0s autopkgtest [10:54:18]: starting date and time: 2024-03-25 10:54:18+0000 0s autopkgtest [10:54:18]: git checkout: 4a1cd702 l/adt_testbed: don't blame the testbed for unsolvable build deps 0s autopkgtest [10:54:18]: host juju-7f2275-prod-proposed-migration-environment-2; command line: /home/ubuntu/autopkgtest/runner/autopkgtest --output-dir /tmp/autopkgtest-work.mqsxdl_r/out --timeout-copy=6000 --setup-commands /home/ubuntu/autopkgtest-cloud/worker-config-production/setup-canonical.sh --setup-commands /home/ubuntu/autopkgtest/setup-commands/setup-testbed --apt-pocket=proposed=src:curl,src:gnutls28,src:libpsl,src:nettle,src:openssl,src:orthanc-python --apt-upgrade sssd --timeout-short=300 --timeout-copy=20000 --timeout-build=20000 '--env=ADT_TEST_TRIGGERS=curl/8.5.0-2ubuntu8 gnutls28/3.8.3-1.1ubuntu2 libpsl/0.21.2-1.1 nettle/3.9.1-2.2 openssl/3.0.13-0ubuntu2 orthanc-python/4.1+ds-2build3' -- ssh -s /home/ubuntu/autopkgtest/ssh-setup/nova -- --flavor autopkgtest --security-groups autopkgtest-juju-7f2275-prod-proposed-migration-environment-2@bos02-arm64-29.secgroup --name adt-noble-arm64-sssd-20240325-105418-juju-7f2275-prod-proposed-migration-environment-2 --image adt/ubuntu-noble-arm64-server --keyname testbed-juju-7f2275-prod-proposed-migration-environment-2 --net-id=net_prod-proposed-migration -e TERM=linux -e ''"'"'http_proxy=http://squid.internal:3128'"'"'' -e ''"'"'https_proxy=http://squid.internal:3128'"'"'' -e ''"'"'no_proxy=127.0.0.1,127.0.1.1,login.ubuntu.com,localhost,localdomain,novalocal,internal,archive.ubuntu.com,ports.ubuntu.com,security.ubuntu.com,ddebs.ubuntu.com,changelogs.ubuntu.com,launchpadlibrarian.net,launchpadcontent.net,launchpad.net,10.24.0.0/24,keystone.ps5.canonical.com,objectstorage.prodstack5.canonical.com'"'"'' --mirror=http://ftpmaster.internal/ubuntu/ 142s autopkgtest [10:56:40]: testbed dpkg architecture: arm64 142s autopkgtest [10:56:40]: testbed apt version: 2.7.12 142s autopkgtest [10:56:40]: @@@@@@@@@@@@@@@@@@@@ test bed setup 144s Get:1 http://ftpmaster.internal/ubuntu noble-proposed InRelease [117 kB] 145s Get:2 http://ftpmaster.internal/ubuntu noble-proposed/main Sources [496 kB] 146s Get:3 http://ftpmaster.internal/ubuntu noble-proposed/universe Sources [3987 kB] 148s Get:4 http://ftpmaster.internal/ubuntu noble-proposed/restricted Sources [6540 B] 148s Get:5 http://ftpmaster.internal/ubuntu noble-proposed/multiverse Sources [56.8 kB] 148s Get:6 http://ftpmaster.internal/ubuntu noble-proposed/main arm64 Packages [708 kB] 148s Get:7 http://ftpmaster.internal/ubuntu noble-proposed/main arm64 c-n-f Metadata [3144 B] 148s Get:8 http://ftpmaster.internal/ubuntu noble-proposed/restricted arm64 Packages [33.7 kB] 148s Get:9 http://ftpmaster.internal/ubuntu noble-proposed/restricted arm64 c-n-f Metadata [116 B] 148s Get:10 http://ftpmaster.internal/ubuntu noble-proposed/universe arm64 Packages [4364 kB] 149s Get:11 http://ftpmaster.internal/ubuntu noble-proposed/universe arm64 c-n-f Metadata [8528 B] 149s Get:12 http://ftpmaster.internal/ubuntu noble-proposed/multiverse arm64 Packages [71.0 kB] 149s Get:13 http://ftpmaster.internal/ubuntu noble-proposed/multiverse arm64 c-n-f Metadata [116 B] 157s Fetched 9852 kB in 7s (1386 kB/s) 158s Reading package lists... 163s Reading package lists... 164s Building dependency tree... 164s Reading state information... 166s Calculating upgrade... 166s The following packages will be REMOVED: 166s libssl3 166s The following NEW packages will be installed: 166s libssl3t64 166s The following packages have been kept back: 166s curl 166s The following packages will be upgraded: 166s openssl 167s 1 upgraded, 1 newly installed, 1 to remove and 1 not upgraded. 167s Need to get 2777 kB of archives. 167s After this operation, 139 kB of additional disk space will be used. 167s Get:1 http://ftpmaster.internal/ubuntu noble-proposed/main arm64 openssl arm64 3.0.13-0ubuntu2 [985 kB] 167s Get:2 http://ftpmaster.internal/ubuntu noble-proposed/main arm64 libssl3t64 arm64 3.0.13-0ubuntu2 [1793 kB] 169s Fetched 2777 kB in 1s (2873 kB/s) 169s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 75911 files and directories currently installed.) 169s Preparing to unpack .../openssl_3.0.13-0ubuntu2_arm64.deb ... 169s Unpacking openssl (3.0.13-0ubuntu2) over (3.0.10-1ubuntu4) ... 169s dpkg: libssl3:arm64: dependency problems, but removing anyway as you requested: 169s wget depends on libssl3 (>= 3.0.0). 169s u-boot-tools depends on libssl3 (>= 3.0.0). 169s tnftp depends on libssl3 (>= 3.0.0). 169s tcpdump depends on libssl3 (>= 3.0.0). 169s systemd-resolved depends on libssl3 (>= 3.0.0). 169s systemd depends on libssl3 (>= 3.0.0). 169s sudo depends on libssl3 (>= 3.0.0). 169s sbsigntool depends on libssl3 (>= 3.0.0). 169s rsync depends on libssl3 (>= 3.0.0). 169s python3-cryptography depends on libssl3 (>= 3.0.0). 169s openssh-server depends on libssl3 (>= 3.0.10). 169s openssh-client depends on libssl3 (>= 3.0.10). 169s mtd-utils depends on libssl3 (>= 3.0.0). 170s mokutil depends on libssl3 (>= 3.0.0). 170s linux-headers-6.8.0-11-generic depends on libssl3 (>= 3.0.0). 170s libsystemd-shared:arm64 depends on libssl3 (>= 3.0.0). 170s libssh-4:arm64 depends on libssl3 (>= 3.0.0). 170s libsasl2-modules:arm64 depends on libssl3 (>= 3.0.0). 170s libsasl2-2:arm64 depends on libssl3 (>= 3.0.0). 170s libpython3.12-minimal:arm64 depends on libssl3 (>= 3.0.0). 170s libpython3.11-minimal:arm64 depends on libssl3 (>= 3.0.0). 170s libnvme1 depends on libssl3 (>= 3.0.0). 170s libkrb5-3:arm64 depends on libssl3 (>= 3.0.0). 170s libkmod2:arm64 depends on libssl3 (>= 3.0.0). 170s libfido2-1:arm64 depends on libssl3 (>= 3.0.0). 170s libcurl4:arm64 depends on libssl3 (>= 3.0.0). 170s libcryptsetup12:arm64 depends on libssl3 (>= 3.0.0). 170s kmod depends on libssl3 (>= 3.0.0). 170s dhcpcd-base depends on libssl3 (>= 3.0.0). 170s bind9-libs:arm64 depends on libssl3 (>= 3.0.0). 170s 170s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 75911 files and directories currently installed.) 170s Removing libssl3:arm64 (3.0.10-1ubuntu4) ... 170s Selecting previously unselected package libssl3t64:arm64. 170s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 75900 files and directories currently installed.) 170s Preparing to unpack .../libssl3t64_3.0.13-0ubuntu2_arm64.deb ... 170s Unpacking libssl3t64:arm64 (3.0.13-0ubuntu2) ... 170s Setting up libssl3t64:arm64 (3.0.13-0ubuntu2) ... 170s Setting up openssl (3.0.13-0ubuntu2) ... 170s Processing triggers for man-db (2.12.0-3) ... 171s Processing triggers for libc-bin (2.39-0ubuntu6) ... 172s Reading package lists... 173s Building dependency tree... 173s Reading state information... 175s 0 upgraded, 0 newly installed, 0 to remove and 1 not upgraded. 176s sh: Attempting to set up Debian/Ubuntu apt sources automatically 176s sh: Distribution appears to be Ubuntu 180s Reading package lists... 180s Building dependency tree... 180s Reading state information... 181s eatmydata is already the newest version (131-1). 181s 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 181s Reading package lists... 181s Building dependency tree... 181s Reading state information... 183s dbus is already the newest version (1.14.10-4ubuntu1). 183s 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 183s Reading package lists... 184s Building dependency tree... 184s Reading state information... 185s rng-tools-debian is already the newest version (2.4). 185s 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 185s Reading package lists... 186s Building dependency tree... 186s Reading state information... 187s The following packages will be REMOVED: 187s cloud-init* python3-configobj* python3-debconf* 188s 0 upgraded, 0 newly installed, 3 to remove and 0 not upgraded. 188s After this operation, 3256 kB disk space will be freed. 188s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 75913 files and directories currently installed.) 188s Removing cloud-init (24.1.2-0ubuntu1) ... 190s Removing python3-configobj (5.0.8-3) ... 190s Removing python3-debconf (1.5.86) ... 191s Processing triggers for man-db (2.12.0-3) ... 192s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 75524 files and directories currently installed.) 192s Purging configuration files for cloud-init (24.1.2-0ubuntu1) ... 194s dpkg: warning: while removing cloud-init, directory '/etc/cloud/cloud.cfg.d' not empty so not removed 194s Processing triggers for rsyslog (8.2312.0-3ubuntu3) ... 194s invoke-rc.d: policy-rc.d denied execution of try-restart. 195s Reading package lists... 195s Building dependency tree... 195s Reading state information... 196s linux-generic is already the newest version (6.8.0-11.11+1). 196s 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 197s Hit:1 http://ftpmaster.internal/ubuntu noble InRelease 197s Hit:2 http://ftpmaster.internal/ubuntu noble-updates InRelease 197s Hit:3 http://ftpmaster.internal/ubuntu noble-security InRelease 206s Reading package lists... 206s Reading package lists... 206s Building dependency tree... 206s Reading state information... 208s Calculating upgrade... 208s 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 209s Reading package lists... 209s Building dependency tree... 209s Reading state information... 210s 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 211s autopkgtest [10:57:49]: rebooting testbed after setup commands that affected boot 372s autopkgtest-virt-ssh: WARNING: ssh connection failed. Retrying in 3 seconds... 381s autopkgtest [11:00:39]: testbed running kernel: Linux 6.8.0-11-generic #11-Ubuntu SMP PREEMPT_DYNAMIC Wed Feb 14 02:53:31 UTC 2024 385s autopkgtest [11:00:43]: @@@@@@@@@@@@@@@@@@@@ apt-source sssd 412s Get:1 http://ftpmaster.internal/ubuntu noble/main sssd 2.9.4-1ubuntu1 (dsc) [5269 B] 412s Get:2 http://ftpmaster.internal/ubuntu noble/main sssd 2.9.4-1ubuntu1 (tar) [7983 kB] 412s Get:3 http://ftpmaster.internal/ubuntu noble/main sssd 2.9.4-1ubuntu1 (asc) [833 B] 412s Get:4 http://ftpmaster.internal/ubuntu noble/main sssd 2.9.4-1ubuntu1 (diff) [48.4 kB] 413s gpgv: Signature made Mon Feb 26 21:56:54 2024 UTC 413s gpgv: using RSA key E92FD0B36B14F1F4D8E0EB2F106DA1C8C3CBBF14 413s gpgv: Can't check signature: No public key 413s dpkg-source: warning: cannot verify inline signature for ./sssd_2.9.4-1ubuntu1.dsc: no acceptable signature found 415s autopkgtest [11:01:13]: testing package sssd version 2.9.4-1ubuntu1 415s autopkgtest [11:01:13]: build not needed 425s autopkgtest [11:01:23]: test ldap-user-group-ldap-auth: preparing testbed 431s Reading package lists... 432s Building dependency tree... 432s Reading state information... 433s Starting pkgProblemResolver with broken count: 0 433s Starting 2 pkgProblemResolver with broken count: 0 433s Done 434s The following additional packages will be installed: 434s expect ldap-utils libavahi-client3 libavahi-common-data libavahi-common3 434s libbasicobjects0 libc-ares2 libcollection4 libcrack2 libdhash1 434s libevent-2.1-7 libini-config5 libipa-hbac-dev libipa-hbac0 libjose0 libkrad0 434s libldb2 libltdl7 libnfsidmap1 libnss-sss libnss-sudo libodbc2 434s libpam-pwquality libpam-sss libpath-utils1 libpwquality-common libpwquality1 434s libref-array1 libsmbclient libsss-certmap-dev libsss-certmap0 434s libsss-idmap-dev libsss-idmap0 libsss-nss-idmap-dev libsss-nss-idmap0 434s libsss-sudo libtalloc2 libtcl8.6 libtdb1 libtevent0 libverto-libevent1 434s libverto1 libwbclient0 python3-libipa-hbac python3-libsss-nss-idmap 434s python3-sss samba-libs slapd sssd sssd-ad sssd-ad-common sssd-common 434s sssd-dbus sssd-idp sssd-ipa sssd-kcm sssd-krb5 sssd-krb5-common sssd-ldap 434s sssd-passkey sssd-proxy sssd-tools tcl-expect tcl8.6 434s Suggested packages: 434s tk8.6 libsasl2-modules-gssapi-mit | libsasl2-modules-gssapi-heimdal 434s odbc-postgresql tdsodbc adcli libsasl2-modules-ldap tcl-tclreadline 434s Recommended packages: 434s cracklib-runtime libsasl2-modules-gssapi-mit 434s | libsasl2-modules-gssapi-heimdal 434s The following NEW packages will be installed: 434s autopkgtest-satdep expect ldap-utils libavahi-client3 libavahi-common-data 434s libavahi-common3 libbasicobjects0 libc-ares2 libcollection4 libcrack2 434s libdhash1 libevent-2.1-7 libini-config5 libipa-hbac-dev libipa-hbac0 434s libjose0 libkrad0 libldb2 libltdl7 libnfsidmap1 libnss-sss libnss-sudo 434s libodbc2 libpam-pwquality libpam-sss libpath-utils1 libpwquality-common 434s libpwquality1 libref-array1 libsmbclient libsss-certmap-dev libsss-certmap0 434s libsss-idmap-dev libsss-idmap0 libsss-nss-idmap-dev libsss-nss-idmap0 434s libsss-sudo libtalloc2 libtcl8.6 libtdb1 libtevent0 libverto-libevent1 434s libverto1 libwbclient0 python3-libipa-hbac python3-libsss-nss-idmap 434s python3-sss samba-libs slapd sssd sssd-ad sssd-ad-common sssd-common 434s sssd-dbus sssd-idp sssd-ipa sssd-kcm sssd-krb5 sssd-krb5-common sssd-ldap 434s sssd-passkey sssd-proxy sssd-tools tcl-expect tcl8.6 435s 0 upgraded, 65 newly installed, 0 to remove and 0 not upgraded. 435s Need to get 12.6 MB/12.6 MB of archives. 435s After this operation, 59.9 MB of additional disk space will be used. 435s Get:1 /tmp/autopkgtest.JTgXkd/1-autopkgtest-satdep.deb autopkgtest-satdep arm64 0 [864 B] 435s Get:2 http://ftpmaster.internal/ubuntu noble/main arm64 libltdl7 arm64 2.4.7-7 [40.3 kB] 435s Get:3 http://ftpmaster.internal/ubuntu noble/main arm64 libodbc2 arm64 2.3.12-1 [144 kB] 435s Get:4 http://ftpmaster.internal/ubuntu noble/main arm64 slapd arm64 2.6.7+dfsg-1~exp1ubuntu1 [1515 kB] 436s Get:5 http://ftpmaster.internal/ubuntu noble/main arm64 libtcl8.6 arm64 8.6.13+dfsg-2 [980 kB] 437s Get:6 http://ftpmaster.internal/ubuntu noble/main arm64 tcl8.6 arm64 8.6.13+dfsg-2 [14.6 kB] 437s Get:7 http://ftpmaster.internal/ubuntu noble/universe arm64 tcl-expect arm64 5.45.4-2build1 [103 kB] 437s Get:8 http://ftpmaster.internal/ubuntu noble/universe arm64 expect arm64 5.45.4-2build1 [137 kB] 437s Get:9 http://ftpmaster.internal/ubuntu noble/main arm64 ldap-utils arm64 2.6.7+dfsg-1~exp1ubuntu1 [149 kB] 437s Get:10 http://ftpmaster.internal/ubuntu noble/main arm64 libavahi-common-data arm64 0.8-13ubuntu2 [29.5 kB] 437s Get:11 http://ftpmaster.internal/ubuntu noble/main arm64 libavahi-common3 arm64 0.8-13ubuntu2 [23.2 kB] 437s Get:12 http://ftpmaster.internal/ubuntu noble/main arm64 libavahi-client3 arm64 0.8-13ubuntu2 [27.3 kB] 437s Get:13 http://ftpmaster.internal/ubuntu noble/main arm64 libcrack2 arm64 2.9.6-5.1 [28.7 kB] 437s Get:14 http://ftpmaster.internal/ubuntu noble/main arm64 libevent-2.1-7 arm64 2.1.12-stable-9 [138 kB] 437s Get:15 http://ftpmaster.internal/ubuntu noble/universe arm64 libjose0 arm64 11-3 [44.1 kB] 437s Get:16 http://ftpmaster.internal/ubuntu noble/main arm64 libverto-libevent1 arm64 0.3.1-1ubuntu5 [5848 B] 437s Get:17 http://ftpmaster.internal/ubuntu noble/main arm64 libverto1 arm64 0.3.1-1ubuntu5 [10.2 kB] 437s Get:18 http://ftpmaster.internal/ubuntu noble/main arm64 libkrad0 arm64 1.20.1-5build1 [22.1 kB] 437s Get:19 http://ftpmaster.internal/ubuntu noble/main arm64 libtalloc2 arm64 2.4.2-1 [26.6 kB] 437s Get:20 http://ftpmaster.internal/ubuntu noble/main arm64 libtdb1 arm64 1.4.10-1 [48.4 kB] 437s Get:21 http://ftpmaster.internal/ubuntu noble/main arm64 libtevent0 arm64 0.16.1-1 [41.8 kB] 437s Get:22 http://ftpmaster.internal/ubuntu noble/main arm64 libldb2 arm64 2:2.8.0+samba4.19.5+dfsg-1ubuntu1 [187 kB] 437s Get:23 http://ftpmaster.internal/ubuntu noble/main arm64 libnfsidmap1 arm64 1:2.6.3-3ubuntu1 [47.1 kB] 437s Get:24 http://ftpmaster.internal/ubuntu noble/universe arm64 libnss-sudo all 1.9.15p5-3ubuntu1 [14.9 kB] 437s Get:25 http://ftpmaster.internal/ubuntu noble/main arm64 libpwquality-common all 1.4.5-3 [7658 B] 437s Get:26 http://ftpmaster.internal/ubuntu noble/main arm64 libpwquality1 arm64 1.4.5-3 [13.2 kB] 437s Get:27 http://ftpmaster.internal/ubuntu noble/main arm64 libpam-pwquality arm64 1.4.5-3 [11.6 kB] 437s Get:28 http://ftpmaster.internal/ubuntu noble/main arm64 libwbclient0 arm64 2:4.19.5+dfsg-1ubuntu1 [70.6 kB] 437s Get:29 http://ftpmaster.internal/ubuntu noble/main arm64 samba-libs arm64 2:4.19.5+dfsg-1ubuntu1 [6061 kB] 438s Get:30 http://ftpmaster.internal/ubuntu noble/main arm64 libnss-sss arm64 2.9.4-1ubuntu1 [31.7 kB] 438s Get:31 http://ftpmaster.internal/ubuntu noble/main arm64 libpam-sss arm64 2.9.4-1ubuntu1 [48.8 kB] 438s Get:32 http://ftpmaster.internal/ubuntu noble/main arm64 python3-sss arm64 2.9.4-1ubuntu1 [46.5 kB] 438s Get:33 http://ftpmaster.internal/ubuntu noble/main arm64 libc-ares2 arm64 1.27.0-1 [74.1 kB] 438s Get:34 http://ftpmaster.internal/ubuntu noble/main arm64 libdhash1 arm64 0.6.2-2 [8540 B] 438s Get:35 http://ftpmaster.internal/ubuntu noble/main arm64 libbasicobjects0 arm64 0.6.2-2 [5586 B] 438s Get:36 http://ftpmaster.internal/ubuntu noble/main arm64 libcollection4 arm64 0.6.2-2 [23.0 kB] 438s Get:37 http://ftpmaster.internal/ubuntu noble/main arm64 libpath-utils1 arm64 0.6.2-2 [8722 B] 438s Get:38 http://ftpmaster.internal/ubuntu noble/main arm64 libref-array1 arm64 0.6.2-2 [7042 B] 438s Get:39 http://ftpmaster.internal/ubuntu noble/main arm64 libini-config5 arm64 0.6.2-2 [43.7 kB] 438s Get:40 http://ftpmaster.internal/ubuntu noble/main arm64 libsss-certmap0 arm64 2.9.4-1ubuntu1 [45.8 kB] 438s Get:41 http://ftpmaster.internal/ubuntu noble/main arm64 libsss-idmap0 arm64 2.9.4-1ubuntu1 [21.8 kB] 438s Get:42 http://ftpmaster.internal/ubuntu noble/main arm64 libsss-nss-idmap0 arm64 2.9.4-1ubuntu1 [30.3 kB] 438s Get:43 http://ftpmaster.internal/ubuntu noble/main arm64 sssd-common arm64 2.9.4-1ubuntu1 [1147 kB] 438s Get:44 http://ftpmaster.internal/ubuntu noble/universe arm64 sssd-idp arm64 2.9.4-1ubuntu1 [27.9 kB] 438s Get:45 http://ftpmaster.internal/ubuntu noble/universe arm64 sssd-passkey arm64 2.9.4-1ubuntu1 [32.7 kB] 438s Get:46 http://ftpmaster.internal/ubuntu noble/main arm64 sssd-ad-common arm64 2.9.4-1ubuntu1 [75.4 kB] 438s Get:47 http://ftpmaster.internal/ubuntu noble/main arm64 sssd-krb5-common arm64 2.9.4-1ubuntu1 [87.9 kB] 438s Get:48 http://ftpmaster.internal/ubuntu noble/main arm64 libsmbclient arm64 2:4.19.5+dfsg-1ubuntu1 [62.2 kB] 438s Get:49 http://ftpmaster.internal/ubuntu noble/main arm64 sssd-ad arm64 2.9.4-1ubuntu1 [134 kB] 438s Get:50 http://ftpmaster.internal/ubuntu noble/main arm64 libipa-hbac0 arm64 2.9.4-1ubuntu1 [16.7 kB] 438s Get:51 http://ftpmaster.internal/ubuntu noble/main arm64 sssd-ipa arm64 2.9.4-1ubuntu1 [220 kB] 438s Get:52 http://ftpmaster.internal/ubuntu noble/main arm64 sssd-krb5 arm64 2.9.4-1ubuntu1 [14.3 kB] 438s Get:53 http://ftpmaster.internal/ubuntu noble/main arm64 sssd-ldap arm64 2.9.4-1ubuntu1 [31.3 kB] 438s Get:54 http://ftpmaster.internal/ubuntu noble/main arm64 sssd-proxy arm64 2.9.4-1ubuntu1 [44.6 kB] 438s Get:55 http://ftpmaster.internal/ubuntu noble/main arm64 sssd arm64 2.9.4-1ubuntu1 [4120 B] 439s Get:56 http://ftpmaster.internal/ubuntu noble/main arm64 sssd-dbus arm64 2.9.4-1ubuntu1 [103 kB] 439s Get:57 http://ftpmaster.internal/ubuntu noble/universe arm64 sssd-kcm arm64 2.9.4-1ubuntu1 [139 kB] 439s Get:58 http://ftpmaster.internal/ubuntu noble/main arm64 sssd-tools arm64 2.9.4-1ubuntu1 [97.5 kB] 439s Get:59 http://ftpmaster.internal/ubuntu noble/main arm64 libipa-hbac-dev arm64 2.9.4-1ubuntu1 [6660 B] 439s Get:60 http://ftpmaster.internal/ubuntu noble/main arm64 libsss-certmap-dev arm64 2.9.4-1ubuntu1 [5722 B] 439s Get:61 http://ftpmaster.internal/ubuntu noble/main arm64 libsss-idmap-dev arm64 2.9.4-1ubuntu1 [8380 B] 439s Get:62 http://ftpmaster.internal/ubuntu noble/main arm64 libsss-nss-idmap-dev arm64 2.9.4-1ubuntu1 [6714 B] 439s Get:63 http://ftpmaster.internal/ubuntu noble/universe arm64 libsss-sudo arm64 2.9.4-1ubuntu1 [20.4 kB] 439s Get:64 http://ftpmaster.internal/ubuntu noble/universe arm64 python3-libipa-hbac arm64 2.9.4-1ubuntu1 [16.6 kB] 439s Get:65 http://ftpmaster.internal/ubuntu noble/universe arm64 python3-libsss-nss-idmap arm64 2.9.4-1ubuntu1 [9160 B] 440s Preconfiguring packages ... 440s Fetched 12.6 MB in 4s (3040 kB/s) 440s Selecting previously unselected package libltdl7:arm64. 440s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 75469 files and directories currently installed.) 440s Preparing to unpack .../00-libltdl7_2.4.7-7_arm64.deb ... 440s Unpacking libltdl7:arm64 (2.4.7-7) ... 441s Selecting previously unselected package libodbc2:arm64. 441s Preparing to unpack .../01-libodbc2_2.3.12-1_arm64.deb ... 441s Unpacking libodbc2:arm64 (2.3.12-1) ... 441s Selecting previously unselected package slapd. 441s Preparing to unpack .../02-slapd_2.6.7+dfsg-1~exp1ubuntu1_arm64.deb ... 441s Unpacking slapd (2.6.7+dfsg-1~exp1ubuntu1) ... 442s Selecting previously unselected package libtcl8.6:arm64. 442s Preparing to unpack .../03-libtcl8.6_8.6.13+dfsg-2_arm64.deb ... 442s Unpacking libtcl8.6:arm64 (8.6.13+dfsg-2) ... 442s Selecting previously unselected package tcl8.6. 442s Preparing to unpack .../04-tcl8.6_8.6.13+dfsg-2_arm64.deb ... 442s Unpacking tcl8.6 (8.6.13+dfsg-2) ... 442s Selecting previously unselected package tcl-expect:arm64. 442s Preparing to unpack .../05-tcl-expect_5.45.4-2build1_arm64.deb ... 442s Unpacking tcl-expect:arm64 (5.45.4-2build1) ... 442s Selecting previously unselected package expect. 442s Preparing to unpack .../06-expect_5.45.4-2build1_arm64.deb ... 442s Unpacking expect (5.45.4-2build1) ... 442s Selecting previously unselected package ldap-utils. 442s Preparing to unpack .../07-ldap-utils_2.6.7+dfsg-1~exp1ubuntu1_arm64.deb ... 442s Unpacking ldap-utils (2.6.7+dfsg-1~exp1ubuntu1) ... 442s Selecting previously unselected package libavahi-common-data:arm64. 442s Preparing to unpack .../08-libavahi-common-data_0.8-13ubuntu2_arm64.deb ... 442s Unpacking libavahi-common-data:arm64 (0.8-13ubuntu2) ... 442s Selecting previously unselected package libavahi-common3:arm64. 442s Preparing to unpack .../09-libavahi-common3_0.8-13ubuntu2_arm64.deb ... 442s Unpacking libavahi-common3:arm64 (0.8-13ubuntu2) ... 442s Selecting previously unselected package libavahi-client3:arm64. 442s Preparing to unpack .../10-libavahi-client3_0.8-13ubuntu2_arm64.deb ... 442s Unpacking libavahi-client3:arm64 (0.8-13ubuntu2) ... 443s Selecting previously unselected package libcrack2:arm64. 443s Preparing to unpack .../11-libcrack2_2.9.6-5.1_arm64.deb ... 443s Unpacking libcrack2:arm64 (2.9.6-5.1) ... 443s Selecting previously unselected package libevent-2.1-7:arm64. 443s Preparing to unpack .../12-libevent-2.1-7_2.1.12-stable-9_arm64.deb ... 443s Unpacking libevent-2.1-7:arm64 (2.1.12-stable-9) ... 443s Selecting previously unselected package libjose0:arm64. 443s Preparing to unpack .../13-libjose0_11-3_arm64.deb ... 443s Unpacking libjose0:arm64 (11-3) ... 443s Selecting previously unselected package libverto-libevent1:arm64. 443s Preparing to unpack .../14-libverto-libevent1_0.3.1-1ubuntu5_arm64.deb ... 443s Unpacking libverto-libevent1:arm64 (0.3.1-1ubuntu5) ... 443s Selecting previously unselected package libverto1:arm64. 443s Preparing to unpack .../15-libverto1_0.3.1-1ubuntu5_arm64.deb ... 443s Unpacking libverto1:arm64 (0.3.1-1ubuntu5) ... 443s Selecting previously unselected package libkrad0:arm64. 443s Preparing to unpack .../16-libkrad0_1.20.1-5build1_arm64.deb ... 443s Unpacking libkrad0:arm64 (1.20.1-5build1) ... 443s Selecting previously unselected package libtalloc2:arm64. 443s Preparing to unpack .../17-libtalloc2_2.4.2-1_arm64.deb ... 443s Unpacking libtalloc2:arm64 (2.4.2-1) ... 443s Selecting previously unselected package libtdb1:arm64. 443s Preparing to unpack .../18-libtdb1_1.4.10-1_arm64.deb ... 443s Unpacking libtdb1:arm64 (1.4.10-1) ... 443s Selecting previously unselected package libtevent0:arm64. 443s Preparing to unpack .../19-libtevent0_0.16.1-1_arm64.deb ... 443s Unpacking libtevent0:arm64 (0.16.1-1) ... 443s Selecting previously unselected package libldb2:arm64. 443s Preparing to unpack .../20-libldb2_2%3a2.8.0+samba4.19.5+dfsg-1ubuntu1_arm64.deb ... 443s Unpacking libldb2:arm64 (2:2.8.0+samba4.19.5+dfsg-1ubuntu1) ... 443s Selecting previously unselected package libnfsidmap1:arm64. 443s Preparing to unpack .../21-libnfsidmap1_1%3a2.6.3-3ubuntu1_arm64.deb ... 443s Unpacking libnfsidmap1:arm64 (1:2.6.3-3ubuntu1) ... 444s Selecting previously unselected package libnss-sudo. 444s Preparing to unpack .../22-libnss-sudo_1.9.15p5-3ubuntu1_all.deb ... 444s Unpacking libnss-sudo (1.9.15p5-3ubuntu1) ... 444s Selecting previously unselected package libpwquality-common. 444s Preparing to unpack .../23-libpwquality-common_1.4.5-3_all.deb ... 444s Unpacking libpwquality-common (1.4.5-3) ... 444s Selecting previously unselected package libpwquality1:arm64. 444s Preparing to unpack .../24-libpwquality1_1.4.5-3_arm64.deb ... 444s Unpacking libpwquality1:arm64 (1.4.5-3) ... 444s Selecting previously unselected package libpam-pwquality:arm64. 444s Preparing to unpack .../25-libpam-pwquality_1.4.5-3_arm64.deb ... 444s Unpacking libpam-pwquality:arm64 (1.4.5-3) ... 444s Selecting previously unselected package libwbclient0:arm64. 444s Preparing to unpack .../26-libwbclient0_2%3a4.19.5+dfsg-1ubuntu1_arm64.deb ... 444s Unpacking libwbclient0:arm64 (2:4.19.5+dfsg-1ubuntu1) ... 444s Selecting previously unselected package samba-libs:arm64. 444s Preparing to unpack .../27-samba-libs_2%3a4.19.5+dfsg-1ubuntu1_arm64.deb ... 444s Unpacking samba-libs:arm64 (2:4.19.5+dfsg-1ubuntu1) ... 445s Selecting previously unselected package libnss-sss:arm64. 445s Preparing to unpack .../28-libnss-sss_2.9.4-1ubuntu1_arm64.deb ... 445s Unpacking libnss-sss:arm64 (2.9.4-1ubuntu1) ... 445s Selecting previously unselected package libpam-sss:arm64. 445s Preparing to unpack .../29-libpam-sss_2.9.4-1ubuntu1_arm64.deb ... 445s Unpacking libpam-sss:arm64 (2.9.4-1ubuntu1) ... 445s Selecting previously unselected package python3-sss. 445s Preparing to unpack .../30-python3-sss_2.9.4-1ubuntu1_arm64.deb ... 445s Unpacking python3-sss (2.9.4-1ubuntu1) ... 445s Selecting previously unselected package libc-ares2:arm64. 445s Preparing to unpack .../31-libc-ares2_1.27.0-1_arm64.deb ... 445s Unpacking libc-ares2:arm64 (1.27.0-1) ... 445s Selecting previously unselected package libdhash1:arm64. 445s Preparing to unpack .../32-libdhash1_0.6.2-2_arm64.deb ... 445s Unpacking libdhash1:arm64 (0.6.2-2) ... 445s Selecting previously unselected package libbasicobjects0:arm64. 445s Preparing to unpack .../33-libbasicobjects0_0.6.2-2_arm64.deb ... 445s Unpacking libbasicobjects0:arm64 (0.6.2-2) ... 445s Selecting previously unselected package libcollection4:arm64. 445s Preparing to unpack .../34-libcollection4_0.6.2-2_arm64.deb ... 445s Unpacking libcollection4:arm64 (0.6.2-2) ... 445s Selecting previously unselected package libpath-utils1:arm64. 445s Preparing to unpack .../35-libpath-utils1_0.6.2-2_arm64.deb ... 445s Unpacking libpath-utils1:arm64 (0.6.2-2) ... 446s Selecting previously unselected package libref-array1:arm64. 446s Preparing to unpack .../36-libref-array1_0.6.2-2_arm64.deb ... 446s Unpacking libref-array1:arm64 (0.6.2-2) ... 446s Selecting previously unselected package libini-config5:arm64. 446s Preparing to unpack .../37-libini-config5_0.6.2-2_arm64.deb ... 446s Unpacking libini-config5:arm64 (0.6.2-2) ... 446s Selecting previously unselected package libsss-certmap0. 446s Preparing to unpack .../38-libsss-certmap0_2.9.4-1ubuntu1_arm64.deb ... 446s Unpacking libsss-certmap0 (2.9.4-1ubuntu1) ... 446s Selecting previously unselected package libsss-idmap0. 446s Preparing to unpack .../39-libsss-idmap0_2.9.4-1ubuntu1_arm64.deb ... 446s Unpacking libsss-idmap0 (2.9.4-1ubuntu1) ... 446s Selecting previously unselected package libsss-nss-idmap0. 446s Preparing to unpack .../40-libsss-nss-idmap0_2.9.4-1ubuntu1_arm64.deb ... 446s Unpacking libsss-nss-idmap0 (2.9.4-1ubuntu1) ... 446s Selecting previously unselected package sssd-common. 446s Preparing to unpack .../41-sssd-common_2.9.4-1ubuntu1_arm64.deb ... 446s Unpacking sssd-common (2.9.4-1ubuntu1) ... 447s Selecting previously unselected package sssd-idp. 447s Preparing to unpack .../42-sssd-idp_2.9.4-1ubuntu1_arm64.deb ... 447s Unpacking sssd-idp (2.9.4-1ubuntu1) ... 447s Selecting previously unselected package sssd-passkey. 447s Preparing to unpack .../43-sssd-passkey_2.9.4-1ubuntu1_arm64.deb ... 447s Unpacking sssd-passkey (2.9.4-1ubuntu1) ... 447s Selecting previously unselected package sssd-ad-common. 447s Preparing to unpack .../44-sssd-ad-common_2.9.4-1ubuntu1_arm64.deb ... 447s Unpacking sssd-ad-common (2.9.4-1ubuntu1) ... 447s Selecting previously unselected package sssd-krb5-common. 447s Preparing to unpack .../45-sssd-krb5-common_2.9.4-1ubuntu1_arm64.deb ... 447s Unpacking sssd-krb5-common (2.9.4-1ubuntu1) ... 447s Selecting previously unselected package libsmbclient:arm64. 447s Preparing to unpack .../46-libsmbclient_2%3a4.19.5+dfsg-1ubuntu1_arm64.deb ... 447s Unpacking libsmbclient:arm64 (2:4.19.5+dfsg-1ubuntu1) ... 447s Selecting previously unselected package sssd-ad. 447s Preparing to unpack .../47-sssd-ad_2.9.4-1ubuntu1_arm64.deb ... 447s Unpacking sssd-ad (2.9.4-1ubuntu1) ... 447s Selecting previously unselected package libipa-hbac0. 447s Preparing to unpack .../48-libipa-hbac0_2.9.4-1ubuntu1_arm64.deb ... 447s Unpacking libipa-hbac0 (2.9.4-1ubuntu1) ... 447s Selecting previously unselected package sssd-ipa. 447s Preparing to unpack .../49-sssd-ipa_2.9.4-1ubuntu1_arm64.deb ... 447s Unpacking sssd-ipa (2.9.4-1ubuntu1) ... 447s Selecting previously unselected package sssd-krb5. 447s Preparing to unpack .../50-sssd-krb5_2.9.4-1ubuntu1_arm64.deb ... 447s Unpacking sssd-krb5 (2.9.4-1ubuntu1) ... 447s Selecting previously unselected package sssd-ldap. 447s Preparing to unpack .../51-sssd-ldap_2.9.4-1ubuntu1_arm64.deb ... 447s Unpacking sssd-ldap (2.9.4-1ubuntu1) ... 447s Selecting previously unselected package sssd-proxy. 448s Preparing to unpack .../52-sssd-proxy_2.9.4-1ubuntu1_arm64.deb ... 448s Unpacking sssd-proxy (2.9.4-1ubuntu1) ... 448s Selecting previously unselected package sssd. 448s Preparing to unpack .../53-sssd_2.9.4-1ubuntu1_arm64.deb ... 448s Unpacking sssd (2.9.4-1ubuntu1) ... 448s Selecting previously unselected package sssd-dbus. 448s Preparing to unpack .../54-sssd-dbus_2.9.4-1ubuntu1_arm64.deb ... 448s Unpacking sssd-dbus (2.9.4-1ubuntu1) ... 448s Selecting previously unselected package sssd-kcm. 448s Preparing to unpack .../55-sssd-kcm_2.9.4-1ubuntu1_arm64.deb ... 448s Unpacking sssd-kcm (2.9.4-1ubuntu1) ... 448s Selecting previously unselected package sssd-tools. 448s Preparing to unpack .../56-sssd-tools_2.9.4-1ubuntu1_arm64.deb ... 448s Unpacking sssd-tools (2.9.4-1ubuntu1) ... 448s Selecting previously unselected package libipa-hbac-dev. 448s Preparing to unpack .../57-libipa-hbac-dev_2.9.4-1ubuntu1_arm64.deb ... 448s Unpacking libipa-hbac-dev (2.9.4-1ubuntu1) ... 448s Selecting previously unselected package libsss-certmap-dev. 448s Preparing to unpack .../58-libsss-certmap-dev_2.9.4-1ubuntu1_arm64.deb ... 448s Unpacking libsss-certmap-dev (2.9.4-1ubuntu1) ... 448s Selecting previously unselected package libsss-idmap-dev. 448s Preparing to unpack .../59-libsss-idmap-dev_2.9.4-1ubuntu1_arm64.deb ... 448s Unpacking libsss-idmap-dev (2.9.4-1ubuntu1) ... 448s Selecting previously unselected package libsss-nss-idmap-dev. 448s Preparing to unpack .../60-libsss-nss-idmap-dev_2.9.4-1ubuntu1_arm64.deb ... 448s Unpacking libsss-nss-idmap-dev (2.9.4-1ubuntu1) ... 448s Selecting previously unselected package libsss-sudo. 448s Preparing to unpack .../61-libsss-sudo_2.9.4-1ubuntu1_arm64.deb ... 448s Unpacking libsss-sudo (2.9.4-1ubuntu1) ... 448s Selecting previously unselected package python3-libipa-hbac. 448s Preparing to unpack .../62-python3-libipa-hbac_2.9.4-1ubuntu1_arm64.deb ... 448s Unpacking python3-libipa-hbac (2.9.4-1ubuntu1) ... 449s Selecting previously unselected package python3-libsss-nss-idmap. 449s Preparing to unpack .../63-python3-libsss-nss-idmap_2.9.4-1ubuntu1_arm64.deb ... 449s Unpacking python3-libsss-nss-idmap (2.9.4-1ubuntu1) ... 449s Selecting previously unselected package autopkgtest-satdep. 449s Preparing to unpack .../64-1-autopkgtest-satdep.deb ... 449s Unpacking autopkgtest-satdep (0) ... 449s Setting up libpwquality-common (1.4.5-3) ... 449s Setting up libpath-utils1:arm64 (0.6.2-2) ... 449s Setting up libnfsidmap1:arm64 (1:2.6.3-3ubuntu1) ... 449s Setting up libsss-idmap0 (2.9.4-1ubuntu1) ... 449s Setting up libbasicobjects0:arm64 (0.6.2-2) ... 449s Setting up libsss-idmap-dev (2.9.4-1ubuntu1) ... 449s Setting up libtdb1:arm64 (1.4.10-1) ... 449s Setting up libc-ares2:arm64 (1.27.0-1) ... 449s Setting up ldap-utils (2.6.7+dfsg-1~exp1ubuntu1) ... 449s Setting up libjose0:arm64 (11-3) ... 449s Setting up libwbclient0:arm64 (2:4.19.5+dfsg-1ubuntu1) ... 449s Setting up libtalloc2:arm64 (2.4.2-1) ... 449s Setting up libdhash1:arm64 (0.6.2-2) ... 449s Setting up libtevent0:arm64 (0.16.1-1) ... 449s Setting up libavahi-common-data:arm64 (0.8-13ubuntu2) ... 449s Setting up libevent-2.1-7:arm64 (2.1.12-stable-9) ... 449s Setting up libtcl8.6:arm64 (8.6.13+dfsg-2) ... 449s Setting up libltdl7:arm64 (2.4.7-7) ... 449s Setting up libcrack2:arm64 (2.9.6-5.1) ... 449s Setting up libcollection4:arm64 (0.6.2-2) ... 449s Setting up libodbc2:arm64 (2.3.12-1) ... 449s Setting up libipa-hbac0 (2.9.4-1ubuntu1) ... 449s Setting up python3-libipa-hbac (2.9.4-1ubuntu1) ... 449s Setting up libref-array1:arm64 (0.6.2-2) ... 449s Setting up libnss-sudo (1.9.15p5-3ubuntu1) ... 449s Setting up libldb2:arm64 (2:2.8.0+samba4.19.5+dfsg-1ubuntu1) ... 449s Setting up libsss-nss-idmap0 (2.9.4-1ubuntu1) ... 449s Setting up libnss-sss:arm64 (2.9.4-1ubuntu1) ... 449s Setting up slapd (2.6.7+dfsg-1~exp1ubuntu1) ... 450s Creating new user openldap... done. 450s Creating initial configuration... done. 450s Creating LDAP directory... done. 452s Setting up tcl8.6 (8.6.13+dfsg-2) ... 452s Setting up libsss-sudo (2.9.4-1ubuntu1) ... 452s Setting up libsss-nss-idmap-dev (2.9.4-1ubuntu1) ... 452s Setting up libipa-hbac-dev (2.9.4-1ubuntu1) ... 452s Setting up libini-config5:arm64 (0.6.2-2) ... 452s Setting up libavahi-common3:arm64 (0.8-13ubuntu2) ... 452s Setting up tcl-expect:arm64 (5.45.4-2build1) ... 452s Setting up python3-sss (2.9.4-1ubuntu1) ... 453s Setting up libsss-certmap0 (2.9.4-1ubuntu1) ... 453s Setting up libpwquality1:arm64 (1.4.5-3) ... 453s Setting up python3-libsss-nss-idmap (2.9.4-1ubuntu1) ... 453s Setting up libavahi-client3:arm64 (0.8-13ubuntu2) ... 453s Setting up expect (5.45.4-2build1) ... 453s Setting up libpam-pwquality:arm64 (1.4.5-3) ... 453s Setting up samba-libs:arm64 (2:4.19.5+dfsg-1ubuntu1) ... 453s Setting up libsss-certmap-dev (2.9.4-1ubuntu1) ... 453s Setting up libsmbclient:arm64 (2:4.19.5+dfsg-1ubuntu1) ... 453s Setting up libpam-sss:arm64 (2.9.4-1ubuntu1) ... 454s Setting up sssd-common (2.9.4-1ubuntu1) ... 454s Creating SSSD system user & group... 454s warn: The home directory `/var/lib/sss' already exists. Not touching this directory. 454s warn: Warning: The home directory `/var/lib/sss' does not belong to the user you are currently creating. 454s Warning: found usr.sbin.sssd in /etc/apparmor.d/force-complain, forcing complain mode 454s Warning from /etc/apparmor.d/usr.sbin.sssd (/etc/apparmor.d/usr.sbin.sssd line 63): Caching disabled for: 'usr.sbin.sssd' due to force complain 456s Created symlink /etc/systemd/system/sssd.service.wants/sssd-autofs.socket → /usr/lib/systemd/system/sssd-autofs.socket. 457s Created symlink /etc/systemd/system/sssd.service.wants/sssd-nss.socket → /usr/lib/systemd/system/sssd-nss.socket. 458s Created symlink /etc/systemd/system/sssd.service.wants/sssd-pam-priv.socket → /usr/lib/systemd/system/sssd-pam-priv.socket. 459s Created symlink /etc/systemd/system/sssd.service.wants/sssd-pam.socket → /usr/lib/systemd/system/sssd-pam.socket. 460s Created symlink /etc/systemd/system/sssd.service.wants/sssd-ssh.socket → /usr/lib/systemd/system/sssd-ssh.socket. 461s Created symlink /etc/systemd/system/sssd.service.wants/sssd-sudo.socket → /usr/lib/systemd/system/sssd-sudo.socket. 462s Created symlink /etc/systemd/system/multi-user.target.wants/sssd.service → /usr/lib/systemd/system/sssd.service. 463s sssd-autofs.service is a disabled or a static unit, not starting it. 463s sssd-nss.service is a disabled or a static unit, not starting it. 463s sssd-pam.service is a disabled or a static unit, not starting it. 463s sssd-ssh.service is a disabled or a static unit, not starting it. 463s sssd-sudo.service is a disabled or a static unit, not starting it. 464s Could not execute systemctl: at /usr/bin/deb-systemd-invoke line 148. 464s Setting up sssd-proxy (2.9.4-1ubuntu1) ... 464s Setting up sssd-kcm (2.9.4-1ubuntu1) ... 464s Created symlink /etc/systemd/system/sockets.target.wants/sssd-kcm.socket → /usr/lib/systemd/system/sssd-kcm.socket. 467s sssd-kcm.service is a disabled or a static unit, not starting it. 467s Setting up sssd-dbus (2.9.4-1ubuntu1) ... 468s sssd-ifp.service is a disabled or a static unit, not starting it. 468s Setting up sssd-ad-common (2.9.4-1ubuntu1) ... 469s Created symlink /etc/systemd/system/sssd.service.wants/sssd-pac.socket → /usr/lib/systemd/system/sssd-pac.socket. 471s sssd-pac.service is a disabled or a static unit, not starting it. 471s Could not execute systemctl: at /usr/bin/deb-systemd-invoke line 148. 471s Setting up sssd-krb5-common (2.9.4-1ubuntu1) ... 471s Setting up sssd-krb5 (2.9.4-1ubuntu1) ... 471s Setting up sssd-ldap (2.9.4-1ubuntu1) ... 471s Setting up sssd-ad (2.9.4-1ubuntu1) ... 471s Setting up sssd-tools (2.9.4-1ubuntu1) ... 471s Setting up sssd-ipa (2.9.4-1ubuntu1) ... 471s Setting up sssd (2.9.4-1ubuntu1) ... 471s Setting up libverto-libevent1:arm64 (0.3.1-1ubuntu5) ... 471s Setting up libverto1:arm64 (0.3.1-1ubuntu5) ... 471s Setting up libkrad0:arm64 (1.20.1-5build1) ... 471s Setting up sssd-passkey (2.9.4-1ubuntu1) ... 471s Setting up sssd-idp (2.9.4-1ubuntu1) ... 471s Setting up autopkgtest-satdep (0) ... 471s Processing triggers for libc-bin (2.39-0ubuntu6) ... 471s Processing triggers for ufw (0.36.2-5) ... 471s Processing triggers for man-db (2.12.0-3) ... 474s Processing triggers for dbus (1.14.10-4ubuntu1) ... 493s (Reading database ... 76754 files and directories currently installed.) 493s Removing autopkgtest-satdep (0) ... 494s autopkgtest [11:02:32]: test ldap-user-group-ldap-auth: [----------------------- 494s + . debian/tests/util 494s + . debian/tests/common-tests 494s + mydomain=example.com 494s + myhostname=ldap.example.com 494s + mysuffix=dc=example,dc=com 494s + admin_dn=cn=admin,dc=example,dc=com 494s + admin_pw=secret 494s + ldap_user=testuser1 494s + ldap_user_pw=testuser1secret 494s + ldap_group=ldapusers 494s + adjust_hostname ldap.example.com 494s + local myhostname=ldap.example.com 494s + echo ldap.example.com 494s + hostname ldap.example.com 494s + grep -qE ldap.example.com /etc/hosts 494s + echo 127.0.1.10 ldap.example.com 494s + reconfigure_slapd 494s + debconf-set-selections 495s + rm -rf /var/backups/*slapd* /var/backups/unknown*ldapdb 495s + dpkg-reconfigure -fnoninteractive -pcritical slapd 496s Backing up /etc/ldap/slapd.d in /var/backups/slapd-2.6.7+dfsg-1~exp1ubuntu1... done. 496s Moving old database directory to /var/backups: 496s - directory unknown... done. 496s Creating initial configuration... done. 496s Creating LDAP directory... done. 498s + generate_certs ldap.example.com 498s + local cn=ldap.example.com 498s + local cert=/etc/ldap/server.pem 498s + local key=/etc/ldap/server.key 498s + local cnf=/etc/ldap/openssl.cnf 498s + cat 498s + openssl req -new -x509 -nodes -out /etc/ldap/server.pem -keyout /etc/ldap/server.key -config /etc/ldap/openssl.cnf 498s .........................................++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 498s ................++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 498s ----- 498s + chmod 0640 /etc/ldap/server.key 498s + chgrp openldap /etc/ldap/server.key 498s + [ ! -f /etc/ldap/server.pem ] 498s + [ ! -f /etc/ldap/server.key ] 498s + enable_ldap_ssl 498s + cat 498s + cat 498s + ldapmodify -H ldapi:/// -Y EXTERNAL -Q 498s + populate_ldap_rfc2307 498s modifying entry "cn=config" 498s 498s + cat 498s + ldapadd -x -D cn=admin,dc=example,dc=com -w secret 498s adding new entry "ou=People,dc=example,dc=com" 498s 498s adding new entry "ou=Group,dc=example,dc=com" 498s 498s adding new entry "uid=testuser1,ou=People,dc=example,dc=com" 498s 498s adding new entry "cn=testuser1,ou=Group,dc=example,dc=com" 498s 498s adding new entry "cn=ldapusers,ou=Group,dc=example,dc=com" 498s 498s + configure_sssd_ldap_rfc2307 498s + cat 498s + chmod 0600 /etc/sssd/sssd.conf 498s + systemctl restart sssd 499s + enable_pam_mkhomedir 499s + grep -qE ^session.*pam_mkhomedir\.so /etc/pam.d/common-session 499s + echo session optional pam_mkhomedir.so 499s + run_common_tests 499s + echo Assert local user databases do not have our LDAP test data 499s + check_local_user testuser1 499s + local local_user=testuser1 499s + grep -q ^testuser1 /etc/passwd 499s Assert local user databases do not have our LDAP test data 499s + check_local_group testuser1 499s + local local_group=testuser1 499s + grep -q ^testuser1 /etc/group 499s + check_local_group ldapusers 499s + local local_group=ldapusers 499s + grep -q ^ldapusers /etc/group 499s + echo The LDAP user is known to the system via getent 499s + check_getent_user testuser1 499s + local getent_user=testuser1 499s + local output 499s The LDAP user is known to the system via getent 499s + getent passwd testuser1 499s + output=testuser1:*:10001:10001:testuser1:/home/testuser1:/bin/bash 499s + [ -z testuser1:*:10001:10001:testuser1:/home/testuser1:/bin/bash ] 499s + echo The LDAP user's private group is known to the system via getent 499s + check_getent_group testuser1 499s + local getent_group=testuser1 499s + local output 499s + getentThe LDAP user's private group is known to the system via getent 499s group testuser1 499s + output=testuser1:*:10001:testuser1 499s The LDAP group ldapusers is known to the system via getent 499s + [ -z testuser1:*:10001:testuser1 ] 499s + echo The LDAP group ldapusers is known to the system via getent 499s + check_getent_group ldapusers 499s + local getent_group=ldapusers 499s + local output 499s + getent group ldapusers 499s + output=ldapusers:*:10100:testuser1 499s + [ -z ldapusers:*:10100:testuser1 ] 499s The id(1) command can resolve the group membership of the LDAP user 499s + echo The id(1) command can resolve the group membership of the LDAP user 499s + id -Gn testuser1 499s + output=testuser1 ldapusers 499s + [ testuser1 ldapusers != testuser1 ldapusers ] 499s + echo The LDAP user can login on a terminal 499s The LDAP user can login on a terminal 499s + /usr/bin/expect -f debian/tests/login.exp testuser1 testuser1secret 499s spawn login 499s ldap.example.com login: testuser1 499s Password: 499s Welcome to Ubuntu Noble Numbat (development branch) (GNU/Linux 6.8.0-11-generic aarch64) 499s 499s * Documentation: https://help.ubuntu.com 499s * Management: https://landscape.canonical.com 499s * Support: https://ubuntu.com/pro 499s 499s 499s The programs included with the Ubuntu system are free software; 499s the exact distribution terms for each program are described in the 499s individual files in /usr/share/doc/*/copyright. 499s 499s Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by 499s applicable law. 499s 499s 499s The programs included with the Ubuntu system are free software; 499s the exact distribution terms for each program are described in the 499s individual files in /usr/share/doc/*/copyright. 499s 499s Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by 499s applicable law. 499s 499s Creating directory '/home/testuser1'. 500s [?2004htestuser1@ldap:~$ id -un 500s [?2004l testuser1 500s [?2004htestuser1@ldap:~$ autopkgtest [11:02:38]: test ldap-user-group-ldap-auth: -----------------------] 502s ldap-user-group-ldap-auth PASS 502s autopkgtest [11:02:40]: test ldap-user-group-ldap-auth: - - - - - - - - - - results - - - - - - - - - - 503s autopkgtest [11:02:41]: test ldap-user-group-krb5-auth: preparing testbed 505s Reading package lists... 506s Building dependency tree... 506s Reading state information... 507s Starting pkgProblemResolver with broken count: 0 507s Starting 2 pkgProblemResolver with broken count: 0 507s Done 508s The following additional packages will be installed: 508s krb5-admin-server krb5-config krb5-kdc krb5-user libgssrpc4 508s libkadm5clnt-mit12 libkadm5srv-mit12 libkdb5-10 508s Suggested packages: 508s krb5-kdc-ldap krb5-kpropd krb5-k5tls krb5-doc 508s The following NEW packages will be installed: 508s autopkgtest-satdep krb5-admin-server krb5-config krb5-kdc krb5-user 508s libgssrpc4 libkadm5clnt-mit12 libkadm5srv-mit12 libkdb5-10 509s 0 upgraded, 9 newly installed, 0 to remove and 0 not upgraded. 509s Need to get 594 kB/595 kB of archives. 509s After this operation, 2907 kB of additional disk space will be used. 509s Get:1 /tmp/autopkgtest.JTgXkd/2-autopkgtest-satdep.deb autopkgtest-satdep arm64 0 [884 B] 509s Get:2 http://ftpmaster.internal/ubuntu noble/main arm64 krb5-config all 2.7 [22.0 kB] 509s Get:3 http://ftpmaster.internal/ubuntu noble/main arm64 libgssrpc4 arm64 1.20.1-5build1 [57.4 kB] 509s Get:4 http://ftpmaster.internal/ubuntu noble/main arm64 libkadm5clnt-mit12 arm64 1.20.1-5build1 [39.9 kB] 509s Get:5 http://ftpmaster.internal/ubuntu noble/main arm64 libkdb5-10 arm64 1.20.1-5build1 [39.8 kB] 509s Get:6 http://ftpmaster.internal/ubuntu noble/main arm64 libkadm5srv-mit12 arm64 1.20.1-5build1 [53.2 kB] 509s Get:7 http://ftpmaster.internal/ubuntu noble/universe arm64 krb5-user arm64 1.20.1-5build1 [108 kB] 509s Get:8 http://ftpmaster.internal/ubuntu noble/universe arm64 krb5-kdc arm64 1.20.1-5build1 [180 kB] 509s Get:9 http://ftpmaster.internal/ubuntu noble/universe arm64 krb5-admin-server arm64 1.20.1-5build1 [94.6 kB] 510s Preconfiguring packages ... 512s Fetched 594 kB in 1s (904 kB/s) 512s Selecting previously unselected package krb5-config. 512s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 76754 files and directories currently installed.) 512s Preparing to unpack .../0-krb5-config_2.7_all.deb ... 512s Unpacking krb5-config (2.7) ... 512s Selecting previously unselected package libgssrpc4:arm64. 512s Preparing to unpack .../1-libgssrpc4_1.20.1-5build1_arm64.deb ... 512s Unpacking libgssrpc4:arm64 (1.20.1-5build1) ... 512s Selecting previously unselected package libkadm5clnt-mit12:arm64. 512s Preparing to unpack .../2-libkadm5clnt-mit12_1.20.1-5build1_arm64.deb ... 512s Unpacking libkadm5clnt-mit12:arm64 (1.20.1-5build1) ... 512s Selecting previously unselected package libkdb5-10:arm64. 512s Preparing to unpack .../3-libkdb5-10_1.20.1-5build1_arm64.deb ... 512s Unpacking libkdb5-10:arm64 (1.20.1-5build1) ... 512s Selecting previously unselected package libkadm5srv-mit12:arm64. 512s Preparing to unpack .../4-libkadm5srv-mit12_1.20.1-5build1_arm64.deb ... 512s Unpacking libkadm5srv-mit12:arm64 (1.20.1-5build1) ... 512s Selecting previously unselected package krb5-user. 513s Preparing to unpack .../5-krb5-user_1.20.1-5build1_arm64.deb ... 513s Unpacking krb5-user (1.20.1-5build1) ... 513s Selecting previously unselected package krb5-kdc. 513s Preparing to unpack .../6-krb5-kdc_1.20.1-5build1_arm64.deb ... 513s Unpacking krb5-kdc (1.20.1-5build1) ... 513s Selecting previously unselected package krb5-admin-server. 513s Preparing to unpack .../7-krb5-admin-server_1.20.1-5build1_arm64.deb ... 513s Unpacking krb5-admin-server (1.20.1-5build1) ... 513s Selecting previously unselected package autopkgtest-satdep. 513s Preparing to unpack .../8-2-autopkgtest-satdep.deb ... 513s Unpacking autopkgtest-satdep (0) ... 513s Setting up libgssrpc4:arm64 (1.20.1-5build1) ... 513s Setting up krb5-config (2.7) ... 514s Setting up libkadm5clnt-mit12:arm64 (1.20.1-5build1) ... 514s Setting up libkdb5-10:arm64 (1.20.1-5build1) ... 514s Setting up libkadm5srv-mit12:arm64 (1.20.1-5build1) ... 514s Setting up krb5-user (1.20.1-5build1) ... 514s update-alternatives: using /usr/bin/kinit.mit to provide /usr/bin/kinit (kinit) in auto mode 514s update-alternatives: using /usr/bin/klist.mit to provide /usr/bin/klist (klist) in auto mode 514s update-alternatives: using /usr/bin/kswitch.mit to provide /usr/bin/kswitch (kswitch) in auto mode 514s update-alternatives: using /usr/bin/ksu.mit to provide /usr/bin/ksu (ksu) in auto mode 514s update-alternatives: using /usr/bin/kpasswd.mit to provide /usr/bin/kpasswd (kpasswd) in auto mode 514s update-alternatives: using /usr/bin/kdestroy.mit to provide /usr/bin/kdestroy (kdestroy) in auto mode 514s update-alternatives: using /usr/bin/kadmin.mit to provide /usr/bin/kadmin (kadmin) in auto mode 514s update-alternatives: using /usr/bin/ktutil.mit to provide /usr/bin/ktutil (ktutil) in auto mode 514s Setting up krb5-kdc (1.20.1-5build1) ... 516s Created symlink /etc/systemd/system/multi-user.target.wants/krb5-kdc.service → /usr/lib/systemd/system/krb5-kdc.service. 517s Could not execute systemctl: at /usr/bin/deb-systemd-invoke line 148. 517s Setting up krb5-admin-server (1.20.1-5build1) ... 520s Created symlink /etc/systemd/system/multi-user.target.wants/krb5-admin-server.service → /usr/lib/systemd/system/krb5-admin-server.service. 521s Setting up autopkgtest-satdep (0) ... 521s Processing triggers for man-db (2.12.0-3) ... 522s Processing triggers for libc-bin (2.39-0ubuntu6) ... 538s (Reading database ... 76847 files and directories currently installed.) 538s Removing autopkgtest-satdep (0) ... 539s autopkgtest [11:03:17]: test ldap-user-group-krb5-auth: [----------------------- 539s + . debian/tests/util 539s + . debian/tests/common-tests 539s + mydomain=example.com 539s + myhostname=ldap.example.com 539s + mysuffix=dc=example,dc=com 539s + myrealm=EXAMPLE.COM 539s + admin_dn=cn=admin,dc=example,dc=com 539s + admin_pw=secret 539s + ldap_user=testuser1 539s + ldap_user_pw=testuser1secret 539s + kerberos_principal_pw=testuser1kerberos 539s + ldap_group=ldapusers 539s + adjust_hostname ldap.example.com 539s + local myhostname=ldap.example.com 539s + echo ldap.example.com 539s + hostname ldap.example.com 539s + grep -qE ldap.example.com /etc/hosts 539s + reconfigure_slapd 539s + debconf-set-selections 539s + rm -rf /var/backups/slapd-2.6.7+dfsg-1~exp1ubuntu1 /var/backups/unknown-2.6.7+dfsg-1~exp1ubuntu1-20240325-110234.ldapdb 539s + dpkg-reconfigure -fnoninteractive -pcritical slapd 540s Backing up /etc/ldap/slapd.d in /var/backups/slapd-2.6.7+dfsg-1~exp1ubuntu1... done. 540s Moving old database directory to /var/backups: 540s - directory unknown... done. 540s Creating initial configuration... done. 541s Creating LDAP directory... done. 542s + generate_certs ldap.example.com 542s + local cn=ldap.example.com 542s + local cert=/etc/ldap/server.pem 542s + local key=/etc/ldap/server.key 542s + local cnf=/etc/ldap/openssl.cnf 542s + cat 542s + openssl req -new -x509 -nodes -out /etc/ldap/server.pem -keyout /etc/ldap/server.key -config /etc/ldap/openssl.cnf 542s ........................................++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 543s .................................................................................................................................................................................................++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 543s ----- 543s + chmod 0640 /etc/ldap/server.key 543s + chgrp openldap /etc/ldap/server.key 543s + [ ! -f /etc/ldap/server.pem ] 543s + [ ! -f /etc/ldap/server.key ] 543s + enable_ldap_ssl 543s + cat 543s + cat 543s + ldapmodify -H ldapi:/// -Y EXTERNAL -Q 543s + populate_ldap_rfc2307 543s + cat 543s + ldapadd -x -D cn=admin,dc=example,dc=com -w secret 543s modifying entry "cn=config" 543s 543s adding new entry "ou=People,dc=example,dc=com" 543s 543s adding new entry "ou=Group,dc=example,dc=com" 543s 543s adding new entry "uid=testuser1,ou=People,dc=example,dc=com" 543s 543s adding new entry "cn=testuser1,ou=Group,dc=example,dc=com" 543s 543s adding new entry "cn=ldapusers,ou=Group,dc=example,dc=com" 543s 543s + create_realm EXAMPLE.COM ldap.example.com 543s + local realm_name=EXAMPLE.COM 543s + local kerberos_server=ldap.example.com 543s + rm -rf /var/lib/krb5kdc/* 543s + rm -rf /etc/krb5kdc/kdc.conf 543s + rm -f /etc/krb5.keytab 543s + cat 543s + cat 543s + echo # */admin * 543s + kdb5_util create -s -P secretpassword 543s Initializing database '/var/lib/krb5kdc/principal' for realm 'EXAMPLE.COM', 543s master key name 'K/M@EXAMPLE.COM' 543s + systemctl restart krb5-kdc.service krb5-admin-server.service 543s + create_krb_principal testuser1 testuser1kerberos 543s + local principal=testuser1 543s + local password=testuser1kerberos 543s + kadmin.local -q addprinc -pw testuser1kerberos testuser1 543s No policy specified for testuser1@EXAMPLE.COM; defaulting to no policy 543s Authenticating as principal root/admin@EXAMPLE.COM with password. 543s Principal "testuser1@EXAMPLE.COM" created. 543s + configure_sssd_ldap_rfc2307_krb5_auth 543s + cat 543s + chmod 0600 /etc/sssd/sssd.conf 543s + systemctl restart sssd 544s + enable_pam_mkhomedir 544s + grep -qE ^session.*pam_mkhomedir\.so /etc/pam.d/common-session 544s Assert local user databases do not have our LDAP test data 544s + run_common_tests 544s + echo Assert local user databases do not have our LDAP test data 544s + check_local_user testuser1 544s + local local_user=testuser1 544s + grep -q ^testuser1 /etc/passwd 544s + check_local_group testuser1 544s + local local_group=testuser1 544s + grep -q ^testuser1 /etc/group 544s + check_local_group ldapusers 544s + local local_group=ldapusers 544s + grep -q ^ldapusers /etc/group 544s The LDAP user is known to the system via getent 544s + echo The LDAP user is known to the system via getent 544s + check_getent_user testuser1 544s + local getent_user=testuser1 544s + local output 544s + getent passwd testuser1 544s + output=testuser1:*:10001:10001:testuser1:/home/testuser1:/bin/bash 544s + [ -z testuser1:*:10001:10001:testuser1:/home/testuser1:/bin/bash ] 544s + echo The LDAP user's private group is known to the system via getent 544s + check_getent_group testuser1 544s + local getent_group=testuser1 544s + local output 544s + getent group testuser1 544s The LDAP user's private group is known to the system via getent 544s + output=testuser1:*:10001:testuser1 544s + [ -z testuser1:*:10001:testuser1 ] 544s + echo The LDAP group ldapusers is known to the system via getent 544s + check_getent_group ldapusers 544s + local getent_group=ldapusers 544s + local output 544s + The LDAP group ldapusers is known to the system via getent 544s getent group ldapusers 544s + output=ldapusers:*:10100:testuser1 544s + [ -z ldapusers:*:10100:testuser1 ] 544s + echo The id(1) command can resolve the group membership of the LDAP user 544s The id(1) command can resolve the group membership of the LDAP user 544s + id -Gn testuser1 544s + output=testuser1 ldapusers 544s + [ testuser1 ldapusers != testuser1 ldapusers ] 544s + echoThe Kerberos principal can login on a terminal 544s The Kerberos principal can login on a terminal 544s + kdestroy 544s + /usr/bin/expect -f debian/tests/login.exp testuser1 testuser1kerberos testuser1@EXAMPLE.COM 544s spawn login 544s ldap.example.com login: testuser1 544s Password: 545s Welcome to Ubuntu Noble Numbat (development branch) (GNU/Linux 6.8.0-11-generic aarch64) 545s 545s * Documentation: https://help.ubuntu.com 545s * Management: https://landscape.canonical.com 545s * Support: https://ubuntu.com/pro 545s 545s 545s The programs included with the Ubuntu system are free software; 545s the exact distribution terms for each program are described in the 545s individual files in /usr/share/doc/*/copyright. 545s 545s Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by 545s applicable law. 545s 545s Last login: Mon Mar 25 11:02:37 UTC 2024 on pts/0 545s [?2004htestuser1@ldap:~$ id -un 545s [?2004l testuser1 545s [?2004htestuser1@ldap:~$ klist 545s [?2004l Ticket cache: FILE:/tmp/krb5cc_10001_xFeUsN 545s Default principal: testuser1@EXAMPLE.COM 545s 545s Valid starting Expires Service principal 545s 03/25/24 11:03:23 03/25/24 21:03:23 krbtgt/EXAMPLE.COM@EXAMPLE.COMautopkgtest [11:03:23]: test ldap-user-group-krb5-auth: -----------------------] 546s autopkgtest [11:03:24]: test ldap-user-group-krb5-auth: - - - - - - - - - - results - - - - - - - - - - 546s ldap-user-group-krb5-auth PASS 547s autopkgtest [11:03:25]: test sssd-softhism2-certificates-tests.sh: preparing testbed 703s autopkgtest [11:06:01]: testbed dpkg architecture: arm64 704s autopkgtest [11:06:02]: testbed apt version: 2.7.12 704s autopkgtest [11:06:02]: @@@@@@@@@@@@@@@@@@@@ test bed setup 705s Get:1 http://ftpmaster.internal/ubuntu noble-proposed InRelease [117 kB] 706s Get:2 http://ftpmaster.internal/ubuntu noble-proposed/main Sources [497 kB] 707s Get:3 http://ftpmaster.internal/ubuntu noble-proposed/multiverse Sources [56.8 kB] 707s Get:4 http://ftpmaster.internal/ubuntu noble-proposed/restricted Sources [7608 B] 707s Get:5 http://ftpmaster.internal/ubuntu noble-proposed/universe Sources [3984 kB] 708s Get:6 http://ftpmaster.internal/ubuntu noble-proposed/main arm64 Packages [713 kB] 708s Get:7 http://ftpmaster.internal/ubuntu noble-proposed/main arm64 c-n-f Metadata [3144 B] 708s Get:8 http://ftpmaster.internal/ubuntu noble-proposed/restricted arm64 Packages [39.7 kB] 708s Get:9 http://ftpmaster.internal/ubuntu noble-proposed/restricted arm64 c-n-f Metadata [116 B] 708s Get:10 http://ftpmaster.internal/ubuntu noble-proposed/universe arm64 Packages [4352 kB] 709s Get:11 http://ftpmaster.internal/ubuntu noble-proposed/universe arm64 c-n-f Metadata [8528 B] 709s Get:12 http://ftpmaster.internal/ubuntu noble-proposed/multiverse arm64 Packages [71.0 kB] 709s Get:13 http://ftpmaster.internal/ubuntu noble-proposed/multiverse arm64 c-n-f Metadata [116 B] 719s Fetched 9850 kB in 6s (1770 kB/s) 719s Reading package lists... 726s Reading package lists... 727s Building dependency tree... 727s Reading state information... 729s Calculating upgrade... 730s The following packages will be REMOVED: 730s libssl3 730s The following NEW packages will be installed: 730s libssl3t64 730s The following packages have been kept back: 730s curl 730s The following packages will be upgraded: 730s openssl 730s 1 upgraded, 1 newly installed, 1 to remove and 1 not upgraded. 730s Need to get 2777 kB of archives. 730s After this operation, 139 kB of additional disk space will be used. 730s Get:1 http://ftpmaster.internal/ubuntu noble-proposed/main arm64 openssl arm64 3.0.13-0ubuntu2 [985 kB] 731s Get:2 http://ftpmaster.internal/ubuntu noble-proposed/main arm64 libssl3t64 arm64 3.0.13-0ubuntu2 [1793 kB] 733s Fetched 2777 kB in 1s (2717 kB/s) 733s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 75911 files and directories currently installed.) 733s Preparing to unpack .../openssl_3.0.13-0ubuntu2_arm64.deb ... 733s Unpacking openssl (3.0.13-0ubuntu2) over (3.0.10-1ubuntu4) ... 734s dpkg: libssl3:arm64: dependency problems, but removing anyway as you requested: 734s wget depends on libssl3 (>= 3.0.0). 734s u-boot-tools depends on libssl3 (>= 3.0.0). 734s tnftp depends on libssl3 (>= 3.0.0). 734s tcpdump depends on libssl3 (>= 3.0.0). 734s systemd-resolved depends on libssl3 (>= 3.0.0). 734s systemd depends on libssl3 (>= 3.0.0). 734s sudo depends on libssl3 (>= 3.0.0). 734s sbsigntool depends on libssl3 (>= 3.0.0). 734s rsync depends on libssl3 (>= 3.0.0). 734s python3-cryptography depends on libssl3 (>= 3.0.0). 734s openssh-server depends on libssl3 (>= 3.0.10). 734s openssh-client depends on libssl3 (>= 3.0.10). 734s mtd-utils depends on libssl3 (>= 3.0.0). 734s mokutil depends on libssl3 (>= 3.0.0). 734s linux-headers-6.8.0-11-generic depends on libssl3 (>= 3.0.0). 734s libsystemd-shared:arm64 depends on libssl3 (>= 3.0.0). 734s libssh-4:arm64 depends on libssl3 (>= 3.0.0). 734s libsasl2-modules:arm64 depends on libssl3 (>= 3.0.0). 734s libsasl2-2:arm64 depends on libssl3 (>= 3.0.0). 734s libpython3.12-minimal:arm64 depends on libssl3 (>= 3.0.0). 734s libpython3.11-minimal:arm64 depends on libssl3 (>= 3.0.0). 734s libnvme1 depends on libssl3 (>= 3.0.0). 734s libkrb5-3:arm64 depends on libssl3 (>= 3.0.0). 734s libkmod2:arm64 depends on libssl3 (>= 3.0.0). 734s libfido2-1:arm64 depends on libssl3 (>= 3.0.0). 734s libcurl4:arm64 depends on libssl3 (>= 3.0.0). 734s libcryptsetup12:arm64 depends on libssl3 (>= 3.0.0). 734s kmod depends on libssl3 (>= 3.0.0). 734s dhcpcd-base depends on libssl3 (>= 3.0.0). 734s bind9-libs:arm64 depends on libssl3 (>= 3.0.0). 734s 734s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 75911 files and directories currently installed.) 734s Removing libssl3:arm64 (3.0.10-1ubuntu4) ... 734s Selecting previously unselected package libssl3t64:arm64. 734s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 75900 files and directories currently installed.) 734s Preparing to unpack .../libssl3t64_3.0.13-0ubuntu2_arm64.deb ... 734s Unpacking libssl3t64:arm64 (3.0.13-0ubuntu2) ... 735s Setting up libssl3t64:arm64 (3.0.13-0ubuntu2) ... 735s Setting up openssl (3.0.13-0ubuntu2) ... 735s Processing triggers for man-db (2.12.0-3) ... 736s Processing triggers for libc-bin (2.39-0ubuntu6) ... 737s Reading package lists... 738s Building dependency tree... 738s Reading state information... 740s 0 upgraded, 0 newly installed, 0 to remove and 1 not upgraded. 742s sh: Attempting to set up Debian/Ubuntu apt sources automatically 742s sh: Distribution appears to be Ubuntu 745s Reading package lists... 746s Building dependency tree... 746s Reading state information... 748s eatmydata is already the newest version (131-1). 748s 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 748s Reading package lists... 749s Building dependency tree... 749s Reading state information... 751s dbus is already the newest version (1.14.10-4ubuntu1). 751s 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 751s Reading package lists... 751s Building dependency tree... 751s Reading state information... 753s rng-tools-debian is already the newest version (2.4). 753s 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 753s Reading package lists... 754s Building dependency tree... 754s Reading state information... 756s The following packages will be REMOVED: 756s cloud-init* python3-configobj* python3-debconf* 757s 0 upgraded, 0 newly installed, 3 to remove and 0 not upgraded. 757s After this operation, 3256 kB disk space will be freed. 757s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 75913 files and directories currently installed.) 757s Removing cloud-init (24.1.2-0ubuntu1) ... 759s Removing python3-configobj (5.0.8-3) ... 759s Removing python3-debconf (1.5.86) ... 760s Processing triggers for man-db (2.12.0-3) ... 761s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 75524 files and directories currently installed.) 761s Purging configuration files for cloud-init (24.1.2-0ubuntu1) ... 763s dpkg: warning: while removing cloud-init, directory '/etc/cloud/cloud.cfg.d' not empty so not removed 763s Processing triggers for rsyslog (8.2312.0-3ubuntu3) ... 763s invoke-rc.d: policy-rc.d denied execution of try-restart. 764s Reading package lists... 764s Building dependency tree... 764s Reading state information... 766s linux-generic is already the newest version (6.8.0-11.11+1). 766s 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 767s Hit:1 http://ftpmaster.internal/ubuntu noble InRelease 767s Hit:2 http://ftpmaster.internal/ubuntu noble-updates InRelease 767s Hit:3 http://ftpmaster.internal/ubuntu noble-security InRelease 776s Reading package lists... 776s Reading package lists... 777s Building dependency tree... 777s Reading state information... 778s Calculating upgrade... 779s 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 779s Reading package lists... 780s Building dependency tree... 780s Reading state information... 781s 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 782s autopkgtest [11:07:20]: rebooting testbed after setup commands that affected boot 960s Reading package lists... 961s Building dependency tree... 961s Reading state information... 962s Starting pkgProblemResolver with broken count: 0 962s Starting 2 pkgProblemResolver with broken count: 0 962s Done 964s The following additional packages will be installed: 964s gnutls-bin libavahi-client3 libavahi-common-data libavahi-common3 964s libbasicobjects0 libc-ares2 libcollection4 libcrack2 libdhash1 964s libevent-2.1-7 libgnutls-dane0 libini-config5 libipa-hbac0 libldb2 964s libnfsidmap1 libnss-sss libpam-pwquality libpam-sss libpath-utils1 964s libpwquality-common libpwquality1 libref-array1 libsmbclient libsofthsm2 964s libsss-certmap0 libsss-idmap0 libsss-nss-idmap0 libtalloc2 libtdb1 964s libtevent0 libunbound8 libwbclient0 python3-sss samba-libs softhsm2 964s softhsm2-common sssd sssd-ad sssd-ad-common sssd-common sssd-ipa sssd-krb5 964s sssd-krb5-common sssd-ldap sssd-proxy 964s Suggested packages: 964s dns-root-data adcli libsss-sudo sssd-tools libsasl2-modules-ldap 964s Recommended packages: 964s cracklib-runtime libsasl2-modules-gssapi-mit 964s | libsasl2-modules-gssapi-heimdal ldap-utils 964s The following NEW packages will be installed: 964s autopkgtest-satdep gnutls-bin libavahi-client3 libavahi-common-data 964s libavahi-common3 libbasicobjects0 libc-ares2 libcollection4 libcrack2 964s libdhash1 libevent-2.1-7 libgnutls-dane0 libini-config5 libipa-hbac0 libldb2 964s libnfsidmap1 libnss-sss libpam-pwquality libpam-sss libpath-utils1 964s libpwquality-common libpwquality1 libref-array1 libsmbclient libsofthsm2 964s libsss-certmap0 libsss-idmap0 libsss-nss-idmap0 libtalloc2 libtdb1 964s libtevent0 libunbound8 libwbclient0 python3-sss samba-libs softhsm2 964s softhsm2-common sssd sssd-ad sssd-ad-common sssd-common sssd-ipa sssd-krb5 964s sssd-krb5-common sssd-ldap sssd-proxy 965s 0 upgraded, 46 newly installed, 0 to remove and 0 not upgraded. 965s Need to get 10.1 MB/10.1 MB of archives. 965s After this operation, 48.6 MB of additional disk space will be used. 965s Get:1 /tmp/autopkgtest.JTgXkd/3-autopkgtest-satdep.deb autopkgtest-satdep arm64 0 [748 B] 965s Get:2 http://ftpmaster.internal/ubuntu noble/main arm64 libevent-2.1-7 arm64 2.1.12-stable-9 [138 kB] 965s Get:3 http://ftpmaster.internal/ubuntu noble/main arm64 libunbound8 arm64 1.19.1-1ubuntu1 [423 kB] 965s Get:4 http://ftpmaster.internal/ubuntu noble/main arm64 libgnutls-dane0 arm64 3.8.3-1ubuntu1 [23.3 kB] 965s Get:5 http://ftpmaster.internal/ubuntu noble/universe arm64 gnutls-bin arm64 3.8.3-1ubuntu1 [267 kB] 965s Get:6 http://ftpmaster.internal/ubuntu noble/main arm64 libavahi-common-data arm64 0.8-13ubuntu2 [29.5 kB] 965s Get:7 http://ftpmaster.internal/ubuntu noble/main arm64 libavahi-common3 arm64 0.8-13ubuntu2 [23.2 kB] 965s Get:8 http://ftpmaster.internal/ubuntu noble/main arm64 libavahi-client3 arm64 0.8-13ubuntu2 [27.3 kB] 965s Get:9 http://ftpmaster.internal/ubuntu noble/main arm64 libcrack2 arm64 2.9.6-5.1 [28.7 kB] 965s Get:10 http://ftpmaster.internal/ubuntu noble/main arm64 libtalloc2 arm64 2.4.2-1 [26.6 kB] 965s Get:11 http://ftpmaster.internal/ubuntu noble/main arm64 libtdb1 arm64 1.4.10-1 [48.4 kB] 965s Get:12 http://ftpmaster.internal/ubuntu noble/main arm64 libtevent0 arm64 0.16.1-1 [41.8 kB] 965s Get:13 http://ftpmaster.internal/ubuntu noble/main arm64 libldb2 arm64 2:2.8.0+samba4.19.5+dfsg-1ubuntu1 [187 kB] 965s Get:14 http://ftpmaster.internal/ubuntu noble/main arm64 libnfsidmap1 arm64 1:2.6.3-3ubuntu1 [47.1 kB] 965s Get:15 http://ftpmaster.internal/ubuntu noble/main arm64 libpwquality-common all 1.4.5-3 [7658 B] 965s Get:16 http://ftpmaster.internal/ubuntu noble/main arm64 libpwquality1 arm64 1.4.5-3 [13.2 kB] 965s Get:17 http://ftpmaster.internal/ubuntu noble/main arm64 libpam-pwquality arm64 1.4.5-3 [11.6 kB] 965s Get:18 http://ftpmaster.internal/ubuntu noble/main arm64 libwbclient0 arm64 2:4.19.5+dfsg-1ubuntu1 [70.6 kB] 965s Get:19 http://ftpmaster.internal/ubuntu noble/main arm64 samba-libs arm64 2:4.19.5+dfsg-1ubuntu1 [6061 kB] 967s Get:20 http://ftpmaster.internal/ubuntu noble/universe arm64 softhsm2-common arm64 2.6.1-2.2 [5806 B] 967s Get:21 http://ftpmaster.internal/ubuntu noble/universe arm64 libsofthsm2 arm64 2.6.1-2.2 [246 kB] 967s Get:22 http://ftpmaster.internal/ubuntu noble/universe arm64 softhsm2 arm64 2.6.1-2.2 [167 kB] 967s Get:23 http://ftpmaster.internal/ubuntu noble/main arm64 python3-sss arm64 2.9.4-1ubuntu1 [46.5 kB] 967s Get:24 http://ftpmaster.internal/ubuntu noble/main arm64 libsss-idmap0 arm64 2.9.4-1ubuntu1 [21.8 kB] 967s Get:25 http://ftpmaster.internal/ubuntu noble/main arm64 libnss-sss arm64 2.9.4-1ubuntu1 [31.7 kB] 967s Get:26 http://ftpmaster.internal/ubuntu noble/main arm64 libpam-sss arm64 2.9.4-1ubuntu1 [48.8 kB] 967s Get:27 http://ftpmaster.internal/ubuntu noble/main arm64 libc-ares2 arm64 1.27.0-1 [74.1 kB] 967s Get:28 http://ftpmaster.internal/ubuntu noble/main arm64 libdhash1 arm64 0.6.2-2 [8540 B] 967s Get:29 http://ftpmaster.internal/ubuntu noble/main arm64 libbasicobjects0 arm64 0.6.2-2 [5586 B] 967s Get:30 http://ftpmaster.internal/ubuntu noble/main arm64 libcollection4 arm64 0.6.2-2 [23.0 kB] 967s Get:31 http://ftpmaster.internal/ubuntu noble/main arm64 libpath-utils1 arm64 0.6.2-2 [8722 B] 967s Get:32 http://ftpmaster.internal/ubuntu noble/main arm64 libref-array1 arm64 0.6.2-2 [7042 B] 967s Get:33 http://ftpmaster.internal/ubuntu noble/main arm64 libini-config5 arm64 0.6.2-2 [43.7 kB] 967s Get:34 http://ftpmaster.internal/ubuntu noble/main arm64 libsss-certmap0 arm64 2.9.4-1ubuntu1 [45.8 kB] 967s Get:35 http://ftpmaster.internal/ubuntu noble/main arm64 libsss-nss-idmap0 arm64 2.9.4-1ubuntu1 [30.3 kB] 967s Get:36 http://ftpmaster.internal/ubuntu noble/main arm64 sssd-common arm64 2.9.4-1ubuntu1 [1147 kB] 967s Get:37 http://ftpmaster.internal/ubuntu noble/main arm64 sssd-ad-common arm64 2.9.4-1ubuntu1 [75.4 kB] 967s Get:38 http://ftpmaster.internal/ubuntu noble/main arm64 sssd-krb5-common arm64 2.9.4-1ubuntu1 [87.9 kB] 967s Get:39 http://ftpmaster.internal/ubuntu noble/main arm64 libsmbclient arm64 2:4.19.5+dfsg-1ubuntu1 [62.2 kB] 967s Get:40 http://ftpmaster.internal/ubuntu noble/main arm64 sssd-ad arm64 2.9.4-1ubuntu1 [134 kB] 967s Get:41 http://ftpmaster.internal/ubuntu noble/main arm64 libipa-hbac0 arm64 2.9.4-1ubuntu1 [16.7 kB] 967s Get:42 http://ftpmaster.internal/ubuntu noble/main arm64 sssd-ipa arm64 2.9.4-1ubuntu1 [220 kB] 967s Get:43 http://ftpmaster.internal/ubuntu noble/main arm64 sssd-krb5 arm64 2.9.4-1ubuntu1 [14.3 kB] 967s Get:44 http://ftpmaster.internal/ubuntu noble/main arm64 sssd-ldap arm64 2.9.4-1ubuntu1 [31.3 kB] 967s Get:45 http://ftpmaster.internal/ubuntu noble/main arm64 sssd-proxy arm64 2.9.4-1ubuntu1 [44.6 kB] 967s Get:46 http://ftpmaster.internal/ubuntu noble/main arm64 sssd arm64 2.9.4-1ubuntu1 [4120 B] 969s Fetched 10.1 MB in 3s (3985 kB/s) 969s Selecting previously unselected package libevent-2.1-7:arm64. 969s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 75469 files and directories currently installed.) 969s Preparing to unpack .../00-libevent-2.1-7_2.1.12-stable-9_arm64.deb ... 969s Unpacking libevent-2.1-7:arm64 (2.1.12-stable-9) ... 969s Selecting previously unselected package libunbound8:arm64. 969s Preparing to unpack .../01-libunbound8_1.19.1-1ubuntu1_arm64.deb ... 969s Unpacking libunbound8:arm64 (1.19.1-1ubuntu1) ... 970s Selecting previously unselected package libgnutls-dane0:arm64. 970s Preparing to unpack .../02-libgnutls-dane0_3.8.3-1ubuntu1_arm64.deb ... 970s Unpacking libgnutls-dane0:arm64 (3.8.3-1ubuntu1) ... 970s Selecting previously unselected package gnutls-bin. 970s Preparing to unpack .../03-gnutls-bin_3.8.3-1ubuntu1_arm64.deb ... 970s Unpacking gnutls-bin (3.8.3-1ubuntu1) ... 970s Selecting previously unselected package libavahi-common-data:arm64. 970s Preparing to unpack .../04-libavahi-common-data_0.8-13ubuntu2_arm64.deb ... 970s Unpacking libavahi-common-data:arm64 (0.8-13ubuntu2) ... 970s Selecting previously unselected package libavahi-common3:arm64. 970s Preparing to unpack .../05-libavahi-common3_0.8-13ubuntu2_arm64.deb ... 970s Unpacking libavahi-common3:arm64 (0.8-13ubuntu2) ... 970s Selecting previously unselected package libavahi-client3:arm64. 970s Preparing to unpack .../06-libavahi-client3_0.8-13ubuntu2_arm64.deb ... 970s Unpacking libavahi-client3:arm64 (0.8-13ubuntu2) ... 970s Selecting previously unselected package libcrack2:arm64. 970s Preparing to unpack .../07-libcrack2_2.9.6-5.1_arm64.deb ... 970s Unpacking libcrack2:arm64 (2.9.6-5.1) ... 970s Selecting previously unselected package libtalloc2:arm64. 970s Preparing to unpack .../08-libtalloc2_2.4.2-1_arm64.deb ... 970s Unpacking libtalloc2:arm64 (2.4.2-1) ... 970s Selecting previously unselected package libtdb1:arm64. 970s Preparing to unpack .../09-libtdb1_1.4.10-1_arm64.deb ... 970s Unpacking libtdb1:arm64 (1.4.10-1) ... 970s Selecting previously unselected package libtevent0:arm64. 970s Preparing to unpack .../10-libtevent0_0.16.1-1_arm64.deb ... 970s Unpacking libtevent0:arm64 (0.16.1-1) ... 971s Selecting previously unselected package libldb2:arm64. 971s Preparing to unpack .../11-libldb2_2%3a2.8.0+samba4.19.5+dfsg-1ubuntu1_arm64.deb ... 971s Unpacking libldb2:arm64 (2:2.8.0+samba4.19.5+dfsg-1ubuntu1) ... 971s Selecting previously unselected package libnfsidmap1:arm64. 971s Preparing to unpack .../12-libnfsidmap1_1%3a2.6.3-3ubuntu1_arm64.deb ... 971s Unpacking libnfsidmap1:arm64 (1:2.6.3-3ubuntu1) ... 971s Selecting previously unselected package libpwquality-common. 971s Preparing to unpack .../13-libpwquality-common_1.4.5-3_all.deb ... 971s Unpacking libpwquality-common (1.4.5-3) ... 971s Selecting previously unselected package libpwquality1:arm64. 971s Preparing to unpack .../14-libpwquality1_1.4.5-3_arm64.deb ... 971s Unpacking libpwquality1:arm64 (1.4.5-3) ... 971s Selecting previously unselected package libpam-pwquality:arm64. 971s Preparing to unpack .../15-libpam-pwquality_1.4.5-3_arm64.deb ... 971s Unpacking libpam-pwquality:arm64 (1.4.5-3) ... 971s Selecting previously unselected package libwbclient0:arm64. 971s Preparing to unpack .../16-libwbclient0_2%3a4.19.5+dfsg-1ubuntu1_arm64.deb ... 971s Unpacking libwbclient0:arm64 (2:4.19.5+dfsg-1ubuntu1) ... 971s Selecting previously unselected package samba-libs:arm64. 971s Preparing to unpack .../17-samba-libs_2%3a4.19.5+dfsg-1ubuntu1_arm64.deb ... 971s Unpacking samba-libs:arm64 (2:4.19.5+dfsg-1ubuntu1) ... 972s Selecting previously unselected package softhsm2-common. 972s Preparing to unpack .../18-softhsm2-common_2.6.1-2.2_arm64.deb ... 972s Unpacking softhsm2-common (2.6.1-2.2) ... 973s Selecting previously unselected package libsofthsm2. 973s Preparing to unpack .../19-libsofthsm2_2.6.1-2.2_arm64.deb ... 973s Unpacking libsofthsm2 (2.6.1-2.2) ... 973s Selecting previously unselected package softhsm2. 973s Preparing to unpack .../20-softhsm2_2.6.1-2.2_arm64.deb ... 973s Unpacking softhsm2 (2.6.1-2.2) ... 973s Selecting previously unselected package python3-sss. 973s Preparing to unpack .../21-python3-sss_2.9.4-1ubuntu1_arm64.deb ... 973s Unpacking python3-sss (2.9.4-1ubuntu1) ... 973s Selecting previously unselected package libsss-idmap0. 973s Preparing to unpack .../22-libsss-idmap0_2.9.4-1ubuntu1_arm64.deb ... 973s Unpacking libsss-idmap0 (2.9.4-1ubuntu1) ... 973s Selecting previously unselected package libnss-sss:arm64. 973s Preparing to unpack .../23-libnss-sss_2.9.4-1ubuntu1_arm64.deb ... 973s Unpacking libnss-sss:arm64 (2.9.4-1ubuntu1) ... 973s Selecting previously unselected package libpam-sss:arm64. 973s Preparing to unpack .../24-libpam-sss_2.9.4-1ubuntu1_arm64.deb ... 973s Unpacking libpam-sss:arm64 (2.9.4-1ubuntu1) ... 973s Selecting previously unselected package libc-ares2:arm64. 973s Preparing to unpack .../25-libc-ares2_1.27.0-1_arm64.deb ... 973s Unpacking libc-ares2:arm64 (1.27.0-1) ... 973s Selecting previously unselected package libdhash1:arm64. 973s Preparing to unpack .../26-libdhash1_0.6.2-2_arm64.deb ... 973s Unpacking libdhash1:arm64 (0.6.2-2) ... 973s Selecting previously unselected package libbasicobjects0:arm64. 973s Preparing to unpack .../27-libbasicobjects0_0.6.2-2_arm64.deb ... 973s Unpacking libbasicobjects0:arm64 (0.6.2-2) ... 974s Selecting previously unselected package libcollection4:arm64. 974s Preparing to unpack .../28-libcollection4_0.6.2-2_arm64.deb ... 974s Unpacking libcollection4:arm64 (0.6.2-2) ... 974s Selecting previously unselected package libpath-utils1:arm64. 974s Preparing to unpack .../29-libpath-utils1_0.6.2-2_arm64.deb ... 974s Unpacking libpath-utils1:arm64 (0.6.2-2) ... 974s Selecting previously unselected package libref-array1:arm64. 974s Preparing to unpack .../30-libref-array1_0.6.2-2_arm64.deb ... 974s Unpacking libref-array1:arm64 (0.6.2-2) ... 974s Selecting previously unselected package libini-config5:arm64. 974s Preparing to unpack .../31-libini-config5_0.6.2-2_arm64.deb ... 974s Unpacking libini-config5:arm64 (0.6.2-2) ... 974s Selecting previously unselected package libsss-certmap0. 974s Preparing to unpack .../32-libsss-certmap0_2.9.4-1ubuntu1_arm64.deb ... 974s Unpacking libsss-certmap0 (2.9.4-1ubuntu1) ... 974s Selecting previously unselected package libsss-nss-idmap0. 974s Preparing to unpack .../33-libsss-nss-idmap0_2.9.4-1ubuntu1_arm64.deb ... 974s Unpacking libsss-nss-idmap0 (2.9.4-1ubuntu1) ... 974s Selecting previously unselected package sssd-common. 974s Preparing to unpack .../34-sssd-common_2.9.4-1ubuntu1_arm64.deb ... 974s Unpacking sssd-common (2.9.4-1ubuntu1) ... 974s Selecting previously unselected package sssd-ad-common. 975s Preparing to unpack .../35-sssd-ad-common_2.9.4-1ubuntu1_arm64.deb ... 975s Unpacking sssd-ad-common (2.9.4-1ubuntu1) ... 975s Selecting previously unselected package sssd-krb5-common. 975s Preparing to unpack .../36-sssd-krb5-common_2.9.4-1ubuntu1_arm64.deb ... 975s Unpacking sssd-krb5-common (2.9.4-1ubuntu1) ... 975s Selecting previously unselected package libsmbclient:arm64. 975s Preparing to unpack .../37-libsmbclient_2%3a4.19.5+dfsg-1ubuntu1_arm64.deb ... 975s Unpacking libsmbclient:arm64 (2:4.19.5+dfsg-1ubuntu1) ... 975s Selecting previously unselected package sssd-ad. 975s Preparing to unpack .../38-sssd-ad_2.9.4-1ubuntu1_arm64.deb ... 975s Unpacking sssd-ad (2.9.4-1ubuntu1) ... 975s Selecting previously unselected package libipa-hbac0. 975s Preparing to unpack .../39-libipa-hbac0_2.9.4-1ubuntu1_arm64.deb ... 975s Unpacking libipa-hbac0 (2.9.4-1ubuntu1) ... 975s Selecting previously unselected package sssd-ipa. 975s Preparing to unpack .../40-sssd-ipa_2.9.4-1ubuntu1_arm64.deb ... 975s Unpacking sssd-ipa (2.9.4-1ubuntu1) ... 975s Selecting previously unselected package sssd-krb5. 975s Preparing to unpack .../41-sssd-krb5_2.9.4-1ubuntu1_arm64.deb ... 975s Unpacking sssd-krb5 (2.9.4-1ubuntu1) ... 975s Selecting previously unselected package sssd-ldap. 975s Preparing to unpack .../42-sssd-ldap_2.9.4-1ubuntu1_arm64.deb ... 975s Unpacking sssd-ldap (2.9.4-1ubuntu1) ... 975s Selecting previously unselected package sssd-proxy. 975s Preparing to unpack .../43-sssd-proxy_2.9.4-1ubuntu1_arm64.deb ... 975s Unpacking sssd-proxy (2.9.4-1ubuntu1) ... 975s Selecting previously unselected package sssd. 975s Preparing to unpack .../44-sssd_2.9.4-1ubuntu1_arm64.deb ... 975s Unpacking sssd (2.9.4-1ubuntu1) ... 976s Selecting previously unselected package autopkgtest-satdep. 976s Preparing to unpack .../45-3-autopkgtest-satdep.deb ... 976s Unpacking autopkgtest-satdep (0) ... 976s Setting up libpwquality-common (1.4.5-3) ... 976s Setting up libpath-utils1:arm64 (0.6.2-2) ... 976s Setting up softhsm2-common (2.6.1-2.2) ... 977s 977s Creating config file /etc/softhsm/softhsm2.conf with new version 977s Setting up libnfsidmap1:arm64 (1:2.6.3-3ubuntu1) ... 977s Setting up libsss-idmap0 (2.9.4-1ubuntu1) ... 977s Setting up libbasicobjects0:arm64 (0.6.2-2) ... 977s Setting up libtdb1:arm64 (1.4.10-1) ... 977s Setting up libc-ares2:arm64 (1.27.0-1) ... 977s Setting up libwbclient0:arm64 (2:4.19.5+dfsg-1ubuntu1) ... 977s Setting up libtalloc2:arm64 (2.4.2-1) ... 977s Setting up libdhash1:arm64 (0.6.2-2) ... 977s Setting up libtevent0:arm64 (0.16.1-1) ... 977s Setting up libavahi-common-data:arm64 (0.8-13ubuntu2) ... 977s Setting up libevent-2.1-7:arm64 (2.1.12-stable-9) ... 977s Setting up libcrack2:arm64 (2.9.6-5.1) ... 977s Setting up libcollection4:arm64 (0.6.2-2) ... 977s Setting up libipa-hbac0 (2.9.4-1ubuntu1) ... 977s Setting up libref-array1:arm64 (0.6.2-2) ... 977s Setting up libldb2:arm64 (2:2.8.0+samba4.19.5+dfsg-1ubuntu1) ... 977s Setting up libsss-nss-idmap0 (2.9.4-1ubuntu1) ... 977s Setting up libnss-sss:arm64 (2.9.4-1ubuntu1) ... 977s Setting up libsofthsm2 (2.6.1-2.2) ... 977s Setting up softhsm2 (2.6.1-2.2) ... 977s Setting up libini-config5:arm64 (0.6.2-2) ... 977s Setting up libavahi-common3:arm64 (0.8-13ubuntu2) ... 977s Setting up python3-sss (2.9.4-1ubuntu1) ... 978s Setting up libsss-certmap0 (2.9.4-1ubuntu1) ... 978s Setting up libunbound8:arm64 (1.19.1-1ubuntu1) ... 978s Setting up libpwquality1:arm64 (1.4.5-3) ... 978s Setting up libavahi-client3:arm64 (0.8-13ubuntu2) ... 978s Setting up libgnutls-dane0:arm64 (3.8.3-1ubuntu1) ... 978s Setting up libpam-pwquality:arm64 (1.4.5-3) ... 978s Setting up samba-libs:arm64 (2:4.19.5+dfsg-1ubuntu1) ... 978s Setting up libsmbclient:arm64 (2:4.19.5+dfsg-1ubuntu1) ... 978s Setting up libpam-sss:arm64 (2.9.4-1ubuntu1) ... 979s Setting up gnutls-bin (3.8.3-1ubuntu1) ... 979s Setting up sssd-common (2.9.4-1ubuntu1) ... 979s Creating SSSD system user & group... 979s warn: The home directory `/var/lib/sss' already exists. Not touching this directory. 979s warn: Warning: The home directory `/var/lib/sss' does not belong to the user you are currently creating. 979s Warning: found usr.sbin.sssd in /etc/apparmor.d/force-complain, forcing complain mode 980s Warning from /etc/apparmor.d/usr.sbin.sssd (/etc/apparmor.d/usr.sbin.sssd line 63): Caching disabled for: 'usr.sbin.sssd' due to force complain 981s Created symlink /etc/systemd/system/sssd.service.wants/sssd-autofs.socket → /usr/lib/systemd/system/sssd-autofs.socket. 983s Created symlink /etc/systemd/system/sssd.service.wants/sssd-nss.socket → /usr/lib/systemd/system/sssd-nss.socket. 984s Created symlink /etc/systemd/system/sssd.service.wants/sssd-pam-priv.socket → /usr/lib/systemd/system/sssd-pam-priv.socket. 984s Created symlink /etc/systemd/system/sssd.service.wants/sssd-pam.socket → /usr/lib/systemd/system/sssd-pam.socket. 985s Created symlink /etc/systemd/system/sssd.service.wants/sssd-ssh.socket → /usr/lib/systemd/system/sssd-ssh.socket. 986s Created symlink /etc/systemd/system/sssd.service.wants/sssd-sudo.socket → /usr/lib/systemd/system/sssd-sudo.socket. 988s Created symlink /etc/systemd/system/multi-user.target.wants/sssd.service → /usr/lib/systemd/system/sssd.service. 989s sssd-autofs.service is a disabled or a static unit, not starting it. 989s sssd-nss.service is a disabled or a static unit, not starting it. 989s sssd-pam.service is a disabled or a static unit, not starting it. 989s sssd-ssh.service is a disabled or a static unit, not starting it. 990s sssd-sudo.service is a disabled or a static unit, not starting it. 990s Could not execute systemctl: at /usr/bin/deb-systemd-invoke line 148. 990s Setting up sssd-proxy (2.9.4-1ubuntu1) ... 990s Setting up sssd-ad-common (2.9.4-1ubuntu1) ... 991s Created symlink /etc/systemd/system/sssd.service.wants/sssd-pac.socket → /usr/lib/systemd/system/sssd-pac.socket. 993s sssd-pac.service is a disabled or a static unit, not starting it. 993s Could not execute systemctl: at /usr/bin/deb-systemd-invoke line 148. 993s Setting up sssd-krb5-common (2.9.4-1ubuntu1) ... 993s Setting up sssd-krb5 (2.9.4-1ubuntu1) ... 993s Setting up sssd-ldap (2.9.4-1ubuntu1) ... 993s Setting up sssd-ad (2.9.4-1ubuntu1) ... 993s Setting up sssd-ipa (2.9.4-1ubuntu1) ... 993s Setting up sssd (2.9.4-1ubuntu1) ... 993s Setting up autopkgtest-satdep (0) ... 993s Processing triggers for man-db (2.12.0-3) ... 995s Processing triggers for libc-bin (2.39-0ubuntu6) ... 1007s (Reading database ... 76057 files and directories currently installed.) 1007s Removing autopkgtest-satdep (0) ... 1018s autopkgtest [11:11:16]: test sssd-softhism2-certificates-tests.sh: [----------------------- 1018s + '[' -z ubuntu ']' 1018s + required_tools=(p11tool openssl softhsm2-util) 1018s + for cmd in "${required_tools[@]}" 1018s + command -v p11tool 1018s + for cmd in "${required_tools[@]}" 1018s + command -v openssl 1018s + for cmd in "${required_tools[@]}" 1018s + command -v softhsm2-util 1018s + PIN=053350 1018s +++ find /usr/lib/softhsm/libsofthsm2.so 1018s +++ head -n 1 1018s ++ realpath /usr/lib/softhsm/libsofthsm2.so 1018s + SOFTHSM2_MODULE=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so 1018s + SSSD_P11_CHILD=/usr/libexec/sssd/p11_child 1018s + TOKEN_ID=00112233445566778899FFAABBCCDDEEFF012345 1018s + '[' '!' -v NO_SSSD_TESTS ']' 1018s + '[' '!' -x /usr/libexec/sssd/p11_child ']' 1018s + ca_db_arg=ca_db 1018s ++ /usr/libexec/sssd/p11_child --help 1019s + p11_child_help='Usage: p11_child [OPTION...] 1019s -d, --debug-level=INT Debug level 1019s --debug-timestamps=INT Add debug timestamps 1019s --debug-microseconds=INT Show timestamps with microseconds 1019s --dumpable=INT Allow core dumps 1019s --debug-fd=INT An open file descriptor for the debug 1019s logs 1019s --logger=stderr|files|journald Set logger 1019s --auth Run in auth mode 1019s --pre Run in pre-auth mode 1019s --wait_for_card Wait until card is available 1019s --verification Run in verification mode 1019s --pin Expect PIN on stdin 1019s --keypad Expect PIN on keypad 1019s --verify=STRING Tune validation 1019s --ca_db=STRING CA DB to use 1019s --module_name=STRING Module name for authentication 1019s --token_name=STRING Token name for authentication 1019s --key_id=STRING Key ID for authentication 1019s --label=STRING Label for authentication 1019s --certificate=STRING certificate to verify, base64 encoded 1019s --uri=STRING PKCS#11 URI to restrict selection 1019s --chain-id=LONG Tevent chain ID used for logging 1019s purposes 1019s 1019s Help options: 1019s -?, --help Show this help message 1019s --usage Display brief usage message' 1019s + echo 'Usage: p11_child [OPTION...] 1019s -d, --debug-level=INT Debug level 1019s + grep nssdb -qs 1019s --debug-timestamps=INT Add debug timestamps 1019s --debug-microseconds=INT Show timestamps with microseconds 1019s --dumpable=INT Allow core dumps 1019s --debug-fd=INT An open file descriptor for the debug 1019s logs 1019s --logger=stderr|files|journald Set logger 1019s --auth Run in auth mode 1019s --pre Run in pre-auth mode 1019s --wait_for_card Wait until card is available 1019s --verification Run in verification mode 1019s --pin Expect PIN on stdin 1019s --keypad Expect PIN on keypad 1019s --verify=STRING Tune validation 1019s --ca_db=STRING CA DB to use 1019s --module_name=STRING Module name for authentication 1019s --token_name=STRING Token name for authentication 1019s --key_id=STRING Key ID for authentication 1019s --label=STRING Label for authentication 1019s --certificate=STRING certificate to verify, base64 encoded 1019s --uri=STRING PKCS#11 URI to restrict selection 1019s --chain-id=LONG Tevent chain ID used for logging 1019s purposes 1019s 1019s Help options: 1019s -?, --help Show this help message 1019s --usage Display brief usage message' 1019s + echo 'Usage: p11_child [OPTION...] 1019s -d, --debug-level=INT Debug level 1019s + grep -qs -- --ca_db 1019s --debug-timestamps=INT Add debug timestamps 1019s --debug-microseconds=INT Show timestamps with microseconds 1019s --dumpable=INT Allow core dumps 1019s --debug-fd=INT An open file descriptor for the debug 1019s logs 1019s --logger=stderr|files|journald Set logger 1019s --auth Run in auth mode 1019s --pre Run in pre-auth mode 1019s --wait_for_card Wait until card is available 1019s --verification Run in verification mode 1019s --pin Expect PIN on stdin 1019s --keypad Expect PIN on keypad 1019s --verify=STRING Tune validation 1019s --ca_db=STRING CA DB to use 1019s --module_name=STRING Module name for authentication 1019s --token_name=STRING Token name for authentication 1019s --key_id=STRING Key ID for authentication 1019s --label=STRING Label for authentication 1019s --certificate=STRING certificate to verify, base64 encoded 1019s --uri=STRING PKCS#11 URI to restrict selection 1019s --chain-id=LONG Tevent chain ID used for logging 1019s purposes 1019s 1019s Help options: 1019s -?, --help Show this help message 1019s --usage Display brief usage message' 1019s + '[' '!' -e /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so ']' 1019s ++ mktemp -d -t sssd-softhsm2-XXXXXX 1019s + tmpdir=/tmp/sssd-softhsm2-UXiNoj 1019s + keys_size=1024 1019s + [[ ! -v KEEP_TEMPORARY_FILES ]] 1019s + trap 'rm -rf "$tmpdir"' EXIT 1019s + trap 'set +x; echo -e "\nUnexpected failure!!!"' ERR 1019s + echo -n 01 1019s + touch /tmp/sssd-softhsm2-UXiNoj/index.txt 1019s + mkdir -p /tmp/sssd-softhsm2-UXiNoj/new_certs 1019s + cat 1019s + root_ca_key_pass=pass:random-root-CA-password-27504 1019s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-UXiNoj/test-root-CA-key.pem -passout pass:random-root-CA-password-27504 1024 1019s + openssl req -passin pass:random-root-CA-password-27504 -batch -config /tmp/sssd-softhsm2-UXiNoj/test-root-CA.config -x509 -new -nodes -key /tmp/sssd-softhsm2-UXiNoj/test-root-CA-key.pem -sha256 -days 1024 -set_serial 0 -extensions v3_ca -out /tmp/sssd-softhsm2-UXiNoj/test-root-CA.pem 1019s + openssl x509 -noout -in /tmp/sssd-softhsm2-UXiNoj/test-root-CA.pem 1019s + cat 1019s + intermediate_ca_key_pass=pass:random-intermediate-CA-password-848 1019s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-UXiNoj/test-intermediate-CA-key.pem -passout pass:random-intermediate-CA-password-848 1024 1019s + openssl req -batch -new -nodes -passin pass:random-intermediate-CA-password-848 -config /tmp/sssd-softhsm2-UXiNoj/test-intermediate-CA.config -key /tmp/sssd-softhsm2-UXiNoj/test-intermediate-CA-key.pem -passout pass:random-root-CA-password-27504 -sha256 -extensions v3_ca -out /tmp/sssd-softhsm2-UXiNoj/test-intermediate-CA-certificate-request.pem 1019s + openssl req -text -noout -in /tmp/sssd-softhsm2-UXiNoj/test-intermediate-CA-certificate-request.pem 1019s Certificate Request: 1019s Data: 1019s Version: 1 (0x0) 1019s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 1019s Subject Public Key Info: 1019s Public Key Algorithm: rsaEncryption 1019s Public-Key: (1024 bit) 1019s Modulus: 1019s 00:9d:af:15:f5:12:01:ad:03:e7:3d:37:f3:52:68: 1019s d3:e4:1b:51:47:e9:82:a5:b3:ff:97:c4:d5:e7:99: 1019s 19:40:86:25:47:79:74:16:12:f2:2c:50:fa:3c:fe: 1019s ba:8c:43:7f:ac:37:ba:14:89:e6:fb:40:5f:a7:fe: 1019s 02:b3:22:52:98:f2:e7:40:45:89:06:72:17:74:c1: 1019s 1e:7c:27:a7:78:be:f9:d1:c2:a1:c7:ed:48:da:ff: 1019s 08:ff:4a:18:2f:00:1b:d1:07:02:6c:e5:e6:60:4d: 1019s 07:da:21:18:96:85:a0:da:43:e9:e0:9d:e6:ee:a2: 1019s c6:c7:f8:d5:40:2f:36:59:a7 1019s Exponent: 65537 (0x10001) 1019s Attributes: 1019s (none) 1019s Requested Extensions: 1019s Signature Algorithm: sha256WithRSAEncryption 1019s Signature Value: 1019s 76:89:5c:5b:fc:32:63:93:4f:30:de:cf:34:24:43:29:e2:f5: 1019s 5c:e3:ed:9f:ce:ab:02:99:69:7c:70:ce:3f:82:05:7d:25:d9: 1019s 5f:1b:7c:30:5a:37:f4:1c:c6:98:4c:05:c3:cd:bd:ff:88:d1: 1019s a9:7c:08:6c:71:7f:c5:ff:6d:78:d0:03:ed:35:b4:d1:3c:68: 1019s d4:3a:60:dd:4b:27:46:17:99:bd:25:1c:56:36:e2:26:0a:d3: 1019s f2:8a:e3:09:72:ac:96:60:38:36:d1:3c:fe:a4:22:0b:36:14: 1019s a4:b9:75:58:67:68:1c:90:d3:47:7c:59:5a:15:44:f4:95:cb: 1019s 35:b9 1019s + openssl ca -batch -notext -config /tmp/sssd-softhsm2-UXiNoj/test-root-CA.config -passin pass:random-root-CA-password-27504 -keyfile /tmp/sssd-softhsm2-UXiNoj/test-root-CA-key.pem -in /tmp/sssd-softhsm2-UXiNoj/test-intermediate-CA-certificate-request.pem -days 365 -extensions v3_intermediate_ca -out /tmp/sssd-softhsm2-UXiNoj/test-intermediate-CA.pem 1019s Using configuration from /tmp/sssd-softhsm2-UXiNoj/test-root-CA.config 1019s Check that the request matches the signature 1019s Signature ok 1019s Certificate Details: 1019s Serial Number: 1 (0x1) 1019s Validity 1019s Not Before: Mar 25 11:11:17 2024 GMT 1019s Not After : Mar 25 11:11:17 2025 GMT 1019s Subject: 1019s organizationName = Test Organization 1019s organizationalUnitName = Test Organization Unit 1019s commonName = Test Organization Intermediate CA 1019s X509v3 extensions: 1019s X509v3 Subject Key Identifier: 1019s 64:AB:44:62:B1:FD:EB:4C:F8:FE:F1:B0:B8:59:56:F4:96:30:51:AE 1019s X509v3 Authority Key Identifier: 1019s keyid:33:AA:10:E2:C5:B5:87:6F:39:1C:1B:BC:F7:F5:C0:F9:26:3A:68:26 1019s DirName:/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root CA 1019s serial:00 1019s X509v3 Basic Constraints: 1019s CA:TRUE 1019s X509v3 Key Usage: critical 1019s Digital Signature, Certificate Sign, CRL Sign 1019s Certificate is to be certified until Mar 25 11:11:17 2025 GMT (365 days) 1019s 1019s Write out database with 1 new entries 1019s Database updated 1019s + openssl x509 -noout -in /tmp/sssd-softhsm2-UXiNoj/test-intermediate-CA.pem 1019s + openssl verify -CAfile /tmp/sssd-softhsm2-UXiNoj/test-root-CA.pem /tmp/sssd-softhsm2-UXiNoj/test-intermediate-CA.pem 1019s /tmp/sssd-softhsm2-UXiNoj/test-intermediate-CA.pem: OK 1019s + cat 1019s + sub_intermediate_ca_key_pass=pass:random-sub-intermediate-CA-password-15096 1019s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-UXiNoj/test-sub-intermediate-CA-key.pem -passout pass:random-sub-intermediate-CA-password-15096 1024 1019s + openssl req -batch -new -nodes -passin pass:random-sub-intermediate-CA-password-15096 -config /tmp/sssd-softhsm2-UXiNoj/test-sub-intermediate-CA.config -key /tmp/sssd-softhsm2-UXiNoj/test-sub-intermediate-CA-key.pem -passout pass:random-intermediate-CA-password-848 -sha256 -extensions v3_ca -out /tmp/sssd-softhsm2-UXiNoj/test-sub-intermediate-CA-certificate-request.pem 1019s + openssl req -text -noout -in /tmp/sssd-softhsm2-UXiNoj/test-sub-intermediate-CA-certificate-request.pem 1019s Certificate Request: 1019s Data: 1019s Version: 1 (0x0) 1019s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 1019s Subject Public Key Info: 1019s Public Key Algorithm: rsaEncryption 1019s Public-Key: (1024 bit) 1019s Modulus: 1019s 00:ee:8e:c6:5b:64:78:df:c1:23:cf:f7:4f:a5:12: 1019s 00:23:bf:13:ce:7b:78:04:9d:f2:14:0e:42:ba:c8: 1019s 5d:41:6a:47:27:b2:a3:f2:c7:1b:9c:79:ae:00:fd: 1019s 1e:78:2e:83:09:f4:28:31:9f:eb:6f:31:4b:05:82: 1019s 60:52:f3:ef:ec:d4:1b:cc:05:dd:dc:4f:88:63:95: 1019s 7d:42:05:3c:af:30:60:be:06:1e:4f:0a:26:b6:fc: 1019s ef:e9:54:48:3c:9a:bc:0d:99:38:1f:66:e0:5e:fe: 1019s 8f:83:33:ec:33:19:ae:c2:09:7e:45:38:c6:12:38: 1019s 7d:0b:4f:5f:fd:1c:92:15:d5 1019s Exponent: 65537 (0x10001) 1019s Attributes: 1019s (none) 1019s Requested Extensions: 1019s Signature Algorithm: sha256WithRSAEncryption 1019s Signature Value: 1019s 92:b9:96:7f:90:7d:47:bc:1c:c7:3e:6e:1f:82:de:90:5c:1f: 1019s b3:9e:c6:21:2c:5b:73:69:25:e2:ea:d7:93:86:f2:51:06:ef: 1019s c5:b7:ca:10:4b:76:45:3f:79:14:7a:7c:88:54:39:15:f0:3b: 1019s 0e:71:b1:5b:95:7b:22:27:88:20:2c:9a:99:5d:b5:09:87:33: 1019s 8f:f8:f7:2a:8a:6b:7b:c3:3f:f9:13:1a:bb:ab:42:cf:71:4f: 1019s 0a:a3:00:02:f2:6c:f5:46:41:db:e9:16:46:0d:4d:f4:91:b2: 1019s cc:d5:59:40:11:0b:6f:55:d3:51:e7:57:2e:6e:0f:c9:ab:34: 1019s 9b:6e 1019s + openssl ca -batch -notext -config /tmp/sssd-softhsm2-UXiNoj/test-intermediate-CA.config -passin pass:random-intermediate-CA-password-848 -keyfile /tmp/sssd-softhsm2-UXiNoj/test-intermediate-CA-key.pem -in /tmp/sssd-softhsm2-UXiNoj/test-sub-intermediate-CA-certificate-request.pem -days 365 -extensions v3_intermediate_ca -out /tmp/sssd-softhsm2-UXiNoj/test-sub-intermediate-CA.pem 1019s Using configuration from /tmp/sssd-softhsm2-UXiNoj/test-intermediate-CA.config 1019s Check that the request matches the signature 1019s Signature ok 1019s Certificate Details: 1019s Serial Number: 2 (0x2) 1019s Validity 1019s Not Before: Mar 25 11:11:17 2024 GMT 1019s Not After : Mar 25 11:11:17 2025 GMT 1019s Subject: 1019s organizationName = Test Organization 1019s organizationalUnitName = Test Organization Unit 1019s commonName = Test Organization Sub Intermediate CA 1019s X509v3 extensions: 1019s X509v3 Subject Key Identifier: 1019s 08:59:61:49:49:6E:CF:2D:2F:AC:C1:58:1E:07:81:2B:62:F8:FB:F3 1019s X509v3 Authority Key Identifier: 1019s keyid:64:AB:44:62:B1:FD:EB:4C:F8:FE:F1:B0:B8:59:56:F4:96:30:51:AE 1019s DirName:/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root CA 1019s serial:01 1019s X509v3 Basic Constraints: 1019s CA:TRUE 1019s X509v3 Key Usage: critical 1019s Digital Signature, Certificate Sign, CRL Sign 1019s Certificate is to be certified until Mar 25 11:11:17 2025 GMT (365 days) 1019s 1019s Write out database with 1 new entries 1019s Database updated 1019s + openssl x509 -noout -in /tmp/sssd-softhsm2-UXiNoj/test-sub-intermediate-CA.pem 1019s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-UXiNoj/test-intermediate-CA.pem /tmp/sssd-softhsm2-UXiNoj/test-sub-intermediate-CA.pem 1019s /tmp/sssd-softhsm2-UXiNoj/test-sub-intermediate-CA.pem: OK 1019s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-UXiNoj/test-root-CA.pem /tmp/sssd-softhsm2-UXiNoj/test-sub-intermediate-CA.pem 1019s + local cmd=openssl 1019s + shift 1019s + openssl verify -CAfile /tmp/sssd-softhsm2-UXiNoj/test-root-CA.pem /tmp/sssd-softhsm2-UXiNoj/test-sub-intermediate-CA.pem 1019s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 1019s error 20 at 0 depth lookup: unable to get local issuer certificate 1019s error /tmp/sssd-softhsm2-UXiNoj/test-sub-intermediate-CA.pem: verification failed 1019s + cat 1019s + root_ca_trusted_cert_0001_key_pass=pass:random-root-ca-trusted-cert-0001-21963 1019s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-UXiNoj/test-root-CA-trusted-certificate-0001-key.pem -passout pass:random-root-ca-trusted-cert-0001-21963 1024 1019s + openssl req -new -nodes -reqexts req_exts -passin pass:random-root-ca-trusted-cert-0001-21963 -key /tmp/sssd-softhsm2-UXiNoj/test-root-CA-trusted-certificate-0001-key.pem -config /tmp/sssd-softhsm2-UXiNoj/test-root-CA-trusted-certificate-0001.config -out /tmp/sssd-softhsm2-UXiNoj/test-root-CA-trusted-certificate-0001-request.pem 1019s + openssl req -text -noout -in /tmp/sssd-softhsm2-UXiNoj/test-root-CA-trusted-certificate-0001-request.pem 1019s Certificate Request: 1019s Data: 1019s Version: 1 (0x0) 1019s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 1019s Subject Public Key Info: 1019s Public Key Algorithm: rsaEncryption 1019s Public-Key: (1024 bit) 1019s Modulus: 1019s 00:b7:32:33:f1:d9:fa:0a:a9:6f:e8:90:7f:37:02: 1019s 8c:3d:52:f8:d9:05:de:6c:97:89:64:d7:bb:32:ea: 1019s c8:a2:4d:76:6a:4a:ee:69:7e:d9:e2:81:bc:41:4b: 1019s 20:c5:d9:87:90:9b:60:ea:47:cd:d3:aa:77:2a:dd: 1019s 87:f9:d3:57:49:bd:44:3d:05:f3:c2:0a:19:df:b9: 1019s b4:f7:e9:42:a6:c6:eb:14:4b:c2:cb:1e:51:ad:ca: 1019s 6f:54:13:12:b3:de:e4:f9:96:7a:84:9a:2d:c9:67: 1019s 56:d8:0f:f9:30:7b:05:3e:90:55:42:e1:09:37:82: 1019s e5:0f:1e:67:72:aa:0a:b5:33 1019s Exponent: 65537 (0x10001) 1019s Attributes: 1019s Requested Extensions: 1019s X509v3 Basic Constraints: 1019s CA:FALSE 1019s Netscape Cert Type: 1019s SSL Client, S/MIME 1019s Netscape Comment: 1019s Test Organization Root CA trusted Certificate 1019s X509v3 Subject Key Identifier: 1019s 43:83:0E:6C:08:CF:8D:AE:3E:D2:F5:66:35:7E:CC:E2:91:F7:84:79 1019s X509v3 Key Usage: critical 1019s Digital Signature, Non Repudiation, Key Encipherment 1019s X509v3 Extended Key Usage: 1019s TLS Web Client Authentication, E-mail Protection 1019s X509v3 Subject Alternative Name: 1019s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 1019s Signature Algorithm: sha256WithRSAEncryption 1019s Signature Value: 1019s 67:49:2e:b1:fc:6a:0c:bc:1c:1e:b2:30:cb:3c:24:85:7e:48: 1019s 6f:4f:3d:ac:8a:8b:33:ee:70:71:0e:ea:46:e4:b6:c7:64:34: 1019s 90:5c:44:e0:55:7a:a4:e8:e1:9c:75:dd:7b:21:10:ee:aa:13: 1019s 88:51:d4:9e:06:7a:04:05:db:1c:9e:be:0a:02:e9:88:1b:c1: 1019s 78:d4:5a:46:30:0e:f5:06:e4:fc:29:c3:14:78:fa:af:35:dc: 1019s 7b:8b:7a:38:90:b5:46:9a:de:93:ad:13:4b:71:8d:37:f0:ea: 1019s c1:f4:65:7d:23:c8:bc:39:23:a3:5f:16:6a:0f:c6:c7:ae:eb: 1019s 04:0a 1019s + openssl ca -batch -notext -config /tmp/sssd-softhsm2-UXiNoj/test-root-CA.config -passin pass:random-root-CA-password-27504 -keyfile /tmp/sssd-softhsm2-UXiNoj/test-root-CA-key.pem -in /tmp/sssd-softhsm2-UXiNoj/test-root-CA-trusted-certificate-0001-request.pem -days 365 -extensions usr_cert -out /tmp/sssd-softhsm2-UXiNoj/test-root-CA-trusted-certificate-0001.pem 1019s Using configuration from /tmp/sssd-softhsm2-UXiNoj/test-root-CA.config 1019s Check that the request matches the signature 1019s Signature ok 1019s Certificate Details: 1019s Serial Number: 3 (0x3) 1019s Validity 1019s Not Before: Mar 25 11:11:17 2024 GMT 1019s Not After : Mar 25 11:11:17 2025 GMT 1019s Subject: 1019s organizationName = Test Organization 1019s organizationalUnitName = Test Organization Unit 1019s commonName = Test Organization Root Trusted Certificate 0001 1019s X509v3 extensions: 1019s X509v3 Authority Key Identifier: 1019s 33:AA:10:E2:C5:B5:87:6F:39:1C:1B:BC:F7:F5:C0:F9:26:3A:68:26 1019s X509v3 Basic Constraints: 1019s CA:FALSE 1019s Netscape Cert Type: 1019s SSL Client, S/MIME 1019s Netscape Comment: 1019s Test Organization Root CA trusted Certificate 1019s X509v3 Subject Key Identifier: 1019s 43:83:0E:6C:08:CF:8D:AE:3E:D2:F5:66:35:7E:CC:E2:91:F7:84:79 1019s X509v3 Key Usage: critical 1019s Digital Signature, Non Repudiation, Key Encipherment 1019s X509v3 Extended Key Usage: 1019s TLS Web Client Authentication, E-mail Protection 1019s X509v3 Subject Alternative Name: 1019s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 1019s Certificate is to be certified until Mar 25 11:11:17 2025 GMT (365 days) 1020s 1020s Write out database with 1 new entries 1020s Database updated 1020s + openssl x509 -noout -in /tmp/sssd-softhsm2-UXiNoj/test-root-CA-trusted-certificate-0001.pem 1020s + openssl verify -CAfile /tmp/sssd-softhsm2-UXiNoj/test-root-CA.pem /tmp/sssd-softhsm2-UXiNoj/test-root-CA-trusted-certificate-0001.pem 1020s /tmp/sssd-softhsm2-UXiNoj/test-root-CA-trusted-certificate-0001.pem: OK 1020s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-UXiNoj/test-intermediate-CA.pem /tmp/sssd-softhsm2-UXiNoj/test-root-CA-trusted-certificate-0001.pem 1020s + local cmd=openssl 1020s + shift 1020s + openssl verify -CAfile /tmp/sssd-softhsm2-UXiNoj/test-intermediate-CA.pem /tmp/sssd-softhsm2-UXiNoj/test-root-CA-trusted-certificate-0001.pem 1020s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 1020s error 20 at 0 depth lookup: unable to get local issuer certificate 1020s error /tmp/sssd-softhsm2-UXiNoj/test-root-CA-trusted-certificate-0001.pem: verification failed 1020s + cat 1020s + intermediate_ca_trusted_cert_0001_key_pass=pass:random-intermediate-ca-trusted-cert-0001-8515 1020s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-UXiNoj/test-intermediate-CA-trusted-certificate-0001-key.pem -passout pass:random-intermediate-ca-trusted-cert-0001-8515 1024 1020s + openssl req -new -nodes -reqexts req_exts -passin pass:random-intermediate-ca-trusted-cert-0001-8515 -key /tmp/sssd-softhsm2-UXiNoj/test-intermediate-CA-trusted-certificate-0001-key.pem -config /tmp/sssd-softhsm2-UXiNoj/test-intermediate-CA-trusted-certificate-0001.config -out /tmp/sssd-softhsm2-UXiNoj/test-intermediate-CA-trusted-certificate-0001-request.pem 1020s + openssl req -text -noout -in /tmp/sssd-softhsm2-UXiNoj/test-intermediate-CA-trusted-certificate-0001-request.pem 1020s Certificate Request: 1020s Data: 1020s Version: 1 (0x0) 1020s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 1020s Subject Public Key Info: 1020s Public Key Algorithm: rsaEncryption 1020s Public-Key: (1024 bit) 1020s Modulus: 1020s 00:d2:6d:e5:6f:a2:5c:0f:26:cf:5f:15:b3:3e:0a: 1020s 9a:5b:83:20:3a:d5:e1:aa:d0:90:34:f0:10:b9:b0: 1020s c8:0a:8f:47:32:f1:3d:db:42:bb:b1:f3:14:b1:19: 1020s 3a:b8:83:8f:16:5c:cf:28:e7:e7:94:e4:b4:06:85: 1020s 48:b9:77:c3:74:62:1f:1a:f8:81:c1:5f:8c:f6:b9: 1020s 11:f6:ca:c1:2d:84:92:f4:fa:1f:40:d2:19:25:bc: 1020s 3f:9b:ea:a1:ca:af:8b:3e:45:60:76:9a:a1:a2:0e: 1020s 84:1f:64:29:77:ab:81:8d:f3:cf:32:38:ad:67:bf: 1020s fc:57:f7:d9:6e:2c:b3:a4:cd 1020s Exponent: 65537 (0x10001) 1020s Attributes: 1020s Requested Extensions: 1020s X509v3 Basic Constraints: 1020s CA:FALSE 1020s Netscape Cert Type: 1020s SSL Client, S/MIME 1020s Netscape Comment: 1020s Test Organization Intermediate CA trusted Certificate 1020s X509v3 Subject Key Identifier: 1020s 12:C7:BF:9D:F9:A3:2E:D6:72:BA:75:12:62:BE:B5:9F:4B:60:CB:D3 1020s X509v3 Key Usage: critical 1020s Digital Signature, Non Repudiation, Key Encipherment 1020s X509v3 Extended Key Usage: 1020s TLS Web Client Authentication, E-mail Protection 1020s X509v3 Subject Alternative Name: 1020s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 1020s Signature Algorithm: sha256WithRSAEncryption 1020s Signature Value: 1020s b8:41:08:8e:a0:e6:31:91:28:99:3d:c3:fe:26:01:ed:8f:04: 1020s fc:a7:b3:3b:e8:a4:d7:46:7b:09:04:b7:e0:c5:c0:01:6a:36: 1020s d9:1c:13:7d:cd:c6:d9:16:ad:55:65:7a:53:d3:1d:2e:7d:ed: 1020s b7:2f:c8:1e:74:38:95:67:30:5d:d9:a1:6d:e5:43:44:13:41: 1020s 09:2b:b0:13:67:6e:df:a9:20:16:a3:03:7a:ef:08:ca:24:65: 1020s 12:47:76:dc:d1:0f:b4:c6:6e:da:c8:2a:15:28:c1:d5:34:6a: 1020s 3b:9c:29:e7:1e:68:ab:a7:9c:22:8e:fc:6f:43:1e:ee:22:4f: 1020s 6e:29 1020s + openssl ca -passin pass:random-intermediate-CA-password-848 -config /tmp/sssd-softhsm2-UXiNoj/test-intermediate-CA.config -batch -notext -keyfile /tmp/sssd-softhsm2-UXiNoj/test-intermediate-CA-key.pem -in /tmp/sssd-softhsm2-UXiNoj/test-intermediate-CA-trusted-certificate-0001-request.pem -days 365 -extensions usr_cert -out /tmp/sssd-softhsm2-UXiNoj/test-intermediate-CA-trusted-certificate-0001.pem 1020s Using configuration from /tmp/sssd-softhsm2-UXiNoj/test-intermediate-CA.config 1020s Check that the request matches the signature 1020s Signature ok 1020s Certificate Details: 1020s Serial Number: 4 (0x4) 1020s Validity 1020s Not Before: Mar 25 11:11:18 2024 GMT 1020s Not After : Mar 25 11:11:18 2025 GMT 1020s Subject: 1020s organizationName = Test Organization 1020s organizationalUnitName = Test Organization Unit 1020s commonName = Test Organization Intermediate Trusted Certificate 0001 1020s X509v3 extensions: 1020s X509v3 Authority Key Identifier: 1020s 64:AB:44:62:B1:FD:EB:4C:F8:FE:F1:B0:B8:59:56:F4:96:30:51:AE 1020s X509v3 Basic Constraints: 1020s CA:FALSE 1020s Netscape Cert Type: 1020s SSL Client, S/MIME 1020s Netscape Comment: 1020s Test Organization Intermediate CA trusted Certificate 1020s X509v3 Subject Key Identifier: 1020s 12:C7:BF:9D:F9:A3:2E:D6:72:BA:75:12:62:BE:B5:9F:4B:60:CB:D3 1020s X509v3 Key Usage: critical 1020s Digital Signature, Non Repudiation, Key Encipherment 1020s X509v3 Extended Key Usage: 1020s TLS Web Client Authentication, E-mail Protection 1020s X509v3 Subject Alternative Name: 1020s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 1020s Certificate is to be certified until Mar 25 11:11:18 2025 GMT (365 days) 1020s 1020s Write out database with 1 new entries 1020s Database updated 1020s + openssl x509 -noout -in /tmp/sssd-softhsm2-UXiNoj/test-intermediate-CA-trusted-certificate-0001.pem 1020s + echo 'This certificate should not be trusted fully' 1020s This certificate should not be trusted fully 1020s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-UXiNoj/test-intermediate-CA.pem /tmp/sssd-softhsm2-UXiNoj/test-intermediate-CA-trusted-certificate-0001.pem 1020s + local cmd=openssl 1020s + shift 1020s + openssl verify -CAfile /tmp/sssd-softhsm2-UXiNoj/test-intermediate-CA.pem /tmp/sssd-softhsm2-UXiNoj/test-intermediate-CA-trusted-certificate-0001.pem 1020s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 1020s error 2 at 1 depth lookup: unable to get issuer certificate 1020s error /tmp/sssd-softhsm2-UXiNoj/test-intermediate-CA-trusted-certificate-0001.pem: verification failed 1020s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-UXiNoj/test-intermediate-CA.pem /tmp/sssd-softhsm2-UXiNoj/test-intermediate-CA-trusted-certificate-0001.pem 1020s /tmp/sssd-softhsm2-UXiNoj/test-intermediate-CA-trusted-certificate-0001.pem: OK 1020s + cat 1020s + sub_intermediate_ca_trusted_cert_0001_key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-26952 1020s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-UXiNoj/test-sub-intermediate-CA-trusted-certificate-0001-key.pem -passout pass:random-sub-intermediate-ca-trusted-cert-0001-26952 1024 1020s + openssl req -new -nodes -reqexts req_exts -passin pass:random-sub-intermediate-ca-trusted-cert-0001-26952 -key /tmp/sssd-softhsm2-UXiNoj/test-sub-intermediate-CA-trusted-certificate-0001-key.pem -config /tmp/sssd-softhsm2-UXiNoj/test-sub-intermediate-CA-trusted-certificate-0001.config -out /tmp/sssd-softhsm2-UXiNoj/test-sub-intermediate-CA-trusted-certificate-0001-request.pem 1020s + openssl req -text -noout -in /tmp/sssd-softhsm2-UXiNoj/test-sub-intermediate-CA-trusted-certificate-0001-request.pem 1020s Certificate Request: 1020s Data: 1020s Version: 1 (0x0) 1020s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 1020s Subject Public Key Info: 1020s Public Key Algorithm: rsaEncryption 1020s Public-Key: (1024 bit) 1020s Modulus: 1020s 00:c9:98:cf:6e:59:b3:7f:85:04:ba:39:11:87:71: 1020s d6:b0:25:bd:4c:2d:84:fb:71:ac:71:1e:e1:ca:7b: 1020s 66:f2:dc:a3:fa:c4:9a:5a:58:59:b6:c3:20:97:ee: 1020s 47:b6:f6:3a:22:cf:0c:db:db:78:b3:27:8e:8f:86: 1020s 5b:c8:bf:e3:33:2d:74:a3:bc:f0:bb:9a:72:87:c9: 1020s 5a:9a:da:43:2f:5a:5f:fd:d6:9d:1a:fe:ed:cd:be: 1020s 7b:38:a3:29:9f:99:0b:d3:a7:fc:e4:eb:45:97:40: 1020s 4a:53:3a:6c:79:00:9d:fd:ee:85:dd:90:b4:5a:be: 1020s 7d:db:24:9a:02:e2:a9:ee:33 1020s Exponent: 65537 (0x10001) 1020s Attributes: 1020s Requested Extensions: 1020s X509v3 Basic Constraints: 1020s CA:FALSE 1020s Netscape Cert Type: 1020s SSL Client, S/MIME 1020s Netscape Comment: 1020s Test Organization Sub Intermediate CA trusted Certificate 1020s X509v3 Subject Key Identifier: 1020s D6:56:A3:93:1B:B9:2D:2C:A1:BF:C2:07:6B:DF:39:6C:B6:B9:9F:FC 1020s X509v3 Key Usage: critical 1020s Digital Signature, Non Repudiation, Key Encipherment 1020s X509v3 Extended Key Usage: 1020s TLS Web Client Authentication, E-mail Protection 1020s X509v3 Subject Alternative Name: 1020s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 1020s Signature Algorithm: sha256WithRSAEncryption 1020s Signature Value: 1020s b3:ab:48:df:be:87:49:1f:31:08:1d:d7:0d:0e:a2:0c:eb:c7: 1020s ef:f0:53:97:cf:db:5f:7b:4a:45:0e:c4:8e:ae:c6:95:eb:f6: 1020s 17:d9:9a:80:78:ef:b6:15:34:1f:14:30:50:57:a6:bc:81:c7: 1020s ac:72:da:f3:ee:a5:90:f0:01:c3:0c:fd:d2:1d:1a:6c:3f:08: 1020s 9d:34:cd:7b:38:b6:59:0d:3d:c2:b6:2d:23:dc:25:8a:0c:1c: 1020s 54:bc:79:c2:6b:67:1d:e5:2c:16:56:44:7d:2d:b2:59:c2:b0: 1020s 5c:09:6c:6f:63:99:bc:09:22:8e:79:4e:21:a3:3b:7a:b4:d6: 1020s 55:0d 1020s + openssl ca -passin pass:random-sub-intermediate-CA-password-15096 -config /tmp/sssd-softhsm2-UXiNoj/test-sub-intermediate-CA.config -batch -notext -keyfile /tmp/sssd-softhsm2-UXiNoj/test-sub-intermediate-CA-key.pem -in /tmp/sssd-softhsm2-UXiNoj/test-sub-intermediate-CA-trusted-certificate-0001-request.pem -days 365 -extensions usr_cert -out /tmp/sssd-softhsm2-UXiNoj/test-sub-intermediate-CA-trusted-certificate-0001.pem 1020s Using configuration from /tmp/sssd-softhsm2-UXiNoj/test-sub-intermediate-CA.config 1020s Check that the request matches the signature 1020s Signature ok 1020s Certificate Details: 1020s Serial Number: 5 (0x5) 1020s Validity 1020s Not Before: Mar 25 11:11:18 2024 GMT 1020s Not After : Mar 25 11:11:18 2025 GMT 1020s Subject: 1020s organizationName = Test Organization 1020s organizationalUnitName = Test Organization Unit 1020s commonName = Test Organization Sub Intermediate Trusted Certificate 0001 1020s X509v3 extensions: 1020s X509v3 Authority Key Identifier: 1020s 08:59:61:49:49:6E:CF:2D:2F:AC:C1:58:1E:07:81:2B:62:F8:FB:F3 1020s X509v3 Basic Constraints: 1020s CA:FALSE 1020s Netscape Cert Type: 1020s SSL Client, S/MIME 1020s Netscape Comment: 1020s Test Organization Sub Intermediate CA trusted Certificate 1020s X509v3 Subject Key Identifier: 1020s D6:56:A3:93:1B:B9:2D:2C:A1:BF:C2:07:6B:DF:39:6C:B6:B9:9F:FC 1020s X509v3 Key Usage: critical 1020s Digital Signature, Non Repudiation, Key Encipherment 1020s X509v3 Extended Key Usage: 1020s TLS Web Client Authentication, E-mail Protection 1020s X509v3 Subject Alternative Name: 1020s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 1020s Certificate is to be certified until Mar 25 11:11:18 2025 GMT (365 days) 1020s 1020s Write out database with 1 new entries 1020s Database updated 1020s + openssl x509 -noout -in /tmp/sssd-softhsm2-UXiNoj/test-sub-intermediate-CA-trusted-certificate-0001.pem 1020s + echo 'This certificate should not be trusted fully' 1020s This certificate should not be trusted fully 1020s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-UXiNoj/test-sub-intermediate-CA.pem /tmp/sssd-softhsm2-UXiNoj/test-sub-intermediate-CA-trusted-certificate-0001.pem 1020s + local cmd=openssl 1020s + shift 1020s + openssl verify -CAfile /tmp/sssd-softhsm2-UXiNoj/test-sub-intermediate-CA.pem /tmp/sssd-softhsm2-UXiNoj/test-sub-intermediate-CA-trusted-certificate-0001.pem 1020s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 1020s error 2 at 1 depth lookup: unable to get issuer certificate 1020s error /tmp/sssd-softhsm2-UXiNoj/test-sub-intermediate-CA-trusted-certificate-0001.pem: verification failed 1020s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-UXiNoj/test-intermediate-CA.pem /tmp/sssd-softhsm2-UXiNoj/test-sub-intermediate-CA-trusted-certificate-0001.pem 1020s + local cmd=openssl 1020s + shift 1020s + openssl verify -CAfile /tmp/sssd-softhsm2-UXiNoj/test-intermediate-CA.pem /tmp/sssd-softhsm2-UXiNoj/test-sub-intermediate-CA-trusted-certificate-0001.pem 1020s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 1020s error 20 at 0 depth lookup: unable to get local issuer certificate 1020s error /tmp/sssd-softhsm2-UXiNoj/test-sub-intermediate-CA-trusted-certificate-0001.pem: verification failed 1020s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-UXiNoj/test-sub-intermediate-CA.pem /tmp/sssd-softhsm2-UXiNoj/test-sub-intermediate-CA-trusted-certificate-0001.pem 1020s /tmp/sssd-softhsm2-UXiNoj/test-sub-intermediate-CA-trusted-certificate-0001.pem: OK 1020s + expect_fail openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-UXiNoj/test-intermediate-CA.pem /tmp/sssd-softhsm2-UXiNoj/test-sub-intermediate-CA-trusted-certificate-0001.pem 1020s + local cmd=openssl 1020s + shift 1020s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-UXiNoj/test-intermediate-CA.pem /tmp/sssd-softhsm2-UXiNoj/test-sub-intermediate-CA-trusted-certificate-0001.pem 1020s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 1020s error 20 at 0 depth lookup: unable to get local issuer certificate 1020s error /tmp/sssd-softhsm2-UXiNoj/test-sub-intermediate-CA-trusted-certificate-0001.pem: verification failed 1020s + echo 'Building a the full-chain CA file...' 1020s + cat /tmp/sssd-softhsm2-UXiNoj/test-root-CA.pem /tmp/sssd-softhsm2-UXiNoj/test-intermediate-CA.pem /tmp/sssd-softhsm2-UXiNoj/test-sub-intermediate-CA.pem 1020s Building a the full-chain CA file... 1020s + cat /tmp/sssd-softhsm2-UXiNoj/test-root-CA.pem /tmp/sssd-softhsm2-UXiNoj/test-intermediate-CA.pem 1020s + cat /tmp/sssd-softhsm2-UXiNoj/test-intermediate-CA.pem /tmp/sssd-softhsm2-UXiNoj/test-sub-intermediate-CA.pem 1020s + openssl crl2pkcs7 -nocrl -certfile /tmp/sssd-softhsm2-UXiNoj/test-full-chain-CA.pem 1020s + openssl pkcs7 -print_certs -noout 1020s subject=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 1020s issuer=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 1020s 1020s subject=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 1020s issuer=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 1020s 1020s subject=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 1020s issuer=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 1020s 1020s + openssl verify -CAfile /tmp/sssd-softhsm2-UXiNoj/test-full-chain-CA.pem /tmp/sssd-softhsm2-UXiNoj/test-intermediate-CA.pem 1020s /tmp/sssd-softhsm2-UXiNoj/test-intermediate-CA.pem: OK 1020s + openssl verify -CAfile /tmp/sssd-softhsm2-UXiNoj/test-full-chain-CA.pem /tmp/sssd-softhsm2-UXiNoj/test-root-CA-trusted-certificate-0001.pem 1020s /tmp/sssd-softhsm2-UXiNoj/test-root-CA-trusted-certificate-0001.pem: OK 1020s + openssl verify -CAfile /tmp/sssd-softhsm2-UXiNoj/test-full-chain-CA.pem /tmp/sssd-softhsm2-UXiNoj/test-intermediate-CA-trusted-certificate-0001.pem 1020s /tmp/sssd-softhsm2-UXiNoj/test-intermediate-CA-trusted-certificate-0001.pem: OK 1020s + openssl verify -CAfile /tmp/sssd-softhsm2-UXiNoj/test-full-chain-CA.pem /tmp/sssd-softhsm2-UXiNoj/test-root-intermediate-chain-CA.pem 1020s /tmp/sssd-softhsm2-UXiNoj/test-root-intermediate-chain-CA.pem: OK 1020s + openssl verify -CAfile /tmp/sssd-softhsm2-UXiNoj/test-full-chain-CA.pem /tmp/sssd-softhsm2-UXiNoj/test-sub-intermediate-CA-trusted-certificate-0001.pem 1021s /tmp/sssd-softhsm2-UXiNoj/test-sub-intermediate-CA-trusted-certificate-0001.pem: OK 1021s Certificates generation completed! 1021s + echo 'Certificates generation completed!' 1021s + [[ -v NO_SSSD_TESTS ]] 1021s + invalid_certificate /tmp/sssd-softhsm2-UXiNoj/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-21963 /dev/null 1021s + check_certificate /tmp/sssd-softhsm2-UXiNoj/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-21963 /dev/null 1021s + local certificate=/tmp/sssd-softhsm2-UXiNoj/test-root-CA-trusted-certificate-0001.pem 1021s + local key_pass=pass:random-root-ca-trusted-cert-0001-21963 1021s + local key_ring=/dev/null 1021s + local verify_option= 1021s + prepare_softhsm2_card /tmp/sssd-softhsm2-UXiNoj/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-21963 1021s + local certificate=/tmp/sssd-softhsm2-UXiNoj/test-root-CA-trusted-certificate-0001.pem 1021s + local key_pass=pass:random-root-ca-trusted-cert-0001-21963 1021s + local key_cn 1021s + local key_name 1021s + local tokens_dir 1021s + local output_cert_file 1021s + token_name= 1021s ++ basename /tmp/sssd-softhsm2-UXiNoj/test-root-CA-trusted-certificate-0001.pem .pem 1021s + key_name=test-root-CA-trusted-certificate-0001 1021s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-UXiNoj/test-root-CA-trusted-certificate-0001.pem 1021s ++ sed -n 's/ *commonName *= //p' 1021s + key_cn='Test Organization Root Trusted Certificate 0001' 1021s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 1021s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-UXiNoj/softhsm2-test-root-CA-trusted-certificate-0001.conf 1021s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-UXiNoj/softhsm2-test-root-CA-trusted-certificate-0001.conf 1021s ++ basename /tmp/sssd-softhsm2-UXiNoj/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 1021s + tokens_dir=/tmp/sssd-softhsm2-UXiNoj/softhsm2-test-root-CA-trusted-certificate-0001 1021s + token_name='Test Organization Root Tr Token' 1021s + '[' '!' -e /tmp/sssd-softhsm2-UXiNoj/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 1021s + local key_file 1021s + local decrypted_key 1021s + mkdir -p /tmp/sssd-softhsm2-UXiNoj/softhsm2-test-root-CA-trusted-certificate-0001 1021s + key_file=/tmp/sssd-softhsm2-UXiNoj/test-root-CA-trusted-certificate-0001-key.pem 1021s + decrypted_key=/tmp/sssd-softhsm2-UXiNoj/test-root-CA-trusted-certificate-0001-key-decrypted.pem 1021s + cat 1021s + softhsm2-util --init-token --label 'Test Organization Root Tr Token' --pin 053350 --so-pin 053350 --free 1021s Slot 0 has a free/uninitialized token. 1021s The token has been initialized and is reassigned to slot 219241754 1021s + softhsm2-util --show-slots 1021s Available slots: 1021s Slot 219241754 1021s Slot info: 1021s Description: SoftHSM slot ID 0xd115d1a 1021s Manufacturer ID: SoftHSM project 1021s Hardware version: 2.6 1021s Firmware version: 2.6 1021s Token present: yes 1021s Token info: 1021s Manufacturer ID: SoftHSM project 1021s Model: SoftHSM v2 1021s Hardware version: 2.6 1021s Firmware version: 2.6 1021s Serial number: 166a02228d115d1a 1021s Initialized: yes 1021s User PIN init.: yes 1021s Label: Test Organization Root Tr Token 1021s Slot 1 1021s Slot info: 1021s Description: SoftHSM slot ID 0x1 1021s Manufacturer ID: SoftHSM project 1021s Hardware version: 2.6 1021s Firmware version: 2.6 1021s Token present: yes 1021s Token info: 1021s Manufacturer ID: SoftHSM project 1021s Model: SoftHSM v2 1021s Hardware version: 2.6 1021s Firmware version: 2.6 1021s Serial number: 1021s Initialized: no 1021s User PIN init.: no 1021s Label: 1021s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=/tmp/sssd-softhsm2-UXiNoj/test-root-CA-trusted-certificate-0001.pem --login --set-pin=053350 --label 'Test Organization Root Trusted Certificate 0001' --id 00112233445566778899FFAABBCCDDEEFF012345 1021s + openssl rsa -passin pass:random-root-ca-trusted-cert-0001-21963 -in /tmp/sssd-softhsm2-UXiNoj/test-root-CA-trusted-certificate-0001-key.pem -out /tmp/sssd-softhsm2-UXiNoj/test-root-CA-trusted-certificate-0001-key-decrypted.pem 1021s writing RSA key 1021s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --write --load-privkey=/tmp/sssd-softhsm2-UXiNoj/test-root-CA-trusted-certificate-0001-key-decrypted.pem --login --set-pin=053350 --label 'Test Organization Root Trusted Certificate 0001 Key' --id 00112233445566778899FFAABBCCDDEEFF012345 1021s + rm /tmp/sssd-softhsm2-UXiNoj/test-root-CA-trusted-certificate-0001-key-decrypted.pem 1021s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --list-all 1021s Object 0: 1021s URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=166a02228d115d1a;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert 1021s Type: X.509 Certificate (RSA-1024) 1021s Expires: Tue Mar 25 11:11:17 2025 1021s Label: Test Organization Root Trusted Certificate 0001 1021s ID: 00:11:22:33:44:55:66:77:88:99:ff:aa:bb:cc:dd:ee:ff:01:23:45 1021s 1021s Test Organization Root Tr Token 1021s + echo 'Test Organization Root Tr Token' 1021s + '[' -n '' ']' 1021s + local output_base_name=SSSD-child-4395 1021s + local output_file=/tmp/sssd-softhsm2-UXiNoj/SSSD-child-4395.output 1021s + output_cert_file=/tmp/sssd-softhsm2-UXiNoj/SSSD-child-4395.pem 1021s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/dev/null 1021s [p11_child[2035]] [main] (0x0400): p11_child started. 1021s [p11_child[2035]] [main] (0x2000): Running in [pre-auth] mode. 1021s [p11_child[2035]] [main] (0x2000): Running with effective IDs: [0][0]. 1021s [p11_child[2035]] [main] (0x2000): Running with real IDs [0][0]. 1021s [p11_child[2035]] [init_verification] (0x0040): X509_LOOKUP_load_file [/dev/null] failed [92274824][error:05800088:x509 certificate routines::no certificate or crl found]. 1021s [p11_child[2035]] [do_work] (0x0040): init_verification failed. 1021s [p11_child[2035]] [main] (0x0020): p11_child failed (5) 1021s + return 2 1021s + valid_certificate /tmp/sssd-softhsm2-UXiNoj/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-21963 /dev/null no_verification 1021s + check_certificate /tmp/sssd-softhsm2-UXiNoj/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-21963 /dev/null no_verification 1021s + local certificate=/tmp/sssd-softhsm2-UXiNoj/test-root-CA-trusted-certificate-0001.pem 1021s + local key_pass=pass:random-root-ca-trusted-cert-0001-21963 1021s + local key_ring=/dev/null 1021s + local verify_option=no_verification 1021s + prepare_softhsm2_card /tmp/sssd-softhsm2-UXiNoj/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-21963 1021s + local certificate=/tmp/sssd-softhsm2-UXiNoj/test-root-CA-trusted-certificate-0001.pem 1021s + local key_pass=pass:random-root-ca-trusted-cert-0001-21963 1021s + local key_cn 1021s + local key_name 1021s + local tokens_dir 1021s + local output_cert_file 1021s + token_name= 1021s ++ basename /tmp/sssd-softhsm2-UXiNoj/test-root-CA-trusted-certificate-0001.pem .pem 1021s + key_name=test-root-CA-trusted-certificate-0001 1021s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-UXiNoj/test-root-CA-trusted-certificate-0001.pem 1021s ++ sed -n 's/ *commonName *= //p' 1021s + key_cn='Test Organization Root Trusted Certificate 0001' 1021s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 1021s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-UXiNoj/softhsm2-test-root-CA-trusted-certificate-0001.conf 1021s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-UXiNoj/softhsm2-test-root-CA-trusted-certificate-0001.conf 1021s ++ basename /tmp/sssd-softhsm2-UXiNoj/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 1021s + tokens_dir=/tmp/sssd-softhsm2-UXiNoj/softhsm2-test-root-CA-trusted-certificate-0001 1021s + token_name='Test Organization Root Tr Token' 1021s + '[' '!' -e /tmp/sssd-softhsm2-UXiNoj/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 1021s + '[' '!' -d /tmp/sssd-softhsm2-UXiNoj/softhsm2-test-root-CA-trusted-certificate-0001 ']' 1021s + echo 'Test Organization Root Tr Token' 1021s Test Organization Root Tr Token 1021s + '[' -n no_verification ']' 1021s + local verify_arg=--verify=no_verification 1021s + local output_base_name=SSSD-child-14870 1021s + local output_file=/tmp/sssd-softhsm2-UXiNoj/SSSD-child-14870.output 1021s + output_cert_file=/tmp/sssd-softhsm2-UXiNoj/SSSD-child-14870.pem 1021s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --verify=no_verification --ca_db=/dev/null 1021s [p11_child[2041]] [main] (0x0400): p11_child started. 1021s [p11_child[2041]] [main] (0x2000): Running in [pre-auth] mode. 1021s [p11_child[2041]] [main] (0x2000): Running with effective IDs: [0][0]. 1021s [p11_child[2041]] [main] (0x2000): Running with real IDs [0][0]. 1021s [p11_child[2041]] [parse_cert_verify_opts] (0x0020): Found 'no_verification' option, disabling verification completely. This should not be used in production. 1021s [p11_child[2041]] [do_card] (0x4000): Module List: 1021s [p11_child[2041]] [do_card] (0x4000): common name: [softhsm2]. 1021s [p11_child[2041]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 1021s [p11_child[2041]] [do_card] (0x4000): Description [SoftHSM slot ID 0xd115d1a] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 1021s [p11_child[2041]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 1021s [p11_child[2041]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0xd115d1a][219241754] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 1021s [p11_child[2041]] [do_card] (0x4000): Login NOT required. 1021s [p11_child[2041]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 1021s [p11_child[2041]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Root Tr Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 1021s [p11_child[2041]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200xd115d1a;slot-manufacturer=SoftHSM%20project;slot-id=219241754;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=166a02228d115d1a;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 1021s [p11_child[2041]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 1021s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-UXiNoj/SSSD-child-14870.output 1021s + echo '-----BEGIN CERTIFICATE-----' 1021s + tail -n1 /tmp/sssd-softhsm2-UXiNoj/SSSD-child-14870.output 1021s + echo '-----END CERTIFICATE-----' 1021s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-UXiNoj/SSSD-child-14870.pem 1021s Certificate: 1021s Data: 1021s Version: 3 (0x2) 1021s Serial Number: 3 (0x3) 1021s Signature Algorithm: sha256WithRSAEncryption 1021s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 1021s Validity 1021s Not Before: Mar 25 11:11:17 2024 GMT 1021s Not After : Mar 25 11:11:17 2025 GMT 1021s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 1021s Subject Public Key Info: 1021s Public Key Algorithm: rsaEncryption 1021s Public-Key: (1024 bit) 1021s Modulus: 1021s 00:b7:32:33:f1:d9:fa:0a:a9:6f:e8:90:7f:37:02: 1021s 8c:3d:52:f8:d9:05:de:6c:97:89:64:d7:bb:32:ea: 1021s c8:a2:4d:76:6a:4a:ee:69:7e:d9:e2:81:bc:41:4b: 1021s 20:c5:d9:87:90:9b:60:ea:47:cd:d3:aa:77:2a:dd: 1021s 87:f9:d3:57:49:bd:44:3d:05:f3:c2:0a:19:df:b9: 1021s b4:f7:e9:42:a6:c6:eb:14:4b:c2:cb:1e:51:ad:ca: 1021s 6f:54:13:12:b3:de:e4:f9:96:7a:84:9a:2d:c9:67: 1021s 56:d8:0f:f9:30:7b:05:3e:90:55:42:e1:09:37:82: 1021s e5:0f:1e:67:72:aa:0a:b5:33 1021s Exponent: 65537 (0x10001) 1021s X509v3 extensions: 1021s X509v3 Authority Key Identifier: 1021s 33:AA:10:E2:C5:B5:87:6F:39:1C:1B:BC:F7:F5:C0:F9:26:3A:68:26 1021s X509v3 Basic Constraints: 1021s CA:FALSE 1021s Netscape Cert Type: 1021s SSL Client, S/MIME 1021s Netscape Comment: 1021s Test Organization Root CA trusted Certificate 1021s X509v3 Subject Key Identifier: 1021s 43:83:0E:6C:08:CF:8D:AE:3E:D2:F5:66:35:7E:CC:E2:91:F7:84:79 1021s X509v3 Key Usage: critical 1021s Digital Signature, Non Repudiation, Key Encipherment 1021s X509v3 Extended Key Usage: 1021s TLS Web Client Authentication, E-mail Protection 1021s X509v3 Subject Alternative Name: 1021s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 1021s Signature Algorithm: sha256WithRSAEncryption 1021s Signature Value: 1021s 94:06:06:c9:dc:20:51:d9:0a:cb:1b:fd:8f:ce:70:39:b6:88: 1021s 5a:b2:34:85:92:af:f9:d0:04:96:a3:43:06:60:5c:50:07:c4: 1021s c7:b0:ff:25:98:3e:36:52:e6:ee:f7:b0:0f:62:70:54:57:2f: 1021s 9b:c4:8c:3c:78:1a:c9:e4:d1:44:90:62:ad:79:62:0c:ed:7b: 1021s ef:b6:50:8d:7a:63:9a:5a:1c:8c:a6:18:81:33:89:10:82:74: 1021s 9d:b8:aa:3c:3e:61:d8:4c:4b:3f:b2:c4:f5:b0:35:6d:d5:67: 1021s bd:85:4e:42:35:08:6b:08:c6:1c:1c:8f:35:a4:20:e8:d7:a0: 1021s f8:fc 1021s + local found_md5 expected_md5 1021s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-UXiNoj/test-root-CA-trusted-certificate-0001.pem 1021s + expected_md5=Modulus=B73233F1D9FA0AA96FE8907F37028C3D52F8D905DE6C978964D7BB32EAC8A24D766A4AEE697ED9E281BC414B20C5D987909B60EA47CDD3AA772ADD87F9D35749BD443D05F3C20A19DFB9B4F7E942A6C6EB144BC2CB1E51ADCA6F541312B3DEE4F9967A849A2DC96756D80FF9307B053E905542E1093782E50F1E6772AA0AB533 1021s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-UXiNoj/SSSD-child-14870.pem 1022s + found_md5=Modulus=B73233F1D9FA0AA96FE8907F37028C3D52F8D905DE6C978964D7BB32EAC8A24D766A4AEE697ED9E281BC414B20C5D987909B60EA47CDD3AA772ADD87F9D35749BD443D05F3C20A19DFB9B4F7E942A6C6EB144BC2CB1E51ADCA6F541312B3DEE4F9967A849A2DC96756D80FF9307B053E905542E1093782E50F1E6772AA0AB533 1022s + '[' Modulus=B73233F1D9FA0AA96FE8907F37028C3D52F8D905DE6C978964D7BB32EAC8A24D766A4AEE697ED9E281BC414B20C5D987909B60EA47CDD3AA772ADD87F9D35749BD443D05F3C20A19DFB9B4F7E942A6C6EB144BC2CB1E51ADCA6F541312B3DEE4F9967A849A2DC96756D80FF9307B053E905542E1093782E50F1E6772AA0AB533 '!=' Modulus=B73233F1D9FA0AA96FE8907F37028C3D52F8D905DE6C978964D7BB32EAC8A24D766A4AEE697ED9E281BC414B20C5D987909B60EA47CDD3AA772ADD87F9D35749BD443D05F3C20A19DFB9B4F7E942A6C6EB144BC2CB1E51ADCA6F541312B3DEE4F9967A849A2DC96756D80FF9307B053E905542E1093782E50F1E6772AA0AB533 ']' 1022s + output_file=/tmp/sssd-softhsm2-UXiNoj/SSSD-child-14870-auth.output 1022s ++ basename /tmp/sssd-softhsm2-UXiNoj/SSSD-child-14870-auth.output .output 1022s + output_cert_file=/tmp/sssd-softhsm2-UXiNoj/SSSD-child-14870-auth.pem 1022s + echo -n 053350 1022s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/dev/null --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=no_verification --token_name 'Test Organization Root Tr Token' --module_name /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so 1022s [p11_child[2049]] [main] (0x0400): p11_child started. 1022s [p11_child[2049]] [main] (0x2000): Running in [auth] mode. 1022s [p11_child[2049]] [main] (0x2000): Running with effective IDs: [0][0]. 1022s [p11_child[2049]] [main] (0x2000): Running with real IDs [0][0]. 1022s [p11_child[2049]] [parse_cert_verify_opts] (0x0020): Found 'no_verification' option, disabling verification completely. This should not be used in production. 1022s [p11_child[2049]] [do_card] (0x4000): Module List: 1022s [p11_child[2049]] [do_card] (0x4000): common name: [softhsm2]. 1022s [p11_child[2049]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 1022s [p11_child[2049]] [do_card] (0x4000): Description [SoftHSM slot ID 0xd115d1a] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 1022s [p11_child[2049]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 1022s [p11_child[2049]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0xd115d1a][219241754] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 1022s [p11_child[2049]] [do_card] (0x4000): Login required. 1022s [p11_child[2049]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 1022s [p11_child[2049]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so Test Organization Root Tr Token Test Organization Root Tr Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 1022s [p11_child[2049]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200xd115d1a;slot-manufacturer=SoftHSM%20project;slot-id=219241754;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=166a02228d115d1a;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 1022s [p11_child[2049]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 1022s [p11_child[2049]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 1022s [p11_child[2049]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 1022s [p11_child[2049]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 1022s [p11_child[2049]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 1022s [p11_child[2049]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 1022s [p11_child[2049]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 1022s [p11_child[2049]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 1022s [p11_child[2049]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 1022s [p11_child[2049]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 1022s [p11_child[2049]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 1022s [p11_child[2049]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 1022s [p11_child[2049]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 1022s [p11_child[2049]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 1022s [p11_child[2049]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 1022s [p11_child[2049]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 1022s [p11_child[2049]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 1022s [p11_child[2049]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 1022s [p11_child[2049]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 1022s [p11_child[2049]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 1022s [p11_child[2049]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 1022s [p11_child[2049]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 1022s [p11_child[2049]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 1022s [p11_child[2049]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 1022s [p11_child[2049]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 1022s [p11_child[2049]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 1022s [p11_child[2049]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 1022s [p11_child[2049]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 1022s [p11_child[2049]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 1022s [p11_child[2049]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 1022s [p11_child[2049]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 1022s [p11_child[2049]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 1022s [p11_child[2049]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 1022s [p11_child[2049]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 1022s [p11_child[2049]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 1022s [p11_child[2049]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 1022s [p11_child[2049]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 1022s [p11_child[2049]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 1022s [p11_child[2049]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 1022s [p11_child[2049]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 1022s [p11_child[2049]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 1022s [p11_child[2049]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 1022s [p11_child[2049]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 1022s [p11_child[2049]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 1022s [p11_child[2049]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 1022s [p11_child[2049]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 1022s [p11_child[2049]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 1022s [p11_child[2049]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 1022s [p11_child[2049]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 1022s [p11_child[2049]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 1022s [p11_child[2049]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 1022s [p11_child[2049]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 1022s [p11_child[2049]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 1022s [p11_child[2049]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 1022s [p11_child[2049]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 1022s [p11_child[2049]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 1022s [p11_child[2049]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 1022s [p11_child[2049]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 1022s [p11_child[2049]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 1022s [p11_child[2049]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 1022s [p11_child[2049]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 1022s [p11_child[2049]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 1022s [p11_child[2049]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 1022s [p11_child[2049]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 1022s [p11_child[2049]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 1022s [p11_child[2049]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 1022s [p11_child[2049]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 1022s [p11_child[2049]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 1022s [p11_child[2049]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 1022s [p11_child[2049]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 1022s [p11_child[2049]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 1022s [p11_child[2049]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 1022s [p11_child[2049]] [do_card] (0x4000): Certificate verified and validated. 1022s [p11_child[2049]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 1022s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-UXiNoj/SSSD-child-14870-auth.output 1022s + echo '-----BEGIN CERTIFICATE-----' 1022s + tail -n1 /tmp/sssd-softhsm2-UXiNoj/SSSD-child-14870-auth.output 1022s + echo '-----END CERTIFICATE-----' 1022s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-UXiNoj/SSSD-child-14870-auth.pem 1022s Certificate: 1022s Data: 1022s Version: 3 (0x2) 1022s Serial Number: 3 (0x3) 1022s Signature Algorithm: sha256WithRSAEncryption 1022s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 1022s Validity 1022s Not Before: Mar 25 11:11:17 2024 GMT 1022s Not After : Mar 25 11:11:17 2025 GMT 1022s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 1022s Subject Public Key Info: 1022s Public Key Algorithm: rsaEncryption 1022s Public-Key: (1024 bit) 1022s Modulus: 1022s 00:b7:32:33:f1:d9:fa:0a:a9:6f:e8:90:7f:37:02: 1022s 8c:3d:52:f8:d9:05:de:6c:97:89:64:d7:bb:32:ea: 1022s c8:a2:4d:76:6a:4a:ee:69:7e:d9:e2:81:bc:41:4b: 1022s 20:c5:d9:87:90:9b:60:ea:47:cd:d3:aa:77:2a:dd: 1022s 87:f9:d3:57:49:bd:44:3d:05:f3:c2:0a:19:df:b9: 1022s b4:f7:e9:42:a6:c6:eb:14:4b:c2:cb:1e:51:ad:ca: 1022s 6f:54:13:12:b3:de:e4:f9:96:7a:84:9a:2d:c9:67: 1022s 56:d8:0f:f9:30:7b:05:3e:90:55:42:e1:09:37:82: 1022s e5:0f:1e:67:72:aa:0a:b5:33 1022s Exponent: 65537 (0x10001) 1022s X509v3 extensions: 1022s X509v3 Authority Key Identifier: 1022s 33:AA:10:E2:C5:B5:87:6F:39:1C:1B:BC:F7:F5:C0:F9:26:3A:68:26 1022s X509v3 Basic Constraints: 1022s CA:FALSE 1022s Netscape Cert Type: 1022s SSL Client, S/MIME 1022s Netscape Comment: 1022s Test Organization Root CA trusted Certificate 1022s X509v3 Subject Key Identifier: 1022s 43:83:0E:6C:08:CF:8D:AE:3E:D2:F5:66:35:7E:CC:E2:91:F7:84:79 1022s X509v3 Key Usage: critical 1022s Digital Signature, Non Repudiation, Key Encipherment 1022s X509v3 Extended Key Usage: 1022s TLS Web Client Authentication, E-mail Protection 1022s X509v3 Subject Alternative Name: 1022s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 1022s Signature Algorithm: sha256WithRSAEncryption 1022s Signature Value: 1022s 94:06:06:c9:dc:20:51:d9:0a:cb:1b:fd:8f:ce:70:39:b6:88: 1022s 5a:b2:34:85:92:af:f9:d0:04:96:a3:43:06:60:5c:50:07:c4: 1022s c7:b0:ff:25:98:3e:36:52:e6:ee:f7:b0:0f:62:70:54:57:2f: 1022s 9b:c4:8c:3c:78:1a:c9:e4:d1:44:90:62:ad:79:62:0c:ed:7b: 1022s ef:b6:50:8d:7a:63:9a:5a:1c:8c:a6:18:81:33:89:10:82:74: 1022s 9d:b8:aa:3c:3e:61:d8:4c:4b:3f:b2:c4:f5:b0:35:6d:d5:67: 1022s bd:85:4e:42:35:08:6b:08:c6:1c:1c:8f:35:a4:20:e8:d7:a0: 1022s f8:fc 1022s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-UXiNoj/SSSD-child-14870-auth.pem 1022s + found_md5=Modulus=B73233F1D9FA0AA96FE8907F37028C3D52F8D905DE6C978964D7BB32EAC8A24D766A4AEE697ED9E281BC414B20C5D987909B60EA47CDD3AA772ADD87F9D35749BD443D05F3C20A19DFB9B4F7E942A6C6EB144BC2CB1E51ADCA6F541312B3DEE4F9967A849A2DC96756D80FF9307B053E905542E1093782E50F1E6772AA0AB533 1022s + '[' Modulus=B73233F1D9FA0AA96FE8907F37028C3D52F8D905DE6C978964D7BB32EAC8A24D766A4AEE697ED9E281BC414B20C5D987909B60EA47CDD3AA772ADD87F9D35749BD443D05F3C20A19DFB9B4F7E942A6C6EB144BC2CB1E51ADCA6F541312B3DEE4F9967A849A2DC96756D80FF9307B053E905542E1093782E50F1E6772AA0AB533 '!=' Modulus=B73233F1D9FA0AA96FE8907F37028C3D52F8D905DE6C978964D7BB32EAC8A24D766A4AEE697ED9E281BC414B20C5D987909B60EA47CDD3AA772ADD87F9D35749BD443D05F3C20A19DFB9B4F7E942A6C6EB144BC2CB1E51ADCA6F541312B3DEE4F9967A849A2DC96756D80FF9307B053E905542E1093782E50F1E6772AA0AB533 ']' 1022s + valid_certificate /tmp/sssd-softhsm2-UXiNoj/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-21963 /tmp/sssd-softhsm2-UXiNoj/test-root-CA.pem 1022s + check_certificate /tmp/sssd-softhsm2-UXiNoj/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-21963 /tmp/sssd-softhsm2-UXiNoj/test-root-CA.pem 1022s + local certificate=/tmp/sssd-softhsm2-UXiNoj/test-root-CA-trusted-certificate-0001.pem 1022s + local key_pass=pass:random-root-ca-trusted-cert-0001-21963 1022s + local key_ring=/tmp/sssd-softhsm2-UXiNoj/test-root-CA.pem 1022s + local verify_option= 1022s + prepare_softhsm2_card /tmp/sssd-softhsm2-UXiNoj/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-21963 1022s + local certificate=/tmp/sssd-softhsm2-UXiNoj/test-root-CA-trusted-certificate-0001.pem 1022s + local key_pass=pass:random-root-ca-trusted-cert-0001-21963 1022s + local key_cn 1022s + local key_name 1022s + local tokens_dir 1022s + local output_cert_file 1022s + token_name= 1022s ++ basename /tmp/sssd-softhsm2-UXiNoj/test-root-CA-trusted-certificate-0001.pem .pem 1022s + key_name=test-root-CA-trusted-certificate-0001 1022s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-UXiNoj/test-root-CA-trusted-certificate-0001.pem 1022s ++ sed -n 's/ *commonName *= //p' 1022s + key_cn='Test Organization Root Trusted Certificate 0001' 1022s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 1022s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-UXiNoj/softhsm2-test-root-CA-trusted-certificate-0001.conf 1022s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-UXiNoj/softhsm2-test-root-CA-trusted-certificate-0001.conf 1022s ++ basename /tmp/sssd-softhsm2-UXiNoj/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 1022s Test Organization Root Tr Token 1022s + tokens_dir=/tmp/sssd-softhsm2-UXiNoj/softhsm2-test-root-CA-trusted-certificate-0001 1022s + token_name='Test Organization Root Tr Token' 1022s + '[' '!' -e /tmp/sssd-softhsm2-UXiNoj/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 1022s + '[' '!' -d /tmp/sssd-softhsm2-UXiNoj/softhsm2-test-root-CA-trusted-certificate-0001 ']' 1022s + echo 'Test Organization Root Tr Token' 1022s + '[' -n '' ']' 1022s + local output_base_name=SSSD-child-6922 1022s + local output_file=/tmp/sssd-softhsm2-UXiNoj/SSSD-child-6922.output 1022s + output_cert_file=/tmp/sssd-softhsm2-UXiNoj/SSSD-child-6922.pem 1022s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-UXiNoj/test-root-CA.pem 1022s [p11_child[2059]] [main] (0x0400): p11_child started. 1022s [p11_child[2059]] [main] (0x2000): Running in [pre-auth] mode. 1022s [p11_child[2059]] [main] (0x2000): Running with effective IDs: [0][0]. 1022s [p11_child[2059]] [main] (0x2000): Running with real IDs [0][0]. 1022s [p11_child[2059]] [do_card] (0x4000): Module List: 1022s [p11_child[2059]] [do_card] (0x4000): common name: [softhsm2]. 1022s [p11_child[2059]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 1022s [p11_child[2059]] [do_card] (0x4000): Description [SoftHSM slot ID 0xd115d1a] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 1022s [p11_child[2059]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 1022s [p11_child[2059]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0xd115d1a][219241754] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 1022s [p11_child[2059]] [do_card] (0x4000): Login NOT required. 1022s [p11_child[2059]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 1022s [p11_child[2059]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 1022s [p11_child[2059]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Root Tr Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 1022s [p11_child[2059]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200xd115d1a;slot-manufacturer=SoftHSM%20project;slot-id=219241754;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=166a02228d115d1a;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 1022s [p11_child[2059]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 1022s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-UXiNoj/SSSD-child-6922.output 1022s + echo '-----BEGIN CERTIFICATE-----' 1022s + tail -n1 /tmp/sssd-softhsm2-UXiNoj/SSSD-child-6922.output 1022s + echo '-----END CERTIFICATE-----' 1022s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-UXiNoj/SSSD-child-6922.pem 1022s Certificate: 1022s Data: 1022s Version: 3 (0x2) 1022s Serial Number: 3 (0x3) 1022s Signature Algorithm: sha256WithRSAEncryption 1022s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 1022s Validity 1022s Not Before: Mar 25 11:11:17 2024 GMT 1022s Not After : Mar 25 11:11:17 2025 GMT 1022s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 1022s Subject Public Key Info: 1022s Public Key Algorithm: rsaEncryption 1022s Public-Key: (1024 bit) 1022s Modulus: 1022s 00:b7:32:33:f1:d9:fa:0a:a9:6f:e8:90:7f:37:02: 1022s 8c:3d:52:f8:d9:05:de:6c:97:89:64:d7:bb:32:ea: 1022s c8:a2:4d:76:6a:4a:ee:69:7e:d9:e2:81:bc:41:4b: 1022s 20:c5:d9:87:90:9b:60:ea:47:cd:d3:aa:77:2a:dd: 1022s 87:f9:d3:57:49:bd:44:3d:05:f3:c2:0a:19:df:b9: 1022s b4:f7:e9:42:a6:c6:eb:14:4b:c2:cb:1e:51:ad:ca: 1022s 6f:54:13:12:b3:de:e4:f9:96:7a:84:9a:2d:c9:67: 1022s 56:d8:0f:f9:30:7b:05:3e:90:55:42:e1:09:37:82: 1022s e5:0f:1e:67:72:aa:0a:b5:33 1022s Exponent: 65537 (0x10001) 1022s X509v3 extensions: 1022s X509v3 Authority Key Identifier: 1022s 33:AA:10:E2:C5:B5:87:6F:39:1C:1B:BC:F7:F5:C0:F9:26:3A:68:26 1022s X509v3 Basic Constraints: 1022s CA:FALSE 1022s Netscape Cert Type: 1022s SSL Client, S/MIME 1022s Netscape Comment: 1022s Test Organization Root CA trusted Certificate 1022s X509v3 Subject Key Identifier: 1022s 43:83:0E:6C:08:CF:8D:AE:3E:D2:F5:66:35:7E:CC:E2:91:F7:84:79 1022s X509v3 Key Usage: critical 1022s Digital Signature, Non Repudiation, Key Encipherment 1022s X509v3 Extended Key Usage: 1022s TLS Web Client Authentication, E-mail Protection 1022s X509v3 Subject Alternative Name: 1022s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 1022s Signature Algorithm: sha256WithRSAEncryption 1022s Signature Value: 1022s 94:06:06:c9:dc:20:51:d9:0a:cb:1b:fd:8f:ce:70:39:b6:88: 1022s 5a:b2:34:85:92:af:f9:d0:04:96:a3:43:06:60:5c:50:07:c4: 1022s c7:b0:ff:25:98:3e:36:52:e6:ee:f7:b0:0f:62:70:54:57:2f: 1022s 9b:c4:8c:3c:78:1a:c9:e4:d1:44:90:62:ad:79:62:0c:ed:7b: 1022s ef:b6:50:8d:7a:63:9a:5a:1c:8c:a6:18:81:33:89:10:82:74: 1022s 9d:b8:aa:3c:3e:61:d8:4c:4b:3f:b2:c4:f5:b0:35:6d:d5:67: 1022s bd:85:4e:42:35:08:6b:08:c6:1c:1c:8f:35:a4:20:e8:d7:a0: 1022s f8:fc 1022s + local found_md5 expected_md5 1022s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-UXiNoj/test-root-CA-trusted-certificate-0001.pem 1022s + expected_md5=Modulus=B73233F1D9FA0AA96FE8907F37028C3D52F8D905DE6C978964D7BB32EAC8A24D766A4AEE697ED9E281BC414B20C5D987909B60EA47CDD3AA772ADD87F9D35749BD443D05F3C20A19DFB9B4F7E942A6C6EB144BC2CB1E51ADCA6F541312B3DEE4F9967A849A2DC96756D80FF9307B053E905542E1093782E50F1E6772AA0AB533 1022s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-UXiNoj/SSSD-child-6922.pem 1022s + found_md5=Modulus=B73233F1D9FA0AA96FE8907F37028C3D52F8D905DE6C978964D7BB32EAC8A24D766A4AEE697ED9E281BC414B20C5D987909B60EA47CDD3AA772ADD87F9D35749BD443D05F3C20A19DFB9B4F7E942A6C6EB144BC2CB1E51ADCA6F541312B3DEE4F9967A849A2DC96756D80FF9307B053E905542E1093782E50F1E6772AA0AB533 1022s + '[' Modulus=B73233F1D9FA0AA96FE8907F37028C3D52F8D905DE6C978964D7BB32EAC8A24D766A4AEE697ED9E281BC414B20C5D987909B60EA47CDD3AA772ADD87F9D35749BD443D05F3C20A19DFB9B4F7E942A6C6EB144BC2CB1E51ADCA6F541312B3DEE4F9967A849A2DC96756D80FF9307B053E905542E1093782E50F1E6772AA0AB533 '!=' Modulus=B73233F1D9FA0AA96FE8907F37028C3D52F8D905DE6C978964D7BB32EAC8A24D766A4AEE697ED9E281BC414B20C5D987909B60EA47CDD3AA772ADD87F9D35749BD443D05F3C20A19DFB9B4F7E942A6C6EB144BC2CB1E51ADCA6F541312B3DEE4F9967A849A2DC96756D80FF9307B053E905542E1093782E50F1E6772AA0AB533 ']' 1022s + output_file=/tmp/sssd-softhsm2-UXiNoj/SSSD-child-6922-auth.output 1022s ++ basename /tmp/sssd-softhsm2-UXiNoj/SSSD-child-6922-auth.output .output 1022s + output_cert_file=/tmp/sssd-softhsm2-UXiNoj/SSSD-child-6922-auth.pem 1022s + echo -n 053350 1022s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-UXiNoj/test-root-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 '' --token_name 'Test Organization Root Tr Token' --module_name /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so 1022s [p11_child[2067]] [main] (0x0400): p11_child started. 1022s [p11_child[2067]] [main] (0x2000): Running in [auth] mode. 1022s [p11_child[2067]] [main] (0x2000): Running with effective IDs: [0][0]. 1022s [p11_child[2067]] [main] (0x2000): Running with real IDs [0][0]. 1022s [p11_child[2067]] [do_card] (0x4000): Module List: 1022s [p11_child[2067]] [do_card] (0x4000): common name: [softhsm2]. 1022s [p11_child[2067]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 1022s [p11_child[2067]] [do_card] (0x4000): Description [SoftHSM slot ID 0xd115d1a] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 1022s [p11_child[2067]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 1022s [p11_child[2067]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0xd115d1a][219241754] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 1022s [p11_child[2067]] [do_card] (0x4000): Login required. 1023s [p11_child[2067]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 1023s [p11_child[2067]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 1023s [p11_child[2067]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so Test Organization Root Tr Token Test Organization Root Tr Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 1023s [p11_child[2067]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200xd115d1a;slot-manufacturer=SoftHSM%20project;slot-id=219241754;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=166a02228d115d1a;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 1023s [p11_child[2067]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 1023s [p11_child[2067]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 1023s [p11_child[2067]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 1023s [p11_child[2067]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 1023s [p11_child[2067]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 1023s [p11_child[2067]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 1023s [p11_child[2067]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 1023s [p11_child[2067]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 1023s [p11_child[2067]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 1023s [p11_child[2067]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 1023s [p11_child[2067]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 1023s [p11_child[2067]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 1023s [p11_child[2067]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 1023s [p11_child[2067]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 1023s [p11_child[2067]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 1023s [p11_child[2067]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 1023s [p11_child[2067]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 1023s [p11_child[2067]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 1023s [p11_child[2067]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 1023s [p11_child[2067]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 1023s [p11_child[2067]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 1023s [p11_child[2067]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 1023s [p11_child[2067]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 1023s [p11_child[2067]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 1023s [p11_child[2067]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 1023s [p11_child[2067]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 1023s [p11_child[2067]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 1023s [p11_child[2067]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 1023s [p11_child[2067]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 1023s [p11_child[2067]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 1023s [p11_child[2067]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 1023s [p11_child[2067]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 1023s [p11_child[2067]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 1023s [p11_child[2067]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 1023s [p11_child[2067]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 1023s [p11_child[2067]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 1023s [p11_child[2067]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 1023s [p11_child[2067]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 1023s [p11_child[2067]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 1023s [p11_child[2067]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 1023s [p11_child[2067]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 1023s [p11_child[2067]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 1023s [p11_child[2067]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 1023s [p11_child[2067]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 1023s [p11_child[2067]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 1023s [p11_child[2067]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 1023s [p11_child[2067]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 1023s [p11_child[2067]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 1023s [p11_child[2067]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 1023s [p11_child[2067]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 1023s [p11_child[2067]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 1023s [p11_child[2067]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 1023s [p11_child[2067]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 1023s [p11_child[2067]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 1023s [p11_child[2067]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 1023s [p11_child[2067]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 1023s [p11_child[2067]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 1023s [p11_child[2067]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 1023s [p11_child[2067]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 1023s [p11_child[2067]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 1023s [p11_child[2067]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 1023s [p11_child[2067]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 1023s [p11_child[2067]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 1023s [p11_child[2067]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 1023s [p11_child[2067]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 1023s [p11_child[2067]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 1023s [p11_child[2067]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 1023s [p11_child[2067]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 1023s [p11_child[2067]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 1023s [p11_child[2067]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 1023s [p11_child[2067]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 1023s [p11_child[2067]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 1023s [p11_child[2067]] [do_card] (0x4000): Certificate verified and validated. 1023s [p11_child[2067]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 1023s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-UXiNoj/SSSD-child-6922-auth.output 1023s + echo '-----BEGIN CERTIFICATE-----' 1023s + tail -n1 /tmp/sssd-softhsm2-UXiNoj/SSSD-child-6922-auth.output 1023s + echo '-----END CERTIFICATE-----' 1023s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-UXiNoj/SSSD-child-6922-auth.pem 1023s Certificate: 1023s Data: 1023s Version: 3 (0x2) 1023s Serial Number: 3 (0x3) 1023s Signature Algorithm: sha256WithRSAEncryption 1023s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 1023s Validity 1023s Not Before: Mar 25 11:11:17 2024 GMT 1023s Not After : Mar 25 11:11:17 2025 GMT 1023s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 1023s Subject Public Key Info: 1023s Public Key Algorithm: rsaEncryption 1023s Public-Key: (1024 bit) 1023s Modulus: 1023s 00:b7:32:33:f1:d9:fa:0a:a9:6f:e8:90:7f:37:02: 1023s 8c:3d:52:f8:d9:05:de:6c:97:89:64:d7:bb:32:ea: 1023s c8:a2:4d:76:6a:4a:ee:69:7e:d9:e2:81:bc:41:4b: 1023s 20:c5:d9:87:90:9b:60:ea:47:cd:d3:aa:77:2a:dd: 1023s 87:f9:d3:57:49:bd:44:3d:05:f3:c2:0a:19:df:b9: 1023s b4:f7:e9:42:a6:c6:eb:14:4b:c2:cb:1e:51:ad:ca: 1023s 6f:54:13:12:b3:de:e4:f9:96:7a:84:9a:2d:c9:67: 1023s 56:d8:0f:f9:30:7b:05:3e:90:55:42:e1:09:37:82: 1023s e5:0f:1e:67:72:aa:0a:b5:33 1023s Exponent: 65537 (0x10001) 1023s X509v3 extensions: 1023s X509v3 Authority Key Identifier: 1023s 33:AA:10:E2:C5:B5:87:6F:39:1C:1B:BC:F7:F5:C0:F9:26:3A:68:26 1023s X509v3 Basic Constraints: 1023s CA:FALSE 1023s Netscape Cert Type: 1023s SSL Client, S/MIME 1023s Netscape Comment: 1023s Test Organization Root CA trusted Certificate 1023s X509v3 Subject Key Identifier: 1023s 43:83:0E:6C:08:CF:8D:AE:3E:D2:F5:66:35:7E:CC:E2:91:F7:84:79 1023s X509v3 Key Usage: critical 1023s Digital Signature, Non Repudiation, Key Encipherment 1023s X509v3 Extended Key Usage: 1023s TLS Web Client Authentication, E-mail Protection 1023s X509v3 Subject Alternative Name: 1023s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 1023s Signature Algorithm: sha256WithRSAEncryption 1023s Signature Value: 1023s 94:06:06:c9:dc:20:51:d9:0a:cb:1b:fd:8f:ce:70:39:b6:88: 1023s 5a:b2:34:85:92:af:f9:d0:04:96:a3:43:06:60:5c:50:07:c4: 1023s c7:b0:ff:25:98:3e:36:52:e6:ee:f7:b0:0f:62:70:54:57:2f: 1023s 9b:c4:8c:3c:78:1a:c9:e4:d1:44:90:62:ad:79:62:0c:ed:7b: 1023s ef:b6:50:8d:7a:63:9a:5a:1c:8c:a6:18:81:33:89:10:82:74: 1023s 9d:b8:aa:3c:3e:61:d8:4c:4b:3f:b2:c4:f5:b0:35:6d:d5:67: 1023s bd:85:4e:42:35:08:6b:08:c6:1c:1c:8f:35:a4:20:e8:d7:a0: 1023s f8:fc 1023s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-UXiNoj/SSSD-child-6922-auth.pem 1023s + found_md5=Modulus=B73233F1D9FA0AA96FE8907F37028C3D52F8D905DE6C978964D7BB32EAC8A24D766A4AEE697ED9E281BC414B20C5D987909B60EA47CDD3AA772ADD87F9D35749BD443D05F3C20A19DFB9B4F7E942A6C6EB144BC2CB1E51ADCA6F541312B3DEE4F9967A849A2DC96756D80FF9307B053E905542E1093782E50F1E6772AA0AB533 1023s + '[' Modulus=B73233F1D9FA0AA96FE8907F37028C3D52F8D905DE6C978964D7BB32EAC8A24D766A4AEE697ED9E281BC414B20C5D987909B60EA47CDD3AA772ADD87F9D35749BD443D05F3C20A19DFB9B4F7E942A6C6EB144BC2CB1E51ADCA6F541312B3DEE4F9967A849A2DC96756D80FF9307B053E905542E1093782E50F1E6772AA0AB533 '!=' Modulus=B73233F1D9FA0AA96FE8907F37028C3D52F8D905DE6C978964D7BB32EAC8A24D766A4AEE697ED9E281BC414B20C5D987909B60EA47CDD3AA772ADD87F9D35749BD443D05F3C20A19DFB9B4F7E942A6C6EB144BC2CB1E51ADCA6F541312B3DEE4F9967A849A2DC96756D80FF9307B053E905542E1093782E50F1E6772AA0AB533 ']' 1023s + valid_certificate /tmp/sssd-softhsm2-UXiNoj/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-21963 /tmp/sssd-softhsm2-UXiNoj/test-root-CA.pem partial_chain 1023s + check_certificate /tmp/sssd-softhsm2-UXiNoj/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-21963 /tmp/sssd-softhsm2-UXiNoj/test-root-CA.pem partial_chain 1023s + local certificate=/tmp/sssd-softhsm2-UXiNoj/test-root-CA-trusted-certificate-0001.pem 1023s + local key_pass=pass:random-root-ca-trusted-cert-0001-21963 1023s + local key_ring=/tmp/sssd-softhsm2-UXiNoj/test-root-CA.pem 1023s + local verify_option=partial_chain 1023s + prepare_softhsm2_card /tmp/sssd-softhsm2-UXiNoj/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-21963 1023s + local certificate=/tmp/sssd-softhsm2-UXiNoj/test-root-CA-trusted-certificate-0001.pem 1023s + local key_pass=pass:random-root-ca-trusted-cert-0001-21963 1023s + local key_cn 1023s + local key_name 1023s + local tokens_dir 1023s + local output_cert_file 1023s + token_name= 1023s ++ basename /tmp/sssd-softhsm2-UXiNoj/test-root-CA-trusted-certificate-0001.pem .pem 1023s + key_name=test-root-CA-trusted-certificate-0001 1023s ++ sed -n 's/ *commonName *= //p' 1023s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-UXiNoj/test-root-CA-trusted-certificate-0001.pem 1023s + key_cn='Test Organization Root Trusted Certificate 0001' 1023s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 1023s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-UXiNoj/softhsm2-test-root-CA-trusted-certificate-0001.conf 1023s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-UXiNoj/softhsm2-test-root-CA-trusted-certificate-0001.conf 1023s ++ basename /tmp/sssd-softhsm2-UXiNoj/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 1023s Test Organization Root Tr Token 1023s + tokens_dir=/tmp/sssd-softhsm2-UXiNoj/softhsm2-test-root-CA-trusted-certificate-0001 1023s + token_name='Test Organization Root Tr Token' 1023s + '[' '!' -e /tmp/sssd-softhsm2-UXiNoj/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 1023s + '[' '!' -d /tmp/sssd-softhsm2-UXiNoj/softhsm2-test-root-CA-trusted-certificate-0001 ']' 1023s + echo 'Test Organization Root Tr Token' 1023s + '[' -n partial_chain ']' 1023s + local verify_arg=--verify=partial_chain 1023s + local output_base_name=SSSD-child-443 1023s + local output_file=/tmp/sssd-softhsm2-UXiNoj/SSSD-child-443.output 1023s + output_cert_file=/tmp/sssd-softhsm2-UXiNoj/SSSD-child-443.pem 1023s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-UXiNoj/test-root-CA.pem 1023s [p11_child[2077]] [main] (0x0400): p11_child started. 1023s [p11_child[2077]] [main] (0x2000): Running in [pre-auth] mode. 1023s [p11_child[2077]] [main] (0x2000): Running with effective IDs: [0][0]. 1023s [p11_child[2077]] [main] (0x2000): Running with real IDs [0][0]. 1023s [p11_child[2077]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 1023s [p11_child[2077]] [do_card] (0x4000): Module List: 1023s [p11_child[2077]] [do_card] (0x4000): common name: [softhsm2]. 1023s [p11_child[2077]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 1023s [p11_child[2077]] [do_card] (0x4000): Description [SoftHSM slot ID 0xd115d1a] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 1023s [p11_child[2077]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 1023s [p11_child[2077]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0xd115d1a][219241754] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 1023s [p11_child[2077]] [do_card] (0x4000): Login NOT required. 1023s [p11_child[2077]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 1023s [p11_child[2077]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 1023s [p11_child[2077]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Root Tr Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 1023s [p11_child[2077]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200xd115d1a;slot-manufacturer=SoftHSM%20project;slot-id=219241754;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=166a02228d115d1a;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 1023s [p11_child[2077]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 1023s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-UXiNoj/SSSD-child-443.output 1023s + echo '-----BEGIN CERTIFICATE-----' 1023s + tail -n1 /tmp/sssd-softhsm2-UXiNoj/SSSD-child-443.output 1023s + echo '-----END CERTIFICATE-----' 1023s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-UXiNoj/SSSD-child-443.pem 1023s Certificate: 1023s Data: 1023s Version: 3 (0x2) 1023s Serial Number: 3 (0x3) 1023s Signature Algorithm: sha256WithRSAEncryption 1023s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 1023s Validity 1023s Not Before: Mar 25 11:11:17 2024 GMT 1023s Not After : Mar 25 11:11:17 2025 GMT 1023s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 1023s Subject Public Key Info: 1023s Public Key Algorithm: rsaEncryption 1023s Public-Key: (1024 bit) 1023s Modulus: 1023s 00:b7:32:33:f1:d9:fa:0a:a9:6f:e8:90:7f:37:02: 1023s 8c:3d:52:f8:d9:05:de:6c:97:89:64:d7:bb:32:ea: 1023s c8:a2:4d:76:6a:4a:ee:69:7e:d9:e2:81:bc:41:4b: 1023s 20:c5:d9:87:90:9b:60:ea:47:cd:d3:aa:77:2a:dd: 1023s 87:f9:d3:57:49:bd:44:3d:05:f3:c2:0a:19:df:b9: 1023s b4:f7:e9:42:a6:c6:eb:14:4b:c2:cb:1e:51:ad:ca: 1023s 6f:54:13:12:b3:de:e4:f9:96:7a:84:9a:2d:c9:67: 1023s 56:d8:0f:f9:30:7b:05:3e:90:55:42:e1:09:37:82: 1023s e5:0f:1e:67:72:aa:0a:b5:33 1023s Exponent: 65537 (0x10001) 1023s X509v3 extensions: 1023s X509v3 Authority Key Identifier: 1023s 33:AA:10:E2:C5:B5:87:6F:39:1C:1B:BC:F7:F5:C0:F9:26:3A:68:26 1023s X509v3 Basic Constraints: 1023s CA:FALSE 1023s Netscape Cert Type: 1023s SSL Client, S/MIME 1023s Netscape Comment: 1023s Test Organization Root CA trusted Certificate 1023s X509v3 Subject Key Identifier: 1023s 43:83:0E:6C:08:CF:8D:AE:3E:D2:F5:66:35:7E:CC:E2:91:F7:84:79 1023s X509v3 Key Usage: critical 1023s Digital Signature, Non Repudiation, Key Encipherment 1023s X509v3 Extended Key Usage: 1023s TLS Web Client Authentication, E-mail Protection 1023s X509v3 Subject Alternative Name: 1023s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 1023s Signature Algorithm: sha256WithRSAEncryption 1023s Signature Value: 1023s 94:06:06:c9:dc:20:51:d9:0a:cb:1b:fd:8f:ce:70:39:b6:88: 1023s 5a:b2:34:85:92:af:f9:d0:04:96:a3:43:06:60:5c:50:07:c4: 1023s c7:b0:ff:25:98:3e:36:52:e6:ee:f7:b0:0f:62:70:54:57:2f: 1023s 9b:c4:8c:3c:78:1a:c9:e4:d1:44:90:62:ad:79:62:0c:ed:7b: 1023s ef:b6:50:8d:7a:63:9a:5a:1c:8c:a6:18:81:33:89:10:82:74: 1023s 9d:b8:aa:3c:3e:61:d8:4c:4b:3f:b2:c4:f5:b0:35:6d:d5:67: 1023s bd:85:4e:42:35:08:6b:08:c6:1c:1c:8f:35:a4:20:e8:d7:a0: 1023s f8:fc 1023s + local found_md5 expected_md5 1023s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-UXiNoj/test-root-CA-trusted-certificate-0001.pem 1023s + expected_md5=Modulus=B73233F1D9FA0AA96FE8907F37028C3D52F8D905DE6C978964D7BB32EAC8A24D766A4AEE697ED9E281BC414B20C5D987909B60EA47CDD3AA772ADD87F9D35749BD443D05F3C20A19DFB9B4F7E942A6C6EB144BC2CB1E51ADCA6F541312B3DEE4F9967A849A2DC96756D80FF9307B053E905542E1093782E50F1E6772AA0AB533 1023s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-UXiNoj/SSSD-child-443.pem 1023s + found_md5=Modulus=B73233F1D9FA0AA96FE8907F37028C3D52F8D905DE6C978964D7BB32EAC8A24D766A4AEE697ED9E281BC414B20C5D987909B60EA47CDD3AA772ADD87F9D35749BD443D05F3C20A19DFB9B4F7E942A6C6EB144BC2CB1E51ADCA6F541312B3DEE4F9967A849A2DC96756D80FF9307B053E905542E1093782E50F1E6772AA0AB533 1023s + '[' Modulus=B73233F1D9FA0AA96FE8907F37028C3D52F8D905DE6C978964D7BB32EAC8A24D766A4AEE697ED9E281BC414B20C5D987909B60EA47CDD3AA772ADD87F9D35749BD443D05F3C20A19DFB9B4F7E942A6C6EB144BC2CB1E51ADCA6F541312B3DEE4F9967A849A2DC96756D80FF9307B053E905542E1093782E50F1E6772AA0AB533 '!=' Modulus=B73233F1D9FA0AA96FE8907F37028C3D52F8D905DE6C978964D7BB32EAC8A24D766A4AEE697ED9E281BC414B20C5D987909B60EA47CDD3AA772ADD87F9D35749BD443D05F3C20A19DFB9B4F7E942A6C6EB144BC2CB1E51ADCA6F541312B3DEE4F9967A849A2DC96756D80FF9307B053E905542E1093782E50F1E6772AA0AB533 ']' 1023s + output_file=/tmp/sssd-softhsm2-UXiNoj/SSSD-child-443-auth.output 1023s ++ basename /tmp/sssd-softhsm2-UXiNoj/SSSD-child-443-auth.output .output 1023s + output_cert_file=/tmp/sssd-softhsm2-UXiNoj/SSSD-child-443-auth.pem 1023s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-UXiNoj/test-root-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Root Tr Token' --module_name /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so 1023s + echo -n 053350 1023s [p11_child[2085]] [main] (0x0400): p11_child started. 1023s [p11_child[2085]] [main] (0x2000): Running in [auth] mode. 1023s [p11_child[2085]] [main] (0x2000): Running with effective IDs: [0][0]. 1023s [p11_child[2085]] [main] (0x2000): Running with real IDs [0][0]. 1023s [p11_child[2085]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 1023s [p11_child[2085]] [do_card] (0x4000): Module List: 1023s [p11_child[2085]] [do_card] (0x4000): common name: [softhsm2]. 1023s [p11_child[2085]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 1023s [p11_child[2085]] [do_card] (0x4000): Description [SoftHSM slot ID 0xd115d1a] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 1023s [p11_child[2085]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 1023s [p11_child[2085]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0xd115d1a][219241754] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 1023s [p11_child[2085]] [do_card] (0x4000): Login required. 1023s [p11_child[2085]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 1023s [p11_child[2085]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 1023s [p11_child[2085]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so Test Organization Root Tr Token Test Organization Root Tr Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 1023s [p11_child[2085]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200xd115d1a;slot-manufacturer=SoftHSM%20project;slot-id=219241754;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=166a02228d115d1a;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 1023s [p11_child[2085]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 1023s [p11_child[2085]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 1023s [p11_child[2085]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 1023s [p11_child[2085]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 1023s [p11_child[2085]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 1023s [p11_child[2085]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 1023s [p11_child[2085]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 1023s [p11_child[2085]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 1023s [p11_child[2085]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 1023s [p11_child[2085]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 1023s [p11_child[2085]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 1023s [p11_child[2085]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 1023s [p11_child[2085]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 1023s [p11_child[2085]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 1023s [p11_child[2085]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 1023s [p11_child[2085]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 1023s [p11_child[2085]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 1023s [p11_child[2085]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 1023s [p11_child[2085]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 1023s [p11_child[2085]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 1023s [p11_child[2085]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 1023s [p11_child[2085]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 1023s [p11_child[2085]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 1023s [p11_child[2085]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 1023s [p11_child[2085]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 1023s [p11_child[2085]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 1023s [p11_child[2085]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 1023s [p11_child[2085]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 1023s [p11_child[2085]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 1023s [p11_child[2085]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 1023s [p11_child[2085]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 1023s [p11_child[2085]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 1023s [p11_child[2085]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 1023s [p11_child[2085]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 1023s [p11_child[2085]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 1023s [p11_child[2085]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 1023s [p11_child[2085]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 1023s [p11_child[2085]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 1023s [p11_child[2085]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 1023s [p11_child[2085]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 1023s [p11_child[2085]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 1023s [p11_child[2085]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 1023s [p11_child[2085]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 1023s [p11_child[2085]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 1023s [p11_child[2085]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 1023s [p11_child[2085]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 1023s [p11_child[2085]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 1023s [p11_child[2085]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 1023s [p11_child[2085]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 1023s [p11_child[2085]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 1023s [p11_child[2085]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 1023s [p11_child[2085]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 1023s [p11_child[2085]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 1023s [p11_child[2085]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 1023s [p11_child[2085]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 1023s [p11_child[2085]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 1023s [p11_child[2085]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 1023s [p11_child[2085]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 1023s [p11_child[2085]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 1023s [p11_child[2085]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 1023s [p11_child[2085]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 1023s [p11_child[2085]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 1023s [p11_child[2085]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 1023s [p11_child[2085]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 1023s [p11_child[2085]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 1023s [p11_child[2085]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 1023s [p11_child[2085]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 1023s [p11_child[2085]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 1023s [p11_child[2085]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 1023s [p11_child[2085]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 1023s [p11_child[2085]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 1023s [p11_child[2085]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 1023s [p11_child[2085]] [do_card] (0x4000): Certificate verified and validated. 1023s [p11_child[2085]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 1023s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-UXiNoj/SSSD-child-443-auth.output 1023s + echo '-----BEGIN CERTIFICATE-----' 1023s + tail -n1 /tmp/sssd-softhsm2-UXiNoj/SSSD-child-443-auth.output 1023s + echo '-----END CERTIFICATE-----' 1023s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-UXiNoj/SSSD-child-443-auth.pem 1024s Certificate: 1024s Data: 1024s Version: 3 (0x2) 1024s Serial Number: 3 (0x3) 1024s Signature Algorithm: sha256WithRSAEncryption 1024s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 1024s Validity 1024s Not Before: Mar 25 11:11:17 2024 GMT 1024s Not After : Mar 25 11:11:17 2025 GMT 1024s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 1024s Subject Public Key Info: 1024s Public Key Algorithm: rsaEncryption 1024s Public-Key: (1024 bit) 1024s Modulus: 1024s 00:b7:32:33:f1:d9:fa:0a:a9:6f:e8:90:7f:37:02: 1024s 8c:3d:52:f8:d9:05:de:6c:97:89:64:d7:bb:32:ea: 1024s c8:a2:4d:76:6a:4a:ee:69:7e:d9:e2:81:bc:41:4b: 1024s 20:c5:d9:87:90:9b:60:ea:47:cd:d3:aa:77:2a:dd: 1024s 87:f9:d3:57:49:bd:44:3d:05:f3:c2:0a:19:df:b9: 1024s b4:f7:e9:42:a6:c6:eb:14:4b:c2:cb:1e:51:ad:ca: 1024s 6f:54:13:12:b3:de:e4:f9:96:7a:84:9a:2d:c9:67: 1024s 56:d8:0f:f9:30:7b:05:3e:90:55:42:e1:09:37:82: 1024s e5:0f:1e:67:72:aa:0a:b5:33 1024s Exponent: 65537 (0x10001) 1024s X509v3 extensions: 1024s X509v3 Authority Key Identifier: 1024s 33:AA:10:E2:C5:B5:87:6F:39:1C:1B:BC:F7:F5:C0:F9:26:3A:68:26 1024s X509v3 Basic Constraints: 1024s CA:FALSE 1024s Netscape Cert Type: 1024s SSL Client, S/MIME 1024s Netscape Comment: 1024s Test Organization Root CA trusted Certificate 1024s X509v3 Subject Key Identifier: 1024s 43:83:0E:6C:08:CF:8D:AE:3E:D2:F5:66:35:7E:CC:E2:91:F7:84:79 1024s X509v3 Key Usage: critical 1024s Digital Signature, Non Repudiation, Key Encipherment 1024s X509v3 Extended Key Usage: 1024s TLS Web Client Authentication, E-mail Protection 1024s X509v3 Subject Alternative Name: 1024s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 1024s Signature Algorithm: sha256WithRSAEncryption 1024s Signature Value: 1024s 94:06:06:c9:dc:20:51:d9:0a:cb:1b:fd:8f:ce:70:39:b6:88: 1024s 5a:b2:34:85:92:af:f9:d0:04:96:a3:43:06:60:5c:50:07:c4: 1024s c7:b0:ff:25:98:3e:36:52:e6:ee:f7:b0:0f:62:70:54:57:2f: 1024s 9b:c4:8c:3c:78:1a:c9:e4:d1:44:90:62:ad:79:62:0c:ed:7b: 1024s ef:b6:50:8d:7a:63:9a:5a:1c:8c:a6:18:81:33:89:10:82:74: 1024s 9d:b8:aa:3c:3e:61:d8:4c:4b:3f:b2:c4:f5:b0:35:6d:d5:67: 1024s bd:85:4e:42:35:08:6b:08:c6:1c:1c:8f:35:a4:20:e8:d7:a0: 1024s f8:fc 1024s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-UXiNoj/SSSD-child-443-auth.pem 1024s + found_md5=Modulus=B73233F1D9FA0AA96FE8907F37028C3D52F8D905DE6C978964D7BB32EAC8A24D766A4AEE697ED9E281BC414B20C5D987909B60EA47CDD3AA772ADD87F9D35749BD443D05F3C20A19DFB9B4F7E942A6C6EB144BC2CB1E51ADCA6F541312B3DEE4F9967A849A2DC96756D80FF9307B053E905542E1093782E50F1E6772AA0AB533 1024s + '[' Modulus=B73233F1D9FA0AA96FE8907F37028C3D52F8D905DE6C978964D7BB32EAC8A24D766A4AEE697ED9E281BC414B20C5D987909B60EA47CDD3AA772ADD87F9D35749BD443D05F3C20A19DFB9B4F7E942A6C6EB144BC2CB1E51ADCA6F541312B3DEE4F9967A849A2DC96756D80FF9307B053E905542E1093782E50F1E6772AA0AB533 '!=' Modulus=B73233F1D9FA0AA96FE8907F37028C3D52F8D905DE6C978964D7BB32EAC8A24D766A4AEE697ED9E281BC414B20C5D987909B60EA47CDD3AA772ADD87F9D35749BD443D05F3C20A19DFB9B4F7E942A6C6EB144BC2CB1E51ADCA6F541312B3DEE4F9967A849A2DC96756D80FF9307B053E905542E1093782E50F1E6772AA0AB533 ']' 1024s + valid_certificate /tmp/sssd-softhsm2-UXiNoj/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-21963 /tmp/sssd-softhsm2-UXiNoj/test-full-chain-CA.pem 1024s + check_certificate /tmp/sssd-softhsm2-UXiNoj/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-21963 /tmp/sssd-softhsm2-UXiNoj/test-full-chain-CA.pem 1024s + local certificate=/tmp/sssd-softhsm2-UXiNoj/test-root-CA-trusted-certificate-0001.pem 1024s + local key_pass=pass:random-root-ca-trusted-cert-0001-21963 1024s + local key_ring=/tmp/sssd-softhsm2-UXiNoj/test-full-chain-CA.pem 1024s + local verify_option= 1024s + prepare_softhsm2_card /tmp/sssd-softhsm2-UXiNoj/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-21963 1024s + local certificate=/tmp/sssd-softhsm2-UXiNoj/test-root-CA-trusted-certificate-0001.pem 1024s + local key_pass=pass:random-root-ca-trusted-cert-0001-21963 1024s + local key_cn 1024s + local key_name 1024s + local tokens_dir 1024s + local output_cert_file 1024s + token_name= 1024s ++ basename /tmp/sssd-softhsm2-UXiNoj/test-root-CA-trusted-certificate-0001.pem .pem 1024s + key_name=test-root-CA-trusted-certificate-0001 1024s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-UXiNoj/test-root-CA-trusted-certificate-0001.pem 1024s ++ sed -n 's/ *commonName *= //p' 1024s + key_cn='Test Organization Root Trusted Certificate 0001' 1024s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 1024s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-UXiNoj/softhsm2-test-root-CA-trusted-certificate-0001.conf 1024s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-UXiNoj/softhsm2-test-root-CA-trusted-certificate-0001.conf 1024s ++ basename /tmp/sssd-softhsm2-UXiNoj/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 1024s + tokens_dir=/tmp/sssd-softhsm2-UXiNoj/softhsm2-test-root-CA-trusted-certificate-0001 1024s + token_name='Test Organization Root Tr Token' 1024s + '[' '!' -e /tmp/sssd-softhsm2-UXiNoj/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 1024s + '[' '!' -d /tmp/sssd-softhsm2-UXiNoj/softhsm2-test-root-CA-trusted-certificate-0001 ']' 1024s + echo 'Test Organization Root Tr Token' 1024s Test Organization Root Tr Token 1024s + '[' -n '' ']' 1024s + local output_base_name=SSSD-child-8696 1024s + local output_file=/tmp/sssd-softhsm2-UXiNoj/SSSD-child-8696.output 1024s + output_cert_file=/tmp/sssd-softhsm2-UXiNoj/SSSD-child-8696.pem 1024s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-UXiNoj/test-full-chain-CA.pem 1024s [p11_child[2095]] [main] (0x0400): p11_child started. 1024s [p11_child[2095]] [main] (0x2000): Running in [pre-auth] mode. 1024s [p11_child[2095]] [main] (0x2000): Running with effective IDs: [0][0]. 1024s [p11_child[2095]] [main] (0x2000): Running with real IDs [0][0]. 1024s [p11_child[2095]] [do_card] (0x4000): Module List: 1024s [p11_child[2095]] [do_card] (0x4000): common name: [softhsm2]. 1024s [p11_child[2095]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 1024s [p11_child[2095]] [do_card] (0x4000): Description [SoftHSM slot ID 0xd115d1a] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 1024s [p11_child[2095]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 1024s [p11_child[2095]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0xd115d1a][219241754] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 1024s [p11_child[2095]] [do_card] (0x4000): Login NOT required. 1024s [p11_child[2095]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 1024s [p11_child[2095]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 1024s [p11_child[2095]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Root Tr Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 1024s [p11_child[2095]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200xd115d1a;slot-manufacturer=SoftHSM%20project;slot-id=219241754;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=166a02228d115d1a;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 1024s [p11_child[2095]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 1024s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-UXiNoj/SSSD-child-8696.output 1024s + echo '-----BEGIN CERTIFICATE-----' 1024s + tail -n1 /tmp/sssd-softhsm2-UXiNoj/SSSD-child-8696.output 1024s + echo '-----END CERTIFICATE-----' 1024s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-UXiNoj/SSSD-child-8696.pem 1024s Certificate: 1024s Data: 1024s Version: 3 (0x2) 1024s Serial Number: 3 (0x3) 1024s Signature Algorithm: sha256WithRSAEncryption 1024s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 1024s Validity 1024s Not Before: Mar 25 11:11:17 2024 GMT 1024s Not After : Mar 25 11:11:17 2025 GMT 1024s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 1024s Subject Public Key Info: 1024s Public Key Algorithm: rsaEncryption 1024s Public-Key: (1024 bit) 1024s Modulus: 1024s 00:b7:32:33:f1:d9:fa:0a:a9:6f:e8:90:7f:37:02: 1024s 8c:3d:52:f8:d9:05:de:6c:97:89:64:d7:bb:32:ea: 1024s c8:a2:4d:76:6a:4a:ee:69:7e:d9:e2:81:bc:41:4b: 1024s 20:c5:d9:87:90:9b:60:ea:47:cd:d3:aa:77:2a:dd: 1024s 87:f9:d3:57:49:bd:44:3d:05:f3:c2:0a:19:df:b9: 1024s b4:f7:e9:42:a6:c6:eb:14:4b:c2:cb:1e:51:ad:ca: 1024s 6f:54:13:12:b3:de:e4:f9:96:7a:84:9a:2d:c9:67: 1024s 56:d8:0f:f9:30:7b:05:3e:90:55:42:e1:09:37:82: 1024s e5:0f:1e:67:72:aa:0a:b5:33 1024s Exponent: 65537 (0x10001) 1024s X509v3 extensions: 1024s X509v3 Authority Key Identifier: 1024s 33:AA:10:E2:C5:B5:87:6F:39:1C:1B:BC:F7:F5:C0:F9:26:3A:68:26 1024s X509v3 Basic Constraints: 1024s CA:FALSE 1024s Netscape Cert Type: 1024s SSL Client, S/MIME 1024s Netscape Comment: 1024s Test Organization Root CA trusted Certificate 1024s X509v3 Subject Key Identifier: 1024s 43:83:0E:6C:08:CF:8D:AE:3E:D2:F5:66:35:7E:CC:E2:91:F7:84:79 1024s X509v3 Key Usage: critical 1024s Digital Signature, Non Repudiation, Key Encipherment 1024s X509v3 Extended Key Usage: 1024s TLS Web Client Authentication, E-mail Protection 1024s X509v3 Subject Alternative Name: 1024s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 1024s Signature Algorithm: sha256WithRSAEncryption 1024s Signature Value: 1024s 94:06:06:c9:dc:20:51:d9:0a:cb:1b:fd:8f:ce:70:39:b6:88: 1024s 5a:b2:34:85:92:af:f9:d0:04:96:a3:43:06:60:5c:50:07:c4: 1024s c7:b0:ff:25:98:3e:36:52:e6:ee:f7:b0:0f:62:70:54:57:2f: 1024s 9b:c4:8c:3c:78:1a:c9:e4:d1:44:90:62:ad:79:62:0c:ed:7b: 1024s ef:b6:50:8d:7a:63:9a:5a:1c:8c:a6:18:81:33:89:10:82:74: 1024s 9d:b8:aa:3c:3e:61:d8:4c:4b:3f:b2:c4:f5:b0:35:6d:d5:67: 1024s bd:85:4e:42:35:08:6b:08:c6:1c:1c:8f:35:a4:20:e8:d7:a0: 1024s f8:fc 1024s + local found_md5 expected_md5 1024s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-UXiNoj/test-root-CA-trusted-certificate-0001.pem 1024s + expected_md5=Modulus=B73233F1D9FA0AA96FE8907F37028C3D52F8D905DE6C978964D7BB32EAC8A24D766A4AEE697ED9E281BC414B20C5D987909B60EA47CDD3AA772ADD87F9D35749BD443D05F3C20A19DFB9B4F7E942A6C6EB144BC2CB1E51ADCA6F541312B3DEE4F9967A849A2DC96756D80FF9307B053E905542E1093782E50F1E6772AA0AB533 1024s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-UXiNoj/SSSD-child-8696.pem 1024s + found_md5=Modulus=B73233F1D9FA0AA96FE8907F37028C3D52F8D905DE6C978964D7BB32EAC8A24D766A4AEE697ED9E281BC414B20C5D987909B60EA47CDD3AA772ADD87F9D35749BD443D05F3C20A19DFB9B4F7E942A6C6EB144BC2CB1E51ADCA6F541312B3DEE4F9967A849A2DC96756D80FF9307B053E905542E1093782E50F1E6772AA0AB533 1024s + '[' Modulus=B73233F1D9FA0AA96FE8907F37028C3D52F8D905DE6C978964D7BB32EAC8A24D766A4AEE697ED9E281BC414B20C5D987909B60EA47CDD3AA772ADD87F9D35749BD443D05F3C20A19DFB9B4F7E942A6C6EB144BC2CB1E51ADCA6F541312B3DEE4F9967A849A2DC96756D80FF9307B053E905542E1093782E50F1E6772AA0AB533 '!=' Modulus=B73233F1D9FA0AA96FE8907F37028C3D52F8D905DE6C978964D7BB32EAC8A24D766A4AEE697ED9E281BC414B20C5D987909B60EA47CDD3AA772ADD87F9D35749BD443D05F3C20A19DFB9B4F7E942A6C6EB144BC2CB1E51ADCA6F541312B3DEE4F9967A849A2DC96756D80FF9307B053E905542E1093782E50F1E6772AA0AB533 ']' 1024s + output_file=/tmp/sssd-softhsm2-UXiNoj/SSSD-child-8696-auth.output 1024s ++ basename /tmp/sssd-softhsm2-UXiNoj/SSSD-child-8696-auth.output .output 1024s + output_cert_file=/tmp/sssd-softhsm2-UXiNoj/SSSD-child-8696-auth.pem 1024s + echo -n 053350 1024s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-UXiNoj/test-full-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 '' --token_name 'Test Organization Root Tr Token' --module_name /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so 1024s [p11_child[2103]] [main] (0x0400): p11_child started. 1024s [p11_child[2103]] [main] (0x2000): Running in [auth] mode. 1024s [p11_child[2103]] [main] (0x2000): Running with effective IDs: [0][0]. 1024s [p11_child[2103]] [main] (0x2000): Running with real IDs [0][0]. 1024s [p11_child[2103]] [do_card] (0x4000): Module List: 1024s [p11_child[2103]] [do_card] (0x4000): common name: [softhsm2]. 1024s [p11_child[2103]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 1024s [p11_child[2103]] [do_card] (0x4000): Description [SoftHSM slot ID 0xd115d1a] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 1024s [p11_child[2103]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 1024s [p11_child[2103]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0xd115d1a][219241754] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 1024s [p11_child[2103]] [do_card] (0x4000): Login required. 1024s [p11_child[2103]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 1024s [p11_child[2103]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 1024s [p11_child[2103]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so Test Organization Root Tr Token Test Organization Root Tr Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 1024s [p11_child[2103]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200xd115d1a;slot-manufacturer=SoftHSM%20project;slot-id=219241754;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=166a02228d115d1a;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 1024s [p11_child[2103]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 1024s [p11_child[2103]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 1024s [p11_child[2103]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 1024s [p11_child[2103]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 1024s [p11_child[2103]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 1024s [p11_child[2103]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 1024s [p11_child[2103]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 1024s [p11_child[2103]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 1024s [p11_child[2103]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 1024s [p11_child[2103]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 1024s [p11_child[2103]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 1024s [p11_child[2103]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 1024s [p11_child[2103]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 1024s [p11_child[2103]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 1024s [p11_child[2103]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 1024s [p11_child[2103]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 1024s [p11_child[2103]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 1024s [p11_child[2103]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 1024s [p11_child[2103]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 1024s [p11_child[2103]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 1024s [p11_child[2103]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 1024s [p11_child[2103]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 1024s [p11_child[2103]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 1024s [p11_child[2103]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 1024s [p11_child[2103]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 1024s [p11_child[2103]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 1024s [p11_child[2103]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 1024s [p11_child[2103]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 1024s [p11_child[2103]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 1024s [p11_child[2103]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 1024s [p11_child[2103]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 1024s [p11_child[2103]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 1024s [p11_child[2103]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 1024s [p11_child[2103]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 1024s [p11_child[2103]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 1024s [p11_child[2103]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 1024s [p11_child[2103]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 1024s [p11_child[2103]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 1024s [p11_child[2103]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 1024s [p11_child[2103]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 1024s [p11_child[2103]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 1024s [p11_child[2103]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 1024s [p11_child[2103]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 1024s [p11_child[2103]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 1024s [p11_child[2103]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 1024s [p11_child[2103]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 1024s [p11_child[2103]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 1024s [p11_child[2103]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 1024s [p11_child[2103]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 1024s [p11_child[2103]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 1024s [p11_child[2103]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 1024s [p11_child[2103]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 1024s [p11_child[2103]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 1024s [p11_child[2103]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 1024s [p11_child[2103]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 1024s [p11_child[2103]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 1024s [p11_child[2103]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 1024s [p11_child[2103]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 1024s [p11_child[2103]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 1024s [p11_child[2103]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 1024s [p11_child[2103]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 1024s [p11_child[2103]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 1024s [p11_child[2103]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 1024s [p11_child[2103]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 1024s [p11_child[2103]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 1024s [p11_child[2103]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 1024s [p11_child[2103]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 1024s [p11_child[2103]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 1024s [p11_child[2103]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 1024s [p11_child[2103]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 1024s [p11_child[2103]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 1024s [p11_child[2103]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 1024s [p11_child[2103]] [do_card] (0x4000): Certificate verified and validated. 1024s [p11_child[2103]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 1024s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-UXiNoj/SSSD-child-8696-auth.output 1024s + echo '-----BEGIN CERTIFICATE-----' 1024s + tail -n1 /tmp/sssd-softhsm2-UXiNoj/SSSD-child-8696-auth.output 1024s + echo '-----END CERTIFICATE-----' 1024s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-UXiNoj/SSSD-child-8696-auth.pem 1024s Certificate: 1024s Data: 1024s Version: 3 (0x2) 1024s Serial Number: 3 (0x3) 1024s Signature Algorithm: sha256WithRSAEncryption 1024s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 1024s Validity 1024s Not Before: Mar 25 11:11:17 2024 GMT 1024s Not After : Mar 25 11:11:17 2025 GMT 1024s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 1024s Subject Public Key Info: 1024s Public Key Algorithm: rsaEncryption 1024s Public-Key: (1024 bit) 1024s Modulus: 1024s 00:b7:32:33:f1:d9:fa:0a:a9:6f:e8:90:7f:37:02: 1024s 8c:3d:52:f8:d9:05:de:6c:97:89:64:d7:bb:32:ea: 1024s c8:a2:4d:76:6a:4a:ee:69:7e:d9:e2:81:bc:41:4b: 1024s 20:c5:d9:87:90:9b:60:ea:47:cd:d3:aa:77:2a:dd: 1024s 87:f9:d3:57:49:bd:44:3d:05:f3:c2:0a:19:df:b9: 1024s b4:f7:e9:42:a6:c6:eb:14:4b:c2:cb:1e:51:ad:ca: 1024s 6f:54:13:12:b3:de:e4:f9:96:7a:84:9a:2d:c9:67: 1024s 56:d8:0f:f9:30:7b:05:3e:90:55:42:e1:09:37:82: 1024s e5:0f:1e:67:72:aa:0a:b5:33 1024s Exponent: 65537 (0x10001) 1024s X509v3 extensions: 1024s X509v3 Authority Key Identifier: 1024s 33:AA:10:E2:C5:B5:87:6F:39:1C:1B:BC:F7:F5:C0:F9:26:3A:68:26 1024s X509v3 Basic Constraints: 1024s CA:FALSE 1024s Netscape Cert Type: 1024s SSL Client, S/MIME 1024s Netscape Comment: 1024s Test Organization Root CA trusted Certificate 1024s X509v3 Subject Key Identifier: 1024s 43:83:0E:6C:08:CF:8D:AE:3E:D2:F5:66:35:7E:CC:E2:91:F7:84:79 1024s X509v3 Key Usage: critical 1024s Digital Signature, Non Repudiation, Key Encipherment 1024s X509v3 Extended Key Usage: 1024s TLS Web Client Authentication, E-mail Protection 1024s X509v3 Subject Alternative Name: 1024s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 1024s Signature Algorithm: sha256WithRSAEncryption 1024s Signature Value: 1024s 94:06:06:c9:dc:20:51:d9:0a:cb:1b:fd:8f:ce:70:39:b6:88: 1024s 5a:b2:34:85:92:af:f9:d0:04:96:a3:43:06:60:5c:50:07:c4: 1024s c7:b0:ff:25:98:3e:36:52:e6:ee:f7:b0:0f:62:70:54:57:2f: 1024s 9b:c4:8c:3c:78:1a:c9:e4:d1:44:90:62:ad:79:62:0c:ed:7b: 1024s ef:b6:50:8d:7a:63:9a:5a:1c:8c:a6:18:81:33:89:10:82:74: 1024s 9d:b8:aa:3c:3e:61:d8:4c:4b:3f:b2:c4:f5:b0:35:6d:d5:67: 1024s bd:85:4e:42:35:08:6b:08:c6:1c:1c:8f:35:a4:20:e8:d7:a0: 1024s f8:fc 1024s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-UXiNoj/SSSD-child-8696-auth.pem 1025s + found_md5=Modulus=B73233F1D9FA0AA96FE8907F37028C3D52F8D905DE6C978964D7BB32EAC8A24D766A4AEE697ED9E281BC414B20C5D987909B60EA47CDD3AA772ADD87F9D35749BD443D05F3C20A19DFB9B4F7E942A6C6EB144BC2CB1E51ADCA6F541312B3DEE4F9967A849A2DC96756D80FF9307B053E905542E1093782E50F1E6772AA0AB533 1025s + '[' Modulus=B73233F1D9FA0AA96FE8907F37028C3D52F8D905DE6C978964D7BB32EAC8A24D766A4AEE697ED9E281BC414B20C5D987909B60EA47CDD3AA772ADD87F9D35749BD443D05F3C20A19DFB9B4F7E942A6C6EB144BC2CB1E51ADCA6F541312B3DEE4F9967A849A2DC96756D80FF9307B053E905542E1093782E50F1E6772AA0AB533 '!=' Modulus=B73233F1D9FA0AA96FE8907F37028C3D52F8D905DE6C978964D7BB32EAC8A24D766A4AEE697ED9E281BC414B20C5D987909B60EA47CDD3AA772ADD87F9D35749BD443D05F3C20A19DFB9B4F7E942A6C6EB144BC2CB1E51ADCA6F541312B3DEE4F9967A849A2DC96756D80FF9307B053E905542E1093782E50F1E6772AA0AB533 ']' 1025s + valid_certificate /tmp/sssd-softhsm2-UXiNoj/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-21963 /tmp/sssd-softhsm2-UXiNoj/test-full-chain-CA.pem partial_chain 1025s + check_certificate /tmp/sssd-softhsm2-UXiNoj/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-21963 /tmp/sssd-softhsm2-UXiNoj/test-full-chain-CA.pem partial_chain 1025s + local certificate=/tmp/sssd-softhsm2-UXiNoj/test-root-CA-trusted-certificate-0001.pem 1025s + local key_pass=pass:random-root-ca-trusted-cert-0001-21963 1025s + local key_ring=/tmp/sssd-softhsm2-UXiNoj/test-full-chain-CA.pem 1025s + local verify_option=partial_chain 1025s + prepare_softhsm2_card /tmp/sssd-softhsm2-UXiNoj/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-21963 1025s + local certificate=/tmp/sssd-softhsm2-UXiNoj/test-root-CA-trusted-certificate-0001.pem 1025s + local key_pass=pass:random-root-ca-trusted-cert-0001-21963 1025s + local key_cn 1025s + local key_name 1025s + local tokens_dir 1025s + local output_cert_file 1025s + token_name= 1025s ++ basename /tmp/sssd-softhsm2-UXiNoj/test-root-CA-trusted-certificate-0001.pem .pem 1025s + key_name=test-root-CA-trusted-certificate-0001 1025s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-UXiNoj/test-root-CA-trusted-certificate-0001.pem 1025s ++ sed -n 's/ *commonName *= //p' 1025s + key_cn='Test Organization Root Trusted Certificate 0001' 1025s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 1025s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-UXiNoj/softhsm2-test-root-CA-trusted-certificate-0001.conf 1025s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-UXiNoj/softhsm2-test-root-CA-trusted-certificate-0001.conf 1025s ++ basename /tmp/sssd-softhsm2-UXiNoj/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 1025s + tokens_dir=/tmp/sssd-softhsm2-UXiNoj/softhsm2-test-root-CA-trusted-certificate-0001 1025s + token_name='Test Organization Root Tr Token' 1025s + '[' '!' -e /tmp/sssd-softhsm2-UXiNoj/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 1025s + '[' '!' -d /tmp/sssd-softhsm2-UXiNoj/softhsm2-test-root-CA-trusted-certificate-0001 ']' 1025s + echo 'Test Organization Root Tr Token' 1025s Test Organization Root Tr Token 1025s + '[' -n partial_chain ']' 1025s + local verify_arg=--verify=partial_chain 1025s + local output_base_name=SSSD-child-26214 1025s + local output_file=/tmp/sssd-softhsm2-UXiNoj/SSSD-child-26214.output 1025s + output_cert_file=/tmp/sssd-softhsm2-UXiNoj/SSSD-child-26214.pem 1025s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-UXiNoj/test-full-chain-CA.pem 1025s [p11_child[2113]] [main] (0x0400): p11_child started. 1025s [p11_child[2113]] [main] (0x2000): Running in [pre-auth] mode. 1025s [p11_child[2113]] [main] (0x2000): Running with effective IDs: [0][0]. 1025s [p11_child[2113]] [main] (0x2000): Running with real IDs [0][0]. 1025s [p11_child[2113]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 1025s [p11_child[2113]] [do_card] (0x4000): Module List: 1025s [p11_child[2113]] [do_card] (0x4000): common name: [softhsm2]. 1025s [p11_child[2113]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 1025s [p11_child[2113]] [do_card] (0x4000): Description [SoftHSM slot ID 0xd115d1a] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 1025s [p11_child[2113]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 1025s [p11_child[2113]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0xd115d1a][219241754] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 1025s [p11_child[2113]] [do_card] (0x4000): Login NOT required. 1025s [p11_child[2113]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 1025s [p11_child[2113]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 1025s [p11_child[2113]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Root Tr Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 1025s [p11_child[2113]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200xd115d1a;slot-manufacturer=SoftHSM%20project;slot-id=219241754;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=166a02228d115d1a;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 1025s [p11_child[2113]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 1025s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-UXiNoj/SSSD-child-26214.output 1025s + echo '-----BEGIN CERTIFICATE-----' 1025s + tail -n1 /tmp/sssd-softhsm2-UXiNoj/SSSD-child-26214.output 1025s + echo '-----END CERTIFICATE-----' 1025s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-UXiNoj/SSSD-child-26214.pem 1025s Certificate: 1025s Data: 1025s Version: 3 (0x2) 1025s Serial Number: 3 (0x3) 1025s Signature Algorithm: sha256WithRSAEncryption 1025s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 1025s Validity 1025s Not Before: Mar 25 11:11:17 2024 GMT 1025s Not After : Mar 25 11:11:17 2025 GMT 1025s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 1025s Subject Public Key Info: 1025s Public Key Algorithm: rsaEncryption 1025s Public-Key: (1024 bit) 1025s Modulus: 1025s 00:b7:32:33:f1:d9:fa:0a:a9:6f:e8:90:7f:37:02: 1025s 8c:3d:52:f8:d9:05:de:6c:97:89:64:d7:bb:32:ea: 1025s c8:a2:4d:76:6a:4a:ee:69:7e:d9:e2:81:bc:41:4b: 1025s 20:c5:d9:87:90:9b:60:ea:47:cd:d3:aa:77:2a:dd: 1025s 87:f9:d3:57:49:bd:44:3d:05:f3:c2:0a:19:df:b9: 1025s b4:f7:e9:42:a6:c6:eb:14:4b:c2:cb:1e:51:ad:ca: 1025s 6f:54:13:12:b3:de:e4:f9:96:7a:84:9a:2d:c9:67: 1025s 56:d8:0f:f9:30:7b:05:3e:90:55:42:e1:09:37:82: 1025s e5:0f:1e:67:72:aa:0a:b5:33 1025s Exponent: 65537 (0x10001) 1025s X509v3 extensions: 1025s X509v3 Authority Key Identifier: 1025s 33:AA:10:E2:C5:B5:87:6F:39:1C:1B:BC:F7:F5:C0:F9:26:3A:68:26 1025s X509v3 Basic Constraints: 1025s CA:FALSE 1025s Netscape Cert Type: 1025s SSL Client, S/MIME 1025s Netscape Comment: 1025s Test Organization Root CA trusted Certificate 1025s X509v3 Subject Key Identifier: 1025s 43:83:0E:6C:08:CF:8D:AE:3E:D2:F5:66:35:7E:CC:E2:91:F7:84:79 1025s X509v3 Key Usage: critical 1025s Digital Signature, Non Repudiation, Key Encipherment 1025s X509v3 Extended Key Usage: 1025s TLS Web Client Authentication, E-mail Protection 1025s X509v3 Subject Alternative Name: 1025s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 1025s Signature Algorithm: sha256WithRSAEncryption 1025s Signature Value: 1025s 94:06:06:c9:dc:20:51:d9:0a:cb:1b:fd:8f:ce:70:39:b6:88: 1025s 5a:b2:34:85:92:af:f9:d0:04:96:a3:43:06:60:5c:50:07:c4: 1025s c7:b0:ff:25:98:3e:36:52:e6:ee:f7:b0:0f:62:70:54:57:2f: 1025s 9b:c4:8c:3c:78:1a:c9:e4:d1:44:90:62:ad:79:62:0c:ed:7b: 1025s ef:b6:50:8d:7a:63:9a:5a:1c:8c:a6:18:81:33:89:10:82:74: 1025s 9d:b8:aa:3c:3e:61:d8:4c:4b:3f:b2:c4:f5:b0:35:6d:d5:67: 1025s bd:85:4e:42:35:08:6b:08:c6:1c:1c:8f:35:a4:20:e8:d7:a0: 1025s f8:fc 1025s + local found_md5 expected_md5 1025s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-UXiNoj/test-root-CA-trusted-certificate-0001.pem 1025s + expected_md5=Modulus=B73233F1D9FA0AA96FE8907F37028C3D52F8D905DE6C978964D7BB32EAC8A24D766A4AEE697ED9E281BC414B20C5D987909B60EA47CDD3AA772ADD87F9D35749BD443D05F3C20A19DFB9B4F7E942A6C6EB144BC2CB1E51ADCA6F541312B3DEE4F9967A849A2DC96756D80FF9307B053E905542E1093782E50F1E6772AA0AB533 1025s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-UXiNoj/SSSD-child-26214.pem 1025s + found_md5=Modulus=B73233F1D9FA0AA96FE8907F37028C3D52F8D905DE6C978964D7BB32EAC8A24D766A4AEE697ED9E281BC414B20C5D987909B60EA47CDD3AA772ADD87F9D35749BD443D05F3C20A19DFB9B4F7E942A6C6EB144BC2CB1E51ADCA6F541312B3DEE4F9967A849A2DC96756D80FF9307B053E905542E1093782E50F1E6772AA0AB533 1025s + '[' Modulus=B73233F1D9FA0AA96FE8907F37028C3D52F8D905DE6C978964D7BB32EAC8A24D766A4AEE697ED9E281BC414B20C5D987909B60EA47CDD3AA772ADD87F9D35749BD443D05F3C20A19DFB9B4F7E942A6C6EB144BC2CB1E51ADCA6F541312B3DEE4F9967A849A2DC96756D80FF9307B053E905542E1093782E50F1E6772AA0AB533 '!=' Modulus=B73233F1D9FA0AA96FE8907F37028C3D52F8D905DE6C978964D7BB32EAC8A24D766A4AEE697ED9E281BC414B20C5D987909B60EA47CDD3AA772ADD87F9D35749BD443D05F3C20A19DFB9B4F7E942A6C6EB144BC2CB1E51ADCA6F541312B3DEE4F9967A849A2DC96756D80FF9307B053E905542E1093782E50F1E6772AA0AB533 ']' 1025s + output_file=/tmp/sssd-softhsm2-UXiNoj/SSSD-child-26214-auth.output 1025s ++ basename /tmp/sssd-softhsm2-UXiNoj/SSSD-child-26214-auth.output .output 1025s + output_cert_file=/tmp/sssd-softhsm2-UXiNoj/SSSD-child-26214-auth.pem 1025s + echo -n 053350 1025s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-UXiNoj/test-full-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Root Tr Token' --module_name /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so 1025s [p11_child[2121]] [main] (0x0400): p11_child started. 1025s [p11_child[2121]] [main] (0x2000): Running in [auth] mode. 1025s [p11_child[2121]] [main] (0x2000): Running with effective IDs: [0][0]. 1025s [p11_child[2121]] [main] (0x2000): Running with real IDs [0][0]. 1025s [p11_child[2121]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 1025s [p11_child[2121]] [do_card] (0x4000): Module List: 1025s [p11_child[2121]] [do_card] (0x4000): common name: [softhsm2]. 1025s [p11_child[2121]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 1025s [p11_child[2121]] [do_card] (0x4000): Description [SoftHSM slot ID 0xd115d1a] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 1025s [p11_child[2121]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 1025s [p11_child[2121]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0xd115d1a][219241754] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 1025s [p11_child[2121]] [do_card] (0x4000): Login required. 1025s [p11_child[2121]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 1025s [p11_child[2121]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 1025s [p11_child[2121]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so Test Organization Root Tr Token Test Organization Root Tr Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 1025s [p11_child[2121]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200xd115d1a;slot-manufacturer=SoftHSM%20project;slot-id=219241754;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=166a02228d115d1a;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 1025s [p11_child[2121]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 1025s [p11_child[2121]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 1025s [p11_child[2121]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 1025s [p11_child[2121]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 1025s [p11_child[2121]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 1025s [p11_child[2121]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 1025s [p11_child[2121]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 1025s [p11_child[2121]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 1025s [p11_child[2121]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 1025s [p11_child[2121]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 1025s [p11_child[2121]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 1025s [p11_child[2121]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 1025s [p11_child[2121]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 1025s [p11_child[2121]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 1025s [p11_child[2121]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 1025s [p11_child[2121]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 1025s [p11_child[2121]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 1025s [p11_child[2121]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 1025s [p11_child[2121]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 1025s [p11_child[2121]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 1025s [p11_child[2121]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 1025s [p11_child[2121]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 1025s [p11_child[2121]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 1025s [p11_child[2121]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 1025s [p11_child[2121]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 1025s [p11_child[2121]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 1025s [p11_child[2121]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 1025s [p11_child[2121]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 1025s [p11_child[2121]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 1025s [p11_child[2121]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 1025s [p11_child[2121]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 1025s [p11_child[2121]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 1025s [p11_child[2121]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 1025s [p11_child[2121]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 1025s [p11_child[2121]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 1025s [p11_child[2121]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 1025s [p11_child[2121]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 1025s [p11_child[2121]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 1025s [p11_child[2121]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 1025s [p11_child[2121]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 1025s [p11_child[2121]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 1025s [p11_child[2121]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 1025s [p11_child[2121]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 1025s [p11_child[2121]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 1025s [p11_child[2121]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 1025s [p11_child[2121]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 1025s [p11_child[2121]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 1025s [p11_child[2121]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 1025s [p11_child[2121]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 1025s [p11_child[2121]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 1025s [p11_child[2121]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 1025s [p11_child[2121]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 1025s [p11_child[2121]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 1025s [p11_child[2121]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 1025s [p11_child[2121]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 1025s [p11_child[2121]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 1025s [p11_child[2121]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 1025s [p11_child[2121]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 1025s [p11_child[2121]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 1025s [p11_child[2121]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 1025s [p11_child[2121]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 1025s [p11_child[2121]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 1025s [p11_child[2121]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 1025s [p11_child[2121]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 1025s [p11_child[2121]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 1025s [p11_child[2121]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 1025s [p11_child[2121]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 1025s [p11_child[2121]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 1025s [p11_child[2121]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 1025s [p11_child[2121]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 1025s [p11_child[2121]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 1025s [p11_child[2121]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 1025s [p11_child[2121]] [do_card] (0x4000): Certificate verified and validated. 1025s [p11_child[2121]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 1025s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-UXiNoj/SSSD-child-26214-auth.output 1025s + echo '-----BEGIN CERTIFICATE-----' 1025s + tail -n1 /tmp/sssd-softhsm2-UXiNoj/SSSD-child-26214-auth.output 1025s + echo '-----END CERTIFICATE-----' 1025s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-UXiNoj/SSSD-child-26214-auth.pem 1025s Certificate: 1025s Data: 1025s Version: 3 (0x2) 1025s Serial Number: 3 (0x3) 1025s Signature Algorithm: sha256WithRSAEncryption 1025s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 1025s Validity 1025s Not Before: Mar 25 11:11:17 2024 GMT 1025s Not After : Mar 25 11:11:17 2025 GMT 1025s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 1025s Subject Public Key Info: 1025s Public Key Algorithm: rsaEncryption 1025s Public-Key: (1024 bit) 1025s Modulus: 1025s 00:b7:32:33:f1:d9:fa:0a:a9:6f:e8:90:7f:37:02: 1025s 8c:3d:52:f8:d9:05:de:6c:97:89:64:d7:bb:32:ea: 1025s c8:a2:4d:76:6a:4a:ee:69:7e:d9:e2:81:bc:41:4b: 1025s 20:c5:d9:87:90:9b:60:ea:47:cd:d3:aa:77:2a:dd: 1025s 87:f9:d3:57:49:bd:44:3d:05:f3:c2:0a:19:df:b9: 1025s b4:f7:e9:42:a6:c6:eb:14:4b:c2:cb:1e:51:ad:ca: 1025s 6f:54:13:12:b3:de:e4:f9:96:7a:84:9a:2d:c9:67: 1025s 56:d8:0f:f9:30:7b:05:3e:90:55:42:e1:09:37:82: 1025s e5:0f:1e:67:72:aa:0a:b5:33 1025s Exponent: 65537 (0x10001) 1025s X509v3 extensions: 1025s X509v3 Authority Key Identifier: 1025s 33:AA:10:E2:C5:B5:87:6F:39:1C:1B:BC:F7:F5:C0:F9:26:3A:68:26 1025s X509v3 Basic Constraints: 1025s CA:FALSE 1025s Netscape Cert Type: 1025s SSL Client, S/MIME 1025s Netscape Comment: 1025s Test Organization Root CA trusted Certificate 1025s X509v3 Subject Key Identifier: 1025s 43:83:0E:6C:08:CF:8D:AE:3E:D2:F5:66:35:7E:CC:E2:91:F7:84:79 1025s X509v3 Key Usage: critical 1025s Digital Signature, Non Repudiation, Key Encipherment 1025s X509v3 Extended Key Usage: 1025s TLS Web Client Authentication, E-mail Protection 1025s X509v3 Subject Alternative Name: 1025s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 1025s Signature Algorithm: sha256WithRSAEncryption 1025s Signature Value: 1025s 94:06:06:c9:dc:20:51:d9:0a:cb:1b:fd:8f:ce:70:39:b6:88: 1025s 5a:b2:34:85:92:af:f9:d0:04:96:a3:43:06:60:5c:50:07:c4: 1025s c7:b0:ff:25:98:3e:36:52:e6:ee:f7:b0:0f:62:70:54:57:2f: 1025s 9b:c4:8c:3c:78:1a:c9:e4:d1:44:90:62:ad:79:62:0c:ed:7b: 1025s ef:b6:50:8d:7a:63:9a:5a:1c:8c:a6:18:81:33:89:10:82:74: 1025s 9d:b8:aa:3c:3e:61:d8:4c:4b:3f:b2:c4:f5:b0:35:6d:d5:67: 1025s bd:85:4e:42:35:08:6b:08:c6:1c:1c:8f:35:a4:20:e8:d7:a0: 1025s f8:fc 1025s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-UXiNoj/SSSD-child-26214-auth.pem 1025s + found_md5=Modulus=B73233F1D9FA0AA96FE8907F37028C3D52F8D905DE6C978964D7BB32EAC8A24D766A4AEE697ED9E281BC414B20C5D987909B60EA47CDD3AA772ADD87F9D35749BD443D05F3C20A19DFB9B4F7E942A6C6EB144BC2CB1E51ADCA6F541312B3DEE4F9967A849A2DC96756D80FF9307B053E905542E1093782E50F1E6772AA0AB533 1025s + '[' Modulus=B73233F1D9FA0AA96FE8907F37028C3D52F8D905DE6C978964D7BB32EAC8A24D766A4AEE697ED9E281BC414B20C5D987909B60EA47CDD3AA772ADD87F9D35749BD443D05F3C20A19DFB9B4F7E942A6C6EB144BC2CB1E51ADCA6F541312B3DEE4F9967A849A2DC96756D80FF9307B053E905542E1093782E50F1E6772AA0AB533 '!=' Modulus=B73233F1D9FA0AA96FE8907F37028C3D52F8D905DE6C978964D7BB32EAC8A24D766A4AEE697ED9E281BC414B20C5D987909B60EA47CDD3AA772ADD87F9D35749BD443D05F3C20A19DFB9B4F7E942A6C6EB144BC2CB1E51ADCA6F541312B3DEE4F9967A849A2DC96756D80FF9307B053E905542E1093782E50F1E6772AA0AB533 ']' 1025s + invalid_certificate /tmp/sssd-softhsm2-UXiNoj/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-21963 /tmp/sssd-softhsm2-UXiNoj/test-intermediate-CA.pem 1025s + check_certificate /tmp/sssd-softhsm2-UXiNoj/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-21963 /tmp/sssd-softhsm2-UXiNoj/test-intermediate-CA.pem 1025s + local certificate=/tmp/sssd-softhsm2-UXiNoj/test-root-CA-trusted-certificate-0001.pem 1025s + local key_pass=pass:random-root-ca-trusted-cert-0001-21963 1025s + local key_ring=/tmp/sssd-softhsm2-UXiNoj/test-intermediate-CA.pem 1025s + local verify_option= 1025s + prepare_softhsm2_card /tmp/sssd-softhsm2-UXiNoj/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-21963 1025s + local certificate=/tmp/sssd-softhsm2-UXiNoj/test-root-CA-trusted-certificate-0001.pem 1025s + local key_pass=pass:random-root-ca-trusted-cert-0001-21963 1025s + local key_cn 1025s + local key_name 1025s + local tokens_dir 1025s + local output_cert_file 1025s + token_name= 1025s ++ basename /tmp/sssd-softhsm2-UXiNoj/test-root-CA-trusted-certificate-0001.pem .pem 1025s + key_name=test-root-CA-trusted-certificate-0001 1025s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-UXiNoj/test-root-CA-trusted-certificate-0001.pem 1025s ++ sed -n 's/ *commonName *= //p' 1026s + key_cn='Test Organization Root Trusted Certificate 0001' 1026s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 1026s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-UXiNoj/softhsm2-test-root-CA-trusted-certificate-0001.conf 1026s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-UXiNoj/softhsm2-test-root-CA-trusted-certificate-0001.conf 1026s ++ basename /tmp/sssd-softhsm2-UXiNoj/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 1026s Test Organization Root Tr Token 1026s + tokens_dir=/tmp/sssd-softhsm2-UXiNoj/softhsm2-test-root-CA-trusted-certificate-0001 1026s + token_name='Test Organization Root Tr Token' 1026s + '[' '!' -e /tmp/sssd-softhsm2-UXiNoj/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 1026s + '[' '!' -d /tmp/sssd-softhsm2-UXiNoj/softhsm2-test-root-CA-trusted-certificate-0001 ']' 1026s + echo 'Test Organization Root Tr Token' 1026s + '[' -n '' ']' 1026s + local output_base_name=SSSD-child-10768 1026s + local output_file=/tmp/sssd-softhsm2-UXiNoj/SSSD-child-10768.output 1026s + output_cert_file=/tmp/sssd-softhsm2-UXiNoj/SSSD-child-10768.pem 1026s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-UXiNoj/test-intermediate-CA.pem 1026s [p11_child[2131]] [main] (0x0400): p11_child started. 1026s [p11_child[2131]] [main] (0x2000): Running in [pre-auth] mode. 1026s [p11_child[2131]] [main] (0x2000): Running with effective IDs: [0][0]. 1026s [p11_child[2131]] [main] (0x2000): Running with real IDs [0][0]. 1026s [p11_child[2131]] [do_card] (0x4000): Module List: 1026s [p11_child[2131]] [do_card] (0x4000): common name: [softhsm2]. 1026s [p11_child[2131]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 1026s [p11_child[2131]] [do_card] (0x4000): Description [SoftHSM slot ID 0xd115d1a] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 1026s [p11_child[2131]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 1026s [p11_child[2131]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0xd115d1a][219241754] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 1026s [p11_child[2131]] [do_card] (0x4000): Login NOT required. 1026s [p11_child[2131]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 1026s [p11_child[2131]] [do_verification] (0x0040): X509_verify_cert failed [0]. 1026s [p11_child[2131]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 1026s [p11_child[2131]] [read_certs] (0x0040): Certificate [Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] not valid, skipping. 1026s [p11_child[2131]] [do_card] (0x4000): No certificate found. 1026s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-UXiNoj/SSSD-child-10768.output 1026s + return 2 1026s + invalid_certificate /tmp/sssd-softhsm2-UXiNoj/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-21963 /tmp/sssd-softhsm2-UXiNoj/test-intermediate-CA.pem partial_chain 1026s + check_certificate /tmp/sssd-softhsm2-UXiNoj/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-21963 /tmp/sssd-softhsm2-UXiNoj/test-intermediate-CA.pem partial_chain 1026s + local certificate=/tmp/sssd-softhsm2-UXiNoj/test-root-CA-trusted-certificate-0001.pem 1026s + local key_pass=pass:random-root-ca-trusted-cert-0001-21963 1026s + local key_ring=/tmp/sssd-softhsm2-UXiNoj/test-intermediate-CA.pem 1026s + local verify_option=partial_chain 1026s + prepare_softhsm2_card /tmp/sssd-softhsm2-UXiNoj/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-21963 1026s + local certificate=/tmp/sssd-softhsm2-UXiNoj/test-root-CA-trusted-certificate-0001.pem 1026s + local key_pass=pass:random-root-ca-trusted-cert-0001-21963 1026s + local key_cn 1026s + local key_name 1026s + local tokens_dir 1026s + local output_cert_file 1026s + token_name= 1026s ++ basename /tmp/sssd-softhsm2-UXiNoj/test-root-CA-trusted-certificate-0001.pem .pem 1026s + key_name=test-root-CA-trusted-certificate-0001 1026s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-UXiNoj/test-root-CA-trusted-certificate-0001.pem 1026s ++ sed -n 's/ *commonName *= //p' 1026s + key_cn='Test Organization Root Trusted Certificate 0001' 1026s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 1026s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-UXiNoj/softhsm2-test-root-CA-trusted-certificate-0001.conf 1026s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-UXiNoj/softhsm2-test-root-CA-trusted-certificate-0001.conf 1026s ++ basename /tmp/sssd-softhsm2-UXiNoj/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 1026s Test Organization Root Tr Token 1026s + tokens_dir=/tmp/sssd-softhsm2-UXiNoj/softhsm2-test-root-CA-trusted-certificate-0001 1026s + token_name='Test Organization Root Tr Token' 1026s + '[' '!' -e /tmp/sssd-softhsm2-UXiNoj/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 1026s + '[' '!' -d /tmp/sssd-softhsm2-UXiNoj/softhsm2-test-root-CA-trusted-certificate-0001 ']' 1026s + echo 'Test Organization Root Tr Token' 1026s + '[' -n partial_chain ']' 1026s + local verify_arg=--verify=partial_chain 1026s + local output_base_name=SSSD-child-15183 1026s + local output_file=/tmp/sssd-softhsm2-UXiNoj/SSSD-child-15183.output 1026s + output_cert_file=/tmp/sssd-softhsm2-UXiNoj/SSSD-child-15183.pem 1026s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-UXiNoj/test-intermediate-CA.pem 1026s [p11_child[2138]] [main] (0x0400): p11_child started. 1026s [p11_child[2138]] [main] (0x2000): Running in [pre-auth] mode. 1026s [p11_child[2138]] [main] (0x2000): Running with effective IDs: [0][0]. 1026s [p11_child[2138]] [main] (0x2000): Running with real IDs [0][0]. 1026s [p11_child[2138]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 1026s [p11_child[2138]] [do_card] (0x4000): Module List: 1026s [p11_child[2138]] [do_card] (0x4000): common name: [softhsm2]. 1026s [p11_child[2138]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 1026s [p11_child[2138]] [do_card] (0x4000): Description [SoftHSM slot ID 0xd115d1a] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 1026s [p11_child[2138]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 1026s [p11_child[2138]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0xd115d1a][219241754] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 1026s [p11_child[2138]] [do_card] (0x4000): Login NOT required. 1026s [p11_child[2138]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 1026s [p11_child[2138]] [do_verification] (0x0040): X509_verify_cert failed [0]. 1026s [p11_child[2138]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 1026s [p11_child[2138]] [read_certs] (0x0040): Certificate [Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] not valid, skipping. 1026s [p11_child[2138]] [do_card] (0x4000): No certificate found. 1026s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-UXiNoj/SSSD-child-15183.output 1026s + return 2 1026s + invalid_certificate /tmp/sssd-softhsm2-UXiNoj/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-8515 /dev/null 1026s + check_certificate /tmp/sssd-softhsm2-UXiNoj/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-8515 /dev/null 1026s + local certificate=/tmp/sssd-softhsm2-UXiNoj/test-intermediate-CA-trusted-certificate-0001.pem 1026s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-8515 1026s + local key_ring=/dev/null 1026s + local verify_option= 1026s + prepare_softhsm2_card /tmp/sssd-softhsm2-UXiNoj/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-8515 1026s + local certificate=/tmp/sssd-softhsm2-UXiNoj/test-intermediate-CA-trusted-certificate-0001.pem 1026s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-8515 1026s + local key_cn 1026s + local key_name 1026s + local tokens_dir 1026s + local output_cert_file 1026s + token_name= 1026s ++ basename /tmp/sssd-softhsm2-UXiNoj/test-intermediate-CA-trusted-certificate-0001.pem .pem 1026s + key_name=test-intermediate-CA-trusted-certificate-0001 1026s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-UXiNoj/test-intermediate-CA-trusted-certificate-0001.pem 1026s ++ sed -n 's/ *commonName *= //p' 1026s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 1026s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 1026s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-UXiNoj/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 1026s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-UXiNoj/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 1026s ++ basename /tmp/sssd-softhsm2-UXiNoj/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 1026s + tokens_dir=/tmp/sssd-softhsm2-UXiNoj/softhsm2-test-intermediate-CA-trusted-certificate-0001 1026s + token_name='Test Organization Interme Token' 1026s + '[' '!' -e /tmp/sssd-softhsm2-UXiNoj/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 1026s + local key_file 1026s + local decrypted_key 1026s + mkdir -p /tmp/sssd-softhsm2-UXiNoj/softhsm2-test-intermediate-CA-trusted-certificate-0001 1026s + key_file=/tmp/sssd-softhsm2-UXiNoj/test-intermediate-CA-trusted-certificate-0001-key.pem 1026s + decrypted_key=/tmp/sssd-softhsm2-UXiNoj/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 1026s + cat 1026s + softhsm2-util --init-token --label 'Test Organization Interme Token' --pin 053350 --so-pin 053350 --free 1026s Slot 0 has a free/uninitialized token. 1026s The token has been initialized and is reassigned to slot 164731825 1026s + softhsm2-util --show-slots 1026s Available slots: 1026s Slot 164731825 1026s Slot info: 1026s Description: SoftHSM slot ID 0x9d19bb1 1026s Manufacturer ID: SoftHSM project 1026s Hardware version: 2.6 1026s Firmware version: 2.6 1026s Token present: yes 1026s Token info: 1026s Manufacturer ID: SoftHSM project 1026s Model: SoftHSM v2 1026s Hardware version: 2.6 1026s Firmware version: 2.6 1026s Serial number: beb88b7289d19bb1 1026s Initialized: yes 1026s User PIN init.: yes 1026s Label: Test Organization Interme Token 1026s Slot 1 1026s Slot info: 1026s Description: SoftHSM slot ID 0x1 1026s Manufacturer ID: SoftHSM project 1026s Hardware version: 2.6 1026s Firmware version: 2.6 1026s Token present: yes 1026s Token info: 1026s Manufacturer ID: SoftHSM project 1026s Model: SoftHSM v2 1026s Hardware version: 2.6 1026s Firmware version: 2.6 1026s Serial number: 1026s Initialized: no 1026s User PIN init.: no 1026s Label: 1026s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=/tmp/sssd-softhsm2-UXiNoj/test-intermediate-CA-trusted-certificate-0001.pem --login --set-pin=053350 --label 'Test Organization Intermediate Trusted Certificate 0001' --id 00112233445566778899FFAABBCCDDEEFF012345 1026s + openssl rsa -passin pass:random-intermediate-ca-trusted-cert-0001-8515 -in /tmp/sssd-softhsm2-UXiNoj/test-intermediate-CA-trusted-certificate-0001-key.pem -out /tmp/sssd-softhsm2-UXiNoj/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 1026s writing RSA key 1026s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --write --load-privkey=/tmp/sssd-softhsm2-UXiNoj/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem --login --set-pin=053350 --label 'Test Organization Intermediate Trusted Certificate 0001 Key' --id 00112233445566778899FFAABBCCDDEEFF012345 1026s + rm /tmp/sssd-softhsm2-UXiNoj/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 1026s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --list-all 1026s Object 0: 1026s URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=beb88b7289d19bb1;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert 1026s Type: X.509 Certificate (RSA-1024) 1026s Expires: Tue Mar 25 11:11:18 2025 1026s Label: Test Organization Intermediate Trusted Certificate 0001 1026s ID: 00:11:22:33:44:55:66:77:88:99:ff:aa:bb:cc:dd:ee:ff:01:23:45 1026s 1026s + echo 'Test Organization Interme Token' 1026s Test Organization Interme Token 1026s + '[' -n '' ']' 1026s + local output_base_name=SSSD-child-10371 1026s + local output_file=/tmp/sssd-softhsm2-UXiNoj/SSSD-child-10371.output 1026s + output_cert_file=/tmp/sssd-softhsm2-UXiNoj/SSSD-child-10371.pem 1026s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/dev/null 1026s [p11_child[2154]] [main] (0x0400): p11_child started. 1026s [p11_child[2154]] [main] (0x2000): Running in [pre-auth] mode. 1026s [p11_child[2154]] [main] (0x2000): Running with effective IDs: [0][0]. 1026s [p11_child[2154]] [main] (0x2000): Running with real IDs [0][0]. 1026s [p11_child[2154]] [init_verification] (0x0040): X509_LOOKUP_load_file [/dev/null] failed [92274824][error:05800088:x509 certificate routines::no certificate or crl found]. 1026s [p11_child[2154]] [do_work] (0x0040): init_verification failed. 1026s [p11_child[2154]] [main] (0x0020): p11_child failed (5) 1026s + return 2 1026s + valid_certificate /tmp/sssd-softhsm2-UXiNoj/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-8515 /dev/null no_verification 1026s + check_certificate /tmp/sssd-softhsm2-UXiNoj/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-8515 /dev/null no_verification 1026s + local certificate=/tmp/sssd-softhsm2-UXiNoj/test-intermediate-CA-trusted-certificate-0001.pem 1026s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-8515 1026s + local key_ring=/dev/null 1026s + local verify_option=no_verification 1026s + prepare_softhsm2_card /tmp/sssd-softhsm2-UXiNoj/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-8515 1026s + local certificate=/tmp/sssd-softhsm2-UXiNoj/test-intermediate-CA-trusted-certificate-0001.pem 1026s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-8515 1026s + local key_cn 1026s + local key_name 1026s + local tokens_dir 1026s + local output_cert_file 1026s + token_name= 1026s ++ basename /tmp/sssd-softhsm2-UXiNoj/test-intermediate-CA-trusted-certificate-0001.pem .pem 1026s + key_name=test-intermediate-CA-trusted-certificate-0001 1026s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-UXiNoj/test-intermediate-CA-trusted-certificate-0001.pem 1026s ++ sed -n 's/ *commonName *= //p' 1026s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 1026s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 1026s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-UXiNoj/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 1026s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-UXiNoj/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 1026s ++ basename /tmp/sssd-softhsm2-UXiNoj/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 1026s + tokens_dir=/tmp/sssd-softhsm2-UXiNoj/softhsm2-test-intermediate-CA-trusted-certificate-0001 1026s + token_name='Test Organization Interme Token' 1026s + '[' '!' -e /tmp/sssd-softhsm2-UXiNoj/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 1026s + '[' '!' -d /tmp/sssd-softhsm2-UXiNoj/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 1026s + echo 'Test Organization Interme Token' 1026s Test Organization Interme Token 1026s + '[' -n no_verification ']' 1026s + local verify_arg=--verify=no_verification 1026s + local output_base_name=SSSD-child-31015 1026s + local output_file=/tmp/sssd-softhsm2-UXiNoj/SSSD-child-31015.output 1026s + output_cert_file=/tmp/sssd-softhsm2-UXiNoj/SSSD-child-31015.pem 1026s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --verify=no_verification --ca_db=/dev/null 1026s [p11_child[2160]] [main] (0x0400): p11_child started. 1026s [p11_child[2160]] [main] (0x2000): Running in [pre-auth] mode. 1026s [p11_child[2160]] [main] (0x2000): Running with effective IDs: [0][0]. 1026s [p11_child[2160]] [main] (0x2000): Running with real IDs [0][0]. 1026s [p11_child[2160]] [parse_cert_verify_opts] (0x0020): Found 'no_verification' option, disabling verification completely. This should not be used in production. 1026s [p11_child[2160]] [do_card] (0x4000): Module List: 1026s [p11_child[2160]] [do_card] (0x4000): common name: [softhsm2]. 1026s [p11_child[2160]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 1026s [p11_child[2160]] [do_card] (0x4000): Description [SoftHSM slot ID 0x9d19bb1] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 1026s [p11_child[2160]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 1026s [p11_child[2160]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x9d19bb1][164731825] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 1026s [p11_child[2160]] [do_card] (0x4000): Login NOT required. 1026s [p11_child[2160]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 1026s [p11_child[2160]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Interme Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 1026s [p11_child[2160]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x9d19bb1;slot-manufacturer=SoftHSM%20project;slot-id=164731825;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=beb88b7289d19bb1;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 1026s [p11_child[2160]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 1026s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-UXiNoj/SSSD-child-31015.output 1026s + echo '-----BEGIN CERTIFICATE-----' 1026s + tail -n1 /tmp/sssd-softhsm2-UXiNoj/SSSD-child-31015.output 1026s + echo '-----END CERTIFICATE-----' 1026s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-UXiNoj/SSSD-child-31015.pem 1027s Certificate: 1027s Data: 1027s Version: 3 (0x2) 1027s Serial Number: 4 (0x4) 1027s Signature Algorithm: sha256WithRSAEncryption 1027s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 1027s Validity 1027s Not Before: Mar 25 11:11:18 2024 GMT 1027s Not After : Mar 25 11:11:18 2025 GMT 1027s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 1027s Subject Public Key Info: 1027s Public Key Algorithm: rsaEncryption 1027s Public-Key: (1024 bit) 1027s Modulus: 1027s 00:d2:6d:e5:6f:a2:5c:0f:26:cf:5f:15:b3:3e:0a: 1027s 9a:5b:83:20:3a:d5:e1:aa:d0:90:34:f0:10:b9:b0: 1027s c8:0a:8f:47:32:f1:3d:db:42:bb:b1:f3:14:b1:19: 1027s 3a:b8:83:8f:16:5c:cf:28:e7:e7:94:e4:b4:06:85: 1027s 48:b9:77:c3:74:62:1f:1a:f8:81:c1:5f:8c:f6:b9: 1027s 11:f6:ca:c1:2d:84:92:f4:fa:1f:40:d2:19:25:bc: 1027s 3f:9b:ea:a1:ca:af:8b:3e:45:60:76:9a:a1:a2:0e: 1027s 84:1f:64:29:77:ab:81:8d:f3:cf:32:38:ad:67:bf: 1027s fc:57:f7:d9:6e:2c:b3:a4:cd 1027s Exponent: 65537 (0x10001) 1027s X509v3 extensions: 1027s X509v3 Authority Key Identifier: 1027s 64:AB:44:62:B1:FD:EB:4C:F8:FE:F1:B0:B8:59:56:F4:96:30:51:AE 1027s X509v3 Basic Constraints: 1027s CA:FALSE 1027s Netscape Cert Type: 1027s SSL Client, S/MIME 1027s Netscape Comment: 1027s Test Organization Intermediate CA trusted Certificate 1027s X509v3 Subject Key Identifier: 1027s 12:C7:BF:9D:F9:A3:2E:D6:72:BA:75:12:62:BE:B5:9F:4B:60:CB:D3 1027s X509v3 Key Usage: critical 1027s Digital Signature, Non Repudiation, Key Encipherment 1027s X509v3 Extended Key Usage: 1027s TLS Web Client Authentication, E-mail Protection 1027s X509v3 Subject Alternative Name: 1027s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 1027s Signature Algorithm: sha256WithRSAEncryption 1027s Signature Value: 1027s 7c:2b:7a:51:6b:da:81:d9:80:dc:f1:6f:c8:2b:4e:b8:af:ce: 1027s 09:13:29:70:5b:35:74:0e:1b:90:66:87:f5:66:7a:10:d3:83: 1027s 16:36:d2:bd:4e:c4:9f:17:d6:95:98:d5:06:79:d3:33:7c:22: 1027s db:ed:de:ea:7b:96:a5:3b:8c:de:f6:b7:d4:6f:0f:dc:07:d5: 1027s 6d:40:30:1f:fa:59:ab:db:12:ef:a1:a6:a9:4c:4f:2f:4d:f3: 1027s 55:08:61:bc:b5:24:d0:fe:2f:5a:49:25:ce:a4:b1:9f:64:61: 1027s 3c:e1:bb:93:44:83:c5:18:2e:49:56:62:23:67:17:53:eb:03: 1027s 03:6d 1027s + local found_md5 expected_md5 1027s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-UXiNoj/test-intermediate-CA-trusted-certificate-0001.pem 1027s + expected_md5=Modulus=D26DE56FA25C0F26CF5F15B33E0A9A5B83203AD5E1AAD09034F010B9B0C80A8F4732F13DDB42BBB1F314B1193AB8838F165CCF28E7E794E4B4068548B977C374621F1AF881C15F8CF6B911F6CAC12D8492F4FA1F40D21925BC3F9BEAA1CAAF8B3E4560769AA1A20E841F642977AB818DF3CF3238AD67BFFC57F7D96E2CB3A4CD 1027s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-UXiNoj/SSSD-child-31015.pem 1027s + found_md5=Modulus=D26DE56FA25C0F26CF5F15B33E0A9A5B83203AD5E1AAD09034F010B9B0C80A8F4732F13DDB42BBB1F314B1193AB8838F165CCF28E7E794E4B4068548B977C374621F1AF881C15F8CF6B911F6CAC12D8492F4FA1F40D21925BC3F9BEAA1CAAF8B3E4560769AA1A20E841F642977AB818DF3CF3238AD67BFFC57F7D96E2CB3A4CD 1027s + '[' Modulus=D26DE56FA25C0F26CF5F15B33E0A9A5B83203AD5E1AAD09034F010B9B0C80A8F4732F13DDB42BBB1F314B1193AB8838F165CCF28E7E794E4B4068548B977C374621F1AF881C15F8CF6B911F6CAC12D8492F4FA1F40D21925BC3F9BEAA1CAAF8B3E4560769AA1A20E841F642977AB818DF3CF3238AD67BFFC57F7D96E2CB3A4CD '!=' Modulus=D26DE56FA25C0F26CF5F15B33E0A9A5B83203AD5E1AAD09034F010B9B0C80A8F4732F13DDB42BBB1F314B1193AB8838F165CCF28E7E794E4B4068548B977C374621F1AF881C15F8CF6B911F6CAC12D8492F4FA1F40D21925BC3F9BEAA1CAAF8B3E4560769AA1A20E841F642977AB818DF3CF3238AD67BFFC57F7D96E2CB3A4CD ']' 1027s + output_file=/tmp/sssd-softhsm2-UXiNoj/SSSD-child-31015-auth.output 1027s ++ basename /tmp/sssd-softhsm2-UXiNoj/SSSD-child-31015-auth.output .output 1027s + output_cert_file=/tmp/sssd-softhsm2-UXiNoj/SSSD-child-31015-auth.pem 1027s + echo -n 053350 1027s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/dev/null --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=no_verification --token_name 'Test Organization Interme Token' --module_name /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so 1027s [p11_child[2168]] [main] (0x0400): p11_child started. 1027s [p11_child[2168]] [main] (0x2000): Running in [auth] mode. 1027s [p11_child[2168]] [main] (0x2000): Running with effective IDs: [0][0]. 1027s [p11_child[2168]] [main] (0x2000): Running with real IDs [0][0]. 1027s [p11_child[2168]] [parse_cert_verify_opts] (0x0020): Found 'no_verification' option, disabling verification completely. This should not be used in production. 1027s [p11_child[2168]] [do_card] (0x4000): Module List: 1027s [p11_child[2168]] [do_card] (0x4000): common name: [softhsm2]. 1027s [p11_child[2168]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 1027s [p11_child[2168]] [do_card] (0x4000): Description [SoftHSM slot ID 0x9d19bb1] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 1027s [p11_child[2168]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 1027s [p11_child[2168]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x9d19bb1][164731825] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 1027s [p11_child[2168]] [do_card] (0x4000): Login required. 1027s [p11_child[2168]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 1027s [p11_child[2168]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so Test Organization Interme Token Test Organization Interme Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 1027s [p11_child[2168]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x9d19bb1;slot-manufacturer=SoftHSM%20project;slot-id=164731825;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=beb88b7289d19bb1;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 1027s [p11_child[2168]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 1027s [p11_child[2168]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 1027s [p11_child[2168]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 1027s [p11_child[2168]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 1027s [p11_child[2168]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 1027s [p11_child[2168]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 1027s [p11_child[2168]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 1027s [p11_child[2168]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 1027s [p11_child[2168]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 1027s [p11_child[2168]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 1027s [p11_child[2168]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 1027s [p11_child[2168]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 1027s [p11_child[2168]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 1027s [p11_child[2168]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 1027s [p11_child[2168]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 1027s [p11_child[2168]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 1027s [p11_child[2168]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 1027s [p11_child[2168]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 1027s [p11_child[2168]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 1027s [p11_child[2168]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 1027s [p11_child[2168]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 1027s [p11_child[2168]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 1027s [p11_child[2168]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 1027s [p11_child[2168]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 1027s [p11_child[2168]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 1027s [p11_child[2168]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 1027s [p11_child[2168]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 1027s [p11_child[2168]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 1027s [p11_child[2168]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 1027s [p11_child[2168]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 1027s [p11_child[2168]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 1027s [p11_child[2168]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 1027s [p11_child[2168]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 1027s [p11_child[2168]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 1027s [p11_child[2168]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 1027s [p11_child[2168]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 1027s [p11_child[2168]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 1027s [p11_child[2168]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 1027s [p11_child[2168]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 1027s [p11_child[2168]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 1027s [p11_child[2168]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 1027s [p11_child[2168]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 1027s [p11_child[2168]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 1027s [p11_child[2168]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 1027s [p11_child[2168]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 1027s [p11_child[2168]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 1027s [p11_child[2168]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 1027s [p11_child[2168]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 1027s [p11_child[2168]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 1027s [p11_child[2168]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 1027s [p11_child[2168]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 1027s [p11_child[2168]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 1027s [p11_child[2168]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 1027s [p11_child[2168]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 1027s [p11_child[2168]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 1027s [p11_child[2168]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 1027s [p11_child[2168]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 1027s [p11_child[2168]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 1027s [p11_child[2168]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 1027s [p11_child[2168]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 1027s [p11_child[2168]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 1027s [p11_child[2168]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 1027s [p11_child[2168]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 1027s [p11_child[2168]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 1027s [p11_child[2168]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 1027s [p11_child[2168]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 1027s [p11_child[2168]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 1027s [p11_child[2168]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 1027s [p11_child[2168]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 1027s [p11_child[2168]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 1027s [p11_child[2168]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 1027s [p11_child[2168]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 1027s [p11_child[2168]] [do_card] (0x4000): Certificate verified and validated. 1027s [p11_child[2168]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 1027s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-UXiNoj/SSSD-child-31015-auth.output 1027s + echo '-----BEGIN CERTIFICATE-----' 1027s + tail -n1 /tmp/sssd-softhsm2-UXiNoj/SSSD-child-31015-auth.output 1027s + echo '-----END CERTIFICATE-----' 1027s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-UXiNoj/SSSD-child-31015-auth.pem 1027s Certificate: 1027s Data: 1027s Version: 3 (0x2) 1027s Serial Number: 4 (0x4) 1027s Signature Algorithm: sha256WithRSAEncryption 1027s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 1027s Validity 1027s Not Before: Mar 25 11:11:18 2024 GMT 1027s Not After : Mar 25 11:11:18 2025 GMT 1027s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 1027s Subject Public Key Info: 1027s Public Key Algorithm: rsaEncryption 1027s Public-Key: (1024 bit) 1027s Modulus: 1027s 00:d2:6d:e5:6f:a2:5c:0f:26:cf:5f:15:b3:3e:0a: 1027s 9a:5b:83:20:3a:d5:e1:aa:d0:90:34:f0:10:b9:b0: 1027s c8:0a:8f:47:32:f1:3d:db:42:bb:b1:f3:14:b1:19: 1027s 3a:b8:83:8f:16:5c:cf:28:e7:e7:94:e4:b4:06:85: 1027s 48:b9:77:c3:74:62:1f:1a:f8:81:c1:5f:8c:f6:b9: 1027s 11:f6:ca:c1:2d:84:92:f4:fa:1f:40:d2:19:25:bc: 1027s 3f:9b:ea:a1:ca:af:8b:3e:45:60:76:9a:a1:a2:0e: 1027s 84:1f:64:29:77:ab:81:8d:f3:cf:32:38:ad:67:bf: 1027s fc:57:f7:d9:6e:2c:b3:a4:cd 1027s Exponent: 65537 (0x10001) 1027s X509v3 extensions: 1027s X509v3 Authority Key Identifier: 1027s 64:AB:44:62:B1:FD:EB:4C:F8:FE:F1:B0:B8:59:56:F4:96:30:51:AE 1027s X509v3 Basic Constraints: 1027s CA:FALSE 1027s Netscape Cert Type: 1027s SSL Client, S/MIME 1027s Netscape Comment: 1027s Test Organization Intermediate CA trusted Certificate 1027s X509v3 Subject Key Identifier: 1027s 12:C7:BF:9D:F9:A3:2E:D6:72:BA:75:12:62:BE:B5:9F:4B:60:CB:D3 1027s X509v3 Key Usage: critical 1027s Digital Signature, Non Repudiation, Key Encipherment 1027s X509v3 Extended Key Usage: 1027s TLS Web Client Authentication, E-mail Protection 1027s X509v3 Subject Alternative Name: 1027s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 1027s Signature Algorithm: sha256WithRSAEncryption 1027s Signature Value: 1027s 7c:2b:7a:51:6b:da:81:d9:80:dc:f1:6f:c8:2b:4e:b8:af:ce: 1027s 09:13:29:70:5b:35:74:0e:1b:90:66:87:f5:66:7a:10:d3:83: 1027s 16:36:d2:bd:4e:c4:9f:17:d6:95:98:d5:06:79:d3:33:7c:22: 1027s db:ed:de:ea:7b:96:a5:3b:8c:de:f6:b7:d4:6f:0f:dc:07:d5: 1027s 6d:40:30:1f:fa:59:ab:db:12:ef:a1:a6:a9:4c:4f:2f:4d:f3: 1027s 55:08:61:bc:b5:24:d0:fe:2f:5a:49:25:ce:a4:b1:9f:64:61: 1027s 3c:e1:bb:93:44:83:c5:18:2e:49:56:62:23:67:17:53:eb:03: 1027s 03:6d 1027s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-UXiNoj/SSSD-child-31015-auth.pem 1027s + found_md5=Modulus=D26DE56FA25C0F26CF5F15B33E0A9A5B83203AD5E1AAD09034F010B9B0C80A8F4732F13DDB42BBB1F314B1193AB8838F165CCF28E7E794E4B4068548B977C374621F1AF881C15F8CF6B911F6CAC12D8492F4FA1F40D21925BC3F9BEAA1CAAF8B3E4560769AA1A20E841F642977AB818DF3CF3238AD67BFFC57F7D96E2CB3A4CD 1027s + '[' Modulus=D26DE56FA25C0F26CF5F15B33E0A9A5B83203AD5E1AAD09034F010B9B0C80A8F4732F13DDB42BBB1F314B1193AB8838F165CCF28E7E794E4B4068548B977C374621F1AF881C15F8CF6B911F6CAC12D8492F4FA1F40D21925BC3F9BEAA1CAAF8B3E4560769AA1A20E841F642977AB818DF3CF3238AD67BFFC57F7D96E2CB3A4CD '!=' Modulus=D26DE56FA25C0F26CF5F15B33E0A9A5B83203AD5E1AAD09034F010B9B0C80A8F4732F13DDB42BBB1F314B1193AB8838F165CCF28E7E794E4B4068548B977C374621F1AF881C15F8CF6B911F6CAC12D8492F4FA1F40D21925BC3F9BEAA1CAAF8B3E4560769AA1A20E841F642977AB818DF3CF3238AD67BFFC57F7D96E2CB3A4CD ']' 1027s + invalid_certificate /tmp/sssd-softhsm2-UXiNoj/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-8515 /tmp/sssd-softhsm2-UXiNoj/test-root-CA.pem 1027s + check_certificate /tmp/sssd-softhsm2-UXiNoj/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-8515 /tmp/sssd-softhsm2-UXiNoj/test-root-CA.pem 1027s + local certificate=/tmp/sssd-softhsm2-UXiNoj/test-intermediate-CA-trusted-certificate-0001.pem 1027s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-8515 1027s + local key_ring=/tmp/sssd-softhsm2-UXiNoj/test-root-CA.pem 1027s + local verify_option= 1027s + prepare_softhsm2_card /tmp/sssd-softhsm2-UXiNoj/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-8515 1027s + local certificate=/tmp/sssd-softhsm2-UXiNoj/test-intermediate-CA-trusted-certificate-0001.pem 1027s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-8515 1027s + local key_cn 1027s + local key_name 1027s + local tokens_dir 1027s + local output_cert_file 1027s + token_name= 1027s ++ basename /tmp/sssd-softhsm2-UXiNoj/test-intermediate-CA-trusted-certificate-0001.pem .pem 1027s + key_name=test-intermediate-CA-trusted-certificate-0001 1027s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-UXiNoj/test-intermediate-CA-trusted-certificate-0001.pem 1027s ++ sed -n 's/ *commonName *= //p' 1027s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 1027s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 1027s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-UXiNoj/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 1027s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-UXiNoj/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 1027s ++ basename /tmp/sssd-softhsm2-UXiNoj/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 1027s + tokens_dir=/tmp/sssd-softhsm2-UXiNoj/softhsm2-test-intermediate-CA-trusted-certificate-0001 1027s + token_name='Test Organization Interme Token' 1027s Test Organization Interme Token 1027s + '[' '!' -e /tmp/sssd-softhsm2-UXiNoj/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 1027s + '[' '!' -d /tmp/sssd-softhsm2-UXiNoj/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 1027s + echo 'Test Organization Interme Token' 1027s + '[' -n '' ']' 1027s + local output_base_name=SSSD-child-12844 1027s + local output_file=/tmp/sssd-softhsm2-UXiNoj/SSSD-child-12844.output 1027s + output_cert_file=/tmp/sssd-softhsm2-UXiNoj/SSSD-child-12844.pem 1027s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-UXiNoj/test-root-CA.pem 1027s [p11_child[2178]] [main] (0x0400): p11_child started. 1027s [p11_child[2178]] [main] (0x2000): Running in [pre-auth] mode. 1027s [p11_child[2178]] [main] (0x2000): Running with effective IDs: [0][0]. 1027s [p11_child[2178]] [main] (0x2000): Running with real IDs [0][0]. 1027s [p11_child[2178]] [do_card] (0x4000): Module List: 1027s [p11_child[2178]] [do_card] (0x4000): common name: [softhsm2]. 1027s [p11_child[2178]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 1027s [p11_child[2178]] [do_card] (0x4000): Description [SoftHSM slot ID 0x9d19bb1] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 1027s [p11_child[2178]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 1027s [p11_child[2178]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x9d19bb1][164731825] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 1027s [p11_child[2178]] [do_card] (0x4000): Login NOT required. 1027s [p11_child[2178]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 1027s [p11_child[2178]] [do_verification] (0x0040): X509_verify_cert failed [0]. 1027s [p11_child[2178]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 1027s [p11_child[2178]] [read_certs] (0x0040): Certificate [Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] not valid, skipping. 1027s [p11_child[2178]] [do_card] (0x4000): No certificate found. 1027s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-UXiNoj/SSSD-child-12844.output 1027s + return 2 1027s + invalid_certificate /tmp/sssd-softhsm2-UXiNoj/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-8515 /tmp/sssd-softhsm2-UXiNoj/test-root-CA.pem partial_chain 1027s + check_certificate /tmp/sssd-softhsm2-UXiNoj/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-8515 /tmp/sssd-softhsm2-UXiNoj/test-root-CA.pem partial_chain 1027s + local certificate=/tmp/sssd-softhsm2-UXiNoj/test-intermediate-CA-trusted-certificate-0001.pem 1027s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-8515 1027s + local key_ring=/tmp/sssd-softhsm2-UXiNoj/test-root-CA.pem 1027s + local verify_option=partial_chain 1027s + prepare_softhsm2_card /tmp/sssd-softhsm2-UXiNoj/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-8515 1027s + local certificate=/tmp/sssd-softhsm2-UXiNoj/test-intermediate-CA-trusted-certificate-0001.pem 1027s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-8515 1027s + local key_cn 1027s + local key_name 1027s + local tokens_dir 1027s + local output_cert_file 1027s + token_name= 1027s ++ basename /tmp/sssd-softhsm2-UXiNoj/test-intermediate-CA-trusted-certificate-0001.pem .pem 1027s + key_name=test-intermediate-CA-trusted-certificate-0001 1027s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-UXiNoj/test-intermediate-CA-trusted-certificate-0001.pem 1027s ++ sed -n 's/ *commonName *= //p' 1028s Test Organization Interme Token 1028s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 1028s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 1028s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-UXiNoj/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 1028s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-UXiNoj/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 1028s ++ basename /tmp/sssd-softhsm2-UXiNoj/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 1028s + tokens_dir=/tmp/sssd-softhsm2-UXiNoj/softhsm2-test-intermediate-CA-trusted-certificate-0001 1028s + token_name='Test Organization Interme Token' 1028s + '[' '!' -e /tmp/sssd-softhsm2-UXiNoj/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 1028s + '[' '!' -d /tmp/sssd-softhsm2-UXiNoj/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 1028s + echo 'Test Organization Interme Token' 1028s + '[' -n partial_chain ']' 1028s + local verify_arg=--verify=partial_chain 1028s + local output_base_name=SSSD-child-23827 1028s + local output_file=/tmp/sssd-softhsm2-UXiNoj/SSSD-child-23827.output 1028s + output_cert_file=/tmp/sssd-softhsm2-UXiNoj/SSSD-child-23827.pem 1028s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-UXiNoj/test-root-CA.pem 1028s [p11_child[2185]] [main] (0x0400): p11_child started. 1028s [p11_child[2185]] [main] (0x2000): Running in [pre-auth] mode. 1028s [p11_child[2185]] [main] (0x2000): Running with effective IDs: [0][0]. 1028s [p11_child[2185]] [main] (0x2000): Running with real IDs [0][0]. 1028s [p11_child[2185]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 1028s [p11_child[2185]] [do_card] (0x4000): Module List: 1028s [p11_child[2185]] [do_card] (0x4000): common name: [softhsm2]. 1028s [p11_child[2185]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 1028s [p11_child[2185]] [do_card] (0x4000): Description [SoftHSM slot ID 0x9d19bb1] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 1028s [p11_child[2185]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 1028s [p11_child[2185]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x9d19bb1][164731825] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 1028s [p11_child[2185]] [do_card] (0x4000): Login NOT required. 1028s [p11_child[2185]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 1028s [p11_child[2185]] [do_verification] (0x0040): X509_verify_cert failed [0]. 1028s [p11_child[2185]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 1028s [p11_child[2185]] [read_certs] (0x0040): Certificate [Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] not valid, skipping. 1028s [p11_child[2185]] [do_card] (0x4000): No certificate found. 1028s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-UXiNoj/SSSD-child-23827.output 1028s + return 2 1028s + valid_certificate /tmp/sssd-softhsm2-UXiNoj/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-8515 /tmp/sssd-softhsm2-UXiNoj/test-full-chain-CA.pem 1028s + check_certificate /tmp/sssd-softhsm2-UXiNoj/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-8515 /tmp/sssd-softhsm2-UXiNoj/test-full-chain-CA.pem 1028s + local certificate=/tmp/sssd-softhsm2-UXiNoj/test-intermediate-CA-trusted-certificate-0001.pem 1028s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-8515 1028s + local key_ring=/tmp/sssd-softhsm2-UXiNoj/test-full-chain-CA.pem 1028s + local verify_option= 1028s + prepare_softhsm2_card /tmp/sssd-softhsm2-UXiNoj/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-8515 1028s + local certificate=/tmp/sssd-softhsm2-UXiNoj/test-intermediate-CA-trusted-certificate-0001.pem 1028s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-8515 1028s + local key_cn 1028s + local key_name 1028s + local tokens_dir 1028s + local output_cert_file 1028s + token_name= 1028s ++ basename /tmp/sssd-softhsm2-UXiNoj/test-intermediate-CA-trusted-certificate-0001.pem .pem 1028s + key_name=test-intermediate-CA-trusted-certificate-0001 1028s ++ sed -n 's/ *commonName *= //p' 1028s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-UXiNoj/test-intermediate-CA-trusted-certificate-0001.pem 1028s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 1028s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 1028s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-UXiNoj/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 1028s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-UXiNoj/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 1028s ++ basename /tmp/sssd-softhsm2-UXiNoj/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 1028s Test Organization Interme Token 1028s + tokens_dir=/tmp/sssd-softhsm2-UXiNoj/softhsm2-test-intermediate-CA-trusted-certificate-0001 1028s + token_name='Test Organization Interme Token' 1028s + '[' '!' -e /tmp/sssd-softhsm2-UXiNoj/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 1028s + '[' '!' -d /tmp/sssd-softhsm2-UXiNoj/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 1028s + echo 'Test Organization Interme Token' 1028s + '[' -n '' ']' 1028s + local output_base_name=SSSD-child-28985 1028s + local output_file=/tmp/sssd-softhsm2-UXiNoj/SSSD-child-28985.output 1028s + output_cert_file=/tmp/sssd-softhsm2-UXiNoj/SSSD-child-28985.pem 1028s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-UXiNoj/test-full-chain-CA.pem 1028s [p11_child[2192]] [main] (0x0400): p11_child started. 1028s [p11_child[2192]] [main] (0x2000): Running in [pre-auth] mode. 1028s [p11_child[2192]] [main] (0x2000): Running with effective IDs: [0][0]. 1028s [p11_child[2192]] [main] (0x2000): Running with real IDs [0][0]. 1028s [p11_child[2192]] [do_card] (0x4000): Module List: 1028s [p11_child[2192]] [do_card] (0x4000): common name: [softhsm2]. 1028s [p11_child[2192]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 1028s [p11_child[2192]] [do_card] (0x4000): Description [SoftHSM slot ID 0x9d19bb1] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 1028s [p11_child[2192]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 1028s [p11_child[2192]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x9d19bb1][164731825] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 1028s [p11_child[2192]] [do_card] (0x4000): Login NOT required. 1028s [p11_child[2192]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 1028s [p11_child[2192]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 1028s [p11_child[2192]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Interme Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 1028s [p11_child[2192]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x9d19bb1;slot-manufacturer=SoftHSM%20project;slot-id=164731825;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=beb88b7289d19bb1;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 1028s [p11_child[2192]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 1028s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-UXiNoj/SSSD-child-28985.output 1028s + echo '-----BEGIN CERTIFICATE-----' 1028s + tail -n1 /tmp/sssd-softhsm2-UXiNoj/SSSD-child-28985.output 1028s + echo '-----END CERTIFICATE-----' 1028s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-UXiNoj/SSSD-child-28985.pem 1028s Certificate: 1028s Data: 1028s Version: 3 (0x2) 1028s Serial Number: 4 (0x4) 1028s Signature Algorithm: sha256WithRSAEncryption 1028s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 1028s Validity 1028s Not Before: Mar 25 11:11:18 2024 GMT 1028s Not After : Mar 25 11:11:18 2025 GMT 1028s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 1028s Subject Public Key Info: 1028s Public Key Algorithm: rsaEncryption 1028s Public-Key: (1024 bit) 1028s Modulus: 1028s 00:d2:6d:e5:6f:a2:5c:0f:26:cf:5f:15:b3:3e:0a: 1028s 9a:5b:83:20:3a:d5:e1:aa:d0:90:34:f0:10:b9:b0: 1028s c8:0a:8f:47:32:f1:3d:db:42:bb:b1:f3:14:b1:19: 1028s 3a:b8:83:8f:16:5c:cf:28:e7:e7:94:e4:b4:06:85: 1028s 48:b9:77:c3:74:62:1f:1a:f8:81:c1:5f:8c:f6:b9: 1028s 11:f6:ca:c1:2d:84:92:f4:fa:1f:40:d2:19:25:bc: 1028s 3f:9b:ea:a1:ca:af:8b:3e:45:60:76:9a:a1:a2:0e: 1028s 84:1f:64:29:77:ab:81:8d:f3:cf:32:38:ad:67:bf: 1028s fc:57:f7:d9:6e:2c:b3:a4:cd 1028s Exponent: 65537 (0x10001) 1028s X509v3 extensions: 1028s X509v3 Authority Key Identifier: 1028s 64:AB:44:62:B1:FD:EB:4C:F8:FE:F1:B0:B8:59:56:F4:96:30:51:AE 1028s X509v3 Basic Constraints: 1028s CA:FALSE 1028s Netscape Cert Type: 1028s SSL Client, S/MIME 1028s Netscape Comment: 1028s Test Organization Intermediate CA trusted Certificate 1028s X509v3 Subject Key Identifier: 1028s 12:C7:BF:9D:F9:A3:2E:D6:72:BA:75:12:62:BE:B5:9F:4B:60:CB:D3 1028s X509v3 Key Usage: critical 1028s Digital Signature, Non Repudiation, Key Encipherment 1028s X509v3 Extended Key Usage: 1028s TLS Web Client Authentication, E-mail Protection 1028s X509v3 Subject Alternative Name: 1028s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 1028s Signature Algorithm: sha256WithRSAEncryption 1028s Signature Value: 1028s 7c:2b:7a:51:6b:da:81:d9:80:dc:f1:6f:c8:2b:4e:b8:af:ce: 1028s 09:13:29:70:5b:35:74:0e:1b:90:66:87:f5:66:7a:10:d3:83: 1028s 16:36:d2:bd:4e:c4:9f:17:d6:95:98:d5:06:79:d3:33:7c:22: 1028s db:ed:de:ea:7b:96:a5:3b:8c:de:f6:b7:d4:6f:0f:dc:07:d5: 1028s 6d:40:30:1f:fa:59:ab:db:12:ef:a1:a6:a9:4c:4f:2f:4d:f3: 1028s 55:08:61:bc:b5:24:d0:fe:2f:5a:49:25:ce:a4:b1:9f:64:61: 1028s 3c:e1:bb:93:44:83:c5:18:2e:49:56:62:23:67:17:53:eb:03: 1028s 03:6d 1028s + local found_md5 expected_md5 1028s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-UXiNoj/test-intermediate-CA-trusted-certificate-0001.pem 1028s + expected_md5=Modulus=D26DE56FA25C0F26CF5F15B33E0A9A5B83203AD5E1AAD09034F010B9B0C80A8F4732F13DDB42BBB1F314B1193AB8838F165CCF28E7E794E4B4068548B977C374621F1AF881C15F8CF6B911F6CAC12D8492F4FA1F40D21925BC3F9BEAA1CAAF8B3E4560769AA1A20E841F642977AB818DF3CF3238AD67BFFC57F7D96E2CB3A4CD 1028s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-UXiNoj/SSSD-child-28985.pem 1028s + found_md5=Modulus=D26DE56FA25C0F26CF5F15B33E0A9A5B83203AD5E1AAD09034F010B9B0C80A8F4732F13DDB42BBB1F314B1193AB8838F165CCF28E7E794E4B4068548B977C374621F1AF881C15F8CF6B911F6CAC12D8492F4FA1F40D21925BC3F9BEAA1CAAF8B3E4560769AA1A20E841F642977AB818DF3CF3238AD67BFFC57F7D96E2CB3A4CD 1028s + '[' Modulus=D26DE56FA25C0F26CF5F15B33E0A9A5B83203AD5E1AAD09034F010B9B0C80A8F4732F13DDB42BBB1F314B1193AB8838F165CCF28E7E794E4B4068548B977C374621F1AF881C15F8CF6B911F6CAC12D8492F4FA1F40D21925BC3F9BEAA1CAAF8B3E4560769AA1A20E841F642977AB818DF3CF3238AD67BFFC57F7D96E2CB3A4CD '!=' Modulus=D26DE56FA25C0F26CF5F15B33E0A9A5B83203AD5E1AAD09034F010B9B0C80A8F4732F13DDB42BBB1F314B1193AB8838F165CCF28E7E794E4B4068548B977C374621F1AF881C15F8CF6B911F6CAC12D8492F4FA1F40D21925BC3F9BEAA1CAAF8B3E4560769AA1A20E841F642977AB818DF3CF3238AD67BFFC57F7D96E2CB3A4CD ']' 1028s + output_file=/tmp/sssd-softhsm2-UXiNoj/SSSD-child-28985-auth.output 1028s ++ basename /tmp/sssd-softhsm2-UXiNoj/SSSD-child-28985-auth.output .output 1028s + output_cert_file=/tmp/sssd-softhsm2-UXiNoj/SSSD-child-28985-auth.pem 1028s + echo -n 053350 1028s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-UXiNoj/test-full-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 '' --token_name 'Test Organization Interme Token' --module_name /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so 1028s [p11_child[2200]] [main] (0x0400): p11_child started. 1028s [p11_child[2200]] [main] (0x2000): Running in [auth] mode. 1028s [p11_child[2200]] [main] (0x2000): Running with effective IDs: [0][0]. 1028s [p11_child[2200]] [main] (0x2000): Running with real IDs [0][0]. 1028s [p11_child[2200]] [do_card] (0x4000): Module List: 1028s [p11_child[2200]] [do_card] (0x4000): common name: [softhsm2]. 1028s [p11_child[2200]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 1028s [p11_child[2200]] [do_card] (0x4000): Description [SoftHSM slot ID 0x9d19bb1] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 1028s [p11_child[2200]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 1028s [p11_child[2200]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x9d19bb1][164731825] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 1028s [p11_child[2200]] [do_card] (0x4000): Login required. 1028s [p11_child[2200]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 1028s [p11_child[2200]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 1028s [p11_child[2200]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so Test Organization Interme Token Test Organization Interme Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 1028s [p11_child[2200]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x9d19bb1;slot-manufacturer=SoftHSM%20project;slot-id=164731825;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=beb88b7289d19bb1;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 1028s [p11_child[2200]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 1028s [p11_child[2200]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 1028s [p11_child[2200]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 1028s [p11_child[2200]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 1028s [p11_child[2200]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 1028s [p11_child[2200]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 1028s [p11_child[2200]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 1028s [p11_child[2200]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 1028s [p11_child[2200]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 1028s [p11_child[2200]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 1028s [p11_child[2200]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 1028s [p11_child[2200]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 1028s [p11_child[2200]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 1028s [p11_child[2200]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 1028s [p11_child[2200]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 1028s [p11_child[2200]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 1028s [p11_child[2200]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 1028s [p11_child[2200]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 1028s [p11_child[2200]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 1028s [p11_child[2200]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 1028s [p11_child[2200]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 1028s [p11_child[2200]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 1028s [p11_child[2200]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 1028s [p11_child[2200]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 1028s [p11_child[2200]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 1028s [p11_child[2200]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 1028s [p11_child[2200]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 1028s [p11_child[2200]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 1028s [p11_child[2200]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 1028s [p11_child[2200]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 1028s [p11_child[2200]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 1028s [p11_child[2200]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 1028s [p11_child[2200]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 1028s [p11_child[2200]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 1028s [p11_child[2200]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 1028s [p11_child[2200]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 1028s [p11_child[2200]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 1028s [p11_child[2200]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 1028s [p11_child[2200]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 1028s [p11_child[2200]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 1028s [p11_child[2200]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 1028s [p11_child[2200]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 1028s [p11_child[2200]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 1028s [p11_child[2200]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 1028s [p11_child[2200]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 1028s [p11_child[2200]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 1028s [p11_child[2200]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 1028s [p11_child[2200]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 1028s [p11_child[2200]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 1028s [p11_child[2200]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 1028s [p11_child[2200]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 1028s [p11_child[2200]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 1028s [p11_child[2200]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 1028s [p11_child[2200]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 1028s [p11_child[2200]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 1028s [p11_child[2200]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 1028s [p11_child[2200]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 1028s [p11_child[2200]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 1028s [p11_child[2200]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 1028s [p11_child[2200]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 1028s [p11_child[2200]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 1028s [p11_child[2200]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 1028s [p11_child[2200]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 1028s [p11_child[2200]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 1028s [p11_child[2200]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 1028s [p11_child[2200]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 1028s [p11_child[2200]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 1028s [p11_child[2200]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 1028s [p11_child[2200]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 1028s [p11_child[2200]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 1028s [p11_child[2200]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 1028s [p11_child[2200]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 1028s [p11_child[2200]] [do_card] (0x4000): Certificate verified and validated. 1028s [p11_child[2200]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 1028s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-UXiNoj/SSSD-child-28985-auth.output 1028s + echo '-----BEGIN CERTIFICATE-----' 1028s + tail -n1 /tmp/sssd-softhsm2-UXiNoj/SSSD-child-28985-auth.output 1028s + echo '-----END CERTIFICATE-----' 1028s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-UXiNoj/SSSD-child-28985-auth.pem 1028s Certificate: 1028s Data: 1028s Version: 3 (0x2) 1028s Serial Number: 4 (0x4) 1028s Signature Algorithm: sha256WithRSAEncryption 1028s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 1028s Validity 1028s Not Before: Mar 25 11:11:18 2024 GMT 1028s Not After : Mar 25 11:11:18 2025 GMT 1028s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 1028s Subject Public Key Info: 1028s Public Key Algorithm: rsaEncryption 1028s Public-Key: (1024 bit) 1028s Modulus: 1028s 00:d2:6d:e5:6f:a2:5c:0f:26:cf:5f:15:b3:3e:0a: 1028s 9a:5b:83:20:3a:d5:e1:aa:d0:90:34:f0:10:b9:b0: 1028s c8:0a:8f:47:32:f1:3d:db:42:bb:b1:f3:14:b1:19: 1028s 3a:b8:83:8f:16:5c:cf:28:e7:e7:94:e4:b4:06:85: 1028s 48:b9:77:c3:74:62:1f:1a:f8:81:c1:5f:8c:f6:b9: 1028s 11:f6:ca:c1:2d:84:92:f4:fa:1f:40:d2:19:25:bc: 1028s 3f:9b:ea:a1:ca:af:8b:3e:45:60:76:9a:a1:a2:0e: 1028s 84:1f:64:29:77:ab:81:8d:f3:cf:32:38:ad:67:bf: 1028s fc:57:f7:d9:6e:2c:b3:a4:cd 1028s Exponent: 65537 (0x10001) 1028s X509v3 extensions: 1028s X509v3 Authority Key Identifier: 1028s 64:AB:44:62:B1:FD:EB:4C:F8:FE:F1:B0:B8:59:56:F4:96:30:51:AE 1028s X509v3 Basic Constraints: 1028s CA:FALSE 1028s Netscape Cert Type: 1028s SSL Client, S/MIME 1028s Netscape Comment: 1028s Test Organization Intermediate CA trusted Certificate 1028s X509v3 Subject Key Identifier: 1028s 12:C7:BF:9D:F9:A3:2E:D6:72:BA:75:12:62:BE:B5:9F:4B:60:CB:D3 1028s X509v3 Key Usage: critical 1028s Digital Signature, Non Repudiation, Key Encipherment 1028s X509v3 Extended Key Usage: 1028s TLS Web Client Authentication, E-mail Protection 1028s X509v3 Subject Alternative Name: 1028s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 1028s Signature Algorithm: sha256WithRSAEncryption 1028s Signature Value: 1028s 7c:2b:7a:51:6b:da:81:d9:80:dc:f1:6f:c8:2b:4e:b8:af:ce: 1028s 09:13:29:70:5b:35:74:0e:1b:90:66:87:f5:66:7a:10:d3:83: 1028s 16:36:d2:bd:4e:c4:9f:17:d6:95:98:d5:06:79:d3:33:7c:22: 1028s db:ed:de:ea:7b:96:a5:3b:8c:de:f6:b7:d4:6f:0f:dc:07:d5: 1028s 6d:40:30:1f:fa:59:ab:db:12:ef:a1:a6:a9:4c:4f:2f:4d:f3: 1028s 55:08:61:bc:b5:24:d0:fe:2f:5a:49:25:ce:a4:b1:9f:64:61: 1028s 3c:e1:bb:93:44:83:c5:18:2e:49:56:62:23:67:17:53:eb:03: 1028s 03:6d 1028s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-UXiNoj/SSSD-child-28985-auth.pem 1028s + found_md5=Modulus=D26DE56FA25C0F26CF5F15B33E0A9A5B83203AD5E1AAD09034F010B9B0C80A8F4732F13DDB42BBB1F314B1193AB8838F165CCF28E7E794E4B4068548B977C374621F1AF881C15F8CF6B911F6CAC12D8492F4FA1F40D21925BC3F9BEAA1CAAF8B3E4560769AA1A20E841F642977AB818DF3CF3238AD67BFFC57F7D96E2CB3A4CD 1028s + '[' Modulus=D26DE56FA25C0F26CF5F15B33E0A9A5B83203AD5E1AAD09034F010B9B0C80A8F4732F13DDB42BBB1F314B1193AB8838F165CCF28E7E794E4B4068548B977C374621F1AF881C15F8CF6B911F6CAC12D8492F4FA1F40D21925BC3F9BEAA1CAAF8B3E4560769AA1A20E841F642977AB818DF3CF3238AD67BFFC57F7D96E2CB3A4CD '!=' Modulus=D26DE56FA25C0F26CF5F15B33E0A9A5B83203AD5E1AAD09034F010B9B0C80A8F4732F13DDB42BBB1F314B1193AB8838F165CCF28E7E794E4B4068548B977C374621F1AF881C15F8CF6B911F6CAC12D8492F4FA1F40D21925BC3F9BEAA1CAAF8B3E4560769AA1A20E841F642977AB818DF3CF3238AD67BFFC57F7D96E2CB3A4CD ']' 1028s + valid_certificate /tmp/sssd-softhsm2-UXiNoj/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-8515 /tmp/sssd-softhsm2-UXiNoj/test-full-chain-CA.pem partial_chain 1028s + check_certificate /tmp/sssd-softhsm2-UXiNoj/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-8515 /tmp/sssd-softhsm2-UXiNoj/test-full-chain-CA.pem partial_chain 1028s + local certificate=/tmp/sssd-softhsm2-UXiNoj/test-intermediate-CA-trusted-certificate-0001.pem 1028s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-8515 1028s + local key_ring=/tmp/sssd-softhsm2-UXiNoj/test-full-chain-CA.pem 1028s + local verify_option=partial_chain 1028s + prepare_softhsm2_card /tmp/sssd-softhsm2-UXiNoj/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-8515 1028s + local certificate=/tmp/sssd-softhsm2-UXiNoj/test-intermediate-CA-trusted-certificate-0001.pem 1028s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-8515 1028s + local key_cn 1028s + local key_name 1028s + local tokens_dir 1028s + local output_cert_file 1028s + token_name= 1028s ++ basename /tmp/sssd-softhsm2-UXiNoj/test-intermediate-CA-trusted-certificate-0001.pem .pem 1028s + key_name=test-intermediate-CA-trusted-certificate-0001 1028s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-UXiNoj/test-intermediate-CA-trusted-certificate-0001.pem 1028s ++ sed -n 's/ *commonName *= //p' 1029s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 1029s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 1029s Test Organization Interme Token 1029s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-UXiNoj/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 1029s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-UXiNoj/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 1029s ++ basename /tmp/sssd-softhsm2-UXiNoj/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 1029s + tokens_dir=/tmp/sssd-softhsm2-UXiNoj/softhsm2-test-intermediate-CA-trusted-certificate-0001 1029s + token_name='Test Organization Interme Token' 1029s + '[' '!' -e /tmp/sssd-softhsm2-UXiNoj/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 1029s + '[' '!' -d /tmp/sssd-softhsm2-UXiNoj/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 1029s + echo 'Test Organization Interme Token' 1029s + '[' -n partial_chain ']' 1029s + local verify_arg=--verify=partial_chain 1029s + local output_base_name=SSSD-child-13528 1029s + local output_file=/tmp/sssd-softhsm2-UXiNoj/SSSD-child-13528.output 1029s + output_cert_file=/tmp/sssd-softhsm2-UXiNoj/SSSD-child-13528.pem 1029s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-UXiNoj/test-full-chain-CA.pem 1029s [p11_child[2210]] [main] (0x0400): p11_child started. 1029s [p11_child[2210]] [main] (0x2000): Running in [pre-auth] mode. 1029s [p11_child[2210]] [main] (0x2000): Running with effective IDs: [0][0]. 1029s [p11_child[2210]] [main] (0x2000): Running with real IDs [0][0]. 1029s [p11_child[2210]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 1029s [p11_child[2210]] [do_card] (0x4000): Module List: 1029s [p11_child[2210]] [do_card] (0x4000): common name: [softhsm2]. 1029s [p11_child[2210]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 1029s [p11_child[2210]] [do_card] (0x4000): Description [SoftHSM slot ID 0x9d19bb1] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 1029s [p11_child[2210]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 1029s [p11_child[2210]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x9d19bb1][164731825] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 1029s [p11_child[2210]] [do_card] (0x4000): Login NOT required. 1029s [p11_child[2210]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 1029s [p11_child[2210]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 1029s [p11_child[2210]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Interme Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 1029s [p11_child[2210]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x9d19bb1;slot-manufacturer=SoftHSM%20project;slot-id=164731825;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=beb88b7289d19bb1;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 1029s [p11_child[2210]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 1029s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-UXiNoj/SSSD-child-13528.output 1029s + echo '-----BEGIN CERTIFICATE-----' 1029s + tail -n1 /tmp/sssd-softhsm2-UXiNoj/SSSD-child-13528.output 1029s + echo '-----END CERTIFICATE-----' 1029s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-UXiNoj/SSSD-child-13528.pem 1029s Certificate: 1029s Data: 1029s Version: 3 (0x2) 1029s Serial Number: 4 (0x4) 1029s Signature Algorithm: sha256WithRSAEncryption 1029s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 1029s Validity 1029s Not Before: Mar 25 11:11:18 2024 GMT 1029s Not After : Mar 25 11:11:18 2025 GMT 1029s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 1029s Subject Public Key Info: 1029s Public Key Algorithm: rsaEncryption 1029s Public-Key: (1024 bit) 1029s Modulus: 1029s 00:d2:6d:e5:6f:a2:5c:0f:26:cf:5f:15:b3:3e:0a: 1029s 9a:5b:83:20:3a:d5:e1:aa:d0:90:34:f0:10:b9:b0: 1029s c8:0a:8f:47:32:f1:3d:db:42:bb:b1:f3:14:b1:19: 1029s 3a:b8:83:8f:16:5c:cf:28:e7:e7:94:e4:b4:06:85: 1029s 48:b9:77:c3:74:62:1f:1a:f8:81:c1:5f:8c:f6:b9: 1029s 11:f6:ca:c1:2d:84:92:f4:fa:1f:40:d2:19:25:bc: 1029s 3f:9b:ea:a1:ca:af:8b:3e:45:60:76:9a:a1:a2:0e: 1029s 84:1f:64:29:77:ab:81:8d:f3:cf:32:38:ad:67:bf: 1029s fc:57:f7:d9:6e:2c:b3:a4:cd 1029s Exponent: 65537 (0x10001) 1029s X509v3 extensions: 1029s X509v3 Authority Key Identifier: 1029s 64:AB:44:62:B1:FD:EB:4C:F8:FE:F1:B0:B8:59:56:F4:96:30:51:AE 1029s X509v3 Basic Constraints: 1029s CA:FALSE 1029s Netscape Cert Type: 1029s SSL Client, S/MIME 1029s Netscape Comment: 1029s Test Organization Intermediate CA trusted Certificate 1029s X509v3 Subject Key Identifier: 1029s 12:C7:BF:9D:F9:A3:2E:D6:72:BA:75:12:62:BE:B5:9F:4B:60:CB:D3 1029s X509v3 Key Usage: critical 1029s Digital Signature, Non Repudiation, Key Encipherment 1029s X509v3 Extended Key Usage: 1029s TLS Web Client Authentication, E-mail Protection 1029s X509v3 Subject Alternative Name: 1029s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 1029s Signature Algorithm: sha256WithRSAEncryption 1029s Signature Value: 1029s 7c:2b:7a:51:6b:da:81:d9:80:dc:f1:6f:c8:2b:4e:b8:af:ce: 1029s 09:13:29:70:5b:35:74:0e:1b:90:66:87:f5:66:7a:10:d3:83: 1029s 16:36:d2:bd:4e:c4:9f:17:d6:95:98:d5:06:79:d3:33:7c:22: 1029s db:ed:de:ea:7b:96:a5:3b:8c:de:f6:b7:d4:6f:0f:dc:07:d5: 1029s 6d:40:30:1f:fa:59:ab:db:12:ef:a1:a6:a9:4c:4f:2f:4d:f3: 1029s 55:08:61:bc:b5:24:d0:fe:2f:5a:49:25:ce:a4:b1:9f:64:61: 1029s 3c:e1:bb:93:44:83:c5:18:2e:49:56:62:23:67:17:53:eb:03: 1029s 03:6d 1029s + local found_md5 expected_md5 1029s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-UXiNoj/test-intermediate-CA-trusted-certificate-0001.pem 1029s + expected_md5=Modulus=D26DE56FA25C0F26CF5F15B33E0A9A5B83203AD5E1AAD09034F010B9B0C80A8F4732F13DDB42BBB1F314B1193AB8838F165CCF28E7E794E4B4068548B977C374621F1AF881C15F8CF6B911F6CAC12D8492F4FA1F40D21925BC3F9BEAA1CAAF8B3E4560769AA1A20E841F642977AB818DF3CF3238AD67BFFC57F7D96E2CB3A4CD 1029s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-UXiNoj/SSSD-child-13528.pem 1029s + found_md5=Modulus=D26DE56FA25C0F26CF5F15B33E0A9A5B83203AD5E1AAD09034F010B9B0C80A8F4732F13DDB42BBB1F314B1193AB8838F165CCF28E7E794E4B4068548B977C374621F1AF881C15F8CF6B911F6CAC12D8492F4FA1F40D21925BC3F9BEAA1CAAF8B3E4560769AA1A20E841F642977AB818DF3CF3238AD67BFFC57F7D96E2CB3A4CD 1029s + '[' Modulus=D26DE56FA25C0F26CF5F15B33E0A9A5B83203AD5E1AAD09034F010B9B0C80A8F4732F13DDB42BBB1F314B1193AB8838F165CCF28E7E794E4B4068548B977C374621F1AF881C15F8CF6B911F6CAC12D8492F4FA1F40D21925BC3F9BEAA1CAAF8B3E4560769AA1A20E841F642977AB818DF3CF3238AD67BFFC57F7D96E2CB3A4CD '!=' Modulus=D26DE56FA25C0F26CF5F15B33E0A9A5B83203AD5E1AAD09034F010B9B0C80A8F4732F13DDB42BBB1F314B1193AB8838F165CCF28E7E794E4B4068548B977C374621F1AF881C15F8CF6B911F6CAC12D8492F4FA1F40D21925BC3F9BEAA1CAAF8B3E4560769AA1A20E841F642977AB818DF3CF3238AD67BFFC57F7D96E2CB3A4CD ']' 1029s + output_file=/tmp/sssd-softhsm2-UXiNoj/SSSD-child-13528-auth.output 1029s ++ basename /tmp/sssd-softhsm2-UXiNoj/SSSD-child-13528-auth.output .output 1029s + output_cert_file=/tmp/sssd-softhsm2-UXiNoj/SSSD-child-13528-auth.pem 1029s + echo -n 053350 1029s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-UXiNoj/test-full-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Interme Token' --module_name /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so 1029s [p11_child[2218]] [main] (0x0400): p11_child started. 1029s [p11_child[2218]] [main] (0x2000): Running in [auth] mode. 1029s [p11_child[2218]] [main] (0x2000): Running with effective IDs: [0][0]. 1029s [p11_child[2218]] [main] (0x2000): Running with real IDs [0][0]. 1029s [p11_child[2218]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 1029s [p11_child[2218]] [do_card] (0x4000): Module List: 1029s [p11_child[2218]] [do_card] (0x4000): common name: [softhsm2]. 1029s [p11_child[2218]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 1029s [p11_child[2218]] [do_card] (0x4000): Description [SoftHSM slot ID 0x9d19bb1] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 1029s [p11_child[2218]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 1029s [p11_child[2218]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x9d19bb1][164731825] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 1029s [p11_child[2218]] [do_card] (0x4000): Login required. 1029s [p11_child[2218]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 1029s [p11_child[2218]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 1029s [p11_child[2218]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so Test Organization Interme Token Test Organization Interme Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 1029s [p11_child[2218]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x9d19bb1;slot-manufacturer=SoftHSM%20project;slot-id=164731825;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=beb88b7289d19bb1;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 1029s [p11_child[2218]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 1029s [p11_child[2218]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 1029s [p11_child[2218]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 1029s [p11_child[2218]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 1029s [p11_child[2218]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 1029s [p11_child[2218]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 1029s [p11_child[2218]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 1029s [p11_child[2218]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 1029s [p11_child[2218]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 1029s [p11_child[2218]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 1029s [p11_child[2218]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 1029s [p11_child[2218]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 1029s [p11_child[2218]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 1029s [p11_child[2218]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 1029s [p11_child[2218]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 1029s [p11_child[2218]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 1029s [p11_child[2218]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 1029s [p11_child[2218]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 1029s [p11_child[2218]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 1029s [p11_child[2218]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 1029s [p11_child[2218]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 1029s [p11_child[2218]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 1029s [p11_child[2218]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 1029s [p11_child[2218]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 1029s [p11_child[2218]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 1029s [p11_child[2218]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 1029s [p11_child[2218]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 1029s [p11_child[2218]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 1029s [p11_child[2218]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 1029s [p11_child[2218]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 1029s [p11_child[2218]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 1029s [p11_child[2218]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 1029s [p11_child[2218]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 1029s [p11_child[2218]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 1029s [p11_child[2218]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 1029s [p11_child[2218]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 1029s [p11_child[2218]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 1029s [p11_child[2218]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 1029s [p11_child[2218]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 1029s [p11_child[2218]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 1029s [p11_child[2218]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 1029s [p11_child[2218]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 1029s [p11_child[2218]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 1029s [p11_child[2218]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 1029s [p11_child[2218]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 1029s [p11_child[2218]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 1029s [p11_child[2218]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 1029s [p11_child[2218]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 1029s [p11_child[2218]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 1029s [p11_child[2218]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 1029s [p11_child[2218]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 1029s [p11_child[2218]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 1029s [p11_child[2218]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 1029s [p11_child[2218]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 1029s [p11_child[2218]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 1029s [p11_child[2218]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 1029s [p11_child[2218]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 1029s [p11_child[2218]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 1029s [p11_child[2218]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 1029s [p11_child[2218]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 1029s [p11_child[2218]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 1029s [p11_child[2218]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 1029s [p11_child[2218]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 1029s [p11_child[2218]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 1029s [p11_child[2218]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 1029s [p11_child[2218]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 1029s [p11_child[2218]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 1029s [p11_child[2218]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 1029s [p11_child[2218]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 1029s [p11_child[2218]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 1029s [p11_child[2218]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 1029s [p11_child[2218]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 1029s [p11_child[2218]] [do_card] (0x4000): Certificate verified and validated. 1029s [p11_child[2218]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 1029s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-UXiNoj/SSSD-child-13528-auth.output 1029s + echo '-----BEGIN CERTIFICATE-----' 1029s + tail -n1 /tmp/sssd-softhsm2-UXiNoj/SSSD-child-13528-auth.output 1029s + echo '-----END CERTIFICATE-----' 1029s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-UXiNoj/SSSD-child-13528-auth.pem 1029s Certificate: 1029s Data: 1029s Version: 3 (0x2) 1029s Serial Number: 4 (0x4) 1029s Signature Algorithm: sha256WithRSAEncryption 1029s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 1029s Validity 1029s Not Before: Mar 25 11:11:18 2024 GMT 1029s Not After : Mar 25 11:11:18 2025 GMT 1029s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 1029s Subject Public Key Info: 1029s Public Key Algorithm: rsaEncryption 1029s Public-Key: (1024 bit) 1029s Modulus: 1029s 00:d2:6d:e5:6f:a2:5c:0f:26:cf:5f:15:b3:3e:0a: 1029s 9a:5b:83:20:3a:d5:e1:aa:d0:90:34:f0:10:b9:b0: 1029s c8:0a:8f:47:32:f1:3d:db:42:bb:b1:f3:14:b1:19: 1029s 3a:b8:83:8f:16:5c:cf:28:e7:e7:94:e4:b4:06:85: 1029s 48:b9:77:c3:74:62:1f:1a:f8:81:c1:5f:8c:f6:b9: 1029s 11:f6:ca:c1:2d:84:92:f4:fa:1f:40:d2:19:25:bc: 1029s 3f:9b:ea:a1:ca:af:8b:3e:45:60:76:9a:a1:a2:0e: 1029s 84:1f:64:29:77:ab:81:8d:f3:cf:32:38:ad:67:bf: 1029s fc:57:f7:d9:6e:2c:b3:a4:cd 1029s Exponent: 65537 (0x10001) 1029s X509v3 extensions: 1029s X509v3 Authority Key Identifier: 1029s 64:AB:44:62:B1:FD:EB:4C:F8:FE:F1:B0:B8:59:56:F4:96:30:51:AE 1029s X509v3 Basic Constraints: 1029s CA:FALSE 1029s Netscape Cert Type: 1029s SSL Client, S/MIME 1029s Netscape Comment: 1029s Test Organization Intermediate CA trusted Certificate 1029s X509v3 Subject Key Identifier: 1029s 12:C7:BF:9D:F9:A3:2E:D6:72:BA:75:12:62:BE:B5:9F:4B:60:CB:D3 1029s X509v3 Key Usage: critical 1029s Digital Signature, Non Repudiation, Key Encipherment 1029s X509v3 Extended Key Usage: 1029s TLS Web Client Authentication, E-mail Protection 1029s X509v3 Subject Alternative Name: 1029s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 1029s Signature Algorithm: sha256WithRSAEncryption 1029s Signature Value: 1029s 7c:2b:7a:51:6b:da:81:d9:80:dc:f1:6f:c8:2b:4e:b8:af:ce: 1029s 09:13:29:70:5b:35:74:0e:1b:90:66:87:f5:66:7a:10:d3:83: 1029s 16:36:d2:bd:4e:c4:9f:17:d6:95:98:d5:06:79:d3:33:7c:22: 1029s db:ed:de:ea:7b:96:a5:3b:8c:de:f6:b7:d4:6f:0f:dc:07:d5: 1029s 6d:40:30:1f:fa:59:ab:db:12:ef:a1:a6:a9:4c:4f:2f:4d:f3: 1029s 55:08:61:bc:b5:24:d0:fe:2f:5a:49:25:ce:a4:b1:9f:64:61: 1029s 3c:e1:bb:93:44:83:c5:18:2e:49:56:62:23:67:17:53:eb:03: 1029s 03:6d 1029s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-UXiNoj/SSSD-child-13528-auth.pem 1029s + found_md5=Modulus=D26DE56FA25C0F26CF5F15B33E0A9A5B83203AD5E1AAD09034F010B9B0C80A8F4732F13DDB42BBB1F314B1193AB8838F165CCF28E7E794E4B4068548B977C374621F1AF881C15F8CF6B911F6CAC12D8492F4FA1F40D21925BC3F9BEAA1CAAF8B3E4560769AA1A20E841F642977AB818DF3CF3238AD67BFFC57F7D96E2CB3A4CD 1029s + '[' Modulus=D26DE56FA25C0F26CF5F15B33E0A9A5B83203AD5E1AAD09034F010B9B0C80A8F4732F13DDB42BBB1F314B1193AB8838F165CCF28E7E794E4B4068548B977C374621F1AF881C15F8CF6B911F6CAC12D8492F4FA1F40D21925BC3F9BEAA1CAAF8B3E4560769AA1A20E841F642977AB818DF3CF3238AD67BFFC57F7D96E2CB3A4CD '!=' Modulus=D26DE56FA25C0F26CF5F15B33E0A9A5B83203AD5E1AAD09034F010B9B0C80A8F4732F13DDB42BBB1F314B1193AB8838F165CCF28E7E794E4B4068548B977C374621F1AF881C15F8CF6B911F6CAC12D8492F4FA1F40D21925BC3F9BEAA1CAAF8B3E4560769AA1A20E841F642977AB818DF3CF3238AD67BFFC57F7D96E2CB3A4CD ']' 1029s + invalid_certificate /tmp/sssd-softhsm2-UXiNoj/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-8515 /tmp/sssd-softhsm2-UXiNoj/test-intermediate-CA.pem 1029s + check_certificate /tmp/sssd-softhsm2-UXiNoj/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-8515 /tmp/sssd-softhsm2-UXiNoj/test-intermediate-CA.pem 1029s + local certificate=/tmp/sssd-softhsm2-UXiNoj/test-intermediate-CA-trusted-certificate-0001.pem 1029s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-8515 1029s + local key_ring=/tmp/sssd-softhsm2-UXiNoj/test-intermediate-CA.pem 1029s + local verify_option= 1029s + prepare_softhsm2_card /tmp/sssd-softhsm2-UXiNoj/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-8515 1029s + local certificate=/tmp/sssd-softhsm2-UXiNoj/test-intermediate-CA-trusted-certificate-0001.pem 1029s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-8515 1029s + local key_cn 1029s + local key_name 1029s + local tokens_dir 1029s + local output_cert_file 1029s + token_name= 1029s ++ basename /tmp/sssd-softhsm2-UXiNoj/test-intermediate-CA-trusted-certificate-0001.pem .pem 1029s + key_name=test-intermediate-CA-trusted-certificate-0001 1029s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-UXiNoj/test-intermediate-CA-trusted-certificate-0001.pem 1029s ++ sed -n 's/ *commonName *= //p' 1029s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 1029s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 1029s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-UXiNoj/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 1029s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-UXiNoj/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 1029s ++ basename /tmp/sssd-softhsm2-UXiNoj/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 1029s + tokens_dir=/tmp/sssd-softhsm2-UXiNoj/softhsm2-test-intermediate-CA-trusted-certificate-0001 1029s + token_name='Test Organization Interme Token' 1029s + '[' '!' -e /tmp/sssd-softhsm2-UXiNoj/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 1029s Test Organization Interme Token 1029s + '[' '!' -d /tmp/sssd-softhsm2-UXiNoj/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 1029s + echo 'Test Organization Interme Token' 1029s + '[' -n '' ']' 1029s + local output_base_name=SSSD-child-8066 1029s + local output_file=/tmp/sssd-softhsm2-UXiNoj/SSSD-child-8066.output 1029s + output_cert_file=/tmp/sssd-softhsm2-UXiNoj/SSSD-child-8066.pem 1029s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-UXiNoj/test-intermediate-CA.pem 1029s [p11_child[2228]] [main] (0x0400): p11_child started. 1029s [p11_child[2228]] [main] (0x2000): Running in [pre-auth] mode. 1029s [p11_child[2228]] [main] (0x2000): Running with effective IDs: [0][0]. 1029s [p11_child[2228]] [main] (0x2000): Running with real IDs [0][0]. 1029s [p11_child[2228]] [do_card] (0x4000): Module List: 1029s [p11_child[2228]] [do_card] (0x4000): common name: [softhsm2]. 1029s [p11_child[2228]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 1029s [p11_child[2228]] [do_card] (0x4000): Description [SoftHSM slot ID 0x9d19bb1] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 1029s [p11_child[2228]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 1029s [p11_child[2228]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x9d19bb1][164731825] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 1029s [p11_child[2228]] [do_card] (0x4000): Login NOT required. 1029s [p11_child[2228]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 1029s [p11_child[2228]] [do_verification] (0x0040): X509_verify_cert failed [0]. 1029s [p11_child[2228]] [do_verification] (0x0040): X509_verify_cert failed [2][unable to get issuer certificate]. 1029s [p11_child[2228]] [read_certs] (0x0040): Certificate [Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] not valid, skipping. 1029s [p11_child[2228]] [do_card] (0x4000): No certificate found. 1029s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-UXiNoj/SSSD-child-8066.output 1029s + return 2 1029s + valid_certificate /tmp/sssd-softhsm2-UXiNoj/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-8515 /tmp/sssd-softhsm2-UXiNoj/test-intermediate-CA.pem partial_chain 1029s + check_certificate /tmp/sssd-softhsm2-UXiNoj/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-8515 /tmp/sssd-softhsm2-UXiNoj/test-intermediate-CA.pem partial_chain 1029s + local certificate=/tmp/sssd-softhsm2-UXiNoj/test-intermediate-CA-trusted-certificate-0001.pem 1029s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-8515 1029s + local key_ring=/tmp/sssd-softhsm2-UXiNoj/test-intermediate-CA.pem 1029s + local verify_option=partial_chain 1029s + prepare_softhsm2_card /tmp/sssd-softhsm2-UXiNoj/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-8515 1029s + local certificate=/tmp/sssd-softhsm2-UXiNoj/test-intermediate-CA-trusted-certificate-0001.pem 1029s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-8515 1029s + local key_cn 1029s + local key_name 1029s + local tokens_dir 1029s + local output_cert_file 1029s + token_name= 1029s ++ basename /tmp/sssd-softhsm2-UXiNoj/test-intermediate-CA-trusted-certificate-0001.pem .pem 1029s + key_name=test-intermediate-CA-trusted-certificate-0001 1029s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-UXiNoj/test-intermediate-CA-trusted-certificate-0001.pem 1029s ++ sed -n 's/ *commonName *= //p' 1030s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 1030s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 1030s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-UXiNoj/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 1030s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-UXiNoj/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 1030s ++ basename /tmp/sssd-softhsm2-UXiNoj/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 1030s + tokens_dir=/tmp/sssd-softhsm2-UXiNoj/softhsm2-test-intermediate-CA-trusted-certificate-0001 1030s + token_name='Test Organization Interme Token' 1030s + '[' '!' -e /tmp/sssd-softhsm2-UXiNoj/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 1030s + '[' '!' -d /tmp/sssd-softhsm2-UXiNoj/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 1030s + echo 'Test Organization Interme Token' 1030s Test Organization Interme Token 1030s + '[' -n partial_chain ']' 1030s + local verify_arg=--verify=partial_chain 1030s + local output_base_name=SSSD-child-2201 1030s + local output_file=/tmp/sssd-softhsm2-UXiNoj/SSSD-child-2201.output 1030s + output_cert_file=/tmp/sssd-softhsm2-UXiNoj/SSSD-child-2201.pem 1030s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-UXiNoj/test-intermediate-CA.pem 1030s [p11_child[2235]] [main] (0x0400): p11_child started. 1030s [p11_child[2235]] [main] (0x2000): Running in [pre-auth] mode. 1030s [p11_child[2235]] [main] (0x2000): Running with effective IDs: [0][0]. 1030s [p11_child[2235]] [main] (0x2000): Running with real IDs [0][0]. 1030s [p11_child[2235]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 1030s [p11_child[2235]] [do_card] (0x4000): Module List: 1030s [p11_child[2235]] [do_card] (0x4000): common name: [softhsm2]. 1030s [p11_child[2235]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 1030s [p11_child[2235]] [do_card] (0x4000): Description [SoftHSM slot ID 0x9d19bb1] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 1030s [p11_child[2235]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 1030s [p11_child[2235]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x9d19bb1][164731825] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 1030s [p11_child[2235]] [do_card] (0x4000): Login NOT required. 1030s [p11_child[2235]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 1030s [p11_child[2235]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 1030s [p11_child[2235]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Interme Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 1030s [p11_child[2235]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x9d19bb1;slot-manufacturer=SoftHSM%20project;slot-id=164731825;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=beb88b7289d19bb1;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 1030s [p11_child[2235]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 1030s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-UXiNoj/SSSD-child-2201.output 1030s + echo '-----BEGIN CERTIFICATE-----' 1030s + tail -n1 /tmp/sssd-softhsm2-UXiNoj/SSSD-child-2201.output 1030s + echo '-----END CERTIFICATE-----' 1030s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-UXiNoj/SSSD-child-2201.pem 1030s Certificate: 1030s Data: 1030s Version: 3 (0x2) 1030s Serial Number: 4 (0x4) 1030s Signature Algorithm: sha256WithRSAEncryption 1030s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 1030s Validity 1030s Not Before: Mar 25 11:11:18 2024 GMT 1030s Not After : Mar 25 11:11:18 2025 GMT 1030s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 1030s Subject Public Key Info: 1030s Public Key Algorithm: rsaEncryption 1030s Public-Key: (1024 bit) 1030s Modulus: 1030s 00:d2:6d:e5:6f:a2:5c:0f:26:cf:5f:15:b3:3e:0a: 1030s 9a:5b:83:20:3a:d5:e1:aa:d0:90:34:f0:10:b9:b0: 1030s c8:0a:8f:47:32:f1:3d:db:42:bb:b1:f3:14:b1:19: 1030s 3a:b8:83:8f:16:5c:cf:28:e7:e7:94:e4:b4:06:85: 1030s 48:b9:77:c3:74:62:1f:1a:f8:81:c1:5f:8c:f6:b9: 1030s 11:f6:ca:c1:2d:84:92:f4:fa:1f:40:d2:19:25:bc: 1030s 3f:9b:ea:a1:ca:af:8b:3e:45:60:76:9a:a1:a2:0e: 1030s 84:1f:64:29:77:ab:81:8d:f3:cf:32:38:ad:67:bf: 1030s fc:57:f7:d9:6e:2c:b3:a4:cd 1030s Exponent: 65537 (0x10001) 1030s X509v3 extensions: 1030s X509v3 Authority Key Identifier: 1030s 64:AB:44:62:B1:FD:EB:4C:F8:FE:F1:B0:B8:59:56:F4:96:30:51:AE 1030s X509v3 Basic Constraints: 1030s CA:FALSE 1030s Netscape Cert Type: 1030s SSL Client, S/MIME 1030s Netscape Comment: 1030s Test Organization Intermediate CA trusted Certificate 1030s X509v3 Subject Key Identifier: 1030s 12:C7:BF:9D:F9:A3:2E:D6:72:BA:75:12:62:BE:B5:9F:4B:60:CB:D3 1030s X509v3 Key Usage: critical 1030s Digital Signature, Non Repudiation, Key Encipherment 1030s X509v3 Extended Key Usage: 1030s TLS Web Client Authentication, E-mail Protection 1030s X509v3 Subject Alternative Name: 1030s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 1030s Signature Algorithm: sha256WithRSAEncryption 1030s Signature Value: 1030s 7c:2b:7a:51:6b:da:81:d9:80:dc:f1:6f:c8:2b:4e:b8:af:ce: 1030s 09:13:29:70:5b:35:74:0e:1b:90:66:87:f5:66:7a:10:d3:83: 1030s 16:36:d2:bd:4e:c4:9f:17:d6:95:98:d5:06:79:d3:33:7c:22: 1030s db:ed:de:ea:7b:96:a5:3b:8c:de:f6:b7:d4:6f:0f:dc:07:d5: 1030s 6d:40:30:1f:fa:59:ab:db:12:ef:a1:a6:a9:4c:4f:2f:4d:f3: 1030s 55:08:61:bc:b5:24:d0:fe:2f:5a:49:25:ce:a4:b1:9f:64:61: 1030s 3c:e1:bb:93:44:83:c5:18:2e:49:56:62:23:67:17:53:eb:03: 1030s 03:6d 1030s + local found_md5 expected_md5 1030s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-UXiNoj/test-intermediate-CA-trusted-certificate-0001.pem 1030s + expected_md5=Modulus=D26DE56FA25C0F26CF5F15B33E0A9A5B83203AD5E1AAD09034F010B9B0C80A8F4732F13DDB42BBB1F314B1193AB8838F165CCF28E7E794E4B4068548B977C374621F1AF881C15F8CF6B911F6CAC12D8492F4FA1F40D21925BC3F9BEAA1CAAF8B3E4560769AA1A20E841F642977AB818DF3CF3238AD67BFFC57F7D96E2CB3A4CD 1030s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-UXiNoj/SSSD-child-2201.pem 1030s + found_md5=Modulus=D26DE56FA25C0F26CF5F15B33E0A9A5B83203AD5E1AAD09034F010B9B0C80A8F4732F13DDB42BBB1F314B1193AB8838F165CCF28E7E794E4B4068548B977C374621F1AF881C15F8CF6B911F6CAC12D8492F4FA1F40D21925BC3F9BEAA1CAAF8B3E4560769AA1A20E841F642977AB818DF3CF3238AD67BFFC57F7D96E2CB3A4CD 1030s + '[' Modulus=D26DE56FA25C0F26CF5F15B33E0A9A5B83203AD5E1AAD09034F010B9B0C80A8F4732F13DDB42BBB1F314B1193AB8838F165CCF28E7E794E4B4068548B977C374621F1AF881C15F8CF6B911F6CAC12D8492F4FA1F40D21925BC3F9BEAA1CAAF8B3E4560769AA1A20E841F642977AB818DF3CF3238AD67BFFC57F7D96E2CB3A4CD '!=' Modulus=D26DE56FA25C0F26CF5F15B33E0A9A5B83203AD5E1AAD09034F010B9B0C80A8F4732F13DDB42BBB1F314B1193AB8838F165CCF28E7E794E4B4068548B977C374621F1AF881C15F8CF6B911F6CAC12D8492F4FA1F40D21925BC3F9BEAA1CAAF8B3E4560769AA1A20E841F642977AB818DF3CF3238AD67BFFC57F7D96E2CB3A4CD ']' 1030s + output_file=/tmp/sssd-softhsm2-UXiNoj/SSSD-child-2201-auth.output 1030s ++ basename /tmp/sssd-softhsm2-UXiNoj/SSSD-child-2201-auth.output .output 1030s + output_cert_file=/tmp/sssd-softhsm2-UXiNoj/SSSD-child-2201-auth.pem 1030s + echo -n 053350 1030s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-UXiNoj/test-intermediate-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Interme Token' --module_name /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so 1030s [p11_child[2243]] [main] (0x0400): p11_child started. 1030s [p11_child[2243]] [main] (0x2000): Running in [auth] mode. 1030s [p11_child[2243]] [main] (0x2000): Running with effective IDs: [0][0]. 1030s [p11_child[2243]] [main] (0x2000): Running with real IDs [0][0]. 1030s [p11_child[2243]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 1030s [p11_child[2243]] [do_card] (0x4000): Module List: 1030s [p11_child[2243]] [do_card] (0x4000): common name: [softhsm2]. 1030s [p11_child[2243]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 1030s [p11_child[2243]] [do_card] (0x4000): Description [SoftHSM slot ID 0x9d19bb1] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 1030s [p11_child[2243]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 1030s [p11_child[2243]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x9d19bb1][164731825] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 1030s [p11_child[2243]] [do_card] (0x4000): Login required. 1030s [p11_child[2243]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 1030s [p11_child[2243]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 1030s [p11_child[2243]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so Test Organization Interme Token Test Organization Interme Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 1030s [p11_child[2243]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x9d19bb1;slot-manufacturer=SoftHSM%20project;slot-id=164731825;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=beb88b7289d19bb1;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 1030s [p11_child[2243]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 1030s [p11_child[2243]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 1030s [p11_child[2243]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 1030s [p11_child[2243]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 1030s [p11_child[2243]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 1030s [p11_child[2243]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 1030s [p11_child[2243]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 1030s [p11_child[2243]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 1030s [p11_child[2243]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 1030s [p11_child[2243]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 1030s [p11_child[2243]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 1030s [p11_child[2243]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 1030s [p11_child[2243]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 1030s [p11_child[2243]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 1030s [p11_child[2243]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 1030s [p11_child[2243]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 1030s [p11_child[2243]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 1030s [p11_child[2243]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 1030s [p11_child[2243]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 1030s [p11_child[2243]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 1030s [p11_child[2243]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 1030s [p11_child[2243]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 1030s [p11_child[2243]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 1030s [p11_child[2243]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 1030s [p11_child[2243]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 1030s [p11_child[2243]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 1030s [p11_child[2243]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 1030s [p11_child[2243]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 1030s [p11_child[2243]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 1030s [p11_child[2243]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 1030s [p11_child[2243]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 1030s [p11_child[2243]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 1030s [p11_child[2243]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 1030s [p11_child[2243]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 1030s [p11_child[2243]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 1030s [p11_child[2243]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 1030s [p11_child[2243]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 1030s [p11_child[2243]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 1030s [p11_child[2243]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 1030s [p11_child[2243]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 1030s [p11_child[2243]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 1030s [p11_child[2243]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 1030s [p11_child[2243]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 1030s [p11_child[2243]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 1030s [p11_child[2243]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 1030s [p11_child[2243]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 1030s [p11_child[2243]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 1030s [p11_child[2243]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 1030s [p11_child[2243]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 1030s [p11_child[2243]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 1030s [p11_child[2243]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 1030s [p11_child[2243]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 1030s [p11_child[2243]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 1030s [p11_child[2243]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 1030s [p11_child[2243]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 1030s [p11_child[2243]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 1030s [p11_child[2243]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 1030s [p11_child[2243]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 1030s [p11_child[2243]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 1030s [p11_child[2243]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 1030s [p11_child[2243]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 1030s [p11_child[2243]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 1030s [p11_child[2243]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 1030s [p11_child[2243]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 1030s [p11_child[2243]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 1030s [p11_child[2243]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 1030s [p11_child[2243]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 1030s [p11_child[2243]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 1030s [p11_child[2243]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 1030s [p11_child[2243]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 1030s [p11_child[2243]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 1030s [p11_child[2243]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 1030s [p11_child[2243]] [do_card] (0x4000): Certificate verified and validated. 1030s [p11_child[2243]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 1030s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-UXiNoj/SSSD-child-2201-auth.output 1030s + echo '-----BEGIN CERTIFICATE-----' 1030s + tail -n1 /tmp/sssd-softhsm2-UXiNoj/SSSD-child-2201-auth.output 1030s + echo '-----END CERTIFICATE-----' 1030s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-UXiNoj/SSSD-child-2201-auth.pem 1030s Certificate: 1030s Data: 1030s Version: 3 (0x2) 1030s Serial Number: 4 (0x4) 1030s Signature Algorithm: sha256WithRSAEncryption 1030s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 1030s Validity 1030s Not Before: Mar 25 11:11:18 2024 GMT 1030s Not After : Mar 25 11:11:18 2025 GMT 1030s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 1030s Subject Public Key Info: 1030s Public Key Algorithm: rsaEncryption 1030s Public-Key: (1024 bit) 1030s Modulus: 1030s 00:d2:6d:e5:6f:a2:5c:0f:26:cf:5f:15:b3:3e:0a: 1030s 9a:5b:83:20:3a:d5:e1:aa:d0:90:34:f0:10:b9:b0: 1030s c8:0a:8f:47:32:f1:3d:db:42:bb:b1:f3:14:b1:19: 1030s 3a:b8:83:8f:16:5c:cf:28:e7:e7:94:e4:b4:06:85: 1030s 48:b9:77:c3:74:62:1f:1a:f8:81:c1:5f:8c:f6:b9: 1030s 11:f6:ca:c1:2d:84:92:f4:fa:1f:40:d2:19:25:bc: 1030s 3f:9b:ea:a1:ca:af:8b:3e:45:60:76:9a:a1:a2:0e: 1030s 84:1f:64:29:77:ab:81:8d:f3:cf:32:38:ad:67:bf: 1030s fc:57:f7:d9:6e:2c:b3:a4:cd 1030s Exponent: 65537 (0x10001) 1030s X509v3 extensions: 1030s X509v3 Authority Key Identifier: 1030s 64:AB:44:62:B1:FD:EB:4C:F8:FE:F1:B0:B8:59:56:F4:96:30:51:AE 1030s X509v3 Basic Constraints: 1030s CA:FALSE 1030s Netscape Cert Type: 1030s SSL Client, S/MIME 1030s Netscape Comment: 1030s Test Organization Intermediate CA trusted Certificate 1030s X509v3 Subject Key Identifier: 1030s 12:C7:BF:9D:F9:A3:2E:D6:72:BA:75:12:62:BE:B5:9F:4B:60:CB:D3 1030s X509v3 Key Usage: critical 1030s Digital Signature, Non Repudiation, Key Encipherment 1030s X509v3 Extended Key Usage: 1030s TLS Web Client Authentication, E-mail Protection 1030s X509v3 Subject Alternative Name: 1030s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 1030s Signature Algorithm: sha256WithRSAEncryption 1030s Signature Value: 1030s 7c:2b:7a:51:6b:da:81:d9:80:dc:f1:6f:c8:2b:4e:b8:af:ce: 1030s 09:13:29:70:5b:35:74:0e:1b:90:66:87:f5:66:7a:10:d3:83: 1030s 16:36:d2:bd:4e:c4:9f:17:d6:95:98:d5:06:79:d3:33:7c:22: 1030s db:ed:de:ea:7b:96:a5:3b:8c:de:f6:b7:d4:6f:0f:dc:07:d5: 1030s 6d:40:30:1f:fa:59:ab:db:12:ef:a1:a6:a9:4c:4f:2f:4d:f3: 1030s 55:08:61:bc:b5:24:d0:fe:2f:5a:49:25:ce:a4:b1:9f:64:61: 1030s 3c:e1:bb:93:44:83:c5:18:2e:49:56:62:23:67:17:53:eb:03: 1030s 03:6d 1030s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-UXiNoj/SSSD-child-2201-auth.pem 1030s + found_md5=Modulus=D26DE56FA25C0F26CF5F15B33E0A9A5B83203AD5E1AAD09034F010B9B0C80A8F4732F13DDB42BBB1F314B1193AB8838F165CCF28E7E794E4B4068548B977C374621F1AF881C15F8CF6B911F6CAC12D8492F4FA1F40D21925BC3F9BEAA1CAAF8B3E4560769AA1A20E841F642977AB818DF3CF3238AD67BFFC57F7D96E2CB3A4CD 1030s + '[' Modulus=D26DE56FA25C0F26CF5F15B33E0A9A5B83203AD5E1AAD09034F010B9B0C80A8F4732F13DDB42BBB1F314B1193AB8838F165CCF28E7E794E4B4068548B977C374621F1AF881C15F8CF6B911F6CAC12D8492F4FA1F40D21925BC3F9BEAA1CAAF8B3E4560769AA1A20E841F642977AB818DF3CF3238AD67BFFC57F7D96E2CB3A4CD '!=' Modulus=D26DE56FA25C0F26CF5F15B33E0A9A5B83203AD5E1AAD09034F010B9B0C80A8F4732F13DDB42BBB1F314B1193AB8838F165CCF28E7E794E4B4068548B977C374621F1AF881C15F8CF6B911F6CAC12D8492F4FA1F40D21925BC3F9BEAA1CAAF8B3E4560769AA1A20E841F642977AB818DF3CF3238AD67BFFC57F7D96E2CB3A4CD ']' 1030s + invalid_certificate /tmp/sssd-softhsm2-UXiNoj/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-26952 /tmp/sssd-softhsm2-UXiNoj/test-root-CA.pem 1030s + check_certificate /tmp/sssd-softhsm2-UXiNoj/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-26952 /tmp/sssd-softhsm2-UXiNoj/test-root-CA.pem 1030s + local certificate=/tmp/sssd-softhsm2-UXiNoj/test-sub-intermediate-CA-trusted-certificate-0001.pem 1030s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-26952 1030s + local key_ring=/tmp/sssd-softhsm2-UXiNoj/test-root-CA.pem 1030s + local verify_option= 1030s + prepare_softhsm2_card /tmp/sssd-softhsm2-UXiNoj/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-26952 1030s + local certificate=/tmp/sssd-softhsm2-UXiNoj/test-sub-intermediate-CA-trusted-certificate-0001.pem 1030s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-26952 1030s + local key_cn 1030s + local key_name 1030s + local tokens_dir 1030s + local output_cert_file 1030s + token_name= 1030s ++ basename /tmp/sssd-softhsm2-UXiNoj/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 1030s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 1030s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-UXiNoj/test-sub-intermediate-CA-trusted-certificate-0001.pem 1030s ++ sed -n 's/ *commonName *= //p' 1030s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 1030s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 1030s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-UXiNoj/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 1030s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-UXiNoj/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 1030s ++ basename /tmp/sssd-softhsm2-UXiNoj/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 1030s + tokens_dir=/tmp/sssd-softhsm2-UXiNoj/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 1030s + token_name='Test Organization Sub Int Token' 1030s + '[' '!' -e /tmp/sssd-softhsm2-UXiNoj/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 1030s + local key_file 1030s + local decrypted_key 1030s + mkdir -p /tmp/sssd-softhsm2-UXiNoj/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 1030s + key_file=/tmp/sssd-softhsm2-UXiNoj/test-sub-intermediate-CA-trusted-certificate-0001-key.pem 1030s + decrypted_key=/tmp/sssd-softhsm2-UXiNoj/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 1030s + cat 1030s + softhsm2-util --init-token --label 'Test Organization Sub Int Token' --pin 053350 --so-pin 053350 --free 1031s Slot 0 has a free/uninitialized token. 1031s The token has been initialized and is reassigned to slot 1904972684 1031s + softhsm2-util --show-slots 1031s Available slots: 1031s Slot 1904972684 1031s Slot info: 1031s Description: SoftHSM slot ID 0x718b938c 1031s Manufacturer ID: SoftHSM project 1031s Hardware version: 2.6 1031s Firmware version: 2.6 1031s Token present: yes 1031s Token info: 1031s Manufacturer ID: SoftHSM project 1031s Model: SoftHSM v2 1031s Hardware version: 2.6 1031s Firmware version: 2.6 1031s Serial number: 9119bc75718b938c 1031s Initialized: yes 1031s User PIN init.: yes 1031s Label: Test Organization Sub Int Token 1031s Slot 1 1031s Slot info: 1031s Description: SoftHSM slot ID 0x1 1031s Manufacturer ID: SoftHSM project 1031s Hardware version: 2.6 1031s Firmware version: 2.6 1031s Token present: yes 1031s Token info: 1031s Manufacturer ID: SoftHSM project 1031s Model: SoftHSM v2 1031s Hardware version: 2.6 1031s Firmware version: 2.6 1031s Serial number: 1031s Initialized: no 1031s User PIN init.: no 1031s Label: 1031s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=/tmp/sssd-softhsm2-UXiNoj/test-sub-intermediate-CA-trusted-certificate-0001.pem --login --set-pin=053350 --label 'Test Organization Sub Intermediate Trusted Certificate 0001' --id 00112233445566778899FFAABBCCDDEEFF012345 1031s + openssl rsa -passin pass:random-sub-intermediate-ca-trusted-cert-0001-26952 -in /tmp/sssd-softhsm2-UXiNoj/test-sub-intermediate-CA-trusted-certificate-0001-key.pem -out /tmp/sssd-softhsm2-UXiNoj/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 1031s writing RSA key 1031s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --write --load-privkey=/tmp/sssd-softhsm2-UXiNoj/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem --login --set-pin=053350 --label 'Test Organization Sub Intermediate Trusted Certificate 0001 Key' --id 00112233445566778899FFAABBCCDDEEFF012345 1031s + rm /tmp/sssd-softhsm2-UXiNoj/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 1031s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --list-all 1031s Object 0: 1031s URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=9119bc75718b938c;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert 1031s Type: X.509 Certificate (RSA-1024) 1031s Expires: Tue Mar 25 11:11:18 2025 1031s Label: Test Organization Sub Intermediate Trusted Certificate 0001 1031s ID: 00:11:22:33:44:55:66:77:88:99:ff:aa:bb:cc:dd:ee:ff:01:23:45 1031s 1031s + echo 'Test Organization Sub Int Token' 1031s Test Organization Sub Int Token 1031s + '[' -n '' ']' 1031s + local output_base_name=SSSD-child-21102 1031s + local output_file=/tmp/sssd-softhsm2-UXiNoj/SSSD-child-21102.output 1031s + output_cert_file=/tmp/sssd-softhsm2-UXiNoj/SSSD-child-21102.pem 1031s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-UXiNoj/test-root-CA.pem 1031s [p11_child[2262]] [main] (0x0400): p11_child started. 1031s [p11_child[2262]] [main] (0x2000): Running in [pre-auth] mode. 1031s [p11_child[2262]] [main] (0x2000): Running with effective IDs: [0][0]. 1031s [p11_child[2262]] [main] (0x2000): Running with real IDs [0][0]. 1031s [p11_child[2262]] [do_card] (0x4000): Module List: 1031s [p11_child[2262]] [do_card] (0x4000): common name: [softhsm2]. 1031s [p11_child[2262]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 1031s [p11_child[2262]] [do_card] (0x4000): Description [SoftHSM slot ID 0x718b938c] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 1031s [p11_child[2262]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 1031s [p11_child[2262]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x718b938c][1904972684] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 1031s [p11_child[2262]] [do_card] (0x4000): Login NOT required. 1031s [p11_child[2262]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 1031s [p11_child[2262]] [do_verification] (0x0040): X509_verify_cert failed [0]. 1031s [p11_child[2262]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 1031s [p11_child[2262]] [read_certs] (0x0040): Certificate [Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] not valid, skipping. 1031s [p11_child[2262]] [do_card] (0x4000): No certificate found. 1031s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-UXiNoj/SSSD-child-21102.output 1031s + return 2 1031s + invalid_certificate /tmp/sssd-softhsm2-UXiNoj/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-26952 /tmp/sssd-softhsm2-UXiNoj/test-root-CA.pem partial_chain 1031s + check_certificate /tmp/sssd-softhsm2-UXiNoj/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-26952 /tmp/sssd-softhsm2-UXiNoj/test-root-CA.pem partial_chain 1031s + local certificate=/tmp/sssd-softhsm2-UXiNoj/test-sub-intermediate-CA-trusted-certificate-0001.pem 1031s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-26952 1031s + local key_ring=/tmp/sssd-softhsm2-UXiNoj/test-root-CA.pem 1031s + local verify_option=partial_chain 1031s + prepare_softhsm2_card /tmp/sssd-softhsm2-UXiNoj/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-26952 1031s + local certificate=/tmp/sssd-softhsm2-UXiNoj/test-sub-intermediate-CA-trusted-certificate-0001.pem 1031s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-26952 1031s + local key_cn 1031s + local key_name 1031s + local tokens_dir 1031s + local output_cert_file 1031s + token_name= 1031s ++ basename /tmp/sssd-softhsm2-UXiNoj/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 1031s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 1031s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-UXiNoj/test-sub-intermediate-CA-trusted-certificate-0001.pem 1031s ++ sed -n 's/ *commonName *= //p' 1031s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 1031s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 1031s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-UXiNoj/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 1031s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-UXiNoj/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 1031s ++ basename /tmp/sssd-softhsm2-UXiNoj/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 1031s + tokens_dir=/tmp/sssd-softhsm2-UXiNoj/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 1031s + token_name='Test Organization Sub Int Token' 1031s Test Organization Sub Int Token 1031s + '[' '!' -e /tmp/sssd-softhsm2-UXiNoj/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 1031s + '[' '!' -d /tmp/sssd-softhsm2-UXiNoj/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 1031s + echo 'Test Organization Sub Int Token' 1031s + '[' -n partial_chain ']' 1031s + local verify_arg=--verify=partial_chain 1031s + local output_base_name=SSSD-child-27932 1031s + local output_file=/tmp/sssd-softhsm2-UXiNoj/SSSD-child-27932.output 1031s + output_cert_file=/tmp/sssd-softhsm2-UXiNoj/SSSD-child-27932.pem 1031s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-UXiNoj/test-root-CA.pem 1031s [p11_child[2269]] [main] (0x0400): p11_child started. 1031s [p11_child[2269]] [main] (0x2000): Running in [pre-auth] mode. 1031s [p11_child[2269]] [main] (0x2000): Running with effective IDs: [0][0]. 1031s [p11_child[2269]] [main] (0x2000): Running with real IDs [0][0]. 1031s [p11_child[2269]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 1031s [p11_child[2269]] [do_card] (0x4000): Module List: 1031s [p11_child[2269]] [do_card] (0x4000): common name: [softhsm2]. 1031s [p11_child[2269]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 1031s [p11_child[2269]] [do_card] (0x4000): Description [SoftHSM slot ID 0x718b938c] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 1031s [p11_child[2269]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 1031s [p11_child[2269]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x718b938c][1904972684] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 1031s [p11_child[2269]] [do_card] (0x4000): Login NOT required. 1031s [p11_child[2269]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 1031s [p11_child[2269]] [do_verification] (0x0040): X509_verify_cert failed [0]. 1031s [p11_child[2269]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 1031s [p11_child[2269]] [read_certs] (0x0040): Certificate [Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] not valid, skipping. 1031s [p11_child[2269]] [do_card] (0x4000): No certificate found. 1031s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-UXiNoj/SSSD-child-27932.output 1031s + return 2 1031s + valid_certificate /tmp/sssd-softhsm2-UXiNoj/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-26952 /tmp/sssd-softhsm2-UXiNoj/test-full-chain-CA.pem 1031s + check_certificate /tmp/sssd-softhsm2-UXiNoj/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-26952 /tmp/sssd-softhsm2-UXiNoj/test-full-chain-CA.pem 1031s + local certificate=/tmp/sssd-softhsm2-UXiNoj/test-sub-intermediate-CA-trusted-certificate-0001.pem 1031s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-26952 1031s + local key_ring=/tmp/sssd-softhsm2-UXiNoj/test-full-chain-CA.pem 1031s + local verify_option= 1031s + prepare_softhsm2_card /tmp/sssd-softhsm2-UXiNoj/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-26952 1031s + local certificate=/tmp/sssd-softhsm2-UXiNoj/test-sub-intermediate-CA-trusted-certificate-0001.pem 1031s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-26952 1031s + local key_cn 1031s + local key_name 1031s + local tokens_dir 1031s + local output_cert_file 1031s + token_name= 1031s ++ basename /tmp/sssd-softhsm2-UXiNoj/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 1031s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 1031s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-UXiNoj/test-sub-intermediate-CA-trusted-certificate-0001.pem 1031s ++ sed -n 's/ *commonName *= //p' 1031s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 1031s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 1031s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-UXiNoj/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 1031s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-UXiNoj/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 1031s ++ basename /tmp/sssd-softhsm2-UXiNoj/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 1031s + tokens_dir=/tmp/sssd-softhsm2-UXiNoj/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 1031s + token_name='Test Organization Sub Int Token' 1031s + '[' '!' -e /tmp/sssd-softhsm2-UXiNoj/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 1031s + '[' '!' -d /tmp/sssd-softhsm2-UXiNoj/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 1031s + echo 'Test Organization Sub Int Token' 1031s + '[' -n '' ']' 1031s Test Organization Sub Int Token 1031s + local output_base_name=SSSD-child-25863 1031s + local output_file=/tmp/sssd-softhsm2-UXiNoj/SSSD-child-25863.output 1031s + output_cert_file=/tmp/sssd-softhsm2-UXiNoj/SSSD-child-25863.pem 1031s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-UXiNoj/test-full-chain-CA.pem 1031s [p11_child[2276]] [main] (0x0400): p11_child started. 1031s [p11_child[2276]] [main] (0x2000): Running in [pre-auth] mode. 1031s [p11_child[2276]] [main] (0x2000): Running with effective IDs: [0][0]. 1031s [p11_child[2276]] [main] (0x2000): Running with real IDs [0][0]. 1031s [p11_child[2276]] [do_card] (0x4000): Module List: 1031s [p11_child[2276]] [do_card] (0x4000): common name: [softhsm2]. 1031s [p11_child[2276]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 1031s [p11_child[2276]] [do_card] (0x4000): Description [SoftHSM slot ID 0x718b938c] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 1031s [p11_child[2276]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 1031s [p11_child[2276]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x718b938c][1904972684] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 1031s [p11_child[2276]] [do_card] (0x4000): Login NOT required. 1031s [p11_child[2276]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 1031s [p11_child[2276]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 1031s [p11_child[2276]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Sub Int Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 1031s [p11_child[2276]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x718b938c;slot-manufacturer=SoftHSM%20project;slot-id=1904972684;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=9119bc75718b938c;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 1031s [p11_child[2276]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 1031s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-UXiNoj/SSSD-child-25863.output 1031s + echo '-----BEGIN CERTIFICATE-----' 1031s + tail -n1 /tmp/sssd-softhsm2-UXiNoj/SSSD-child-25863.output 1031s + echo '-----END CERTIFICATE-----' 1031s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-UXiNoj/SSSD-child-25863.pem 1031s Certificate: 1031s Data: 1031s Version: 3 (0x2) 1031s Serial Number: 5 (0x5) 1031s Signature Algorithm: sha256WithRSAEncryption 1031s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 1031s Validity 1031s Not Before: Mar 25 11:11:18 2024 GMT 1031s Not After : Mar 25 11:11:18 2025 GMT 1031s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 1031s Subject Public Key Info: 1031s Public Key Algorithm: rsaEncryption 1031s Public-Key: (1024 bit) 1031s Modulus: 1031s 00:c9:98:cf:6e:59:b3:7f:85:04:ba:39:11:87:71: 1031s d6:b0:25:bd:4c:2d:84:fb:71:ac:71:1e:e1:ca:7b: 1031s 66:f2:dc:a3:fa:c4:9a:5a:58:59:b6:c3:20:97:ee: 1031s 47:b6:f6:3a:22:cf:0c:db:db:78:b3:27:8e:8f:86: 1031s 5b:c8:bf:e3:33:2d:74:a3:bc:f0:bb:9a:72:87:c9: 1031s 5a:9a:da:43:2f:5a:5f:fd:d6:9d:1a:fe:ed:cd:be: 1031s 7b:38:a3:29:9f:99:0b:d3:a7:fc:e4:eb:45:97:40: 1031s 4a:53:3a:6c:79:00:9d:fd:ee:85:dd:90:b4:5a:be: 1031s 7d:db:24:9a:02:e2:a9:ee:33 1031s Exponent: 65537 (0x10001) 1031s X509v3 extensions: 1031s X509v3 Authority Key Identifier: 1031s 08:59:61:49:49:6E:CF:2D:2F:AC:C1:58:1E:07:81:2B:62:F8:FB:F3 1031s X509v3 Basic Constraints: 1031s CA:FALSE 1031s Netscape Cert Type: 1031s SSL Client, S/MIME 1031s Netscape Comment: 1031s Test Organization Sub Intermediate CA trusted Certificate 1031s X509v3 Subject Key Identifier: 1031s D6:56:A3:93:1B:B9:2D:2C:A1:BF:C2:07:6B:DF:39:6C:B6:B9:9F:FC 1031s X509v3 Key Usage: critical 1031s Digital Signature, Non Repudiation, Key Encipherment 1031s X509v3 Extended Key Usage: 1031s TLS Web Client Authentication, E-mail Protection 1031s X509v3 Subject Alternative Name: 1031s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 1031s Signature Algorithm: sha256WithRSAEncryption 1031s Signature Value: 1031s b6:28:7a:1c:c7:a3:f5:24:81:9e:ba:61:0a:10:f0:e8:80:34: 1031s dd:13:cb:52:89:66:45:29:a4:0a:ae:7e:ca:9f:18:45:f8:4f: 1031s e6:21:f7:d0:06:8e:76:11:10:13:9f:6b:7e:29:8e:a5:f3:d3: 1031s 77:4a:07:0e:bd:78:2e:ee:40:05:39:37:36:e3:43:1c:ef:d6: 1031s 91:35:d8:df:94:19:ca:ad:ba:3a:72:53:62:77:5a:69:01:89: 1031s a8:24:fd:d2:c7:29:3d:28:c4:8d:a9:4f:8e:05:30:72:4c:a5: 1031s 86:6a:a0:46:cb:41:df:f1:38:a3:94:90:ba:7a:aa:f1:1e:e4: 1031s 6d:1a 1031s + local found_md5 expected_md5 1031s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-UXiNoj/test-sub-intermediate-CA-trusted-certificate-0001.pem 1031s + expected_md5=Modulus=C998CF6E59B37F8504BA39118771D6B025BD4C2D84FB71AC711EE1CA7B66F2DCA3FAC49A5A5859B6C32097EE47B6F63A22CF0CDBDB78B3278E8F865BC8BFE3332D74A3BCF0BB9A7287C95A9ADA432F5A5FFDD69D1AFEEDCDBE7B38A3299F990BD3A7FCE4EB4597404A533A6C79009DFDEE85DD90B45ABE7DDB249A02E2A9EE33 1031s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-UXiNoj/SSSD-child-25863.pem 1032s + found_md5=Modulus=C998CF6E59B37F8504BA39118771D6B025BD4C2D84FB71AC711EE1CA7B66F2DCA3FAC49A5A5859B6C32097EE47B6F63A22CF0CDBDB78B3278E8F865BC8BFE3332D74A3BCF0BB9A7287C95A9ADA432F5A5FFDD69D1AFEEDCDBE7B38A3299F990BD3A7FCE4EB4597404A533A6C79009DFDEE85DD90B45ABE7DDB249A02E2A9EE33 1032s + '[' Modulus=C998CF6E59B37F8504BA39118771D6B025BD4C2D84FB71AC711EE1CA7B66F2DCA3FAC49A5A5859B6C32097EE47B6F63A22CF0CDBDB78B3278E8F865BC8BFE3332D74A3BCF0BB9A7287C95A9ADA432F5A5FFDD69D1AFEEDCDBE7B38A3299F990BD3A7FCE4EB4597404A533A6C79009DFDEE85DD90B45ABE7DDB249A02E2A9EE33 '!=' Modulus=C998CF6E59B37F8504BA39118771D6B025BD4C2D84FB71AC711EE1CA7B66F2DCA3FAC49A5A5859B6C32097EE47B6F63A22CF0CDBDB78B3278E8F865BC8BFE3332D74A3BCF0BB9A7287C95A9ADA432F5A5FFDD69D1AFEEDCDBE7B38A3299F990BD3A7FCE4EB4597404A533A6C79009DFDEE85DD90B45ABE7DDB249A02E2A9EE33 ']' 1032s + output_file=/tmp/sssd-softhsm2-UXiNoj/SSSD-child-25863-auth.output 1032s ++ basename /tmp/sssd-softhsm2-UXiNoj/SSSD-child-25863-auth.output .output 1032s + output_cert_file=/tmp/sssd-softhsm2-UXiNoj/SSSD-child-25863-auth.pem 1032s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-UXiNoj/test-full-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 '' --token_name 'Test Organization Sub Int Token' --module_name /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so 1032s + echo -n 053350 1032s [p11_child[2284]] [main] (0x0400): p11_child started. 1032s [p11_child[2284]] [main] (0x2000): Running in [auth] mode. 1032s [p11_child[2284]] [main] (0x2000): Running with effective IDs: [0][0]. 1032s [p11_child[2284]] [main] (0x2000): Running with real IDs [0][0]. 1032s [p11_child[2284]] [do_card] (0x4000): Module List: 1032s [p11_child[2284]] [do_card] (0x4000): common name: [softhsm2]. 1032s [p11_child[2284]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 1032s [p11_child[2284]] [do_card] (0x4000): Description [SoftHSM slot ID 0x718b938c] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 1032s [p11_child[2284]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 1032s [p11_child[2284]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x718b938c][1904972684] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 1032s [p11_child[2284]] [do_card] (0x4000): Login required. 1032s [p11_child[2284]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 1032s [p11_child[2284]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 1032s [p11_child[2284]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so Test Organization Sub Int Token Test Organization Sub Int Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 1032s [p11_child[2284]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x718b938c;slot-manufacturer=SoftHSM%20project;slot-id=1904972684;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=9119bc75718b938c;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 1032s [p11_child[2284]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 1032s [p11_child[2284]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 1032s [p11_child[2284]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 1032s [p11_child[2284]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 1032s [p11_child[2284]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 1032s [p11_child[2284]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 1032s [p11_child[2284]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 1032s [p11_child[2284]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 1032s [p11_child[2284]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 1032s [p11_child[2284]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 1032s [p11_child[2284]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 1032s [p11_child[2284]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 1032s [p11_child[2284]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 1032s [p11_child[2284]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 1032s [p11_child[2284]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 1032s [p11_child[2284]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 1032s [p11_child[2284]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 1032s [p11_child[2284]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 1032s [p11_child[2284]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 1032s [p11_child[2284]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 1032s [p11_child[2284]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 1032s [p11_child[2284]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 1032s [p11_child[2284]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 1032s [p11_child[2284]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 1032s [p11_child[2284]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 1032s [p11_child[2284]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 1032s [p11_child[2284]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 1032s [p11_child[2284]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 1032s [p11_child[2284]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 1032s [p11_child[2284]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 1032s [p11_child[2284]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 1032s [p11_child[2284]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 1032s [p11_child[2284]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 1032s [p11_child[2284]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 1032s [p11_child[2284]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 1032s [p11_child[2284]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 1032s [p11_child[2284]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 1032s [p11_child[2284]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 1032s [p11_child[2284]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 1032s [p11_child[2284]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 1032s [p11_child[2284]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 1032s [p11_child[2284]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 1032s [p11_child[2284]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 1032s [p11_child[2284]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 1032s [p11_child[2284]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 1032s [p11_child[2284]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 1032s [p11_child[2284]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 1032s [p11_child[2284]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 1032s [p11_child[2284]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 1032s [p11_child[2284]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 1032s [p11_child[2284]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 1032s [p11_child[2284]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 1032s [p11_child[2284]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 1032s [p11_child[2284]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 1032s [p11_child[2284]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 1032s [p11_child[2284]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 1032s [p11_child[2284]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 1032s [p11_child[2284]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 1032s [p11_child[2284]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 1032s [p11_child[2284]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 1032s [p11_child[2284]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 1032s [p11_child[2284]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 1032s [p11_child[2284]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 1032s [p11_child[2284]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 1032s [p11_child[2284]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 1032s [p11_child[2284]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 1032s [p11_child[2284]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 1032s [p11_child[2284]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 1032s [p11_child[2284]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 1032s [p11_child[2284]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 1032s [p11_child[2284]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 1032s [p11_child[2284]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 1032s [p11_child[2284]] [do_card] (0x4000): Certificate verified and validated. 1032s [p11_child[2284]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 1032s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-UXiNoj/SSSD-child-25863-auth.output 1032s + echo '-----BEGIN CERTIFICATE-----' 1032s + tail -n1 /tmp/sssd-softhsm2-UXiNoj/SSSD-child-25863-auth.output 1032s + echo '-----END CERTIFICATE-----' 1032s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-UXiNoj/SSSD-child-25863-auth.pem 1032s Certificate: 1032s Data: 1032s Version: 3 (0x2) 1032s Serial Number: 5 (0x5) 1032s Signature Algorithm: sha256WithRSAEncryption 1032s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 1032s Validity 1032s Not Before: Mar 25 11:11:18 2024 GMT 1032s Not After : Mar 25 11:11:18 2025 GMT 1032s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 1032s Subject Public Key Info: 1032s Public Key Algorithm: rsaEncryption 1032s Public-Key: (1024 bit) 1032s Modulus: 1032s 00:c9:98:cf:6e:59:b3:7f:85:04:ba:39:11:87:71: 1032s d6:b0:25:bd:4c:2d:84:fb:71:ac:71:1e:e1:ca:7b: 1032s 66:f2:dc:a3:fa:c4:9a:5a:58:59:b6:c3:20:97:ee: 1032s 47:b6:f6:3a:22:cf:0c:db:db:78:b3:27:8e:8f:86: 1032s 5b:c8:bf:e3:33:2d:74:a3:bc:f0:bb:9a:72:87:c9: 1032s 5a:9a:da:43:2f:5a:5f:fd:d6:9d:1a:fe:ed:cd:be: 1032s 7b:38:a3:29:9f:99:0b:d3:a7:fc:e4:eb:45:97:40: 1032s 4a:53:3a:6c:79:00:9d:fd:ee:85:dd:90:b4:5a:be: 1032s 7d:db:24:9a:02:e2:a9:ee:33 1032s Exponent: 65537 (0x10001) 1032s X509v3 extensions: 1032s X509v3 Authority Key Identifier: 1032s 08:59:61:49:49:6E:CF:2D:2F:AC:C1:58:1E:07:81:2B:62:F8:FB:F3 1032s X509v3 Basic Constraints: 1032s CA:FALSE 1032s Netscape Cert Type: 1032s SSL Client, S/MIME 1032s Netscape Comment: 1032s Test Organization Sub Intermediate CA trusted Certificate 1032s X509v3 Subject Key Identifier: 1032s D6:56:A3:93:1B:B9:2D:2C:A1:BF:C2:07:6B:DF:39:6C:B6:B9:9F:FC 1032s X509v3 Key Usage: critical 1032s Digital Signature, Non Repudiation, Key Encipherment 1032s X509v3 Extended Key Usage: 1032s TLS Web Client Authentication, E-mail Protection 1032s X509v3 Subject Alternative Name: 1032s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 1032s Signature Algorithm: sha256WithRSAEncryption 1032s Signature Value: 1032s b6:28:7a:1c:c7:a3:f5:24:81:9e:ba:61:0a:10:f0:e8:80:34: 1032s dd:13:cb:52:89:66:45:29:a4:0a:ae:7e:ca:9f:18:45:f8:4f: 1032s e6:21:f7:d0:06:8e:76:11:10:13:9f:6b:7e:29:8e:a5:f3:d3: 1032s 77:4a:07:0e:bd:78:2e:ee:40:05:39:37:36:e3:43:1c:ef:d6: 1032s 91:35:d8:df:94:19:ca:ad:ba:3a:72:53:62:77:5a:69:01:89: 1032s a8:24:fd:d2:c7:29:3d:28:c4:8d:a9:4f:8e:05:30:72:4c:a5: 1032s 86:6a:a0:46:cb:41:df:f1:38:a3:94:90:ba:7a:aa:f1:1e:e4: 1032s 6d:1a 1032s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-UXiNoj/SSSD-child-25863-auth.pem 1032s + found_md5=Modulus=C998CF6E59B37F8504BA39118771D6B025BD4C2D84FB71AC711EE1CA7B66F2DCA3FAC49A5A5859B6C32097EE47B6F63A22CF0CDBDB78B3278E8F865BC8BFE3332D74A3BCF0BB9A7287C95A9ADA432F5A5FFDD69D1AFEEDCDBE7B38A3299F990BD3A7FCE4EB4597404A533A6C79009DFDEE85DD90B45ABE7DDB249A02E2A9EE33 1032s + '[' Modulus=C998CF6E59B37F8504BA39118771D6B025BD4C2D84FB71AC711EE1CA7B66F2DCA3FAC49A5A5859B6C32097EE47B6F63A22CF0CDBDB78B3278E8F865BC8BFE3332D74A3BCF0BB9A7287C95A9ADA432F5A5FFDD69D1AFEEDCDBE7B38A3299F990BD3A7FCE4EB4597404A533A6C79009DFDEE85DD90B45ABE7DDB249A02E2A9EE33 '!=' Modulus=C998CF6E59B37F8504BA39118771D6B025BD4C2D84FB71AC711EE1CA7B66F2DCA3FAC49A5A5859B6C32097EE47B6F63A22CF0CDBDB78B3278E8F865BC8BFE3332D74A3BCF0BB9A7287C95A9ADA432F5A5FFDD69D1AFEEDCDBE7B38A3299F990BD3A7FCE4EB4597404A533A6C79009DFDEE85DD90B45ABE7DDB249A02E2A9EE33 ']' 1032s + valid_certificate /tmp/sssd-softhsm2-UXiNoj/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-26952 /tmp/sssd-softhsm2-UXiNoj/test-full-chain-CA.pem partial_chain 1032s + check_certificate /tmp/sssd-softhsm2-UXiNoj/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-26952 /tmp/sssd-softhsm2-UXiNoj/test-full-chain-CA.pem partial_chain 1032s + local certificate=/tmp/sssd-softhsm2-UXiNoj/test-sub-intermediate-CA-trusted-certificate-0001.pem 1032s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-26952 1032s + local key_ring=/tmp/sssd-softhsm2-UXiNoj/test-full-chain-CA.pem 1032s + local verify_option=partial_chain 1032s + prepare_softhsm2_card /tmp/sssd-softhsm2-UXiNoj/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-26952 1032s + local certificate=/tmp/sssd-softhsm2-UXiNoj/test-sub-intermediate-CA-trusted-certificate-0001.pem 1032s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-26952 1032s + local key_cn 1032s + local key_name 1032s + local tokens_dir 1032s + local output_cert_file 1032s + token_name= 1032s ++ basename /tmp/sssd-softhsm2-UXiNoj/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 1032s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 1032s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-UXiNoj/test-sub-intermediate-CA-trusted-certificate-0001.pem 1032s ++ sed -n 's/ *commonName *= //p' 1032s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 1032s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 1032s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-UXiNoj/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 1032s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-UXiNoj/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 1032s ++ basename /tmp/sssd-softhsm2-UXiNoj/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 1032s Test Organization Sub Int Token 1032s + tokens_dir=/tmp/sssd-softhsm2-UXiNoj/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 1032s + token_name='Test Organization Sub Int Token' 1032s + '[' '!' -e /tmp/sssd-softhsm2-UXiNoj/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 1032s + '[' '!' -d /tmp/sssd-softhsm2-UXiNoj/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 1032s + echo 'Test Organization Sub Int Token' 1032s + '[' -n partial_chain ']' 1032s + local verify_arg=--verify=partial_chain 1032s + local output_base_name=SSSD-child-28370 1032s + local output_file=/tmp/sssd-softhsm2-UXiNoj/SSSD-child-28370.output 1032s + output_cert_file=/tmp/sssd-softhsm2-UXiNoj/SSSD-child-28370.pem 1032s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-UXiNoj/test-full-chain-CA.pem 1032s [p11_child[2294]] [main] (0x0400): p11_child started. 1032s [p11_child[2294]] [main] (0x2000): Running in [pre-auth] mode. 1032s [p11_child[2294]] [main] (0x2000): Running with effective IDs: [0][0]. 1032s [p11_child[2294]] [main] (0x2000): Running with real IDs [0][0]. 1032s [p11_child[2294]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 1032s [p11_child[2294]] [do_card] (0x4000): Module List: 1032s [p11_child[2294]] [do_card] (0x4000): common name: [softhsm2]. 1032s [p11_child[2294]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 1032s [p11_child[2294]] [do_card] (0x4000): Description [SoftHSM slot ID 0x718b938c] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 1032s [p11_child[2294]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 1032s [p11_child[2294]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x718b938c][1904972684] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 1032s [p11_child[2294]] [do_card] (0x4000): Login NOT required. 1032s [p11_child[2294]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 1032s [p11_child[2294]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 1032s [p11_child[2294]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Sub Int Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 1032s [p11_child[2294]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x718b938c;slot-manufacturer=SoftHSM%20project;slot-id=1904972684;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=9119bc75718b938c;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 1032s [p11_child[2294]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 1032s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-UXiNoj/SSSD-child-28370.output 1032s + echo '-----BEGIN CERTIFICATE-----' 1032s + tail -n1 /tmp/sssd-softhsm2-UXiNoj/SSSD-child-28370.output 1032s + echo '-----END CERTIFICATE-----' 1032s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-UXiNoj/SSSD-child-28370.pem 1032s Certificate: 1032s Data: 1032s Version: 3 (0x2) 1032s Serial Number: 5 (0x5) 1032s Signature Algorithm: sha256WithRSAEncryption 1032s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 1032s Validity 1032s Not Before: Mar 25 11:11:18 2024 GMT 1032s Not After : Mar 25 11:11:18 2025 GMT 1032s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 1032s Subject Public Key Info: 1032s Public Key Algorithm: rsaEncryption 1032s Public-Key: (1024 bit) 1032s Modulus: 1032s 00:c9:98:cf:6e:59:b3:7f:85:04:ba:39:11:87:71: 1032s d6:b0:25:bd:4c:2d:84:fb:71:ac:71:1e:e1:ca:7b: 1032s 66:f2:dc:a3:fa:c4:9a:5a:58:59:b6:c3:20:97:ee: 1032s 47:b6:f6:3a:22:cf:0c:db:db:78:b3:27:8e:8f:86: 1032s 5b:c8:bf:e3:33:2d:74:a3:bc:f0:bb:9a:72:87:c9: 1032s 5a:9a:da:43:2f:5a:5f:fd:d6:9d:1a:fe:ed:cd:be: 1032s 7b:38:a3:29:9f:99:0b:d3:a7:fc:e4:eb:45:97:40: 1032s 4a:53:3a:6c:79:00:9d:fd:ee:85:dd:90:b4:5a:be: 1032s 7d:db:24:9a:02:e2:a9:ee:33 1032s Exponent: 65537 (0x10001) 1032s X509v3 extensions: 1032s X509v3 Authority Key Identifier: 1032s 08:59:61:49:49:6E:CF:2D:2F:AC:C1:58:1E:07:81:2B:62:F8:FB:F3 1032s X509v3 Basic Constraints: 1032s CA:FALSE 1032s Netscape Cert Type: 1032s SSL Client, S/MIME 1032s Netscape Comment: 1032s Test Organization Sub Intermediate CA trusted Certificate 1032s X509v3 Subject Key Identifier: 1032s D6:56:A3:93:1B:B9:2D:2C:A1:BF:C2:07:6B:DF:39:6C:B6:B9:9F:FC 1032s X509v3 Key Usage: critical 1032s Digital Signature, Non Repudiation, Key Encipherment 1032s X509v3 Extended Key Usage: 1032s TLS Web Client Authentication, E-mail Protection 1032s X509v3 Subject Alternative Name: 1032s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 1032s Signature Algorithm: sha256WithRSAEncryption 1032s Signature Value: 1032s b6:28:7a:1c:c7:a3:f5:24:81:9e:ba:61:0a:10:f0:e8:80:34: 1032s dd:13:cb:52:89:66:45:29:a4:0a:ae:7e:ca:9f:18:45:f8:4f: 1032s e6:21:f7:d0:06:8e:76:11:10:13:9f:6b:7e:29:8e:a5:f3:d3: 1032s 77:4a:07:0e:bd:78:2e:ee:40:05:39:37:36:e3:43:1c:ef:d6: 1032s 91:35:d8:df:94:19:ca:ad:ba:3a:72:53:62:77:5a:69:01:89: 1032s a8:24:fd:d2:c7:29:3d:28:c4:8d:a9:4f:8e:05:30:72:4c:a5: 1032s 86:6a:a0:46:cb:41:df:f1:38:a3:94:90:ba:7a:aa:f1:1e:e4: 1032s 6d:1a 1032s + local found_md5 expected_md5 1032s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-UXiNoj/test-sub-intermediate-CA-trusted-certificate-0001.pem 1032s + expected_md5=Modulus=C998CF6E59B37F8504BA39118771D6B025BD4C2D84FB71AC711EE1CA7B66F2DCA3FAC49A5A5859B6C32097EE47B6F63A22CF0CDBDB78B3278E8F865BC8BFE3332D74A3BCF0BB9A7287C95A9ADA432F5A5FFDD69D1AFEEDCDBE7B38A3299F990BD3A7FCE4EB4597404A533A6C79009DFDEE85DD90B45ABE7DDB249A02E2A9EE33 1032s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-UXiNoj/SSSD-child-28370.pem 1032s + found_md5=Modulus=C998CF6E59B37F8504BA39118771D6B025BD4C2D84FB71AC711EE1CA7B66F2DCA3FAC49A5A5859B6C32097EE47B6F63A22CF0CDBDB78B3278E8F865BC8BFE3332D74A3BCF0BB9A7287C95A9ADA432F5A5FFDD69D1AFEEDCDBE7B38A3299F990BD3A7FCE4EB4597404A533A6C79009DFDEE85DD90B45ABE7DDB249A02E2A9EE33 1032s + '[' Modulus=C998CF6E59B37F8504BA39118771D6B025BD4C2D84FB71AC711EE1CA7B66F2DCA3FAC49A5A5859B6C32097EE47B6F63A22CF0CDBDB78B3278E8F865BC8BFE3332D74A3BCF0BB9A7287C95A9ADA432F5A5FFDD69D1AFEEDCDBE7B38A3299F990BD3A7FCE4EB4597404A533A6C79009DFDEE85DD90B45ABE7DDB249A02E2A9EE33 '!=' Modulus=C998CF6E59B37F8504BA39118771D6B025BD4C2D84FB71AC711EE1CA7B66F2DCA3FAC49A5A5859B6C32097EE47B6F63A22CF0CDBDB78B3278E8F865BC8BFE3332D74A3BCF0BB9A7287C95A9ADA432F5A5FFDD69D1AFEEDCDBE7B38A3299F990BD3A7FCE4EB4597404A533A6C79009DFDEE85DD90B45ABE7DDB249A02E2A9EE33 ']' 1032s + output_file=/tmp/sssd-softhsm2-UXiNoj/SSSD-child-28370-auth.output 1032s ++ basename /tmp/sssd-softhsm2-UXiNoj/SSSD-child-28370-auth.output .output 1032s + output_cert_file=/tmp/sssd-softhsm2-UXiNoj/SSSD-child-28370-auth.pem 1032s + echo -n 053350 1032s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-UXiNoj/test-full-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Sub Int Token' --module_name /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so 1032s [p11_child[2302]] [main] (0x0400): p11_child started. 1032s [p11_child[2302]] [main] (0x2000): Running in [auth] mode. 1032s [p11_child[2302]] [main] (0x2000): Running with effective IDs: [0][0]. 1032s [p11_child[2302]] [main] (0x2000): Running with real IDs [0][0]. 1032s [p11_child[2302]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 1033s [p11_child[2302]] [do_card] (0x4000): Module List: 1033s [p11_child[2302]] [do_card] (0x4000): common name: [softhsm2]. 1033s [p11_child[2302]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 1033s [p11_child[2302]] [do_card] (0x4000): Description [SoftHSM slot ID 0x718b938c] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 1033s [p11_child[2302]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 1033s [p11_child[2302]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x718b938c][1904972684] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 1033s [p11_child[2302]] [do_card] (0x4000): Login required. 1033s [p11_child[2302]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 1033s [p11_child[2302]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 1033s [p11_child[2302]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so Test Organization Sub Int Token Test Organization Sub Int Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 1033s [p11_child[2302]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x718b938c;slot-manufacturer=SoftHSM%20project;slot-id=1904972684;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=9119bc75718b938c;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 1033s [p11_child[2302]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 1033s [p11_child[2302]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 1033s [p11_child[2302]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 1033s [p11_child[2302]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 1033s [p11_child[2302]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 1033s [p11_child[2302]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 1033s [p11_child[2302]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 1033s [p11_child[2302]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 1033s [p11_child[2302]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 1033s [p11_child[2302]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 1033s [p11_child[2302]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 1033s [p11_child[2302]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 1033s [p11_child[2302]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 1033s [p11_child[2302]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 1033s [p11_child[2302]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 1033s [p11_child[2302]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 1033s [p11_child[2302]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 1033s [p11_child[2302]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 1033s [p11_child[2302]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 1033s [p11_child[2302]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 1033s [p11_child[2302]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 1033s [p11_child[2302]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 1033s [p11_child[2302]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 1033s [p11_child[2302]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 1033s [p11_child[2302]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 1033s [p11_child[2302]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 1033s [p11_child[2302]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 1033s [p11_child[2302]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 1033s [p11_child[2302]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 1033s [p11_child[2302]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 1033s [p11_child[2302]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 1033s [p11_child[2302]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 1033s [p11_child[2302]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 1033s [p11_child[2302]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 1033s [p11_child[2302]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 1033s [p11_child[2302]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 1033s [p11_child[2302]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 1033s [p11_child[2302]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 1033s [p11_child[2302]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 1033s [p11_child[2302]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 1033s [p11_child[2302]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 1033s [p11_child[2302]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 1033s [p11_child[2302]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 1033s [p11_child[2302]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 1033s [p11_child[2302]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 1033s [p11_child[2302]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 1033s [p11_child[2302]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 1033s [p11_child[2302]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 1033s [p11_child[2302]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 1033s [p11_child[2302]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 1033s [p11_child[2302]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 1033s [p11_child[2302]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 1033s [p11_child[2302]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 1033s [p11_child[2302]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 1033s [p11_child[2302]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 1033s [p11_child[2302]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 1033s [p11_child[2302]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 1033s [p11_child[2302]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 1033s [p11_child[2302]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 1033s [p11_child[2302]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 1033s [p11_child[2302]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 1033s [p11_child[2302]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 1033s [p11_child[2302]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 1033s [p11_child[2302]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 1033s [p11_child[2302]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 1033s [p11_child[2302]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 1033s [p11_child[2302]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 1033s [p11_child[2302]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 1033s [p11_child[2302]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 1033s [p11_child[2302]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 1033s [p11_child[2302]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 1033s [p11_child[2302]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 1033s [p11_child[2302]] [do_card] (0x4000): Certificate verified and validated. 1033s [p11_child[2302]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 1033s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-UXiNoj/SSSD-child-28370-auth.output 1033s + echo '-----BEGIN CERTIFICATE-----' 1033s + tail -n1 /tmp/sssd-softhsm2-UXiNoj/SSSD-child-28370-auth.output 1033s + echo '-----END CERTIFICATE-----' 1033s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-UXiNoj/SSSD-child-28370-auth.pem 1033s Certificate: 1033s Data: 1033s Version: 3 (0x2) 1033s Serial Number: 5 (0x5) 1033s Signature Algorithm: sha256WithRSAEncryption 1033s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 1033s Validity 1033s Not Before: Mar 25 11:11:18 2024 GMT 1033s Not After : Mar 25 11:11:18 2025 GMT 1033s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 1033s Subject Public Key Info: 1033s Public Key Algorithm: rsaEncryption 1033s Public-Key: (1024 bit) 1033s Modulus: 1033s 00:c9:98:cf:6e:59:b3:7f:85:04:ba:39:11:87:71: 1033s d6:b0:25:bd:4c:2d:84:fb:71:ac:71:1e:e1:ca:7b: 1033s 66:f2:dc:a3:fa:c4:9a:5a:58:59:b6:c3:20:97:ee: 1033s 47:b6:f6:3a:22:cf:0c:db:db:78:b3:27:8e:8f:86: 1033s 5b:c8:bf:e3:33:2d:74:a3:bc:f0:bb:9a:72:87:c9: 1033s 5a:9a:da:43:2f:5a:5f:fd:d6:9d:1a:fe:ed:cd:be: 1033s 7b:38:a3:29:9f:99:0b:d3:a7:fc:e4:eb:45:97:40: 1033s 4a:53:3a:6c:79:00:9d:fd:ee:85:dd:90:b4:5a:be: 1033s 7d:db:24:9a:02:e2:a9:ee:33 1033s Exponent: 65537 (0x10001) 1033s X509v3 extensions: 1033s X509v3 Authority Key Identifier: 1033s 08:59:61:49:49:6E:CF:2D:2F:AC:C1:58:1E:07:81:2B:62:F8:FB:F3 1033s X509v3 Basic Constraints: 1033s CA:FALSE 1033s Netscape Cert Type: 1033s SSL Client, S/MIME 1033s Netscape Comment: 1033s Test Organization Sub Intermediate CA trusted Certificate 1033s X509v3 Subject Key Identifier: 1033s D6:56:A3:93:1B:B9:2D:2C:A1:BF:C2:07:6B:DF:39:6C:B6:B9:9F:FC 1033s X509v3 Key Usage: critical 1033s Digital Signature, Non Repudiation, Key Encipherment 1033s X509v3 Extended Key Usage: 1033s TLS Web Client Authentication, E-mail Protection 1033s X509v3 Subject Alternative Name: 1033s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 1033s Signature Algorithm: sha256WithRSAEncryption 1033s Signature Value: 1033s b6:28:7a:1c:c7:a3:f5:24:81:9e:ba:61:0a:10:f0:e8:80:34: 1033s dd:13:cb:52:89:66:45:29:a4:0a:ae:7e:ca:9f:18:45:f8:4f: 1033s e6:21:f7:d0:06:8e:76:11:10:13:9f:6b:7e:29:8e:a5:f3:d3: 1033s 77:4a:07:0e:bd:78:2e:ee:40:05:39:37:36:e3:43:1c:ef:d6: 1033s 91:35:d8:df:94:19:ca:ad:ba:3a:72:53:62:77:5a:69:01:89: 1033s a8:24:fd:d2:c7:29:3d:28:c4:8d:a9:4f:8e:05:30:72:4c:a5: 1033s 86:6a:a0:46:cb:41:df:f1:38:a3:94:90:ba:7a:aa:f1:1e:e4: 1033s 6d:1a 1033s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-UXiNoj/SSSD-child-28370-auth.pem 1033s + found_md5=Modulus=C998CF6E59B37F8504BA39118771D6B025BD4C2D84FB71AC711EE1CA7B66F2DCA3FAC49A5A5859B6C32097EE47B6F63A22CF0CDBDB78B3278E8F865BC8BFE3332D74A3BCF0BB9A7287C95A9ADA432F5A5FFDD69D1AFEEDCDBE7B38A3299F990BD3A7FCE4EB4597404A533A6C79009DFDEE85DD90B45ABE7DDB249A02E2A9EE33 1033s + '[' Modulus=C998CF6E59B37F8504BA39118771D6B025BD4C2D84FB71AC711EE1CA7B66F2DCA3FAC49A5A5859B6C32097EE47B6F63A22CF0CDBDB78B3278E8F865BC8BFE3332D74A3BCF0BB9A7287C95A9ADA432F5A5FFDD69D1AFEEDCDBE7B38A3299F990BD3A7FCE4EB4597404A533A6C79009DFDEE85DD90B45ABE7DDB249A02E2A9EE33 '!=' Modulus=C998CF6E59B37F8504BA39118771D6B025BD4C2D84FB71AC711EE1CA7B66F2DCA3FAC49A5A5859B6C32097EE47B6F63A22CF0CDBDB78B3278E8F865BC8BFE3332D74A3BCF0BB9A7287C95A9ADA432F5A5FFDD69D1AFEEDCDBE7B38A3299F990BD3A7FCE4EB4597404A533A6C79009DFDEE85DD90B45ABE7DDB249A02E2A9EE33 ']' 1033s + invalid_certificate /tmp/sssd-softhsm2-UXiNoj/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-26952 /tmp/sssd-softhsm2-UXiNoj/test-sub-intermediate-CA.pem 1033s + check_certificate /tmp/sssd-softhsm2-UXiNoj/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-26952 /tmp/sssd-softhsm2-UXiNoj/test-sub-intermediate-CA.pem 1033s + local certificate=/tmp/sssd-softhsm2-UXiNoj/test-sub-intermediate-CA-trusted-certificate-0001.pem 1033s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-26952 1033s + local key_ring=/tmp/sssd-softhsm2-UXiNoj/test-sub-intermediate-CA.pem 1033s + local verify_option= 1033s + prepare_softhsm2_card /tmp/sssd-softhsm2-UXiNoj/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-26952 1033s + local certificate=/tmp/sssd-softhsm2-UXiNoj/test-sub-intermediate-CA-trusted-certificate-0001.pem 1033s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-26952 1033s + local key_cn 1033s + local key_name 1033s + local tokens_dir 1033s + local output_cert_file 1033s + token_name= 1033s ++ basename /tmp/sssd-softhsm2-UXiNoj/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 1033s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 1033s ++ sed -n 's/ *commonName *= //p' 1033s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-UXiNoj/test-sub-intermediate-CA-trusted-certificate-0001.pem 1033s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 1033s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 1033s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-UXiNoj/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 1033s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-UXiNoj/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 1033s ++ basename /tmp/sssd-softhsm2-UXiNoj/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 1033s + tokens_dir=/tmp/sssd-softhsm2-UXiNoj/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 1033s + token_name='Test Organization Sub Int Token' 1033s + '[' '!' -e /tmp/sssd-softhsm2-UXiNoj/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 1033s + '[' '!' -d /tmp/sssd-softhsm2-UXiNoj/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 1033s + echo 'Test Organization Sub Int Token' 1033s + '[' -n '' ']' 1033s + local output_base_name=SSSD-child-1751 1033s + local output_file=/tmp/sssd-softhsm2-UXiNoj/SSSD-child-1751.output 1033s + output_cert_file=/tmp/sssd-softhsm2-UXiNoj/SSSD-child-1751.pem 1033s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-UXiNoj/test-sub-intermediate-CA.pem 1033s Test Organization Sub Int Token 1033s [p11_child[2312]] [main] (0x0400): p11_child started. 1033s [p11_child[2312]] [main] (0x2000): Running in [pre-auth] mode. 1033s [p11_child[2312]] [main] (0x2000): Running with effective IDs: [0][0]. 1033s [p11_child[2312]] [main] (0x2000): Running with real IDs [0][0]. 1033s [p11_child[2312]] [do_card] (0x4000): Module List: 1033s [p11_child[2312]] [do_card] (0x4000): common name: [softhsm2]. 1033s [p11_child[2312]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 1033s [p11_child[2312]] [do_card] (0x4000): Description [SoftHSM slot ID 0x718b938c] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 1033s [p11_child[2312]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 1033s [p11_child[2312]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x718b938c][1904972684] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 1033s [p11_child[2312]] [do_card] (0x4000): Login NOT required. 1033s [p11_child[2312]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 1033s [p11_child[2312]] [do_verification] (0x0040): X509_verify_cert failed [0]. 1033s [p11_child[2312]] [do_verification] (0x0040): X509_verify_cert failed [2][unable to get issuer certificate]. 1033s [p11_child[2312]] [read_certs] (0x0040): Certificate [Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] not valid, skipping. 1033s [p11_child[2312]] [do_card] (0x4000): No certificate found. 1033s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-UXiNoj/SSSD-child-1751.output 1033s + return 2 1033s + invalid_certificate /tmp/sssd-softhsm2-UXiNoj/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-26952 /tmp/sssd-softhsm2-UXiNoj/test-root-intermediate-chain-CA.pem partial_chain 1033s + check_certificate /tmp/sssd-softhsm2-UXiNoj/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-26952 /tmp/sssd-softhsm2-UXiNoj/test-root-intermediate-chain-CA.pem partial_chain 1033s + local certificate=/tmp/sssd-softhsm2-UXiNoj/test-sub-intermediate-CA-trusted-certificate-0001.pem 1033s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-26952 1033s + local key_ring=/tmp/sssd-softhsm2-UXiNoj/test-root-intermediate-chain-CA.pem 1033s + local verify_option=partial_chain 1033s + prepare_softhsm2_card /tmp/sssd-softhsm2-UXiNoj/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-26952 1033s + local certificate=/tmp/sssd-softhsm2-UXiNoj/test-sub-intermediate-CA-trusted-certificate-0001.pem 1033s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-26952 1033s + local key_cn 1033s + local key_name 1033s + local tokens_dir 1033s + local output_cert_file 1033s + token_name= 1033s ++ basename /tmp/sssd-softhsm2-UXiNoj/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 1033s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 1033s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-UXiNoj/test-sub-intermediate-CA-trusted-certificate-0001.pem 1033s ++ sed -n 's/ *commonName *= //p' 1033s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 1033s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 1033s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-UXiNoj/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 1033s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-UXiNoj/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 1033s ++ basename /tmp/sssd-softhsm2-UXiNoj/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 1033s + tokens_dir=/tmp/sssd-softhsm2-UXiNoj/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 1033s + token_name='Test Organization Sub Int Token' 1033s + '[' '!' -e /tmp/sssd-softhsm2-UXiNoj/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 1033s + '[' '!' -d /tmp/sssd-softhsm2-UXiNoj/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 1033s + echo 'Test Organization Sub Int Token' 1033s Test Organization Sub Int Token 1033s + '[' -n partial_chain ']' 1033s + local verify_arg=--verify=partial_chain 1033s + local output_base_name=SSSD-child-8519 1033s + local output_file=/tmp/sssd-softhsm2-UXiNoj/SSSD-child-8519.output 1033s + output_cert_file=/tmp/sssd-softhsm2-UXiNoj/SSSD-child-8519.pem 1033s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-UXiNoj/test-root-intermediate-chain-CA.pem 1033s [p11_child[2319]] [main] (0x0400): p11_child started. 1033s [p11_child[2319]] [main] (0x2000): Running in [pre-auth] mode. 1033s [p11_child[2319]] [main] (0x2000): Running with effective IDs: [0][0]. 1033s [p11_child[2319]] [main] (0x2000): Running with real IDs [0][0]. 1033s [p11_child[2319]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 1033s [p11_child[2319]] [do_card] (0x4000): Module List: 1033s [p11_child[2319]] [do_card] (0x4000): common name: [softhsm2]. 1033s [p11_child[2319]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 1033s [p11_child[2319]] [do_card] (0x4000): Description [SoftHSM slot ID 0x718b938c] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 1033s [p11_child[2319]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 1033s [p11_child[2319]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x718b938c][1904972684] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 1033s [p11_child[2319]] [do_card] (0x4000): Login NOT required. 1033s [p11_child[2319]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 1033s [p11_child[2319]] [do_verification] (0x0040): X509_verify_cert failed [0]. 1033s [p11_child[2319]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 1033s [p11_child[2319]] [read_certs] (0x0040): Certificate [Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] not valid, skipping. 1033s [p11_child[2319]] [do_card] (0x4000): No certificate found. 1033s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-UXiNoj/SSSD-child-8519.output 1033s + return 2 1033s + valid_certificate /tmp/sssd-softhsm2-UXiNoj/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-26952 /tmp/sssd-softhsm2-UXiNoj/test-sub-intermediate-CA.pem partial_chain 1033s + check_certificate /tmp/sssd-softhsm2-UXiNoj/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-26952 /tmp/sssd-softhsm2-UXiNoj/test-sub-intermediate-CA.pem partial_chain 1033s + local certificate=/tmp/sssd-softhsm2-UXiNoj/test-sub-intermediate-CA-trusted-certificate-0001.pem 1033s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-26952 1033s + local key_ring=/tmp/sssd-softhsm2-UXiNoj/test-sub-intermediate-CA.pem 1033s + local verify_option=partial_chain 1033s + prepare_softhsm2_card /tmp/sssd-softhsm2-UXiNoj/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-26952 1033s + local certificate=/tmp/sssd-softhsm2-UXiNoj/test-sub-intermediate-CA-trusted-certificate-0001.pem 1033s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-26952 1033s + local key_cn 1033s + local key_name 1033s + local tokens_dir 1033s + local output_cert_file 1033s + token_name= 1033s ++ basename /tmp/sssd-softhsm2-UXiNoj/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 1033s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 1033s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-UXiNoj/test-sub-intermediate-CA-trusted-certificate-0001.pem 1033s ++ sed -n 's/ *commonName *= //p' 1033s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 1033s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 1033s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-UXiNoj/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 1033s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-UXiNoj/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 1033s ++ basename /tmp/sssd-softhsm2-UXiNoj/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 1033s + tokens_dir=/tmp/sssd-softhsm2-UXiNoj/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 1033s + token_name='Test Organization Sub Int Token' 1033s + '[' '!' -e /tmp/sssd-softhsm2-UXiNoj/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 1033s + '[' '!' -d /tmp/sssd-softhsm2-UXiNoj/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 1033s + echo 'Test Organization Sub Int Token' 1033s + '[' -n partial_chain ']' 1033s + local verify_arg=--verify=partial_chain 1033s + local output_base_name=SSSD-child-25623 1033s + local output_file=/tmp/sssd-softhsm2-UXiNoj/SSSD-child-25623.output 1033s + output_cert_file=/tmp/sssd-softhsm2-UXiNoj/SSSD-child-25623.pem 1033s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-UXiNoj/test-sub-intermediate-CA.pem 1033s Test Organization Sub Int Token 1033s [p11_child[2326]] [main] (0x0400): p11_child started. 1033s [p11_child[2326]] [main] (0x2000): Running in [pre-auth] mode. 1033s [p11_child[2326]] [main] (0x2000): Running with effective IDs: [0][0]. 1033s [p11_child[2326]] [main] (0x2000): Running with real IDs [0][0]. 1033s [p11_child[2326]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 1033s [p11_child[2326]] [do_card] (0x4000): Module List: 1033s [p11_child[2326]] [do_card] (0x4000): common name: [softhsm2]. 1033s [p11_child[2326]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 1033s [p11_child[2326]] [do_card] (0x4000): Description [SoftHSM slot ID 0x718b938c] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 1033s [p11_child[2326]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 1033s [p11_child[2326]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x718b938c][1904972684] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 1033s [p11_child[2326]] [do_card] (0x4000): Login NOT required. 1033s [p11_child[2326]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 1033s [p11_child[2326]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 1033s [p11_child[2326]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Sub Int Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 1033s [p11_child[2326]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x718b938c;slot-manufacturer=SoftHSM%20project;slot-id=1904972684;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=9119bc75718b938c;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 1033s [p11_child[2326]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 1033s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-UXiNoj/SSSD-child-25623.output 1033s + echo '-----BEGIN CERTIFICATE-----' 1033s + tail -n1 /tmp/sssd-softhsm2-UXiNoj/SSSD-child-25623.output 1033s + echo '-----END CERTIFICATE-----' 1033s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-UXiNoj/SSSD-child-25623.pem 1034s + local found_md5 expected_md5 1034s Certificate: 1034s Data: 1034s Version: 3 (0x2) 1034s Serial Number: 5 (0x5) 1034s Signature Algorithm: sha256WithRSAEncryption 1034s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 1034s Validity 1034s Not Before: Mar 25 11:11:18 2024 GMT 1034s Not After : Mar 25 11:11:18 2025 GMT 1034s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 1034s Subject Public Key Info: 1034s Public Key Algorithm: rsaEncryption 1034s Public-Key: (1024 bit) 1034s Modulus: 1034s 00:c9:98:cf:6e:59:b3:7f:85:04:ba:39:11:87:71: 1034s d6:b0:25:bd:4c:2d:84:fb:71:ac:71:1e:e1:ca:7b: 1034s 66:f2:dc:a3:fa:c4:9a:5a:58:59:b6:c3:20:97:ee: 1034s 47:b6:f6:3a:22:cf:0c:db:db:78:b3:27:8e:8f:86: 1034s 5b:c8:bf:e3:33:2d:74:a3:bc:f0:bb:9a:72:87:c9: 1034s 5a:9a:da:43:2f:5a:5f:fd:d6:9d:1a:fe:ed:cd:be: 1034s 7b:38:a3:29:9f:99:0b:d3:a7:fc:e4:eb:45:97:40: 1034s 4a:53:3a:6c:79:00:9d:fd:ee:85:dd:90:b4:5a:be: 1034s 7d:db:24:9a:02:e2:a9:ee:33 1034s Exponent: 65537 (0x10001) 1034s X509v3 extensions: 1034s X509v3 Authority Key Identifier: 1034s 08:59:61:49:49:6E:CF:2D:2F:AC:C1:58:1E:07:81:2B:62:F8:FB:F3 1034s X509v3 Basic Constraints: 1034s CA:FALSE 1034s Netscape Cert Type: 1034s SSL Client, S/MIME 1034s Netscape Comment: 1034s Test Organization Sub Intermediate CA trusted Certificate 1034s X509v3 Subject Key Identifier: 1034s D6:56:A3:93:1B:B9:2D:2C:A1:BF:C2:07:6B:DF:39:6C:B6:B9:9F:FC 1034s X509v3 Key Usage: critical 1034s Digital Signature, Non Repudiation, Key Encipherment 1034s X509v3 Extended Key Usage: 1034s TLS Web Client Authentication, E-mail Protection 1034s X509v3 Subject Alternative Name: 1034s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 1034s Signature Algorithm: sha256WithRSAEncryption 1034s Signature Value: 1034s b6:28:7a:1c:c7:a3:f5:24:81:9e:ba:61:0a:10:f0:e8:80:34: 1034s dd:13:cb:52:89:66:45:29:a4:0a:ae:7e:ca:9f:18:45:f8:4f: 1034s e6:21:f7:d0:06:8e:76:11:10:13:9f:6b:7e:29:8e:a5:f3:d3: 1034s 77:4a:07:0e:bd:78:2e:ee:40:05:39:37:36:e3:43:1c:ef:d6: 1034s 91:35:d8:df:94:19:ca:ad:ba:3a:72:53:62:77:5a:69:01:89: 1034s a8:24:fd:d2:c7:29:3d:28:c4:8d:a9:4f:8e:05:30:72:4c:a5: 1034s 86:6a:a0:46:cb:41:df:f1:38:a3:94:90:ba:7a:aa:f1:1e:e4: 1034s 6d:1a 1034s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-UXiNoj/test-sub-intermediate-CA-trusted-certificate-0001.pem 1034s + expected_md5=Modulus=C998CF6E59B37F8504BA39118771D6B025BD4C2D84FB71AC711EE1CA7B66F2DCA3FAC49A5A5859B6C32097EE47B6F63A22CF0CDBDB78B3278E8F865BC8BFE3332D74A3BCF0BB9A7287C95A9ADA432F5A5FFDD69D1AFEEDCDBE7B38A3299F990BD3A7FCE4EB4597404A533A6C79009DFDEE85DD90B45ABE7DDB249A02E2A9EE33 1034s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-UXiNoj/SSSD-child-25623.pem 1034s + found_md5=Modulus=C998CF6E59B37F8504BA39118771D6B025BD4C2D84FB71AC711EE1CA7B66F2DCA3FAC49A5A5859B6C32097EE47B6F63A22CF0CDBDB78B3278E8F865BC8BFE3332D74A3BCF0BB9A7287C95A9ADA432F5A5FFDD69D1AFEEDCDBE7B38A3299F990BD3A7FCE4EB4597404A533A6C79009DFDEE85DD90B45ABE7DDB249A02E2A9EE33 1034s + '[' Modulus=C998CF6E59B37F8504BA39118771D6B025BD4C2D84FB71AC711EE1CA7B66F2DCA3FAC49A5A5859B6C32097EE47B6F63A22CF0CDBDB78B3278E8F865BC8BFE3332D74A3BCF0BB9A7287C95A9ADA432F5A5FFDD69D1AFEEDCDBE7B38A3299F990BD3A7FCE4EB4597404A533A6C79009DFDEE85DD90B45ABE7DDB249A02E2A9EE33 '!=' Modulus=C998CF6E59B37F8504BA39118771D6B025BD4C2D84FB71AC711EE1CA7B66F2DCA3FAC49A5A5859B6C32097EE47B6F63A22CF0CDBDB78B3278E8F865BC8BFE3332D74A3BCF0BB9A7287C95A9ADA432F5A5FFDD69D1AFEEDCDBE7B38A3299F990BD3A7FCE4EB4597404A533A6C79009DFDEE85DD90B45ABE7DDB249A02E2A9EE33 ']' 1034s + output_file=/tmp/sssd-softhsm2-UXiNoj/SSSD-child-25623-auth.output 1034s ++ basename /tmp/sssd-softhsm2-UXiNoj/SSSD-child-25623-auth.output .output 1034s + output_cert_file=/tmp/sssd-softhsm2-UXiNoj/SSSD-child-25623-auth.pem 1034s + echo -n 053350 1034s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-UXiNoj/test-sub-intermediate-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Sub Int Token' --module_name /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so 1034s [p11_child[2334]] [main] (0x0400): p11_child started. 1034s [p11_child[2334]] [main] (0x2000): Running in [auth] mode. 1034s [p11_child[2334]] [main] (0x2000): Running with effective IDs: [0][0]. 1034s [p11_child[2334]] [main] (0x2000): Running with real IDs [0][0]. 1034s [p11_child[2334]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 1034s [p11_child[2334]] [do_card] (0x4000): Module List: 1034s [p11_child[2334]] [do_card] (0x4000): common name: [softhsm2]. 1034s [p11_child[2334]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 1034s [p11_child[2334]] [do_card] (0x4000): Description [SoftHSM slot ID 0x718b938c] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 1034s [p11_child[2334]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 1034s [p11_child[2334]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x718b938c][1904972684] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 1034s [p11_child[2334]] [do_card] (0x4000): Login required. 1034s [p11_child[2334]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 1034s [p11_child[2334]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 1034s [p11_child[2334]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so Test Organization Sub Int Token Test Organization Sub Int Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 1034s [p11_child[2334]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x718b938c;slot-manufacturer=SoftHSM%20project;slot-id=1904972684;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=9119bc75718b938c;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 1034s [p11_child[2334]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 1034s [p11_child[2334]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 1034s [p11_child[2334]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 1034s [p11_child[2334]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 1034s [p11_child[2334]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 1034s [p11_child[2334]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 1034s [p11_child[2334]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 1034s [p11_child[2334]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 1034s [p11_child[2334]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 1034s [p11_child[2334]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 1034s [p11_child[2334]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 1034s [p11_child[2334]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 1034s [p11_child[2334]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 1034s [p11_child[2334]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 1034s [p11_child[2334]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 1034s [p11_child[2334]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 1034s [p11_child[2334]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 1034s [p11_child[2334]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 1034s [p11_child[2334]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 1034s [p11_child[2334]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 1034s [p11_child[2334]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 1034s [p11_child[2334]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 1034s [p11_child[2334]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 1034s [p11_child[2334]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 1034s [p11_child[2334]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 1034s [p11_child[2334]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 1034s [p11_child[2334]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 1034s [p11_child[2334]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 1034s [p11_child[2334]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 1034s [p11_child[2334]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 1034s [p11_child[2334]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 1034s [p11_child[2334]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 1034s [p11_child[2334]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 1034s [p11_child[2334]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 1034s [p11_child[2334]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 1034s [p11_child[2334]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 1034s [p11_child[2334]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 1034s [p11_child[2334]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 1034s [p11_child[2334]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 1034s [p11_child[2334]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 1034s [p11_child[2334]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 1034s [p11_child[2334]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 1034s [p11_child[2334]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 1034s [p11_child[2334]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 1034s [p11_child[2334]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 1034s [p11_child[2334]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 1034s [p11_child[2334]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 1034s [p11_child[2334]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 1034s [p11_child[2334]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 1034s [p11_child[2334]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 1034s [p11_child[2334]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 1034s [p11_child[2334]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 1034s [p11_child[2334]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 1034s [p11_child[2334]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 1034s [p11_child[2334]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 1034s [p11_child[2334]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 1034s [p11_child[2334]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 1034s [p11_child[2334]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 1034s [p11_child[2334]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 1034s [p11_child[2334]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 1034s [p11_child[2334]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 1034s [p11_child[2334]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 1034s [p11_child[2334]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 1034s [p11_child[2334]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 1034s [p11_child[2334]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 1034s [p11_child[2334]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 1034s [p11_child[2334]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 1034s [p11_child[2334]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 1034s [p11_child[2334]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 1034s [p11_child[2334]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 1034s [p11_child[2334]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 1034s [p11_child[2334]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 1034s [p11_child[2334]] [do_card] (0x4000): Certificate verified and validated. 1034s [p11_child[2334]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 1034s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-UXiNoj/SSSD-child-25623-auth.output 1034s + echo '-----BEGIN CERTIFICATE-----' 1034s + tail -n1 /tmp/sssd-softhsm2-UXiNoj/SSSD-child-25623-auth.output 1034s + echo '-----END CERTIFICATE-----' 1034s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-UXiNoj/SSSD-child-25623-auth.pem 1034s Certificate: 1034s Data: 1034s Version: 3 (0x2) 1034s Serial Number: 5 (0x5) 1034s Signature Algorithm: sha256WithRSAEncryption 1034s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 1034s Validity 1034s Not Before: Mar 25 11:11:18 2024 GMT 1034s Not After : Mar 25 11:11:18 2025 GMT 1034s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 1034s Subject Public Key Info: 1034s Public Key Algorithm: rsaEncryption 1034s Public-Key: (1024 bit) 1034s Modulus: 1034s 00:c9:98:cf:6e:59:b3:7f:85:04:ba:39:11:87:71: 1034s d6:b0:25:bd:4c:2d:84:fb:71:ac:71:1e:e1:ca:7b: 1034s 66:f2:dc:a3:fa:c4:9a:5a:58:59:b6:c3:20:97:ee: 1034s 47:b6:f6:3a:22:cf:0c:db:db:78:b3:27:8e:8f:86: 1034s 5b:c8:bf:e3:33:2d:74:a3:bc:f0:bb:9a:72:87:c9: 1034s 5a:9a:da:43:2f:5a:5f:fd:d6:9d:1a:fe:ed:cd:be: 1034s 7b:38:a3:29:9f:99:0b:d3:a7:fc:e4:eb:45:97:40: 1034s 4a:53:3a:6c:79:00:9d:fd:ee:85:dd:90:b4:5a:be: 1034s 7d:db:24:9a:02:e2:a9:ee:33 1034s Exponent: 65537 (0x10001) 1034s X509v3 extensions: 1034s X509v3 Authority Key Identifier: 1034s 08:59:61:49:49:6E:CF:2D:2F:AC:C1:58:1E:07:81:2B:62:F8:FB:F3 1034s X509v3 Basic Constraints: 1034s CA:FALSE 1034s Netscape Cert Type: 1034s SSL Client, S/MIME 1034s Netscape Comment: 1034s Test Organization Sub Intermediate CA trusted Certificate 1034s X509v3 Subject Key Identifier: 1034s D6:56:A3:93:1B:B9:2D:2C:A1:BF:C2:07:6B:DF:39:6C:B6:B9:9F:FC 1034s X509v3 Key Usage: critical 1034s Digital Signature, Non Repudiation, Key Encipherment 1034s X509v3 Extended Key Usage: 1034s TLS Web Client Authentication, E-mail Protection 1034s X509v3 Subject Alternative Name: 1034s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 1034s Signature Algorithm: sha256WithRSAEncryption 1034s Signature Value: 1034s b6:28:7a:1c:c7:a3:f5:24:81:9e:ba:61:0a:10:f0:e8:80:34: 1034s dd:13:cb:52:89:66:45:29:a4:0a:ae:7e:ca:9f:18:45:f8:4f: 1034s e6:21:f7:d0:06:8e:76:11:10:13:9f:6b:7e:29:8e:a5:f3:d3: 1034s 77:4a:07:0e:bd:78:2e:ee:40:05:39:37:36:e3:43:1c:ef:d6: 1034s 91:35:d8:df:94:19:ca:ad:ba:3a:72:53:62:77:5a:69:01:89: 1034s a8:24:fd:d2:c7:29:3d:28:c4:8d:a9:4f:8e:05:30:72:4c:a5: 1034s 86:6a:a0:46:cb:41:df:f1:38:a3:94:90:ba:7a:aa:f1:1e:e4: 1034s 6d:1a 1034s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-UXiNoj/SSSD-child-25623-auth.pem 1034s + found_md5=Modulus=C998CF6E59B37F8504BA39118771D6B025BD4C2D84FB71AC711EE1CA7B66F2DCA3FAC49A5A5859B6C32097EE47B6F63A22CF0CDBDB78B3278E8F865BC8BFE3332D74A3BCF0BB9A7287C95A9ADA432F5A5FFDD69D1AFEEDCDBE7B38A3299F990BD3A7FCE4EB4597404A533A6C79009DFDEE85DD90B45ABE7DDB249A02E2A9EE33 1034s + '[' Modulus=C998CF6E59B37F8504BA39118771D6B025BD4C2D84FB71AC711EE1CA7B66F2DCA3FAC49A5A5859B6C32097EE47B6F63A22CF0CDBDB78B3278E8F865BC8BFE3332D74A3BCF0BB9A7287C95A9ADA432F5A5FFDD69D1AFEEDCDBE7B38A3299F990BD3A7FCE4EB4597404A533A6C79009DFDEE85DD90B45ABE7DDB249A02E2A9EE33 '!=' Modulus=C998CF6E59B37F8504BA39118771D6B025BD4C2D84FB71AC711EE1CA7B66F2DCA3FAC49A5A5859B6C32097EE47B6F63A22CF0CDBDB78B3278E8F865BC8BFE3332D74A3BCF0BB9A7287C95A9ADA432F5A5FFDD69D1AFEEDCDBE7B38A3299F990BD3A7FCE4EB4597404A533A6C79009DFDEE85DD90B45ABE7DDB249A02E2A9EE33 ']' 1034s + valid_certificate /tmp/sssd-softhsm2-UXiNoj/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-26952 /tmp/sssd-softhsm2-UXiNoj/test-intermediate-sub-chain-CA.pem partial_chain 1034s + check_certificate /tmp/sssd-softhsm2-UXiNoj/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-26952 /tmp/sssd-softhsm2-UXiNoj/test-intermediate-sub-chain-CA.pem partial_chain 1034s + local certificate=/tmp/sssd-softhsm2-UXiNoj/test-sub-intermediate-CA-trusted-certificate-0001.pem 1034s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-26952 1034s + local key_ring=/tmp/sssd-softhsm2-UXiNoj/test-intermediate-sub-chain-CA.pem 1034s + local verify_option=partial_chain 1034s + prepare_softhsm2_card /tmp/sssd-softhsm2-UXiNoj/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-26952 1034s + local certificate=/tmp/sssd-softhsm2-UXiNoj/test-sub-intermediate-CA-trusted-certificate-0001.pem 1034s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-26952 1034s + local key_cn 1034s + local key_name 1034s + local tokens_dir 1034s + local output_cert_file 1034s + token_name= 1034s ++ basename /tmp/sssd-softhsm2-UXiNoj/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 1034s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 1034s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-UXiNoj/test-sub-intermediate-CA-trusted-certificate-0001.pem 1034s ++ sed -n 's/ *commonName *= //p' 1034s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 1034s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 1034s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-UXiNoj/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 1034s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-UXiNoj/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 1034s ++ basename /tmp/sssd-softhsm2-UXiNoj/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 1034s + tokens_dir=/tmp/sssd-softhsm2-UXiNoj/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 1034s + token_name='Test Organization Sub Int Token' 1034s Test Organization Sub Int Token 1034s + '[' '!' -e /tmp/sssd-softhsm2-UXiNoj/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 1034s + '[' '!' -d /tmp/sssd-softhsm2-UXiNoj/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 1034s + echo 'Test Organization Sub Int Token' 1034s + '[' -n partial_chain ']' 1034s + local verify_arg=--verify=partial_chain 1034s + local output_base_name=SSSD-child-28683 1034s + local output_file=/tmp/sssd-softhsm2-UXiNoj/SSSD-child-28683.output 1034s + output_cert_file=/tmp/sssd-softhsm2-UXiNoj/SSSD-child-28683.pem 1034s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-UXiNoj/test-intermediate-sub-chain-CA.pem 1034s [p11_child[2344]] [main] (0x0400): p11_child started. 1034s [p11_child[2344]] [main] (0x2000): Running in [pre-auth] mode. 1034s [p11_child[2344]] [main] (0x2000): Running with effective IDs: [0][0]. 1034s [p11_child[2344]] [main] (0x2000): Running with real IDs [0][0]. 1034s [p11_child[2344]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 1034s [p11_child[2344]] [do_card] (0x4000): Module List: 1034s [p11_child[2344]] [do_card] (0x4000): common name: [softhsm2]. 1034s [p11_child[2344]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 1034s [p11_child[2344]] [do_card] (0x4000): Description [SoftHSM slot ID 0x718b938c] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 1034s [p11_child[2344]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 1034s [p11_child[2344]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x718b938c][1904972684] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 1034s [p11_child[2344]] [do_card] (0x4000): Login NOT required. 1034s [p11_child[2344]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 1034s [p11_child[2344]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 1034s [p11_child[2344]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Sub Int Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 1034s [p11_child[2344]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x718b938c;slot-manufacturer=SoftHSM%20project;slot-id=1904972684;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=9119bc75718b938c;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 1034s [p11_child[2344]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 1034s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-UXiNoj/SSSD-child-28683.output 1034s + echo '-----BEGIN CERTIFICATE-----' 1034s + tail -n1 /tmp/sssd-softhsm2-UXiNoj/SSSD-child-28683.output 1034s + echo '-----END CERTIFICATE-----' 1034s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-UXiNoj/SSSD-child-28683.pem 1034s Certificate: 1034s Data: 1034s Version: 3 (0x2) 1034s Serial Number: 5 (0x5) 1034s Signature Algorithm: sha256WithRSAEncryption 1034s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 1034s Validity 1034s Not Before: Mar 25 11:11:18 2024 GMT 1034s Not After : Mar 25 11:11:18 2025 GMT 1034s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 1034s Subject Public Key Info: 1034s Public Key Algorithm: rsaEncryption 1034s Public-Key: (1024 bit) 1034s Modulus: 1034s 00:c9:98:cf:6e:59:b3:7f:85:04:ba:39:11:87:71: 1034s d6:b0:25:bd:4c:2d:84:fb:71:ac:71:1e:e1:ca:7b: 1034s 66:f2:dc:a3:fa:c4:9a:5a:58:59:b6:c3:20:97:ee: 1034s 47:b6:f6:3a:22:cf:0c:db:db:78:b3:27:8e:8f:86: 1034s 5b:c8:bf:e3:33:2d:74:a3:bc:f0:bb:9a:72:87:c9: 1034s 5a:9a:da:43:2f:5a:5f:fd:d6:9d:1a:fe:ed:cd:be: 1034s 7b:38:a3:29:9f:99:0b:d3:a7:fc:e4:eb:45:97:40: 1034s 4a:53:3a:6c:79:00:9d:fd:ee:85:dd:90:b4:5a:be: 1034s 7d:db:24:9a:02:e2:a9:ee:33 1034s Exponent: 65537 (0x10001) 1034s X509v3 extensions: 1034s X509v3 Authority Key Identifier: 1034s 08:59:61:49:49:6E:CF:2D:2F:AC:C1:58:1E:07:81:2B:62:F8:FB:F3 1034s X509v3 Basic Constraints: 1034s CA:FALSE 1034s Netscape Cert Type: 1034s SSL Client, S/MIME 1034s Netscape Comment: 1034s Test Organization Sub Intermediate CA trusted Certificate 1034s X509v3 Subject Key Identifier: 1034s D6:56:A3:93:1B:B9:2D:2C:A1:BF:C2:07:6B:DF:39:6C:B6:B9:9F:FC 1034s X509v3 Key Usage: critical 1034s Digital Signature, Non Repudiation, Key Encipherment 1034s X509v3 Extended Key Usage: 1034s TLS Web Client Authentication, E-mail Protection 1034s X509v3 Subject Alternative Name: 1034s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 1034s Signature Algorithm: sha256WithRSAEncryption 1034s Signature Value: 1034s b6:28:7a:1c:c7:a3:f5:24:81:9e:ba:61:0a:10:f0:e8:80:34: 1034s dd:13:cb:52:89:66:45:29:a4:0a:ae:7e:ca:9f:18:45:f8:4f: 1034s e6:21:f7:d0:06:8e:76:11:10:13:9f:6b:7e:29:8e:a5:f3:d3: 1034s 77:4a:07:0e:bd:78:2e:ee:40:05:39:37:36:e3:43:1c:ef:d6: 1034s 91:35:d8:df:94:19:ca:ad:ba:3a:72:53:62:77:5a:69:01:89: 1034s a8:24:fd:d2:c7:29:3d:28:c4:8d:a9:4f:8e:05:30:72:4c:a5: 1034s 86:6a:a0:46:cb:41:df:f1:38:a3:94:90:ba:7a:aa:f1:1e:e4: 1034s 6d:1a 1034s + local found_md5 expected_md5 1034s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-UXiNoj/test-sub-intermediate-CA-trusted-certificate-0001.pem 1035s + expected_md5=Modulus=C998CF6E59B37F8504BA39118771D6B025BD4C2D84FB71AC711EE1CA7B66F2DCA3FAC49A5A5859B6C32097EE47B6F63A22CF0CDBDB78B3278E8F865BC8BFE3332D74A3BCF0BB9A7287C95A9ADA432F5A5FFDD69D1AFEEDCDBE7B38A3299F990BD3A7FCE4EB4597404A533A6C79009DFDEE85DD90B45ABE7DDB249A02E2A9EE33 1035s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-UXiNoj/SSSD-child-28683.pem 1035s + found_md5=Modulus=C998CF6E59B37F8504BA39118771D6B025BD4C2D84FB71AC711EE1CA7B66F2DCA3FAC49A5A5859B6C32097EE47B6F63A22CF0CDBDB78B3278E8F865BC8BFE3332D74A3BCF0BB9A7287C95A9ADA432F5A5FFDD69D1AFEEDCDBE7B38A3299F990BD3A7FCE4EB4597404A533A6C79009DFDEE85DD90B45ABE7DDB249A02E2A9EE33 1035s + '[' Modulus=C998CF6E59B37F8504BA39118771D6B025BD4C2D84FB71AC711EE1CA7B66F2DCA3FAC49A5A5859B6C32097EE47B6F63A22CF0CDBDB78B3278E8F865BC8BFE3332D74A3BCF0BB9A7287C95A9ADA432F5A5FFDD69D1AFEEDCDBE7B38A3299F990BD3A7FCE4EB4597404A533A6C79009DFDEE85DD90B45ABE7DDB249A02E2A9EE33 '!=' Modulus=C998CF6E59B37F8504BA39118771D6B025BD4C2D84FB71AC711EE1CA7B66F2DCA3FAC49A5A5859B6C32097EE47B6F63A22CF0CDBDB78B3278E8F865BC8BFE3332D74A3BCF0BB9A7287C95A9ADA432F5A5FFDD69D1AFEEDCDBE7B38A3299F990BD3A7FCE4EB4597404A533A6C79009DFDEE85DD90B45ABE7DDB249A02E2A9EE33 ']' 1035s + output_file=/tmp/sssd-softhsm2-UXiNoj/SSSD-child-28683-auth.output 1035s ++ basename /tmp/sssd-softhsm2-UXiNoj/SSSD-child-28683-auth.output .output 1035s + output_cert_file=/tmp/sssd-softhsm2-UXiNoj/SSSD-child-28683-auth.pem 1035s + echo -n 053350 1035s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-UXiNoj/test-intermediate-sub-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Sub Int Token' --module_name /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so 1035s [p11_child[2352]] [main] (0x0400): p11_child started. 1035s [p11_child[2352]] [main] (0x2000): Running in [auth] mode. 1035s [p11_child[2352]] [main] (0x2000): Running with effective IDs: [0][0]. 1035s [p11_child[2352]] [main] (0x2000): Running with real IDs [0][0]. 1035s [p11_child[2352]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 1035s [p11_child[2352]] [do_card] (0x4000): Module List: 1035s [p11_child[2352]] [do_card] (0x4000): common name: [softhsm2]. 1035s [p11_child[2352]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 1035s [p11_child[2352]] [do_card] (0x4000): Description [SoftHSM slot ID 0x718b938c] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 1035s [p11_child[2352]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 1035s [p11_child[2352]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x718b938c][1904972684] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 1035s [p11_child[2352]] [do_card] (0x4000): Login required. 1035s [p11_child[2352]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 1035s [p11_child[2352]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 1035s [p11_child[2352]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so Test Organization Sub Int Token Test Organization Sub Int Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 1035s [p11_child[2352]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x718b938c;slot-manufacturer=SoftHSM%20project;slot-id=1904972684;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=9119bc75718b938c;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 1035s [p11_child[2352]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 1035s [p11_child[2352]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 1035s [p11_child[2352]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 1035s [p11_child[2352]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 1035s [p11_child[2352]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 1035s [p11_child[2352]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 1035s [p11_child[2352]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 1035s [p11_child[2352]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 1035s [p11_child[2352]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 1035s [p11_child[2352]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 1035s [p11_child[2352]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 1035s [p11_child[2352]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 1035s [p11_child[2352]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 1035s [p11_child[2352]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 1035s [p11_child[2352]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 1035s [p11_child[2352]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 1035s [p11_child[2352]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 1035s [p11_child[2352]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 1035s [p11_child[2352]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 1035s [p11_child[2352]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 1035s [p11_child[2352]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 1035s [p11_child[2352]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 1035s [p11_child[2352]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 1035s [p11_child[2352]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 1035s [p11_child[2352]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 1035s [p11_child[2352]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 1035s [p11_child[2352]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 1035s [p11_child[2352]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 1035s [p11_child[2352]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 1035s [p11_child[2352]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 1035s [p11_child[2352]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 1035s [p11_child[2352]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 1035s [p11_child[2352]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 1035s [p11_child[2352]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 1035s [p11_child[2352]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 1035s [p11_child[2352]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 1035s [p11_child[2352]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 1035s [p11_child[2352]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 1035s [p11_child[2352]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 1035s [p11_child[2352]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 1035s [p11_child[2352]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 1035s [p11_child[2352]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 1035s [p11_child[2352]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 1035s [p11_child[2352]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 1035s [p11_child[2352]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 1035s [p11_child[2352]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 1035s [p11_child[2352]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 1035s [p11_child[2352]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 1035s [p11_child[2352]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 1035s [p11_child[2352]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 1035s [p11_child[2352]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 1035s [p11_child[2352]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 1035s [p11_child[2352]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 1035s [p11_child[2352]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 1035s [p11_child[2352]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 1035s [p11_child[2352]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 1035s [p11_child[2352]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 1035s [p11_child[2352]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 1035s [p11_child[2352]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 1035s [p11_child[2352]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 1035s [p11_child[2352]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 1035s [p11_child[2352]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 1035s [p11_child[2352]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 1035s [p11_child[2352]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 1035s [p11_child[2352]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 1035s [p11_child[2352]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 1035s [p11_child[2352]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 1035s [p11_child[2352]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 1035s [p11_child[2352]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 1035s [p11_child[2352]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 1035s [p11_child[2352]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 1035s [p11_child[2352]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 1035s [p11_child[2352]] [do_card] (0x4000): Certificate verified and validated. 1035s [p11_child[2352]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 1035s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-UXiNoj/SSSD-child-28683-auth.output 1035s + echo '-----BEGIN CERTIFICATE-----' 1035s + tail -n1 /tmp/sssd-softhsm2-UXiNoj/SSSD-child-28683-auth.output 1035s + echo '-----END CERTIFICATE-----' 1035s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-UXiNoj/SSSD-child-28683-auth.pem 1035s Certificate: 1035s Data: 1035s Version: 3 (0x2) 1035s Serial Number: 5 (0x5) 1035s Signature Algorithm: sha256WithRSAEncryption 1035s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 1035s Validity 1035s Not Before: Mar 25 11:11:18 2024 GMT 1035s Not After : Mar 25 11:11:18 2025 GMT 1035s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 1035s Subject Public Key Info: 1035s Public Key Algorithm: rsaEncryption 1035s Public-Key: (1024 bit) 1035s Modulus: 1035s 00:c9:98:cf:6e:59:b3:7f:85:04:ba:39:11:87:71: 1035s d6:b0:25:bd:4c:2d:84:fb:71:ac:71:1e:e1:ca:7b: 1035s 66:f2:dc:a3:fa:c4:9a:5a:58:59:b6:c3:20:97:ee: 1035s 47:b6:f6:3a:22:cf:0c:db:db:78:b3:27:8e:8f:86: 1035s 5b:c8:bf:e3:33:2d:74:a3:bc:f0:bb:9a:72:87:c9: 1035s 5a:9a:da:43:2f:5a:5f:fd:d6:9d:1a:fe:ed:cd:be: 1035s 7b:38:a3:29:9f:99:0b:d3:a7:fc:e4:eb:45:97:40: 1035s 4a:53:3a:6c:79:00:9d:fd:ee:85:dd:90:b4:5a:be: 1035s 7d:db:24:9a:02:e2:a9:ee:33 1035s Exponent: 65537 (0x10001) 1035s X509v3 extensions: 1035s X509v3 Authority Key Identifier: 1035s 08:59:61:49:49:6E:CF:2D:2F:AC:C1:58:1E:07:81:2B:62:F8:FB:F3 1035s X509v3 Basic Constraints: 1035s CA:FALSE 1035s Netscape Cert Type: 1035s SSL Client, S/MIME 1035s Netscape Comment: 1035s Test Organization Sub Intermediate CA trusted Certificate 1035s X509v3 Subject Key Identifier: 1035s D6:56:A3:93:1B:B9:2D:2C:A1:BF:C2:07:6B:DF:39:6C:B6:B9:9F:FC 1035s X509v3 Key Usage: critical 1035s Digital Signature, Non Repudiation, Key Encipherment 1035s X509v3 Extended Key Usage: 1035s TLS Web Client Authentication, E-mail Protection 1035s X509v3 Subject Alternative Name: 1035s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 1035s Signature Algorithm: sha256WithRSAEncryption 1035s Signature Value: 1035s b6:28:7a:1c:c7:a3:f5:24:81:9e:ba:61:0a:10:f0:e8:80:34: 1035s dd:13:cb:52:89:66:45:29:a4:0a:ae:7e:ca:9f:18:45:f8:4f: 1035s e6:21:f7:d0:06:8e:76:11:10:13:9f:6b:7e:29:8e:a5:f3:d3: 1035s 77:4a:07:0e:bd:78:2e:ee:40:05:39:37:36:e3:43:1c:ef:d6: 1035s 91:35:d8:df:94:19:ca:ad:ba:3a:72:53:62:77:5a:69:01:89: 1035s a8:24:fd:d2:c7:29:3d:28:c4:8d:a9:4f:8e:05:30:72:4c:a5: 1035s 86:6a:a0:46:cb:41:df:f1:38:a3:94:90:ba:7a:aa:f1:1e:e4: 1035s 6d:1a 1035s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-UXiNoj/SSSD-child-28683-auth.pem 1035s + found_md5=Modulus=C998CF6E59B37F8504BA39118771D6B025BD4C2D84FB71AC711EE1CA7B66F2DCA3FAC49A5A5859B6C32097EE47B6F63A22CF0CDBDB78B3278E8F865BC8BFE3332D74A3BCF0BB9A7287C95A9ADA432F5A5FFDD69D1AFEEDCDBE7B38A3299F990BD3A7FCE4EB4597404A533A6C79009DFDEE85DD90B45ABE7DDB249A02E2A9EE33 1035s + '[' Modulus=C998CF6E59B37F8504BA39118771D6B025BD4C2D84FB71AC711EE1CA7B66F2DCA3FAC49A5A5859B6C32097EE47B6F63A22CF0CDBDB78B3278E8F865BC8BFE3332D74A3BCF0BB9A7287C95A9ADA432F5A5FFDD69D1AFEEDCDBE7B38A3299F990BD3A7FCE4EB4597404A533A6C79009DFDEE85DD90B45ABE7DDB249A02E2A9EE33 '!=' Modulus=C998CF6E59B37F8504BA39118771D6B025BD4C2D84FB71AC711EE1CA7B66F2DCA3FAC49A5A5859B6C32097EE47B6F63A22CF0CDBDB78B3278E8F865BC8BFE3332D74A3BCF0BB9A7287C95A9ADA432F5A5FFDD69D1AFEEDCDBE7B38A3299F990BD3A7FCE4EB4597404A533A6C79009DFDEE85DD90B45ABE7DDB249A02E2A9EE33 ']' 1035s + set +x 1035s 1035s Test completed, Root CA and intermediate issued certificates verified! 1035s autopkgtest [11:11:33]: test sssd-softhism2-certificates-tests.sh: -----------------------] 1036s autopkgtest [11:11:34]: test sssd-softhism2-certificates-tests.sh: - - - - - - - - - - results - - - - - - - - - - 1036s sssd-softhism2-certificates-tests.sh PASS 1037s autopkgtest [11:11:35]: test sssd-smart-card-pam-auth-configs: preparing testbed 1040s Reading package lists... 1041s Building dependency tree... 1041s Reading state information... 1042s Starting pkgProblemResolver with broken count: 0 1042s Starting 2 pkgProblemResolver with broken count: 0 1042s Done 1044s The following additional packages will be installed: 1044s pamtester 1044s The following NEW packages will be installed: 1044s autopkgtest-satdep pamtester 1044s 0 upgraded, 2 newly installed, 0 to remove and 0 not upgraded. 1044s Need to get 12.3 kB/13.0 kB of archives. 1044s After this operation, 36.9 kB of additional disk space will be used. 1044s Get:1 /tmp/autopkgtest.JTgXkd/4-autopkgtest-satdep.deb autopkgtest-satdep arm64 0 [764 B] 1044s Get:2 http://ftpmaster.internal/ubuntu noble/universe arm64 pamtester arm64 0.1.2-4 [12.3 kB] 1045s Fetched 12.3 kB in 0s (58.6 kB/s) 1045s Selecting previously unselected package pamtester. 1046s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 76058 files and directories currently installed.) 1046s Preparing to unpack .../pamtester_0.1.2-4_arm64.deb ... 1046s Unpacking pamtester (0.1.2-4) ... 1046s Selecting previously unselected package autopkgtest-satdep. 1046s Preparing to unpack .../4-autopkgtest-satdep.deb ... 1046s Unpacking autopkgtest-satdep (0) ... 1046s Setting up pamtester (0.1.2-4) ... 1046s Setting up autopkgtest-satdep (0) ... 1046s Processing triggers for man-db (2.12.0-3) ... 1054s (Reading database ... 76064 files and directories currently installed.) 1054s Removing autopkgtest-satdep (0) ... 1055s autopkgtest [11:11:53]: test sssd-smart-card-pam-auth-configs: env OFFLINE_MODE=1 bash debian/tests/sssd-smart-card-pam-auth-configs-tester.sh 1055s autopkgtest [11:11:53]: test sssd-smart-card-pam-auth-configs: [----------------------- 1055s + '[' -z ubuntu ']' 1055s + export DEBIAN_FRONTEND=noninteractive 1055s + DEBIAN_FRONTEND=noninteractive 1055s + required_tools=(pamtester softhsm2-util sssd) 1055s + [[ ! -v OFFLINE_MODE ]] 1055s + for cmd in "${required_tools[@]}" 1055s + command -v pamtester 1055s + for cmd in "${required_tools[@]}" 1055s + command -v softhsm2-util 1055s + for cmd in "${required_tools[@]}" 1055s + command -v sssd 1055s + PIN=123456 1055s ++ mktemp -d -t sssd-softhsm2-certs-XXXXXX 1055s + tmpdir=/tmp/sssd-softhsm2-certs-a2sghl 1055s + backupsdir= 1055s + alternative_pam_configs=(sss-smart-card-optional sss-smart-card-required) 1055s + declare -a restore_paths 1055s + declare -a delete_paths 1055s + trap handle_exit EXIT 1055s ++ dirname debian/tests/sssd-smart-card-pam-auth-configs-tester.sh 1055s + tester=debian/tests/sssd-softhism2-certificates-tests.sh 1055s + '[' '!' -e debian/tests/sssd-softhism2-certificates-tests.sh ']' 1055s + '[' '!' -e debian/tests/sssd-softhism2-certificates-tests.sh ']' 1055s + export PIN TEST_TMPDIR=/tmp/sssd-softhsm2-certs-a2sghl GENERATE_SMART_CARDS=1 KEEP_TEMPORARY_FILES=1 NO_SSSD_TESTS=1 1055s + TEST_TMPDIR=/tmp/sssd-softhsm2-certs-a2sghl 1055s + GENERATE_SMART_CARDS=1 1055s + KEEP_TEMPORARY_FILES=1 1055s + NO_SSSD_TESTS=1 1055s + bash debian/tests/sssd-softhism2-certificates-tests.sh 1055s + '[' -z ubuntu ']' 1055s + required_tools=(p11tool openssl softhsm2-util) 1055s + for cmd in "${required_tools[@]}" 1055s + command -v p11tool 1055s + for cmd in "${required_tools[@]}" 1055s + command -v openssl 1055s + for cmd in "${required_tools[@]}" 1055s + command -v softhsm2-util 1055s + PIN=123456 1055s +++ find /usr/lib/softhsm/libsofthsm2.so 1055s +++ head -n 1 1055s ++ realpath /usr/lib/softhsm/libsofthsm2.so 1055s + SOFTHSM2_MODULE=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so 1055s + SSSD_P11_CHILD=/usr/libexec/sssd/p11_child 1055s + TOKEN_ID=00112233445566778899FFAABBCCDDEEFF012345 1055s + '[' '!' -v NO_SSSD_TESTS ']' 1055s + '[' '!' -e /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so ']' 1055s + tmpdir=/tmp/sssd-softhsm2-certs-a2sghl 1055s + keys_size=1024 1055s + [[ ! -v KEEP_TEMPORARY_FILES ]] 1055s + trap 'set +x; echo -e "\nUnexpected failure!!!"' ERR 1055s + echo -n 01 1055s + touch /tmp/sssd-softhsm2-certs-a2sghl/index.txt 1055s + mkdir -p /tmp/sssd-softhsm2-certs-a2sghl/new_certs 1055s + cat 1055s + root_ca_key_pass=pass:random-root-CA-password-27854 1055s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-certs-a2sghl/test-root-CA-key.pem -passout pass:random-root-CA-password-27854 1024 1055s + openssl req -passin pass:random-root-CA-password-27854 -batch -config /tmp/sssd-softhsm2-certs-a2sghl/test-root-CA.config -x509 -new -nodes -key /tmp/sssd-softhsm2-certs-a2sghl/test-root-CA-key.pem -sha256 -days 1024 -set_serial 0 -extensions v3_ca -out /tmp/sssd-softhsm2-certs-a2sghl/test-root-CA.pem 1055s + openssl x509 -noout -in /tmp/sssd-softhsm2-certs-a2sghl/test-root-CA.pem 1055s + cat 1055s + intermediate_ca_key_pass=pass:random-intermediate-CA-password-2408 1055s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-certs-a2sghl/test-intermediate-CA-key.pem -passout pass:random-intermediate-CA-password-2408 1024 1056s + openssl req -batch -new -nodes -passin pass:random-intermediate-CA-password-2408 -config /tmp/sssd-softhsm2-certs-a2sghl/test-intermediate-CA.config -key /tmp/sssd-softhsm2-certs-a2sghl/test-intermediate-CA-key.pem -passout pass:random-root-CA-password-27854 -sha256 -extensions v3_ca -out /tmp/sssd-softhsm2-certs-a2sghl/test-intermediate-CA-certificate-request.pem 1056s + openssl req -text -noout -in /tmp/sssd-softhsm2-certs-a2sghl/test-intermediate-CA-certificate-request.pem 1056s + openssl ca -batch -notext -config /tmp/sssd-softhsm2-certs-a2sghl/test-root-CA.config -passin pass:random-root-CA-password-27854 -keyfile /tmp/sssd-softhsm2-certs-a2sghl/test-root-CA-key.pem -in /tmp/sssd-softhsm2-certs-a2sghl/test-intermediate-CA-certificate-request.pem -days 365 -extensions v3_intermediate_ca -out /tmp/sssd-softhsm2-certs-a2sghl/test-intermediate-CA.pem 1056s Certificate Request: 1056s Data: 1056s Version: 1 (0x0) 1056s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 1056s Subject Public Key Info: 1056s Public Key Algorithm: rsaEncryption 1056s Public-Key: (1024 bit) 1056s Modulus: 1056s 00:96:38:36:38:62:f8:3a:e6:20:71:6b:25:06:1e: 1056s ab:96:c2:68:9f:00:10:20:85:e1:e4:ac:6b:55:a8: 1056s 7c:2b:1f:d2:a8:77:64:52:35:62:ea:ef:6c:1d:6c: 1056s 17:d8:71:22:22:89:73:c3:e7:ce:99:8c:c4:39:07: 1056s 7a:70:00:0c:38:26:ed:ab:75:ea:9d:9e:fe:e6:73: 1056s 08:db:33:3d:9f:4e:3f:78:8f:bc:0b:86:c0:96:3e: 1056s 3b:e9:ee:fe:16:7d:50:c5:95:19:9f:c0:27:4b:71: 1056s cb:47:d1:13:05:13:da:ac:1b:33:f8:c8:4e:0c:7d: 1056s 90:5e:41:a0:85:98:87:ff:1b 1056s Exponent: 65537 (0x10001) 1056s Attributes: 1056s (none) 1056s Requested Extensions: 1056s Signature Algorithm: sha256WithRSAEncryption 1056s Signature Value: 1056s 04:a1:72:e6:a3:5a:94:72:7c:c1:83:f9:9a:1d:a2:30:02:f8: 1056s 82:ee:fc:ed:64:75:06:39:6e:82:a5:1a:8a:0c:95:26:0e:8f: 1056s 31:6d:23:eb:82:c5:a1:01:7c:83:e8:83:78:8f:69:5b:d1:22: 1056s 83:26:f8:71:46:a3:61:e0:c2:80:29:8a:55:0d:33:4c:20:a7: 1056s 41:3a:47:60:15:80:cf:87:48:3c:24:ea:4e:b8:c7:1b:e8:3b: 1056s d4:3b:2b:ca:99:0b:75:6a:20:fe:cc:fb:2b:28:19:46:90:5a: 1056s fd:af:ab:3e:85:f6:07:6f:05:21:f9:d7:b9:56:4d:60:ab:15: 1056s 4d:6c 1056s Using configuration from /tmp/sssd-softhsm2-certs-a2sghl/test-root-CA.config 1056s Check that the request matches the signature 1056s Signature ok 1056s Certificate Details: 1056s Serial Number: 1 (0x1) 1056s Validity 1056s Not Before: Mar 25 11:11:54 2024 GMT 1056s Not After : Mar 25 11:11:54 2025 GMT 1056s Subject: 1056s organizationName = Test Organization 1056s organizationalUnitName = Test Organization Unit 1056s commonName = Test Organization Intermediate CA 1056s X509v3 extensions: 1056s X509v3 Subject Key Identifier: 1056s 52:CC:ED:79:44:AD:45:45:0C:D5:FA:FF:53:0E:38:B9:E8:48:0A:BA 1056s X509v3 Authority Key Identifier: 1056s keyid:9A:55:BA:40:E1:59:82:90:D8:28:FB:1D:EE:8D:81:D6:2F:1A:7A:8D 1056s DirName:/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root CA 1056s serial:00 1056s X509v3 Basic Constraints: 1056s CA:TRUE 1056s X509v3 Key Usage: critical 1056s Digital Signature, Certificate Sign, CRL Sign 1056s Certificate is to be certified until Mar 25 11:11:54 2025 GMT (365 days) 1056s 1056s Write out database with 1 new entries 1056s Database updated 1056s + openssl x509 -noout -in /tmp/sssd-softhsm2-certs-a2sghl/test-intermediate-CA.pem 1056s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-a2sghl/test-root-CA.pem /tmp/sssd-softhsm2-certs-a2sghl/test-intermediate-CA.pem 1056s /tmp/sssd-softhsm2-certs-a2sghl/test-intermediate-CA.pem: OK 1056s + cat 1056s + sub_intermediate_ca_key_pass=pass:random-sub-intermediate-CA-password-7545 1056s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-certs-a2sghl/test-sub-intermediate-CA-key.pem -passout pass:random-sub-intermediate-CA-password-7545 1024 1056s + openssl req -batch -new -nodes -passin pass:random-sub-intermediate-CA-password-7545 -config /tmp/sssd-softhsm2-certs-a2sghl/test-sub-intermediate-CA.config -key /tmp/sssd-softhsm2-certs-a2sghl/test-sub-intermediate-CA-key.pem -passout pass:random-intermediate-CA-password-2408 -sha256 -extensions v3_ca -out /tmp/sssd-softhsm2-certs-a2sghl/test-sub-intermediate-CA-certificate-request.pem 1056s + openssl req -text -noout -in /tmp/sssd-softhsm2-certs-a2sghl/test-sub-intermediate-CA-certificate-request.pem 1056s Certificate Request: 1056s Data: 1056s Version: 1 (0x0) 1056s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 1056s Subject Public Key Info: 1056s Public Key Algorithm: rsaEncryption 1056s Public-Key: (1024 bit) 1056s Modulus: 1056s 00:ce:f9:e6:80:25:9c:b2:df:3d:c4:5c:d6:91:4d: 1056s 6a:c9:5e:d0:7f:26:78:58:3c:43:6c:b4:cb:7e:4d: 1056s 98:ad:65:df:77:07:9f:81:bf:5d:05:ba:0f:3f:db: 1056s 87:39:57:61:e4:0e:79:b8:9f:f6:a1:e6:c7:2d:c3: 1056s 81:96:dc:5d:00:bb:cc:46:6c:c2:8d:da:cd:eb:9b: 1056s 62:4c:d9:af:18:b0:33:41:3b:6e:81:a2:65:d4:87: 1056s ba:96:8d:f8:56:69:12:1d:92:98:a9:dd:52:06:50: 1056s d0:41:64:08:93:c6:a9:4b:c4:75:61:fc:27:ff:96: 1056s ee:b0:26:14:3e:cb:1d:db:59 1056s Exponent: 65537 (0x10001) 1056s Attributes: 1056s (none) 1056s Requested Extensions: 1056s Signature Algorithm: sha256WithRSAEncryption 1056s Signature Value: 1056s 74:49:32:bb:71:51:52:c3:af:a2:c1:d6:3a:e3:99:81:81:84: 1056s 5d:7b:7e:01:ed:8a:0b:92:16:2f:6b:ea:dc:0f:1f:a7:48:93: 1056s 62:e4:3f:a3:f9:d7:36:5f:c7:52:b5:65:b5:45:4d:87:a2:14: 1056s c7:e4:e2:0c:52:0e:e3:ba:bd:1e:4d:f6:4c:68:4c:d1:f6:17: 1056s 87:10:f6:5f:01:3f:ff:03:9b:95:91:17:dd:3c:b5:84:b0:bf: 1056s 81:a5:80:f8:56:e4:1a:e8:fb:e7:f2:57:ab:eb:5c:64:a1:8a: 1056s e1:51:61:78:92:26:0a:d6:26:d7:b9:cf:ab:c6:ff:2e:70:c1: 1056s a7:97 1056s + openssl ca -batch -notext -config /tmp/sssd-softhsm2-certs-a2sghl/test-intermediate-CA.config -passin pass:random-intermediate-CA-password-2408 -keyfile /tmp/sssd-softhsm2-certs-a2sghl/test-intermediate-CA-key.pem -in /tmp/sssd-softhsm2-certs-a2sghl/test-sub-intermediate-CA-certificate-request.pem -days 365 -extensions v3_intermediate_ca -out /tmp/sssd-softhsm2-certs-a2sghl/test-sub-intermediate-CA.pem 1056s Using configuration from /tmp/sssd-softhsm2-certs-a2sghl/test-intermediate-CA.config 1056s Check that the request matches the signature 1056s Signature ok 1056s Certificate Details: 1056s Serial Number: 2 (0x2) 1056s Validity 1056s Not Before: Mar 25 11:11:54 2024 GMT 1056s Not After : Mar 25 11:11:54 2025 GMT 1056s Subject: 1056s organizationName = Test Organization 1056s organizationalUnitName = Test Organization Unit 1056s commonName = Test Organization Sub Intermediate CA 1056s X509v3 extensions: 1056s X509v3 Subject Key Identifier: 1056s 13:47:73:35:02:6E:0C:EE:84:48:4E:1E:E7:0E:E3:BA:13:32:5C:FD 1056s X509v3 Authority Key Identifier: 1056s keyid:52:CC:ED:79:44:AD:45:45:0C:D5:FA:FF:53:0E:38:B9:E8:48:0A:BA 1056s DirName:/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root CA 1056s serial:01 1056s X509v3 Basic Constraints: 1056s CA:TRUE 1056s X509v3 Key Usage: critical 1056s Digital Signature, Certificate Sign, CRL Sign 1056s Certificate is to be certified until Mar 25 11:11:54 2025 GMT (365 days) 1056s 1056s Write out database with 1 new entries 1056s Database updated 1056s + openssl x509 -noout -in /tmp/sssd-softhsm2-certs-a2sghl/test-sub-intermediate-CA.pem 1056s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-certs-a2sghl/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-a2sghl/test-sub-intermediate-CA.pem 1056s /tmp/sssd-softhsm2-certs-a2sghl/test-sub-intermediate-CA.pem: OK 1056s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-certs-a2sghl/test-root-CA.pem /tmp/sssd-softhsm2-certs-a2sghl/test-sub-intermediate-CA.pem 1056s + local cmd=openssl 1056s + shift 1056s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-a2sghl/test-root-CA.pem /tmp/sssd-softhsm2-certs-a2sghl/test-sub-intermediate-CA.pem 1056s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 1056s error 20 at 0 depth lookup: unable to get local issuer certificate 1056s error /tmp/sssd-softhsm2-certs-a2sghl/test-sub-intermediate-CA.pem: verification failed 1056s + cat 1056s + root_ca_trusted_cert_0001_key_pass=pass:random-root-ca-trusted-cert-0001-748 1056s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-certs-a2sghl/test-root-CA-trusted-certificate-0001-key.pem -passout pass:random-root-ca-trusted-cert-0001-748 1024 1056s + openssl req -new -nodes -reqexts req_exts -passin pass:random-root-ca-trusted-cert-0001-748 -key /tmp/sssd-softhsm2-certs-a2sghl/test-root-CA-trusted-certificate-0001-key.pem -config /tmp/sssd-softhsm2-certs-a2sghl/test-root-CA-trusted-certificate-0001.config -out /tmp/sssd-softhsm2-certs-a2sghl/test-root-CA-trusted-certificate-0001-request.pem 1056s + openssl req -text -noout -in /tmp/sssd-softhsm2-certs-a2sghl/test-root-CA-trusted-certificate-0001-request.pem 1056s Certificate Request: 1056s Data: 1056s Version: 1 (0x0) 1056s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 1056s Subject Public Key Info: 1056s Public Key Algorithm: rsaEncryption 1056s Public-Key: (1024 bit) 1056s Modulus: 1056s 00:a8:e5:3b:17:c5:6b:5b:3f:c9:46:90:be:98:c8: 1056s 45:ee:db:bf:05:47:de:11:18:fc:b9:cb:0f:ac:f9: 1056s b4:b8:8d:85:16:8c:4e:3f:24:9a:32:0f:c7:ac:2e: 1056s f6:2d:dc:94:8a:fa:d4:4c:47:ee:21:55:b4:20:f7: 1056s 5a:b8:cc:a9:f1:b0:e7:99:99:d4:38:93:b2:2c:61: 1056s 51:e6:5e:a0:dc:6d:9f:05:df:83:e2:77:b5:80:d0: 1056s 2f:a2:b8:2d:d0:a0:da:5d:82:82:94:cb:d3:63:0b: 1056s 2f:ec:0b:dd:66:13:2b:b7:86:96:2a:09:a3:1e:98: 1056s 23:50:f9:cc:4e:b4:c7:a5:01 1056s Exponent: 65537 (0x10001) 1056s Attributes: 1056s Requested Extensions: 1056s X509v3 Basic Constraints: 1056s CA:FALSE 1056s Netscape Cert Type: 1056s SSL Client, S/MIME 1056s Netscape Comment: 1056s Test Organization Root CA trusted Certificate 1056s X509v3 Subject Key Identifier: 1056s A0:39:05:F4:B3:C6:A5:CD:06:BE:EF:F3:B9:E2:8D:14:13:00:BA:6C 1056s X509v3 Key Usage: critical 1056s Digital Signature, Non Repudiation, Key Encipherment 1056s X509v3 Extended Key Usage: 1056s TLS Web Client Authentication, E-mail Protection 1056s X509v3 Subject Alternative Name: 1056s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 1056s Signature Algorithm: sha256WithRSAEncryption 1056s Signature Value: 1056s 02:88:95:26:4a:41:a5:40:0f:f9:14:33:02:7d:5f:69:83:32: 1056s 73:ba:c5:7b:d9:0d:b0:cc:b6:dc:8d:98:cd:c2:70:f5:31:e0: 1056s 3c:f9:8e:f9:5d:df:4f:2e:8f:b2:87:67:69:f7:bc:8b:3c:88: 1056s 19:e3:13:28:82:4e:4c:eb:fe:6b:22:2d:25:06:09:41:46:17: 1056s ba:72:4d:78:fa:b5:e5:f9:07:e1:80:c5:48:77:c5:33:47:19: 1056s 3f:ea:a2:41:0e:df:6b:d9:0d:b2:b1:5f:1b:98:22:fd:f2:64: 1056s 68:dc:f8:c0:ba:7c:91:04:b9:ac:a9:0f:21:34:05:5b:6f:6e: 1056s 2f:bf 1056s + openssl ca -batch -notext -config /tmp/sssd-softhsm2-certs-a2sghl/test-root-CA.config -passin pass:random-root-CA-password-27854 -keyfile /tmp/sssd-softhsm2-certs-a2sghl/test-root-CA-key.pem -in /tmp/sssd-softhsm2-certs-a2sghl/test-root-CA-trusted-certificate-0001-request.pem -days 365 -extensions usr_cert -out /tmp/sssd-softhsm2-certs-a2sghl/test-root-CA-trusted-certificate-0001.pem 1056s Using configuration from /tmp/sssd-softhsm2-certs-a2sghl/test-root-CA.config 1056s Check that the request matches the signature 1056s Signature ok 1056s Certificate Details: 1056s Serial Number: 3 (0x3) 1056s Validity 1056s Not Before: Mar 25 11:11:54 2024 GMT 1056s Not After : Mar 25 11:11:54 2025 GMT 1056s Subject: 1056s organizationName = Test Organization 1056s organizationalUnitName = Test Organization Unit 1056s commonName = Test Organization Root Trusted Certificate 0001 1056s X509v3 extensions: 1056s X509v3 Authority Key Identifier: 1056s 9A:55:BA:40:E1:59:82:90:D8:28:FB:1D:EE:8D:81:D6:2F:1A:7A:8D 1056s X509v3 Basic Constraints: 1056s CA:FALSE 1056s Netscape Cert Type: 1056s SSL Client, S/MIME 1056s Netscape Comment: 1056s Test Organization Root CA trusted Certificate 1056s X509v3 Subject Key Identifier: 1056s A0:39:05:F4:B3:C6:A5:CD:06:BE:EF:F3:B9:E2:8D:14:13:00:BA:6C 1056s X509v3 Key Usage: critical 1056s Digital Signature, Non Repudiation, Key Encipherment 1056s X509v3 Extended Key Usage: 1056s TLS Web Client Authentication, E-mail Protection 1056s X509v3 Subject Alternative Name: 1056s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 1056s Certificate is to be certified until Mar 25 11:11:54 2025 GMT (365 days) 1056s 1056s Write out database with 1 new entries 1056s Database updated 1056s + openssl x509 -noout -in /tmp/sssd-softhsm2-certs-a2sghl/test-root-CA-trusted-certificate-0001.pem 1056s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-a2sghl/test-root-CA.pem /tmp/sssd-softhsm2-certs-a2sghl/test-root-CA-trusted-certificate-0001.pem 1056s /tmp/sssd-softhsm2-certs-a2sghl/test-root-CA-trusted-certificate-0001.pem: OK 1056s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-certs-a2sghl/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-a2sghl/test-root-CA-trusted-certificate-0001.pem 1056s + local cmd=openssl 1056s + shift 1056s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-a2sghl/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-a2sghl/test-root-CA-trusted-certificate-0001.pem 1056s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 1056s error 20 at 0 depth lookup: unable to get local issuer certificate 1056s error /tmp/sssd-softhsm2-certs-a2sghl/test-root-CA-trusted-certificate-0001.pem: verification failed 1056s + cat 1056s + intermediate_ca_trusted_cert_0001_key_pass=pass:random-intermediate-ca-trusted-cert-0001-24064 1056s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-certs-a2sghl/test-intermediate-CA-trusted-certificate-0001-key.pem -passout pass:random-intermediate-ca-trusted-cert-0001-24064 1024 1056s + openssl req -new -nodes -reqexts req_exts -passin pass:random-intermediate-ca-trusted-cert-0001-24064 -key /tmp/sssd-softhsm2-certs-a2sghl/test-intermediate-CA-trusted-certificate-0001-key.pem -config /tmp/sssd-softhsm2-certs-a2sghl/test-intermediate-CA-trusted-certificate-0001.config -out /tmp/sssd-softhsm2-certs-a2sghl/test-intermediate-CA-trusted-certificate-0001-request.pem 1056s + openssl req -text -noout -in /tmp/sssd-softhsm2-certs-a2sghl/test-intermediate-CA-trusted-certificate-0001-request.pem 1056s Certificate Request: 1056s Data: 1056s Version: 1 (0x0) 1056s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 1056s Subject Public Key Info: 1056s Public Key Algorithm: rsaEncryption 1056s Public-Key: (1024 bit) 1056s Modulus: 1056s 00:cf:99:68:08:0a:ca:a5:fc:65:ad:51:56:83:59: 1056s 33:28:10:15:0b:7c:35:40:a7:59:b7:2e:60:ff:e2: 1056s 6c:24:6b:9a:40:31:b9:f9:08:51:c3:21:c8:71:d7: 1056s 41:1c:fe:ea:eb:b8:c5:7f:e5:e1:51:d2:24:b1:cb: 1056s 1b:71:5e:43:64:07:e7:9f:7d:58:53:d2:69:bc:97: 1056s d6:4a:63:1d:47:e3:f9:65:50:6b:14:f2:50:e8:ca: 1056s 62:17:14:79:77:0b:59:44:09:2a:41:a4:d8:23:b7: 1056s ab:b6:f1:c4:af:11:5d:51:e4:cc:06:d3:88:c8:e0: 1056s ba:dd:93:d4:ac:74:b0:df:1f 1056s Exponent: 65537 (0x10001) 1056s Attributes: 1056s Requested Extensions: 1056s X509v3 Basic Constraints: 1056s CA:FALSE 1056s Netscape Cert Type: 1056s SSL Client, S/MIME 1056s Netscape Comment: 1056s Test Organization Intermediate CA trusted Certificate 1056s X509v3 Subject Key Identifier: 1056s 70:FF:04:05:F2:66:78:5E:2F:79:BB:0E:79:F3:A7:45:9C:8F:81:00 1056s X509v3 Key Usage: critical 1056s Digital Signature, Non Repudiation, Key Encipherment 1056s X509v3 Extended Key Usage: 1056s TLS Web Client Authentication, E-mail Protection 1056s X509v3 Subject Alternative Name: 1056s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 1056s Signature Algorithm: sha256WithRSAEncryption 1056s Signature Value: 1056s 1a:66:be:96:4b:d0:d5:be:a4:34:bb:f7:95:ab:08:fc:a0:7a: 1056s fd:6b:26:fa:0d:52:96:31:ff:37:25:d4:85:d7:b5:76:26:cc: 1056s 9e:63:35:5e:40:a5:24:d8:63:d4:a8:72:1f:a4:ca:6c:53:cf: 1056s 4d:8b:3f:5e:a1:c9:4c:21:e2:88:d6:dd:e4:a6:ed:d5:44:83: 1056s 34:ff:3e:58:b3:7a:70:5d:f7:e0:5a:c2:d7:bd:57:ed:0b:f0: 1056s b7:8e:51:ec:01:91:66:53:65:31:bb:ab:f1:07:96:f8:cc:c1: 1056s a4:8d:89:15:bc:76:35:e5:8b:74:52:e0:ff:fa:73:06:a2:3f: 1056s 5d:77 1056s + openssl ca -passin pass:random-intermediate-CA-password-2408 -config /tmp/sssd-softhsm2-certs-a2sghl/test-intermediate-CA.config -batch -notext -keyfile /tmp/sssd-softhsm2-certs-a2sghl/test-intermediate-CA-key.pem -in /tmp/sssd-softhsm2-certs-a2sghl/test-intermediate-CA-trusted-certificate-0001-request.pem -days 365 -extensions usr_cert -out /tmp/sssd-softhsm2-certs-a2sghl/test-intermediate-CA-trusted-certificate-0001.pem 1057s Using configuration from /tmp/sssd-softhsm2-certs-a2sghl/test-intermediate-CA.config 1057s Check that the request matches the signature 1057s Signature ok 1057s Certificate Details: 1057s Serial Number: 4 (0x4) 1057s Validity 1057s Not Before: Mar 25 11:11:54 2024 GMT 1057s Not After : Mar 25 11:11:54 2025 GMT 1057s Subject: 1057s organizationName = Test Organization 1057s organizationalUnitName = Test Organization Unit 1057s commonName = Test Organization Intermediate Trusted Certificate 0001 1057s X509v3 extensions: 1057s X509v3 Authority Key Identifier: 1057s 52:CC:ED:79:44:AD:45:45:0C:D5:FA:FF:53:0E:38:B9:E8:48:0A:BA 1057s X509v3 Basic Constraints: 1057s CA:FALSE 1057s Netscape Cert Type: 1057s SSL Client, S/MIME 1057s Netscape Comment: 1057s Test Organization Intermediate CA trusted Certificate 1057s X509v3 Subject Key Identifier: 1057s 70:FF:04:05:F2:66:78:5E:2F:79:BB:0E:79:F3:A7:45:9C:8F:81:00 1057s X509v3 Key Usage: critical 1057s Digital Signature, Non Repudiation, Key Encipherment 1057s X509v3 Extended Key Usage: 1057s TLS Web Client Authentication, E-mail Protection 1057s X509v3 Subject Alternative Name: 1057s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 1057s Certificate is to be certified until Mar 25 11:11:54 2025 GMT (365 days) 1057s 1057s Write out database with 1 new entries 1057s Database updated 1057s + openssl x509 -noout -in /tmp/sssd-softhsm2-certs-a2sghl/test-intermediate-CA-trusted-certificate-0001.pem 1057s + echo 'This certificate should not be trusted fully' 1057s This certificate should not be trusted fully 1057s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-certs-a2sghl/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-a2sghl/test-intermediate-CA-trusted-certificate-0001.pem 1057s + local cmd=openssl 1057s + shift 1057s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-a2sghl/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-a2sghl/test-intermediate-CA-trusted-certificate-0001.pem 1057s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 1057s error 2 at 1 depth lookup: unable to get issuer certificate 1057s error /tmp/sssd-softhsm2-certs-a2sghl/test-intermediate-CA-trusted-certificate-0001.pem: verification failed 1057s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-certs-a2sghl/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-a2sghl/test-intermediate-CA-trusted-certificate-0001.pem 1057s /tmp/sssd-softhsm2-certs-a2sghl/test-intermediate-CA-trusted-certificate-0001.pem: OK 1057s + cat 1057s + sub_intermediate_ca_trusted_cert_0001_key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-28589 1057s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-certs-a2sghl/test-sub-intermediate-CA-trusted-certificate-0001-key.pem -passout pass:random-sub-intermediate-ca-trusted-cert-0001-28589 1024 1057s + openssl req -new -nodes -reqexts req_exts -passin pass:random-sub-intermediate-ca-trusted-cert-0001-28589 -key /tmp/sssd-softhsm2-certs-a2sghl/test-sub-intermediate-CA-trusted-certificate-0001-key.pem -config /tmp/sssd-softhsm2-certs-a2sghl/test-sub-intermediate-CA-trusted-certificate-0001.config -out /tmp/sssd-softhsm2-certs-a2sghl/test-sub-intermediate-CA-trusted-certificate-0001-request.pem 1057s + openssl req -text -noout -in /tmp/sssd-softhsm2-certs-a2sghl/test-sub-intermediate-CA-trusted-certificate-0001-request.pem 1057s Certificate Request: 1057s Data: 1057s Version: 1 (0x0) 1057s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 1057s Subject Public Key Info: 1057s Public Key Algorithm: rsaEncryption 1057s Public-Key: (1024 bit) 1057s Modulus: 1057s 00:c7:7e:8b:a4:a7:8a:23:3b:82:b6:ad:53:f8:c0: 1057s 99:43:2a:ad:01:9f:73:c8:05:0f:f3:0d:c2:b2:90: 1057s 1d:c8:b6:2e:81:bb:08:00:fc:72:58:e9:84:12:0e: 1057s 4f:2b:66:7a:58:e6:83:44:26:2f:ee:d0:4d:44:e5: 1057s 77:14:b2:22:25:b6:30:d8:8f:1c:c8:e1:b9:46:02: 1057s 91:7b:e8:b0:d7:bf:87:95:ab:cb:92:ea:95:7c:6c: 1057s 96:08:5f:8b:c9:44:98:d6:71:31:30:54:7a:4f:5e: 1057s ab:bb:f6:d4:04:11:4c:1e:c4:fe:65:46:46:c5:75: 1057s 90:45:10:96:dd:3f:d4:51:1d 1057s Exponent: 65537 (0x10001) 1057s Attributes: 1057s Requested Extensions: 1057s X509v3 Basic Constraints: 1057s CA:FALSE 1057s Netscape Cert Type: 1057s SSL Client, S/MIME 1057s Netscape Comment: 1057s Test Organization Sub Intermediate CA trusted Certificate 1057s X509v3 Subject Key Identifier: 1057s FA:B5:7C:1D:74:E6:39:D8:73:4E:52:AF:CA:9E:FD:DE:D2:F5:54:43 1057s X509v3 Key Usage: critical 1057s Digital Signature, Non Repudiation, Key Encipherment 1057s X509v3 Extended Key Usage: 1057s TLS Web Client Authentication, E-mail Protection 1057s X509v3 Subject Alternative Name: 1057s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 1057s Signature Algorithm: sha256WithRSAEncryption 1057s Signature Value: 1057s 0a:8e:67:1d:ad:53:e6:36:72:32:81:51:43:34:02:2c:b7:65: 1057s a4:a1:4d:f4:bf:3b:14:73:8f:8b:74:06:f9:65:2f:71:c0:e7: 1057s 74:ab:01:e1:d7:29:08:60:89:2f:92:44:ed:80:38:9a:ce:2e: 1057s 69:0e:5f:9b:ce:3d:0f:f9:5d:52:01:3f:65:9d:83:11:c2:f1: 1057s 78:50:61:11:11:aa:4d:39:39:43:ba:c4:cc:6b:df:b2:75:ff: 1057s 50:2a:0a:1d:f9:39:0d:a8:6e:cb:54:12:56:e2:06:ba:af:d4: 1057s 42:9b:bf:f6:a3:a3:89:3d:dc:9a:17:d8:36:00:e3:10:9a:2a: 1057s 7c:a0 1057s + openssl ca -passin pass:random-sub-intermediate-CA-password-7545 -config /tmp/sssd-softhsm2-certs-a2sghl/test-sub-intermediate-CA.config -batch -notext -keyfile /tmp/sssd-softhsm2-certs-a2sghl/test-sub-intermediate-CA-key.pem -in /tmp/sssd-softhsm2-certs-a2sghl/test-sub-intermediate-CA-trusted-certificate-0001-request.pem -days 365 -extensions usr_cert -out /tmp/sssd-softhsm2-certs-a2sghl/test-sub-intermediate-CA-trusted-certificate-0001.pem 1057s Using configuration from /tmp/sssd-softhsm2-certs-a2sghl/test-sub-intermediate-CA.config 1057s Check that the request matches the signature 1057s Signature ok 1057s Certificate Details: 1057s Serial Number: 5 (0x5) 1057s Validity 1057s Not Before: Mar 25 11:11:55 2024 GMT 1057s Not After : Mar 25 11:11:55 2025 GMT 1057s Subject: 1057s organizationName = Test Organization 1057s organizationalUnitName = Test Organization Unit 1057s commonName = Test Organization Sub Intermediate Trusted Certificate 0001 1057s X509v3 extensions: 1057s X509v3 Authority Key Identifier: 1057s 13:47:73:35:02:6E:0C:EE:84:48:4E:1E:E7:0E:E3:BA:13:32:5C:FD 1057s X509v3 Basic Constraints: 1057s CA:FALSE 1057s Netscape Cert Type: 1057s SSL Client, S/MIME 1057s Netscape Comment: 1057s Test Organization Sub Intermediate CA trusted Certificate 1057s X509v3 Subject Key Identifier: 1057s FA:B5:7C:1D:74:E6:39:D8:73:4E:52:AF:CA:9E:FD:DE:D2:F5:54:43 1057s X509v3 Key Usage: critical 1057s Digital Signature, Non Repudiation, Key Encipherment 1057s X509v3 Extended Key Usage: 1057s TLS Web Client Authentication, E-mail Protection 1057s X509v3 Subject Alternative Name: 1057s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 1057s Certificate is to be certified until Mar 25 11:11:55 2025 GMT (365 days) 1057s 1057s Write out database with 1 new entries 1057s Database updated 1057s + openssl x509 -noout -in /tmp/sssd-softhsm2-certs-a2sghl/test-sub-intermediate-CA-trusted-certificate-0001.pem 1057s This certificate should not be trusted fully 1057s + echo 'This certificate should not be trusted fully' 1057s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-certs-a2sghl/test-sub-intermediate-CA.pem /tmp/sssd-softhsm2-certs-a2sghl/test-sub-intermediate-CA-trusted-certificate-0001.pem 1057s + local cmd=openssl 1057s + shift 1057s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-a2sghl/test-sub-intermediate-CA.pem /tmp/sssd-softhsm2-certs-a2sghl/test-sub-intermediate-CA-trusted-certificate-0001.pem 1057s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 1057s error 2 at 1 depth lookup: unable to get issuer certificate 1057s error /tmp/sssd-softhsm2-certs-a2sghl/test-sub-intermediate-CA-trusted-certificate-0001.pem: verification failed 1057s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-certs-a2sghl/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-a2sghl/test-sub-intermediate-CA-trusted-certificate-0001.pem 1057s + local cmd=openssl 1057s + shift 1057s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-a2sghl/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-a2sghl/test-sub-intermediate-CA-trusted-certificate-0001.pem 1057s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 1057s error 20 at 0 depth lookup: unable to get local issuer certificate 1057s error /tmp/sssd-softhsm2-certs-a2sghl/test-sub-intermediate-CA-trusted-certificate-0001.pem: verification failed 1057s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-certs-a2sghl/test-sub-intermediate-CA.pem /tmp/sssd-softhsm2-certs-a2sghl/test-sub-intermediate-CA-trusted-certificate-0001.pem 1057s + expect_fail openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-certs-a2sghl/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-a2sghl/test-sub-intermediate-CA-trusted-certificate-0001.pem 1057s + local cmd=openssl 1057s + shift 1057s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-certs-a2sghl/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-a2sghl/test-sub-intermediate-CA-trusted-certificate-0001.pem 1057s /tmp/sssd-softhsm2-certs-a2sghl/test-sub-intermediate-CA-trusted-certificate-0001.pem: OK 1057s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 1057s error 20 at 0 depth lookup: unable to get local issuer certificate 1057s error /tmp/sssd-softhsm2-certs-a2sghl/test-sub-intermediate-CA-trusted-certificate-0001.pem: verification failed 1057s + echo 'Building a the full-chain CA file...' 1057s Building a the full-chain CA file... 1057s + cat /tmp/sssd-softhsm2-certs-a2sghl/test-root-CA.pem /tmp/sssd-softhsm2-certs-a2sghl/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-a2sghl/test-sub-intermediate-CA.pem 1057s + cat /tmp/sssd-softhsm2-certs-a2sghl/test-root-CA.pem /tmp/sssd-softhsm2-certs-a2sghl/test-intermediate-CA.pem 1057s + cat /tmp/sssd-softhsm2-certs-a2sghl/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-a2sghl/test-sub-intermediate-CA.pem 1057s + openssl crl2pkcs7 -nocrl -certfile /tmp/sssd-softhsm2-certs-a2sghl/test-full-chain-CA.pem 1057s + openssl pkcs7 -print_certs -noout 1057s subject=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 1057s issuer=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 1057s 1057s subject=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 1057s issuer=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 1057s 1057s subject=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 1057s issuer=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 1057s 1057s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-a2sghl/test-full-chain-CA.pem /tmp/sssd-softhsm2-certs-a2sghl/test-intermediate-CA.pem 1057s /tmp/sssd-softhsm2-certs-a2sghl/test-intermediate-CA.pem: OK 1057s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-a2sghl/test-full-chain-CA.pem /tmp/sssd-softhsm2-certs-a2sghl/test-root-CA-trusted-certificate-0001.pem 1057s /tmp/sssd-softhsm2-certs-a2sghl/test-root-CA-trusted-certificate-0001.pem: OK 1057s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-a2sghl/test-full-chain-CA.pem /tmp/sssd-softhsm2-certs-a2sghl/test-intermediate-CA-trusted-certificate-0001.pem 1057s /tmp/sssd-softhsm2-certs-a2sghl/test-intermediate-CA-trusted-certificate-0001.pem: OK 1057s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-a2sghl/test-full-chain-CA.pem /tmp/sssd-softhsm2-certs-a2sghl/test-root-intermediate-chain-CA.pem 1057s /tmp/sssd-softhsm2-certs-a2sghl/test-root-intermediate-chain-CA.pem: OK 1057s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-a2sghl/test-full-chain-CA.pem /tmp/sssd-softhsm2-certs-a2sghl/test-sub-intermediate-CA-trusted-certificate-0001.pem 1057s /tmp/sssd-softhsm2-certs-a2sghl/test-sub-intermediate-CA-trusted-certificate-0001.pem: OK 1057s + echo 'Certificates generation completed!' 1057s Certificates generation completed! 1057s + [[ -v NO_SSSD_TESTS ]] 1057s + [[ -v GENERATE_SMART_CARDS ]] 1057s + prepare_softhsm2_card /tmp/sssd-softhsm2-certs-a2sghl/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-748 1057s + local certificate=/tmp/sssd-softhsm2-certs-a2sghl/test-root-CA-trusted-certificate-0001.pem 1057s + local key_pass=pass:random-root-ca-trusted-cert-0001-748 1057s + local key_cn 1057s + local key_name 1057s + local tokens_dir 1057s + local output_cert_file 1057s + token_name= 1057s ++ basename /tmp/sssd-softhsm2-certs-a2sghl/test-root-CA-trusted-certificate-0001.pem .pem 1057s + key_name=test-root-CA-trusted-certificate-0001 1057s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-certs-a2sghl/test-root-CA-trusted-certificate-0001.pem 1057s ++ sed -n 's/ *commonName *= //p' 1057s + key_cn='Test Organization Root Trusted Certificate 0001' 1057s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 1057s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-certs-a2sghl/softhsm2-test-root-CA-trusted-certificate-0001.conf 1057s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-certs-a2sghl/softhsm2-test-root-CA-trusted-certificate-0001.conf 1057s ++ basename /tmp/sssd-softhsm2-certs-a2sghl/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 1057s + tokens_dir=/tmp/sssd-softhsm2-certs-a2sghl/softhsm2-test-root-CA-trusted-certificate-0001 1057s + token_name='Test Organization Root Tr Token' 1057s + '[' '!' -e /tmp/sssd-softhsm2-certs-a2sghl/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 1057s + local key_file 1057s + local decrypted_key 1057s + mkdir -p /tmp/sssd-softhsm2-certs-a2sghl/softhsm2-test-root-CA-trusted-certificate-0001 1057s + key_file=/tmp/sssd-softhsm2-certs-a2sghl/test-root-CA-trusted-certificate-0001-key.pem 1057s + decrypted_key=/tmp/sssd-softhsm2-certs-a2sghl/test-root-CA-trusted-certificate-0001-key-decrypted.pem 1057s + cat 1057s + softhsm2-util --init-token --label 'Test Organization Root Tr Token' --pin 123456 --so-pin 123456 --free 1057s Slot 0 has a free/uninitialized token. 1057s The token has been initialized and is reassigned to slot 1148537526 1057s + softhsm2-util --show-slots 1057s Available slots: 1057s Slot 1148537526 1057s Slot info: 1057s Description: SoftHSM slot ID 0x44754ab6 1057s Manufacturer ID: SoftHSM project 1057s Hardware version: 2.6 1057s Firmware version: 2.6 1057s Token present: yes 1057s Token info: 1057s Manufacturer ID: SoftHSM project 1057s Model: SoftHSM v2 1057s Hardware version: 2.6 1057s Firmware version: 2.6 1057s Serial number: 67883a5b44754ab6 1057s Initialized: yes 1057s User PIN init.: yes 1057s Label: Test Organization Root Tr Token 1057s Slot 1 1057s Slot info: 1057s Description: SoftHSM slot ID 0x1 1057s Manufacturer ID: SoftHSM project 1057s Hardware version: 2.6 1057s Firmware version: 2.6 1057s Token present: yes 1057s Token info: 1057s Manufacturer ID: SoftHSM project 1057s Model: SoftHSM v2 1057s Hardware version: 2.6 1057s Firmware version: 2.6 1057s Serial number: 1057s Initialized: no 1057s User PIN init.: no 1057s Label: 1057s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=/tmp/sssd-softhsm2-certs-a2sghl/test-root-CA-trusted-certificate-0001.pem --login --set-pin=123456 --label 'Test Organization Root Trusted Certificate 0001' --id 00112233445566778899FFAABBCCDDEEFF012345 1058s + openssl rsa -passin pass:random-root-ca-trusted-cert-0001-748 -in /tmp/sssd-softhsm2-certs-a2sghl/test-root-CA-trusted-certificate-0001-key.pem -out /tmp/sssd-softhsm2-certs-a2sghl/test-root-CA-trusted-certificate-0001-key-decrypted.pem 1058s writing RSA key 1058s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --write --load-privkey=/tmp/sssd-softhsm2-certs-a2sghl/test-root-CA-trusted-certificate-0001-key-decrypted.pem --login --set-pin=123456 --label 'Test Organization Root Trusted Certificate 0001 Key' --id 00112233445566778899FFAABBCCDDEEFF012345 1058s + rm /tmp/sssd-softhsm2-certs-a2sghl/test-root-CA-trusted-certificate-0001-key-decrypted.pem 1058s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --list-all 1058s Object 0: 1058s URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=67883a5b44754ab6;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert 1058s Type: X.509 Certificate (RSA-1024) 1058s Expires: Tue Mar 25 11:11:54 2025 1058s Label: Test Organization Root Trusted Certificate 0001 1058s ID: 00:11:22:33:44:55:66:77:88:99:ff:aa:bb:cc:dd:ee:ff:01:23:45 1058s 1058s + echo 'Test Organization Root Tr Token' 1058s Test Organization Root Tr Token 1058s + prepare_softhsm2_card /tmp/sssd-softhsm2-certs-a2sghl/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-24064 1058s + local certificate=/tmp/sssd-softhsm2-certs-a2sghl/test-intermediate-CA-trusted-certificate-0001.pem 1058s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-24064 1058s + local key_cn 1058s + local key_name 1058s + local tokens_dir 1058s + local output_cert_file 1058s + token_name= 1058s ++ basename /tmp/sssd-softhsm2-certs-a2sghl/test-intermediate-CA-trusted-certificate-0001.pem .pem 1058s + key_name=test-intermediate-CA-trusted-certificate-0001 1058s ++ sed -n 's/ *commonName *= //p' 1058s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-certs-a2sghl/test-intermediate-CA-trusted-certificate-0001.pem 1058s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 1058s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 1058s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-certs-a2sghl/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 1058s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-certs-a2sghl/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 1058s ++ basename /tmp/sssd-softhsm2-certs-a2sghl/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 1058s + tokens_dir=/tmp/sssd-softhsm2-certs-a2sghl/softhsm2-test-intermediate-CA-trusted-certificate-0001 1058s + token_name='Test Organization Interme Token' 1058s + '[' '!' -e /tmp/sssd-softhsm2-certs-a2sghl/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 1058s + local key_file 1058s + local decrypted_key 1058s + mkdir -p /tmp/sssd-softhsm2-certs-a2sghl/softhsm2-test-intermediate-CA-trusted-certificate-0001 1058s + key_file=/tmp/sssd-softhsm2-certs-a2sghl/test-intermediate-CA-trusted-certificate-0001-key.pem 1058s + decrypted_key=/tmp/sssd-softhsm2-certs-a2sghl/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 1058s + cat 1058s + softhsm2-util --init-token --label 'Test Organization Interme Token' --pin 123456 --so-pin 123456 --free 1058s Slot 0 has a free/uninitialized token. 1058s The token has been initialized and is reassigned to slot 1630838141 1058s + softhsm2-util --show-slots 1058s Available slots: 1058s Slot 1630838141 1058s Slot info: 1058s Description: SoftHSM slot ID 0x61349d7d 1058s Manufacturer ID: SoftHSM project 1058s Hardware version: 2.6 1058s Firmware version: 2.6 1058s Token present: yes 1058s Token info: 1058s Manufacturer ID: SoftHSM project 1058s Model: SoftHSM v2 1058s Hardware version: 2.6 1058s Firmware version: 2.6 1058s Serial number: 40bb321ae1349d7d 1058s Initialized: yes 1058s User PIN init.: yes 1058s Label: Test Organization Interme Token 1058s Slot 1 1058s Slot info: 1058s Description: SoftHSM slot ID 0x1 1058s Manufacturer ID: SoftHSM project 1058s Hardware version: 2.6 1058s Firmware version: 2.6 1058s Token present: yes 1058s Token info: 1058s Manufacturer ID: SoftHSM project 1058s Model: SoftHSM v2 1058s Hardware version: 2.6 1058s Firmware version: 2.6 1058s Serial number: 1058s Initialized: no 1058s User PIN init.: no 1058s Label: 1058s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=/tmp/sssd-softhsm2-certs-a2sghl/test-intermediate-CA-trusted-certificate-0001.pem --login --set-pin=123456 --label 'Test Organization Intermediate Trusted Certificate 0001' --id 00112233445566778899FFAABBCCDDEEFF012345 1058s + openssl rsa -passin pass:random-intermediate-ca-trusted-cert-0001-24064 -in /tmp/sssd-softhsm2-certs-a2sghl/test-intermediate-CA-trusted-certificate-0001-key.pem -out /tmp/sssd-softhsm2-certs-a2sghl/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 1058s writing RSA key 1058s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --write --load-privkey=/tmp/sssd-softhsm2-certs-a2sghl/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem --login --set-pin=123456 --label 'Test Organization Intermediate Trusted Certificate 0001 Key' --id 00112233445566778899FFAABBCCDDEEFF012345 1058s + rm /tmp/sssd-softhsm2-certs-a2sghl/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 1058s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --list-all 1058s Object 0: 1058s URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=40bb321ae1349d7d;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert 1058s Type: X.509 Certificate (RSA-1024) 1058s Expires: Tue Mar 25 11:11:54 2025 1058s Label: Test Organization Intermediate Trusted Certificate 0001 1058s ID: 00:11:22:33:44:55:66:77:88:99:ff:aa:bb:cc:dd:ee:ff:01:23:45 1058s 1058s Test Organization Interme Token 1058s + echo 'Test Organization Interme Token' 1058s + prepare_softhsm2_card /tmp/sssd-softhsm2-certs-a2sghl/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-28589 1058s + local certificate=/tmp/sssd-softhsm2-certs-a2sghl/test-sub-intermediate-CA-trusted-certificate-0001.pem 1058s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-28589 1058s + local key_cn 1058s + local key_name 1058s + local tokens_dir 1058s + local output_cert_file 1058s + token_name= 1058s ++ basename /tmp/sssd-softhsm2-certs-a2sghl/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 1058s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 1058s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-certs-a2sghl/test-sub-intermediate-CA-trusted-certificate-0001.pem 1058s ++ sed -n 's/ *commonName *= //p' 1058s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 1058s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 1058s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-certs-a2sghl/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 1058s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-certs-a2sghl/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 1058s ++ basename /tmp/sssd-softhsm2-certs-a2sghl/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 1058s + tokens_dir=/tmp/sssd-softhsm2-certs-a2sghl/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 1058s + token_name='Test Organization Sub Int Token' 1058s + '[' '!' -e /tmp/sssd-softhsm2-certs-a2sghl/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 1058s + local key_file 1058s + local decrypted_key 1058s + mkdir -p /tmp/sssd-softhsm2-certs-a2sghl/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 1058s + key_file=/tmp/sssd-softhsm2-certs-a2sghl/test-sub-intermediate-CA-trusted-certificate-0001-key.pem 1058s + decrypted_key=/tmp/sssd-softhsm2-certs-a2sghl/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 1058s + cat 1058s + softhsm2-util --init-token --label 'Test Organization Sub Int Token' --pin 123456 --so-pin 123456 --free 1058s Slot 0 has a free/uninitialized token. 1058s The token has been initialized and is reassigned to slot 25594910 1058s + softhsm2-util --show-slots 1058s Available slots: 1058s Slot 25594910 1058s Slot info: 1058s Description: SoftHSM slot ID 0x1868c1e 1058s Manufacturer ID: SoftHSM project 1058s Hardware version: 2.6 1058s Firmware version: 2.6 1058s Token present: yes 1058s Token info: 1058s Manufacturer ID: SoftHSM project 1058s Model: SoftHSM v2 1058s Hardware version: 2.6 1058s Firmware version: 2.6 1058s Serial number: 7e9b461b01868c1e 1058s Initialized: yes 1058s User PIN init.: yes 1058s Label: Test Organization Sub Int Token 1058s Slot 1 1058s Slot info: 1058s Description: SoftHSM slot ID 0x1 1058s Manufacturer ID: SoftHSM project 1058s Hardware version: 2.6 1058s Firmware version: 2.6 1058s Token present: yes 1058s Token info: 1058s Manufacturer ID: SoftHSM project 1058s Model: SoftHSM v2 1058s Hardware version: 2.6 1058s Firmware version: 2.6 1058s Serial number: 1058s Initialized: no 1058s User PIN init.: no 1058s Label: 1058s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=/tmp/sssd-softhsm2-certs-a2sghl/test-sub-intermediate-CA-trusted-certificate-0001.pem --login --set-pin=123456 --label 'Test Organization Sub Intermediate Trusted Certificate 0001' --id 00112233445566778899FFAABBCCDDEEFF012345 1058s + openssl rsa -passin pass:random-sub-intermediate-ca-trusted-cert-0001-28589 -in /tmp/sssd-softhsm2-certs-a2sghl/test-sub-intermediate-CA-trusted-certificate-0001-key.pem -out /tmp/sssd-softhsm2-certs-a2sghl/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 1058s writing RSA key 1058s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --write --load-privkey=/tmp/sssd-softhsm2-certs-a2sghl/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem --login --set-pin=123456 --label 'Test Organization Sub Intermediate Trusted Certificate 0001 Key' --id 00112233445566778899FFAABBCCDDEEFF012345 1059s + rm /tmp/sssd-softhsm2-certs-a2sghl/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 1059s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --list-all 1059s Object 0: 1059s URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=7e9b461b01868c1e;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert 1059s Type: X.509 Certificate (RSA-1024) 1059s Expires: Tue Mar 25 11:11:55 2025 1059s Label: Test Organization Sub Intermediate Trusted Certificate 0001 1059s ID: 00:11:22:33:44:55:66:77:88:99:ff:aa:bb:cc:dd:ee:ff:01:23:45 1059s 1059s + echo 'Test Organization Sub Int Token' 1059s + echo 'Certificates generation completed!' 1059s + exit 0 1059s + find /tmp/sssd-softhsm2-certs-a2sghl -type d -exec chmod 777 '{}' ';' 1059s Test Organization Sub Int Token 1059s Certificates generation completed! 1059s + find /tmp/sssd-softhsm2-certs-a2sghl -type f -exec chmod 666 '{}' ';' 1059s + backup_file /etc/sssd/sssd.conf 1059s + '[' -z '' ']' 1059s ++ mktemp -d -t sssd-softhsm2-backups-XXXXXX 1059s + backupsdir=/tmp/sssd-softhsm2-backups-wHiI7M 1059s + '[' -e /etc/sssd/sssd.conf ']' 1059s + delete_paths+=("$1") 1059s + rm -f /etc/sssd/sssd.conf 1059s ++ runuser -u ubuntu -- sh -c 'echo ~' 1059s + user_home=/home/ubuntu 1059s + mkdir -p /home/ubuntu 1059s + chown ubuntu:ubuntu /home/ubuntu 1059s ++ runuser -u ubuntu -- sh -c 'echo ${XDG_CONFIG_HOME:-~/.config}' 1059s + user_config=/home/ubuntu/.config 1059s + system_config=/etc 1059s + softhsm2_conf_paths=("${AUTOPKGTEST_NORMAL_USER}:$user_config/softhsm2/softhsm2.conf" "root:$system_config/softhsm/softhsm2.conf") 1059s + for path_pair in "${softhsm2_conf_paths[@]}" 1059s + IFS=: 1059s + read -r -a path 1059s + path=/home/ubuntu/.config/softhsm2/softhsm2.conf 1059s + backup_file /home/ubuntu/.config/softhsm2/softhsm2.conf 1059s + '[' -z /tmp/sssd-softhsm2-backups-wHiI7M ']' 1059s + '[' -e /home/ubuntu/.config/softhsm2/softhsm2.conf ']' 1059s + delete_paths+=("$1") 1059s + rm -f /home/ubuntu/.config/softhsm2/softhsm2.conf 1059s + for path_pair in "${softhsm2_conf_paths[@]}" 1059s + IFS=: 1059s + read -r -a path 1059s + path=/etc/softhsm/softhsm2.conf 1059s + backup_file /etc/softhsm/softhsm2.conf 1059s + '[' -z /tmp/sssd-softhsm2-backups-wHiI7M ']' 1059s + '[' -e /etc/softhsm/softhsm2.conf ']' 1059s ++ dirname /etc/softhsm/softhsm2.conf 1059s + local back_dir=/tmp/sssd-softhsm2-backups-wHiI7M//etc/softhsm 1059s ++ basename /etc/softhsm/softhsm2.conf 1059s + local back_path=/tmp/sssd-softhsm2-backups-wHiI7M//etc/softhsm/softhsm2.conf 1059s + '[' '!' -e /tmp/sssd-softhsm2-backups-wHiI7M//etc/softhsm/softhsm2.conf ']' 1059s + mkdir -p /tmp/sssd-softhsm2-backups-wHiI7M//etc/softhsm 1059s + cp -a /etc/softhsm/softhsm2.conf /tmp/sssd-softhsm2-backups-wHiI7M//etc/softhsm/softhsm2.conf 1059s + restore_paths+=("$back_path") 1059s + rm -f /etc/softhsm/softhsm2.conf 1059s + test_authentication login /tmp/sssd-softhsm2-certs-a2sghl/softhsm2-test-root-CA-trusted-certificate-0001.conf /tmp/sssd-softhsm2-certs-a2sghl/test-full-chain-CA.pem 1059s + pam_service=login 1059s + certificate_config=/tmp/sssd-softhsm2-certs-a2sghl/softhsm2-test-root-CA-trusted-certificate-0001.conf 1059s + ca_db=/tmp/sssd-softhsm2-certs-a2sghl/test-full-chain-CA.pem 1059s + verification_options= 1059s + mkdir -p -m 700 /etc/sssd 1059s Using CA DB '/tmp/sssd-softhsm2-certs-a2sghl/test-full-chain-CA.pem' with verification options: '' 1059s + echo 'Using CA DB '\''/tmp/sssd-softhsm2-certs-a2sghl/test-full-chain-CA.pem'\'' with verification options: '\'''\''' 1059s + cat 1059s + chmod 600 /etc/sssd/sssd.conf 1059s + for path_pair in "${softhsm2_conf_paths[@]}" 1059s + IFS=: 1059s + read -r -a path 1059s + user=ubuntu 1059s + path=/home/ubuntu/.config/softhsm2/softhsm2.conf 1059s ++ dirname /home/ubuntu/.config/softhsm2/softhsm2.conf 1059s + runuser -u ubuntu -- mkdir -p /home/ubuntu/.config/softhsm2 1059s + runuser -u ubuntu -- ln -sf /tmp/sssd-softhsm2-certs-a2sghl/softhsm2-test-root-CA-trusted-certificate-0001.conf /home/ubuntu/.config/softhsm2/softhsm2.conf 1059s + runuser -u ubuntu -- softhsm2-util --show-slots 1059s + grep 'Test Organization' 1059s Label: Test Organization Root Tr Token 1059s + for path_pair in "${softhsm2_conf_paths[@]}" 1059s + IFS=: 1059s + read -r -a path 1059s + user=root 1059s + path=/etc/softhsm/softhsm2.conf 1059s ++ dirname /etc/softhsm/softhsm2.conf 1059s + runuser -u root -- mkdir -p /etc/softhsm 1059s + runuser -u root -- ln -sf /tmp/sssd-softhsm2-certs-a2sghl/softhsm2-test-root-CA-trusted-certificate-0001.conf /etc/softhsm/softhsm2.conf 1059s + runuser -u root -- softhsm2-util --show-slots 1059s + grep 'Test Organization' 1059s Label: Test Organization Root Tr Token 1059s + systemctl restart sssd 1060s + pam-auth-update --disable sss-smart-card-optional sss-smart-card-required 1061s + for alternative in "${alternative_pam_configs[@]}" 1061s + pam-auth-update --enable sss-smart-card-optional 1062s + cat /etc/pam.d/common-auth 1062s + echo -n -e 123456 1062s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 1062s # 1062s # /etc/pam.d/common-auth - authentication settings common to all services 1062s # 1062s # This file is included from other service-specific PAM config files, 1062s # and should contain a list of the authentication modules that define 1062s # the central authentication scheme for use on the system 1062s # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the 1062s # traditional Unix authentication mechanisms. 1062s # 1062s # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. 1062s # To take advantage of this, it is recommended that you configure any 1062s # local modules either before or after the default block, and use 1062s # pam-auth-update to manage selection of other modules. See 1062s # pam-auth-update(8) for details. 1062s 1062s # here are the per-package modules (the "Primary" block) 1062s auth [success=3 default=ignore] pam_sss.so allow_missing_name try_cert_auth 1062s auth [success=2 default=ignore] pam_unix.so nullok try_first_pass 1062s auth [success=1 default=ignore] pam_sss.so use_first_pass 1062s # here's the fallback if no module succeeds 1062s auth requisite pam_deny.so 1062s # prime the stack with a positive return value if there isn't one already; 1062s # this avoids us returning an error just because nothing sets a success code 1062s # since the modules above will each just jump around 1062s auth required pam_permit.so 1062s # and here are more per-package modules (the "Additional" block) 1062s auth optional pam_cap.so 1062s # end of pam-auth-update config 1062s pamtester: invoking pam_start(login, ubuntu, ...) 1062s pamtester: performing operation - authenticate 1062s PIN for Test Organization Root Tr Token: pamtester: successfully authenticated 1062s + echo -n -e 123456 1062s + runuser -u ubuntu -- pamtester -v login '' authenticate 1062s pamtester: invoking pam_start(login, , ...) 1063s pamtester: performing operation - authenticate 1063s PIN for Test Organization Root Tr Token: pamtester: successfully authenticated 1063s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 1063s + echo -n -e wrong123456 1063s pamtester: invoking pam_start(login, ubuntu, ...) 1063s pamtester: performing operation - authenticate 1066s PIN for Test Organization Root Tr Token: Password: pamtester: Authentication failure 1066s + runuser -u ubuntu -- pamtester -v login '' authenticate 1066s + echo -n -e wrong123456 1066s pamtester: invoking pam_start(login, , ...) 1066s pamtester: performing operation - authenticate 1069s PIN for Test Organization Root Tr Token: Password: pamtester: Authentication failure 1069s + echo -n -e 123456 1069s + pamtester -v login root authenticate 1069s pamtester: invoking pam_start(login, root, ...) 1069s pamtester: performing operation - authenticate 1072s Password: pamtester: Authentication failure 1072s + for alternative in "${alternative_pam_configs[@]}" 1072s + pam-auth-update --enable sss-smart-card-required 1072s PAM configuration 1072s ----------------- 1072s 1072s Incompatible PAM profiles selected. 1072s 1072s The following PAM profiles cannot be used together: 1072s 1072s SSS required smart card authentication, SSS optional smart card 1072s authentication 1072s 1072s Please select a different set of modules to enable. 1072s 1072s + cat /etc/pam.d/common-auth 1072s # 1072s # /etc/pam.d/common-auth - authentication settings common to all services 1072s # 1072s # This file is included from other service-specific PAM config files, 1072s # and should contain a list of the authentication modules that define 1072s # the central authentication scheme for use on the system 1072s # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the 1072s # traditional Unix authentication mechanisms. 1072s # 1072s # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. 1072s # To take advantage of this, it is recommended that you configure any 1072s # local modules either before or after the default block, and use 1072s # pam-auth-update to manage selection of other modules. See 1072s # pam-auth-update(8) for details. 1072s 1072s # here are the per-package modules (the "Primary" block) 1072s auth [success=3 ignore=ignore default=die] pam_sss.so allow_missing_name require_cert_auth 1072s auth [success=2 default=ignore] pam_unix.so nullok try_first_pass 1072s auth [success=1 default=ignore] pam_sss.so use_first_pass 1072s # here's the fallback if no module succeeds 1072s auth requisite pam_deny.so 1072s # prime the stack with a positive return value if there isn't one already; 1072s # this avoids us returning an error just because nothing sets a success code 1072s # since the modules above will each just jump around 1072s auth required pam_permit.so 1072s # and here are more per-package modules (the "Additional" block) 1072s auth optional pam_cap.so 1072s # end of pam-auth-update config 1072s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 1072s + echo -n -e 123456 1072s pamtester: invoking pam_start(login, ubuntu, ...) 1072s pamtester: performing operation - authenticate 1073s PIN for Test Organization Root Tr Token: pamtester: successfully authenticated 1073s + echo -n -e 123456 1073s + runuser -u ubuntu -- pamtester -v login '' authenticate 1073s pamtester: invoking pam_start(login, , ...) 1073s pamtester: performing operation - authenticate 1073s PIN for Test Organization Root Tr Token: pamtester: successfully authenticated 1073s + echo -n -e wrong123456 1073s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 1073s pamtester: invoking pam_start(login, ubuntu, ...) 1073s pamtester: performing operation - authenticate 1076s PIN for Test Organization Root Tr Token: pamtester: Authentication failure 1076s + echo -n -e wrong123456 1076s + runuser -u ubuntu -- pamtester -v login '' authenticate 1076s pamtester: invoking pam_start(login, , ...) 1076s pamtester: performing operation - authenticate 1079s PIN for Test Organization Root Tr Token: pamtester: Authentication failure 1079s + echo -n -e 123456 1079s + pamtester -v login root authenticate 1079s pamtester: invoking pam_start(login, root, ...) 1079s pamtester: performing operation - authenticate 1082s pamtester: Authentication service cannot retrieve authentication info 1082s + test_authentication login /tmp/sssd-softhsm2-certs-a2sghl/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf /tmp/sssd-softhsm2-certs-a2sghl/test-full-chain-CA.pem 1082s + pam_service=login 1082s + certificate_config=/tmp/sssd-softhsm2-certs-a2sghl/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 1082s + ca_db=/tmp/sssd-softhsm2-certs-a2sghl/test-full-chain-CA.pem 1082s + verification_options= 1082s + mkdir -p -m 700 /etc/sssd 1082s + echo 'Using CA DB '\''/tmp/sssd-softhsm2-certs-a2sghl/test-full-chain-CA.pem'\'' with verification options: '\'''\''' 1082s + cat 1082s Using CA DB '/tmp/sssd-softhsm2-certs-a2sghl/test-full-chain-CA.pem' with verification options: '' 1082s + chmod 600 /etc/sssd/sssd.conf 1082s + for path_pair in "${softhsm2_conf_paths[@]}" 1082s + IFS=: 1082s + read -r -a path 1082s + user=ubuntu 1082s + path=/home/ubuntu/.config/softhsm2/softhsm2.conf 1082s ++ dirname /home/ubuntu/.config/softhsm2/softhsm2.conf 1082s + runuser -u ubuntu -- mkdir -p /home/ubuntu/.config/softhsm2 1082s + runuser -u ubuntu -- ln -sf /tmp/sssd-softhsm2-certs-a2sghl/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf /home/ubuntu/.config/softhsm2/softhsm2.conf 1082s + runuser -u ubuntu -- softhsm2-util --show-slots 1082s + grep 'Test Organization' 1082s + for path_pair in "${softhsm2_conf_paths[@]}" 1082s + IFS=: 1082s + read -r -a path 1082s + user=root 1082s + path=/etc/softhsm/softhsm2.conf 1082s ++ dirname /etc/softhsm/softhsm2.conf 1082s Label: Test Organization Sub Int Token 1082s + runuser -u root -- mkdir -p /etc/softhsm 1082s + runuser -u root -- ln -sf /tmp/sssd-softhsm2-certs-a2sghl/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf /etc/softhsm/softhsm2.conf 1082s + grep 'Test Organization' 1082s + runuser -u root -- softhsm2-util --show-slots 1082s + systemctl restart sssd 1082s Label: Test Organization Sub Int Token 1083s + pam-auth-update --disable sss-smart-card-optional sss-smart-card-required 1084s + for alternative in "${alternative_pam_configs[@]}" 1084s + pam-auth-update --enable sss-smart-card-optional 1085s + cat /etc/pam.d/common-auth 1085s # 1085s # /etc/pam.d/common-auth - authentication settings common to all services 1085s # 1085s # This file is included from other service-specific PAM config files, 1085s # and should contain a list of the authentication modules that define 1085s # the central authentication scheme for use on the system 1085s # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the 1085s # traditional Unix authentication mechanisms. 1085s # 1085s # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. 1085s # To take advantage of this, it is recommended that you configure any 1085s # local modules either before or after the default block, and use 1085s # pam-auth-update to manage selection of other modules. See 1085s # pam-auth-update(8) for details. 1085s 1085s # here are the per-package modules (the "Primary" block) 1085s auth [success=3 default=ignore] pam_sss.so allow_missing_name try_cert_auth 1085s auth [success=2 default=ignore] pam_unix.so nullok try_first_pass 1085s auth [success=1 default=ignore] pam_sss.so use_first_pass 1085s # here's the fallback if no module succeeds 1085s auth requisite pam_deny.so 1085s # prime the stack with a positive return value if there isn't one already; 1085s # this avoids us returning an error just because nothing sets a success code 1085s # since the modules above will each just jump around 1085s auth required pam_permit.so 1085s # and here are more per-package modules (the "Additional" block) 1085s auth optional pam_cap.so 1085s # end of pam-auth-update config 1085s + echo -n -e 123456 1085s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 1085s pamtester: invoking pam_start(login, ubuntu, ...) 1085s pamtester: performing operation - authenticate 1085s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 1085s + echo -n -e 123456 1085s + runuser -u ubuntu -- pamtester -v login '' authenticate 1085s pamtester: invoking pam_start(login, , ...) 1085s pamtester: performing operation - authenticate 1086s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 1086s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 1086s + echo -n -e wrong123456 1086s pamtester: invoking pam_start(login, ubuntu, ...) 1086s pamtester: performing operation - authenticate 1089s PIN for Test Organization Sub Int Token: Password: pamtester: Authentication failure 1089s + echo -n -e wrong123456 1089s + runuser -u ubuntu -- pamtester -v login '' authenticate 1089s pamtester: invoking pam_start(login, , ...) 1089s pamtester: performing operation - authenticate 1092s PIN for Test Organization Sub Int Token: Password: pamtester: Authentication failure 1092s + echo -n -e 123456 1092s + pamtester -v login root authenticate 1092s pamtester: invoking pam_start(login, root, ...) 1092s pamtester: performing operation - authenticate 1095s Password: pamtester: Authentication failure 1095s + for alternative in "${alternative_pam_configs[@]}" 1095s + pam-auth-update --enable sss-smart-card-required 1095s PAM configuration 1095s ----------------- 1095s 1095s Incompatible PAM profiles selected. 1095s 1095s The following PAM profiles cannot be used together: 1095s 1095s SSS required smart card authentication, SSS optional smart card 1095s authentication 1095s 1095s Please select a different set of modules to enable. 1095s 1095s + cat /etc/pam.d/common-auth 1095s # 1095s # /etc/pam.d/common-auth - authentication settings common to all services 1095s # 1095s # This file is included from other service-specific PAM config files, 1095s # and should contain a list of the authentication modules that define 1095s # the central authentication scheme for use on the system 1095s # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the 1095s # traditional Unix authentication mechanisms. 1095s # 1095s # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. 1095s # To take advantage of this, it is recommended that you configure any 1095s # local modules either before or after the default block, and use 1095s # pam-auth-update to manage selection of other modules. See 1095s # pam-auth-update(8) for details. 1095s 1095s # here are the per-package modules (the "Primary" block) 1095s auth [success=3 ignore=ignore default=die] pam_sss.so allow_missing_name require_cert_auth 1095s auth [success=2 default=ignore] pam_unix.so nullok try_first_pass 1095s auth [success=1 default=ignore] pam_sss.so use_first_pass 1095s # here's the fallback if no module succeeds 1095s auth requisite pam_deny.so 1095s # prime the stack with a positive return value if there isn't one already; 1095s # this avoids us returning an error just because nothing sets a success code 1095s # since the modules above will each just jump around 1095s auth required pam_permit.so 1095s # and here are more per-package modules (the "Additional" block) 1095s auth optional pam_cap.so 1095s # end of pam-auth-update config 1096s + echo -n -e 123456 1096s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 1096s pamtester: invoking pam_start(login, ubuntu, ...) 1096s pamtester: performing operation - authenticate 1096s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 1096s + echo -n -e 123456 1096s + runuser -u ubuntu -- pamtester -v login '' authenticate 1096s pamtester: invoking pam_start(login, , ...) 1096s pamtester: performing operation - authenticate 1096s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 1096s + echo -n -e wrong123456 1096s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 1096s pamtester: invoking pam_start(login, ubuntu, ...) 1096s pamtester: performing operation - authenticate 1099s PIN for Test Organization Sub Int Token: pamtester: Authentication failure 1099s + echo -n -e wrong123456 1099s + runuser -u ubuntu -- pamtester -v login '' authenticate 1099s pamtester: invoking pam_start(login, , ...) 1099s pamtester: performing operation - authenticate 1102s PIN for Test Organization Sub Int Token: pamtester: Authentication failure 1102s + echo -n -e 123456 1102s + pamtester -v login root authenticate 1102s pamtester: invoking pam_start(login, root, ...) 1102s pamtester: performing operation - authenticate 1105s pamtester: Authentication service cannot retrieve authentication info 1105s + test_authentication login /tmp/sssd-softhsm2-certs-a2sghl/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf /tmp/sssd-softhsm2-certs-a2sghl/test-sub-intermediate-CA.pem partial_chain 1105s + pam_service=login 1105s + certificate_config=/tmp/sssd-softhsm2-certs-a2sghl/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 1105s + ca_db=/tmp/sssd-softhsm2-certs-a2sghl/test-sub-intermediate-CA.pem 1105s + verification_options=partial_chain 1105s + mkdir -p -m 700 /etc/sssd 1105s Using CA DB '/tmp/sssd-softhsm2-certs-a2sghl/test-sub-intermediate-CA.pem' with verification options: 'partial_chain' 1105s + echo 'Using CA DB '\''/tmp/sssd-softhsm2-certs-a2sghl/test-sub-intermediate-CA.pem'\'' with verification options: '\''partial_chain'\''' 1105s + cat 1105s + chmod 600 /etc/sssd/sssd.conf 1105s + for path_pair in "${softhsm2_conf_paths[@]}" 1105s + IFS=: 1105s + read -r -a path 1105s + user=ubuntu 1105s + path=/home/ubuntu/.config/softhsm2/softhsm2.conf 1105s ++ dirname /home/ubuntu/.config/softhsm2/softhsm2.conf 1105s + runuser -u ubuntu -- mkdir -p /home/ubuntu/.config/softhsm2 1105s + runuser -u ubuntu -- ln -sf /tmp/sssd-softhsm2-certs-a2sghl/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf /home/ubuntu/.config/softhsm2/softhsm2.conf 1105s + runuser -u ubuntu -- softhsm2-util --show-slots 1105s + grep 'Test Organization' 1105s + for path_pair in "${softhsm2_conf_paths[@]}" 1105s + IFS=: 1105s + read -r -a path 1105s + user=root 1105s + path=/etc/softhsm/softhsm2.conf 1105s ++ dirname /etc/softhsm/softhsm2.conf 1105s + runuser -u root -- mkdir -p /etc/softhsm 1105s Label: Test Organization Sub Int Token 1105s + runuser -u root -- ln -sf /tmp/sssd-softhsm2-certs-a2sghl/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf /etc/softhsm/softhsm2.conf 1105s + runuser -u root -- softhsm2-util --show-slots 1105s + grep 'Test Organization' 1105s Label: Test Organization Sub Int Token 1105s + systemctl restart sssd 1106s + pam-auth-update --disable sss-smart-card-optional sss-smart-card-required 1107s + for alternative in "${alternative_pam_configs[@]}" 1107s + pam-auth-update --enable sss-smart-card-optional 1108s + cat /etc/pam.d/common-auth 1108s # 1108s # /etc/pam.d/common-auth - authentication settings common to all services 1108s # 1108s # This file is included from other service-specific PAM config files, 1108s # and should contain a list of the authentication modules that define 1108s # the central authentication scheme for use on the system 1108s # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the 1108s # traditional Unix authentication mechanisms. 1108s # 1108s # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. 1108s # To take advantage of this, it is recommended that you configure any 1108s # local modules either before or after the default block, and use 1108s # pam-auth-update to manage selection of other modules. See 1108s # pam-auth-update(8) for details. 1108s 1108s # here are the per-package modules (the "Primary" block) 1108s auth [success=3 default=ignore] pam_sss.so allow_missing_name try_cert_auth 1108s auth [success=2 default=ignore] pam_unix.so nullok try_first_pass 1108s auth [success=1 default=ignore] pam_sss.so use_first_pass 1108s # here's the fallback if no module succeeds 1108s auth requisite pam_deny.so 1108s # prime the stack with a positive return value if there isn't one already; 1108s # this avoids us returning an error just because nothing sets a success code 1108s # since the modules above will each just jump around 1108s auth required pam_permit.so 1108s # and here are more per-package modules (the "Additional" block) 1108s auth optional pam_cap.so 1108s # end of pam-auth-update config 1108s + echo -n -e 123456 1108s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 1108s pamtester: invoking pam_start(login, ubuntu, ...) 1108s pamtester: performing operation - authenticate 1108s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 1108s + echo -n -e 123456 1108s + runuser -u ubuntu -- pamtester -v login '' authenticate 1108s pamtester: invoking pam_start(login, , ...) 1108s pamtester: performing operation - authenticate 1108s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 1108s + echo -n -e wrong123456 1108s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 1108s pamtester: invoking pam_start(login, ubuntu, ...) 1108s pamtester: performing operation - authenticate 1111s PIN for Test Organization Sub Int Token: Password: pamtester: Authentication failure 1111s + echo -n -e wrong123456 1111s + runuser -u ubuntu -- pamtester -v login '' authenticate 1111s pamtester: invoking pam_start(login, , ...) 1111s pamtester: performing operation - authenticate 1114s PIN for Test Organization Sub Int Token: Password: pamtester: Authentication failure 1114s + echo -n -e 123456 1114s + pamtester -v login root authenticate 1114s pamtester: invoking pam_start(login, root, ...) 1114s pamtester: performing operation - authenticate 1116s Password: pamtester: Authentication failure 1116s + for alternative in "${alternative_pam_configs[@]}" 1116s + pam-auth-update --enable sss-smart-card-required 1117s PAM configuration 1117s ----------------- 1117s 1117s Incompatible PAM profiles selected. 1117s 1117s The following PAM profiles cannot be used together: 1117s 1117s SSS required smart card authentication, SSS optional smart card 1117s authentication 1117s 1117s Please select a different set of modules to enable. 1117s 1117s + cat /etc/pam.d/common-auth 1117s # 1117s # /etc/pam.d/common-auth - authentication settings common to all services 1117s # 1117s # This file is included from other service-specific PAM config files, 1117s # and should contain a list of the authentication modules that define 1117s # the central authentication scheme for use on the system 1117s # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the 1117s # traditional Unix authentication mechanisms. 1117s # 1117s # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. 1117s # To take advantage of this, it is recommended that you configure any 1117s # local modules either before or after the default block, and use 1117s # pam-auth-update to manage selection of other modules. See 1117s # pam-auth-update(8) for details. 1117s 1117s # here are the per-package modules (the "Primary" block) 1117s auth [success=3 ignore=ignore default=die] pam_sss.so allow_missing_name require_cert_auth 1117s auth [success=2 default=ignore] pam_unix.so nullok try_first_pass 1117s auth [success=1 default=ignore] pam_sss.so use_first_pass 1117s # here's the fallback if no module succeeds 1117s auth requisite pam_deny.so 1117s # prime the stack with a positive return value if there isn't one already; 1117s # this avoids us returning an error just because nothing sets a success code 1117s # since the modules above will each just jump around 1117s auth required pam_permit.so 1117s # and here are more per-package modules (the "Additional" block) 1117s auth optional pam_cap.so 1117s # end of pam-auth-update config 1117s + echo -n -e 123456 1117s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 1117s pamtester: invoking pam_start(login, ubuntu, ...) 1117s pamtester: performing operation - authenticate 1117s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 1117s + echo -n -e 123456 1117s + runuser -u ubuntu -- pamtester -v login '' authenticate 1117s pamtester: invoking pam_start(login, , ...) 1117s pamtester: performing operation - authenticate 1117s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 1117s + echo -n -e wrong123456 1117s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 1117s pamtester: invoking pam_start(login, ubuntu, ...) 1117s pamtester: performing operation - authenticate 1121s PIN for Test Organization Sub Int Token: pamtester: Authentication failure 1121s + echo -n -e wrong123456 1121s + runuser -u ubuntu -- pamtester -v login '' authenticate 1121s pamtester: invoking pam_start(login, , ...) 1121s pamtester: performing operation - authenticate 1124s PIN for Test Organization Sub Int Token: pamtester: Authentication failure 1124s + echo -n -e 123456 1124s + pamtester -v login root authenticate 1124s pamtester: invoking pam_start(login, root, ...) 1124s pamtester: performing operation - authenticate 1127s pamtester: Authentication service cannot retrieve authentication info 1127s + handle_exit 1127s + exit_code=0 1127s + restore_changes 1127s + for path in "${restore_paths[@]}" 1127s + local original_path 1127s ++ realpath --strip --relative-base=/tmp/sssd-softhsm2-backups-wHiI7M /tmp/sssd-softhsm2-backups-wHiI7M//etc/softhsm/softhsm2.conf 1127s + original_path=/etc/softhsm/softhsm2.conf 1127s + rm /etc/softhsm/softhsm2.conf 1127s + mv /tmp/sssd-softhsm2-backups-wHiI7M//etc/softhsm/softhsm2.conf /etc/softhsm/softhsm2.conf 1127s + for path in "${delete_paths[@]}" 1127s + rm -f /etc/sssd/sssd.conf 1127s + for path in "${delete_paths[@]}" 1127s + rm -f /home/ubuntu/.config/softhsm2/softhsm2.conf 1127s + pam-auth-update --disable sss-smart-card-optional sss-smart-card-required 1128s + '[' -e /etc/sssd/sssd.conf ']' 1128s + systemctl stop sssd 1128s + '[' -e /etc/softhsm/softhsm2.conf ']' 1128s + chmod 600 /etc/softhsm/softhsm2.conf 1128s + rm -rf /tmp/sssd-softhsm2-certs-a2sghl 1128s + '[' 0 = 0 ']' 1128s + rm -rf /tmp/sssd-softhsm2-backups-wHiI7M 1128s + set +x 1128s Script completed successfully! 1128s autopkgtest [11:13:06]: test sssd-smart-card-pam-auth-configs: -----------------------] 1129s autopkgtest [11:13:07]: test sssd-smart-card-pam-auth-configs: - - - - - - - - - - results - - - - - - - - - - 1129s sssd-smart-card-pam-auth-configs PASS 1130s autopkgtest [11:13:08]: @@@@@@@@@@@@@@@@@@@@ summary 1130s ldap-user-group-ldap-auth PASS 1130s ldap-user-group-krb5-auth PASS 1130s sssd-softhism2-certificates-tests.sh PASS 1130s sssd-smart-card-pam-auth-configs PASS 1143s Creating nova instance adt-noble-arm64-sssd-20240325-105418-juju-7f2275-prod-proposed-migration-environment-2 from image adt/ubuntu-noble-arm64-server-20240325.img (UUID fbff6e39-d9aa-49f2-b0e3-b936ee7913ab)... 1143s Creating nova instance adt-noble-arm64-sssd-20240325-105418-juju-7f2275-prod-proposed-migration-environment-2 from image adt/ubuntu-noble-arm64-server-20240325.img (UUID fbff6e39-d9aa-49f2-b0e3-b936ee7913ab)...