0x2000): Running with effective IDs: [0][0]. 381s [p11_child[2401]] [main] (0x2000): Running with real IDs [0][0]. 381s [p11_child[2401]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 381s [p11_child[2401]] [do_card] (0x4000): Module List: 381s [p11_child[2401]] [do_card] (0x4000): common name: [softhsm2]. 381s [p11_child[2401]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 381s [p11_child[2401]] [do_card] (0x4000): Description [SoftHSM slot ID 0x4dd2f738] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 381s [p11_child[2401]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 381s [p11_child[2401]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x4dd2f738][1305671480] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 381s [p11_child[2401]] [do_card] (0x4000): Login NOT required. 381s [p11_child[2401]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 381s [p11_child[2401]] [do_verification] (0x0040): X509_verify_cert failed [0]. 381s [p11_child[2401]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 381s [p11_child[2401]] [read_certs] (0x0040): Certificate [Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] not valid, skipping. 381s [p11_child[2401]] [do_card] (0x4000): No certificate found. 381s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-DT6xzB/SSSD-child-891.output 381s + return 2 381s + valid_certificate /tmp/sssd-softhsm2-DT6xzB/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-30543 /tmp/sssd-softhsm2-DT6xzB/test-sub-intermediate-CA.pem partial_chain 381s + check_certificate /tmp/sssd-softhsm2-DT6xzB/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-30543 /tmp/sssd-softhsm2-DT6xzB/test-sub-intermediate-CA.pem partial_chain 381s + local certificate=/tmp/sssd-softhsm2-DT6xzB/test-sub-intermediate-CA-trusted-certificate-0001.pem 381s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-30543 381s + local key_ring=/tmp/sssd-softhsm2-DT6xzB/test-sub-intermediate-CA.pem 381s + local verify_option=partial_chain 381s + prepare_softhsm2_card /tmp/sssd-softhsm2-DT6xzB/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-30543 381s + local certificate=/tmp/sssd-softhsm2-DT6xzB/test-sub-intermediate-CA-trusted-certificate-0001.pem 381s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-30543 381s + local key_cn 381s + local key_name 381s + local tokens_dir 381s + local output_cert_file 381s + token_name= 381s ++ basename /tmp/sssd-softhsm2-DT6xzB/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 381s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 381s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-DT6xzB/test-sub-intermediate-CA-trusted-certificate-0001.pem 381s ++ sed -n 's/ *commonName *= //p' 381s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 381s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 381s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-DT6xzB/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 381s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-DT6xzB/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 381s ++ basename /tmp/sssd-softhsm2-DT6xzB/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 381s + tokens_dir=/tmp/sssd-softhsm2-DT6xzB/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 381s + token_name='Test Organization Sub Int Token' 381s + '[' '!' -e /tmp/sssd-softhsm2-DT6xzB/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 381s + '[' '!' -d /tmp/sssd-softhsm2-DT6xzB/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 381s + echo 'Test Organization Sub Int Token' 381s + '[' -n partial_chain ']' 381s + local verify_arg=--verify=partial_chain 381s + local output_base_name=SSSD-child-13915 381s + local output_file=/tmp/sssd-softhsm2-DT6xzB/SSSD-child-13915.output 381s + output_cert_file=/tmp/sssd-softhsm2-DT6xzB/SSSD-child-13915.pem 381s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-DT6xzB/test-sub-intermediate-CA.pem 381s Test Organization Sub Int Token 381s [p11_child[2408]] [main] (0x0400): p11_child started. 381s [p11_child[2408]] [main] (0x2000): Running in [pre-auth] mode. 381s [p11_child[2408]] [main] (0x2000): Running with effective IDs: [0][0]. 381s [p11_child[2408]] [main] (0x2000): Running with real IDs [0][0]. 381s [p11_child[2408]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 381s [p11_child[2408]] [do_card] (0x4000): Module List: 381s [p11_child[2408]] [do_card] (0x4000): common name: [softhsm2]. 381s [p11_child[2408]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 381s [p11_child[2408]] [do_card] (0x4000): Description [SoftHSM slot ID 0x4dd2f738] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 381s [p11_child[2408]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 381s [p11_child[2408]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x4dd2f738][1305671480] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 381s [p11_child[2408]] [do_card] (0x4000): Login NOT required. 381s [p11_child[2408]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 381s [p11_child[2408]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 381s [p11_child[2408]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Sub Int Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 381s [p11_child[2408]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x4dd2f738;slot-manufacturer=SoftHSM%20project;slot-id=1305671480;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=dc4d6bc0cdd2f738;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 381s [p11_child[2408]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 381s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-DT6xzB/SSSD-child-13915.output 381s + echo '-----BEGIN CERTIFICATE-----' 381s + tail -n1 /tmp/sssd-softhsm2-DT6xzB/SSSD-child-13915.output 381s + echo '-----END CERTIFICATE-----' 381s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-DT6xzB/SSSD-child-13915.pem 381s Certificate: 381s Data: 381s Version: 3 (0x2) 381s Serial Number: 5 (0x5) 381s Signature Algorithm: sha256WithRSAEncryption 381s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 381s Validity 381s Not Before: Mar 21 17:57:06 2024 GMT 381s Not After : Mar 21 17:57:06 2025 GMT 381s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 381s Subject Public Key Info: 381s Public Key Algorithm: rsaEncryption 381s Public-Key: (1024 bit) 381s Modulus: 381s 00:bf:55:67:46:17:0d:54:50:e2:b1:69:d9:fc:0c: 381s 99:8f:ad:79:23:fd:a8:16:fb:4b:c5:28:aa:9d:84: 381s e1:a1:1d:25:36:b7:6c:53:af:9b:84:02:9d:2c:91: 381s 58:fa:c7:6c:96:94:f1:9b:cb:ed:0e:b3:60:2a:dc: 381s f6:e0:14:13:61:96:4b:57:e8:ba:51:c9:df:6d:86: 381s ee:ea:81:df:8f:24:30:5f:01:f8:f9:1c:cb:ed:38: 381s 38:dd:ba:65:a9:ce:0f:3b:b1:5a:6c:6d:c1:f3:a0: 381s b2:e3:40:51:11:81:f9:ed:21:72:74:37:53:ad:27: 381s 97:eb:2e:09:1a:fc:bd:95:b7 381s Exponent: 65537 (0x10001) 381s X509v3 extensions: 381s X509v3 Authority Key Identifier: 381s DB:25:87:A1:B9:69:5C:7C:59:84:E6:42:AD:1F:25:F9:D9:A8:6A:F9 381s X509v3 Basic Constraints: 381s CA:FALSE 381s Netscape Cert Type: 381s SSL Client, S/MIME 381s Netscape Comment: 381s Test Organization Sub Intermediate CA trusted Certificate 381s X509v3 Subject Key Identifier: 381s D4:E7:39:1F:77:9F:1E:30:41:56:A7:84:7E:0C:0A:3C:7C:77:F4:5A 381s X509v3 Key Usage: critical 381s Digital Signature, Non Repudiation, Key Encipherment 381s X509v3 Extended Key Usage: 381s TLS Web Client Authentication, E-mail Protection 381s X509v3 Subject Alternative Name: 381s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 381s Signature Algorithm: sha256WithRSAEncryption 381s Signature Value: 381s 18:21:79:69:a0:bb:89:53:2c:9b:3e:22:ff:b7:89:98:c3:2e: 381s 18:83:54:0e:dc:af:22:3a:d2:1f:fc:37:17:71:f6:f6:50:f7: 381s 38:c4:2a:6c:19:c7:7c:93:77:fd:6b:9a:0a:2b:e1:6b:98:0c: 381s 84:7b:13:48:9b:f2:c8:bf:1e:bc:b9:08:5b:8f:91:0d:86:35: 381s 50:d1:d7:10:5c:c8:9e:7a:06:85:a7:dc:ed:9e:70:fd:9b:87: 381s 32:e0:9b:17:b9:29:ad:4c:49:8c:f1:14:51:91:74:9a:12:95: 381s 82:2f:80:d9:3d:5b:ec:58:9d:2d:c2:78:73:e9:57:e5:31:63: 381s a3:8d 381s + local found_md5 expected_md5 381s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-DT6xzB/test-sub-intermediate-CA-trusted-certificate-0001.pem 381s + expected_md5=Modulus=BF556746170D5450E2B169D9FC0C998FAD7923FDA816FB4BC528AA9D84E1A11D2536B76C53AF9B84029D2C9158FAC76C9694F19BCBED0EB3602ADCF6E0141361964B57E8BA51C9DF6D86EEEA81DF8F24305F01F8F91CCBED3838DDBA65A9CE0F3BB15A6C6DC1F3A0B2E340511181F9ED2172743753AD2797EB2E091AFCBD95B7 381s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-DT6xzB/SSSD-child-13915.pem 381s + found_md5=Modulus=BF556746170D5450E2B169D9FC0C998FAD7923FDA816FB4BC528AA9D84E1A11D2536B76C53AF9B84029D2C9158FAC76C9694F19BCBED0EB3602ADCF6E0141361964B57E8BA51C9DF6D86EEEA81DF8F24305F01F8F91CCBED3838DDBA65A9CE0F3BB15A6C6DC1F3A0B2E340511181F9ED2172743753AD2797EB2E091AFCBD95B7 381s + '[' Modulus=BF556746170D5450E2B169D9FC0C998FAD7923FDA816FB4BC528AA9D84E1A11D2536B76C53AF9B84029D2C9158FAC76C9694F19BCBED0EB3602ADCF6E0141361964B57E8BA51C9DF6D86EEEA81DF8F24305F01F8F91CCBED3838DDBA65A9CE0F3BB15A6C6DC1F3A0B2E340511181F9ED2172743753AD2797EB2E091AFCBD95B7 '!=' Modulus=BF556746170D5450E2B169D9FC0C998FAD7923FDA816FB4BC528AA9D84E1A11D2536B76C53AF9B84029D2C9158FAC76C9694F19BCBED0EB3602ADCF6E0141361964B57E8BA51C9DF6D86EEEA81DF8F24305F01F8F91CCBED3838DDBA65A9CE0F3BB15A6C6DC1F3A0B2E340511181F9ED2172743753AD2797EB2E091AFCBD95B7 ']' 381s + output_file=/tmp/sssd-softhsm2-DT6xzB/SSSD-child-13915-auth.output 381s ++ basename /tmp/sssd-softhsm2-DT6xzB/SSSD-child-13915-auth.output .output 381s + output_cert_file=/tmp/sssd-softhsm2-DT6xzB/SSSD-child-13915-auth.pem 381s + echo -n 053350 381s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-DT6xzB/test-sub-intermediate-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Sub Int Token' --module_name /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so 381s [p11_child[2416]] [main] (0x0400): p11_child started. 381s [p11_child[2416]] [main] (0x2000): Running in [auth] mode. 381s [p11_child[2416]] [main] (0x2000): Running with effective IDs: [0][0]. 381s [p11_child[2416]] [main] (0x2000): Running with real IDs [0][0]. 381s [p11_child[2416]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 381s [p11_child[2416]] [do_card] (0x4000): Module List: 381s [p11_child[2416]] [do_card] (0x4000): common name: [softhsm2]. 381s [p11_child[2416]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 381s [p11_child[2416]] [do_card] (0x4000): Description [SoftHSM slot ID 0x4dd2f738] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 381s [p11_child[2416]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 381s [p11_child[2416]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x4dd2f738][1305671480] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 381s [p11_child[2416]] [do_card] (0x4000): Login required. 381s [p11_child[2416]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 381s [p11_child[2416]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 381s [p11_child[2416]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so Test Organization Sub Int Token Test Organization Sub Int Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 381s [p11_child[2416]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x4dd2f738;slot-manufacturer=SoftHSM%20project;slot-id=1305671480;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=dc4d6bc0cdd2f738;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 381s [p11_child[2416]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 381s [p11_child[2416]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 381s [p11_child[2416]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 381s [p11_child[2416]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 381s [p11_child[2416]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 381s [p11_child[2416]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 381s [p11_child[2416]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 381s [p11_child[2416]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 381s [p11_child[2416]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 381s [p11_child[2416]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 381s [p11_child[2416]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 381s [p11_child[2416]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 381s [p11_child[2416]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 381s [p11_child[2416]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 381s [p11_child[2416]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 381s [p11_child[2416]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 381s [p11_child[2416]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 381s [p11_child[2416]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 381s [p11_child[2416]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 381s [p11_child[2416]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 381s [p11_child[2416]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 381s [p11_child[2416]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 381s [p11_child[2416]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 381s [p11_child[2416]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 381s [p11_child[2416]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 381s [p11_child[2416]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 381s [p11_child[2416]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 381s [p11_child[2416]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 381s [p11_child[2416]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 381s [p11_child[2416]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 381s [p11_child[2416]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 381s [p11_child[2416]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 381s [p11_child[2416]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 381s [p11_child[2416]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 381s [p11_child[2416]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 381s [p11_child[2416]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 381s [p11_child[2416]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 381s [p11_child[2416]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 381s [p11_child[2416]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 381s [p11_child[2416]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 381s [p11_child[2416]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 381s [p11_child[2416]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 381s [p11_child[2416]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 381s [p11_child[2416]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 381s [p11_child[2416]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 381s [p11_child[2416]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 381s [p11_child[2416]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 381s [p11_child[2416]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 381s [p11_child[2416]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 381s [p11_child[2416]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 381s [p11_child[2416]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 381s [p11_child[2416]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 381s [p11_child[2416]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 381s [p11_child[2416]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 381s [p11_child[2416]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 381s [p11_child[2416]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 381s [p11_child[2416]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 381s [p11_child[2416]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 381s [p11_child[2416]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 381s [p11_child[2416]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 381s [p11_child[2416]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 381s [p11_child[2416]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 381s [p11_child[2416]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 381s [p11_child[2416]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 381s [p11_child[2416]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 381s [p11_child[2416]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 381s [p11_child[2416]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 381s [p11_child[2416]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 381s [p11_child[2416]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 381s [p11_child[2416]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 381s [p11_child[2416]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 381s [p11_child[2416]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 381s [p11_child[2416]] [do_card] (0x4000): Certificate verified and validated. 381s [p11_child[2416]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 381s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-DT6xzB/SSSD-child-13915-auth.output 381s + echo '-----BEGIN CERTIFICATE-----' 381s + tail -n1 /tmp/sssd-softhsm2-DT6xzB/SSSD-child-13915-auth.output 381s + echo '-----END CERTIFICATE-----' 381s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-DT6xzB/SSSD-child-13915-auth.pem 381s Certificate: 381s Data: 381s Version: 3 (0x2) 381s Serial Number: 5 (0x5) 381s Signature Algorithm: sha256WithRSAEncryption 381s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 381s Validity 381s Not Before: Mar 21 17:57:06 2024 GMT 381s Not After : Mar 21 17:57:06 2025 GMT 381s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 381s Subject Public Key Info: 381s Public Key Algorithm: rsaEncryption 381s Public-Key: (1024 bit) 381s Modulus: 381s 00:bf:55:67:46:17:0d:54:50:e2:b1:69:d9:fc:0c: 381s 99:8f:ad:79:23:fd:a8:16:fb:4b:c5:28:aa:9d:84: 381s e1:a1:1d:25:36:b7:6c:53:af:9b:84:02:9d:2c:91: 381s 58:fa:c7:6c:96:94:f1:9b:cb:ed:0e:b3:60:2a:dc: 381s f6:e0:14:13:61:96:4b:57:e8:ba:51:c9:df:6d:86: 381s ee:ea:81:df:8f:24:30:5f:01:f8:f9:1c:cb:ed:38: 381s 38:dd:ba:65:a9:ce:0f:3b:b1:5a:6c:6d:c1:f3:a0: 381s b2:e3:40:51:11:81:f9:ed:21:72:74:37:53:ad:27: 381s 97:eb:2e:09:1a:fc:bd:95:b7 381s Exponent: 65537 (0x10001) 381s X509v3 extensions: 381s X509v3 Authority Key Identifier: 381s DB:25:87:A1:B9:69:5C:7C:59:84:E6:42:AD:1F:25:F9:D9:A8:6A:F9 381s X509v3 Basic Constraints: 381s CA:FALSE 381s Netscape Cert Type: 381s SSL Client, S/MIME 381s Netscape Comment: 381s Test Organization Sub Intermediate CA trusted Certificate 381s X509v3 Subject Key Identifier: 381s D4:E7:39:1F:77:9F:1E:30:41:56:A7:84:7E:0C:0A:3C:7C:77:F4:5A 381s X509v3 Key Usage: critical 381s Digital Signature, Non Repudiation, Key Encipherment 381s X509v3 Extended Key Usage: 381s TLS Web Client Authentication, E-mail Protection 381s X509v3 Subject Alternative Name: 381s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 381s Signature Algorithm: sha256WithRSAEncryption 381s Signature Value: 381s 18:21:79:69:a0:bb:89:53:2c:9b:3e:22:ff:b7:89:98:c3:2e: 381s 18:83:54:0e:dc:af:22:3a:d2:1f:fc:37:17:71:f6:f6:50:f7: 381s 38:c4:2a:6c:19:c7:7c:93:77:fd:6b:9a:0a:2b:e1:6b:98:0c: 381s 84:7b:13:48:9b:f2:c8:bf:1e:bc:b9:08:5b:8f:91:0d:86:35: 381s 50:d1:d7:10:5c:c8:9e:7a:06:85:a7:dc:ed:9e:70:fd:9b:87: 381s 32:e0:9b:17:b9:29:ad:4c:49:8c:f1:14:51:91:74:9a:12:95: 381s 82:2f:80:d9:3d:5b:ec:58:9d:2d:c2:78:73:e9:57:e5:31:63: 381s a3:8d 381s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-DT6xzB/SSSD-child-13915-auth.pem 381s + found_md5=Modulus=BF556746170D5450E2B169D9FC0C998FAD7923FDA816FB4BC528AA9D84E1A11D2536B76C53AF9B84029D2C9158FAC76C9694F19BCBED0EB3602ADCF6E0141361964B57E8BA51C9DF6D86EEEA81DF8F24305F01F8F91CCBED3838DDBA65A9CE0F3BB15A6C6DC1F3A0B2E340511181F9ED2172743753AD2797EB2E091AFCBD95B7 381s + '[' Modulus=BF556746170D5450E2B169D9FC0C998FAD7923FDA816FB4BC528AA9D84E1A11D2536B76C53AF9B84029D2C9158FAC76C9694F19BCBED0EB3602ADCF6E0141361964B57E8BA51C9DF6D86EEEA81DF8F24305F01F8F91CCBED3838DDBA65A9CE0F3BB15A6C6DC1F3A0B2E340511181F9ED2172743753AD2797EB2E091AFCBD95B7 '!=' Modulus=BF556746170D5450E2B169D9FC0C998FAD7923FDA816FB4BC528AA9D84E1A11D2536B76C53AF9B84029D2C9158FAC76C9694F19BCBED0EB3602ADCF6E0141361964B57E8BA51C9DF6D86EEEA81DF8F24305F01F8F91CCBED3838DDBA65A9CE0F3BB15A6C6DC1F3A0B2E340511181F9ED2172743753AD2797EB2E091AFCBD95B7 ']' 381s + valid_certificate /tmp/sssd-softhsm2-DT6xzB/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-30543 /tmp/sssd-softhsm2-DT6xzB/test-intermediate-sub-chain-CA.pem partial_chain 381s + check_certificate /tmp/sssd-softhsm2-DT6xzB/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-30543 /tmp/sssd-softhsm2-DT6xzB/test-intermediate-sub-chain-CA.pem partial_chain 381s + local certificate=/tmp/sssd-softhsm2-DT6xzB/test-sub-intermediate-CA-trusted-certificate-0001.pem 381s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-30543 381s + local key_ring=/tmp/sssd-softhsm2-DT6xzB/test-intermediate-sub-chain-CA.pem 381s + local verify_option=partial_chain 381s + prepare_softhsm2_card /tmp/sssd-softhsm2-DT6xzB/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-30543 381s + local certificate=/tmp/sssd-softhsm2-DT6xzB/test-sub-intermediate-CA-trusted-certificate-0001.pem 381s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-30543 381s + local key_cn 381s + local key_name 381s + local tokens_dir 381s + local output_cert_file 381s + token_name= 381s ++ basename /tmp/sssd-softhsm2-DT6xzB/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 381s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 381s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-DT6xzB/test-sub-intermediate-CA-trusted-certificate-0001.pem 381s ++ sed -n 's/ *commonName *= //p' 381s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 381s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 381s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-DT6xzB/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 381s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-DT6xzB/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 381s ++ basename /tmp/sssd-softhsm2-DT6xzB/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 381s Test Organization Sub Int Token 381s + tokens_dir=/tmp/sssd-softhsm2-DT6xzB/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 381s + token_name='Test Organization Sub Int Token' 381s + '[' '!' -e /tmp/sssd-softhsm2-DT6xzB/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 381s + '[' '!' -d /tmp/sssd-softhsm2-DT6xzB/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 381s + echo 'Test Organization Sub Int Token' 381s + '[' -n partial_chain ']' 381s + local verify_arg=--verify=partial_chain 381s + local output_base_name=SSSD-child-945 381s + local output_file=/tmp/sssd-softhsm2-DT6xzB/SSSD-child-945.output 381s + output_cert_file=/tmp/sssd-softhsm2-DT6xzB/SSSD-child-945.pem 381s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-DT6xzB/test-intermediate-sub-chain-CA.pem 381s [p11_child[2426]] [main] (0x0400): p11_child started. 381s [p11_child[2426]] [main] (0x2000): Running in [pre-auth] mode. 381s [p11_child[2426]] [main] (0x2000): Running with effective IDs: [0][0]. 381s [p11_child[2426]] [main] (0x2000): Running with real IDs [0][0]. 381s [p11_child[2426]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 381s [p11_child[2426]] [do_card] (0x4000): Module List: 381s [p11_child[2426]] [do_card] (0x4000): common name: [softhsm2]. 381s [p11_child[2426]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 381s [p11_child[2426]] [do_card] (0x4000): Description [SoftHSM slot ID 0x4dd2f738] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 381s [p11_child[2426]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 381s [p11_child[2426]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x4dd2f738][1305671480] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 381s [p11_child[2426]] [do_card] (0x4000): Login NOT required. 381s [p11_child[2426]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 381s [p11_child[2426]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 381s [p11_child[2426]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Sub Int Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 381s [p11_child[2426]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x4dd2f738;slot-manufacturer=SoftHSM%20project;slot-id=1305671480;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=dc4d6bc0cdd2f738;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 381s [p11_child[2426]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 381s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-DT6xzB/SSSD-child-945.output 381s + echo '-----BEGIN CERTIFICATE-----' 381s + tail -n1 /tmp/sssd-softhsm2-DT6xzB/SSSD-child-945.output 381s + echo '-----END CERTIFICATE-----' 381s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-DT6xzB/SSSD-child-945.pem 381s Certificate: 381s Data: 381s Version: 3 (0x2) 381s Serial Number: 5 (0x5) 381s Signature Algorithm: sha256WithRSAEncryption 381s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 381s Validity 381s Not Before: Mar 21 17:57:06 2024 GMT 381s Not After : Mar 21 17:57:06 2025 GMT 381s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 381s Subject Public Key Info: 381s Public Key Algorithm: rsaEncryption 381s Public-Key: (1024 bit) 381s Modulus: 381s 00:bf:55:67:46:17:0d:54:50:e2:b1:69:d9:fc:0c: 381s 99:8f:ad:79:23:fd:a8:16:fb:4b:c5:28:aa:9d:84: 381s e1:a1:1d:25:36:b7:6c:53:af:9b:84:02:9d:2c:91: 381s 58:fa:c7:6c:96:94:f1:9b:cb:ed:0e:b3:60:2a:dc: 381s f6:e0:14:13:61:96:4b:57:e8:ba:51:c9:df:6d:86: 381s ee:ea:81:df:8f:24:30:5f:01:f8:f9:1c:cb:ed:38: 381s 38:dd:ba:65:a9:ce:0f:3b:b1:5a:6c:6d:c1:f3:a0: 381s b2:e3:40:51:11:81:f9:ed:21:72:74:37:53:ad:27: 381s 97:eb:2e:09:1a:fc:bd:95:b7 381s Exponent: 65537 (0x10001) 381s X509v3 extensions: 381s X509v3 Authority Key Identifier: 381s DB:25:87:A1:B9:69:5C:7C:59:84:E6:42:AD:1F:25:F9:D9:A8:6A:F9 381s X509v3 Basic Constraints: 381s CA:FALSE 381s Netscape Cert Type: 381s SSL Client, S/MIME 381s Netscape Comment: 381s Test Organization Sub Intermediate CA trusted Certificate 381s X509v3 Subject Key Identifier: 381s D4:E7:39:1F:77:9F:1E:30:41:56:A7:84:7E:0C:0A:3C:7C:77:F4:5A 381s X509v3 Key Usage: critical 381s Digital Signature, Non Repudiation, Key Encipherment 381s X509v3 Extended Key Usage: 381s TLS Web Client Authentication, E-mail Protection 381s X509v3 Subject Alternative Name: 381s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 381s Signature Algorithm: sha256WithRSAEncryption 381s Signature Value: 381s 18:21:79:69:a0:bb:89:53:2c:9b:3e:22:ff:b7:89:98:c3:2e: 381s 18:83:54:0e:dc:af:22:3a:d2:1f:fc:37:17:71:f6:f6:50:f7: 381s 38:c4:2a:6c:19:c7:7c:93:77:fd:6b:9a:0a:2b:e1:6b:98:0c: 381s 84:7b:13:48:9b:f2:c8:bf:1e:bc:b9:08:5b:8f:91:0d:86:35: 381s 50:d1:d7:10:5c:c8:9e:7a:06:85:a7:dc:ed:9e:70:fd:9b:87: 381s 32:e0:9b:17:b9:29:ad:4c:49:8c:f1:14:51:91:74:9a:12:95: 381s 82:2f:80:d9:3d:5b:ec:58:9d:2d:c2:78:73:e9:57:e5:31:63: 381s a3:8d 381s + local found_md5 expected_md5 381s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-DT6xzB/test-sub-intermediate-CA-trusted-certificate-0001.pem 381s + expected_md5=Modulus=BF556746170D5450E2B169D9FC0C998FAD7923FDA816FB4BC528AA9D84E1A11D2536B76C53AF9B84029D2C9158FAC76C9694F19BCBED0EB3602ADCF6E0141361964B57E8BA51C9DF6D86EEEA81DF8F24305F01F8F91CCBED3838DDBA65A9CE0F3BB15A6C6DC1F3A0B2E340511181F9ED2172743753AD2797EB2E091AFCBD95B7 381s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-DT6xzB/SSSD-child-945.pem 381s + found_md5=Modulus=BF556746170D5450E2B169D9FC0C998FAD7923FDA816FB4BC528AA9D84E1A11D2536B76C53AF9B84029D2C9158FAC76C9694F19BCBED0EB3602ADCF6E0141361964B57E8BA51C9DF6D86EEEA81DF8F24305F01F8F91CCBED3838DDBA65A9CE0F3BB15A6C6DC1F3A0B2E340511181F9ED2172743753AD2797EB2E091AFCBD95B7 381s + '[' Modulus=BF556746170D5450E2B169D9FC0C998FAD7923FDA816FB4BC528AA9D84E1A11D2536B76C53AF9B84029D2C9158FAC76C9694F19BCBED0EB3602ADCF6E0141361964B57E8BA51C9DF6D86EEEA81DF8F24305F01F8F91CCBED3838DDBA65A9CE0F3BB15A6C6DC1F3A0B2E340511181F9ED2172743753AD2797EB2E091AFCBD95B7 '!=' Modulus=BF556746170D5450E2B169D9FC0C998FAD7923FDA816FB4BC528AA9D84E1A11D2536B76C53AF9B84029D2C9158FAC76C9694F19BCBED0EB3602ADCF6E0141361964B57E8BA51C9DF6D86EEEA81DF8F24305F01F8F91CCBED3838DDBA65A9CE0F3BB15A6C6DC1F3A0B2E340511181F9ED2172743753AD2797EB2E091AFCBD95B7 ']' 381s + output_file=/tmp/sssd-softhsm2-DT6xzB/SSSD-child-945-auth.output 381s ++ basename /tmp/sssd-softhsm2-DT6xzB/SSSD-child-945-auth.output .output 381s + output_cert_file=/tmp/sssd-softhsm2-DT6xzB/SSSD-child-945-auth.pem 381s + echo -n 053350 381s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-DT6xzB/test-intermediate-sub-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Sub Int Token' --module_name /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so 381s [p11_child[2434]] [main] (0x0400): p11_child started. 381s [p11_child[2434]] [main] (0x2000): Running in [auth] mode. 381s [p11_child[2434]] [main] (0x2000): Running with effective IDs: [0][0]. 381s [p11_child[2434]] [main] (0x2000): Running with real IDs [0][0]. 381s [p11_child[2434]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 381s [p11_child[2434]] [do_card] (0x4000): Module List: 381s [p11_child[2434]] [do_card] (0x4000): common name: [softhsm2]. 381s [p11_child[2434]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 381s [p11_child[2434]] [do_card] (0x4000): Description [SoftHSM slot ID 0x4dd2f738] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 381s [p11_child[2434]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 381s [p11_child[2434]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x4dd2f738][1305671480] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 381s [p11_child[2434]] [do_card] (0x4000): Login required. 381s [p11_child[2434]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 381s [p11_child[2434]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 381s [p11_child[2434]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so Test Organization Sub Int Token Test Organization Sub Int Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 381s [p11_child[2434]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x4dd2f738;slot-manufacturer=SoftHSM%20project;slot-id=1305671480;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=dc4d6bc0cdd2f738;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 381s [p11_child[2434]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 381s [p11_child[2434]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 381s [p11_child[2434]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 381s [p11_child[2434]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 381s [p11_child[2434]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 381s [p11_child[2434]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 381s [p11_child[2434]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 381s [p11_child[2434]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 381s [p11_child[2434]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 381s [p11_child[2434]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 381s [p11_child[2434]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 381s [p11_child[2434]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 381s [p11_child[2434]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 381s [p11_child[2434]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 381s [p11_child[2434]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 381s [p11_child[2434]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 381s [p11_child[2434]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 381s [p11_child[2434]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 381s [p11_child[2434]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 381s [p11_child[2434]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 381s [p11_child[2434]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 381s [p11_child[2434]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 381s [p11_child[2434]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 381s [p11_child[2434]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 381s [p11_child[2434]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 381s [p11_child[2434]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 381s [p11_child[2434]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 381s [p11_child[2434]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 381s [p11_child[2434]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 381s [p11_child[2434]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 381s [p11_child[2434]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 381s [p11_child[2434]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 381s [p11_child[2434]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 381s [p11_child[2434]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 381s [p11_child[2434]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 381s [p11_child[2434]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 381s [p11_child[2434]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 381s [p11_child[2434]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 381s [p11_child[2434]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 381s [p11_child[2434]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 381s [p11_child[2434]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 381s [p11_child[2434]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 381s [p11_child[2434]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 381s [p11_child[2434]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 381s [p11_child[2434]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 381s [p11_child[2434]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 381s [p11_child[2434]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 381s [p11_child[2434]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 381s [p11_child[2434]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 381s [p11_child[2434]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 381s [p11_child[2434]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 381s [p11_child[2434]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 381s [p11_child[2434]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 381s [p11_child[2434]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 381s [p11_child[2434]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 381s [p11_child[2434]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 381s [p11_child[2434]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 381s [p11_child[2434]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 381s [p11_child[2434]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 381s [p11_child[2434]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 381s [p11_child[2434]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 381s [p11_child[2434]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 381s [p11_child[2434]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 381s [p11_child[2434]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 381s [p11_child[2434]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 381s [p11_child[2434]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 381s [p11_child[2434]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 381s [p11_child[2434]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 381s [p11_child[2434]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 381s [p11_child[2434]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 381s [p11_child[2434]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 381s [p11_child[2434]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 381s [p11_child[2434]] [do_card] (0x4000): Certificate verified and validated. 381s [p11_child[2434]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 381s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-DT6xzB/SSSD-child-945-auth.output 381s + echo '-----BEGIN CERTIFICATE-----' 381s + tail -n1 /tmp/sssd-softhsm2-DT6xzB/SSSD-child-945-auth.output 381s + echo '-----END CERTIFICATE-----' 381s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-DT6xzB/SSSD-child-945-auth.pem 381s Certificate: 381s Data: 381s Version: 3 (0x2) 381s Serial Number: 5 (0x5) 381s Signature Algorithm: sha256WithRSAEncryption 381s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 381s Validity 381s Not Before: Mar 21 17:57:06 2024 GMT 381s Not After : Mar 21 17:57:06 2025 GMT 381s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 381s Subject Public Key Info: 381s Public Key Algorithm: rsaEncryption 381s Public-Key: (1024 bit) 381s Modulus: 381s 00:bf:55:67:46:17:0d:54:50:e2:b1:69:d9:fc:0c: 381s 99:8f:ad:79:23:fd:a8:16:fb:4b:c5:28:aa:9d:84: 381s e1:a1:1d:25:36:b7:6c:53:af:9b:84:02:9d:2c:91: 381s 58:fa:c7:6c:96:94:f1:9b:cb:ed:0e:b3:60:2a:dc: 381s f6:e0:14:13:61:96:4b:57:e8:ba:51:c9:df:6d:86: 381s ee:ea:81:df:8f:24:30:5f:01:f8:f9:1c:cb:ed:38: 381s 38:dd:ba:65:a9:ce:0f:3b:b1:5a:6c:6d:c1:f3:a0: 381s b2:e3:40:51:11:81:f9:ed:21:72:74:37:53:ad:27: 381s 97:eb:2e:09:1a:fc:bd:95:b7 381s Exponent: 65537 (0x10001) 381s X509v3 extensions: 381s X509v3 Authority Key Identifier: 381s DB:25:87:A1:B9:69:5C:7C:59:84:E6:42:AD:1F:25:F9:D9:A8:6A:F9 381s X509v3 Basic Constraints: 381s CA:FALSE 381s Netscape Cert Type: 381s SSL Client, S/MIME 381s Netscape Comment: 381s Test Organization Sub Intermediate CA trusted Certificate 381s X509v3 Subject Key Identifier: 381s D4:E7:39:1F:77:9F:1E:30:41:56:A7:84:7E:0C:0A:3C:7C:77:F4:5A 381s X509v3 Key Usage: critical 381s Digital Signature, Non Repudiation, Key Encipherment 381s X509v3 Extended Key Usage: 381s TLS Web Client Authentication, E-mail Protection 381s X509v3 Subject Alternative Name: 381s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 381s Signature Algorithm: sha256WithRSAEncryption 381s Signature Value: 381s 18:21:79:69:a0:bb:89:53:2c:9b:3e:22:ff:b7:89:98:c3:2e: 381s 18:83:54:0e:dc:af:22:3a:d2:1f:fc:37:17:71:f6:f6:50:f7: 381s 38:c4:2a:6c:19:c7:7c:93:77:fd:6b:9a:0a:2b:e1:6b:98:0c: 381s 84:7b:13:48:9b:f2:c8:bf:1e:bc:b9:08:5b:8f:91:0d:86:35: 381s 50:d1:d7:10:5c:c8:9e:7a:06:85:a7:dc:ed:9e:70:fd:9b:87: 381s 32:e0:9b:17:b9:29:ad:4c:49:8c:f1:14:51:91:74:9a:12:95: 381s 82:2f:80:d9:3d:5b:ec:58:9d:2d:c2:78:73:e9:57:e5:31:63: 381s a3:8d 381s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-DT6xzB/SSSD-child-945-auth.pem 381s 381s + found_md5=Modulus=BF556746170D5450E2B169D9FC0C998FAD7923FDA816FB4BC528AA9D84E1A11D2536B76C53AF9B84029D2C9158FAC76C9694F19BCBED0EB3602ADCF6E0141361964B57E8BA51C9DF6D86EEEA81DF8F24305F01F8F91CCBED3838DDBA65A9CE0F3BB15A6C6DC1F3A0B2E340511181F9ED2172743753AD2797EB2E091AFCBD95B7 381s + '[' Modulus=BF556746170D5450E2B169D9FC0C998FAD7923FDA816FB4BC528AA9D84E1A11D2536B76C53AF9B84029D2C9158FAC76C9694F19BCBED0EB3602ADCF6E0141361964B57E8BA51C9DF6D86EEEA81DF8F24305F01F8F91CCBED3838DDBA65A9CE0F3BB15A6C6DC1F3A0B2E340511181F9ED2172743753AD2797EB2E091AFCBD95B7 '!=' Modulus=BF556746170D5450E2B169D9FC0C998FAD7923FDA816FB4BC528AA9D84E1A11D2536B76C53AF9B84029D2C9158FAC76C9694F19BCBED0EB3602ADCF6E0141361964B57E8BA51C9DF6D86EEEA81DF8F24305F01F8F91CCBED3838DDBA65A9CE0F3BB15A6C6DC1F3A0B2E340511181F9ED2172743753AD2797EB2E091AFCBD95B7 ']' 381s + set +x 381s Test completed, Root CA and intermediate issued certificates verified! 381s autopkgtest [17:57:10]: test sssd-softhism2-certificates-tests.sh: -----------------------] 382s autopkgtest [17:57:11]: test sssd-softhism2-certificates-tests.sh: - - - - - - - - - - results - - - - - - - - - - 382s sssd-softhism2-certificates-tests.sh PASS 383s autopkgtest [17:57:12]: test sssd-smart-card-pam-auth-configs: preparing testbed 384s Reading package lists... 385s Building dependency tree... 385s Reading state information... 385s Starting pkgProblemResolver with broken count: 0 385s Starting 2 pkgProblemResolver with broken count: 0 385s Done 386s The following additional packages will be installed: 386s pamtester 386s The following NEW packages will be installed: 386s autopkgtest-satdep pamtester 386s 0 upgraded, 2 newly installed, 0 to remove and 0 not upgraded. 386s Need to get 12.3 kB/13.0 kB of archives. 386s After this operation, 36.9 kB of additional disk space will be used. 386s Get:1 /tmp/autopkgtest.P0n92v/4-autopkgtest-satdep.deb autopkgtest-satdep arm64 0 [760 B] 386s Get:2 http://ftpmaster.internal/ubuntu noble/universe arm64 pamtester arm64 0.1.2-4 [12.3 kB] 386s Fetched 12.3 kB in 0s (67.9 kB/s) 386s Selecting previously unselected package pamtester. 386s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 74967 files and directories currently installed.) 386s Preparing to unpack .../pamtester_0.1.2-4_arm64.deb ... 386s Unpacking pamtester (0.1.2-4) ... 386s Selecting previously unselected package autopkgtest-satdep. 386s Preparing to unpack .../4-autopkgtest-satdep.deb ... 386s Unpacking autopkgtest-satdep (0) ... 386s Setting up pamtester (0.1.2-4) ... 386s Setting up autopkgtest-satdep (0) ... 386s Processing triggers for man-db (2.12.0-3) ... 390s (Reading database ... 74973 files and directories currently installed.) 390s Removing autopkgtest-satdep (0) ... 391s autopkgtest [17:57:20]: test sssd-smart-card-pam-auth-configs: env OFFLINE_MODE=1 bash debian/tests/sssd-smart-card-pam-auth-configs-tester.sh 391s autopkgtest [17:57:20]: test sssd-smart-card-pam-auth-configs: [----------------------- 391s + '[' -z ubuntu ']' 391s + export DEBIAN_FRONTEND=noninteractive 391s + DEBIAN_FRONTEND=noninteractive 391s + required_tools=(pamtester softhsm2-util sssd) 391s + [[ ! -v OFFLINE_MODE ]] 391s + for cmd in "${required_tools[@]}" 391s + command -v pamtester 391s + for cmd in "${required_tools[@]}" 391s + command -v softhsm2-util 391s + for cmd in "${required_tools[@]}" 391s + command -v sssd 391s + PIN=123456 391s ++ mktemp -d -t sssd-softhsm2-certs-XXXXXX 391s + tmpdir=/tmp/sssd-softhsm2-certs-1H30lq 391s + backupsdir= 391s + alternative_pam_configs=(sss-smart-card-optional sss-smart-card-required) 391s + declare -a restore_paths 391s + declare -a delete_paths 391s + trap handle_exit EXIT 391s ++ dirname debian/tests/sssd-smart-card-pam-auth-configs-tester.sh 391s + tester=debian/tests/sssd-softhism2-certificates-tests.sh 391s + '[' '!' -e debian/tests/sssd-softhism2-certificates-tests.sh ']' 391s + '[' '!' -e debian/tests/sssd-softhism2-certificates-tests.sh ']' 391s + export PIN TEST_TMPDIR=/tmp/sssd-softhsm2-certs-1H30lq GENERATE_SMART_CARDS=1 KEEP_TEMPORARY_FILES=1 NO_SSSD_TESTS=1 391s + TEST_TMPDIR=/tmp/sssd-softhsm2-certs-1H30lq 391s + GENERATE_SMART_CARDS=1 391s + KEEP_TEMPORARY_FILES=1 391s + NO_SSSD_TESTS=1 391s + bash debian/tests/sssd-softhism2-certificates-tests.sh 391s + '[' -z ubuntu ']' 391s + required_tools=(p11tool openssl softhsm2-util) 391s + for cmd in "${required_tools[@]}" 391s + command -v p11tool 391s + for cmd in "${required_tools[@]}" 391s + command -v openssl 391s + for cmd in "${required_tools[@]}" 391s + command -v softhsm2-util 391s + PIN=123456 391s +++ find /usr/lib/softhsm/libsofthsm2.so 391s +++ head -n 1 391s ++ realpath /usr/lib/softhsm/libsofthsm2.so 391s + SOFTHSM2_MODULE=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so 391s + SSSD_P11_CHILD=/usr/libexec/sssd/p11_child 391s + TOKEN_ID=00112233445566778899FFAABBCCDDEEFF012345 391s + '[' '!' -v NO_SSSD_TESTS ']' 391s + '[' '!' -e /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so ']' 391s + tmpdir=/tmp/sssd-softhsm2-certs-1H30lq 391s + keys_size=1024 391s + [[ ! -v KEEP_TEMPORARY_FILES ]] 391s + trap 'set +x; echo -e "\nUnexpected failure!!!"' ERR 391s + echo -n 01 391s + touch /tmp/sssd-softhsm2-certs-1H30lq/index.txt 391s + mkdir -p /tmp/sssd-softhsm2-certs-1H30lq/new_certs 391s + cat 391s + root_ca_key_pass=pass:random-root-CA-password-628 391s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-certs-1H30lq/test-root-CA-key.pem -passout pass:random-root-CA-password-628 1024 391s + openssl req -passin pass:random-root-CA-password-628 -batch -config /tmp/sssd-softhsm2-certs-1H30lq/test-root-CA.config -x509 -new -nodes -key /tmp/sssd-softhsm2-certs-1H30lq/test-root-CA-key.pem -sha256 -days 1024 -set_serial 0 -extensions v3_ca -out /tmp/sssd-softhsm2-certs-1H30lq/test-root-CA.pem 391s + openssl x509 -noout -in /tmp/sssd-softhsm2-certs-1H30lq/test-root-CA.pem 391s + cat 391s + intermediate_ca_key_pass=pass:random-intermediate-CA-password-14591 391s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-certs-1H30lq/test-intermediate-CA-key.pem -passout pass:random-intermediate-CA-password-14591 1024 391s + openssl req -batch -new -nodes -passin pass:random-intermediate-CA-password-14591 -config /tmp/sssd-softhsm2-certs-1H30lq/test-intermediate-CA.config -key /tmp/sssd-softhsm2-certs-1H30lq/test-intermediate-CA-key.pem -passout pass:random-root-CA-password-628 -sha256 -extensions v3_ca -out /tmp/sssd-softhsm2-certs-1H30lq/test-intermediate-CA-certificate-request.pem 391s + openssl req -text -noout -in /tmp/sssd-softhsm2-certs-1H30lq/test-intermediate-CA-certificate-request.pem 391s Certificate Request: 391s Data: 391s Version: 1 (0x0) 391s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 391s Subject Public Key Info: 391s Public Key Algorithm: rsaEncryption 391s Public-Key: (1024 bit) 391s Modulus: 391s 00:c4:5e:32:a1:c8:92:54:55:82:e3:1c:f9:92:ce: 391s d4:16:f5:b3:71:6d:b7:a0:97:9a:21:5f:c1:2e:fd: 391s 30:52:a6:62:bf:29:63:a4:f1:20:ba:bb:32:87:e7: 391s f0:6a:7b:ac:05:00:cf:be:34:7c:d6:64:eb:62:01: 391s 74:29:4f:fd:bd:42:07:87:f3:2a:b8:e7:d4:be:e9: 391s 50:bd:81:6f:8f:f6:a2:38:26:ef:99:96:c5:ae:88: 391s d3:12:8f:77:74:5b:93:49:68:26:93:91:22:5b:9e: 391s d8:89:1e:3d:34:36:be:dc:f3:a6:a2:f2:27:4b:6c: 391s 54:d2:f4:bd:b2:b5:c8:2a:4f 391s Exponent: 65537 (0x10001) 391s Attributes: 391s (none) 391s Requested Extensions: 391s Signature Algorithm: sha256WithRSAEncryption 391s Signature Value: 391s 65:89:d5:72:46:fb:2a:78:86:5c:dc:00:2e:db:4a:b0:28:bc: 391s 6a:48:f5:8c:d2:5b:31:68:a8:70:42:d1:85:e4:56:d1:df:42: 391s e1:9b:7c:03:0a:68:01:c0:40:dd:6f:4e:c4:97:04:02:44:08: 391s e6:68:5b:f7:8e:ba:95:d6:db:1b:09:c3:4e:c3:92:de:ea:83: 391s 68:2b:03:40:4f:6a:8e:51:ca:43:9b:09:40:1d:0e:91:fb:59: 391s e8:dc:6e:98:49:f7:6f:ca:7c:e3:76:89:69:e6:73:aa:c4:86: 391s 69:67:0a:3e:3f:d5:94:e1:ba:7a:95:0d:3a:f1:c1:17:a0:5f: 391s e8:3e 391s + openssl ca -batch -notext -config /tmp/sssd-softhsm2-certs-1H30lq/test-root-CA.config -passin pass:random-root-CA-password-628 -keyfile /tmp/sssd-softhsm2-certs-1H30lq/test-root-CA-key.pem -in /tmp/sssd-softhsm2-certs-1H30lq/test-intermediate-CA-certificate-request.pem -days 365 -extensions v3_intermediate_ca -out /tmp/sssd-softhsm2-certs-1H30lq/test-intermediate-CA.pem 391s Using configuration from /tmp/sssd-softhsm2-certs-1H30lq/test-root-CA.config 391s Check that the request matches the signature 391s Signature ok 391s Certificate Details: 391s Serial Number: 1 (0x1) 391s Validity 391s Not Before: Mar 21 17:57:20 2024 GMT 391s Not After : Mar 21 17:57:20 2025 GMT 391s Subject: 391s organizationName = Test Organization 391s organizationalUnitName = Test Organization Unit 391s commonName = Test Organization Intermediate CA 391s X509v3 extensions: 391s X509v3 Subject Key Identifier: 391s 83:60:58:B2:27:FD:89:2B:AB:9B:8A:10:5A:80:20:DC:F1:B7:36:A1 391s X509v3 Authority Key Identifier: 391s keyid:43:C3:82:01:6C:00:03:80:DB:64:DE:12:00:10:6D:B0:F3:54:4D:49 391s DirName:/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root CA 391s serial:00 391s X509v3 Basic Constraints: 391s CA:TRUE 391s X509v3 Key Usage: critical 391s Digital Signature, Certificate Sign, CRL Sign 391s Certificate is to be certified until Mar 21 17:57:20 2025 GMT (365 days) 391s 391s Write out database with 1 new entries 391s Database updated 391s + openssl x509 -noout -in /tmp/sssd-softhsm2-certs-1H30lq/test-intermediate-CA.pem 391s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-1H30lq/test-root-CA.pem /tmp/sssd-softhsm2-certs-1H30lq/test-intermediate-CA.pem 391s /tmp/sssd-softhsm2-certs-1H30lq/test-intermediate-CA.pem: OK 391s + cat 391s + sub_intermediate_ca_key_pass=pass:random-sub-intermediate-CA-password-11057 391s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-certs-1H30lq/test-sub-intermediate-CA-key.pem -passout pass:random-sub-intermediate-CA-password-11057 1024 391s + openssl req -batch -new -nodes -passin pass:random-sub-intermediate-CA-password-11057 -config /tmp/sssd-softhsm2-certs-1H30lq/test-sub-intermediate-CA.config -key /tmp/sssd-softhsm2-certs-1H30lq/test-sub-intermediate-CA-key.pem -passout pass:random-intermediate-CA-password-14591 -sha256 -extensions v3_ca -out /tmp/sssd-softhsm2-certs-1H30lq/test-sub-intermediate-CA-certificate-request.pem 391s + openssl req -text -noout -in /tmp/sssd-softhsm2-certs-1H30lq/test-sub-intermediate-CA-certificate-request.pem 391s Certificate Request: 391s Data: 391s Version: 1 (0x0) 391s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 391s Subject Public Key Info: 391s Public Key Algorithm: rsaEncryption 391s Public-Key: (1024 bit) 391s Modulus: 391s 00:ac:5e:fc:c3:da:7e:53:a8:dc:53:55:f9:6f:2d: 391s 66:4c:82:0f:66:21:56:9d:a6:a8:21:94:2a:92:45: 391s 2c:5b:26:55:7d:b4:56:fe:b7:69:cf:50:26:80:9d: 391s c5:5d:55:e2:2e:9e:0a:f5:2f:31:1d:95:ed:bb:1c: 391s b0:8a:f1:f1:e3:f8:bd:b8:d7:1f:21:5a:71:d1:c7: 391s f4:c6:82:f8:92:1b:cd:a8:ac:37:6a:ca:ed:a1:2b: 391s db:a8:c4:48:c1:24:d7:7f:67:e0:2b:6b:9e:5e:2f: 391s 11:b0:42:ee:9e:87:5a:4b:2b:00:fe:58:ca:e0:07: 391s 3b:3e:e5:7f:8a:4e:d2:b9:a3 391s Exponent: 65537 (0x10001) 391s Attributes: 391s (none) 391s Requested Extensions: 391s Signature Algorithm: sha256WithRSAEncryption 391s Signature Value: 391s 01:23:51:a9:05:c6:9e:d1:a1:e3:9d:16:fe:bf:80:ae:4b:90: 391s 6d:5e:b5:ca:63:85:87:74:22:a2:7e:9b:47:31:de:1e:b1:c0: 391s f1:f4:41:85:cc:5f:15:f6:fd:e3:b7:25:0e:4c:da:dd:ff:db: 391s 13:35:09:9a:86:a9:69:9e:1e:42:95:e2:6e:22:b9:41:4d:2e: 391s 49:40:52:79:e1:3e:88:ee:fe:89:ba:fc:59:51:ef:af:31:28: 391s ce:19:8d:55:cb:13:3d:73:b6:0a:1c:9a:da:81:5b:f8:c6:14: 391s ed:93:88:6d:6c:02:aa:72:db:72:4b:dc:1d:31:a3:b7:2c:3c: 391s e9:38 391s + openssl ca -batch -notext -config /tmp/sssd-softhsm2-certs-1H30lq/test-intermediate-CA.config -passin pass:random-intermediate-CA-password-14591 -keyfile /tmp/sssd-softhsm2-certs-1H30lq/test-intermediate-CA-key.pem -in /tmp/sssd-softhsm2-certs-1H30lq/test-sub-intermediate-CA-certificate-request.pem -days 365 -extensions v3_intermediate_ca -out /tmp/sssd-softhsm2-certs-1H30lq/test-sub-intermediate-CA.pem 391s Using configuration from /tmp/sssd-softhsm2-certs-1H30lq/test-intermediate-CA.config 391s Check that the request matches the signature 391s Signature ok 391s Certificate Details: 391s Serial Number: 2 (0x2) 391s Validity 391s Not Before: Mar 21 17:57:20 2024 GMT 391s Not After : Mar 21 17:57:20 2025 GMT 391s Subject: 391s organizationName = Test Organization 391s organizationalUnitName = Test Organization Unit 391s commonName = Test Organization Sub Intermediate CA 391s X509v3 extensions: 391s X509v3 Subject Key Identifier: 391s 49:30:18:31:BD:FD:10:25:A8:AB:68:32:30:F5:E9:8C:E1:56:54:EF 391s X509v3 Authority Key Identifier: 391s keyid:83:60:58:B2:27:FD:89:2B:AB:9B:8A:10:5A:80:20:DC:F1:B7:36:A1 391s DirName:/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root CA 391s serial:01 391s X509v3 Basic Constraints: 391s CA:TRUE 391s X509v3 Key Usage: critical 391s Digital Signature, Certificate Sign, CRL Sign 391s Certificate is to be certified until Mar 21 17:57:20 2025 GMT (365 days) 391s 391s Write out database with 1 new entries 391s Database updated 391s + openssl x509 -noout -in /tmp/sssd-softhsm2-certs-1H30lq/test-sub-intermediate-CA.pem 391s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-certs-1H30lq/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-1H30lq/test-sub-intermediate-CA.pem 391s /tmp/sssd-softhsm2-certs-1H30lq/test-sub-intermediate-CA.pem: OK 391s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-certs-1H30lq/test-root-CA.pem /tmp/sssd-softhsm2-certs-1H30lq/test-sub-intermediate-CA.pem 391s + local cmd=openssl 391s + shift 391s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-1H30lq/test-root-CA.pem /tmp/sssd-softhsm2-certs-1H30lq/test-sub-intermediate-CA.pem 391s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 391s error 20 at 0 depth lookup: unable to get local issuer certificate 391s error /tmp/sssd-softhsm2-certs-1H30lq/test-sub-intermediate-CA.pem: verification failed 391s + cat 391s + root_ca_trusted_cert_0001_key_pass=pass:random-root-ca-trusted-cert-0001-3240 391s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-certs-1H30lq/test-root-CA-trusted-certificate-0001-key.pem -passout pass:random-root-ca-trusted-cert-0001-3240 1024 391s + openssl req -new -nodes -reqexts req_exts -passin pass:random-root-ca-trusted-cert-0001-3240 -key /tmp/sssd-softhsm2-certs-1H30lq/test-root-CA-trusted-certificate-0001-key.pem -config /tmp/sssd-softhsm2-certs-1H30lq/test-root-CA-trusted-certificate-0001.config -out /tmp/sssd-softhsm2-certs-1H30lq/test-root-CA-trusted-certificate-0001-request.pem 391s + openssl req -text -noout -in /tmp/sssd-softhsm2-certs-1H30lq/test-root-CA-trusted-certificate-0001-request.pem 391s Certificate Request: 391s Data: 391s Version: 1 (0x0) 391s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 391s Subject Public Key Info: 391s Public Key Algorithm: rsaEncryption 391s Public-Key: (1024 bit) 391s Modulus: 391s 00:df:12:ea:be:4b:f9:cf:af:f4:2b:69:c8:4d:f2: 391s 15:e2:6d:ff:95:17:43:c4:b8:2d:aa:a0:32:08:48: 391s a1:ce:f8:a1:90:5f:97:02:f9:c5:14:bd:cc:d6:02: 391s 29:43:9b:c6:79:6e:89:21:34:4d:5d:25:da:6b:31: 391s ea:0c:62:b1:91:5c:b2:6a:c5:fa:c2:92:65:59:eb: 391s af:5a:85:09:c7:af:b9:e4:35:e2:16:6a:3a:18:3b: 391s 2d:52:3f:43:9c:93:0f:71:61:48:47:d6:58:d7:25: 391s aa:49:75:fb:ba:ad:94:dd:d1:7f:ee:53:53:47:db: 391s 72:28:f0:c8:72:40:b9:2c:df 391s Exponent: 65537 (0x10001) 391s Attributes: 391s Requested Extensions: 391s X509v3 Basic Constraints: 391s CA:FALSE 391s Netscape Cert Type: 391s SSL Client, S/MIME 391s Netscape Comment: 391s Test Organization Root CA trusted Certificate 391s X509v3 Subject Key Identifier: 391s E5:30:0A:26:A0:43:53:DF:28:01:7D:EC:03:A2:61:A0:21:56:D0:F6 391s X509v3 Key Usage: critical 391s Digital Signature, Non Repudiation, Key Encipherment 391s X509v3 Extended Key Usage: 391s TLS Web Client Authentication, E-mail Protection 391s X509v3 Subject Alternative Name: 391s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 391s Signature Algorithm: sha256WithRSAEncryption 391s Signature Value: 391s 45:f3:aa:06:de:bf:b7:8b:d2:91:9a:be:55:61:d6:65:e4:eb: 391s 39:79:e5:9b:78:6d:71:50:45:dd:d2:40:8e:67:53:f5:c6:0d: 391s 73:70:3d:57:48:01:14:79:04:18:cd:12:0a:18:35:3c:7d:20: 391s 69:bd:00:b6:36:f1:e7:8b:5b:59:db:57:af:d8:43:7f:cb:70: 391s 25:69:90:94:c1:8c:c5:21:12:15:9b:9b:f4:26:28:f5:5d:6d: 391s ad:58:fc:22:6c:51:aa:94:de:24:69:6e:bc:4e:a5:30:11:c9: 391s c8:06:70:3c:f5:64:a8:a1:88:c6:8a:4f:5a:a7:e3:87:ac:62: 391s 5d:16 391s + openssl ca -batch -notext -config /tmp/sssd-softhsm2-certs-1H30lq/test-root-CA.config -passin pass:random-root-CA-password-628 -keyfile /tmp/sssd-softhsm2-certs-1H30lq/test-root-CA-key.pem -in /tmp/sssd-softhsm2-certs-1H30lq/test-root-CA-trusted-certificate-0001-request.pem -days 365 -extensions usr_cert -out /tmp/sssd-softhsm2-certs-1H30lq/test-root-CA-trusted-certificate-0001.pem 391s Using configuration from /tmp/sssd-softhsm2-certs-1H30lq/test-root-CA.config 391s Check that the request matches the signature 391s Signature ok 391s Certificate Details: 391s Serial Number: 3 (0x3) 391s Validity 391s Not Before: Mar 21 17:57:20 2024 GMT 391s Not After : Mar 21 17:57:20 2025 GMT 391s Subject: 391s organizationName = Test Organization 391s organizationalUnitName = Test Organization Unit 391s commonName = Test Organization Root Trusted Certificate 0001 391s X509v3 extensions: 391s X509v3 Authority Key Identifier: 391s 43:C3:82:01:6C:00:03:80:DB:64:DE:12:00:10:6D:B0:F3:54:4D:49 391s X509v3 Basic Constraints: 391s CA:FALSE 391s Netscape Cert Type: 391s SSL Client, S/MIME 391s Netscape Comment: 391s Test Organization Root CA trusted Certificate 391s X509v3 Subject Key Identifier: 391s E5:30:0A:26:A0:43:53:DF:28:01:7D:EC:03:A2:61:A0:21:56:D0:F6 391s X509v3 Key Usage: critical 391s Digital Signature, Non Repudiation, Key Encipherment 391s X509v3 Extended Key Usage: 391s TLS Web Client Authentication, E-mail Protection 391s X509v3 Subject Alternative Name: 391s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 391s Certificate is to be certified until Mar 21 17:57:20 2025 GMT (365 days) 391s 391s Write out database with 1 new entries 391s Database updated 391s + openssl x509 -noout -in /tmp/sssd-softhsm2-certs-1H30lq/test-root-CA-trusted-certificate-0001.pem 391s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-1H30lq/test-root-CA.pem /tmp/sssd-softhsm2-certs-1H30lq/test-root-CA-trusted-certificate-0001.pem 391s /tmp/sssd-softhsm2-certs-1H30lq/test-root-CA-trusted-certificate-0001.pem: OK 391s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-certs-1H30lq/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-1H30lq/test-root-CA-trusted-certificate-0001.pem 391s + local cmd=openssl 391s + shift 391s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-1H30lq/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-1H30lq/test-root-CA-trusted-certificate-0001.pem 391s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 391s error 20 at 0 depth lookup: unable to get local issuer certificate 391s error /tmp/sssd-softhsm2-certs-1H30lq/test-root-CA-trusted-certificate-0001.pem: verification failed 391s + cat 391s + intermediate_ca_trusted_cert_0001_key_pass=pass:random-intermediate-ca-trusted-cert-0001-17803 391s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-certs-1H30lq/test-intermediate-CA-trusted-certificate-0001-key.pem -passout pass:random-intermediate-ca-trusted-cert-0001-17803 1024 391s + openssl req -new -nodes -reqexts req_exts -passin pass:random-intermediate-ca-trusted-cert-0001-17803 -key /tmp/sssd-softhsm2-certs-1H30lq/test-intermediate-CA-trusted-certificate-0001-key.pem -config /tmp/sssd-softhsm2-certs-1H30lq/test-intermediate-CA-trusted-certificate-0001.config -out /tmp/sssd-softhsm2-certs-1H30lq/test-intermediate-CA-trusted-certificate-0001-request.pem 391s + openssl req -text -noout -in /tmp/sssd-softhsm2-certs-1H30lq/test-intermediate-CA-trusted-certificate-0001-request.pem 391s Certificate Request: 391s Data: 391s Version: 1 (0x0) 391s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 391s Subject Public Key Info: 391s Public Key Algorithm: rsaEncryption 391s Public-Key: (1024 bit) 391s Modulus: 391s 00:cd:8e:57:ee:f9:17:17:5e:54:24:55:2f:e6:03: 391s f7:39:aa:a9:6a:2f:f1:d2:af:4e:43:d4:0d:6d:fc: 391s 61:42:e7:44:86:9d:4b:f3:c7:37:fa:eb:49:1b:3d: 391s 64:92:05:ca:e0:f8:b3:49:69:8c:7e:2c:ae:5f:66: 391s f1:fd:08:1b:47:1b:30:94:34:7c:0a:99:ef:e6:99: 391s d9:29:a2:d4:4e:56:70:8b:31:b9:3f:e0:06:b5:37: 391s cf:75:76:2c:cd:06:8d:4c:19:bb:62:3d:43:7b:f2: 391s ef:15:f0:df:1f:6d:b4:fe:01:57:8d:a1:e7:09:36: 391s 10:2b:af:5e:63:cf:bc:be:4b 391s Exponent: 65537 (0x10001) 391s Attributes: 391s Requested Extensions: 391s X509v3 Basic Constraints: 391s CA:FALSE 391s Netscape Cert Type: 391s SSL Client, S/MIME 391s Netscape Comment: 391s Test Organization Intermediate CA trusted Certificate 391s X509v3 Subject Key Identifier: 391s 28:12:90:D5:CC:EF:E7:6B:A7:6E:BC:0D:29:C4:32:9F:EE:D3:BB:90 391s X509v3 Key Usage: critical 391s Digital Signature, Non Repudiation, Key Encipherment 391s X509v3 Extended Key Usage: 391s TLS Web Client Authentication, E-mail Protection 391s X509v3 Subject Alternative Name: 391s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 391s Signature Algorithm: sha256WithRSAEncryption 391s Signature Value: 391s 0e:0f:f0:98:11:75:18:09:5c:8c:a4:f8:0e:06:c5:1f:92:e6: 391s 1c:27:0d:0c:5c:45:f1:1b:09:8b:4d:03:b4:28:f9:4d:e3:cd: 391s fb:76:44:75:82:3a:d9:e1:41:83:1f:34:b1:86:50:31:3d:91: 391s d2:18:f1:8e:bd:dc:ea:d6:b2:2d:e4:2c:f3:2a:59:fd:a2:e7: 391s 87:7c:a9:ce:35:e9:7f:a4:69:9b:6a:01:29:f5:d3:b3:c7:b7: 391s 72:ce:1f:47:b7:f2:1e:fd:1a:ca:19:1d:e2:33:15:de:f0:1b: 391s 91:63:8c:49:fe:69:4e:88:57:cc:c4:c4:23:07:d9:43:7c:a2: 391s 7d:fa 391s + openssl ca -passin pass:random-intermediate-CA-password-14591 -config /tmp/sssd-softhsm2-certs-1H30lq/test-intermediate-CA.config -batch -notext -keyfile /tmp/sssd-softhsm2-certs-1H30lq/test-intermediate-CA-key.pem -in /tmp/sssd-softhsm2-certs-1H30lq/test-intermediate-CA-trusted-certificate-0001-request.pem -days 365 -extensions usr_cert -out /tmp/sssd-softhsm2-certs-1H30lq/test-intermediate-CA-trusted-certificate-0001.pem 391s Using configuration from /tmp/sssd-softhsm2-certs-1H30lq/test-intermediate-CA.config 391s Check that the request matches the signature 391s Signature ok 391s Certificate Details: 391s Serial Number: 4 (0x4) 391s Validity 391s Not Before: Mar 21 17:57:20 2024 GMT 391s Not After : Mar 21 17:57:20 2025 GMT 391s Subject: 391s organizationName = Test Organization 391s organizationalUnitName = Test Organization Unit 391s commonName = Test Organization Intermediate Trusted Certificate 0001 391s X509v3 extensions: 391s X509v3 Authority Key Identifier: 391s 83:60:58:B2:27:FD:89:2B:AB:9B:8A:10:5A:80:20:DC:F1:B7:36:A1 391s X509v3 Basic Constraints: 391s CA:FALSE 391s Netscape Cert Type: 391s SSL Client, S/MIME 391s Netscape Comment: 391s Test Organization Intermediate CA trusted Certificate 391s X509v3 Subject Key Identifier: 391s 28:12:90:D5:CC:EF:E7:6B:A7:6E:BC:0D:29:C4:32:9F:EE:D3:BB:90 391s X509v3 Key Usage: critical 391s Digital Signature, Non Repudiation, Key Encipherment 391s X509v3 Extended Key Usage: 391s TLS Web Client Authentication, E-mail Protection 391s X509v3 Subject Alternative Name: 391s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 391s Certificate is to be certified until Mar 21 17:57:20 2025 GMT (365 days) 391s 391s Write out database with 1 new entries 391s Database updated 391s + openssl x509 -noout -in /tmp/sssd-softhsm2-certs-1H30lq/test-intermediate-CA-trusted-certificate-0001.pem 391s This certificate should not be trusted fully 391s + echo 'This certificate should not be trusted fully' 391s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-certs-1H30lq/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-1H30lq/test-intermediate-CA-trusted-certificate-0001.pem 391s + local cmd=openssl 391s + shift 391s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-1H30lq/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-1H30lq/test-intermediate-CA-trusted-certificate-0001.pem 391s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 391s error 2 at 1 depth lookup: unable to get issuer certificate 391s error /tmp/sssd-softhsm2-certs-1H30lq/test-intermediate-CA-trusted-certificate-0001.pem: verification failed 391s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-certs-1H30lq/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-1H30lq/test-intermediate-CA-trusted-certificate-0001.pem 391s /tmp/sssd-softhsm2-certs-1H30lq/test-intermediate-CA-trusted-certificate-0001.pem: OK 391s + cat 391s + sub_intermediate_ca_trusted_cert_0001_key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-7086 391s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-certs-1H30lq/test-sub-intermediate-CA-trusted-certificate-0001-key.pem -passout pass:random-sub-intermediate-ca-trusted-cert-0001-7086 1024 392s + openssl req -new -nodes -reqexts req_exts -passin pass:random-sub-intermediate-ca-trusted-cert-0001-7086 -key /tmp/sssd-softhsm2-certs-1H30lq/test-sub-intermediate-CA-trusted-certificate-0001-key.pem -config /tmp/sssd-softhsm2-certs-1H30lq/test-sub-intermediate-CA-trusted-certificate-0001.config -out /tmp/sssd-softhsm2-certs-1H30lq/test-sub-intermediate-CA-trusted-certificate-0001-request.pem 392s + openssl req -text -noout -in /tmp/sssd-softhsm2-certs-1H30lq/test-sub-intermediate-CA-trusted-certificate-0001-request.pem 392s Certificate Request: 392s Data: 392s Version: 1 (0x0) 392s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 392s Subject Public Key Info: 392s Public Key Algorithm: rsaEncryption 392s Public-Key: (1024 bit) 392s Modulus: 392s 00:ab:d4:60:54:56:b3:23:51:5d:5f:0d:24:6d:96: 392s d8:ed:10:07:aa:a8:63:3c:3f:ef:ee:16:23:a5:79: 392s 55:f8:21:44:3e:d6:27:13:a7:27:ab:8e:e1:1f:47: 392s 6e:1a:37:0d:74:5a:82:31:45:e2:c7:04:03:ee:bd: 392s f0:19:ab:0d:ca:94:f3:a8:c4:eb:03:86:28:19:c6: 392s 01:f5:64:a0:e2:59:73:1f:28:7c:6f:80:dd:6b:d5: 392s d5:d6:b2:02:66:75:05:da:5e:56:cd:89:99:b4:84: 392s 42:bf:8f:95:be:71:42:57:ad:0f:b6:cc:5d:f4:d5: 392s ce:c2:23:52:49:35:f5:15:59 392s Exponent: 65537 (0x10001) 392s Attributes: 392s Requested Extensions: 392s X509v3 Basic Constraints: 392s CA:FALSE 392s Netscape Cert Type: 392s SSL Client, S/MIME 392s Netscape Comment: 392s Test Organization Sub Intermediate CA trusted Certificate 392s X509v3 Subject Key Identifier: 392s 3F:FE:C1:A9:33:50:8E:2A:81:39:54:3A:D9:C9:4F:D2:23:D7:C9:33 392s X509v3 Key Usage: critical 392s Digital Signature, Non Repudiation, Key Encipherment 392s X509v3 Extended Key Usage: 392s TLS Web Client Authentication, E-mail Protection 392s X509v3 Subject Alternative Name: 392s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 392s Signature Algorithm: sha256WithRSAEncryption 392s Signature Value: 392s 9b:1b:85:53:9f:cc:de:f1:fe:60:84:fb:e5:2e:61:f6:8c:ff: 392s eb:89:59:f7:a4:ab:48:ee:7c:17:7c:7a:fa:e7:47:f8:9d:5f: 392s f2:cf:a1:1c:66:11:ff:7d:59:24:e7:48:81:fa:83:53:07:8b: 392s 23:7f:38:ff:d2:e0:1c:ae:22:d0:7c:42:27:0e:43:8c:41:6a: 392s db:8a:ea:c5:e0:73:99:e2:3c:de:06:94:63:37:ff:cc:3a:34: 392s 8d:99:52:7a:c3:17:14:28:78:06:d4:9d:49:e3:da:5c:51:69: 392s 69:1a:11:b8:11:1b:a3:65:99:51:2b:7b:db:7f:eb:fe:74:14: 392s 9a:b8 392s + openssl ca -passin pass:random-sub-intermediate-CA-password-11057 -config /tmp/sssd-softhsm2-certs-1H30lq/test-sub-intermediate-CA.config -batch -notext -keyfile /tmp/sssd-softhsm2-certs-1H30lq/test-sub-intermediate-CA-key.pem -in /tmp/sssd-softhsm2-certs-1H30lq/test-sub-intermediate-CA-trusted-certificate-0001-request.pem -days 365 -extensions usr_cert -out /tmp/sssd-softhsm2-certs-1H30lq/test-sub-intermediate-CA-trusted-certificate-0001.pem 392s Using configuration from /tmp/sssd-softhsm2-certs-1H30lq/test-sub-intermediate-CA.config 392s Check that the request matches the signature 392s Signature ok 392s Certificate Details: 392s Serial Number: 5 (0x5) 392s Validity 392s Not Before: Mar 21 17:57:21 2024 GMT 392s Not After : Mar 21 17:57:21 2025 GMT 392s Subject: 392s organizationName = Test Organization 392s organizationalUnitName = Test Organization Unit 392s commonName = Test Organization Sub Intermediate Trusted Certificate 0001 392s X509v3 extensions: 392s X509v3 Authority Key Identifier: 392s 49:30:18:31:BD:FD:10:25:A8:AB:68:32:30:F5:E9:8C:E1:56:54:EF 392s X509v3 Basic Constraints: 392s CA:FALSE 392s Netscape Cert Type: 392s SSL Client, S/MIME 392s Netscape Comment: 392s Test Organization Sub Intermediate CA trusted Certificate 392s X509v3 Subject Key Identifier: 392s 3F:FE:C1:A9:33:50:8E:2A:81:39:54:3A:D9:C9:4F:D2:23:D7:C9:33 392s X509v3 Key Usage: critical 392s Digital Signature, Non Repudiation, Key Encipherment 392s X509v3 Extended Key Usage: 392s TLS Web Client Authentication, E-mail Protection 392s X509v3 Subject Alternative Name: 392s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 392s Certificate is to be certified until Mar 21 17:57:21 2025 GMT (365 days) 392s 392s Write out database with 1 new entries 392s Database updated 392s + openssl x509 -noout -in /tmp/sssd-softhsm2-certs-1H30lq/test-sub-intermediate-CA-trusted-certificate-0001.pem 392s This certificate should not be trusted fully 392s + echo 'This certificate should not be trusted fully' 392s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-certs-1H30lq/test-sub-intermediate-CA.pem /tmp/sssd-softhsm2-certs-1H30lq/test-sub-intermediate-CA-trusted-certificate-0001.pem 392s + local cmd=openssl 392s + shift 392s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-1H30lq/test-sub-intermediate-CA.pem /tmp/sssd-softhsm2-certs-1H30lq/test-sub-intermediate-CA-trusted-certificate-0001.pem 392s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 392s error 2 at 1 depth lookup: unable to get issuer certificate 392s error /tmp/sssd-softhsm2-certs-1H30lq/test-sub-intermediate-CA-trusted-certificate-0001.pem: verification failed 392s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-certs-1H30lq/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-1H30lq/test-sub-intermediate-CA-trusted-certificate-0001.pem 392s + local cmd=openssl 392s + shift 392s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-1H30lq/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-1H30lq/test-sub-intermediate-CA-trusted-certificate-0001.pem 392s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 392s error 20 at 0 depth lookup: unable to get local issuer certificate 392s error /tmp/sssd-softhsm2-certs-1H30lq/test-sub-intermediate-CA-trusted-certificate-0001.pem: verification failed 392s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-certs-1H30lq/test-sub-intermediate-CA.pem /tmp/sssd-softhsm2-certs-1H30lq/test-sub-intermediate-CA-trusted-certificate-0001.pem 392s /tmp/sssd-softhsm2-certs-1H30lq/test-sub-intermediate-CA-trusted-certificate-0001.pem: OK 392s + expect_fail openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-certs-1H30lq/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-1H30lq/test-sub-intermediate-CA-trusted-certificate-0001.pem 392s + local cmd=openssl 392s + shift 392s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-certs-1H30lq/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-1H30lq/test-sub-intermediate-CA-trusted-certificate-0001.pem 392s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 392s error 20 at 0 depth lookup: unable to get local issuer certificate 392s error /tmp/sssd-softhsm2-certs-1H30lq/test-sub-intermediate-CA-trusted-certificate-0001.pem: verification failed 392s + echo 'Building a the full-chain CA file...' 392s + cat /tmp/sssd-softhsm2-certs-1H30lq/test-root-CA.pem /tmp/sssd-softhsm2-certs-1H30lq/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-1H30lq/test-sub-intermediate-CA.pem 392s Building a the full-chain CA file... 392s + cat /tmp/sssd-softhsm2-certs-1H30lq/test-root-CA.pem /tmp/sssd-softhsm2-certs-1H30lq/test-intermediate-CA.pem 392s + cat /tmp/sssd-softhsm2-certs-1H30lq/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-1H30lq/test-sub-intermediate-CA.pem 392s + openssl crl2pkcs7 -nocrl -certfile /tmp/sssd-softhsm2-certs-1H30lq/test-full-chain-CA.pem 392s + openssl pkcs7 -print_certs -noout 392s subject=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 392s issuer=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 392s 392s subject=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 392s issuer=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 392s 392s subject=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 392s issuer=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 392s 392s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-1H30lq/test-full-chain-CA.pem /tmp/sssd-softhsm2-certs-1H30lq/test-intermediate-CA.pem 392s /tmp/sssd-softhsm2-certs-1H30lq/test-intermediate-CA.pem: OK 392s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-1H30lq/test-full-chain-CA.pem /tmp/sssd-softhsm2-certs-1H30lq/test-root-CA-trusted-certificate-0001.pem 392s /tmp/sssd-softhsm2-certs-1H30lq/test-root-CA-trusted-certificate-0001.pem: OK 392s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-1H30lq/test-full-chain-CA.pem /tmp/sssd-softhsm2-certs-1H30lq/test-intermediate-CA-trusted-certificate-0001.pem 392s /tmp/sssd-softhsm2-certs-1H30lq/test-intermediate-CA-trusted-certificate-0001.pem: OK 392s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-1H30lq/test-full-chain-CA.pem /tmp/sssd-softhsm2-certs-1H30lq/test-root-intermediate-chain-CA.pem 392s /tmp/sssd-softhsm2-certs-1H30lq/test-root-intermediate-chain-CA.pem: OK 392s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-1H30lq/test-full-chain-CA.pem /tmp/sssd-softhsm2-certs-1H30lq/test-sub-intermediate-CA-trusted-certificate-0001.pem 392s /tmp/sssd-softhsm2-certs-1H30lq/test-sub-intermediate-CA-trusted-certificate-0001.pem: OK 392s Certificates generation completed! 392s + echo 'Certificates generation completed!' 392s + [[ -v NO_SSSD_TESTS ]] 392s + [[ -v GENERATE_SMART_CARDS ]] 392s + prepare_softhsm2_card /tmp/sssd-softhsm2-certs-1H30lq/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-3240 392s + local certificate=/tmp/sssd-softhsm2-certs-1H30lq/test-root-CA-trusted-certificate-0001.pem 392s + local key_pass=pass:random-root-ca-trusted-cert-0001-3240 392s + local key_cn 392s + local key_name 392s + local tokens_dir 392s + local output_cert_file 392s + token_name= 392s ++ basename /tmp/sssd-softhsm2-certs-1H30lq/test-root-CA-trusted-certificate-0001.pem .pem 392s + key_name=test-root-CA-trusted-certificate-0001 392s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-certs-1H30lq/test-root-CA-trusted-certificate-0001.pem 392s ++ sed -n 's/ *commonName *= //p' 392s + key_cn='Test Organization Root Trusted Certificate 0001' 392s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 392s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-certs-1H30lq/softhsm2-test-root-CA-trusted-certificate-0001.conf 392s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-certs-1H30lq/softhsm2-test-root-CA-trusted-certificate-0001.conf 392s ++ basename /tmp/sssd-softhsm2-certs-1H30lq/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 392s + tokens_dir=/tmp/sssd-softhsm2-certs-1H30lq/softhsm2-test-root-CA-trusted-certificate-0001 392s + token_name='Test Organization Root Tr Token' 392s + '[' '!' -e /tmp/sssd-softhsm2-certs-1H30lq/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 392s + local key_file 392s + local decrypted_key 392s + mkdir -p /tmp/sssd-softhsm2-certs-1H30lq/softhsm2-test-root-CA-trusted-certificate-0001 392s + key_file=/tmp/sssd-softhsm2-certs-1H30lq/test-root-CA-trusted-certificate-0001-key.pem 392s + decrypted_key=/tmp/sssd-softhsm2-certs-1H30lq/test-root-CA-trusted-certificate-0001-key-decrypted.pem 392s + cat 392s + softhsm2-util --init-token --label 'Test Organization Root Tr Token' --pin 123456 --so-pin 123456 --free 392s Slot 0 has a free/uninitialized token. 392s The token has been initialized and is reassigned to slot 597829412 392s + softhsm2-util --show-slots 392s Available slots: 392s Slot 597829412 392s Slot info: 392s Description: SoftHSM slot ID 0x23a22724 392s Manufacturer ID: SoftHSM project 392s Hardware version: 2.6 392s Firmware version: 2.6 392s Token present: yes 392s Token info: 392s Manufacturer ID: SoftHSM project 392s Model: SoftHSM v2 392s Hardware version: 2.6 392s Firmware version: 2.6 392s Serial number: a94d0de1a3a22724 392s Initialized: yes 392s User PIN init.: yes 392s Label: Test Organization Root Tr Token 392s Slot 1 392s Slot info: 392s Description: SoftHSM slot ID 0x1 392s Manufacturer ID: SoftHSM project 392s Hardware version: 2.6 392s Firmware version: 2.6 392s Token present: yes 392s Token info: 392s Manufacturer ID: SoftHSM project 392s Model: SoftHSM v2 392s Hardware version: 2.6 392s Firmware version: 2.6 392s Serial number: 392s Initialized: no 392s User PIN init.: no 392s Label: 392s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=/tmp/sssd-softhsm2-certs-1H30lq/test-root-CA-trusted-certificate-0001.pem --login --set-pin=123456 --label 'Test Organization Root Trusted Certificate 0001' --id 00112233445566778899FFAABBCCDDEEFF012345 392s + openssl rsa -passin pass:random-root-ca-trusted-cert-0001-3240 -in /tmp/sssd-softhsm2-certs-1H30lq/test-root-CA-trusted-certificate-0001-key.pem -out /tmp/sssd-softhsm2-certs-1H30lq/test-root-CA-trusted-certificate-0001-key-decrypted.pem 392s writing RSA key 392s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --write --load-privkey=/tmp/sssd-softhsm2-certs-1H30lq/test-root-CA-trusted-certificate-0001-key-decrypted.pem --login --set-pin=123456 --label 'Test Organization Root Trusted Certificate 0001 Key' --id 00112233445566778899FFAABBCCDDEEFF012345 392s + rm /tmp/sssd-softhsm2-certs-1H30lq/test-root-CA-trusted-certificate-0001-key-decrypted.pem 392s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --list-all 392s Object 0: 392s URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=a94d0de1a3a22724;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert 392s Type: X.509 Certificate (RSA-1024) 392s Expires: Fri Mar 21 17:57:20 2025 392s Label: Test Organization Root Trusted Certificate 0001 392s ID: 00:11:22:33:44:55:66:77:88:99:ff:aa:bb:cc:dd:ee:ff:01:23:45 392s 392s + echo 'Test Organization Root Tr Token' 392s + prepare_softhsm2_card /tmp/sssd-softhsm2-certs-1H30lq/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-17803 392s + local certificate=/tmp/sssd-softhsm2-certs-1H30lq/test-intermediate-CA-trusted-certificate-0001.pem 392s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-17803 392s + local key_cn 392s + local key_name 392s + local tokens_dir 392s + local output_cert_file 392s + token_name= 392s Test Organization Root Tr Token 392s ++ basename /tmp/sssd-softhsm2-certs-1H30lq/test-intermediate-CA-trusted-certificate-0001.pem .pem 392s + key_name=test-intermediate-CA-trusted-certificate-0001 392s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-certs-1H30lq/test-intermediate-CA-trusted-certificate-0001.pem 392s ++ sed -n 's/ *commonName *= //p' 392s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 392s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 392s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-certs-1H30lq/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 392s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-certs-1H30lq/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 392s ++ basename /tmp/sssd-softhsm2-certs-1H30lq/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 392s + tokens_dir=/tmp/sssd-softhsm2-certs-1H30lq/softhsm2-test-intermediate-CA-trusted-certificate-0001 392s + token_name='Test Organization Interme Token' 392s + '[' '!' -e /tmp/sssd-softhsm2-certs-1H30lq/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 392s + local key_file 392s + local decrypted_key 392s + mkdir -p /tmp/sssd-softhsm2-certs-1H30lq/softhsm2-test-intermediate-CA-trusted-certificate-0001 392s + key_file=/tmp/sssd-softhsm2-certs-1H30lq/test-intermediate-CA-trusted-certificate-0001-key.pem 392s + decrypted_key=/tmp/sssd-softhsm2-certs-1H30lq/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 392s + cat 392s + softhsm2-util --init-token --label 'Test Organization Interme Token' --pin 123456 --so-pin 123456 --free 392s Slot 0 has a free/uninitialized token. 392s The token has been initialized and is reassigned to slot 384279140 392s + softhsm2-util --show-slots 392s Available slots: 392s Slot 384279140 392s Slot info: 392s Description: SoftHSM slot ID 0x16e7a264 392s Manufacturer ID: SoftHSM project 392s Hardware version: 2.6 392s Firmware version: 2.6 392s Token present: yes 392s Token info: 392s Manufacturer ID: SoftHSM project 392s Model: SoftHSM v2 392s Hardware version: 2.6 392s Firmware version: 2.6 392s Serial number: 7346d2e816e7a264 392s Initialized: yes 392s User PIN init.: yes 392s Label: Test Organization Interme Token 392s Slot 1 392s Slot info: 392s Description: SoftHSM slot ID 0x1 392s Manufacturer ID: SoftHSM project 392s Hardware version: 2.6 392s Firmware version: 2.6 392s Token present: yes 392s Token info: 392s Manufacturer ID: SoftHSM project 392s Model: SoftHSM v2 392s Hardware version: 2.6 392s Firmware version: 2.6 392s Serial number: 392s Initialized: no 392s User PIN init.: no 392s Label: 392s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=/tmp/sssd-softhsm2-certs-1H30lq/test-intermediate-CA-trusted-certificate-0001.pem --login --set-pin=123456 --label 'Test Organization Intermediate Trusted Certificate 0001' --id 00112233445566778899FFAABBCCDDEEFF012345 392s + openssl rsa -passin pass:random-intermediate-ca-trusted-cert-0001-17803 -in /tmp/sssd-softhsm2-certs-1H30lq/test-intermediate-CA-trusted-certificate-0001-key.pem -out /tmp/sssd-softhsm2-certs-1H30lq/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 392s writing RSA key 392s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --write --load-privkey=/tmp/sssd-softhsm2-certs-1H30lq/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem --login --set-pin=123456 --label 'Test Organization Intermediate Trusted Certificate 0001 Key' --id 00112233445566778899FFAABBCCDDEEFF012345 392s + rm /tmp/sssd-softhsm2-certs-1H30lq/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 392s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --list-all 392s Object 0: 392s URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=7346d2e816e7a264;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert 392s Type: X.509 Certificate (RSA-1024) 392s Expires: Fri Mar 21 17:57:20 2025 392s Label: Test Organization Intermediate Trusted Certificate 0001 392s ID: 00:11:22:33:44:55:66:77:88:99:ff:aa:bb:cc:dd:ee:ff:01:23:45 392s 392s Test Organization Interme Token 392s + echo 'Test Organization Interme Token' 392s + prepare_softhsm2_card /tmp/sssd-softhsm2-certs-1H30lq/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-7086 392s + local certificate=/tmp/sssd-softhsm2-certs-1H30lq/test-sub-intermediate-CA-trusted-certificate-0001.pem 392s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-7086 392s + local key_cn 392s + local key_name 392s + local tokens_dir 392s + local output_cert_file 392s + token_name= 392s ++ basename /tmp/sssd-softhsm2-certs-1H30lq/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 392s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 392s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-certs-1H30lq/test-sub-intermediate-CA-trusted-certificate-0001.pem 392s ++ sed -n 's/ *commonName *= //p' 392s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 392s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 392s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-certs-1H30lq/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 392s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-certs-1H30lq/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 392s ++ basename /tmp/sssd-softhsm2-certs-1H30lq/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 392s + tokens_dir=/tmp/sssd-softhsm2-certs-1H30lq/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 392s + token_name='Test Organization Sub Int Token' 392s + '[' '!' -e /tmp/sssd-softhsm2-certs-1H30lq/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 392s + local key_file 392s + local decrypted_key 392s + mkdir -p /tmp/sssd-softhsm2-certs-1H30lq/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 392s + key_file=/tmp/sssd-softhsm2-certs-1H30lq/test-sub-intermediate-CA-trusted-certificate-0001-key.pem 392s + decrypted_key=/tmp/sssd-softhsm2-certs-1H30lq/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 392s + cat 392s + softhsm2-util --init-token --label 'Test Organization Sub Int Token' --pin 123456 --so-pin 123456 --free 392s Slot 0 has a free/uninitialized token. 392s The token has been initialized and is reassigned to slot 170999592 392s + softhsm2-util --show-slots 392s Available slots: 392s Slot 170999592 392s Slot info: 392s Description: SoftHSM slot ID 0xa313f28 392s Manufacturer ID: SoftHSM project 392s Hardware version: 2.6 392s Firmware version: 2.6 392s Token present: yes 392s Token info: 392s Manufacturer ID: SoftHSM project 392s Model: SoftHSM v2 392s Hardware version: 2.6 392s Firmware version: 2.6 392s Serial number: 63d196aa0a313f28 392s Initialized: yes 392s User PIN init.: yes 392s Label: Test Organization Sub Int Token 392s Slot 1 392s Slot info: 392s Description: SoftHSM slot ID 0x1 392s Manufacturer ID: SoftHSM project 392s Hardware version: 2.6 392s Firmware version: 2.6 392s Token present: yes 392s Token info: 392s Manufacturer ID: SoftHSM project 392s Model: SoftHSM v2 392s Hardware version: 2.6 392s Firmware version: 2.6 392s Serial number: 392s Initialized: no 392s User PIN init.: no 392s Label: 392s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=/tmp/sssd-softhsm2-certs-1H30lq/test-sub-intermediate-CA-trusted-certificate-0001.pem --login --set-pin=123456 --label 'Test Organization Sub Intermediate Trusted Certificate 0001' --id 00112233445566778899FFAABBCCDDEEFF012345 392s + openssl rsa -passin pass:random-sub-intermediate-ca-trusted-cert-0001-7086 -in /tmp/sssd-softhsm2-certs-1H30lq/test-sub-intermediate-CA-trusted-certificate-0001-key.pem -out /tmp/sssd-softhsm2-certs-1H30lq/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 392s writing RSA key 392s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --write --load-privkey=/tmp/sssd-softhsm2-certs-1H30lq/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem --login --set-pin=123456 --label 'Test Organization Sub Intermediate Trusted Certificate 0001 Key' --id 00112233445566778899FFAABBCCDDEEFF012345 392s + rm /tmp/sssd-softhsm2-certs-1H30lq/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 392s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --list-all 392s Object 0: 392s URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=63d196aa0a313f28;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert 392s Type: X.509 Certificate (RSA-1024) 392s Expires: Fri Mar 21 17:57:21 2025 392s Label: Test Organization Sub Intermediate Trusted Certificate 0001 392s ID: 00:11:22:33:44:55:66:77:88:99:ff:aa:bb:cc:dd:ee:ff:01:23:45 392s 392s Test Organization Sub Int Token 392s + echo 'Test Organization Sub Int Token' 392s + echo 'Certificates generation completed!' 392s + exit 0 392s Certificates generation completed! 392s + find /tmp/sssd-softhsm2-certs-1H30lq -type d -exec chmod 777 '{}' ';' 392s + find /tmp/sssd-softhsm2-certs-1H30lq -type f -exec chmod 666 '{}' ';' 392s + backup_file /etc/sssd/sssd.conf 392s + '[' -z '' ']' 392s ++ mktemp -d -t sssd-softhsm2-backups-XXXXXX 392s + backupsdir=/tmp/sssd-softhsm2-backups-QpqUjX 392s + '[' -e /etc/sssd/sssd.conf ']' 392s + delete_paths+=("$1") 392s + rm -f /etc/sssd/sssd.conf 392s ++ runuser -u ubuntu -- sh -c 'echo ~' 392s + user_home=/home/ubuntu 392s + mkdir -p /home/ubuntu 392s + chown ubuntu:ubuntu /home/ubuntu 392s ++ runuser -u ubuntu -- sh -c 'echo ${XDG_CONFIG_HOME:-~/.config}' 392s + user_config=/home/ubuntu/.config 392s + system_config=/etc 392s + softhsm2_conf_paths=("${AUTOPKGTEST_NORMAL_USER}:$user_config/softhsm2/softhsm2.conf" "root:$system_config/softhsm/softhsm2.conf") 392s + for path_pair in "${softhsm2_conf_paths[@]}" 392s + IFS=: 392s + read -r -a path 392s + path=/home/ubuntu/.config/softhsm2/softhsm2.conf 392s + backup_file /home/ubuntu/.config/softhsm2/softhsm2.conf 392s + '[' -z /tmp/sssd-softhsm2-backups-QpqUjX ']' 392s + '[' -e /home/ubuntu/.config/softhsm2/softhsm2.conf ']' 392s + delete_paths+=("$1") 392s + rm -f /home/ubuntu/.config/softhsm2/softhsm2.conf 392s + for path_pair in "${softhsm2_conf_paths[@]}" 392s + IFS=: 392s + read -r -a path 392s + path=/etc/softhsm/softhsm2.conf 392s + backup_file /etc/softhsm/softhsm2.conf 392s + '[' -z /tmp/sssd-softhsm2-backups-QpqUjX ']' 392s + '[' -e /etc/softhsm/softhsm2.conf ']' 392s ++ dirname /etc/softhsm/softhsm2.conf 392s + local back_dir=/tmp/sssd-softhsm2-backups-QpqUjX//etc/softhsm 392s ++ basename /etc/softhsm/softhsm2.conf 392s + local back_path=/tmp/sssd-softhsm2-backups-QpqUjX//etc/softhsm/softhsm2.conf 392s + '[' '!' -e /tmp/sssd-softhsm2-backups-QpqUjX//etc/softhsm/softhsm2.conf ']' 392s + mkdir -p /tmp/sssd-softhsm2-backups-QpqUjX//etc/softhsm 392s + cp -a /etc/softhsm/softhsm2.conf /tmp/sssd-softhsm2-backups-QpqUjX//etc/softhsm/softhsm2.conf 392s + restore_paths+=("$back_path") 392s + rm -f /etc/softhsm/softhsm2.conf 392s + test_authentication login /tmp/sssd-softhsm2-certs-1H30lq/softhsm2-test-root-CA-trusted-certificate-0001.conf /tmp/sssd-softhsm2-certs-1H30lq/test-full-chain-CA.pem 392s + pam_service=login 392s + certificate_config=/tmp/sssd-softhsm2-certs-1H30lq/softhsm2-test-root-CA-trusted-certificate-0001.conf 392s + ca_db=/tmp/sssd-softhsm2-certs-1H30lq/test-full-chain-CA.pem 392s + verification_options= 392s + mkdir -p -m 700 /etc/sssd 392s + echo 'Using CA DB '\''/tmp/sssd-softhsm2-certs-1H30lq/test-full-chain-CA.pem'\'' with verification options: '\'''\''' 392s + cat 392s Using CA DB '/tmp/sssd-softhsm2-certs-1H30lq/test-full-chain-CA.pem' with verification options: '' 392s + chmod 600 /etc/sssd/sssd.conf 392s + for path_pair in "${softhsm2_conf_paths[@]}" 392s + IFS=: 392s + read -r -a path 392s + user=ubuntu 392s + path=/home/ubuntu/.config/softhsm2/softhsm2.conf 392s ++ dirname /home/ubuntu/.config/softhsm2/softhsm2.conf 392s + runuser -u ubuntu -- mkdir -p /home/ubuntu/.config/softhsm2 392s + runuser -u ubuntu -- ln -sf /tmp/sssd-softhsm2-certs-1H30lq/softhsm2-test-root-CA-trusted-certificate-0001.conf /home/ubuntu/.config/softhsm2/softhsm2.conf 392s + runuser -u ubuntu -- softhsm2-util --show-slots 392s + grep 'Test Organization' 392s Label: Test Organization Root Tr Token 392s + for path_pair in "${softhsm2_conf_paths[@]}" 392s + IFS=: 392s + read -r -a path 392s + user=root 392s + path=/etc/softhsm/softhsm2.conf 392s ++ dirname /etc/softhsm/softhsm2.conf 392s + runuser -u root -- mkdir -p /etc/softhsm 392s + runuser -u root -- ln -sf /tmp/sssd-softhsm2-certs-1H30lq/softhsm2-test-root-CA-trusted-certificate-0001.conf /etc/softhsm/softhsm2.conf 392s + runuser -u root -- softhsm2-util --show-slots 392s + grep 'Test Organization' 392s Label: Test Organization Root Tr Token 392s + systemctl restart sssd 392s + pam-auth-update --disable sss-smart-card-optional sss-smart-card-required 393s + for alternative in "${alternative_pam_configs[@]}" 393s + pam-auth-update --enable sss-smart-card-optional 393s + cat /etc/pam.d/common-auth 393s # 393s # /etc/pam.d/common-auth - authentication settings common to all services 393s # 393s # This file is included from other service-specific PAM config files, 393s # and should contain a list of the authentication modules that define 393s # the central authentication scheme for use on the system 393s # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the 393s # traditional Unix authentication mechanisms. 393s # 393s # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. 393s # To take advantage of this, it is recommended that you configure any 393s # local modules either before or after the default block, and use 393s # pam-auth-update to manage selection of other modules. See 393s # pam-auth-update(8) for details. 393s 393s # here are the per-package modules (the "Primary" block) 393s auth [success=3 default=ignore] pam_sss.so allow_missing_name try_cert_auth 393s auth [success=2 default=ignore] pam_unix.so nullok try_first_pass 393s auth [success=1 default=ignore] pam_sss.so use_first_pass 393s # here's the fallback if no module succeeds 393s auth requisite pam_deny.so 393s # prime the stack with a positive return value if there isn't one already; 393s # this avoids us returning an error just because nothing sets a success code 393s # since the modules above will each just jump around 393s auth required pam_permit.so 393s # and here are more per-package modules (the "Additional" block) 393s auth optional pam_cap.so 393s # end of pam-auth-update config 393s + echo -n -e 123456 393s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 393s pamtester: invoking pam_start(login, ubuntu, ...) 393s pamtester: performing operation - authenticate 393s PIN for Test Organization Root Tr Token: pamtester: successfully authenticated 393s + echo -n -e 123456 393s + runuser -u ubuntu -- pamtester -v login '' authenticate 393s pamtester: invoking pam_start(login, , ...) 393s pamtester: performing operation - authenticate 393s PIN for Test Organization Root Tr Token: pamtester: successfully authenticated 393s + echo -n -e wrong123456 393s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 393s pamtester: invoking pam_start(login, ubuntu, ...) 393s pamtester: performing operation - authenticate 396s PIN for Test Organization Root Tr Token: Password: pamtester: Authentication failure 396s + echo -n -e wrong123456 396s + runuser -u ubuntu -- pamtester -v login '' authenticate 396s pamtester: invoking pam_start(login, , ...) 396s pamtester: performing operation - authenticate 399s PIN for Test Organization Root Tr Token: Password: pamtester: Authentication failure 399s + echo -n -e 123456 399s + pamtester -v login root authenticate 399s pamtester: invoking pam_start(login, root, ...) 399s pamtester: performing operation - authenticate 403s Password: pamtester: Authentication failure 403s + for alternative in "${alternative_pam_configs[@]}" 403s + pam-auth-update --enable sss-smart-card-required 403s PAM configuration 403s ----------------- 403s 403s Incompatible PAM profiles selected. 403s 403s The following PAM profiles cannot be used together: 403s 403s SSS required smart card authentication, SSS optional smart card 403s authentication 403s 403s Please select a different set of modules to enable. 403s 403s + cat /etc/pam.d/common-auth 403s # 403s # /etc/pam.d/common-auth - authentication settings common to all services 403s # 403s # This file is included from other service-specific PAM config files, 403s # and should contain a list of the authentication modules that define 403s # the central authentication scheme for use on the system 403s # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the 403s # traditional Unix authentication mechanisms. 403s # 403s # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. 403s # To take advantage of this, it is recommended that you configure any 403s # local modules either before or after the default block, and use 403s # pam-auth-update to manage selection of other modules. See 403s # pam-auth-update(8) for details. 403s 403s # here are the per-package modules (the "Primary" block) 403s auth [success=3 ignore=ignore default=die] pam_sss.so allow_missing_name require_cert_auth 403s auth [success=2 default=ignore] pam_unix.so nullok try_first_pass 403s auth [success=1 default=ignore] pam_sss.so use_first_pass 403s # here's the fallback if no module succeeds 403s auth requisite pam_deny.so 403s # prime the stack with a positive return value if there isn't one already; 403s # this avoids us returning an error just because nothing sets a success code 403s # since the modules above will each just jump around 403s auth required pam_permit.so 403s # and here are more per-package modules (the "Additional" block) 403s auth optional pam_cap.so 403s # end of pam-auth-update config 403s + echo -n -e 123456 403s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 403s pamtester: invoking pam_start(login, ubuntu, ...) 403s pamtester: performing operation - authenticate 403s PIN for Test Organization Root Tr Token: pamtester: successfully authenticated 403s + echo -n -e 123456 403s + runuser -u ubuntu -- pamtester -v login '' authenticate 403s pamtester: invoking pam_start(login, , ...) 403s pamtester: performing operation - authenticate 403s PIN for Test Organization Root Tr Token: pamtester: successfully authenticated 403s + echo -n -e wrong123456 403s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 403s pamtester: invoking pam_start(login, ubuntu, ...) 403s pamtester: performing operation - authenticate 405s PIN for Test Organization Root Tr Token: pamtester: Authentication failure 405s + echo -n -e wrong123456 405s + runuser -u ubuntu -- pamtester -v login '' authenticate 405s pamtester: invoking pam_start(login, , ...) 405s pamtester: performing operation - authenticate 408s PIN for Test Organization Root Tr Token: pamtester: Authentication failure 408s + echo -n -e 123456 408s + pamtester -v login root authenticate 408s pamtester: invoking pam_start(login, root, ...) 408s pamtester: performing operation - authenticate 412s pamtester: Authentication service cannot retrieve authentication info 412s + test_authentication login /tmp/sssd-softhsm2-certs-1H30lq/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf /tmp/sssd-softhsm2-certs-1H30lq/test-full-chain-CA.pem 412s + pam_service=login 412s + certificate_config=/tmp/sssd-softhsm2-certs-1H30lq/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 412s + ca_db=/tmp/sssd-softhsm2-certs-1H30lq/test-full-chain-CA.pem 412s + verification_options= 412s + mkdir -p -m 700 /etc/sssd 412s + echo 'Using CA DB '\''/tmp/sssd-softhsm2-certs-1H30lq/test-full-chain-CA.pem'\'' with verification options: '\'''\''' 412s + cat 412s + chmod 600 /etc/sssd/sssd.conf 412s Using CA DB '/tmp/sssd-softhsm2-certs-1H30lq/test-full-chain-CA.pem' with verification options: '' 412s + for path_pair in "${softhsm2_conf_paths[@]}" 412s + IFS=: 412s + read -r -a path 412s + user=ubuntu 412s + path=/home/ubuntu/.config/softhsm2/softhsm2.conf 412s ++ dirname /home/ubuntu/.config/softhsm2/softhsm2.conf 412s + runuser -u ubuntu -- mkdir -p /home/ubuntu/.config/softhsm2 412s + runuser -u ubuntu -- ln -sf /tmp/sssd-softhsm2-certs-1H30lq/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf /home/ubuntu/.config/softhsm2/softhsm2.conf 412s + runuser -u ubuntu -- softhsm2-util --show-slots 412s + grep 'Test Organization' 412s + for path_pair in "${softhsm2_conf_paths[@]}" 412s + IFS=: 412s + read -r -a path 412s + user=root 412s + path=/etc/softhsm/softhsm2.conf 412s ++ dirname /etc/softhsm/softhsm2.conf 412s + runuser -u root -- mkdir -p /etc/softhsm 412s + runuser -u root -- ln -sf /tmp/sssd-softhsm2-certs-1H30lq/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf /etc/softhsm/softhsm2.conf 412s + runuser -u root -- softhsm2-util --show-slots 412s + grep 'Test Organization' 412s + systemctl restart sssd 412s Label: Test Organization Sub Int Token 412s Label: Test Organization Sub Int Token 412s + pam-auth-update --disable sss-smart-card-optional sss-smart-card-required 412s + for alternative in "${alternative_pam_configs[@]}" 412s + pam-auth-update --enable sss-smart-card-optional 412s + cat /etc/pam.d/common-auth 412s # 412s # /etc/pam.d/common-auth - authentication settings common to all services 412s # 412s # This file is included from other service-specific PAM config files, 412s # and should contain a list of the authentication modules that define 412s # the central authentication scheme for use on the system 412s # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the 412s # traditional Unix authentication mechanisms. 412s # 412s # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. 412s # To take advantage of this, it is recommended that you configure any 412s # local modules either before or after the default block, and use 412s # pam-auth-update to manage selection of other modules. See 412s # pam-auth-update(8) for details. 412s 412s # here are the per-package modules (the "Primary" block) 412s auth [success=3 default=ignore] pam_sss.so allow_missing_name try_cert_auth 412s auth [success=2 default=ignore] pam_unix.so nullok try_first_pass 412s auth [success=1 default=ignore] pam_sss.so use_first_pass 412s # here's the fallback if no module succeeds 412s auth requisite pam_deny.so 412s # prime the stack with a positive return value if there isn't one already; 412s # this avoids us returning an error just because nothing sets a success code 412s # since the modules above will each just jump around 412s auth required pam_permit.so 412s # and here are more per-package modules (the "Additional" block) 412s auth optional pam_cap.so 412s # end of pam-auth-update config 412s + echo -n -e 123456 412s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 413s pamtester: invoking pam_start(login, ubuntu, ...) 413s pamtester: performing operation - authenticate 413s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 413s + echo -n -e 123456 413s + runuser -u ubuntu -- pamtester -v login '' authenticate 413s pamtester: invoking pam_start(login, , ...) 413s pamtester: performing operation - authenticate 413s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 413s + echo -n -e wrong123456 413s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 413s pamtester: invoking pam_start(login, ubuntu, ...) 413s pamtester: performing operation - authenticate 417s PIN for Test Organization Sub Int Token: Password: pamtester: Authentication failure 417s + echo -n -e wrong123456 417s + runuser -u ubuntu -- pamtester -v login '' authenticate 417s pamtester: invoking pam_start(login, , ...) 417s pamtester: performing operation - authenticate 420s PIN for Test Organization Sub Int Token: Password: pamtester: Authentication failure 420s + echo -n -e 123456 420s + pamtester -v login root authenticate 420s pamtester: invoking pam_start(login, root, ...) 420s pamtester: performing operation - authenticate 423s Password: pamtester: Authentication failure 423s + for alternative in "${alternative_pam_configs[@]}" 423s + pam-auth-update --enable sss-smart-card-required 423s PAM configuration 423s ----------------- 423s 423s Incompatible PAM profiles selected. 423s 423s The following PAM profiles cannot be used together: 423s 423s SSS required smart card authentication, SSS optional smart card 423s authentication 423s 423s Please select a different set of modules to enable. 423s 423s + cat /etc/pam.d/common-auth 423s # 423s # /etc/pam.d/common-auth - authentication settings common to all services 423s # 423s # This file is included from other service-specific PAM config files, 423s # and should contain a list of the authentication modules that define 423s # the central authentication scheme for use on the system 423s # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the 423s # traditional Unix authentication mechanisms. 423s # 423s # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. 423s # To take advantage of this, it is recommended that you configure any 423s # local modules either before or after the default block, and use 423s # pam-auth-update to manage selection of other modules. See 423s # pam-auth-update(8) for details. 423s 423s # here are the per-package modules (the "Primary" block) 423s auth [success=3 ignore=ignore default=die] pam_sss.so allow_missing_name require_cert_auth 423s auth [success=2 default=ignore] pam_unix.so nullok try_first_pass 423s auth [success=1 default=ignore] pam_sss.so use_first_pass 423s # here's the fallback if no module succeeds 423s auth requisite pam_deny.so 423s # prime the stack with a positive return value if there isn't one already; 423s # this avoids us returning an error just because nothing sets a success code 423s # since the modules above will each just jump around 423s auth required pam_permit.so 423s # and here are more per-package modules (the "Additional" block) 423s auth optional pam_cap.so 423s # end of pam-auth-update config 423s + echo -n -e 123456 423s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 423s pamtester: invoking pam_start(login, ubuntu, ...) 423s pamtester: performing operation - authenticate 423s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 423s + echo -n -e 123456 423s + runuser -u ubuntu -- pamtester -v login '' authenticate 423s pamtester: invoking pam_start(login, , ...) 423s pamtester: performing operation - authenticate 423s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 423s + echo -n -e wrong123456 423s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 423s pamtester: invoking pam_start(login, ubuntu, ...) 423s pamtester: performing operation - authenticate 427s PIN for Test Organization Sub Int Token: pamtester: Authentication failure 427s + echo -n -e wrong123456 427s + runuser -u ubuntu -- pamtester -v login '' authenticate 427s pamtester: invoking pam_start(login, , ...) 427s pamtester: performing operation - authenticate 430s PIN for Test Organization Sub Int Token: pamtester: Authentication failure 430s + echo -n -e 123456 430s + pamtester -v login root authenticate 430s pamtester: invoking pam_start(login, root, ...) 430s pamtester: performing operation - authenticate 433s pamtester: Authentication service cannot retrieve authentication info 433s + test_authentication login /tmp/sssd-softhsm2-certs-1H30lq/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf /tmp/sssd-softhsm2-certs-1H30lq/test-sub-intermediate-CA.pem partial_chain 433s + pam_service=login 433s + certificate_config=/tmp/sssd-softhsm2-certs-1H30lq/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 433s + ca_db=/tmp/sssd-softhsm2-certs-1H30lq/test-sub-intermediate-CA.pem 433s + verification_options=partial_chain 433s + mkdir -p -m 700 /etc/sssd 433s Using CA DB '/tmp/sssd-softhsm2-certs-1H30lq/test-sub-intermediate-CA.pem' with verification options: 'partial_chain' 433s + echo 'Using CA DB '\''/tmp/sssd-softhsm2-certs-1H30lq/test-sub-intermediate-CA.pem'\'' with verification options: '\''partial_chain'\''' 433s + cat 433s Label: Test Organization Sub Int Token 433s Label: Test Organization Sub Int Token 433s + chmod 600 /etc/sssd/sssd.conf 433s + for path_pair in "${softhsm2_conf_paths[@]}" 433s + IFS=: 433s + read -r -a path 433s + user=ubuntu 433s + path=/home/ubuntu/.config/softhsm2/softhsm2.conf 433s ++ dirname /home/ubuntu/.config/softhsm2/softhsm2.conf 433s + runuser -u ubuntu -- mkdir -p /home/ubuntu/.config/softhsm2 433s + runuser -u ubuntu -- ln -sf /tmp/sssd-softhsm2-certs-1H30lq/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf /home/ubuntu/.config/softhsm2/softhsm2.conf 433s + runuser -u ubuntu -- softhsm2-util --show-slots 433s + grep 'Test Organization' 433s + for path_pair in "${softhsm2_conf_paths[@]}" 433s + IFS=: 433s + read -r -a path 433s + user=root 433s + path=/etc/softhsm/softhsm2.conf 433s ++ dirname /etc/softhsm/softhsm2.conf 433s + runuser -u root -- mkdir -p /etc/softhsm 433s + runuser -u root -- ln -sf /tmp/sssd-softhsm2-certs-1H30lq/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf /etc/softhsm/softhsm2.conf 433s + runuser -u root -- softhsm2-util --show-slots 433s + grep 'Test Organization' 433s + systemctl restart sssd 434s + pam-auth-update --disable sss-smart-card-optional sss-smart-card-required 434s + for alternative in "${alternative_pam_configs[@]}" 434s + pam-auth-update --enable sss-smart-card-optional 434s + cat /etc/pam.d/common-auth 434s # 434s # /etc/pam.d/common-auth - authentication settings common to all services 434s # 434s # This file is included from other service-specific PAM config files, 434s # and should contain a list of the authentication modules that define 434s # the central authentication scheme for use on the system 434s # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the 434s # traditional Unix authentication mechanisms. 434s # 434s # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. 434s # To take advantage of this, it is recommended that you configure any 434s # local modules either before or after the default block, and use 434s # pam-auth-update to manage selection of other modules. See 434s # pam-auth-update(8) for details. 434s 434s # here are the per-package modules (the "Primary" block) 434s auth [success=3 default=ignore] pam_sss.so allow_missing_name try_cert_auth 434s auth [success=2 default=ignore] pam_unix.so nullok try_first_pass 434s auth [success=1 default=ignore] pam_sss.so use_first_pass 434s # here's the fallback if no module succeeds 434s auth requisite pam_deny.so 434s # prime the stack with a positive return value if there isn't one already; 434s # this avoids us returning an error just because nothing sets a success code 434s # since the modules above will each just jump around 434s auth required pam_permit.so 434s # and here are more per-package modules (the "Additional" block) 434s auth optional pam_cap.so 434s # end of pam-auth-update config 434s + echo -n -e 123456 434s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 434s pamtester: invoking pam_start(login, ubuntu, ...) 434s pamtester: performing operation - authenticate 434s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 434s + echo -n -e 123456 434s + runuser -u ubuntu -- pamtester -v login '' authenticate 434s pamtester: invoking pam_start(login, , ...) 434s pamtester: performing operation - authenticate 434s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 434s + echo -n -e wrong123456 434s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 434s pamtester: invoking pam_start(login, ubuntu, ...) 434s pamtester: performing operation - authenticate 437s PIN for Test Organization Sub Int Token: Password: pamtester: Authentication failure 437s + echo -n -e wrong123456 437s + runuser -u ubuntu -- pamtester -v login '' authenticate 437s pamtester: invoking pam_start(login, , ...) 437s pamtester: performing operation - authenticate 441s PIN for Test Organization Sub Int Token: Password: pamtester: Authentication failure 441s + echo -n -e 123456 441s + pamtester -v login root authenticate 441s pamtester: invoking pam_start(login, root, ...) 441s pamtester: performing operation - authenticate 443s Password: pamtester: Authentication failure 443s + for alternative in "${alternative_pam_configs[@]}" 443s + pam-auth-update --enable sss-smart-card-required 443s PAM configuration 443s ----------------- 443s 443s Incompatible PAM profiles selected. 443s 443s The following PAM profiles cannot be used together: 443s 443s SSS required smart card authentication, SSS optional smart card 443s authentication 443s 443s Please select a different set of modules to enable. 443s 443s + cat /etc/pam.d/common-auth 443s # 443s # /etc/pam.d/common-auth - authentication settings common to all services 443s # 443s # This file is included from other service-specific PAM config files, 443s # and should contain a list of the authentication modules that define 443s # the central authentication scheme for use on the system 443s # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the 443s # traditional Unix authentication mechanisms. 443s # 443s # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. 443s # To take advantage of this, it is recommended that you configure any 443s # local modules either before or after the default block, and use 443s # pam-auth-update to manage selection of other modules. See 443s # pam-auth-update(8) for details. 443s 443s # here are the per-package modules (the "Primary" block) 443s auth [success=3 ignore=ignore default=die] pam_sss.so allow_missing_name require_cert_auth 443s auth [success=2 default=ignore] pam_unix.so nullok try_first_pass 443s auth [success=1 default=ignore] pam_sss.so use_first_pass 443s # here's the fallback if no module succeeds 443s auth requisite pam_deny.so 443s # prime the stack with a positive return value if there isn't one already; 443s # this avoids us returning an error just because nothing sets a success code 443s # since the modules above will each just jump around 443s auth required pam_permit.so 443s # and here are more per-package modules (the "Additional" block) 443s auth optional pam_cap.so 443s # end of pam-auth-update config 443s + echo -n -e 123456 443s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 443s pamtester: invoking pam_start(login, ubuntu, ...) 443s pamtester: performing operation - authenticate 444s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 444s + echo -n -e 123456 444s + runuser -u ubuntu -- pamtester -v login '' authenticate 444s pamtester: invoking pam_start(login, , ...) 444s pamtester: performing operation - authenticate 444s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 444s + echo -n -e wrong123456 444s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 444s pamtester: invoking pam_start(login, ubuntu, ...) 444s pamtester: performing operation - authenticate 447s PIN for Test Organization Sub Int Token: pamtester: Authentication failure 447s + echo -n -e wrong123456 447s + runuser -u ubuntu -- pamtester -v login '' authenticate 447s pamtester: invoking pam_start(login, , ...) 447s pamtester: performing operation - authenticate 450s PIN for Test Organization Sub Int Token: pamtester: Authentication failure 450s + echo -n -e 123456 450s + pamtester -v login root authenticate 450s pamtester: invoking pam_start(login, root, ...) 450s pamtester: performing operation - authenticate 452s pamtester: Authentication service cannot retrieve authentication info 452s + handle_exit 452s + exit_code=0 452s + restore_changes 452s + for path in "${restore_paths[@]}" 452s + local original_path 452s ++ realpath --strip --relative-base=/tmp/sssd-softhsm2-backups-QpqUjX /tmp/sssd-softhsm2-backups-QpqUjX//etc/softhsm/softhsm2.conf 452s + original_path=/etc/softhsm/softhsm2.conf 452s + rm /etc/softhsm/softhsm2.conf 452s + mv /tmp/sssd-softhsm2-backups-QpqUjX//etc/softhsm/softhsm2.conf /etc/softhsm/softhsm2.conf 452s + for path in "${delete_paths[@]}" 452s + rm -f /etc/sssd/sssd.conf 452s + for path in "${delete_paths[@]}" 452s + rm -f /home/ubuntu/.config/softhsm2/softhsm2.conf 452s + pam-auth-update --disable sss-smart-card-optional sss-smart-card-required 452s + '[' -e /etc/sssd/sssd.conf ']' 452s + systemctl stop sssd 452s + '[' -e /etc/softhsm/softhsm2.conf ']' 452s + chmod 600 /etc/softhsm/softhsm2.conf 452s + rm -rf /tmp/sssd-softhsm2-certs-1H30lq 452s + '[' 0 = 0 ']' 452s + rm -rf /tmp/sssd-softhsm2-backups-QpqUjX 452s + set +x 452s Script completed successfully! 453s autopkgtest [17:58:22]: test sssd-smart-card-pam-auth-configs: -----------------------] 453s autopkgtest [17:58:22]: test sssd-smart-card-pam-auth-configs: - - - - - - - - - - results - - - - - - - - - - 453s sssd-smart-card-pam-auth-configs PASS 454s autopkgtest [17:58:23]: @@@@@@@@@@@@@@@@@@@@ summary 454s ldap-user-group-ldap-auth PASS 454s ldap-user-group-krb5-auth PASS 454s sssd-softhism2-certificates-tests.sh PASS 454s sssd-smart-card-pam-auth-configs PASS 458s Creating nova instance adt-noble-arm64-sssd-20240321-172258-juju-7f2275-prod-proposed-migration-environment-2 from image adt/ubuntu-noble-arm64-server-20240321.img (UUID 28ecccfc-4cb0-4cc6-a280-209e2d140e10)... 458s Creating nova instance adt-noble-arm64-sssd-20240321-172258-juju-7f2275-prod-proposed-migration-environment-2 from image adt/ubuntu-noble-arm64-server-20240321.img (UUID 28ecccfc-4cb0-4cc6-a280-209e2d140e10)...