0s autopkgtest [17:18:33]: starting date and time: 2024-04-11 17:18:33+0000 0s autopkgtest [17:18:33]: git checkout: 43bc6cdf gitlab-ci: do not include the salsa pipeline 0s autopkgtest [17:18:33]: host juju-7f2275-prod-proposed-migration-environment-2; command line: /home/ubuntu/autopkgtest/runner/autopkgtest --output-dir /tmp/autopkgtest-work.c2ytmk90/out --timeout-copy=6000 --setup-commands /home/ubuntu/autopkgtest-cloud/worker-config-production/setup-canonical.sh --apt-pocket=proposed=src:curl --apt-upgrade sssd --timeout-short=300 --timeout-copy=20000 --timeout-build=20000 --env=ADT_TEST_TRIGGERS=curl/8.5.0-2ubuntu10 -- ssh -s /home/ubuntu/autopkgtest/ssh-setup/nova -- --flavor autopkgtest --security-groups autopkgtest-juju-7f2275-prod-proposed-migration-environment-2@bos01-arm64-20.secgroup --name adt-noble-arm64-sssd-20240411-171832-juju-7f2275-prod-proposed-migration-environment-2-c8cd56bd-1908-4066-bc54-c28e0de72ea2 --image adt/ubuntu-noble-arm64-server --keyname testbed-juju-7f2275-prod-proposed-migration-environment-2 --net-id=net_prod-proposed-migration -e TERM=linux -e ''"'"'http_proxy=http://squid.internal:3128'"'"'' -e ''"'"'https_proxy=http://squid.internal:3128'"'"'' -e ''"'"'no_proxy=127.0.0.1,127.0.1.1,login.ubuntu.com,localhost,localdomain,novalocal,internal,archive.ubuntu.com,ports.ubuntu.com,security.ubuntu.com,ddebs.ubuntu.com,changelogs.ubuntu.com,launchpadlibrarian.net,launchpadcontent.net,launchpad.net,10.24.0.0/24,keystone.ps5.canonical.com,objectstorage.prodstack5.canonical.com'"'"'' --mirror=http://us.ports.ubuntu.com/ubuntu-ports/ 105s autopkgtest [17:20:18]: testbed dpkg architecture: arm64 105s autopkgtest [17:20:18]: testbed apt version: 2.7.14build2 105s autopkgtest [17:20:18]: @@@@@@@@@@@@@@@@@@@@ test bed setup 106s Get:1 http://ftpmaster.internal/ubuntu noble-proposed InRelease [117 kB] 106s Get:2 http://ftpmaster.internal/ubuntu noble-proposed/main Sources [337 kB] 107s Get:3 http://ftpmaster.internal/ubuntu noble-proposed/restricted Sources [13.2 kB] 107s Get:4 http://ftpmaster.internal/ubuntu noble-proposed/multiverse Sources [6492 B] 107s Get:5 http://ftpmaster.internal/ubuntu noble-proposed/universe Sources [687 kB] 107s Get:6 http://ftpmaster.internal/ubuntu noble-proposed/main arm64 Packages [376 kB] 107s Get:7 http://ftpmaster.internal/ubuntu noble-proposed/main arm64 c-n-f Metadata [3144 B] 107s Get:8 http://ftpmaster.internal/ubuntu noble-proposed/restricted arm64 Packages [91.6 kB] 107s Get:9 http://ftpmaster.internal/ubuntu noble-proposed/restricted arm64 c-n-f Metadata [116 B] 107s Get:10 http://ftpmaster.internal/ubuntu noble-proposed/universe arm64 Packages [771 kB] 107s Get:11 http://ftpmaster.internal/ubuntu noble-proposed/universe arm64 c-n-f Metadata [8528 B] 107s Get:12 http://ftpmaster.internal/ubuntu noble-proposed/multiverse arm64 Packages [2596 B] 107s Get:13 http://ftpmaster.internal/ubuntu noble-proposed/multiverse arm64 c-n-f Metadata [116 B] 108s Fetched 2414 kB in 1s (2611 kB/s) 108s Reading package lists... 110s Reading package lists... 110s Building dependency tree... 110s Reading state information... 111s Calculating upgrade... 111s The following packages will be upgraded: 111s curl libcurl3t64-gnutls libcurl4t64 112s 3 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 112s Need to get 881 kB of archives. 112s After this operation, 0 B of additional disk space will be used. 112s Get:1 http://ftpmaster.internal/ubuntu noble-proposed/main arm64 curl arm64 8.5.0-2ubuntu10 [222 kB] 112s Get:2 http://ftpmaster.internal/ubuntu noble-proposed/main arm64 libcurl4t64 arm64 8.5.0-2ubuntu10 [333 kB] 112s Get:3 http://ftpmaster.internal/ubuntu noble-proposed/main arm64 libcurl3t64-gnutls arm64 8.5.0-2ubuntu10 [327 kB] 113s Fetched 881 kB in 1s (1460 kB/s) 113s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 77750 files and directories currently installed.) 113s Preparing to unpack .../curl_8.5.0-2ubuntu10_arm64.deb ... 113s Unpacking curl (8.5.0-2ubuntu10) over (8.5.0-2ubuntu9) ... 113s Preparing to unpack .../libcurl4t64_8.5.0-2ubuntu10_arm64.deb ... 113s Unpacking libcurl4t64:arm64 (8.5.0-2ubuntu10) over (8.5.0-2ubuntu9) ... 113s Preparing to unpack .../libcurl3t64-gnutls_8.5.0-2ubuntu10_arm64.deb ... 113s Unpacking libcurl3t64-gnutls:arm64 (8.5.0-2ubuntu10) over (8.5.0-2ubuntu9) ... 113s Setting up libcurl4t64:arm64 (8.5.0-2ubuntu10) ... 113s Setting up libcurl3t64-gnutls:arm64 (8.5.0-2ubuntu10) ... 113s Setting up curl (8.5.0-2ubuntu10) ... 113s Processing triggers for man-db (2.12.0-4build1) ... 113s Processing triggers for libc-bin (2.39-0ubuntu8) ... 113s Reading package lists... 113s Building dependency tree... 113s Reading state information... 114s 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 114s Hit:1 http://ftpmaster.internal/ubuntu noble-proposed InRelease 114s Hit:2 http://ftpmaster.internal/ubuntu noble InRelease 114s Hit:3 http://ftpmaster.internal/ubuntu noble-updates InRelease 114s Hit:4 http://ftpmaster.internal/ubuntu noble-security InRelease 116s Reading package lists... 116s Reading package lists... 116s Building dependency tree... 116s Reading state information... 116s Calculating upgrade... 117s 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 117s Reading package lists... 117s Building dependency tree... 117s Reading state information... 118s 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 120s autopkgtest [17:20:33]: testbed running kernel: Linux 6.8.0-22-generic #22-Ubuntu SMP PREEMPT_DYNAMIC Fri Apr 5 02:52:09 UTC 2024 121s autopkgtest [17:20:34]: @@@@@@@@@@@@@@@@@@@@ apt-source sssd 136s Get:1 http://ftpmaster.internal/ubuntu noble-proposed/main sssd 2.9.4-1.1ubuntu5 (dsc) [5056 B] 136s Get:2 http://ftpmaster.internal/ubuntu noble-proposed/main sssd 2.9.4-1.1ubuntu5 (tar) [7983 kB] 136s Get:3 http://ftpmaster.internal/ubuntu noble-proposed/main sssd 2.9.4-1.1ubuntu5 (diff) [49.1 kB] 136s gpgv: Signature made Fri Apr 5 14:55:59 2024 UTC 136s gpgv: using RSA key 8AFD08D3D1B817B2DF8982F501AC4B4083590A98 136s gpgv: Can't check signature: No public key 136s dpkg-source: warning: cannot verify inline signature for ./sssd_2.9.4-1.1ubuntu5.dsc: no acceptable signature found 136s autopkgtest [17:20:49]: testing package sssd version 2.9.4-1.1ubuntu5 137s autopkgtest [17:20:50]: build not needed 169s autopkgtest [17:21:22]: test ldap-user-group-ldap-auth: preparing testbed 173s Reading package lists... 174s Building dependency tree... 174s Reading state information... 174s Starting pkgProblemResolver with broken count: 0 174s Starting 2 pkgProblemResolver with broken count: 0 174s Done 175s The following additional packages will be installed: 175s expect ldap-utils libavahi-client3 libavahi-common-data libavahi-common3 175s libbasicobjects0t64 libc-ares2 libcollection4t64 libcrack2 libdhash1t64 175s libevent-2.1-7t64 libini-config5t64 libipa-hbac-dev libipa-hbac0t64 libjose0 175s libkrad0 libldb2 libltdl7 libnfsidmap1 libnss-sss libnss-sudo libodbc2 175s libpam-pwquality libpam-sss libpath-utils1t64 libpwquality-common 175s libpwquality1 libref-array1t64 libsmbclient0 libsss-certmap-dev 175s libsss-certmap0 libsss-idmap-dev libsss-idmap0 libsss-nss-idmap-dev 175s libsss-nss-idmap0 libsss-sudo libtalloc2 libtcl8.6 libtdb1 libtevent0t64 175s libverto-libevent1t64 libverto1t64 libwbclient0 python3-libipa-hbac 175s python3-libsss-nss-idmap python3-sss samba-libs slapd sssd sssd-ad 175s sssd-ad-common sssd-common sssd-dbus sssd-idp sssd-ipa sssd-kcm sssd-krb5 175s sssd-krb5-common sssd-ldap sssd-passkey sssd-proxy sssd-tools tcl-expect 175s tcl8.6 175s Suggested packages: 175s tk8.6 libsasl2-modules-gssapi-mit | libsasl2-modules-gssapi-heimdal 175s odbc-postgresql tdsodbc adcli libsasl2-modules-ldap tcl-tclreadline 175s Recommended packages: 175s cracklib-runtime libsasl2-modules-gssapi-mit 175s | libsasl2-modules-gssapi-heimdal 175s The following NEW packages will be installed: 175s autopkgtest-satdep expect ldap-utils libavahi-client3 libavahi-common-data 175s libavahi-common3 libbasicobjects0t64 libc-ares2 libcollection4t64 libcrack2 175s libdhash1t64 libevent-2.1-7t64 libini-config5t64 libipa-hbac-dev 175s libipa-hbac0t64 libjose0 libkrad0 libldb2 libltdl7 libnfsidmap1 libnss-sss 175s libnss-sudo libodbc2 libpam-pwquality libpam-sss libpath-utils1t64 175s libpwquality-common libpwquality1 libref-array1t64 libsmbclient0 175s libsss-certmap-dev libsss-certmap0 libsss-idmap-dev libsss-idmap0 175s libsss-nss-idmap-dev libsss-nss-idmap0 libsss-sudo libtalloc2 libtcl8.6 175s libtdb1 libtevent0t64 libverto-libevent1t64 libverto1t64 libwbclient0 175s python3-libipa-hbac python3-libsss-nss-idmap python3-sss samba-libs slapd 175s sssd sssd-ad sssd-ad-common sssd-common sssd-dbus sssd-idp sssd-ipa sssd-kcm 175s sssd-krb5 sssd-krb5-common sssd-ldap sssd-passkey sssd-proxy sssd-tools 175s tcl-expect tcl8.6 176s 0 upgraded, 65 newly installed, 0 to remove and 0 not upgraded. 176s Need to get 12.7 MB/12.7 MB of archives. 176s After this operation, 60.1 MB of additional disk space will be used. 176s Get:1 /tmp/autopkgtest.ecjSaf/1-autopkgtest-satdep.deb autopkgtest-satdep arm64 0 [872 B] 176s Get:2 http://ftpmaster.internal/ubuntu noble/main arm64 libltdl7 arm64 2.4.7-7 [40.3 kB] 176s Get:3 http://ftpmaster.internal/ubuntu noble/main arm64 libodbc2 arm64 2.3.12-1build2 [145 kB] 176s Get:4 http://ftpmaster.internal/ubuntu noble/main arm64 slapd arm64 2.6.7+dfsg-1~exp1ubuntu8 [1515 kB] 176s Get:5 http://ftpmaster.internal/ubuntu noble/main arm64 libtcl8.6 arm64 8.6.14+dfsg-1build1 [978 kB] 176s Get:6 http://ftpmaster.internal/ubuntu noble/main arm64 tcl8.6 arm64 8.6.14+dfsg-1build1 [14.6 kB] 176s Get:7 http://ftpmaster.internal/ubuntu noble/universe arm64 tcl-expect arm64 5.45.4-2build1 [103 kB] 176s Get:8 http://ftpmaster.internal/ubuntu noble/universe arm64 expect arm64 5.45.4-2build1 [137 kB] 176s Get:9 http://ftpmaster.internal/ubuntu noble/main arm64 ldap-utils arm64 2.6.7+dfsg-1~exp1ubuntu8 [149 kB] 176s Get:10 http://ftpmaster.internal/ubuntu noble/main arm64 libavahi-common-data arm64 0.8-13ubuntu5 [29.6 kB] 176s Get:11 http://ftpmaster.internal/ubuntu noble/main arm64 libavahi-common3 arm64 0.8-13ubuntu5 [23.3 kB] 176s Get:12 http://ftpmaster.internal/ubuntu noble/main arm64 libavahi-client3 arm64 0.8-13ubuntu5 [27.2 kB] 176s Get:13 http://ftpmaster.internal/ubuntu noble/main arm64 libbasicobjects0t64 arm64 0.6.2-2.1build1 [5850 B] 176s Get:14 http://ftpmaster.internal/ubuntu noble/main arm64 libcollection4t64 arm64 0.6.2-2.1build1 [23.5 kB] 176s Get:15 http://ftpmaster.internal/ubuntu noble/main arm64 libcrack2 arm64 2.9.6-5.1build2 [28.9 kB] 176s Get:16 http://ftpmaster.internal/ubuntu noble/main arm64 libdhash1t64 arm64 0.6.2-2.1build1 [8882 B] 176s Get:17 http://ftpmaster.internal/ubuntu noble/main arm64 libevent-2.1-7t64 arm64 2.1.12-stable-9ubuntu2 [140 kB] 176s Get:18 http://ftpmaster.internal/ubuntu noble/main arm64 libpath-utils1t64 arm64 0.6.2-2.1build1 [9120 B] 176s Get:19 http://ftpmaster.internal/ubuntu noble/main arm64 libref-array1t64 arm64 0.6.2-2.1build1 [7322 B] 176s Get:20 http://ftpmaster.internal/ubuntu noble/main arm64 libini-config5t64 arm64 0.6.2-2.1build1 [44.6 kB] 176s Get:21 http://ftpmaster.internal/ubuntu noble-proposed/main arm64 libipa-hbac0t64 arm64 2.9.4-1.1ubuntu5 [17.0 kB] 176s Get:22 http://ftpmaster.internal/ubuntu noble/universe arm64 libjose0 arm64 13-1 [44.5 kB] 176s Get:23 http://ftpmaster.internal/ubuntu noble/main arm64 libverto-libevent1t64 arm64 0.3.1-1.2ubuntu3 [6328 B] 176s Get:24 http://ftpmaster.internal/ubuntu noble/main arm64 libverto1t64 arm64 0.3.1-1.2ubuntu3 [10.4 kB] 176s Get:25 http://ftpmaster.internal/ubuntu noble-proposed/main arm64 libkrad0 arm64 1.20.1-6ubuntu2 [22.1 kB] 176s Get:26 http://ftpmaster.internal/ubuntu noble/main arm64 libtalloc2 arm64 2.4.2-1build2 [26.7 kB] 176s Get:27 http://ftpmaster.internal/ubuntu noble/main arm64 libtdb1 arm64 1.4.10-1 [48.4 kB] 176s Get:28 http://ftpmaster.internal/ubuntu noble/main arm64 libtevent0t64 arm64 0.16.1-2build1 [42.3 kB] 176s Get:29 http://ftpmaster.internal/ubuntu noble/main arm64 libldb2 arm64 2:2.8.0+samba4.19.5+dfsg-4ubuntu8 [188 kB] 176s Get:30 http://ftpmaster.internal/ubuntu noble/main arm64 libnfsidmap1 arm64 1:2.6.4-3ubuntu4 [48.2 kB] 176s Get:31 http://ftpmaster.internal/ubuntu noble/universe arm64 libnss-sudo all 1.9.15p5-3ubuntu4 [15.1 kB] 176s Get:32 http://ftpmaster.internal/ubuntu noble/main arm64 libpwquality-common all 1.4.5-3 [7658 B] 176s Get:33 http://ftpmaster.internal/ubuntu noble/main arm64 libpwquality1 arm64 1.4.5-3 [13.2 kB] 176s Get:34 http://ftpmaster.internal/ubuntu noble/main arm64 libpam-pwquality arm64 1.4.5-3 [11.6 kB] 176s Get:35 http://ftpmaster.internal/ubuntu noble/main arm64 libwbclient0 arm64 2:4.19.5+dfsg-4ubuntu8 [71.4 kB] 176s Get:36 http://ftpmaster.internal/ubuntu noble/main arm64 samba-libs arm64 2:4.19.5+dfsg-4ubuntu8 [6061 kB] 176s Get:37 http://ftpmaster.internal/ubuntu noble/main arm64 libsmbclient0 arm64 2:4.19.5+dfsg-4ubuntu8 [62.1 kB] 176s Get:38 http://ftpmaster.internal/ubuntu noble-proposed/main arm64 libnss-sss arm64 2.9.4-1.1ubuntu5 [32.0 kB] 176s Get:39 http://ftpmaster.internal/ubuntu noble-proposed/main arm64 libpam-sss arm64 2.9.4-1.1ubuntu5 [49.1 kB] 176s Get:40 http://ftpmaster.internal/ubuntu noble-proposed/main arm64 python3-sss arm64 2.9.4-1.1ubuntu5 [46.8 kB] 176s Get:41 http://ftpmaster.internal/ubuntu noble/main arm64 libc-ares2 arm64 1.27.0-1 [74.1 kB] 176s Get:42 http://ftpmaster.internal/ubuntu noble-proposed/main arm64 libsss-certmap0 arm64 2.9.4-1.1ubuntu5 [46.2 kB] 176s Get:43 http://ftpmaster.internal/ubuntu noble-proposed/main arm64 libsss-idmap0 arm64 2.9.4-1.1ubuntu5 [22.2 kB] 176s Get:44 http://ftpmaster.internal/ubuntu noble-proposed/main arm64 libsss-nss-idmap0 arm64 2.9.4-1.1ubuntu5 [30.6 kB] 176s Get:45 http://ftpmaster.internal/ubuntu noble-proposed/main arm64 sssd-common arm64 2.9.4-1.1ubuntu5 [1147 kB] 176s Get:46 http://ftpmaster.internal/ubuntu noble-proposed/universe arm64 sssd-idp arm64 2.9.4-1.1ubuntu5 [27.9 kB] 176s Get:47 http://ftpmaster.internal/ubuntu noble-proposed/universe arm64 sssd-passkey arm64 2.9.4-1.1ubuntu5 [32.7 kB] 176s Get:48 http://ftpmaster.internal/ubuntu noble-proposed/main arm64 sssd-ad-common arm64 2.9.4-1.1ubuntu5 [75.4 kB] 176s Get:49 http://ftpmaster.internal/ubuntu noble-proposed/main arm64 sssd-krb5-common arm64 2.9.4-1.1ubuntu5 [87.9 kB] 176s Get:50 http://ftpmaster.internal/ubuntu noble-proposed/main arm64 sssd-ad arm64 2.9.4-1.1ubuntu5 [134 kB] 176s Get:51 http://ftpmaster.internal/ubuntu noble-proposed/main arm64 sssd-ipa arm64 2.9.4-1.1ubuntu5 [220 kB] 176s Get:52 http://ftpmaster.internal/ubuntu noble-proposed/main arm64 sssd-krb5 arm64 2.9.4-1.1ubuntu5 [14.3 kB] 176s Get:53 http://ftpmaster.internal/ubuntu noble-proposed/main arm64 sssd-ldap arm64 2.9.4-1.1ubuntu5 [31.3 kB] 176s Get:54 http://ftpmaster.internal/ubuntu noble-proposed/main arm64 sssd-proxy arm64 2.9.4-1.1ubuntu5 [44.6 kB] 176s Get:55 http://ftpmaster.internal/ubuntu noble-proposed/main arm64 sssd arm64 2.9.4-1.1ubuntu5 [4110 B] 176s Get:56 http://ftpmaster.internal/ubuntu noble-proposed/main arm64 sssd-dbus arm64 2.9.4-1.1ubuntu5 [103 kB] 176s Get:57 http://ftpmaster.internal/ubuntu noble-proposed/universe arm64 sssd-kcm arm64 2.9.4-1.1ubuntu5 [139 kB] 176s Get:58 http://ftpmaster.internal/ubuntu noble-proposed/main arm64 sssd-tools arm64 2.9.4-1.1ubuntu5 [97.6 kB] 176s Get:59 http://ftpmaster.internal/ubuntu noble-proposed/main arm64 libipa-hbac-dev arm64 2.9.4-1.1ubuntu5 [6658 B] 176s Get:60 http://ftpmaster.internal/ubuntu noble-proposed/main arm64 libsss-certmap-dev arm64 2.9.4-1.1ubuntu5 [5716 B] 176s Get:61 http://ftpmaster.internal/ubuntu noble-proposed/main arm64 libsss-idmap-dev arm64 2.9.4-1.1ubuntu5 [8368 B] 176s Get:62 http://ftpmaster.internal/ubuntu noble-proposed/main arm64 libsss-nss-idmap-dev arm64 2.9.4-1.1ubuntu5 [6700 B] 176s Get:63 http://ftpmaster.internal/ubuntu noble-proposed/universe arm64 libsss-sudo arm64 2.9.4-1.1ubuntu5 [20.7 kB] 176s Get:64 http://ftpmaster.internal/ubuntu noble-proposed/universe arm64 python3-libipa-hbac arm64 2.9.4-1.1ubuntu5 [16.6 kB] 176s Get:65 http://ftpmaster.internal/ubuntu noble-proposed/universe arm64 python3-libsss-nss-idmap arm64 2.9.4-1.1ubuntu5 [9150 B] 177s Preconfiguring packages ... 177s Fetched 12.7 MB in 1s (8476 kB/s) 177s Selecting previously unselected package libltdl7:arm64. 177s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 77750 files and directories currently installed.) 177s Preparing to unpack .../00-libltdl7_2.4.7-7_arm64.deb ... 177s Unpacking libltdl7:arm64 (2.4.7-7) ... 177s Selecting previously unselected package libodbc2:arm64. 177s Preparing to unpack .../01-libodbc2_2.3.12-1build2_arm64.deb ... 177s Unpacking libodbc2:arm64 (2.3.12-1build2) ... 177s Selecting previously unselected package slapd. 177s Preparing to unpack .../02-slapd_2.6.7+dfsg-1~exp1ubuntu8_arm64.deb ... 177s Unpacking slapd (2.6.7+dfsg-1~exp1ubuntu8) ... 177s Selecting previously unselected package libtcl8.6:arm64. 177s Preparing to unpack .../03-libtcl8.6_8.6.14+dfsg-1build1_arm64.deb ... 177s Unpacking libtcl8.6:arm64 (8.6.14+dfsg-1build1) ... 177s Selecting previously unselected package tcl8.6. 177s Preparing to unpack .../04-tcl8.6_8.6.14+dfsg-1build1_arm64.deb ... 177s Unpacking tcl8.6 (8.6.14+dfsg-1build1) ... 177s Selecting previously unselected package tcl-expect:arm64. 177s Preparing to unpack .../05-tcl-expect_5.45.4-2build1_arm64.deb ... 177s Unpacking tcl-expect:arm64 (5.45.4-2build1) ... 177s Selecting previously unselected package expect. 177s Preparing to unpack .../06-expect_5.45.4-2build1_arm64.deb ... 177s Unpacking expect (5.45.4-2build1) ... 177s Selecting previously unselected package ldap-utils. 177s Preparing to unpack .../07-ldap-utils_2.6.7+dfsg-1~exp1ubuntu8_arm64.deb ... 177s Unpacking ldap-utils (2.6.7+dfsg-1~exp1ubuntu8) ... 177s Selecting previously unselected package libavahi-common-data:arm64. 177s Preparing to unpack .../08-libavahi-common-data_0.8-13ubuntu5_arm64.deb ... 177s Unpacking libavahi-common-data:arm64 (0.8-13ubuntu5) ... 177s Selecting previously unselected package libavahi-common3:arm64. 177s Preparing to unpack .../09-libavahi-common3_0.8-13ubuntu5_arm64.deb ... 177s Unpacking libavahi-common3:arm64 (0.8-13ubuntu5) ... 177s Selecting previously unselected package libavahi-client3:arm64. 177s Preparing to unpack .../10-libavahi-client3_0.8-13ubuntu5_arm64.deb ... 177s Unpacking libavahi-client3:arm64 (0.8-13ubuntu5) ... 177s Selecting previously unselected package libbasicobjects0t64:arm64. 177s Preparing to unpack .../11-libbasicobjects0t64_0.6.2-2.1build1_arm64.deb ... 177s Unpacking libbasicobjects0t64:arm64 (0.6.2-2.1build1) ... 177s Selecting previously unselected package libcollection4t64:arm64. 177s Preparing to unpack .../12-libcollection4t64_0.6.2-2.1build1_arm64.deb ... 177s Unpacking libcollection4t64:arm64 (0.6.2-2.1build1) ... 177s Selecting previously unselected package libcrack2:arm64. 177s Preparing to unpack .../13-libcrack2_2.9.6-5.1build2_arm64.deb ... 177s Unpacking libcrack2:arm64 (2.9.6-5.1build2) ... 177s Selecting previously unselected package libdhash1t64:arm64. 177s Preparing to unpack .../14-libdhash1t64_0.6.2-2.1build1_arm64.deb ... 177s Unpacking libdhash1t64:arm64 (0.6.2-2.1build1) ... 177s Selecting previously unselected package libevent-2.1-7t64:arm64. 177s Preparing to unpack .../15-libevent-2.1-7t64_2.1.12-stable-9ubuntu2_arm64.deb ... 177s Unpacking libevent-2.1-7t64:arm64 (2.1.12-stable-9ubuntu2) ... 177s Selecting previously unselected package libpath-utils1t64:arm64. 177s Preparing to unpack .../16-libpath-utils1t64_0.6.2-2.1build1_arm64.deb ... 177s Unpacking libpath-utils1t64:arm64 (0.6.2-2.1build1) ... 177s Selecting previously unselected package libref-array1t64:arm64. 177s Preparing to unpack .../17-libref-array1t64_0.6.2-2.1build1_arm64.deb ... 177s Unpacking libref-array1t64:arm64 (0.6.2-2.1build1) ... 177s Selecting previously unselected package libini-config5t64:arm64. 177s Preparing to unpack .../18-libini-config5t64_0.6.2-2.1build1_arm64.deb ... 177s Unpacking libini-config5t64:arm64 (0.6.2-2.1build1) ... 177s Selecting previously unselected package libipa-hbac0t64. 177s Preparing to unpack .../19-libipa-hbac0t64_2.9.4-1.1ubuntu5_arm64.deb ... 177s Unpacking libipa-hbac0t64 (2.9.4-1.1ubuntu5) ... 177s Selecting previously unselected package libjose0:arm64. 177s Preparing to unpack .../20-libjose0_13-1_arm64.deb ... 177s Unpacking libjose0:arm64 (13-1) ... 177s Selecting previously unselected package libverto-libevent1t64:arm64. 177s Preparing to unpack .../21-libverto-libevent1t64_0.3.1-1.2ubuntu3_arm64.deb ... 177s Unpacking libverto-libevent1t64:arm64 (0.3.1-1.2ubuntu3) ... 178s Selecting previously unselected package libverto1t64:arm64. 178s Preparing to unpack .../22-libverto1t64_0.3.1-1.2ubuntu3_arm64.deb ... 178s Unpacking libverto1t64:arm64 (0.3.1-1.2ubuntu3) ... 178s Selecting previously unselected package libkrad0:arm64. 178s Preparing to unpack .../23-libkrad0_1.20.1-6ubuntu2_arm64.deb ... 178s Unpacking libkrad0:arm64 (1.20.1-6ubuntu2) ... 178s Selecting previously unselected package libtalloc2:arm64. 178s Preparing to unpack .../24-libtalloc2_2.4.2-1build2_arm64.deb ... 178s Unpacking libtalloc2:arm64 (2.4.2-1build2) ... 178s Selecting previously unselected package libtdb1:arm64. 178s Preparing to unpack .../25-libtdb1_1.4.10-1_arm64.deb ... 178s Unpacking libtdb1:arm64 (1.4.10-1) ... 178s Selecting previously unselected package libtevent0t64:arm64. 178s Preparing to unpack .../26-libtevent0t64_0.16.1-2build1_arm64.deb ... 178s Unpacking libtevent0t64:arm64 (0.16.1-2build1) ... 178s Selecting previously unselected package libldb2:arm64. 178s Preparing to unpack .../27-libldb2_2%3a2.8.0+samba4.19.5+dfsg-4ubuntu8_arm64.deb ... 178s Unpacking libldb2:arm64 (2:2.8.0+samba4.19.5+dfsg-4ubuntu8) ... 178s Selecting previously unselected package libnfsidmap1:arm64. 178s Preparing to unpack .../28-libnfsidmap1_1%3a2.6.4-3ubuntu4_arm64.deb ... 178s Unpacking libnfsidmap1:arm64 (1:2.6.4-3ubuntu4) ... 178s Selecting previously unselected package libnss-sudo. 178s Preparing to unpack .../29-libnss-sudo_1.9.15p5-3ubuntu4_all.deb ... 178s Unpacking libnss-sudo (1.9.15p5-3ubuntu4) ... 178s Selecting previously unselected package libpwquality-common. 178s Preparing to unpack .../30-libpwquality-common_1.4.5-3_all.deb ... 178s Unpacking libpwquality-common (1.4.5-3) ... 178s Selecting previously unselected package libpwquality1:arm64. 178s Preparing to unpack .../31-libpwquality1_1.4.5-3_arm64.deb ... 178s Unpacking libpwquality1:arm64 (1.4.5-3) ... 178s Selecting previously unselected package libpam-pwquality:arm64. 178s Preparing to unpack .../32-libpam-pwquality_1.4.5-3_arm64.deb ... 178s Unpacking libpam-pwquality:arm64 (1.4.5-3) ... 178s Selecting previously unselected package libwbclient0:arm64. 178s Preparing to unpack .../33-libwbclient0_2%3a4.19.5+dfsg-4ubuntu8_arm64.deb ... 178s Unpacking libwbclient0:arm64 (2:4.19.5+dfsg-4ubuntu8) ... 178s Selecting previously unselected package samba-libs:arm64. 178s Preparing to unpack .../34-samba-libs_2%3a4.19.5+dfsg-4ubuntu8_arm64.deb ... 178s Unpacking samba-libs:arm64 (2:4.19.5+dfsg-4ubuntu8) ... 178s Selecting previously unselected package libsmbclient0:arm64. 178s Preparing to unpack .../35-libsmbclient0_2%3a4.19.5+dfsg-4ubuntu8_arm64.deb ... 178s Unpacking libsmbclient0:arm64 (2:4.19.5+dfsg-4ubuntu8) ... 178s Selecting previously unselected package libnss-sss:arm64. 178s Preparing to unpack .../36-libnss-sss_2.9.4-1.1ubuntu5_arm64.deb ... 178s Unpacking libnss-sss:arm64 (2.9.4-1.1ubuntu5) ... 178s Selecting previously unselected package libpam-sss:arm64. 178s Preparing to unpack .../37-libpam-sss_2.9.4-1.1ubuntu5_arm64.deb ... 178s Unpacking libpam-sss:arm64 (2.9.4-1.1ubuntu5) ... 178s Selecting previously unselected package python3-sss. 178s Preparing to unpack .../38-python3-sss_2.9.4-1.1ubuntu5_arm64.deb ... 178s Unpacking python3-sss (2.9.4-1.1ubuntu5) ... 178s Selecting previously unselected package libc-ares2:arm64. 178s Preparing to unpack .../39-libc-ares2_1.27.0-1_arm64.deb ... 178s Unpacking libc-ares2:arm64 (1.27.0-1) ... 178s Selecting previously unselected package libsss-certmap0. 178s Preparing to unpack .../40-libsss-certmap0_2.9.4-1.1ubuntu5_arm64.deb ... 178s Unpacking libsss-certmap0 (2.9.4-1.1ubuntu5) ... 178s Selecting previously unselected package libsss-idmap0. 178s Preparing to unpack .../41-libsss-idmap0_2.9.4-1.1ubuntu5_arm64.deb ... 178s Unpacking libsss-idmap0 (2.9.4-1.1ubuntu5) ... 178s Selecting previously unselected package libsss-nss-idmap0. 178s Preparing to unpack .../42-libsss-nss-idmap0_2.9.4-1.1ubuntu5_arm64.deb ... 178s Unpacking libsss-nss-idmap0 (2.9.4-1.1ubuntu5) ... 178s Selecting previously unselected package sssd-common. 178s Preparing to unpack .../43-sssd-common_2.9.4-1.1ubuntu5_arm64.deb ... 178s Unpacking sssd-common (2.9.4-1.1ubuntu5) ... 178s Selecting previously unselected package sssd-idp. 178s Preparing to unpack .../44-sssd-idp_2.9.4-1.1ubuntu5_arm64.deb ... 178s Unpacking sssd-idp (2.9.4-1.1ubuntu5) ... 178s Selecting previously unselected package sssd-passkey. 178s Preparing to unpack .../45-sssd-passkey_2.9.4-1.1ubuntu5_arm64.deb ... 178s Unpacking sssd-passkey (2.9.4-1.1ubuntu5) ... 178s Selecting previously unselected package sssd-ad-common. 178s Preparing to unpack .../46-sssd-ad-common_2.9.4-1.1ubuntu5_arm64.deb ... 178s Unpacking sssd-ad-common (2.9.4-1.1ubuntu5) ... 178s Selecting previously unselected package sssd-krb5-common. 178s Preparing to unpack .../47-sssd-krb5-common_2.9.4-1.1ubuntu5_arm64.deb ... 178s Unpacking sssd-krb5-common (2.9.4-1.1ubuntu5) ... 178s Selecting previously unselected package sssd-ad. 178s Preparing to unpack .../48-sssd-ad_2.9.4-1.1ubuntu5_arm64.deb ... 178s Unpacking sssd-ad (2.9.4-1.1ubuntu5) ... 178s Selecting previously unselected package sssd-ipa. 178s Preparing to unpack .../49-sssd-ipa_2.9.4-1.1ubuntu5_arm64.deb ... 178s Unpacking sssd-ipa (2.9.4-1.1ubuntu5) ... 178s Selecting previously unselected package sssd-krb5. 178s Preparing to unpack .../50-sssd-krb5_2.9.4-1.1ubuntu5_arm64.deb ... 178s Unpacking sssd-krb5 (2.9.4-1.1ubuntu5) ... 178s Selecting previously unselected package sssd-ldap. 178s Preparing to unpack .../51-sssd-ldap_2.9.4-1.1ubuntu5_arm64.deb ... 178s Unpacking sssd-ldap (2.9.4-1.1ubuntu5) ... 178s Selecting previously unselected package sssd-proxy. 178s Preparing to unpack .../52-sssd-proxy_2.9.4-1.1ubuntu5_arm64.deb ... 178s Unpacking sssd-proxy (2.9.4-1.1ubuntu5) ... 178s Selecting previously unselected package sssd. 178s Preparing to unpack .../53-sssd_2.9.4-1.1ubuntu5_arm64.deb ... 178s Unpacking sssd (2.9.4-1.1ubuntu5) ... 178s Selecting previously unselected package sssd-dbus. 178s Preparing to unpack .../54-sssd-dbus_2.9.4-1.1ubuntu5_arm64.deb ... 178s Unpacking sssd-dbus (2.9.4-1.1ubuntu5) ... 179s Selecting previously unselected package sssd-kcm. 179s Preparing to unpack .../55-sssd-kcm_2.9.4-1.1ubuntu5_arm64.deb ... 179s Unpacking sssd-kcm (2.9.4-1.1ubuntu5) ... 179s Selecting previously unselected package sssd-tools. 179s Preparing to unpack .../56-sssd-tools_2.9.4-1.1ubuntu5_arm64.deb ... 179s Unpacking sssd-tools (2.9.4-1.1ubuntu5) ... 179s Selecting previously unselected package libipa-hbac-dev. 179s Preparing to unpack .../57-libipa-hbac-dev_2.9.4-1.1ubuntu5_arm64.deb ... 179s Unpacking libipa-hbac-dev (2.9.4-1.1ubuntu5) ... 179s Selecting previously unselected package libsss-certmap-dev. 179s Preparing to unpack .../58-libsss-certmap-dev_2.9.4-1.1ubuntu5_arm64.deb ... 179s Unpacking libsss-certmap-dev (2.9.4-1.1ubuntu5) ... 179s Selecting previously unselected package libsss-idmap-dev. 179s Preparing to unpack .../59-libsss-idmap-dev_2.9.4-1.1ubuntu5_arm64.deb ... 179s Unpacking libsss-idmap-dev (2.9.4-1.1ubuntu5) ... 179s Selecting previously unselected package libsss-nss-idmap-dev. 179s Preparing to unpack .../60-libsss-nss-idmap-dev_2.9.4-1.1ubuntu5_arm64.deb ... 179s Unpacking libsss-nss-idmap-dev (2.9.4-1.1ubuntu5) ... 179s Selecting previously unselected package libsss-sudo. 179s Preparing to unpack .../61-libsss-sudo_2.9.4-1.1ubuntu5_arm64.deb ... 179s Unpacking libsss-sudo (2.9.4-1.1ubuntu5) ... 179s Selecting previously unselected package python3-libipa-hbac. 179s Preparing to unpack .../62-python3-libipa-hbac_2.9.4-1.1ubuntu5_arm64.deb ... 179s Unpacking python3-libipa-hbac (2.9.4-1.1ubuntu5) ... 179s Selecting previously unselected package python3-libsss-nss-idmap. 179s Preparing to unpack .../63-python3-libsss-nss-idmap_2.9.4-1.1ubuntu5_arm64.deb ... 179s Unpacking python3-libsss-nss-idmap (2.9.4-1.1ubuntu5) ... 179s Selecting previously unselected package autopkgtest-satdep. 179s Preparing to unpack .../64-1-autopkgtest-satdep.deb ... 179s Unpacking autopkgtest-satdep (0) ... 179s Setting up libpwquality-common (1.4.5-3) ... 179s Setting up libnfsidmap1:arm64 (1:2.6.4-3ubuntu4) ... 179s Setting up libsss-idmap0 (2.9.4-1.1ubuntu5) ... 179s Setting up libbasicobjects0t64:arm64 (0.6.2-2.1build1) ... 179s Setting up libipa-hbac0t64 (2.9.4-1.1ubuntu5) ... 179s Setting up libsss-idmap-dev (2.9.4-1.1ubuntu5) ... 179s Setting up libref-array1t64:arm64 (0.6.2-2.1build1) ... 179s Setting up libipa-hbac-dev (2.9.4-1.1ubuntu5) ... 179s Setting up libtdb1:arm64 (1.4.10-1) ... 179s Setting up libcollection4t64:arm64 (0.6.2-2.1build1) ... 179s Setting up libevent-2.1-7t64:arm64 (2.1.12-stable-9ubuntu2) ... 179s Setting up libc-ares2:arm64 (1.27.0-1) ... 179s Setting up ldap-utils (2.6.7+dfsg-1~exp1ubuntu8) ... 179s Setting up libjose0:arm64 (13-1) ... 179s Setting up libwbclient0:arm64 (2:4.19.5+dfsg-4ubuntu8) ... 179s Setting up libtalloc2:arm64 (2.4.2-1build2) ... 179s Setting up libpath-utils1t64:arm64 (0.6.2-2.1build1) ... 179s Setting up libavahi-common-data:arm64 (0.8-13ubuntu5) ... 179s Setting up libdhash1t64:arm64 (0.6.2-2.1build1) ... 179s Setting up libtcl8.6:arm64 (8.6.14+dfsg-1build1) ... 179s Setting up libltdl7:arm64 (2.4.7-7) ... 179s Setting up libcrack2:arm64 (2.9.6-5.1build2) ... 179s Setting up libodbc2:arm64 (2.3.12-1build2) ... 179s Setting up python3-libipa-hbac (2.9.4-1.1ubuntu5) ... 179s Setting up libnss-sudo (1.9.15p5-3ubuntu4) ... 179s Setting up libsss-nss-idmap0 (2.9.4-1.1ubuntu5) ... 179s Setting up libini-config5t64:arm64 (0.6.2-2.1build1) ... 179s Setting up libtevent0t64:arm64 (0.16.1-2build1) ... 179s Setting up libnss-sss:arm64 (2.9.4-1.1ubuntu5) ... 179s Setting up slapd (2.6.7+dfsg-1~exp1ubuntu8) ... 179s Creating new user openldap... done. 179s Creating initial configuration... done. 179s Creating LDAP directory... done. 180s Setting up tcl8.6 (8.6.14+dfsg-1build1) ... 180s Setting up libsss-sudo (2.9.4-1.1ubuntu5) ... 180s Setting up libsss-nss-idmap-dev (2.9.4-1.1ubuntu5) ... 180s Setting up libavahi-common3:arm64 (0.8-13ubuntu5) ... 180s Setting up tcl-expect:arm64 (5.45.4-2build1) ... 180s Setting up libsss-certmap0 (2.9.4-1.1ubuntu5) ... 180s Setting up libpwquality1:arm64 (1.4.5-3) ... 180s Setting up python3-libsss-nss-idmap (2.9.4-1.1ubuntu5) ... 180s Setting up libldb2:arm64 (2:2.8.0+samba4.19.5+dfsg-4ubuntu8) ... 180s Setting up libavahi-client3:arm64 (0.8-13ubuntu5) ... 180s Setting up expect (5.45.4-2build1) ... 180s Setting up libpam-pwquality:arm64 (1.4.5-3) ... 180s Setting up samba-libs:arm64 (2:4.19.5+dfsg-4ubuntu8) ... 180s Setting up libsss-certmap-dev (2.9.4-1.1ubuntu5) ... 180s Setting up python3-sss (2.9.4-1.1ubuntu5) ... 180s Setting up libsmbclient0:arm64 (2:4.19.5+dfsg-4ubuntu8) ... 180s Setting up libpam-sss:arm64 (2.9.4-1.1ubuntu5) ... 180s Setting up sssd-common (2.9.4-1.1ubuntu5) ... 180s Creating SSSD system user & group... 180s warn: The home directory `/var/lib/sss' already exists. Not touching this directory. 180s warn: Warning: The home directory `/var/lib/sss' does not belong to the user you are currently creating. 180s Warning: found usr.sbin.sssd in /etc/apparmor.d/force-complain, forcing complain mode 180s Warning from /etc/apparmor.d/usr.sbin.sssd (/etc/apparmor.d/usr.sbin.sssd line 63): Caching disabled for: 'usr.sbin.sssd' due to force complain 181s Created symlink /etc/systemd/system/sssd.service.wants/sssd-autofs.socket → /usr/lib/systemd/system/sssd-autofs.socket. 181s Created symlink /etc/systemd/system/sssd.service.wants/sssd-nss.socket → /usr/lib/systemd/system/sssd-nss.socket. 181s Created symlink /etc/systemd/system/sssd.service.wants/sssd-pam-priv.socket → /usr/lib/systemd/system/sssd-pam-priv.socket. 181s Created symlink /etc/systemd/system/sssd.service.wants/sssd-pam.socket → /usr/lib/systemd/system/sssd-pam.socket. 181s Created symlink /etc/systemd/system/sssd.service.wants/sssd-ssh.socket → /usr/lib/systemd/system/sssd-ssh.socket. 182s Created symlink /etc/systemd/system/sssd.service.wants/sssd-sudo.socket → /usr/lib/systemd/system/sssd-sudo.socket. 182s Created symlink /etc/systemd/system/multi-user.target.wants/sssd.service → /usr/lib/systemd/system/sssd.service. 182s sssd-autofs.service is a disabled or a static unit, not starting it. 182s sssd-nss.service is a disabled or a static unit, not starting it. 182s sssd-pam.service is a disabled or a static unit, not starting it. 182s sssd-ssh.service is a disabled or a static unit, not starting it. 182s sssd-sudo.service is a disabled or a static unit, not starting it. 182s Could not execute systemctl: at /usr/bin/deb-systemd-invoke line 148. 182s Setting up sssd-proxy (2.9.4-1.1ubuntu5) ... 182s Setting up sssd-kcm (2.9.4-1.1ubuntu5) ... 182s Created symlink /etc/systemd/system/sockets.target.wants/sssd-kcm.socket → /usr/lib/systemd/system/sssd-kcm.socket. 183s sssd-kcm.service is a disabled or a static unit, not starting it. 183s Setting up sssd-dbus (2.9.4-1.1ubuntu5) ... 183s sssd-ifp.service is a disabled or a static unit, not starting it. 183s Setting up sssd-ad-common (2.9.4-1.1ubuntu5) ... 183s Created symlink /etc/systemd/system/sssd.service.wants/sssd-pac.socket → /usr/lib/systemd/system/sssd-pac.socket. 184s sssd-pac.service is a disabled or a static unit, not starting it. 184s Could not execute systemctl: at /usr/bin/deb-systemd-invoke line 148. 184s Setting up sssd-krb5-common (2.9.4-1.1ubuntu5) ... 184s Setting up sssd-krb5 (2.9.4-1.1ubuntu5) ... 184s Setting up sssd-ldap (2.9.4-1.1ubuntu5) ... 184s Setting up sssd-ad (2.9.4-1.1ubuntu5) ... 184s Setting up sssd-tools (2.9.4-1.1ubuntu5) ... 184s Setting up sssd-ipa (2.9.4-1.1ubuntu5) ... 184s Setting up sssd (2.9.4-1.1ubuntu5) ... 184s Setting up libverto-libevent1t64:arm64 (0.3.1-1.2ubuntu3) ... 184s Setting up libverto1t64:arm64 (0.3.1-1.2ubuntu3) ... 184s Setting up libkrad0:arm64 (1.20.1-6ubuntu2) ... 184s Setting up sssd-passkey (2.9.4-1.1ubuntu5) ... 184s Setting up sssd-idp (2.9.4-1.1ubuntu5) ... 184s Setting up autopkgtest-satdep (0) ... 184s Processing triggers for libc-bin (2.39-0ubuntu8) ... 184s Processing triggers for ufw (0.36.2-5) ... 184s Processing triggers for man-db (2.12.0-4build1) ... 185s Processing triggers for dbus (1.14.10-4ubuntu3) ... 195s (Reading database ... 79044 files and directories currently installed.) 195s Removing autopkgtest-satdep (0) ... 197s autopkgtest [17:21:50]: test ldap-user-group-ldap-auth: [----------------------- 197s + . debian/tests/util 197s + . debian/tests/common-tests 197s + mydomain=example.com 197s + myhostname=ldap.example.com 197s + mysuffix=dc=example,dc=com 197s + admin_dn=cn=admin,dc=example,dc=com 197s + admin_pw=secret 197s + ldap_user=testuser1 197s + ldap_user_pw=testuser1secret 197s + ldap_group=ldapusers 197s + adjust_hostname ldap.example.com 197s + local myhostname=ldap.example.com 197s + echo ldap.example.com 197s + hostname ldap.example.com 197s + grep -qE ldap.example.com /etc/hosts 198s + echo 127.0.1.10 ldap.example.com 198s + reconfigure_slapd 198s + debconf-set-selections 198s + rm -rf /var/backups/*slapd* /var/backups/unknown*ldapdb 198s + dpkg-reconfigure -fnoninteractive -pcritical slapd 198s Backing up /etc/ldap/slapd.d in /var/backups/slapd-2.6.7+dfsg-1~exp1ubuntu8... done. 198s Moving old database directory to /var/backups: 198s - directory unknown... done. 198s Creating initial configuration... done. 198s Creating LDAP directory... done. 198s + generate_certs ldap.example.com 198s + local cn=ldap.example.com 198s + local cert=/etc/ldap/server.pem 198s + local key=/etc/ldap/server.key 198s + local cnf=/etc/ldap/openssl.cnf 198s + cat 198s + openssl req -new -x509 -nodes -out /etc/ldap/server.pem -keyout /etc/ldap/server.key -config /etc/ldap/openssl.cnf 198s ............................................................++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 198s ......++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 198s ----- 198s + chmod 0640 /etc/ldap/server.key 198s + chgrp openldap /etc/ldap/server.key 198s + [ ! -f /etc/ldap/server.pem ] 198s + [ ! -f /etc/ldap/server.key ] 198s + enable_ldap_ssl 198s + cat 198s + + ldapmodify -H ldapi:/// -Y EXTERNAL -Q 198s cat 198s + populate_ldap_rfc2307 198s modifying entry "cn=config" 198s 198s + + cat 198s ldapadd -x -D cn=admin,dc=example,dc=com -w secret 198s adding new entry "ou=People,dc=example,dc=com" 198s 198s adding new entry "ou=Group,dc=example,dc=com" 198s 198s adding new entry "uid=testuser1,ou=People,dc=example,dc=com" 198s 198s adding new entry "cn=testuser1,ou=Group,dc=example,dc=com" 198s 198s adding new entry "cn=ldapusers,ou=Group,dc=example,dc=com" 198s 198s + configure_sssd_ldap_rfc2307 198s + cat 198s + chmod 0600 /etc/sssd/sssd.conf 198s + systemctl restart sssd 199s + enable_pam_mkhomedir 199s + grep -qE ^session.*pam_mkhomedir\.so /etc/pam.d/common-session 199s Assert local user databases do not have our LDAP test data 199s + echo session optional pam_mkhomedir.so 199s + run_common_tests 199s + echo Assert local user databases do not have our LDAP test data 199s + check_local_user testuser1 199s + local local_user=testuser1 199s + grep -q ^testuser1 /etc/passwd 199s + check_local_group testuser1 199s + local local_group=testuser1 199s + grep -q ^testuser1 /etc/group 199s + check_local_group ldapusers 199s + local local_group=ldapusers 199s + grep -q ^ldapusers /etc/group 199s + echo The LDAP user is known to the system via getent 199s + check_getent_user testuser1 199s + local getent_user=testuser1 199s + local output 199s + getent passwd testuser1 199s The LDAP user is known to the system via getent 199s + output=testuser1:*:10001:10001:testuser1:/home/testuser1:/bin/bash 199s + [ -z testuser1:*:10001:10001:testuser1:/home/testuser1:/bin/bash ] 199s + echo The LDAP user's private group is known to the system via getent 199s The LDAP user's private group is known to the system via getent 199s + check_getent_group testuser1 199s + local getent_group=testuser1 199s + local output 199s + getent group testuser1 199s + output=testuser1:*:10001:testuser1 199s + [ -z testuser1:*:10001:testuser1 ] 199s + echo The LDAP group ldapusers is known to the system via getent 199s + check_getent_group ldapusers 199s + local getent_group=ldapusers 199s + local output 199s The LDAP group ldapusers is known to the system via getent 199s + getent group ldapusers 199s + output=ldapusers:*:10100:testuser1 199s + [ -z ldapusers:*:10100:testuser1 ] 199s + echo The id(1) command can resolve the group membership of the LDAP user 199s The id(1) command can resolve the group membership of the LDAP user 199s + id -Gn testuser1 199s + output=testuser1 ldapusers 199s + [ testuser1 ldapusers != testuser1 ldapusers ] 199s + echo The LDAP user can login on a terminal 199s The LDAP user can login on a terminal 199s + /usr/bin/expect -f debian/tests/login.exp testuser1 testuser1secret 199s spawn login 199s ldap.example.com login: testuser1 199s Password: 199s Welcome to Ubuntu Noble Numbat (development branch) (GNU/Linux 6.8.0-22-generic aarch64) 199s 199s * Documentation: https://help.ubuntu.com 199s * Management: https://landscape.canonical.com 199s * Support: https://ubuntu.com/pro 199s 199s 199s The programs included with the Ubuntu system are free software; 199s the exact distribution terms for each program are described in the 199s individual files in /usr/share/doc/*/copyright. 199s 199s Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by 199s applicable law. 199s 199s 199s The programs included with the Ubuntu system are free software; 199s the exact distribution terms for each program are described in the 199s individual files in /usr/share/doc/*/copyright. 199s 199s Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by 199s applicable law. 199s 199s Creating directory '/home/testuser1'. 199s [?2004htestuser1@ldap:~$ id -un 199s [?2004l testuser1 199s [?2004htestuser1@ldap:~$ autopkgtest [17:21:52]: test ldap-user-group-ldap-auth: -----------------------] 200s autopkgtest [17:21:53]: test ldap-user-group-ldap-auth: - - - - - - - - - - results - - - - - - - - - - 200s ldap-user-group-ldap-auth PASS 200s autopkgtest [17:21:53]: test ldap-user-group-krb5-auth: preparing testbed 203s Reading package lists... 203s Building dependency tree... 203s Reading state information... 204s Starting pkgProblemResolver with broken count: 0 204s Starting 2 pkgProblemResolver with broken count: 0 204s Done 204s The following additional packages will be installed: 204s krb5-admin-server krb5-config krb5-kdc krb5-user libgssrpc4t64 204s libkadm5clnt-mit12 libkadm5srv-mit12 libkdb5-10t64 204s Suggested packages: 204s krb5-kdc-ldap krb5-kpropd krb5-k5tls krb5-doc 204s The following NEW packages will be installed: 204s autopkgtest-satdep krb5-admin-server krb5-config krb5-kdc krb5-user 204s libgssrpc4t64 libkadm5clnt-mit12 libkadm5srv-mit12 libkdb5-10t64 204s 0 upgraded, 9 newly installed, 0 to remove and 0 not upgraded. 204s Need to get 597 kB/598 kB of archives. 204s After this operation, 2914 kB of additional disk space will be used. 204s Get:1 /tmp/autopkgtest.ecjSaf/2-autopkgtest-satdep.deb autopkgtest-satdep arm64 0 [888 B] 204s Get:2 http://ftpmaster.internal/ubuntu noble/main arm64 krb5-config all 2.7 [22.0 kB] 205s Get:3 http://ftpmaster.internal/ubuntu noble-proposed/main arm64 libgssrpc4t64 arm64 1.20.1-6ubuntu2 [57.9 kB] 205s Get:4 http://ftpmaster.internal/ubuntu noble-proposed/main arm64 libkadm5clnt-mit12 arm64 1.20.1-6ubuntu2 [40.0 kB] 205s Get:5 http://ftpmaster.internal/ubuntu noble-proposed/main arm64 libkdb5-10t64 arm64 1.20.1-6ubuntu2 [40.5 kB] 205s Get:6 http://ftpmaster.internal/ubuntu noble-proposed/main arm64 libkadm5srv-mit12 arm64 1.20.1-6ubuntu2 [53.4 kB] 205s Get:7 http://ftpmaster.internal/ubuntu noble-proposed/main arm64 krb5-user arm64 1.20.1-6ubuntu2 [108 kB] 205s Get:8 http://ftpmaster.internal/ubuntu noble-proposed/universe arm64 krb5-kdc arm64 1.20.1-6ubuntu2 [180 kB] 205s Get:9 http://ftpmaster.internal/ubuntu noble-proposed/universe arm64 krb5-admin-server arm64 1.20.1-6ubuntu2 [94.9 kB] 205s Preconfiguring packages ... 206s Fetched 597 kB in 1s (942 kB/s) 206s Selecting previously unselected package krb5-config. 206s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 79044 files and directories currently installed.) 206s Preparing to unpack .../0-krb5-config_2.7_all.deb ... 206s Unpacking krb5-config (2.7) ... 206s Selecting previously unselected package libgssrpc4t64:arm64. 206s Preparing to unpack .../1-libgssrpc4t64_1.20.1-6ubuntu2_arm64.deb ... 206s Unpacking libgssrpc4t64:arm64 (1.20.1-6ubuntu2) ... 206s Selecting previously unselected package libkadm5clnt-mit12:arm64. 206s Preparing to unpack .../2-libkadm5clnt-mit12_1.20.1-6ubuntu2_arm64.deb ... 206s Unpacking libkadm5clnt-mit12:arm64 (1.20.1-6ubuntu2) ... 206s Selecting previously unselected package libkdb5-10t64:arm64. 206s Preparing to unpack .../3-libkdb5-10t64_1.20.1-6ubuntu2_arm64.deb ... 206s Unpacking libkdb5-10t64:arm64 (1.20.1-6ubuntu2) ... 207s Selecting previously unselected package libkadm5srv-mit12:arm64. 207s Preparing to unpack .../4-libkadm5srv-mit12_1.20.1-6ubuntu2_arm64.deb ... 207s Unpacking libkadm5srv-mit12:arm64 (1.20.1-6ubuntu2) ... 207s Selecting previously unselected package krb5-user. 207s Preparing to unpack .../5-krb5-user_1.20.1-6ubuntu2_arm64.deb ... 207s Unpacking krb5-user (1.20.1-6ubuntu2) ... 207s Selecting previously unselected package krb5-kdc. 207s Preparing to unpack .../6-krb5-kdc_1.20.1-6ubuntu2_arm64.deb ... 207s Unpacking krb5-kdc (1.20.1-6ubuntu2) ... 207s Selecting previously unselected package krb5-admin-server. 207s Preparing to unpack .../7-krb5-admin-server_1.20.1-6ubuntu2_arm64.deb ... 207s Unpacking krb5-admin-server (1.20.1-6ubuntu2) ... 207s Selecting previously unselected package autopkgtest-satdep. 207s Preparing to unpack .../8-2-autopkgtest-satdep.deb ... 207s Unpacking autopkgtest-satdep (0) ... 207s Setting up libgssrpc4t64:arm64 (1.20.1-6ubuntu2) ... 207s Setting up krb5-config (2.7) ... 207s Setting up libkadm5clnt-mit12:arm64 (1.20.1-6ubuntu2) ... 207s Setting up libkdb5-10t64:arm64 (1.20.1-6ubuntu2) ... 207s Setting up libkadm5srv-mit12:arm64 (1.20.1-6ubuntu2) ... 207s Setting up krb5-user (1.20.1-6ubuntu2) ... 207s update-alternatives: using /usr/bin/kinit.mit to provide /usr/bin/kinit (kinit) in auto mode 207s update-alternatives: using /usr/bin/klist.mit to provide /usr/bin/klist (klist) in auto mode 207s update-alternatives: using /usr/bin/kswitch.mit to provide /usr/bin/kswitch (kswitch) in auto mode 207s update-alternatives: using /usr/bin/ksu.mit to provide /usr/bin/ksu (ksu) in auto mode 207s update-alternatives: using /usr/bin/kpasswd.mit to provide /usr/bin/kpasswd (kpasswd) in auto mode 207s update-alternatives: using /usr/bin/kdestroy.mit to provide /usr/bin/kdestroy (kdestroy) in auto mode 207s update-alternatives: using /usr/bin/kadmin.mit to provide /usr/bin/kadmin (kadmin) in auto mode 207s update-alternatives: using /usr/bin/ktutil.mit to provide /usr/bin/ktutil (ktutil) in auto mode 207s Setting up krb5-kdc (1.20.1-6ubuntu2) ... 207s Created symlink /etc/systemd/system/multi-user.target.wants/krb5-kdc.service → /usr/lib/systemd/system/krb5-kdc.service. 208s Could not execute systemctl: at /usr/bin/deb-systemd-invoke line 148. 208s Setting up krb5-admin-server (1.20.1-6ubuntu2) ... 208s Created symlink /etc/systemd/system/multi-user.target.wants/krb5-admin-server.service → /usr/lib/systemd/system/krb5-admin-server.service. 209s Setting up autopkgtest-satdep (0) ... 209s Processing triggers for man-db (2.12.0-4build1) ... 209s Processing triggers for libc-bin (2.39-0ubuntu8) ... 217s (Reading database ... 79139 files and directories currently installed.) 217s Removing autopkgtest-satdep (0) ... 225s autopkgtest [17:22:18]: test ldap-user-group-krb5-auth: [----------------------- 225s + . debian/tests/util 225s + . debian/tests/common-tests 225s + mydomain=example.com 225s + myhostname=ldap.example.com 225s + mysuffix=dc=example,dc=com 225s + myrealm=EXAMPLE.COM 225s + admin_dn=cn=admin,dc=example,dc=com 225s + admin_pw=secret 225s + ldap_user=testuser1 225s + ldap_user_pw=testuser1secret 225s + kerberos_principal_pw=testuser1kerberos 225s + ldap_group=ldapusers 225s + adjust_hostname ldap.example.com 225s + local myhostname=ldap.example.com 225s + echo ldap.example.com 225s + hostname ldap.example.com 225s + grep -qE ldap.example.com /etc/hosts 225s + reconfigure_slapd 225s + debconf-set-selections 225s + rm -rf /var/backups/slapd-2.6.7+dfsg-1~exp1ubuntu8 /var/backups/unknown-2.6.7+dfsg-1~exp1ubuntu8-20240411-172151.ldapdb 225s + dpkg-reconfigure -fnoninteractive -pcritical slapd 226s Backing up /etc/ldap/slapd.d in /var/backups/slapd-2.6.7+dfsg-1~exp1ubuntu8... done. 226s Moving old database directory to /var/backups: 226s - directory unknown... done. 226s Creating initial configuration... done. 226s Creating LDAP directory... done. 226s + generate_certs ldap.example.com 226s + local cn=ldap.example.com 226s + local cert=/etc/ldap/server.pem 226s + local key=/etc/ldap/server.key 226s + local cnf=/etc/ldap/openssl.cnf 226s + cat 226s + openssl req -new -x509 -nodes -out /etc/ldap/server.pem -keyout /etc/ldap/server.key -config /etc/ldap/openssl.cnf 226s ......++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 226s ......................++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 226s ----- 226s + chmod 0640 /etc/ldap/server.key 226s + chgrp openldap /etc/ldap/server.key 226s + [ ! -f /etc/ldap/server.pem ] 226s + [ ! -f /etc/ldap/server.key ] 226s + enable_ldap_ssl 226s + cat 226s + + ldapmodify -H ldapi:/// -Y EXTERNAL -Q 226s cat 226s + populate_ldap_rfc2307 226s + + cat 226s ldapadd -x -D cn=admin,dc=example,dc=com -w secret 226s + create_realm EXAMPLE.COM ldap.example.com 226s + local realm_name=EXAMPLE.COM 226s + local kerberos_server=ldap.example.com 226s + rm -rf /var/lib/krb5kdc/* 226s + rm -rf /etc/krb5kdc/kdc.conf 226s + rm -f /etc/krb5.keytab 226s + cat 226s + cat 226s modifying entry "cn=config" 226s 226s adding new entry "ou=People,dc=example,dc=com" 226s 226s adding new entry "ou=Group,dc=example,dc=com" 226s 226s adding new entry "uid=testuser1,ou=People,dc=example,dc=com" 226s 226s adding new entry "cn=testuser1,ou=Group,dc=example,dc=com" 226s 226s adding new entry "cn=ldapusers,ou=Group,dc=example,dc=com" 226s 226s + echo # */admin * 226s + kdb5_util create -s -P secretpassword 226s + systemctl restart krb5-kdc.service krb5-admin-server.service 226s Initializing database '/var/lib/krb5kdc/principal' for realm 'EXAMPLE.COM', 226s master key name 'K/M@EXAMPLE.COM' 226s + create_krb_principal testuser1 testuser1kerberos 226s + local principal=testuser1 226s + local password=testuser1kerberos 226s + kadmin.local -q addprinc -pw testuser1kerberos testuser1 226s No policy specified for testuser1@EXAMPLE.COM; defaulting to no policy 226s Authenticating as principal root/admin@EXAMPLE.COM with password. 226s Principal "testuser1@EXAMPLE.COM" created. 226s + configure_sssd_ldap_rfc2307_krb5_auth 226s + cat 226s + chmod 0600 /etc/sssd/sssd.conf 226s + systemctl restart sssd 226s + enable_pam_mkhomedir 226s + grep -qE ^session.*pam_mkhomedir\.so /etc/pam.d/common-session 226s + run_common_tests 226s + echo Assert local user databases do not have our LDAP test data 226s + check_local_user testuser1 226s + local local_user=testuser1 226s + grep -q ^testuser1 /etc/passwd 226s Assert local user databases do not have our LDAP test data 226s + check_local_group testuser1 226s + local local_group=testuser1 226s + grep -q ^testuser1 /etc/group 226s + check_local_group ldapusers 226s + local local_group=ldapusers 226s + grep -q ^ldapusers /etc/group 226s + echo The LDAP user is known to the system via getent 226s + check_getent_user testuser1 226s + local getent_user=testuser1 226s + local output 226s + The LDAP user is known to the system via getent 226s getent passwd testuser1 226s The LDAP user's private group is known to the system via getent 226s + output=testuser1:*:10001:10001:testuser1:/home/testuser1:/bin/bash 226s + [ -z testuser1:*:10001:10001:testuser1:/home/testuser1:/bin/bash ] 226s + echo The LDAP user's private group is known to the system via getent 226s + check_getent_group testuser1 226s + local getent_group=testuser1 226s + local output 226s + getent group testuser1 226s + output=testuser1:*:10001:testuser1 226s + [ -z testuser1:*:10001:testuser1 ] 226s + echo The LDAP group ldapusers is known to the system via getent 227s + check_getent_group ldapusers 227s + local getent_group=ldapusers 227s + local output 227s + getent group ldapusers 227s + output=ldapusers:*:10100:testuser1 227s + [ -z ldapusers:*:10100:testuser1 ] 227s + echo The id(1) command can resolve the group membership of the LDAP user 227s + id -Gn testuser1 227s The LDAP group ldapusers is known to the system via getent 227s The id(1) command can resolve the group membership of the LDAP user 227s + output=testuser1 ldapusers 227s + [ testuser1 ldapusers != testuser1 ldapusers ] 227s + echo The Kerberos principal can login on a terminal 227s + kdestroy 227s + /usr/bin/expect -f debian/tests/login.exp testuser1 testuser1kerberos testuser1@EXAMPLE.COM 227s The Kerberos principal can login on a terminal 227s spawn login 227s ldap.example.com login: testuser1 227s Password: 227s Welcome to Ubuntu Noble Numbat (development branch) (GNU/Linux 6.8.0-22-generic aarch64) 227s 227s * Documentation: https://help.ubuntu.com 227s * Management: https://landscape.canonical.com 227s * Support: https://ubuntu.com/pro 227s 227s 227s The programs included with the Ubuntu system are free software; 227s the exact distribution terms for each program are described in the 227s individual files in /usr/share/doc/*/copyright. 227s 227s Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by 227s applicable law. 227s 227s [?2004htestuser1@ldap:~$ id -un 227s [?2004l testuser1 227s [?2004htestuser1@ldap:~$ klist 227s [?2004l Ticket cache: FILE:/tmp/krb5cc_10001_po9pSy 227s Default principal: testuser1@EXAMPLE.COMautopkgtest [17:22:20]: test ldap-user-group-krb5-auth: -----------------------] 228s autopkgtest [17:22:21]: test ldap-user-group-krb5-auth: - - - - - - - - - - results - - - - - - - - - - 228s ldap-user-group-krb5-auth PASS 228s autopkgtest [17:22:21]: test sssd-softhism2-certificates-tests.sh: preparing testbed 351s autopkgtest [17:24:24]: testbed dpkg architecture: arm64 351s autopkgtest [17:24:24]: testbed apt version: 2.7.14build2 351s autopkgtest [17:24:24]: @@@@@@@@@@@@@@@@@@@@ test bed setup 352s Get:1 http://ftpmaster.internal/ubuntu noble-proposed InRelease [117 kB] 352s Get:2 http://ftpmaster.internal/ubuntu noble-proposed/main Sources [337 kB] 353s Get:3 http://ftpmaster.internal/ubuntu noble-proposed/universe Sources [687 kB] 353s Get:4 http://ftpmaster.internal/ubuntu noble-proposed/restricted Sources [13.2 kB] 353s Get:5 http://ftpmaster.internal/ubuntu noble-proposed/multiverse Sources [6492 B] 353s Get:6 http://ftpmaster.internal/ubuntu noble-proposed/main arm64 Packages [376 kB] 353s Get:7 http://ftpmaster.internal/ubuntu noble-proposed/main arm64 c-n-f Metadata [3144 B] 353s Get:8 http://ftpmaster.internal/ubuntu noble-proposed/restricted arm64 Packages [91.6 kB] 353s Get:9 http://ftpmaster.internal/ubuntu noble-proposed/restricted arm64 c-n-f Metadata [116 B] 353s Get:10 http://ftpmaster.internal/ubuntu noble-proposed/universe arm64 Packages [771 kB] 353s Get:11 http://ftpmaster.internal/ubuntu noble-proposed/universe arm64 c-n-f Metadata [8528 B] 353s Get:12 http://ftpmaster.internal/ubuntu noble-proposed/multiverse arm64 Packages [2596 B] 353s Get:13 http://ftpmaster.internal/ubuntu noble-proposed/multiverse arm64 c-n-f Metadata [116 B] 357s Fetched 2414 kB in 1s (2241 kB/s) 357s Reading package lists... 361s Reading package lists... 361s Building dependency tree... 361s Reading state information... 361s Calculating upgrade... 361s The following packages will be upgraded: 361s curl libcurl3t64-gnutls libcurl4t64 361s 3 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 361s Need to get 881 kB of archives. 361s After this operation, 0 B of additional disk space will be used. 361s Get:1 http://ftpmaster.internal/ubuntu noble-proposed/main arm64 curl arm64 8.5.0-2ubuntu10 [222 kB] 361s Get:2 http://ftpmaster.internal/ubuntu noble-proposed/main arm64 libcurl4t64 arm64 8.5.0-2ubuntu10 [333 kB] 361s Get:3 http://ftpmaster.internal/ubuntu noble-proposed/main arm64 libcurl3t64-gnutls arm64 8.5.0-2ubuntu10 [327 kB] 361s Fetched 881 kB in 1s (1618 kB/s) 361s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 77750 files and directories currently installed.) 361s Preparing to unpack .../curl_8.5.0-2ubuntu10_arm64.deb ... 361s Unpacking curl (8.5.0-2ubuntu10) over (8.5.0-2ubuntu9) ... 361s Preparing to unpack .../libcurl4t64_8.5.0-2ubuntu10_arm64.deb ... 361s Unpacking libcurl4t64:arm64 (8.5.0-2ubuntu10) over (8.5.0-2ubuntu9) ... 361s Preparing to unpack .../libcurl3t64-gnutls_8.5.0-2ubuntu10_arm64.deb ... 361s Unpacking libcurl3t64-gnutls:arm64 (8.5.0-2ubuntu10) over (8.5.0-2ubuntu9) ... 361s Setting up libcurl4t64:arm64 (8.5.0-2ubuntu10) ... 361s Setting up libcurl3t64-gnutls:arm64 (8.5.0-2ubuntu10) ... 361s Setting up curl (8.5.0-2ubuntu10) ... 361s Processing triggers for man-db (2.12.0-4build1) ... 362s Processing triggers for libc-bin (2.39-0ubuntu8) ... 362s Reading package lists... 362s Building dependency tree... 362s Reading state information... 363s 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 363s Hit:1 http://ftpmaster.internal/ubuntu noble-proposed InRelease 363s Hit:2 http://ftpmaster.internal/ubuntu noble InRelease 363s Hit:3 http://ftpmaster.internal/ubuntu noble-updates InRelease 363s Hit:4 http://ftpmaster.internal/ubuntu noble-security InRelease 366s Reading package lists... 366s Reading package lists... 366s Building dependency tree... 366s Reading state information... 366s Calculating upgrade... 366s 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 366s Reading package lists... 366s Building dependency tree... 366s Reading state information... 367s 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 373s Reading package lists... 374s Building dependency tree... 374s Reading state information... 374s Starting pkgProblemResolver with broken count: 0 374s Starting 2 pkgProblemResolver with broken count: 0 374s Done 375s The following additional packages will be installed: 375s gnutls-bin libavahi-client3 libavahi-common-data libavahi-common3 375s libbasicobjects0t64 libc-ares2 libcollection4t64 libcrack2 libdhash1t64 375s libevent-2.1-7t64 libgnutls-dane0t64 libini-config5t64 libipa-hbac0t64 375s libldb2 libnfsidmap1 libnss-sss libpam-pwquality libpam-sss 375s libpath-utils1t64 libpwquality-common libpwquality1 libref-array1t64 375s libsmbclient0 libsofthsm2 libsss-certmap0 libsss-idmap0 libsss-nss-idmap0 375s libtalloc2 libtdb1 libtevent0t64 libunbound8 libwbclient0 python3-sss 375s samba-libs softhsm2 softhsm2-common sssd sssd-ad sssd-ad-common sssd-common 375s sssd-ipa sssd-krb5 sssd-krb5-common sssd-ldap sssd-proxy 375s Suggested packages: 375s dns-root-data adcli libsss-sudo sssd-tools libsasl2-modules-ldap 375s Recommended packages: 375s cracklib-runtime libsasl2-modules-gssapi-mit 375s | libsasl2-modules-gssapi-heimdal ldap-utils 375s The following NEW packages will be installed: 375s autopkgtest-satdep gnutls-bin libavahi-client3 libavahi-common-data 375s libavahi-common3 libbasicobjects0t64 libc-ares2 libcollection4t64 libcrack2 375s libdhash1t64 libevent-2.1-7t64 libgnutls-dane0t64 libini-config5t64 375s libipa-hbac0t64 libldb2 libnfsidmap1 libnss-sss libpam-pwquality libpam-sss 375s libpath-utils1t64 libpwquality-common libpwquality1 libref-array1t64 375s libsmbclient0 libsofthsm2 libsss-certmap0 libsss-idmap0 libsss-nss-idmap0 375s libtalloc2 libtdb1 libtevent0t64 libunbound8 libwbclient0 python3-sss 375s samba-libs softhsm2 softhsm2-common sssd sssd-ad sssd-ad-common sssd-common 375s sssd-ipa sssd-krb5 sssd-krb5-common sssd-ldap sssd-proxy 375s 0 upgraded, 46 newly installed, 0 to remove and 0 not upgraded. 375s Need to get 10.1 MB/10.1 MB of archives. 375s After this operation, 48.7 MB of additional disk space will be used. 375s Get:1 /tmp/autopkgtest.ecjSaf/3-autopkgtest-satdep.deb autopkgtest-satdep arm64 0 [744 B] 375s Get:2 http://ftpmaster.internal/ubuntu noble/main arm64 libevent-2.1-7t64 arm64 2.1.12-stable-9ubuntu2 [140 kB] 375s Get:3 http://ftpmaster.internal/ubuntu noble/main arm64 libunbound8 arm64 1.19.2-1ubuntu3 [424 kB] 375s Get:4 http://ftpmaster.internal/ubuntu noble/main arm64 libgnutls-dane0t64 arm64 3.8.3-1.1ubuntu3 [23.5 kB] 375s Get:5 http://ftpmaster.internal/ubuntu noble/universe arm64 gnutls-bin arm64 3.8.3-1.1ubuntu3 [267 kB] 375s Get:6 http://ftpmaster.internal/ubuntu noble/main arm64 libavahi-common-data arm64 0.8-13ubuntu5 [29.6 kB] 375s Get:7 http://ftpmaster.internal/ubuntu noble/main arm64 libavahi-common3 arm64 0.8-13ubuntu5 [23.3 kB] 375s Get:8 http://ftpmaster.internal/ubuntu noble/main arm64 libavahi-client3 arm64 0.8-13ubuntu5 [27.2 kB] 375s Get:9 http://ftpmaster.internal/ubuntu noble/main arm64 libbasicobjects0t64 arm64 0.6.2-2.1build1 [5850 B] 375s Get:10 http://ftpmaster.internal/ubuntu noble/main arm64 libcollection4t64 arm64 0.6.2-2.1build1 [23.5 kB] 375s Get:11 http://ftpmaster.internal/ubuntu noble/main arm64 libcrack2 arm64 2.9.6-5.1build2 [28.9 kB] 375s Get:12 http://ftpmaster.internal/ubuntu noble/main arm64 libdhash1t64 arm64 0.6.2-2.1build1 [8882 B] 375s Get:13 http://ftpmaster.internal/ubuntu noble/main arm64 libpath-utils1t64 arm64 0.6.2-2.1build1 [9120 B] 375s Get:14 http://ftpmaster.internal/ubuntu noble/main arm64 libref-array1t64 arm64 0.6.2-2.1build1 [7322 B] 375s Get:15 http://ftpmaster.internal/ubuntu noble/main arm64 libini-config5t64 arm64 0.6.2-2.1build1 [44.6 kB] 376s Get:16 http://ftpmaster.internal/ubuntu noble-proposed/main arm64 libipa-hbac0t64 arm64 2.9.4-1.1ubuntu5 [17.0 kB] 376s Get:17 http://ftpmaster.internal/ubuntu noble/main arm64 libtalloc2 arm64 2.4.2-1build2 [26.7 kB] 376s Get:18 http://ftpmaster.internal/ubuntu noble/main arm64 libtdb1 arm64 1.4.10-1 [48.4 kB] 376s Get:19 http://ftpmaster.internal/ubuntu noble/main arm64 libtevent0t64 arm64 0.16.1-2build1 [42.3 kB] 376s Get:20 http://ftpmaster.internal/ubuntu noble/main arm64 libldb2 arm64 2:2.8.0+samba4.19.5+dfsg-4ubuntu8 [188 kB] 376s Get:21 http://ftpmaster.internal/ubuntu noble/main arm64 libnfsidmap1 arm64 1:2.6.4-3ubuntu4 [48.2 kB] 376s Get:22 http://ftpmaster.internal/ubuntu noble/main arm64 libpwquality-common all 1.4.5-3 [7658 B] 376s Get:23 http://ftpmaster.internal/ubuntu noble/main arm64 libpwquality1 arm64 1.4.5-3 [13.2 kB] 376s Get:24 http://ftpmaster.internal/ubuntu noble/main arm64 libpam-pwquality arm64 1.4.5-3 [11.6 kB] 376s Get:25 http://ftpmaster.internal/ubuntu noble/main arm64 libwbclient0 arm64 2:4.19.5+dfsg-4ubuntu8 [71.4 kB] 376s Get:26 http://ftpmaster.internal/ubuntu noble/main arm64 samba-libs arm64 2:4.19.5+dfsg-4ubuntu8 [6061 kB] 377s Get:27 http://ftpmaster.internal/ubuntu noble/main arm64 libsmbclient0 arm64 2:4.19.5+dfsg-4ubuntu8 [62.1 kB] 377s Get:28 http://ftpmaster.internal/ubuntu noble/universe arm64 softhsm2-common arm64 2.6.1-2.2ubuntu3 [6196 B] 377s Get:29 http://ftpmaster.internal/ubuntu noble/universe arm64 libsofthsm2 arm64 2.6.1-2.2ubuntu3 [247 kB] 377s Get:30 http://ftpmaster.internal/ubuntu noble/universe arm64 softhsm2 arm64 2.6.1-2.2ubuntu3 [167 kB] 377s Get:31 http://ftpmaster.internal/ubuntu noble-proposed/main arm64 python3-sss arm64 2.9.4-1.1ubuntu5 [46.8 kB] 377s Get:32 http://ftpmaster.internal/ubuntu noble-proposed/main arm64 libsss-idmap0 arm64 2.9.4-1.1ubuntu5 [22.2 kB] 377s Get:33 http://ftpmaster.internal/ubuntu noble-proposed/main arm64 libnss-sss arm64 2.9.4-1.1ubuntu5 [32.0 kB] 377s Get:34 http://ftpmaster.internal/ubuntu noble-proposed/main arm64 libpam-sss arm64 2.9.4-1.1ubuntu5 [49.1 kB] 377s Get:35 http://ftpmaster.internal/ubuntu noble/main arm64 libc-ares2 arm64 1.27.0-1 [74.1 kB] 377s Get:36 http://ftpmaster.internal/ubuntu noble-proposed/main arm64 libsss-certmap0 arm64 2.9.4-1.1ubuntu5 [46.2 kB] 377s Get:37 http://ftpmaster.internal/ubuntu noble-proposed/main arm64 libsss-nss-idmap0 arm64 2.9.4-1.1ubuntu5 [30.6 kB] 377s Get:38 http://ftpmaster.internal/ubuntu noble-proposed/main arm64 sssd-common arm64 2.9.4-1.1ubuntu5 [1147 kB] 378s Get:39 http://ftpmaster.internal/ubuntu noble-proposed/main arm64 sssd-ad-common arm64 2.9.4-1.1ubuntu5 [75.4 kB] 378s Get:40 http://ftpmaster.internal/ubuntu noble-proposed/main arm64 sssd-krb5-common arm64 2.9.4-1.1ubuntu5 [87.9 kB] 378s Get:41 http://ftpmaster.internal/ubuntu noble-proposed/main arm64 sssd-ad arm64 2.9.4-1.1ubuntu5 [134 kB] 378s Get:42 http://ftpmaster.internal/ubuntu noble-proposed/main arm64 sssd-ipa arm64 2.9.4-1.1ubuntu5 [220 kB] 378s Get:43 http://ftpmaster.internal/ubuntu noble-proposed/main arm64 sssd-krb5 arm64 2.9.4-1.1ubuntu5 [14.3 kB] 378s Get:44 http://ftpmaster.internal/ubuntu noble-proposed/main arm64 sssd-ldap arm64 2.9.4-1.1ubuntu5 [31.3 kB] 378s Get:45 http://ftpmaster.internal/ubuntu noble-proposed/main arm64 sssd-proxy arm64 2.9.4-1.1ubuntu5 [44.6 kB] 378s Get:46 http://ftpmaster.internal/ubuntu noble-proposed/main arm64 sssd arm64 2.9.4-1.1ubuntu5 [4110 B] 378s Fetched 10.1 MB in 3s (3232 kB/s) 378s Selecting previously unselected package libevent-2.1-7t64:arm64. 378s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 77750 files and directories currently installed.) 378s Preparing to unpack .../00-libevent-2.1-7t64_2.1.12-stable-9ubuntu2_arm64.deb ... 378s Unpacking libevent-2.1-7t64:arm64 (2.1.12-stable-9ubuntu2) ... 378s Selecting previously unselected package libunbound8:arm64. 378s Preparing to unpack .../01-libunbound8_1.19.2-1ubuntu3_arm64.deb ... 378s Unpacking libunbound8:arm64 (1.19.2-1ubuntu3) ... 378s Selecting previously unselected package libgnutls-dane0t64:arm64. 378s Preparing to unpack .../02-libgnutls-dane0t64_3.8.3-1.1ubuntu3_arm64.deb ... 378s Unpacking libgnutls-dane0t64:arm64 (3.8.3-1.1ubuntu3) ... 378s Selecting previously unselected package gnutls-bin. 378s Preparing to unpack .../03-gnutls-bin_3.8.3-1.1ubuntu3_arm64.deb ... 378s Unpacking gnutls-bin (3.8.3-1.1ubuntu3) ... 378s Selecting previously unselected package libavahi-common-data:arm64. 378s Preparing to unpack .../04-libavahi-common-data_0.8-13ubuntu5_arm64.deb ... 378s Unpacking libavahi-common-data:arm64 (0.8-13ubuntu5) ... 378s Selecting previously unselected package libavahi-common3:arm64. 378s Preparing to unpack .../05-libavahi-common3_0.8-13ubuntu5_arm64.deb ... 378s Unpacking libavahi-common3:arm64 (0.8-13ubuntu5) ... 378s Selecting previously unselected package libavahi-client3:arm64. 378s Preparing to unpack .../06-libavahi-client3_0.8-13ubuntu5_arm64.deb ... 378s Unpacking libavahi-client3:arm64 (0.8-13ubuntu5) ... 378s Selecting previously unselected package libbasicobjects0t64:arm64. 378s Preparing to unpack .../07-libbasicobjects0t64_0.6.2-2.1build1_arm64.deb ... 378s Unpacking libbasicobjects0t64:arm64 (0.6.2-2.1build1) ... 378s Selecting previously unselected package libcollection4t64:arm64. 378s Preparing to unpack .../08-libcollection4t64_0.6.2-2.1build1_arm64.deb ... 378s Unpacking libcollection4t64:arm64 (0.6.2-2.1build1) ... 378s Selecting previously unselected package libcrack2:arm64. 378s Preparing to unpack .../09-libcrack2_2.9.6-5.1build2_arm64.deb ... 378s Unpacking libcrack2:arm64 (2.9.6-5.1build2) ... 379s Selecting previously unselected package libdhash1t64:arm64. 379s Preparing to unpack .../10-libdhash1t64_0.6.2-2.1build1_arm64.deb ... 379s Unpacking libdhash1t64:arm64 (0.6.2-2.1build1) ... 379s Selecting previously unselected package libpath-utils1t64:arm64. 379s Preparing to unpack .../11-libpath-utils1t64_0.6.2-2.1build1_arm64.deb ... 379s Unpacking libpath-utils1t64:arm64 (0.6.2-2.1build1) ... 379s Selecting previously unselected package libref-array1t64:arm64. 379s Preparing to unpack .../12-libref-array1t64_0.6.2-2.1build1_arm64.deb ... 379s Unpacking libref-array1t64:arm64 (0.6.2-2.1build1) ... 379s Selecting previously unselected package libini-config5t64:arm64. 379s Preparing to unpack .../13-libini-config5t64_0.6.2-2.1build1_arm64.deb ... 379s Unpacking libini-config5t64:arm64 (0.6.2-2.1build1) ... 379s Selecting previously unselected package libipa-hbac0t64. 379s Preparing to unpack .../14-libipa-hbac0t64_2.9.4-1.1ubuntu5_arm64.deb ... 379s Unpacking libipa-hbac0t64 (2.9.4-1.1ubuntu5) ... 379s Selecting previously unselected package libtalloc2:arm64. 379s Preparing to unpack .../15-libtalloc2_2.4.2-1build2_arm64.deb ... 379s Unpacking libtalloc2:arm64 (2.4.2-1build2) ... 379s Selecting previously unselected package libtdb1:arm64. 379s Preparing to unpack .../16-libtdb1_1.4.10-1_arm64.deb ... 379s Unpacking libtdb1:arm64 (1.4.10-1) ... 379s Selecting previously unselected package libtevent0t64:arm64. 379s Preparing to unpack .../17-libtevent0t64_0.16.1-2build1_arm64.deb ... 379s Unpacking libtevent0t64:arm64 (0.16.1-2build1) ... 379s Selecting previously unselected package libldb2:arm64. 379s Preparing to unpack .../18-libldb2_2%3a2.8.0+samba4.19.5+dfsg-4ubuntu8_arm64.deb ... 379s Unpacking libldb2:arm64 (2:2.8.0+samba4.19.5+dfsg-4ubuntu8) ... 379s Selecting previously unselected package libnfsidmap1:arm64. 379s Preparing to unpack .../19-libnfsidmap1_1%3a2.6.4-3ubuntu4_arm64.deb ... 379s Unpacking libnfsidmap1:arm64 (1:2.6.4-3ubuntu4) ... 379s Selecting previously unselected package libpwquality-common. 379s Preparing to unpack .../20-libpwquality-common_1.4.5-3_all.deb ... 379s Unpacking libpwquality-common (1.4.5-3) ... 379s Selecting previously unselected package libpwquality1:arm64. 379s Preparing to unpack .../21-libpwquality1_1.4.5-3_arm64.deb ... 379s Unpacking libpwquality1:arm64 (1.4.5-3) ... 379s Selecting previously unselected package libpam-pwquality:arm64. 379s Preparing to unpack .../22-libpam-pwquality_1.4.5-3_arm64.deb ... 379s Unpacking libpam-pwquality:arm64 (1.4.5-3) ... 379s Selecting previously unselected package libwbclient0:arm64. 379s Preparing to unpack .../23-libwbclient0_2%3a4.19.5+dfsg-4ubuntu8_arm64.deb ... 379s Unpacking libwbclient0:arm64 (2:4.19.5+dfsg-4ubuntu8) ... 379s Selecting previously unselected package samba-libs:arm64. 379s Preparing to unpack .../24-samba-libs_2%3a4.19.5+dfsg-4ubuntu8_arm64.deb ... 379s Unpacking samba-libs:arm64 (2:4.19.5+dfsg-4ubuntu8) ... 379s Selecting previously unselected package libsmbclient0:arm64. 379s Preparing to unpack .../25-libsmbclient0_2%3a4.19.5+dfsg-4ubuntu8_arm64.deb ... 379s Unpacking libsmbclient0:arm64 (2:4.19.5+dfsg-4ubuntu8) ... 379s Selecting previously unselected package softhsm2-common. 379s Preparing to unpack .../26-softhsm2-common_2.6.1-2.2ubuntu3_arm64.deb ... 379s Unpacking softhsm2-common (2.6.1-2.2ubuntu3) ... 379s Selecting previously unselected package libsofthsm2. 379s Preparing to unpack .../27-libsofthsm2_2.6.1-2.2ubuntu3_arm64.deb ... 379s Unpacking libsofthsm2 (2.6.1-2.2ubuntu3) ... 379s Selecting previously unselected package softhsm2. 379s Preparing to unpack .../28-softhsm2_2.6.1-2.2ubuntu3_arm64.deb ... 379s Unpacking softhsm2 (2.6.1-2.2ubuntu3) ... 379s Selecting previously unselected package python3-sss. 379s Preparing to unpack .../29-python3-sss_2.9.4-1.1ubuntu5_arm64.deb ... 379s Unpacking python3-sss (2.9.4-1.1ubuntu5) ... 379s Selecting previously unselected package libsss-idmap0. 379s Preparing to unpack .../30-libsss-idmap0_2.9.4-1.1ubuntu5_arm64.deb ... 379s Unpacking libsss-idmap0 (2.9.4-1.1ubuntu5) ... 379s Selecting previously unselected package libnss-sss:arm64. 379s Preparing to unpack .../31-libnss-sss_2.9.4-1.1ubuntu5_arm64.deb ... 379s Unpacking libnss-sss:arm64 (2.9.4-1.1ubuntu5) ... 379s Selecting previously unselected package libpam-sss:arm64. 379s Preparing to unpack .../32-libpam-sss_2.9.4-1.1ubuntu5_arm64.deb ... 379s Unpacking libpam-sss:arm64 (2.9.4-1.1ubuntu5) ... 379s Selecting previously unselected package libc-ares2:arm64. 379s Preparing to unpack .../33-libc-ares2_1.27.0-1_arm64.deb ... 379s Unpacking libc-ares2:arm64 (1.27.0-1) ... 379s Selecting previously unselected package libsss-certmap0. 379s Preparing to unpack .../34-libsss-certmap0_2.9.4-1.1ubuntu5_arm64.deb ... 379s Unpacking libsss-certmap0 (2.9.4-1.1ubuntu5) ... 379s Selecting previously unselected package libsss-nss-idmap0. 379s Preparing to unpack .../35-libsss-nss-idmap0_2.9.4-1.1ubuntu5_arm64.deb ... 379s Unpacking libsss-nss-idmap0 (2.9.4-1.1ubuntu5) ... 379s Selecting previously unselected package sssd-common. 379s Preparing to unpack .../36-sssd-common_2.9.4-1.1ubuntu5_arm64.deb ... 379s Unpacking sssd-common (2.9.4-1.1ubuntu5) ... 379s Selecting previously unselected package sssd-ad-common. 379s Preparing to unpack .../37-sssd-ad-common_2.9.4-1.1ubuntu5_arm64.deb ... 379s Unpacking sssd-ad-common (2.9.4-1.1ubuntu5) ... 379s Selecting previously unselected package sssd-krb5-common. 379s Preparing to unpack .../38-sssd-krb5-common_2.9.4-1.1ubuntu5_arm64.deb ... 379s Unpacking sssd-krb5-common (2.9.4-1.1ubuntu5) ... 379s Selecting previously unselected package sssd-ad. 379s Preparing to unpack .../39-sssd-ad_2.9.4-1.1ubuntu5_arm64.deb ... 379s Unpacking sssd-ad (2.9.4-1.1ubuntu5) ... 379s Selecting previously unselected package sssd-ipa. 379s Preparing to unpack .../40-sssd-ipa_2.9.4-1.1ubuntu5_arm64.deb ... 379s Unpacking sssd-ipa (2.9.4-1.1ubuntu5) ... 379s Selecting previously unselected package sssd-krb5. 380s Preparing to unpack .../41-sssd-krb5_2.9.4-1.1ubuntu5_arm64.deb ... 380s Unpacking sssd-krb5 (2.9.4-1.1ubuntu5) ... 380s Selecting previously unselected package sssd-ldap. 380s Preparing to unpack .../42-sssd-ldap_2.9.4-1.1ubuntu5_arm64.deb ... 380s Unpacking sssd-ldap (2.9.4-1.1ubuntu5) ... 380s Selecting previously unselected package sssd-proxy. 380s Preparing to unpack .../43-sssd-proxy_2.9.4-1.1ubuntu5_arm64.deb ... 380s Unpacking sssd-proxy (2.9.4-1.1ubuntu5) ... 380s Selecting previously unselected package sssd. 380s Preparing to unpack .../44-sssd_2.9.4-1.1ubuntu5_arm64.deb ... 380s Unpacking sssd (2.9.4-1.1ubuntu5) ... 380s Selecting previously unselected package autopkgtest-satdep. 380s Preparing to unpack .../45-3-autopkgtest-satdep.deb ... 380s Unpacking autopkgtest-satdep (0) ... 380s Setting up libpwquality-common (1.4.5-3) ... 380s Setting up softhsm2-common (2.6.1-2.2ubuntu3) ... 380s 380s Creating config file /etc/softhsm/softhsm2.conf with new version 380s Setting up libnfsidmap1:arm64 (1:2.6.4-3ubuntu4) ... 380s Setting up libsss-idmap0 (2.9.4-1.1ubuntu5) ... 380s Setting up libbasicobjects0t64:arm64 (0.6.2-2.1build1) ... 380s Setting up libipa-hbac0t64 (2.9.4-1.1ubuntu5) ... 380s Setting up libref-array1t64:arm64 (0.6.2-2.1build1) ... 380s Setting up libtdb1:arm64 (1.4.10-1) ... 380s Setting up libcollection4t64:arm64 (0.6.2-2.1build1) ... 380s Setting up libevent-2.1-7t64:arm64 (2.1.12-stable-9ubuntu2) ... 380s Setting up libc-ares2:arm64 (1.27.0-1) ... 380s Setting up libwbclient0:arm64 (2:4.19.5+dfsg-4ubuntu8) ... 380s Setting up libtalloc2:arm64 (2.4.2-1build2) ... 380s Setting up libpath-utils1t64:arm64 (0.6.2-2.1build1) ... 380s Setting up libunbound8:arm64 (1.19.2-1ubuntu3) ... 380s Setting up libgnutls-dane0t64:arm64 (3.8.3-1.1ubuntu3) ... 380s Setting up libavahi-common-data:arm64 (0.8-13ubuntu5) ... 380s Setting up libdhash1t64:arm64 (0.6.2-2.1build1) ... 380s Setting up libcrack2:arm64 (2.9.6-5.1build2) ... 380s Setting up libsss-nss-idmap0 (2.9.4-1.1ubuntu5) ... 380s Setting up libini-config5t64:arm64 (0.6.2-2.1build1) ... 380s Setting up libtevent0t64:arm64 (0.16.1-2build1) ... 380s Setting up libnss-sss:arm64 (2.9.4-1.1ubuntu5) ... 380s Setting up gnutls-bin (3.8.3-1.1ubuntu3) ... 380s Setting up libsofthsm2 (2.6.1-2.2ubuntu3) ... 380s Setting up softhsm2 (2.6.1-2.2ubuntu3) ... 380s Setting up libavahi-common3:arm64 (0.8-13ubuntu5) ... 380s Setting up libsss-certmap0 (2.9.4-1.1ubuntu5) ... 380s Setting up libpwquality1:arm64 (1.4.5-3) ... 380s Setting up libldb2:arm64 (2:2.8.0+samba4.19.5+dfsg-4ubuntu8) ... 380s Setting up libavahi-client3:arm64 (0.8-13ubuntu5) ... 380s Setting up libpam-pwquality:arm64 (1.4.5-3) ... 380s Setting up samba-libs:arm64 (2:4.19.5+dfsg-4ubuntu8) ... 380s Setting up python3-sss (2.9.4-1.1ubuntu5) ... 380s Setting up libsmbclient0:arm64 (2:4.19.5+dfsg-4ubuntu8) ... 380s Setting up libpam-sss:arm64 (2.9.4-1.1ubuntu5) ... 380s Setting up sssd-common (2.9.4-1.1ubuntu5) ... 380s Creating SSSD system user & group... 380s warn: The home directory `/var/lib/sss' already exists. Not touching this directory. 380s warn: Warning: The home directory `/var/lib/sss' does not belong to the user you are currently creating. 380s Warning: found usr.sbin.sssd in /etc/apparmor.d/force-complain, forcing complain mode 380s Warning from /etc/apparmor.d/usr.sbin.sssd (/etc/apparmor.d/usr.sbin.sssd line 63): Caching disabled for: 'usr.sbin.sssd' due to force complain 381s Created symlink /etc/systemd/system/sssd.service.wants/sssd-autofs.socket → /usr/lib/systemd/system/sssd-autofs.socket. 381s Created symlink /etc/systemd/system/sssd.service.wants/sssd-nss.socket → /usr/lib/systemd/system/sssd-nss.socket. 381s Created symlink /etc/systemd/system/sssd.service.wants/sssd-pam-priv.socket → /usr/lib/systemd/system/sssd-pam-priv.socket. 381s Created symlink /etc/systemd/system/sssd.service.wants/sssd-pam.socket → /usr/lib/systemd/system/sssd-pam.socket. 382s Created symlink /etc/systemd/system/sssd.service.wants/sssd-ssh.socket → /usr/lib/systemd/system/sssd-ssh.socket. 382s Created symlink /etc/systemd/system/sssd.service.wants/sssd-sudo.socket → /usr/lib/systemd/system/sssd-sudo.socket. 382s Created symlink /etc/systemd/system/multi-user.target.wants/sssd.service → /usr/lib/systemd/system/sssd.service. 382s sssd-autofs.service is a disabled or a static unit, not starting it. 382s sssd-nss.service is a disabled or a static unit, not starting it. 382s sssd-pam.service is a disabled or a static unit, not starting it. 382s sssd-ssh.service is a disabled or a static unit, not starting it. 382s sssd-sudo.service is a disabled or a static unit, not starting it. 383s Could not execute systemctl: at /usr/bin/deb-systemd-invoke line 148. 383s Setting up sssd-proxy (2.9.4-1.1ubuntu5) ... 383s Setting up sssd-ad-common (2.9.4-1.1ubuntu5) ... 383s Created symlink /etc/systemd/system/sssd.service.wants/sssd-pac.socket → /usr/lib/systemd/system/sssd-pac.socket. 383s sssd-pac.service is a disabled or a static unit, not starting it. 383s Could not execute systemctl: at /usr/bin/deb-systemd-invoke line 148. 383s Setting up sssd-krb5-common (2.9.4-1.1ubuntu5) ... 383s Setting up sssd-krb5 (2.9.4-1.1ubuntu5) ... 383s Setting up sssd-ldap (2.9.4-1.1ubuntu5) ... 383s Setting up sssd-ad (2.9.4-1.1ubuntu5) ... 383s Setting up sssd-ipa (2.9.4-1.1ubuntu5) ... 383s Setting up sssd (2.9.4-1.1ubuntu5) ... 383s Setting up autopkgtest-satdep (0) ... 383s Processing triggers for man-db (2.12.0-4build1) ... 384s Processing triggers for libc-bin (2.39-0ubuntu8) ... 388s (Reading database ... 78347 files and directories currently installed.) 388s Removing autopkgtest-satdep (0) ... 397s autopkgtest [17:25:09]: test sssd-softhism2-certificates-tests.sh: [----------------------- 397s Certificate Request: 397s Data: 397s Version: 1 (0x0) 397s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 397s Subject Public Key Info: 397s Public Key Algorithm: rsaEncryption 397s Public-Key: (1024 bit) 397s Modulus: 397s 00:b2:42:d0:ed:27:c8:a5:25:eb:6a:5f:92:cc:22: 397s a9:bf:09:46:3d:7c:8f:2f:c2:fb:c2:b5:a3:47:a8: 397s ce:6e:6f:46:2e:8f:44:df:e7:71:ae:39:cd:fd:c4: 397s 36:30:2e:e9:6b:38:86:64:93:7e:13:68:a8:1e:7b: 397s 66:22:14:f7:16:0b:a1:de:48:6c:c5:85:3d:a1:8f: 397s f6:9d:e4:02:80:fa:06:ae:92:5e:c8:a5:0a:5d:a8: 397s df:ba:c7:03:3c:a2:65:44:ee:d4:c2:74:c4:c1:a3: 397s 30:ad:c8:41:fb:50:87:47:db:10:ca:4d:7b:b3:24: 397s 15:d8:48:7f:79:ea:2a:59:4b 397s Exponent: 65537 (0x10001) 397s Attributes: 397s (none) 397s Requested Extensions: 397s Signature Algorithm: sha256WithRSAEncryption 397s Signature Value: 397s 43:54:79:0b:2e:ef:56:01:54:f7:d1:5c:9e:27:cc:da:e4:88: 397s 94:50:34:8f:7a:75:66:62:59:85:3c:22:ea:f4:b0:d8:b2:7e: 397s 54:b3:7b:87:95:85:35:62:32:7b:6a:d1:3b:0e:c0:e1:0b:b5: 397s 2e:32:37:a9:0f:14:47:54:d0:d4:4a:d4:bb:60:b6:f2:ea:f1: 397s 4f:60:be:de:48:2f:b2:0b:b3:a5:8f:2e:5a:b0:5a:08:74:91: 397s e7:c7:be:80:3e:00:8a:57:dd:5e:17:e5:21:7b:e1:25:55:37: 397s 3b:dc:22:55:39:2d:b0:dd:38:90:9c:c7:14:b8:48:1f:83:33: 397s d3:8b 397s /tmp/sssd-softhsm2-GIPATm/test-intermediate-CA.pem: OK 397s Certificate Request: 397s Data: 397s Version: 1 (0x0) 397s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 397s Subject Public Key Info: 397s Public Key Algorithm: rsaEncryption 397s Public-Key: (1024 bit) 397s Modulus: 397s 00:aa:38:ee:7f:97:79:67:fb:5c:f1:03:dc:7a:f7: 397s 04:2b:d7:37:ce:26:e3:7e:32:45:55:e1:87:87:33: 397s 0d:b7:7f:eb:19:33:87:b4:a9:87:30:45:ed:b2:6f: 397s 3a:ef:1d:9a:33:b0:92:8a:14:25:d4:e8:35:54:35: 397s 5b:b0:51:b7:39:12:4c:ad:98:51:55:0a:b9:a7:98: 397s 4c:3a:5f:74:17:17:aa:4a:a3:66:d1:b3:3b:6b:77: 397s a2:70:e5:6c:c4:d0:e2:19:93:30:83:7d:a7:04:7a: 397s fd:5b:28:09:3b:20:05:8b:e4:b1:15:fb:3d:b7:4a: 397s 27:63:4a:e8:39:85:17:f1:8b 397s Exponent: 65537 (0x10001) 397s Attributes: 397s (none) 397s Requested Extensions: 397s Signature Algorithm: sha256WithRSAEncryption 397s Signature Value: 397s 85:01:ed:69:5f:6e:ef:3e:25:ae:3f:96:e0:76:99:4c:cd:d3: 397s 55:f7:6e:00:37:b3:f3:ab:ed:d4:29:28:d8:cf:ce:bf:44:25: 397s 99:e9:00:c0:86:9b:d4:de:a1:74:0a:ed:65:11:60:0f:61:9c: 397s e3:3f:92:6b:91:62:7f:8f:f0:ad:8d:d8:22:45:c1:90:94:48: 397s 09:e2:15:86:3e:b5:e9:6c:88:27:ba:43:76:9a:be:58:92:7d: 397s e9:9a:ed:49:fd:f1:b0:ca:17:4f:c4:c5:31:f7:cd:e6:fb:b3: 397s 62:4f:96:8b:4c:05:03:81:c2:5c:04:20:91:50:92:88:01:a2: 397s 94:3a 397s /tmp/sssd-softhsm2-GIPATm/test-sub-intermediate-CA.pem: OK 397s Certificate Request: 397s Data: 397s Version: 1 (0x0) 397s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 397s Subject Public Key Info: 397s Public Key Algorithm: rsaEncryption 397s Public-Key: (1024 bit) 397s Modulus: 397s 00:c9:48:ed:25:ef:73:80:7b:23:91:d1:f2:f4:17: 397s 74:d2:07:b5:0f:09:ad:e3:fa:45:4f:d3:20:b0:d9: 397s b9:29:7f:18:49:ec:8c:b8:27:5b:aa:80:16:3c:c8: 397s 98:6b:bf:3f:cd:23:ee:6b:5e:b0:5d:d3:22:02:d0: 397s 4c:9a:53:cb:b3:a0:fc:30:5a:dd:63:9d:91:c4:63: 397s a9:a6:17:7f:0c:bb:f6:31:35:80:e9:62:a4:09:5b: 397s 0d:34:f7:05:7d:34:2b:da:b7:f0:85:cc:19:60:a9: 397s bb:50:e4:c5:ed:9d:f8:39:81:eb:16:d0:57:ea:53: 397s 9f:5c:15:82:9d:4d:00:12:e5 397s Exponent: 65537 (0x10001) 397s Attributes: 397s Requested Extensions: 397s X509v3 Basic Constraints: 397s CA:FALSE 397s Netscape Cert Type: 397s SSL Client, S/MIME 397s Netscape Comment: 397s Test Organization Root CA trusted Certificate 397s X509v3 Subject Key Identifier: 397s A4:62:E5:38:E0:03:E6:C7:50:B0:1F:BD:5B:FE:A7:15:11:56:98:E0 397s X509v3 Key Usage: critical 397s Digital Signature, Non Repudiation, Key Encipherment 397s X509v3 Extended Key Usage: 397s TLS Web Client Authentication, E-mail Protection 397s X509v3 Subject Alternative Name: 397s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 397s Signature Algorithm: sha256WithRSAEncryption 397s Signature Value: 397s 99:8c:31:f7:07:20:c6:33:24:85:39:6e:3b:f6:78:96:82:d8: 397s 29:5e:b0:16:d8:dd:e1:ea:52:f8:bd:5e:21:33:c1:ee:ff:5d: 397s 87:94:dc:06:d9:fe:78:be:30:bf:dd:3e:b3:b8:8b:77:d9:b5: 397s 3f:84:cc:49:a3:d4:e1:fd:17:3b:2f:f0:aa:37:cc:ea:6b:67: 397s da:0c:60:75:1a:5a:9b:21:b3:69:1b:ac:92:8c:a3:a3:d7:77: 397s db:26:5a:b4:2c:0e:1a:c1:18:00:38:2a:d8:92:69:b5:c7:49: 397s ad:b4:e3:6b:95:57:a4:f8:48:4d:71:14:11:9b:e2:36:a6:d8: 397s db:78 397s /tmp/sssd-softhsm2-GIPATm/test-root-CA-trusted-certificate-0001.pem: OK 397s + '[' -z ubuntu ']' 397s + required_tools=(p11tool openssl softhsm2-util) 397s + for cmd in "${required_tools[@]}" 397s + command -v p11tool 397s + for cmd in "${required_tools[@]}" 397s + command -v openssl 397s + for cmd in "${required_tools[@]}" 397s + command -v softhsm2-util 397s + PIN=053350 397s +++ find /usr/lib/softhsm/libsofthsm2.so 397s +++ head -n 1 397s ++ realpath /usr/lib/softhsm/libsofthsm2.so 397s + SOFTHSM2_MODULE=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so 397s + SSSD_P11_CHILD=/usr/libexec/sssd/p11_child 397s + TOKEN_ID=00112233445566778899FFAABBCCDDEEFF012345 397s + '[' '!' -v NO_SSSD_TESTS ']' 397s + '[' '!' -x /usr/libexec/sssd/p11_child ']' 397s + ca_db_arg=ca_db 397s ++ /usr/libexec/sssd/p11_child --help 397s + p11_child_help='Usage: p11_child [OPTION...] 397s -d, --debug-level=INT Debug level 397s --debug-timestamps=INT Add debug timestamps 397s --debug-microseconds=INT Show timestamps with microseconds 397s --dumpable=INT Allow core dumps 397s --debug-fd=INT An open file descriptor for the debug 397s logs 397s --logger=stderr|files|journald Set logger 397s --auth Run in auth mode 397s --pre Run in pre-auth mode 397s --wait_for_card Wait until card is available 397s --verification Run in verification mode 397s --pin Expect PIN on stdin 397s --keypad Expect PIN on keypad 397s --verify=STRING Tune validation 397s --ca_db=STRING CA DB to use 397s --module_name=STRING Module name for authentication 397s --token_name=STRING Token name for authentication 397s --key_id=STRING Key ID for authentication 397s --label=STRING Label for authentication 397s --certificate=STRING certificate to verify, base64 encoded 397s --uri=STRING PKCS#11 URI to restrict selection 397s --chain-id=LONG Tevent chain ID used for logging 397s purposes 397s 397s Help options: 397s -?, --help Show this help message 397s --usage Display brief usage message' 397s + echo 'Usage: p11_child [OPTION...] 397s -d, --debug-level=INT Debug level 397s --debug-timestamps=INT Add debug timestamps 397s --debug-microseconds=INT Show timestamps with microseconds 397s --dumpable=INT Allow core dumps 397s --debug-fd=INT An open file descriptor for the debug 397s logs 397s --logger=stderr|files|journald Set logger 397s --auth Run in auth mode 397s --pre Run in pre-auth mode 397s --wait_for_card Wait until card is available 397s --verification Run in verification mode 397s --pin Expect PIN on stdin 397s --keypad Expect PIN on keypad 397s --verify=STRING Tune validation 397s --ca_db=STRING CA DB to use 397s --module_name=STRING Module name for authentication 397s --token_name=STRING Token name for authentication 397s --key_id=STRING Key ID for authentication 397s --label=STRING Label for authentication 397s --certificate=STRING certificate to verify, base64 encoded 397s --uri=STRING PKCS#11 URI to restrict selection 397s --chain-id=LONG Tevent chain ID used for logging 397s purposes 397s 397s Help options: 397s -?, --help Show this help message 397s --usage Display brief usage message' 397s + grep nssdb -qs 397s + grep -qs -- --ca_db 397s + echo 'Usage: p11_child [OPTION...] 397s -d, --debug-level=INT Debug level 397s --debug-timestamps=INT Add debug timestamps 397s --debug-microseconds=INT Show timestamps with microseconds 397s --dumpable=INT Allow core dumps 397s --debug-fd=INT An open file descriptor for the debug 397s logs 397s --logger=stderr|files|journald Set logger 397s --auth Run in auth mode 397s --pre Run in pre-auth mode 397s --wait_for_card Wait until card is available 397s --verification Run in verification mode 397s --pin Expect PIN on stdin 397s --keypad Expect PIN on keypad 397s --verify=STRING Tune validation 397s --ca_db=STRING CA DB to use 397s --module_name=STRING Module name for authentication 397s --token_name=STRING Token name for authentication 397s --key_id=STRING Key ID for authentication 397s --label=STRING Label for authentication 397s --certificate=STRING certificate to verify, base64 encoded 397s --uri=STRING PKCS#11 URI to restrict selection 397s --chain-id=LONG Tevent chain ID used for logging 397s purposes 397s 397s Help options: 397s -?, --help Show this help message 397s --usage Display brief usage message' 397s + '[' '!' -e /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so ']' 397s ++ mktemp -d -t sssd-softhsm2-XXXXXX 397s + tmpdir=/tmp/sssd-softhsm2-GIPATm 397s + keys_size=1024 397s + [[ ! -v KEEP_TEMPORARY_FILES ]] 397s + trap 'rm -rf "$tmpdir"' EXIT 397s + trap 'set +x; echo -e "\nUnexpected failure!!!"' ERR 397s + echo -n 01 397s + touch /tmp/sssd-softhsm2-GIPATm/index.txt 397s + mkdir -p /tmp/sssd-softhsm2-GIPATm/new_certs 397s + cat 397s + root_ca_key_pass=pass:random-root-CA-password-25396 397s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-GIPATm/test-root-CA-key.pem -passout pass:random-root-CA-password-25396 1024 397s + openssl req -passin pass:random-root-CA-password-25396 -batch -config /tmp/sssd-softhsm2-GIPATm/test-root-CA.config -x509 -new -nodes -key /tmp/sssd-softhsm2-GIPATm/test-root-CA-key.pem -sha256 -days 1024 -set_serial 0 -extensions v3_ca -out /tmp/sssd-softhsm2-GIPATm/test-root-CA.pem 397s + openssl x509 -noout -in /tmp/sssd-softhsm2-GIPATm/test-root-CA.pem 397s + cat 397s + intermediate_ca_key_pass=pass:random-intermediate-CA-password-1776 397s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-GIPATm/test-intermediate-CA-key.pem -passout pass:random-intermediate-CA-password-1776 1024 397s + openssl req -batch -new -nodes -passin pass:random-intermediate-CA-password-1776 -config /tmp/sssd-softhsm2-GIPATm/test-intermediate-CA.config -key /tmp/sssd-softhsm2-GIPATm/test-intermediate-CA-key.pem -passout pass:random-root-CA-password-25396 -sha256 -extensions v3_ca -out /tmp/sssd-softhsm2-GIPATm/test-intermediate-CA-certificate-request.pem 397s + openssl req -text -noout -in /tmp/sssd-softhsm2-GIPATm/test-intermediate-CA-certificate-request.pem 397s + openssl ca -batch -notext -config /tmp/sssd-softhsm2-GIPATm/test-root-CA.config -passin pass:random-root-CA-password-25396 -keyfile /tmp/sssd-softhsm2-GIPATm/test-root-CA-key.pem -in /tmp/sssd-softhsm2-GIPATm/test-intermediate-CA-certificate-request.pem -days 365 -extensions v3_intermediate_ca -out /tmp/sssd-softhsm2-GIPATm/test-intermediate-CA.pem 397s Using configuration from /tmp/sssd-softhsm2-GIPATm/test-root-CA.config 397s Check that the request matches the signature 397s Signature ok 397s Certificate Details: 397s Serial Number: 1 (0x1) 397s Validity 397s Not Before: Apr 11 17:25:10 2024 GMT 397s Not After : Apr 11 17:25:10 2025 GMT 397s Subject: 397s organizationName = Test Organization 397s organizationalUnitName = Test Organization Unit 397s commonName = Test Organization Intermediate CA 397s X509v3 extensions: 397s X509v3 Subject Key Identifier: 397s C0:6E:16:26:5E:0A:9F:81:8D:10:91:DD:F3:CF:77:37:C3:E0:90:A5 397s X509v3 Authority Key Identifier: 397s keyid:D0:27:EE:8A:9F:9A:32:B0:4D:3A:C9:2F:9C:6D:8B:FB:23:0E:FA:B6 397s DirName:/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root CA 397s serial:00 397s X509v3 Basic Constraints: 397s CA:TRUE 397s X509v3 Key Usage: critical 397s Digital Signature, Certificate Sign, CRL Sign 397s Certificate is to be certified until Apr 11 17:25:10 2025 GMT (365 days) 397s 397s Write out database with 1 new entries 397s Database updated 397s + openssl x509 -noout -in /tmp/sssd-softhsm2-GIPATm/test-intermediate-CA.pem 397s + openssl verify -CAfile /tmp/sssd-softhsm2-GIPATm/test-root-CA.pem /tmp/sssd-softhsm2-GIPATm/test-intermediate-CA.pem 397s + cat 397s + sub_intermediate_ca_key_pass=pass:random-sub-intermediate-CA-password-11765 397s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-GIPATm/test-sub-intermediate-CA-key.pem -passout pass:random-sub-intermediate-CA-password-11765 1024 397s + openssl req -batch -new -nodes -passin pass:random-sub-intermediate-CA-password-11765 -config /tmp/sssd-softhsm2-GIPATm/test-sub-intermediate-CA.config -key /tmp/sssd-softhsm2-GIPATm/test-sub-intermediate-CA-key.pem -passout pass:random-intermediate-CA-password-1776 -sha256 -extensions v3_ca -out /tmp/sssd-softhsm2-GIPATm/test-sub-intermediate-CA-certificate-request.pem 397s + openssl req -text -noout -in /tmp/sssd-softhsm2-GIPATm/test-sub-intermediate-CA-certificate-request.pem 397s + openssl ca -batch -notext -config /tmp/sssd-softhsm2-GIPATm/test-intermediate-CA.config -passin pass:random-intermediate-CA-password-1776 -keyfile /tmp/sssd-softhsm2-GIPATm/test-intermediate-CA-key.pem -in /tmp/sssd-softhsm2-GIPATm/test-sub-intermediate-CA-certificate-request.pem -days 365 -extensions v3_intermediate_ca -out /tmp/sssd-softhsm2-GIPATm/test-sub-intermediate-CA.pem 397s Using configuration from /tmp/sssd-softhsm2-GIPATm/test-intermediate-CA.config 397s Check that the request matches the signature 397s Signature ok 397s Certificate Details: 397s Serial Number: 2 (0x2) 397s Validity 397s Not Before: Apr 11 17:25:10 2024 GMT 397s Not After : Apr 11 17:25:10 2025 GMT 397s Subject: 397s organizationName = Test Organization 397s organizationalUnitName = Test Organization Unit 397s commonName = Test Organization Sub Intermediate CA 397s X509v3 extensions: 397s X509v3 Subject Key Identifier: 397s 9F:5F:EE:22:27:F1:E0:CC:F0:40:7A:8A:61:7C:94:A1:D1:A9:95:95 397s X509v3 Authority Key Identifier: 397s keyid:C0:6E:16:26:5E:0A:9F:81:8D:10:91:DD:F3:CF:77:37:C3:E0:90:A5 397s DirName:/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root CA 397s serial:01 397s X509v3 Basic Constraints: 397s CA:TRUE 397s X509v3 Key Usage: critical 397s Digital Signature, Certificate Sign, CRL Sign 397s Certificate is to be certified until Apr 11 17:25:10 2025 GMT (365 days) 397s 397s Write out database with 1 new entries 397s Database updated 397s + openssl x509 -noout -in /tmp/sssd-softhsm2-GIPATm/test-sub-intermediate-CA.pem 397s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-GIPATm/test-intermediate-CA.pem /tmp/sssd-softhsm2-GIPATm/test-sub-intermediate-CA.pem 397s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-GIPATm/test-root-CA.pem /tmp/sssd-softhsm2-GIPATm/test-sub-intermediate-CA.pem 397s + local cmd=openssl 397s + shift 397s + openssl verify -CAfile /tmp/sssd-softhsm2-GIPATm/test-root-CA.pem /tmp/sssd-softhsm2-GIPATm/test-sub-intermediate-CA.pem 397s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 397s error 20 at 0 depth lookup: unable to get local issuer certificate 397s error /tmp/sssd-softhsm2-GIPATm/test-sub-intermediate-CA.pem: verification failed 397s + cat 397s + root_ca_trusted_cert_0001_key_pass=pass:random-root-ca-trusted-cert-0001-7250 397s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-GIPATm/test-root-CA-trusted-certificate-0001-key.pem -passout pass:random-root-ca-trusted-cert-0001-7250 1024 397s + openssl req -new -nodes -reqexts req_exts -passin pass:random-root-ca-trusted-cert-0001-7250 -key /tmp/sssd-softhsm2-GIPATm/test-root-CA-trusted-certificate-0001-key.pem -config /tmp/sssd-softhsm2-GIPATm/test-root-CA-trusted-certificate-0001.config -out /tmp/sssd-softhsm2-GIPATm/test-root-CA-trusted-certificate-0001-request.pem 397s + openssl req -text -noout -in /tmp/sssd-softhsm2-GIPATm/test-root-CA-trusted-certificate-0001-request.pem 397s + openssl ca -batch -notext -config /tmp/sssd-softhsm2-GIPATm/test-root-CA.config -passin pass:random-root-CA-password-25396 -keyfile /tmp/sssd-softhsm2-GIPATm/test-root-CA-key.pem -in /tmp/sssd-softhsm2-GIPATm/test-root-CA-trusted-certificate-0001-request.pem -days 365 -extensions usr_cert -out /tmp/sssd-softhsm2-GIPATm/test-root-CA-trusted-certificate-0001.pem 397s Using configuration from /tmp/sssd-softhsm2-GIPATm/test-root-CA.config 397s Check that the request matches the signature 397s Signature ok 397s Certificate Details: 397s Serial Number: 3 (0x3) 397s Validity 397s Not Before: Apr 11 17:25:10 2024 GMT 397s Not After : Apr 11 17:25:10 2025 GMT 397s Subject: 397s organizationName = Test Organization 397s organizationalUnitName = Test Organization Unit 397s commonName = Test Organization Root Trusted Certificate 0001 397s X509v3 extensions: 397s X509v3 Authority Key Identifier: 397s D0:27:EE:8A:9F:9A:32:B0:4D:3A:C9:2F:9C:6D:8B:FB:23:0E:FA:B6 397s X509v3 Basic Constraints: 397s CA:FALSE 397s Netscape Cert Type: 397s SSL Client, S/MIME 397s Netscape Comment: 397s Test Organization Root CA trusted Certificate 397s X509v3 Subject Key Identifier: 397s A4:62:E5:38:E0:03:E6:C7:50:B0:1F:BD:5B:FE:A7:15:11:56:98:E0 397s X509v3 Key Usage: critical 397s Digital Signature, Non Repudiation, Key Encipherment 397s X509v3 Extended Key Usage: 397s TLS Web Client Authentication, E-mail Protection 397s X509v3 Subject Alternative Name: 397s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 397s Certificate is to be certified until Apr 11 17:25:10 2025 GMT (365 days) 397s 397s Write out database with 1 new entries 397s Database updated 397s + openssl x509 -noout -in /tmp/sssd-softhsm2-GIPATm/test-root-CA-trusted-certificate-0001.pem 397s + openssl verify -CAfile /tmp/sssd-softhsm2-GIPATm/test-root-CA.pem /tmp/sssd-softhsm2-GIPATm/test-root-CA-trusted-certificate-0001.pem 397s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-GIPATm/test-intermediate-CA.pem /tmp/sssd-softhsm2-GIPATm/test-root-CA-trusted-certificate-0001.pem 397s + local cmd=openssl 397s + shift 397s + openssl verify -CAfile /tmp/sssd-softhsm2-GIPATm/test-intermediate-CA.pem /tmp/sssd-softhsm2-GIPATm/test-root-CA-trusted-certificate-0001.pem 397s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 397s error 20 at 0 depth lookup: unable to get local issuer certificate 397s error /tmp/sssd-softhsm2-GIPATm/test-root-CA-trusted-certificate-0001.pem: verification failed 397s + cat 397s + intermediate_ca_trusted_cert_0001_key_pass=pass:random-intermediate-ca-trusted-cert-0001-14261 397s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-GIPATm/test-intermediate-CA-trusted-certificate-0001-key.pem -passout pass:random-intermediate-ca-trusted-cert-0001-14261 1024 397s + openssl req -new -nodes -reqexts req_exts -passin pass:random-intermediate-ca-trusted-cert-0001-14261 -key /tmp/sssd-softhsm2-GIPATm/test-intermediate-CA-trusted-certificate-0001-key.pem -config /tmp/sssd-softhsm2-GIPATm/test-intermediate-CA-trusted-certificate-0001.config -out /tmp/sssd-softhsm2-GIPATm/test-intermediate-CA-trusted-certificate-0001-request.pem 397s + openssl req -text -noout -in /tmp/sssd-softhsm2-GIPATm/test-intermediate-CA-trusted-certificate-0001-request.pem 397s Certificate Request: 397s Data: 397s Version: 1 (0x0) 397s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 397s Subject Public Key Info: 397s Public Key Algorithm: rsaEncryption 397s Public-Key: (1024 bit) 397s Modulus: 397s 00:ad:c2:dd:91:e8:77:50:b3:92:a9:f9:3f:57:ef: 397s c3:78:9c:cc:f7:97:7c:23:32:52:e7:7b:ed:df:1d: 397s 96:17:9e:9d:11:54:8f:f3:39:41:bd:43:2a:5b:28: 397s c9:7e:ba:61:05:d3:06:83:b7:56:bc:02:bc:51:49: 397s cb:05:76:6c:02:16:50:0f:ce:37:69:fd:10:08:e4: 397s 52:92:ef:94:00:0c:2c:76:25:46:79:95:24:9d:f0: 397s b9:81:e3:9e:24:68:ef:54:ee:58:7a:3f:bd:6f:f7: 397s a5:f6:f1:9c:70:fb:3a:5a:e7:70:7a:40:f5:b3:f2: 397s 5d:c7:32:e9:6e:b9:52:15:cb 397s Exponent: 65537 (0x10001) 397s Attributes: 397s Requested Extensions: 397s X509v3 Basic Constraints: 397s CA:FALSE 397s Netscape Cert Type: 397s SSL Client, S/MIME 397s Netscape Comment: 397s Test Organization Intermediate CA trusted Certificate 397s X509v3 Subject Key Identifier: 397s 25:57:24:24:24:6A:91:18:F4:59:F2:86:C8:B6:7E:19:CF:49:52:70 397s X509v3 Key Usage: critical 397s Digital Signature, Non Repudiation, Key Encipherment 397s X509v3 Extended Key Usage: 397s TLS Web Client Authentication, E-mail Protection 397s X509v3 Subject Alternative Name: 397s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 397s Signature Algorithm: sha256WithRSAEncryption 397s Signature Value: 397s 9a:23:2f:95:1c:f0:3b:23:08:bb:6c:e2:54:71:1b:2e:1e:e2: 397s c3:55:d8:61:0f:72:3e:59:96:21:ca:e2:d1:ea:a1:f4:27:25: 397s d3:00:42:e2:4e:2f:0d:3d:a0:06:c1:0c:ef:5f:a9:9a:92:d8: 397s 74:8a:01:96:86:74:e5:57:74:a5:4c:ce:5e:59:23:71:a2:ee: 397s bd:26:8c:9f:d1:a3:ae:57:62:8e:d6:c5:4c:78:c0:b2:e4:bd: 397s 6d:46:cd:ac:4f:e7:52:93:aa:8c:05:4b:dd:e7:89:92:a1:ad: 397s b6:ef:38:9b:0b:53:5b:1a:38:53:2d:c3:06:61:ff:40:b1:32: 397s 9e:b6 397s + openssl ca -passin pass:random-intermediate-CA-password-1776 -config /tmp/sssd-softhsm2-GIPATm/test-intermediate-CA.config -batch -notext -keyfile /tmp/sssd-softhsm2-GIPATm/test-intermediate-CA-key.pem -in /tmp/sssd-softhsm2-GIPATm/test-intermediate-CA-trusted-certificate-0001-request.pem -days 365 -extensions usr_cert -out /tmp/sssd-softhsm2-GIPATm/test-intermediate-CA-trusted-certificate-0001.pem 397s Using configuration from /tmp/sssd-softhsm2-GIPATm/test-intermediate-CA.config 397s Check that the request matches the signature 397s Signature ok 397s Certificate Details: 397s Serial Number: 4 (0x4) 397s Validity 397s Not Before: Apr 11 17:25:10 2024 GMT 397s Not After : Apr 11 17:25:10 2025 GMT 397s Subject: 397s organizationName = Test Organization 397s organizationalUnitName = Test Organization Unit 397s commonName = Test Organization Intermediate Trusted Certificate 0001 397s X509v3 extensions: 397s X509v3 Authority Key Identifier: 397s C0:6E:16:26:5E:0A:9F:81:8D:10:91:DD:F3:CF:77:37:C3:E0:90:A5 397s X509v3 Basic Constraints: 397s CA:FALSE 397s Netscape Cert Type: 397s SSL Client, S/MIME 397s Netscape Comment: 397s Test Organization Intermediate CA trusted Certificate 397s X509v3 Subject Key Identifier: 397s 25:57:24:24:24:6A:91:18:F4:59:F2:86:C8:B6:7E:19:CF:49:52:70 397s X509v3 Key Usage: critical 397s Digital Signature, Non Repudiation, Key Encipherment 397s X509v3 Extended Key Usage: 397s TLS Web Client Authentication, E-mail Protection 397s X509v3 Subject Alternative Name: 397s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 397s Certificate is to be certified until Apr 11 17:25:10 2025 GMT (365 days) 397s 397s Write out database with 1 new entries 397s Database updated 397s + openssl x509 -noout -in /tmp/sssd-softhsm2-GIPATm/test-intermediate-CA-trusted-certificate-0001.pem 397s + echo 'This certificate should not be trusted fully' 397s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-GIPATm/test-intermediate-CA.pem /tmp/sssd-softhsm2-GIPATm/test-intermediate-CA-trusted-certificate-0001.pem 397s + local cmd=openssl 397s + shift 397s + openssl verify -CAfile /tmp/sssd-softhsm2-GIPATm/test-intermediate-CA.pem /tmp/sssd-softhsm2-GIPATm/test-intermediate-CA-trusted-certificate-0001.pem 397s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 397s error 2 at 1 depth lookup: unable to get issuer certificate 397s error /tmp/sssd-softhsm2-GIPATm/test-intermediate-CA-trusted-certificate-0001.pem: verification failed 397s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-GIPATm/test-intermediate-CA.pem /tmp/sssd-softhsm2-GIPATm/test-intermediate-CA-trusted-certificate-0001.pem 397s + cat 397s + sub_intermediate_ca_trusted_cert_0001_key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-32422 397s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-GIPATm/test-sub-intermediate-CA-trusted-certificate-0001-key.pem -passout pass:random-sub-intermediate-ca-trusted-cert-0001-32422 1024 397s This certificate should not be trusted fully 397s /tmp/sssd-softhsm2-GIPATm/test-intermediate-CA-trusted-certificate-0001.pem: OK 397s + openssl req -new -nodes -reqexts req_exts -passin pass:random-sub-intermediate-ca-trusted-cert-0001-32422 -key /tmp/sssd-softhsm2-GIPATm/test-sub-intermediate-CA-trusted-certificate-0001-key.pem -config /tmp/sssd-softhsm2-GIPATm/test-sub-intermediate-CA-trusted-certificate-0001.config -out /tmp/sssd-softhsm2-GIPATm/test-sub-intermediate-CA-trusted-certificate-0001-request.pem 397s + openssl req -text -noout -in /tmp/sssd-softhsm2-GIPATm/test-sub-intermediate-CA-trusted-certificate-0001-request.pem 397s + openssl ca -passin pass:random-sub-intermediate-CA-password-11765 -config /tmp/sssd-softhsm2-GIPATm/test-sub-intermediate-CA.config -batch -notext -keyfile /tmp/sssd-softhsm2-GIPATm/test-sub-intermediate-CA-key.pem -in /tmp/sssd-softhsm2-GIPATm/test-sub-intermediate-CA-trusted-certificate-0001-request.pem -days 365 -extensions usr_cert -out /tmp/sssd-softhsm2-GIPATm/test-sub-intermediate-CA-trusted-certificate-0001.pem 397s Using configuration from /tmp/sssd-softhsm2-GIPATm/test-sub-intermediate-CA.config 397s Certificate Request: 397s Data: 397s Version: 1 (0x0) 397s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 397s Subject Public Key Info: 397s Public Key Algorithm: rsaEncryption 397s Public-Key: (1024 bit) 397s Modulus: 397s 00:b2:14:1e:ce:b5:c9:c1:08:3f:30:e5:b9:8d:85: 397s 67:53:2a:cb:86:1e:1b:44:91:b7:28:1b:b8:b5:8d: 397s fb:4a:4b:e9:9a:46:aa:91:ce:ae:98:6a:3a:88:62: 397s bd:40:de:3f:cf:c6:7f:fb:b6:72:47:81:73:33:da: 397s ac:f4:04:d6:91:30:43:07:bd:51:48:6a:8b:38:03: 397s 70:35:9e:bf:52:73:ea:3e:11:16:ce:28:dc:d7:86: 397s 0d:50:23:bd:33:2a:f4:da:82:bc:92:0b:e7:f1:f4: 397s 6a:f9:ac:13:b4:cf:16:c0:f9:bd:d3:9d:f0:d4:3b: 397s ab:4b:d0:f9:e2:e1:58:13:1b 397s Exponent: 65537 (0x10001) 397s Attributes: 397s Requested Extensions: 397s X509v3 Basic Constraints: 397s CA:FALSE 397s Netscape Cert Type: 397s SSL Client, S/MIME 397s Netscape Comment: 397s Test Organization Sub Intermediate CA trusted Certificate 397s X509v3 Subject Key Identifier: 397s 9E:AB:9B:5B:E2:70:65:77:DD:59:69:91:52:3D:C5:87:B2:69:47:47 397s X509v3 Key Usage: critical 397s Digital Signature, Non Repudiation, Key Encipherment 397s X509v3 Extended Key Usage: 397s TLS Web Client Authentication, E-mail Protection 397s X509v3 Subject Alternative Name: 397s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 397s Signature Algorithm: sha256WithRSAEncryption 397s Signature Value: 397s 02:12:6b:94:54:42:a1:49:f1:ac:a5:85:b6:ac:80:08:7e:c6: 397s 1b:a6:c1:bc:0b:01:59:fb:5a:69:79:d3:5b:b3:21:3f:f7:2f: 397s 57:8e:c9:11:ca:97:ce:d0:cd:b1:9a:a2:eb:17:b8:b9:72:03: 397s b3:e8:3d:dc:0a:cf:92:e8:ff:84:e5:b7:eb:83:88:4a:3e:ec: 397s e9:4e:ea:a7:0a:05:c5:cb:78:36:3d:5a:2e:22:02:96:8b:69: 397s b9:a6:14:f0:af:58:4d:38:f7:85:ad:b4:01:df:ed:87:bc:b4: 397s 35:1c:01:3b:51:c7:e0:d9:9d:cd:24:ff:33:ae:6f:33:11:3b: 397s d1:91 397s Check that the request matches the signature 397s Signature ok 397s Certificate Details: 397s Serial Number: 5 (0x5) 397s Validity 397s Not Before: Apr 11 17:25:10 2024 GMT 397s Not After : Apr 11 17:25:10 2025 GMT 397s Subject: 397s organizationName = Test Organization 397s organizationalUnitName = Test Organization Unit 397s commonName = Test Organization Sub Intermediate Trusted Certificate 0001 397s X509v3 extensions: 397s X509v3 Authority Key Identifier: 397s 9F:5F:EE:22:27:F1:E0:CC:F0:40:7A:8A:61:7C:94:A1:D1:A9:95:95 397s X509v3 Basic Constraints: 397s CA:FALSE 397s Netscape Cert Type: 397s SSL Client, S/MIME 397s Netscape Comment: 397s Test Organization Sub Intermediate CA trusted Certificate 397s X509v3 Subject Key Identifier: 397s 9E:AB:9B:5B:E2:70:65:77:DD:59:69:91:52:3D:C5:87:B2:69:47:47 397s X509v3 Key Usage: critical 397s Digital Signature, Non Repudiation, Key Encipherment 397s X509v3 Extended Key Usage: 397s TLS Web Client Authentication, E-mail Protection 397s X509v3 Subject Alternative Name: 397s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 397s Certificate is to be certified until Apr 11 17:25:10 2025 GMT (365 days) 397s 397s Write out database with 1 new entries 397s Database updated 397s + openssl x509 -noout -in /tmp/sssd-softhsm2-GIPATm/test-sub-intermediate-CA-trusted-certificate-0001.pem 397s + echo 'This certificate should not be trusted fully' 397s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-GIPATm/test-sub-intermediate-CA.pem /tmp/sssd-softhsm2-GIPATm/test-sub-intermediate-CA-trusted-certificate-0001.pem 397s + local cmd=openssl 397s + shift 397s + openssl verify -CAfile /tmp/sssd-softhsm2-GIPATm/test-sub-intermediate-CA.pem /tmp/sssd-softhsm2-GIPATm/test-sub-intermediate-CA-trusted-certificate-0001.pem 397s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 397s error 2 at 1 depth lookup: unable to get issuer certificate 397s error /tmp/sssd-softhsm2-GIPATm/test-sub-intermediate-CA-trusted-certificate-0001.pem: verification failed 397s This certificate should not be trusted fully 397s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-GIPATm/test-intermediate-CA.pem /tmp/sssd-softhsm2-GIPATm/test-sub-intermediate-CA-trusted-certificate-0001.pem 397s + local cmd=openssl 397s + shift 397s + openssl verify -CAfile /tmp/sssd-softhsm2-GIPATm/test-intermediate-CA.pem /tmp/sssd-softhsm2-GIPATm/test-sub-intermediate-CA-trusted-certificate-0001.pem 397s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 397s error 20 at 0 depth lookup: unable to get local issuer certificate 397s error /tmp/sssd-softhsm2-GIPATm/test-sub-intermediate-CA-trusted-certificate-0001.pem: verification failed 397s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-GIPATm/test-sub-intermediate-CA.pem /tmp/sssd-softhsm2-GIPATm/test-sub-intermediate-CA-trusted-certificate-0001.pem 397s + expect_fail openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-GIPATm/test-intermediate-CA.pem /tmp/sssd-softhsm2-GIPATm/test-sub-intermediate-CA-trusted-certificate-0001.pem 397s + local cmd=openssl 397s + shift 397s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-GIPATm/test-intermediate-CA.pem /tmp/sssd-softhsm2-GIPATm/test-sub-intermediate-CA-trusted-certificate-0001.pem 397s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 397s error 20 at 0 depth lookup: unable to get local issuer certificate 397s error /tmp/sssd-softhsm2-GIPATm/test-sub-intermediate-CA-trusted-certificate-0001.pem: verification failed 397s + echo 'Building a the full-chain CA file...' 397s + cat /tmp/sssd-softhsm2-GIPATm/test-root-CA.pem /tmp/sssd-softhsm2-GIPATm/test-intermediate-CA.pem /tmp/sssd-softhsm2-GIPATm/test-sub-intermediate-CA.pem 397s + cat /tmp/sssd-softhsm2-GIPATm/test-root-CA.pem /tmp/sssd-softhsm2-GIPATm/test-intermediate-CA.pem 397s + cat /tmp/sssd-softhsm2-GIPATm/test-intermediate-CA.pem /tmp/sssd-softhsm2-GIPATm/test-sub-intermediate-CA.pem 397s + openssl crl2pkcs7 -nocrl -certfile /tmp/sssd-softhsm2-GIPATm/test-full-chain-CA.pem 397s + openssl pkcs7 -print_certs -noout 397s /tmp/sssd-softhsm2-GIPATm/test-sub-intermediate-CA-trusted-certificate-0001.pem: OK 397s Building a the full-chain CA file... 397s subject=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 397s issuer=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 397s 397s subject=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 397s issuer=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 397s 397s subject=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 397s issuer=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 397s 397s + openssl verify -CAfile /tmp/sssd-softhsm2-GIPATm/test-full-chain-CA.pem /tmp/sssd-softhsm2-GIPATm/test-intermediate-CA.pem 397s /tmp/sssd-softhsm2-GIPATm/test-intermediate-CA.pem: OK 397s + openssl verify -CAfile /tmp/sssd-softhsm2-GIPATm/test-full-chain-CA.pem /tmp/sssd-softhsm2-GIPATm/test-root-CA-trusted-certificate-0001.pem 397s /tmp/sssd-softhsm2-GIPATm/test-root-CA-trusted-certificate-0001.pem: OK 397s + openssl verify -CAfile /tmp/sssd-softhsm2-GIPATm/test-full-chain-CA.pem /tmp/sssd-softhsm2-GIPATm/test-intermediate-CA-trusted-certificate-0001.pem 397s /tmp/sssd-softhsm2-GIPATm/test-intermediate-CA-trusted-certificate-0001.pem: OK 397s + openssl verify -CAfile /tmp/sssd-softhsm2-GIPATm/test-full-chain-CA.pem /tmp/sssd-softhsm2-GIPATm/test-root-intermediate-chain-CA.pem 397s + openssl verify -CAfile /tmp/sssd-softhsm2-GIPATm/test-full-chain-CA.pem /tmp/sssd-softhsm2-GIPATm/test-sub-intermediate-CA-trusted-certificate-0001.pem 397s /tmp/sssd-softhsm2-GIPATm/test-root-intermediate-chain-CA.pem: OK 397s /tmp/sssd-softhsm2-GIPATm/test-sub-intermediate-CA-trusted-certificate-0001.pem: OK 397s Certificates generation completed! 397s + echo 'Certificates generation completed!' 397s + [[ -v NO_SSSD_TESTS ]] 397s + invalid_certificate /tmp/sssd-softhsm2-GIPATm/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-7250 /dev/null 397s + check_certificate /tmp/sssd-softhsm2-GIPATm/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-7250 /dev/null 397s + local certificate=/tmp/sssd-softhsm2-GIPATm/test-root-CA-trusted-certificate-0001.pem 397s + local key_pass=pass:random-root-ca-trusted-cert-0001-7250 397s + local key_ring=/dev/null 397s + local verify_option= 397s + prepare_softhsm2_card /tmp/sssd-softhsm2-GIPATm/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-7250 397s + local certificate=/tmp/sssd-softhsm2-GIPATm/test-root-CA-trusted-certificate-0001.pem 397s + local key_pass=pass:random-root-ca-trusted-cert-0001-7250 397s + local key_cn 397s + local key_name 397s + local tokens_dir 397s + local output_cert_file 397s + token_name= 397s ++ basename /tmp/sssd-softhsm2-GIPATm/test-root-CA-trusted-certificate-0001.pem .pem 397s + key_name=test-root-CA-trusted-certificate-0001 397s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-GIPATm/test-root-CA-trusted-certificate-0001.pem 397s ++ sed -n 's/ *commonName *= //p' 397s + key_cn='Test Organization Root Trusted Certificate 0001' 397s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 397s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-GIPATm/softhsm2-test-root-CA-trusted-certificate-0001.conf 397s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-GIPATm/softhsm2-test-root-CA-trusted-certificate-0001.conf 397s ++ basename /tmp/sssd-softhsm2-GIPATm/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 397s + tokens_dir=/tmp/sssd-softhsm2-GIPATm/softhsm2-test-root-CA-trusted-certificate-0001 397s + token_name='Test Organization Root Tr Token' 397s + '[' '!' -e /tmp/sssd-softhsm2-GIPATm/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 397s + local key_file 397s + local decrypted_key 397s + mkdir -p /tmp/sssd-softhsm2-GIPATm/softhsm2-test-root-CA-trusted-certificate-0001 397s + key_file=/tmp/sssd-softhsm2-GIPATm/test-root-CA-trusted-certificate-0001-key.pem 397s + decrypted_key=/tmp/sssd-softhsm2-GIPATm/test-root-CA-trusted-certificate-0001-key-decrypted.pem 397s + cat 397s + softhsm2-util --init-token --label 'Test Organization Root Tr Token' --pin 053350 --so-pin 053350 --free 397s Slot 0 has a free/uninitialized token. 397s The token has been initialized and is reassigned to slot 1985741796 397s + softhsm2-util --show-slots 397s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=/tmp/sssd-softhsm2-GIPATm/test-root-CA-trusted-certificate-0001.pem --login --set-pin=053350 --label 'Test Organization Root Trusted Certificate 0001' --id 00112233445566778899FFAABBCCDDEEFF012345 397s Available slots: 397s Slot 1985741796 397s Slot info: 397s Description: SoftHSM slot ID 0x765c03e4 397s Manufacturer ID: SoftHSM project 397s Hardware version: 2.6 397s Firmware version: 2.6 397s Token present: yes 397s Token info: 397s Manufacturer ID: SoftHSM project 397s Model: SoftHSM v2 397s Hardware version: 2.6 397s Firmware version: 2.6 397s Serial number: e4ac5d3c765c03e4 397s Initialized: yes 397s User PIN init.: yes 397s Label: Test Organization Root Tr Token 397s Slot 1 397s Slot info: 397s Description: SoftHSM slot ID 0x1 397s Manufacturer ID: SoftHSM project 397s Hardware version: 2.6 397s Firmware version: 2.6 397s Token present: yes 397s Token info: 397s Manufacturer ID: SoftHSM project 397s Model: SoftHSM v2 397s Hardware version: 2.6 397s Firmware version: 2.6 397s Serial number: 397s Initialized: no 397s User PIN init.: no 397s Label: 397s + openssl rsa -passin pass:random-root-ca-trusted-cert-0001-7250 -in /tmp/sssd-softhsm2-GIPATm/test-root-CA-trusted-certificate-0001-key.pem -out /tmp/sssd-softhsm2-GIPATm/test-root-CA-trusted-certificate-0001-key-decrypted.pem 397s writing RSA key 397s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --write --load-privkey=/tmp/sssd-softhsm2-GIPATm/test-root-CA-trusted-certificate-0001-key-decrypted.pem --login --set-pin=053350 --label 'Test Organization Root Trusted Certificate 0001 Key' --id 00112233445566778899FFAABBCCDDEEFF012345 397s + rm /tmp/sssd-softhsm2-GIPATm/test-root-CA-trusted-certificate-0001-key-decrypted.pem 397s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --list-all 397s + echo 'Test Organization Root Tr Token' 397s + '[' -n '' ']' 397s + local output_base_name=SSSD-child-15695 397s + local output_file=/tmp/sssd-softhsm2-GIPATm/SSSD-child-15695.output 397s + output_cert_file=/tmp/sssd-softhsm2-GIPATm/SSSD-child-15695.pem 397s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/dev/null 397s Object 0: 397s URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=e4ac5d3c765c03e4;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert 397s Type: X.509 Certificate (RSA-1024) 397s Expires: Fri Apr 11 17:25:10 2025 397s Label: Test Organization Root Trusted Certificate 0001 397s ID: 00:11:22:33:44:55:66:77:88:99:ff:aa:bb:cc:dd:ee:ff:01:23:45 397s 397s Test Organization Root Tr Token 397s [p11_child[3079]] [main] (0x0400): p11_child started. 397s [p11_child[3079]] [main] (0x2000): Running in [pre-auth] mode. 397s [p11_child[3079]] [main] (0x2000): Running with effective IDs: [0][0]. 397s [p11_child[3079]] [main] (0x2000): Running with real IDs [0][0]. 397s [p11_child[3079]] [init_verification] (0x0040): X509_LOOKUP_load_file [/dev/null] failed [92274824][error:05800088:x509 certificate routines::no certificate or crl found]. 397s [p11_child[3079]] [do_work] (0x0040): init_verification failed. 397s [p11_child[3079]] [main] (0x0020): p11_child failed (5) 397s + return 2 397s + valid_certificate /tmp/sssd-softhsm2-GIPATm/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-7250 /dev/null no_verification 397s + check_certificate /tmp/sssd-softhsm2-GIPATm/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-7250 /dev/null no_verification 397s + local certificate=/tmp/sssd-softhsm2-GIPATm/test-root-CA-trusted-certificate-0001.pem 397s + local key_pass=pass:random-root-ca-trusted-cert-0001-7250 397s + local key_ring=/dev/null 397s + local verify_option=no_verification 397s + prepare_softhsm2_card /tmp/sssd-softhsm2-GIPATm/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-7250 397s + local certificate=/tmp/sssd-softhsm2-GIPATm/test-root-CA-trusted-certificate-0001.pem 397s + local key_pass=pass:random-root-ca-trusted-cert-0001-7250 397s + local key_cn 397s + local key_name 397s + local tokens_dir 397s + local output_cert_file 397s + token_name= 397s ++ basename /tmp/sssd-softhsm2-GIPATm/test-root-CA-trusted-certificate-0001.pem .pem 397s + key_name=test-root-CA-trusted-certificate-0001 397s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-GIPATm/test-root-CA-trusted-certificate-0001.pem 397s ++ sed -n 's/ *commonName *= //p' 397s + key_cn='Test Organization Root Trusted Certificate 0001' 397s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 397s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-GIPATm/softhsm2-test-root-CA-trusted-certificate-0001.conf 397s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-GIPATm/softhsm2-test-root-CA-trusted-certificate-0001.conf 397s ++ basename /tmp/sssd-softhsm2-GIPATm/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 397s + tokens_dir=/tmp/sssd-softhsm2-GIPATm/softhsm2-test-root-CA-trusted-certificate-0001 397s + token_name='Test Organization Root Tr Token' 397s + '[' '!' -e /tmp/sssd-softhsm2-GIPATm/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 397s + '[' '!' -d /tmp/sssd-softhsm2-GIPATm/softhsm2-test-root-CA-trusted-certificate-0001 ']' 397s + echo 'Test Organization Root Tr Token' 397s + '[' -n no_verification ']' 397s + local verify_arg=--verify=no_verification 397s + local output_base_name=SSSD-child-15831 397s + local output_file=/tmp/sssd-softhsm2-GIPATm/SSSD-child-15831.output 397s + output_cert_file=/tmp/sssd-softhsm2-GIPATm/SSSD-child-15831.pem 397s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --verify=no_verification --ca_db=/dev/null 397s [p11_child[3085]] [main] (0x0400): p11_child started. 397s Test Organization Root Tr Token 397s [p11_child[3085]] [main] (0x2000): Running in [pre-auth] mode. 397s [p11_child[3085]] [main] (0x2000): Running with effective IDs: [0][0]. 397s [p11_child[3085]] [main] (0x2000): Running with real IDs [0][0]. 397s [p11_child[3085]] [parse_cert_verify_opts] (0x0020): Found 'no_verification' option, disabling verification completely. This should not be used in production. 397s [p11_child[3085]] [do_card] (0x4000): Module List: 397s [p11_child[3085]] [do_card] (0x4000): common name: [softhsm2]. 397s [p11_child[3085]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 397s [p11_child[3085]] [do_card] (0x4000): Description [SoftHSM slot ID 0x765c03e4] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 397s [p11_child[3085]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 397s [p11_child[3085]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x765c03e4][1985741796] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 397s [p11_child[3085]] [do_card] (0x4000): Login NOT required. 397s [p11_child[3085]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 397s [p11_child[3085]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Root Tr Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 397s [p11_child[3085]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x765c03e4;slot-manufacturer=SoftHSM%20project;slot-id=1985741796;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=e4ac5d3c765c03e4;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 397s [p11_child[3085]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 397s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-GIPATm/SSSD-child-15831.output 397s + echo '-----BEGIN CERTIFICATE-----' 397s + tail -n1 /tmp/sssd-softhsm2-GIPATm/SSSD-child-15831.output 397s + echo '-----END CERTIFICATE-----' 397s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-GIPATm/SSSD-child-15831.pem 398s + local found_md5 expected_md5 398s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-GIPATm/test-root-CA-trusted-certificate-0001.pem 398s Certificate: 398s Data: 398s Version: 3 (0x2) 398s Serial Number: 3 (0x3) 398s Signature Algorithm: sha256WithRSAEncryption 398s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 398s Validity 398s Not Before: Apr 11 17:25:10 2024 GMT 398s Not After : Apr 11 17:25:10 2025 GMT 398s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 398s Subject Public Key Info: 398s Public Key Algorithm: rsaEncryption 398s Public-Key: (1024 bit) 398s Modulus: 398s 00:c9:48:ed:25:ef:73:80:7b:23:91:d1:f2:f4:17: 398s 74:d2:07:b5:0f:09:ad:e3:fa:45:4f:d3:20:b0:d9: 398s b9:29:7f:18:49:ec:8c:b8:27:5b:aa:80:16:3c:c8: 398s 98:6b:bf:3f:cd:23:ee:6b:5e:b0:5d:d3:22:02:d0: 398s 4c:9a:53:cb:b3:a0:fc:30:5a:dd:63:9d:91:c4:63: 398s a9:a6:17:7f:0c:bb:f6:31:35:80:e9:62:a4:09:5b: 398s 0d:34:f7:05:7d:34:2b:da:b7:f0:85:cc:19:60:a9: 398s bb:50:e4:c5:ed:9d:f8:39:81:eb:16:d0:57:ea:53: 398s 9f:5c:15:82:9d:4d:00:12:e5 398s Exponent: 65537 (0x10001) 398s X509v3 extensions: 398s X509v3 Authority Key Identifier: 398s D0:27:EE:8A:9F:9A:32:B0:4D:3A:C9:2F:9C:6D:8B:FB:23:0E:FA:B6 398s X509v3 Basic Constraints: 398s CA:FALSE 398s Netscape Cert Type: 398s SSL Client, S/MIME 398s Netscape Comment: 398s Test Organization Root CA trusted Certificate 398s X509v3 Subject Key Identifier: 398s A4:62:E5:38:E0:03:E6:C7:50:B0:1F:BD:5B:FE:A7:15:11:56:98:E0 398s X509v3 Key Usage: critical 398s Digital Signature, Non Repudiation, Key Encipherment 398s X509v3 Extended Key Usage: 398s TLS Web Client Authentication, E-mail Protection 398s X509v3 Subject Alternative Name: 398s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 398s Signature Algorithm: sha256WithRSAEncryption 398s Signature Value: 398s 33:c3:0c:b9:0a:55:ac:c4:ae:0f:14:51:09:2a:3b:2a:3b:14: 398s 0c:fb:2b:97:70:77:f5:21:67:b7:9c:fd:86:4a:06:b4:49:e6: 398s b3:80:30:f6:b3:47:f6:03:55:3b:2f:8f:bb:7e:52:72:34:2e: 398s bb:d5:54:fd:bc:f3:52:d9:8e:e3:e7:09:a0:f6:25:41:8d:ec: 398s 26:0b:13:41:cf:48:e6:3b:43:6e:31:8b:3d:eb:f7:e5:d3:6e: 398s d4:41:d6:53:87:21:e6:23:dc:ec:c6:ee:c4:1a:fd:48:76:56: 398s 43:ce:5b:7a:07:c3:65:ec:8f:81:7f:ba:4c:86:99:03:79:c2: 398s 5d:79 398s + expected_md5=Modulus=C948ED25EF73807B2391D1F2F41774D207B50F09ADE3FA454FD320B0D9B9297F1849EC8CB8275BAA80163CC8986BBF3FCD23EE6B5EB05DD32202D04C9A53CBB3A0FC305ADD639D91C463A9A6177F0CBBF6313580E962A4095B0D34F7057D342BDAB7F085CC1960A9BB50E4C5ED9DF83981EB16D057EA539F5C15829D4D0012E5 398s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-GIPATm/SSSD-child-15831.pem 398s + found_md5=Modulus=C948ED25EF73807B2391D1F2F41774D207B50F09ADE3FA454FD320B0D9B9297F1849EC8CB8275BAA80163CC8986BBF3FCD23EE6B5EB05DD32202D04C9A53CBB3A0FC305ADD639D91C463A9A6177F0CBBF6313580E962A4095B0D34F7057D342BDAB7F085CC1960A9BB50E4C5ED9DF83981EB16D057EA539F5C15829D4D0012E5 398s + '[' Modulus=C948ED25EF73807B2391D1F2F41774D207B50F09ADE3FA454FD320B0D9B9297F1849EC8CB8275BAA80163CC8986BBF3FCD23EE6B5EB05DD32202D04C9A53CBB3A0FC305ADD639D91C463A9A6177F0CBBF6313580E962A4095B0D34F7057D342BDAB7F085CC1960A9BB50E4C5ED9DF83981EB16D057EA539F5C15829D4D0012E5 '!=' Modulus=C948ED25EF73807B2391D1F2F41774D207B50F09ADE3FA454FD320B0D9B9297F1849EC8CB8275BAA80163CC8986BBF3FCD23EE6B5EB05DD32202D04C9A53CBB3A0FC305ADD639D91C463A9A6177F0CBBF6313580E962A4095B0D34F7057D342BDAB7F085CC1960A9BB50E4C5ED9DF83981EB16D057EA539F5C15829D4D0012E5 ']' 398s + output_file=/tmp/sssd-softhsm2-GIPATm/SSSD-child-15831-auth.output 398s ++ basename /tmp/sssd-softhsm2-GIPATm/SSSD-child-15831-auth.output .output 398s + output_cert_file=/tmp/sssd-softhsm2-GIPATm/SSSD-child-15831-auth.pem 398s + echo -n 053350 398s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/dev/null --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=no_verification --token_name 'Test Organization Root Tr Token' --module_name /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so 398s [p11_child[3093]] [main] (0x0400): p11_child started. 398s [p11_child[3093]] [main] (0x2000): Running in [auth] mode. 398s [p11_child[3093]] [main] (0x2000): Running with effective IDs: [0][0]. 398s [p11_child[3093]] [main] (0x2000): Running with real IDs [0][0]. 398s [p11_child[3093]] [parse_cert_verify_opts] (0x0020): Found 'no_verification' option, disabling verification completely. This should not be used in production. 398s [p11_child[3093]] [do_card] (0x4000): Module List: 398s [p11_child[3093]] [do_card] (0x4000): common name: [softhsm2]. 398s [p11_child[3093]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 398s [p11_child[3093]] [do_card] (0x4000): Description [SoftHSM slot ID 0x765c03e4] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 398s [p11_child[3093]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 398s [p11_child[3093]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x765c03e4][1985741796] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 398s [p11_child[3093]] [do_card] (0x4000): Login required. 398s [p11_child[3093]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 398s [p11_child[3093]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so Test Organization Root Tr Token Test Organization Root Tr Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 398s [p11_child[3093]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x765c03e4;slot-manufacturer=SoftHSM%20project;slot-id=1985741796;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=e4ac5d3c765c03e4;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 398s [p11_child[3093]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 398s [p11_child[3093]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 398s [p11_child[3093]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 398s [p11_child[3093]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 398s Certificate: 398s Data: 398s Version: 3 (0x2) 398s Serial Number: 3 (0x3) 398s Signature Algorithm: sha256WithRSAEncryption 398s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 398s Validity 398s Not Before: Apr 11 17:25:10 2024 GMT 398s Not After : Apr 11 17:25:10 2025 GMT 398s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 398s Subject Public Key Info: 398s Public Key Algorithm: rsaEncryption 398s Public-Key: (1024 bit) 398s Modulus: 398s 00:c9:48:ed:25:ef:73:80:7b:23:91:d1:f2:f4:17: 398s 74:d2:07:b5:0f:09:ad:e3:fa:45:4f:d3:20:b0:d9: 398s b9:29:7f:18:49:ec:8c:b8:27:5b:aa:80:16:3c:c8: 398s 98:6b:bf:3f:cd:23:ee:6b:5e:b0:5d:d3:22:02:d0: 398s 4c:9a:53:cb:b3:a0:fc:30:5a:dd:63:9d:91:c4:63: 398s a9:a6:17:7f:0c:bb:f6:31:35:80:e9:62:a4:09:5b: 398s 0d:34:f7:05:7d:34:2b:da:b7:f0:85:cc:19:60:a9: 398s bb:50:e4:c5:ed:9d:f8:39:81:eb:16:d0:57:ea:53: 398s 9f:5c:15:82:9d:4d:00:12:e5 398s Exponent: 65537 (0x10001) 398s X509v3 extensions: 398s X509v3 Authority Key Identifier: 398s D0:27:EE:8A:9F:9A:32:B0:4D:3A:C9:2F:9C:6D:8B:FB:23:0E:FA:B6 398s X509v3 Basic Constraints: 398s CA:FALSE 398s Netscape Cert Type: 398s SSL Client, S/MIME 398s Netscape Comment: 398s Test Organization Root CA trusted Certificate 398s X509v3 Subject Key Identifier: 398s A4:62:E5:38:E0:03:E6:C7:50:B0:1F:BD:5B:FE:A7:15:11:56:98:E0 398s X509v3 Key Usage: critical 398s Digital Signature, Non Repudiation, Key Encipherment 398s X509v3 Extended Key Usage: 398s TLS Web Client Authentication, E-mail Protection 398s X509v3 Subject Alternative Name: 398s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 398s Signature Algorithm: sha256WithRSAEncryption 398s Signature Value: 398s 33:c3:0c:b9:0a:55:ac:c4:ae:0f:14:51:09:2a:3b:2a:3b:14: 398s 0c:fb:2b:97:70:77:f5:21:67:b7:9c:fd:86:4a:06:b4:49:e6: 398s b3:80:30:f6:b3:47:f6:03:55:3b:2f:8f:bb:7e:52:72:34:2e: 398s bb:d5:54:fd:bc:f3:52:d9:8e:e3:e7:09:a0:f6:25:41:8d:ec: 398s 26:0b:13:41:cf:48:e6:3b:43:6e:31:8b:3d:eb:f7:e5:d3:6e: 398s d4:41:d6:53:87:21:e6:23:dc:ec:c6:ee:c4:1a:fd:48:76:56: 398s 43:ce:5b:7a:07:c3:65:ec:8f:81:7f:ba:4c:86:99:03:79:c2: 398s 5d:79 398s [p11_child[3093]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 398s [p11_child[3093]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 398s [p11_child[3093]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 398s [p11_child[3093]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 398s [p11_child[3093]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 398s [p11_child[3093]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 398s [p11_child[3093]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 398s [p11_child[3093]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 398s [p11_child[3093]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 398s [p11_child[3093]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 398s [p11_child[3093]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 398s [p11_child[3093]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 398s [p11_child[3093]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 398s [p11_child[3093]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 398s [p11_child[3093]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 398s [p11_child[3093]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 398s [p11_child[3093]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 398s [p11_child[3093]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 398s [p11_child[3093]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 398s [p11_child[3093]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 398s [p11_child[3093]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 398s [p11_child[3093]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 398s [p11_child[3093]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 398s [p11_child[3093]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 398s [p11_child[3093]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 398s [p11_child[3093]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 398s [p11_child[3093]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 398s [p11_child[3093]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 398s [p11_child[3093]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 398s [p11_child[3093]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 398s [p11_child[3093]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 398s [p11_child[3093]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 398s [p11_child[3093]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 398s [p11_child[3093]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 398s [p11_child[3093]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 398s [p11_child[3093]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 398s [p11_child[3093]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 398s [p11_child[3093]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 398s [p11_child[3093]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 398s [p11_child[3093]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 398s [p11_child[3093]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 398s [p11_child[3093]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 398s [p11_child[3093]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 398s [p11_child[3093]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 398s [p11_child[3093]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 398s [p11_child[3093]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 398s [p11_child[3093]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 398s [p11_child[3093]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 398s [p11_child[3093]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 398s [p11_child[3093]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 398s [p11_child[3093]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 398s [p11_child[3093]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 398s [p11_child[3093]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 398s [p11_child[3093]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 398s [p11_child[3093]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 398s [p11_child[3093]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 398s [p11_child[3093]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 398s [p11_child[3093]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 398s [p11_child[3093]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 398s [p11_child[3093]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 398s [p11_child[3093]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 398s [p11_child[3093]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 398s [p11_child[3093]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 398s [p11_child[3093]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 398s [p11_child[3093]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 398s [p11_child[3093]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 398s [p11_child[3093]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 398s [p11_child[3093]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 398s [p11_child[3093]] [do_card] (0x4000): Certificate verified and validated. 398s [p11_child[3093]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 398s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-GIPATm/SSSD-child-15831-auth.output 398s + echo '-----BEGIN CERTIFICATE-----' 398s + tail -n1 /tmp/sssd-softhsm2-GIPATm/SSSD-child-15831-auth.output 398s + echo '-----END CERTIFICATE-----' 398s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-GIPATm/SSSD-child-15831-auth.pem 398s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-GIPATm/SSSD-child-15831-auth.pem 398s + found_md5=Modulus=C948ED25EF73807B2391D1F2F41774D207B50F09ADE3FA454FD320B0D9B9297F1849EC8CB8275BAA80163CC8986BBF3FCD23EE6B5EB05DD32202D04C9A53CBB3A0FC305ADD639D91C463A9A6177F0CBBF6313580E962A4095B0D34F7057D342BDAB7F085CC1960A9BB50E4C5ED9DF83981EB16D057EA539F5C15829D4D0012E5 398s + '[' Modulus=C948ED25EF73807B2391D1F2F41774D207B50F09ADE3FA454FD320B0D9B9297F1849EC8CB8275BAA80163CC8986BBF3FCD23EE6B5EB05DD32202D04C9A53CBB3A0FC305ADD639D91C463A9A6177F0CBBF6313580E962A4095B0D34F7057D342BDAB7F085CC1960A9BB50E4C5ED9DF83981EB16D057EA539F5C15829D4D0012E5 '!=' Modulus=C948ED25EF73807B2391D1F2F41774D207B50F09ADE3FA454FD320B0D9B9297F1849EC8CB8275BAA80163CC8986BBF3FCD23EE6B5EB05DD32202D04C9A53CBB3A0FC305ADD639D91C463A9A6177F0CBBF6313580E962A4095B0D34F7057D342BDAB7F085CC1960A9BB50E4C5ED9DF83981EB16D057EA539F5C15829D4D0012E5 ']' 398s + valid_certificate /tmp/sssd-softhsm2-GIPATm/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-7250 /tmp/sssd-softhsm2-GIPATm/test-root-CA.pem 398s + check_certificate /tmp/sssd-softhsm2-GIPATm/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-7250 /tmp/sssd-softhsm2-GIPATm/test-root-CA.pem 398s + local certificate=/tmp/sssd-softhsm2-GIPATm/test-root-CA-trusted-certificate-0001.pem 398s + local key_pass=pass:random-root-ca-trusted-cert-0001-7250 398s + local key_ring=/tmp/sssd-softhsm2-GIPATm/test-root-CA.pem 398s + local verify_option= 398s + prepare_softhsm2_card /tmp/sssd-softhsm2-GIPATm/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-7250 398s + local certificate=/tmp/sssd-softhsm2-GIPATm/test-root-CA-trusted-certificate-0001.pem 398s + local key_pass=pass:random-root-ca-trusted-cert-0001-7250 398s + local key_cn 398s + local key_name 398s + local tokens_dir 398s + local output_cert_file 398s + token_name= 398s ++ basename /tmp/sssd-softhsm2-GIPATm/test-root-CA-trusted-certificate-0001.pem .pem 398s + key_name=test-root-CA-trusted-certificate-0001 398s ++ sed -n 's/ *commonName *= //p' 398s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-GIPATm/test-root-CA-trusted-certificate-0001.pem 398s + key_cn='Test Organization Root Trusted Certificate 0001' 398s Test Organization Root Tr Token 398s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 398s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-GIPATm/softhsm2-test-root-CA-trusted-certificate-0001.conf 398s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-GIPATm/softhsm2-test-root-CA-trusted-certificate-0001.conf 398s ++ basename /tmp/sssd-softhsm2-GIPATm/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 398s + tokens_dir=/tmp/sssd-softhsm2-GIPATm/softhsm2-test-root-CA-trusted-certificate-0001 398s + token_name='Test Organization Root Tr Token' 398s + '[' '!' -e /tmp/sssd-softhsm2-GIPATm/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 398s + '[' '!' -d /tmp/sssd-softhsm2-GIPATm/softhsm2-test-root-CA-trusted-certificate-0001 ']' 398s + echo 'Test Organization Root Tr Token' 398s + '[' -n '' ']' 398s + local output_base_name=SSSD-child-25579 398s + local output_file=/tmp/sssd-softhsm2-GIPATm/SSSD-child-25579.output 398s + output_cert_file=/tmp/sssd-softhsm2-GIPATm/SSSD-child-25579.pem 398s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-GIPATm/test-root-CA.pem 398s [p11_child[3103]] [main] (0x0400): p11_child started. 398s [p11_child[3103]] [main] (0x2000): Running in [pre-auth] mode. 398s [p11_child[3103]] [main] (0x2000): Running with effective IDs: [0][0]. 398s [p11_child[3103]] [main] (0x2000): Running with real IDs [0][0]. 398s [p11_child[3103]] [do_card] (0x4000): Module List: 398s [p11_child[3103]] [do_card] (0x4000): common name: [softhsm2]. 398s [p11_child[3103]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 398s [p11_child[3103]] [do_card] (0x4000): Description [SoftHSM slot ID 0x765c03e4] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 398s [p11_child[3103]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 398s [p11_child[3103]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x765c03e4][1985741796] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 398s [p11_child[3103]] [do_card] (0x4000): Login NOT required. 398s [p11_child[3103]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 398s [p11_child[3103]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 398s [p11_child[3103]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Root Tr Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 398s [p11_child[3103]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x765c03e4;slot-manufacturer=SoftHSM%20project;slot-id=1985741796;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=e4ac5d3c765c03e4;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 398s [p11_child[3103]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 398s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-GIPATm/SSSD-child-25579.output 398s + echo '-----BEGIN CERTIFICATE-----' 398s + tail -n1 /tmp/sssd-softhsm2-GIPATm/SSSD-child-25579.output 398s + echo '-----END CERTIFICATE-----' 398s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-GIPATm/SSSD-child-25579.pem 398s Certificate: 398s Data: 398s Version: 3 (0x2) 398s Serial Number: 3 (0x3) 398s Signature Algorithm: sha256WithRSAEncryption 398s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 398s Validity 398s Not Before: Apr 11 17:25:10 2024 GMT 398s Not After : Apr 11 17:25:10 2025 GMT 398s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 398s Subject Public Key Info: 398s Public Key Algorithm: rsaEncryption 398s Public-Key: (1024 bit) 398s Modulus: 398s 00:c9:48:ed:25:ef:73:80:7b:23:91:d1:f2:f4:17: 398s 74:d2:07:b5:0f:09:ad:e3:fa:45:4f:d3:20:b0:d9: 398s b9:29:7f:18:49:ec:8c:b8:27:5b:aa:80:16:3c:c8: 398s 98:6b:bf:3f:cd:23:ee:6b:5e:b0:5d:d3:22:02:d0: 398s 4c:9a:53:cb:b3:a0:fc:30:5a:dd:63:9d:91:c4:63: 398s a9:a6:17:7f:0c:bb:f6:31:35:80:e9:62:a4:09:5b: 398s 0d:34:f7:05:7d:34:2b:da:b7:f0:85:cc:19:60:a9: 398s bb:50:e4:c5:ed:9d:f8:39:81:eb:16:d0:57:ea:53: 398s 9f:5c:15:82:9d:4d:00:12:e5 398s Exponent: 65537 (0x10001) 398s X509v3 extensions: 398s X509v3 Authority Key Identifier: 398s D0:27:EE:8A:9F:9A:32:B0:4D:3A:C9:2F:9C:6D:8B:FB:23:0E:FA:B6 398s X509v3 Basic Constraints: 398s CA:FALSE 398s Netscape Cert Type: 398s SSL Client, S/MIME 398s Netscape Comment: 398s Test Organization Root CA trusted Certificate 398s X509v3 Subject Key Identifier: 398s A4:62:E5:38:E0:03:E6:C7:50:B0:1F:BD:5B:FE:A7:15:11:56:98:E0 398s X509v3 Key Usage: critical 398s Digital Signature, Non Repudiation, Key Encipherment 398s X509v3 Extended Key Usage: 398s TLS Web Client Authentication, E-mail Protection 398s X509v3 Subject Alternative Name: 398s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 398s Signature Algorithm: sha256WithRSAEncryption 398s Signature Value: 398s 33:c3:0c:b9:0a:55:ac:c4:ae:0f:14:51:09:2a:3b:2a:3b:14: 398s 0c:fb:2b:97:70:77:f5:21:67:b7:9c:fd:86:4a:06:b4:49:e6: 398s b3:80:30:f6:b3:47:f6:03:55:3b:2f:8f:bb:7e:52:72:34:2e: 398s bb:d5:54:fd:bc:f3:52:d9:8e:e3:e7:09:a0:f6:25:41:8d:ec: 398s 26:0b:13:41:cf:48:e6:3b:43:6e:31:8b:3d:eb:f7:e5:d3:6e: 398s d4:41:d6:53:87:21:e6:23:dc:ec:c6:ee:c4:1a:fd:48:76:56: 398s 43:ce:5b:7a:07:c3:65:ec:8f:81:7f:ba:4c:86:99:03:79:c2: 398s 5d:79 398s + local found_md5 expected_md5 398s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-GIPATm/test-root-CA-trusted-certificate-0001.pem 398s + expected_md5=Modulus=C948ED25EF73807B2391D1F2F41774D207B50F09ADE3FA454FD320B0D9B9297F1849EC8CB8275BAA80163CC8986BBF3FCD23EE6B5EB05DD32202D04C9A53CBB3A0FC305ADD639D91C463A9A6177F0CBBF6313580E962A4095B0D34F7057D342BDAB7F085CC1960A9BB50E4C5ED9DF83981EB16D057EA539F5C15829D4D0012E5 398s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-GIPATm/SSSD-child-25579.pem 398s + found_md5=Modulus=C948ED25EF73807B2391D1F2F41774D207B50F09ADE3FA454FD320B0D9B9297F1849EC8CB8275BAA80163CC8986BBF3FCD23EE6B5EB05DD32202D04C9A53CBB3A0FC305ADD639D91C463A9A6177F0CBBF6313580E962A4095B0D34F7057D342BDAB7F085CC1960A9BB50E4C5ED9DF83981EB16D057EA539F5C15829D4D0012E5 398s + '[' Modulus=C948ED25EF73807B2391D1F2F41774D207B50F09ADE3FA454FD320B0D9B9297F1849EC8CB8275BAA80163CC8986BBF3FCD23EE6B5EB05DD32202D04C9A53CBB3A0FC305ADD639D91C463A9A6177F0CBBF6313580E962A4095B0D34F7057D342BDAB7F085CC1960A9BB50E4C5ED9DF83981EB16D057EA539F5C15829D4D0012E5 '!=' Modulus=C948ED25EF73807B2391D1F2F41774D207B50F09ADE3FA454FD320B0D9B9297F1849EC8CB8275BAA80163CC8986BBF3FCD23EE6B5EB05DD32202D04C9A53CBB3A0FC305ADD639D91C463A9A6177F0CBBF6313580E962A4095B0D34F7057D342BDAB7F085CC1960A9BB50E4C5ED9DF83981EB16D057EA539F5C15829D4D0012E5 ']' 398s + output_file=/tmp/sssd-softhsm2-GIPATm/SSSD-child-25579-auth.output 398s ++ basename /tmp/sssd-softhsm2-GIPATm/SSSD-child-25579-auth.output .output 398s + output_cert_file=/tmp/sssd-softhsm2-GIPATm/SSSD-child-25579-auth.pem 398s + echo -n 053350 398s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-GIPATm/test-root-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 '' --token_name 'Test Organization Root Tr Token' --module_name /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so 398s [p11_child[3111]] [main] (0x0400): p11_child started. 398s [p11_child[3111]] [main] (0x2000): Running in [auth] mode. 398s [p11_child[3111]] [main] (0x2000): Running with effective IDs: [0][0]. 398s [p11_child[3111]] [main] (0x2000): Running with real IDs [0][0]. 398s [p11_child[3111]] [do_card] (0x4000): Module List: 398s [p11_child[3111]] [do_card] (0x4000): common name: [softhsm2]. 398s [p11_child[3111]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 398s [p11_child[3111]] [do_card] (0x4000): Description [SoftHSM slot ID 0x765c03e4] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 398s [p11_child[3111]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 398s [p11_child[3111]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x765c03e4][1985741796] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 398s [p11_child[3111]] [do_card] (0x4000): Login required. 398s [p11_child[3111]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 398s [p11_child[3111]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 398s [p11_child[3111]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so Test Organization Root Tr Token Test Organization Root Tr Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 398s [p11_child[3111]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x765c03e4;slot-manufacturer=SoftHSM%20project;slot-id=1985741796;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=e4ac5d3c765c03e4;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 398s [p11_child[3111]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 398s [p11_child[3111]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 398s [p11_child[3111]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 398s [p11_child[3111]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 398s [p11_child[3111]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 398s [p11_child[3111]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 398s [p11_child[3111]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 398s [p11_child[3111]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 398s [p11_child[3111]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 398s [p11_child[3111]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 398s [p11_child[3111]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 398s [p11_child[3111]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 398s [p11_child[3111]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 398s [p11_child[3111]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 398s [p11_child[3111]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 398s [p11_child[3111]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 398s [p11_child[3111]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 398s [p11_child[3111]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 398s [p11_child[3111]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 398s [p11_child[3111]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 398s [p11_child[3111]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 398s [p11_child[3111]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 398s [p11_child[3111]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 398s [p11_child[3111]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 398s [p11_child[3111]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 398s [p11_child[3111]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 398s [p11_child[3111]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 398s [p11_child[3111]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 398s [p11_child[3111]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 398s [p11_child[3111]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 398s [p11_child[3111]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 398s [p11_child[3111]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 398s [p11_child[3111]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 398s [p11_child[3111]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 398s [p11_child[3111]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 398s [p11_child[3111]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 398s [p11_child[3111]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 398s [p11_child[3111]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 398s [p11_child[3111]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 398s [p11_child[3111]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 398s [p11_child[3111]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 398s [p11_child[3111]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 398s [p11_child[3111]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 398s [p11_child[3111]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 398s [p11_child[3111]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 398s [p11_child[3111]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 398s [p11_child[3111]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 398s [p11_child[3111]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 398s [p11_child[3111]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 398s [p11_child[3111]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 398s [p11_child[3111]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 398s [p11_child[3111]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 398s [p11_child[3111]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 398s [p11_child[3111]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 398s [p11_child[3111]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 398s [p11_child[3111]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 398s [p11_child[3111]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 398s [p11_child[3111]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 398s [p11_child[3111]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 398s [p11_child[3111]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 398s [p11_child[3111]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 398s [p11_child[3111]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 398s [p11_child[3111]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 398s [p11_child[3111]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 398s [p11_child[3111]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 398s [p11_child[3111]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 398s [p11_child[3111]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 398s [p11_child[3111]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 398s [p11_child[3111]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 398s [p11_child[3111]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 398s [p11_child[3111]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 398s [p11_child[3111]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 398s [p11_child[3111]] [do_card] (0x4000): Certificate verified and validated. 398s [p11_child[3111]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 398s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-GIPATm/SSSD-child-25579-auth.output 398s + echo '-----BEGIN CERTIFICATE-----' 398s + tail -n1 /tmp/sssd-softhsm2-GIPATm/SSSD-child-25579-auth.output 398s + echo '-----END CERTIFICATE-----' 398s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-GIPATm/SSSD-child-25579-auth.pem 398s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-GIPATm/SSSD-child-25579-auth.pem 398s Certificate: 398s Data: 398s Version: 3 (0x2) 398s Serial Number: 3 (0x3) 398s Signature Algorithm: sha256WithRSAEncryption 398s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 398s Validity 398s Not Before: Apr 11 17:25:10 2024 GMT 398s Not After : Apr 11 17:25:10 2025 GMT 398s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 398s Subject Public Key Info: 398s Public Key Algorithm: rsaEncryption 398s Public-Key: (1024 bit) 398s Modulus: 398s 00:c9:48:ed:25:ef:73:80:7b:23:91:d1:f2:f4:17: 398s 74:d2:07:b5:0f:09:ad:e3:fa:45:4f:d3:20:b0:d9: 398s b9:29:7f:18:49:ec:8c:b8:27:5b:aa:80:16:3c:c8: 398s 98:6b:bf:3f:cd:23:ee:6b:5e:b0:5d:d3:22:02:d0: 398s 4c:9a:53:cb:b3:a0:fc:30:5a:dd:63:9d:91:c4:63: 398s a9:a6:17:7f:0c:bb:f6:31:35:80:e9:62:a4:09:5b: 398s 0d:34:f7:05:7d:34:2b:da:b7:f0:85:cc:19:60:a9: 398s bb:50:e4:c5:ed:9d:f8:39:81:eb:16:d0:57:ea:53: 398s 9f:5c:15:82:9d:4d:00:12:e5 398s Exponent: 65537 (0x10001) 398s X509v3 extensions: 398s X509v3 Authority Key Identifier: 398s D0:27:EE:8A:9F:9A:32:B0:4D:3A:C9:2F:9C:6D:8B:FB:23:0E:FA:B6 398s X509v3 Basic Constraints: 398s CA:FALSE 398s Netscape Cert Type: 398s SSL Client, S/MIME 398s Netscape Comment: 398s Test Organization Root CA trusted Certificate 398s X509v3 Subject Key Identifier: 398s A4:62:E5:38:E0:03:E6:C7:50:B0:1F:BD:5B:FE:A7:15:11:56:98:E0 398s X509v3 Key Usage: critical 398s Digital Signature, Non Repudiation, Key Encipherment 398s X509v3 Extended Key Usage: 398s TLS Web Client Authentication, E-mail Protection 398s X509v3 Subject Alternative Name: 398s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 398s Signature Algorithm: sha256WithRSAEncryption 398s Signature Value: 398s 33:c3:0c:b9:0a:55:ac:c4:ae:0f:14:51:09:2a:3b:2a:3b:14: 398s 0c:fb:2b:97:70:77:f5:21:67:b7:9c:fd:86:4a:06:b4:49:e6: 398s b3:80:30:f6:b3:47:f6:03:55:3b:2f:8f:bb:7e:52:72:34:2e: 398s bb:d5:54:fd:bc:f3:52:d9:8e:e3:e7:09:a0:f6:25:41:8d:ec: 398s 26:0b:13:41:cf:48:e6:3b:43:6e:31:8b:3d:eb:f7:e5:d3:6e: 398s d4:41:d6:53:87:21:e6:23:dc:ec:c6:ee:c4:1a:fd:48:76:56: 398s 43:ce:5b:7a:07:c3:65:ec:8f:81:7f:ba:4c:86:99:03:79:c2: 398s 5d:79 398s + found_md5=Modulus=C948ED25EF73807B2391D1F2F41774D207B50F09ADE3FA454FD320B0D9B9297F1849EC8CB8275BAA80163CC8986BBF3FCD23EE6B5EB05DD32202D04C9A53CBB3A0FC305ADD639D91C463A9A6177F0CBBF6313580E962A4095B0D34F7057D342BDAB7F085CC1960A9BB50E4C5ED9DF83981EB16D057EA539F5C15829D4D0012E5 398s + '[' Modulus=C948ED25EF73807B2391D1F2F41774D207B50F09ADE3FA454FD320B0D9B9297F1849EC8CB8275BAA80163CC8986BBF3FCD23EE6B5EB05DD32202D04C9A53CBB3A0FC305ADD639D91C463A9A6177F0CBBF6313580E962A4095B0D34F7057D342BDAB7F085CC1960A9BB50E4C5ED9DF83981EB16D057EA539F5C15829D4D0012E5 '!=' Modulus=C948ED25EF73807B2391D1F2F41774D207B50F09ADE3FA454FD320B0D9B9297F1849EC8CB8275BAA80163CC8986BBF3FCD23EE6B5EB05DD32202D04C9A53CBB3A0FC305ADD639D91C463A9A6177F0CBBF6313580E962A4095B0D34F7057D342BDAB7F085CC1960A9BB50E4C5ED9DF83981EB16D057EA539F5C15829D4D0012E5 ']' 398s + valid_certificate /tmp/sssd-softhsm2-GIPATm/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-7250 /tmp/sssd-softhsm2-GIPATm/test-root-CA.pem partial_chain 398s + check_certificate /tmp/sssd-softhsm2-GIPATm/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-7250 /tmp/sssd-softhsm2-GIPATm/test-root-CA.pem partial_chain 398s + local certificate=/tmp/sssd-softhsm2-GIPATm/test-root-CA-trusted-certificate-0001.pem 398s + local key_pass=pass:random-root-ca-trusted-cert-0001-7250 398s + local key_ring=/tmp/sssd-softhsm2-GIPATm/test-root-CA.pem 398s + local verify_option=partial_chain 398s + prepare_softhsm2_card /tmp/sssd-softhsm2-GIPATm/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-7250 398s + local certificate=/tmp/sssd-softhsm2-GIPATm/test-root-CA-trusted-certificate-0001.pem 398s + local key_pass=pass:random-root-ca-trusted-cert-0001-7250 398s + local key_cn 398s + local key_name 398s + local tokens_dir 398s + local output_cert_file 398s + token_name= 398s ++ basename /tmp/sssd-softhsm2-GIPATm/test-root-CA-trusted-certificate-0001.pem .pem 398s + key_name=test-root-CA-trusted-certificate-0001 398s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-GIPATm/test-root-CA-trusted-certificate-0001.pem 398s ++ sed -n 's/ *commonName *= //p' 398s + key_cn='Test Organization Root Trusted Certificate 0001' 398s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 398s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-GIPATm/softhsm2-test-root-CA-trusted-certificate-0001.conf 398s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-GIPATm/softhsm2-test-root-CA-trusted-certificate-0001.conf 398s ++ basename /tmp/sssd-softhsm2-GIPATm/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 398s + tokens_dir=/tmp/sssd-softhsm2-GIPATm/softhsm2-test-root-CA-trusted-certificate-0001 398s + token_name='Test Organization Root Tr Token' 398s + '[' '!' -e /tmp/sssd-softhsm2-GIPATm/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 398s + '[' '!' -d /tmp/sssd-softhsm2-GIPATm/softhsm2-test-root-CA-trusted-certificate-0001 ']' 398s + echo 'Test Organization Root Tr Token' 398s + '[' -n partial_chain ']' 398s + local verify_arg=--verify=partial_chain 398s + local output_base_name=SSSD-child-22091 398s + local output_file=/tmp/sssd-softhsm2-GIPATm/SSSD-child-22091.output 398s + output_cert_file=/tmp/sssd-softhsm2-GIPATm/SSSD-child-22091.pem 398s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-GIPATm/test-root-CA.pem 398s [p11_child[3121]] [main] (0x0400): p11_child started. 398s [p11_child[3121]] [main] (0x2000): Running in [pre-auth] mode. 398s [p11_child[3121]] [main] (0x2000): Running with effective IDs: [0][0]. 398s [p11_child[3121]] [main] (0x2000): Running with real IDs [0][0]. 398s [p11_child[3121]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 398s [p11_child[3121]] [do_card] (0x4000): Module List: 398s [p11_child[3121]] [do_card] (0x4000): common name: [softhsm2]. 398s [p11_child[3121]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 398s [p11_child[3121]] [do_card] (0x4000): Description [SoftHSM slot ID 0x765c03e4] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 398s Test Organization Root Tr Token 398s [p11_child[3121]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 398s [p11_child[3121]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x765c03e4][1985741796] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 398s [p11_child[3121]] [do_card] (0x4000): Login NOT required. 398s [p11_child[3121]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 398s [p11_child[3121]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 398s [p11_child[3121]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Root Tr Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 398s [p11_child[3121]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x765c03e4;slot-manufacturer=SoftHSM%20project;slot-id=1985741796;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=e4ac5d3c765c03e4;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 398s [p11_child[3121]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 398s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-GIPATm/SSSD-child-22091.output 398s + echo '-----BEGIN CERTIFICATE-----' 398s + tail -n1 /tmp/sssd-softhsm2-GIPATm/SSSD-child-22091.output 398s + echo '-----END CERTIFICATE-----' 398s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-GIPATm/SSSD-child-22091.pem 398s Certificate: 398s Data: 398s Version: 3 (0x2) 398s Serial Number: 3 (0x3) 398s Signature Algorithm: sha256WithRSAEncryption 398s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 398s Validity 398s Not Before: Apr 11 17:25:10 2024 GMT 398s Not After : Apr 11 17:25:10 2025 GMT 398s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 398s Subject Public Key Info: 398s Public Key Algorithm: rsaEncryption 398s Public-Key: (1024 bit) 398s Modulus: 398s 00:c9:48:ed:25:ef:73:80:7b:23:91:d1:f2:f4:17: 398s 74:d2:07:b5:0f:09:ad:e3:fa:45:4f:d3:20:b0:d9: 398s b9:29:7f:18:49:ec:8c:b8:27:5b:aa:80:16:3c:c8: 398s 98:6b:bf:3f:cd:23:ee:6b:5e:b0:5d:d3:22:02:d0: 398s 4c:9a:53:cb:b3:a0:fc:30:5a:dd:63:9d:91:c4:63: 398s a9:a6:17:7f:0c:bb:f6:31:35:80:e9:62:a4:09:5b: 398s 0d:34:f7:05:7d:34:2b:da:b7:f0:85:cc:19:60:a9: 398s bb:50:e4:c5:ed:9d:f8:39:81:eb:16:d0:57:ea:53: 398s 9f:5c:15:82:9d:4d:00:12:e5 398s Exponent: 65537 (0x10001) 398s X509v3 extensions: 398s X509v3 Authority Key Identifier: 398s D0:27:EE:8A:9F:9A:32:B0:4D:3A:C9:2F:9C:6D:8B:FB:23:0E:FA:B6 398s X509v3 Basic Constraints: 398s CA:FALSE 398s Netscape Cert Type: 398s SSL Client, S/MIME 398s Netscape Comment: 398s Test Organization Root CA trusted Certificate 398s X509v3 Subject Key Identifier: 398s A4:62:E5:38:E0:03:E6:C7:50:B0:1F:BD:5B:FE:A7:15:11:56:98:E0 398s X509v3 Key Usage: critical 398s Digital Signature, Non Repudiation, Key Encipherment 398s X509v3 Extended Key Usage: 398s TLS Web Client Authentication, E-mail Protection 398s X509v3 Subject Alternative Name: 398s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 398s Signature Algorithm: sha256WithRSAEncryption 398s Signature Value: 398s 33:c3:0c:b9:0a:55:ac:c4:ae:0f:14:51:09:2a:3b:2a:3b:14: 398s 0c:fb:2b:97:70:77:f5:21:67:b7:9c:fd:86:4a:06:b4:49:e6: 398s b3:80:30:f6:b3:47:f6:03:55:3b:2f:8f:bb:7e:52:72:34:2e: 398s bb:d5:54:fd:bc:f3:52:d9:8e:e3:e7:09:a0:f6:25:41:8d:ec: 398s 26:0b:13:41:cf:48:e6:3b:43:6e:31:8b:3d:eb:f7:e5:d3:6e: 398s d4:41:d6:53:87:21:e6:23:dc:ec:c6:ee:c4:1a:fd:48:76:56: 398s 43:ce:5b:7a:07:c3:65:ec:8f:81:7f:ba:4c:86:99:03:79:c2: 398s 5d:79 398s + local found_md5 expected_md5 398s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-GIPATm/test-root-CA-trusted-certificate-0001.pem 398s + expected_md5=Modulus=C948ED25EF73807B2391D1F2F41774D207B50F09ADE3FA454FD320B0D9B9297F1849EC8CB8275BAA80163CC8986BBF3FCD23EE6B5EB05DD32202D04C9A53CBB3A0FC305ADD639D91C463A9A6177F0CBBF6313580E962A4095B0D34F7057D342BDAB7F085CC1960A9BB50E4C5ED9DF83981EB16D057EA539F5C15829D4D0012E5 398s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-GIPATm/SSSD-child-22091.pem 398s + found_md5=Modulus=C948ED25EF73807B2391D1F2F41774D207B50F09ADE3FA454FD320B0D9B9297F1849EC8CB8275BAA80163CC8986BBF3FCD23EE6B5EB05DD32202D04C9A53CBB3A0FC305ADD639D91C463A9A6177F0CBBF6313580E962A4095B0D34F7057D342BDAB7F085CC1960A9BB50E4C5ED9DF83981EB16D057EA539F5C15829D4D0012E5 398s + '[' Modulus=C948ED25EF73807B2391D1F2F41774D207B50F09ADE3FA454FD320B0D9B9297F1849EC8CB8275BAA80163CC8986BBF3FCD23EE6B5EB05DD32202D04C9A53CBB3A0FC305ADD639D91C463A9A6177F0CBBF6313580E962A4095B0D34F7057D342BDAB7F085CC1960A9BB50E4C5ED9DF83981EB16D057EA539F5C15829D4D0012E5 '!=' Modulus=C948ED25EF73807B2391D1F2F41774D207B50F09ADE3FA454FD320B0D9B9297F1849EC8CB8275BAA80163CC8986BBF3FCD23EE6B5EB05DD32202D04C9A53CBB3A0FC305ADD639D91C463A9A6177F0CBBF6313580E962A4095B0D34F7057D342BDAB7F085CC1960A9BB50E4C5ED9DF83981EB16D057EA539F5C15829D4D0012E5 ']' 398s + output_file=/tmp/sssd-softhsm2-GIPATm/SSSD-child-22091-auth.output 398s ++ basename /tmp/sssd-softhsm2-GIPATm/SSSD-child-22091-auth.output .output 398s + output_cert_file=/tmp/sssd-softhsm2-GIPATm/SSSD-child-22091-auth.pem 398s + echo -n 053350 398s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-GIPATm/test-root-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Root Tr Token' --module_name /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so 398s [p11_child[3129]] [main] (0x0400): p11_child started. 398s [p11_child[3129]] [main] (0x2000): Running in [auth] mode. 398s [p11_child[3129]] [main] (0x2000): Running with effective IDs: [0][0]. 398s [p11_child[3129]] [main] (0x2000): Running with real IDs [0][0]. 398s [p11_child[3129]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 398s [p11_child[3129]] [do_card] (0x4000): Module List: 398s [p11_child[3129]] [do_card] (0x4000): common name: [softhsm2]. 398s [p11_child[3129]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 398s [p11_child[3129]] [do_card] (0x4000): Description [SoftHSM slot ID 0x765c03e4] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 398s [p11_child[3129]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 398s [p11_child[3129]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x765c03e4][1985741796] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 398s [p11_child[3129]] [do_card] (0x4000): Login required. 398s [p11_child[3129]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 398s [p11_child[3129]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 398s [p11_child[3129]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so Test Organization Root Tr Token Test Organization Root Tr Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 398s [p11_child[3129]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x765c03e4;slot-manufacturer=SoftHSM%20project;slot-id=1985741796;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=e4ac5d3c765c03e4;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 398s [p11_child[3129]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 398s [p11_child[3129]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 398s [p11_child[3129]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 398s [p11_child[3129]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 398s [p11_child[3129]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 398s [p11_child[3129]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 398s [p11_child[3129]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 398s [p11_child[3129]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 398s [p11_child[3129]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 398s [p11_child[3129]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 398s [p11_child[3129]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 398s [p11_child[3129]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 398s [p11_child[3129]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 398s [p11_child[3129]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 398s [p11_child[3129]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 398s [p11_child[3129]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 398s [p11_child[3129]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 398s [p11_child[3129]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 398s [p11_child[3129]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 398s [p11_child[3129]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 398s [p11_child[3129]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 398s [p11_child[3129]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 398s [p11_child[3129]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 398s [p11_child[3129]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 398s [p11_child[3129]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 398s [p11_child[3129]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 398s [p11_child[3129]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 398s [p11_child[3129]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 398s [p11_child[3129]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 398s [p11_child[3129]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 398s [p11_child[3129]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 398s [p11_child[3129]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 398s [p11_child[3129]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 398s [p11_child[3129]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 398s [p11_child[3129]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 398s [p11_child[3129]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 398s [p11_child[3129]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 398s [p11_child[3129]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 398s [p11_child[3129]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 398s [p11_child[3129]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 398s [p11_child[3129]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 398s [p11_child[3129]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 398s [p11_child[3129]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 398s [p11_child[3129]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 398s [p11_child[3129]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 398s [p11_child[3129]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 398s [p11_child[3129]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 398s [p11_child[3129]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 398s [p11_child[3129]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 398s [p11_child[3129]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 398s [p11_child[3129]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 398s [p11_child[3129]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 398s [p11_child[3129]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 398s [p11_child[3129]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 398s [p11_child[3129]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 398s [p11_child[3129]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 398s [p11_child[3129]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 398s [p11_child[3129]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 398s [p11_child[3129]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 398s [p11_child[3129]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 398s [p11_child[3129]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 398s [p11_child[3129]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 398s [p11_child[3129]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 398s [p11_child[3129]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 398s [p11_child[3129]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 398s [p11_child[3129]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 398s [p11_child[3129]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 398s [p11_child[3129]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 398s [p11_child[3129]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 398s [p11_child[3129]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 398s [p11_child[3129]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 398s [p11_child[3129]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 398s [p11_child[3129]] [do_card] (0x4000): Certificate verified and validated. 398s [p11_child[3129]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 398s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-GIPATm/SSSD-child-22091-auth.output 398s + echo '-----BEGIN CERTIFICATE-----' 398s + tail -n1 /tmp/sssd-softhsm2-GIPATm/SSSD-child-22091-auth.output 398s + echo '-----END CERTIFICATE-----' 398s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-GIPATm/SSSD-child-22091-auth.pem 398s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-GIPATm/SSSD-child-22091-auth.pem 398s Certificate: 398s Data: 398s Version: 3 (0x2) 398s Serial Number: 3 (0x3) 398s Signature Algorithm: sha256WithRSAEncryption 398s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 398s Validity 398s Not Before: Apr 11 17:25:10 2024 GMT 398s Not After : Apr 11 17:25:10 2025 GMT 398s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 398s Subject Public Key Info: 398s Public Key Algorithm: rsaEncryption 398s Public-Key: (1024 bit) 398s Modulus: 398s 00:c9:48:ed:25:ef:73:80:7b:23:91:d1:f2:f4:17: 398s 74:d2:07:b5:0f:09:ad:e3:fa:45:4f:d3:20:b0:d9: 398s b9:29:7f:18:49:ec:8c:b8:27:5b:aa:80:16:3c:c8: 398s 98:6b:bf:3f:cd:23:ee:6b:5e:b0:5d:d3:22:02:d0: 398s 4c:9a:53:cb:b3:a0:fc:30:5a:dd:63:9d:91:c4:63: 398s a9:a6:17:7f:0c:bb:f6:31:35:80:e9:62:a4:09:5b: 398s 0d:34:f7:05:7d:34:2b:da:b7:f0:85:cc:19:60:a9: 398s bb:50:e4:c5:ed:9d:f8:39:81:eb:16:d0:57:ea:53: 398s 9f:5c:15:82:9d:4d:00:12:e5 398s Exponent: 65537 (0x10001) 398s X509v3 extensions: 398s X509v3 Authority Key Identifier: 398s D0:27:EE:8A:9F:9A:32:B0:4D:3A:C9:2F:9C:6D:8B:FB:23:0E:FA:B6 398s X509v3 Basic Constraints: 398s CA:FALSE 398s Netscape Cert Type: 398s SSL Client, S/MIME 398s Netscape Comment: 398s Test Organization Root CA trusted Certificate 398s X509v3 Subject Key Identifier: 398s A4:62:E5:38:E0:03:E6:C7:50:B0:1F:BD:5B:FE:A7:15:11:56:98:E0 398s X509v3 Key Usage: critical 398s Digital Signature, Non Repudiation, Key Encipherment 398s X509v3 Extended Key Usage: 398s TLS Web Client Authentication, E-mail Protection 398s X509v3 Subject Alternative Name: 398s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 398s Signature Algorithm: sha256WithRSAEncryption 398s Signature Value: 398s 33:c3:0c:b9:0a:55:ac:c4:ae:0f:14:51:09:2a:3b:2a:3b:14: 398s 0c:fb:2b:97:70:77:f5:21:67:b7:9c:fd:86:4a:06:b4:49:e6: 398s b3:80:30:f6:b3:47:f6:03:55:3b:2f:8f:bb:7e:52:72:34:2e: 398s bb:d5:54:fd:bc:f3:52:d9:8e:e3:e7:09:a0:f6:25:41:8d:ec: 398s 26:0b:13:41:cf:48:e6:3b:43:6e:31:8b:3d:eb:f7:e5:d3:6e: 398s d4:41:d6:53:87:21:e6:23:dc:ec:c6:ee:c4:1a:fd:48:76:56: 398s 43:ce:5b:7a:07:c3:65:ec:8f:81:7f:ba:4c:86:99:03:79:c2: 398s 5d:79 398s + found_md5=Modulus=C948ED25EF73807B2391D1F2F41774D207B50F09ADE3FA454FD320B0D9B9297F1849EC8CB8275BAA80163CC8986BBF3FCD23EE6B5EB05DD32202D04C9A53CBB3A0FC305ADD639D91C463A9A6177F0CBBF6313580E962A4095B0D34F7057D342BDAB7F085CC1960A9BB50E4C5ED9DF83981EB16D057EA539F5C15829D4D0012E5 398s + '[' Modulus=C948ED25EF73807B2391D1F2F41774D207B50F09ADE3FA454FD320B0D9B9297F1849EC8CB8275BAA80163CC8986BBF3FCD23EE6B5EB05DD32202D04C9A53CBB3A0FC305ADD639D91C463A9A6177F0CBBF6313580E962A4095B0D34F7057D342BDAB7F085CC1960A9BB50E4C5ED9DF83981EB16D057EA539F5C15829D4D0012E5 '!=' Modulus=C948ED25EF73807B2391D1F2F41774D207B50F09ADE3FA454FD320B0D9B9297F1849EC8CB8275BAA80163CC8986BBF3FCD23EE6B5EB05DD32202D04C9A53CBB3A0FC305ADD639D91C463A9A6177F0CBBF6313580E962A4095B0D34F7057D342BDAB7F085CC1960A9BB50E4C5ED9DF83981EB16D057EA539F5C15829D4D0012E5 ']' 398s + valid_certificate /tmp/sssd-softhsm2-GIPATm/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-7250 /tmp/sssd-softhsm2-GIPATm/test-full-chain-CA.pem 398s + check_certificate /tmp/sssd-softhsm2-GIPATm/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-7250 /tmp/sssd-softhsm2-GIPATm/test-full-chain-CA.pem 398s + local certificate=/tmp/sssd-softhsm2-GIPATm/test-root-CA-trusted-certificate-0001.pem 398s + local key_pass=pass:random-root-ca-trusted-cert-0001-7250 398s + local key_ring=/tmp/sssd-softhsm2-GIPATm/test-full-chain-CA.pem 398s + local verify_option= 398s + prepare_softhsm2_card /tmp/sssd-softhsm2-GIPATm/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-7250 398s + local certificate=/tmp/sssd-softhsm2-GIPATm/test-root-CA-trusted-certificate-0001.pem 398s + local key_pass=pass:random-root-ca-trusted-cert-0001-7250 398s + local key_cn 398s + local key_name 398s + local tokens_dir 398s + local output_cert_file 398s + token_name= 398s ++ basename /tmp/sssd-softhsm2-GIPATm/test-root-CA-trusted-certificate-0001.pem .pem 398s + key_name=test-root-CA-trusted-certificate-0001 398s ++ sed -n 's/ *commonName *= //p' 398s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-GIPATm/test-root-CA-trusted-certificate-0001.pem 398s + key_cn='Test Organization Root Trusted Certificate 0001' 398s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 398s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-GIPATm/softhsm2-test-root-CA-trusted-certificate-0001.conf 398s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-GIPATm/softhsm2-test-root-CA-trusted-certificate-0001.conf 398s ++ basename /tmp/sssd-softhsm2-GIPATm/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 398s + tokens_dir=/tmp/sssd-softhsm2-GIPATm/softhsm2-test-root-CA-trusted-certificate-0001 398s + token_name='Test Organization Root Tr Token' 398s + '[' '!' -e /tmp/sssd-softhsm2-GIPATm/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 398s + '[' '!' -d /tmp/sssd-softhsm2-GIPATm/softhsm2-test-root-CA-trusted-certificate-0001 ']' 398s + echo 'Test Organization Root Tr Token' 398s Test Organization Root Tr Token 398s + '[' -n '' ']' 398s + local output_base_name=SSSD-child-17123 398s + local output_file=/tmp/sssd-softhsm2-GIPATm/SSSD-child-17123.output 398s + output_cert_file=/tmp/sssd-softhsm2-GIPATm/SSSD-child-17123.pem 398s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-GIPATm/test-full-chain-CA.pem 398s [p11_child[3139]] [main] (0x0400): p11_child started. 398s [p11_child[3139]] [main] (0x2000): Running in [pre-auth] mode. 398s [p11_child[3139]] [main] (0x2000): Running with effective IDs: [0][0]. 398s [p11_child[3139]] [main] (0x2000): Running with real IDs [0][0]. 398s [p11_child[3139]] [do_card] (0x4000): Module List: 398s [p11_child[3139]] [do_card] (0x4000): common name: [softhsm2]. 398s [p11_child[3139]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 398s [p11_child[3139]] [do_card] (0x4000): Description [SoftHSM slot ID 0x765c03e4] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 398s [p11_child[3139]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 398s [p11_child[3139]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x765c03e4][1985741796] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 398s [p11_child[3139]] [do_card] (0x4000): Login NOT required. 398s [p11_child[3139]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 398s [p11_child[3139]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 398s [p11_child[3139]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Root Tr Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 398s [p11_child[3139]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x765c03e4;slot-manufacturer=SoftHSM%20project;slot-id=1985741796;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=e4ac5d3c765c03e4;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 398s [p11_child[3139]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 398s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-GIPATm/SSSD-child-17123.output 398s + echo '-----BEGIN CERTIFICATE-----' 398s + tail -n1 /tmp/sssd-softhsm2-GIPATm/SSSD-child-17123.output 398s + echo '-----END CERTIFICATE-----' 398s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-GIPATm/SSSD-child-17123.pem 398s Certificate: 398s Data: 398s Version: 3 (0x2) 398s Serial Number: 3 (0x3) 398s Signature Algorithm: sha256WithRSAEncryption 398s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 398s Validity 398s Not Before: Apr 11 17:25:10 2024 GMT 398s Not After : Apr 11 17:25:10 2025 GMT 398s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 398s Subject Public Key Info: 398s Public Key Algorithm: rsaEncryption 398s Public-Key: (1024 bit) 398s Modulus: 398s 00:c9:48:ed:25:ef:73:80:7b:23:91:d1:f2:f4:17: 398s 74:d2:07:b5:0f:09:ad:e3:fa:45:4f:d3:20:b0:d9: 398s b9:29:7f:18:49:ec:8c:b8:27:5b:aa:80:16:3c:c8: 398s 98:6b:bf:3f:cd:23:ee:6b:5e:b0:5d:d3:22:02:d0: 398s 4c:9a:53:cb:b3:a0:fc:30:5a:dd:63:9d:91:c4:63: 398s a9:a6:17:7f:0c:bb:f6:31:35:80:e9:62:a4:09:5b: 398s 0d:34:f7:05:7d:34:2b:da:b7:f0:85:cc:19:60:a9: 398s bb:50:e4:c5:ed:9d:f8:39:81:eb:16:d0:57:ea:53: 398s 9f:5c:15:82:9d:4d:00:12:e5 398s Exponent: 65537 (0x10001) 398s X509v3 extensions: 398s X509v3 Authority Key Identifier: 398s D0:27:EE:8A:9F:9A:32:B0:4D:3A:C9:2F:9C:6D:8B:FB:23:0E:FA:B6 398s X509v3 Basic Constraints: 398s CA:FALSE 398s Netscape Cert Type: 398s SSL Client, S/MIME 398s Netscape Comment: 398s Test Organization Root CA trusted Certificate 398s X509v3 Subject Key Identifier: 398s A4:62:E5:38:E0:03:E6:C7:50:B0:1F:BD:5B:FE:A7:15:11:56:98:E0 398s X509v3 Key Usage: critical 398s Digital Signature, Non Repudiation, Key Encipherment 398s X509v3 Extended Key Usage: 398s TLS Web Client Authentication, E-mail Protection 398s X509v3 Subject Alternative Name: 398s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 398s Signature Algorithm: sha256WithRSAEncryption 398s Signature Value: 398s 33:c3:0c:b9:0a:55:ac:c4:ae:0f:14:51:09:2a:3b:2a:3b:14: 398s 0c:fb:2b:97:70:77:f5:21:67:b7:9c:fd:86:4a:06:b4:49:e6: 398s b3:80:30:f6:b3:47:f6:03:55:3b:2f:8f:bb:7e:52:72:34:2e: 398s bb:d5:54:fd:bc:f3:52:d9:8e:e3:e7:09:a0:f6:25:41:8d:ec: 398s 26:0b:13:41:cf:48:e6:3b:43:6e:31:8b:3d:eb:f7:e5:d3:6e: 398s d4:41:d6:53:87:21:e6:23:dc:ec:c6:ee:c4:1a:fd:48:76:56: 398s 43:ce:5b:7a:07:c3:65:ec:8f:81:7f:ba:4c:86:99:03:79:c2: 398s 5d:79 398s + local found_md5 expected_md5 398s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-GIPATm/test-root-CA-trusted-certificate-0001.pem 398s + expected_md5=Modulus=C948ED25EF73807B2391D1F2F41774D207B50F09ADE3FA454FD320B0D9B9297F1849EC8CB8275BAA80163CC8986BBF3FCD23EE6B5EB05DD32202D04C9A53CBB3A0FC305ADD639D91C463A9A6177F0CBBF6313580E962A4095B0D34F7057D342BDAB7F085CC1960A9BB50E4C5ED9DF83981EB16D057EA539F5C15829D4D0012E5 398s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-GIPATm/SSSD-child-17123.pem 398s + found_md5=Modulus=C948ED25EF73807B2391D1F2F41774D207B50F09ADE3FA454FD320B0D9B9297F1849EC8CB8275BAA80163CC8986BBF3FCD23EE6B5EB05DD32202D04C9A53CBB3A0FC305ADD639D91C463A9A6177F0CBBF6313580E962A4095B0D34F7057D342BDAB7F085CC1960A9BB50E4C5ED9DF83981EB16D057EA539F5C15829D4D0012E5 398s + '[' Modulus=C948ED25EF73807B2391D1F2F41774D207B50F09ADE3FA454FD320B0D9B9297F1849EC8CB8275BAA80163CC8986BBF3FCD23EE6B5EB05DD32202D04C9A53CBB3A0FC305ADD639D91C463A9A6177F0CBBF6313580E962A4095B0D34F7057D342BDAB7F085CC1960A9BB50E4C5ED9DF83981EB16D057EA539F5C15829D4D0012E5 '!=' Modulus=C948ED25EF73807B2391D1F2F41774D207B50F09ADE3FA454FD320B0D9B9297F1849EC8CB8275BAA80163CC8986BBF3FCD23EE6B5EB05DD32202D04C9A53CBB3A0FC305ADD639D91C463A9A6177F0CBBF6313580E962A4095B0D34F7057D342BDAB7F085CC1960A9BB50E4C5ED9DF83981EB16D057EA539F5C15829D4D0012E5 ']' 398s + output_file=/tmp/sssd-softhsm2-GIPATm/SSSD-child-17123-auth.output 398s ++ basename /tmp/sssd-softhsm2-GIPATm/SSSD-child-17123-auth.output .output 398s + output_cert_file=/tmp/sssd-softhsm2-GIPATm/SSSD-child-17123-auth.pem 398s + echo -n 053350 398s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-GIPATm/test-full-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 '' --token_name 'Test Organization Root Tr Token' --module_name /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so 398s [p11_child[3147]] [main] (0x0400): p11_child started. 398s [p11_child[3147]] [main] (0x2000): Running in [auth] mode. 398s [p11_child[3147]] [main] (0x2000): Running with effective IDs: [0][0]. 398s [p11_child[3147]] [main] (0x2000): Running with real IDs [0][0]. 398s [p11_child[3147]] [do_card] (0x4000): Module List: 398s [p11_child[3147]] [do_card] (0x4000): common name: [softhsm2]. 398s [p11_child[3147]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 398s [p11_child[3147]] [do_card] (0x4000): Description [SoftHSM slot ID 0x765c03e4] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 398s [p11_child[3147]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 398s [p11_child[3147]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x765c03e4][1985741796] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 398s [p11_child[3147]] [do_card] (0x4000): Login required. 398s [p11_child[3147]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 398s [p11_child[3147]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 398s [p11_child[3147]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so Test Organization Root Tr Token Test Organization Root Tr Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 398s [p11_child[3147]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x765c03e4;slot-manufacturer=SoftHSM%20project;slot-id=1985741796;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=e4ac5d3c765c03e4;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 398s [p11_child[3147]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 398s [p11_child[3147]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 398s [p11_child[3147]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 398s [p11_child[3147]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 398s [p11_child[3147]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 398s [p11_child[3147]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 398s [p11_child[3147]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 398s [p11_child[3147]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 398s [p11_child[3147]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 398s [p11_child[3147]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 398s [p11_child[3147]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 398s [p11_child[3147]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 398s [p11_child[3147]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 398s [p11_child[3147]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 398s [p11_child[3147]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 398s [p11_child[3147]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 398s [p11_child[3147]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 398s [p11_child[3147]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 398s [p11_child[3147]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 398s [p11_child[3147]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 398s [p11_child[3147]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 398s [p11_child[3147]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 398s [p11_child[3147]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 398s [p11_child[3147]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 398s [p11_child[3147]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 398s [p11_child[3147]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 398s [p11_child[3147]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 398s [p11_child[3147]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 398s [p11_child[3147]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 398s [p11_child[3147]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 398s [p11_child[3147]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 398s [p11_child[3147]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 398s [p11_child[3147]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 398s [p11_child[3147]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 398s [p11_child[3147]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 398s [p11_child[3147]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 398s [p11_child[3147]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 398s [p11_child[3147]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 398s [p11_child[3147]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 398s [p11_child[3147]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 398s [p11_child[3147]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 398s [p11_child[3147]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 398s [p11_child[3147]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 398s [p11_child[3147]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 398s [p11_child[3147]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 398s [p11_child[3147]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 398s [p11_child[3147]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 398s [p11_child[3147]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 398s [p11_child[3147]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 398s [p11_child[3147]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 398s [p11_child[3147]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 398s [p11_child[3147]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 398s [p11_child[3147]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 398s [p11_child[3147]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 398s [p11_child[3147]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 398s [p11_child[3147]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 398s [p11_child[3147]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 398s [p11_child[3147]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 398s [p11_child[3147]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 398s [p11_child[3147]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 398s [p11_child[3147]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 398s [p11_child[3147]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 398s [p11_child[3147]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 398s [p11_child[3147]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 398s [p11_child[3147]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 398s [p11_child[3147]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 398s [p11_child[3147]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 398s [p11_child[3147]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 398s [p11_child[3147]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 398s [p11_child[3147]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 398s [p11_child[3147]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 398s [p11_child[3147]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 398s [p11_child[3147]] [do_card] (0x4000): Certificate verified and validated. 398s [p11_child[3147]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 398s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-GIPATm/SSSD-child-17123-auth.output 398s + echo '-----BEGIN CERTIFICATE-----' 398s + tail -n1 /tmp/sssd-softhsm2-GIPATm/SSSD-child-17123-auth.output 398s + echo '-----END CERTIFICATE-----' 398s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-GIPATm/SSSD-child-17123-auth.pem 398s Certificate: 398s Data: 398s Version: 3 (0x2) 398s Serial Number: 3 (0x3) 398s Signature Algorithm: sha256WithRSAEncryption 398s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 398s Validity 398s Not Before: Apr 11 17:25:10 2024 GMT 398s Not After : Apr 11 17:25:10 2025 GMT 398s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 398s Subject Public Key Info: 398s Public Key Algorithm: rsaEncryption 398s Public-Key: (1024 bit) 398s Modulus: 398s 00:c9:48:ed:25:ef:73:80:7b:23:91:d1:f2:f4:17: 398s 74:d2:07:b5:0f:09:ad:e3:fa:45:4f:d3:20:b0:d9: 398s b9:29:7f:18:49:ec:8c:b8:27:5b:aa:80:16:3c:c8: 398s 98:6b:bf:3f:cd:23:ee:6b:5e:b0:5d:d3:22:02:d0: 398s 4c:9a:53:cb:b3:a0:fc:30:5a:dd:63:9d:91:c4:63: 398s a9:a6:17:7f:0c:bb:f6:31:35:80:e9:62:a4:09:5b: 398s 0d:34:f7:05:7d:34:2b:da:b7:f0:85:cc:19:60:a9: 398s bb:50:e4:c5:ed:9d:f8:39:81:eb:16:d0:57:ea:53: 398s 9f:5c:15:82:9d:4d:00:12:e5 398s Exponent: 65537 (0x10001) 398s X509v3 extensions: 398s X509v3 Authority Key Identifier: 398s D0:27:EE:8A:9F:9A:32:B0:4D:3A:C9:2F:9C:6D:8B:FB:23:0E:FA:B6 398s X509v3 Basic Constraints: 398s CA:FALSE 398s Netscape Cert Type: 398s SSL Client, S/MIME 398s Netscape Comment: 398s Test Organization Root CA trusted Certificate 398s X509v3 Subject Key Identifier: 398s A4:62:E5:38:E0:03:E6:C7:50:B0:1F:BD:5B:FE:A7:15:11:56:98:E0 398s X509v3 Key Usage: critical 398s Digital Signature, Non Repudiation, Key Encipherment 398s X509v3 Extended Key Usage: 398s TLS Web Client Authentication, E-mail Protection 398s X509v3 Subject Alternative Name: 398s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 398s Signature Algorithm: sha256WithRSAEncryption 398s Signature Value: 398s 33:c3:0c:b9:0a:55:ac:c4:ae:0f:14:51:09:2a:3b:2a:3b:14: 398s 0c:fb:2b:97:70:77:f5:21:67:b7:9c:fd:86:4a:06:b4:49:e6: 398s b3:80:30:f6:b3:47:f6:03:55:3b:2f:8f:bb:7e:52:72:34:2e: 398s bb:d5:54:fd:bc:f3:52:d9:8e:e3:e7:09:a0:f6:25:41:8d:ec: 398s 26:0b:13:41:cf:48:e6:3b:43:6e:31:8b:3d:eb:f7:e5:d3:6e: 398s d4:41:d6:53:87:21:e6:23:dc:ec:c6:ee:c4:1a:fd:48:76:56: 398s 43:ce:5b:7a:07:c3:65:ec:8f:81:7f:ba:4c:86:99:03:79:c2: 398s 5d:79 398s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-GIPATm/SSSD-child-17123-auth.pem 398s + found_md5=Modulus=C948ED25EF73807B2391D1F2F41774D207B50F09ADE3FA454FD320B0D9B9297F1849EC8CB8275BAA80163CC8986BBF3FCD23EE6B5EB05DD32202D04C9A53CBB3A0FC305ADD639D91C463A9A6177F0CBBF6313580E962A4095B0D34F7057D342BDAB7F085CC1960A9BB50E4C5ED9DF83981EB16D057EA539F5C15829D4D0012E5 398s + '[' Modulus=C948ED25EF73807B2391D1F2F41774D207B50F09ADE3FA454FD320B0D9B9297F1849EC8CB8275BAA80163CC8986BBF3FCD23EE6B5EB05DD32202D04C9A53CBB3A0FC305ADD639D91C463A9A6177F0CBBF6313580E962A4095B0D34F7057D342BDAB7F085CC1960A9BB50E4C5ED9DF83981EB16D057EA539F5C15829D4D0012E5 '!=' Modulus=C948ED25EF73807B2391D1F2F41774D207B50F09ADE3FA454FD320B0D9B9297F1849EC8CB8275BAA80163CC8986BBF3FCD23EE6B5EB05DD32202D04C9A53CBB3A0FC305ADD639D91C463A9A6177F0CBBF6313580E962A4095B0D34F7057D342BDAB7F085CC1960A9BB50E4C5ED9DF83981EB16D057EA539F5C15829D4D0012E5 ']' 398s + valid_certificate /tmp/sssd-softhsm2-GIPATm/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-7250 /tmp/sssd-softhsm2-GIPATm/test-full-chain-CA.pem partial_chain 398s + check_certificate /tmp/sssd-softhsm2-GIPATm/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-7250 /tmp/sssd-softhsm2-GIPATm/test-full-chain-CA.pem partial_chain 398s + local certificate=/tmp/sssd-softhsm2-GIPATm/test-root-CA-trusted-certificate-0001.pem 398s + local key_pass=pass:random-root-ca-trusted-cert-0001-7250 398s + local key_ring=/tmp/sssd-softhsm2-GIPATm/test-full-chain-CA.pem 398s + local verify_option=partial_chain 398s + prepare_softhsm2_card /tmp/sssd-softhsm2-GIPATm/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-7250 398s + local certificate=/tmp/sssd-softhsm2-GIPATm/test-root-CA-trusted-certificate-0001.pem 398s + local key_pass=pass:random-root-ca-trusted-cert-0001-7250 398s + local key_cn 398s + local key_name 398s + local tokens_dir 398s + local output_cert_file 398s + token_name= 398s ++ basename /tmp/sssd-softhsm2-GIPATm/test-root-CA-trusted-certificate-0001.pem .pem 398s + key_name=test-root-CA-trusted-certificate-0001 398s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-GIPATm/test-root-CA-trusted-certificate-0001.pem 398s ++ sed -n 's/ *commonName *= //p' 398s + key_cn='Test Organization Root Trusted Certificate 0001' 398s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 398s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-GIPATm/softhsm2-test-root-CA-trusted-certificate-0001.conf 398s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-GIPATm/softhsm2-test-root-CA-trusted-certificate-0001.conf 398s ++ basename /tmp/sssd-softhsm2-GIPATm/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 398s + tokens_dir=/tmp/sssd-softhsm2-GIPATm/softhsm2-test-root-CA-trusted-certificate-0001 398s + token_name='Test Organization Root Tr Token' 398s Test Organization Root Tr Token 398s + '[' '!' -e /tmp/sssd-softhsm2-GIPATm/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 398s + '[' '!' -d /tmp/sssd-softhsm2-GIPATm/softhsm2-test-root-CA-trusted-certificate-0001 ']' 398s + echo 'Test Organization Root Tr Token' 398s + '[' -n partial_chain ']' 398s + local verify_arg=--verify=partial_chain 398s + local output_base_name=SSSD-child-16567 398s + local output_file=/tmp/sssd-softhsm2-GIPATm/SSSD-child-16567.output 398s + output_cert_file=/tmp/sssd-softhsm2-GIPATm/SSSD-child-16567.pem 398s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-GIPATm/test-full-chain-CA.pem 398s [p11_child[3157]] [main] (0x0400): p11_child started. 398s [p11_child[3157]] [main] (0x2000): Running in [pre-auth] mode. 398s [p11_child[3157]] [main] (0x2000): Running with effective IDs: [0][0]. 398s [p11_child[3157]] [main] (0x2000): Running with real IDs [0][0]. 398s [p11_child[3157]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 398s [p11_child[3157]] [do_card] (0x4000): Module List: 398s [p11_child[3157]] [do_card] (0x4000): common name: [softhsm2]. 398s [p11_child[3157]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 398s [p11_child[3157]] [do_card] (0x4000): Description [SoftHSM slot ID 0x765c03e4] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 398s [p11_child[3157]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 398s [p11_child[3157]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x765c03e4][1985741796] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 398s [p11_child[3157]] [do_card] (0x4000): Login NOT required. 398s [p11_child[3157]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 398s [p11_child[3157]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 398s [p11_child[3157]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Root Tr Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 398s [p11_child[3157]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x765c03e4;slot-manufacturer=SoftHSM%20project;slot-id=1985741796;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=e4ac5d3c765c03e4;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 398s [p11_child[3157]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 398s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-GIPATm/SSSD-child-16567.output 398s + echo '-----BEGIN CERTIFICATE-----' 398s + tail -n1 /tmp/sssd-softhsm2-GIPATm/SSSD-child-16567.output 398s + echo '-----END CERTIFICATE-----' 398s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-GIPATm/SSSD-child-16567.pem 398s Certificate: 398s Data: 398s Version: 3 (0x2) 398s Serial Number: 3 (0x3) 398s Signature Algorithm: sha256WithRSAEncryption 398s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 398s Validity 398s Not Before: Apr 11 17:25:10 2024 GMT 398s Not After : Apr 11 17:25:10 2025 GMT 398s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 398s Subject Public Key Info: 398s Public Key Algorithm: rsaEncryption 398s Public-Key: (1024 bit) 398s Modulus: 398s 00:c9:48:ed:25:ef:73:80:7b:23:91:d1:f2:f4:17: 398s 74:d2:07:b5:0f:09:ad:e3:fa:45:4f:d3:20:b0:d9: 398s b9:29:7f:18:49:ec:8c:b8:27:5b:aa:80:16:3c:c8: 398s 98:6b:bf:3f:cd:23:ee:6b:5e:b0:5d:d3:22:02:d0: 398s 4c:9a:53:cb:b3:a0:fc:30:5a:dd:63:9d:91:c4:63: 398s a9:a6:17:7f:0c:bb:f6:31:35:80:e9:62:a4:09:5b: 398s 0d:34:f7:05:7d:34:2b:da:b7:f0:85:cc:19:60:a9: 398s bb:50:e4:c5:ed:9d:f8:39:81:eb:16:d0:57:ea:53: 398s 9f:5c:15:82:9d:4d:00:12:e5 398s Exponent: 65537 (0x10001) 398s X509v3 extensions: 398s X509v3 Authority Key Identifier: 398s D0:27:EE:8A:9F:9A:32:B0:4D:3A:C9:2F:9C:6D:8B:FB:23:0E:FA:B6 398s X509v3 Basic Constraints: 398s CA:FALSE 398s Netscape Cert Type: 398s SSL Client, S/MIME 398s Netscape Comment: 398s Test Organization Root CA trusted Certificate 398s X509v3 Subject Key Identifier: 398s A4:62:E5:38:E0:03:E6:C7:50:B0:1F:BD:5B:FE:A7:15:11:56:98:E0 398s X509v3 Key Usage: critical 398s Digital Signature, Non Repudiation, Key Encipherment 398s X509v3 Extended Key Usage: 398s TLS Web Client Authentication, E-mail Protection 398s X509v3 Subject Alternative Name: 398s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 398s Signature Algorithm: sha256WithRSAEncryption 398s Signature Value: 398s 33:c3:0c:b9:0a:55:ac:c4:ae:0f:14:51:09:2a:3b:2a:3b:14: 398s 0c:fb:2b:97:70:77:f5:21:67:b7:9c:fd:86:4a:06:b4:49:e6: 398s b3:80:30:f6:b3:47:f6:03:55:3b:2f:8f:bb:7e:52:72:34:2e: 398s bb:d5:54:fd:bc:f3:52:d9:8e:e3:e7:09:a0:f6:25:41:8d:ec: 398s 26:0b:13:41:cf:48:e6:3b:43:6e:31:8b:3d:eb:f7:e5:d3:6e: 398s d4:41:d6:53:87:21:e6:23:dc:ec:c6:ee:c4:1a:fd:48:76:56: 398s 43:ce:5b:7a:07:c3:65:ec:8f:81:7f:ba:4c:86:99:03:79:c2: 398s 5d:79 398s + local found_md5 expected_md5 398s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-GIPATm/test-root-CA-trusted-certificate-0001.pem 399s + expected_md5=Modulus=C948ED25EF73807B2391D1F2F41774D207B50F09ADE3FA454FD320B0D9B9297F1849EC8CB8275BAA80163CC8986BBF3FCD23EE6B5EB05DD32202D04C9A53CBB3A0FC305ADD639D91C463A9A6177F0CBBF6313580E962A4095B0D34F7057D342BDAB7F085CC1960A9BB50E4C5ED9DF83981EB16D057EA539F5C15829D4D0012E5 399s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-GIPATm/SSSD-child-16567.pem 399s + found_md5=Modulus=C948ED25EF73807B2391D1F2F41774D207B50F09ADE3FA454FD320B0D9B9297F1849EC8CB8275BAA80163CC8986BBF3FCD23EE6B5EB05DD32202D04C9A53CBB3A0FC305ADD639D91C463A9A6177F0CBBF6313580E962A4095B0D34F7057D342BDAB7F085CC1960A9BB50E4C5ED9DF83981EB16D057EA539F5C15829D4D0012E5 399s + '[' Modulus=C948ED25EF73807B2391D1F2F41774D207B50F09ADE3FA454FD320B0D9B9297F1849EC8CB8275BAA80163CC8986BBF3FCD23EE6B5EB05DD32202D04C9A53CBB3A0FC305ADD639D91C463A9A6177F0CBBF6313580E962A4095B0D34F7057D342BDAB7F085CC1960A9BB50E4C5ED9DF83981EB16D057EA539F5C15829D4D0012E5 '!=' Modulus=C948ED25EF73807B2391D1F2F41774D207B50F09ADE3FA454FD320B0D9B9297F1849EC8CB8275BAA80163CC8986BBF3FCD23EE6B5EB05DD32202D04C9A53CBB3A0FC305ADD639D91C463A9A6177F0CBBF6313580E962A4095B0D34F7057D342BDAB7F085CC1960A9BB50E4C5ED9DF83981EB16D057EA539F5C15829D4D0012E5 ']' 399s + output_file=/tmp/sssd-softhsm2-GIPATm/SSSD-child-16567-auth.output 399s ++ basename /tmp/sssd-softhsm2-GIPATm/SSSD-child-16567-auth.output .output 399s + output_cert_file=/tmp/sssd-softhsm2-GIPATm/SSSD-child-16567-auth.pem 399s + echo -n 053350 399s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-GIPATm/test-full-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Root Tr Token' --module_name /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so 399s [p11_child[3165]] [main] (0x0400): p11_child started. 399s [p11_child[3165]] [main] (0x2000): Running in [auth] mode. 399s [p11_child[3165]] [main] (0x2000): Running with effective IDs: [0][0]. 399s [p11_child[3165]] [main] (0x2000): Running with real IDs [0][0]. 399s [p11_child[3165]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 399s [p11_child[3165]] [do_card] (0x4000): Module List: 399s [p11_child[3165]] [do_card] (0x4000): common name: [softhsm2]. 399s [p11_child[3165]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 399s [p11_child[3165]] [do_card] (0x4000): Description [SoftHSM slot ID 0x765c03e4] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 399s [p11_child[3165]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 399s [p11_child[3165]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x765c03e4][1985741796] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 399s [p11_child[3165]] [do_card] (0x4000): Login required. 399s [p11_child[3165]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 399s [p11_child[3165]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 399s [p11_child[3165]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so Test Organization Root Tr Token Test Organization Root Tr Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 399s [p11_child[3165]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x765c03e4;slot-manufacturer=SoftHSM%20project;slot-id=1985741796;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=e4ac5d3c765c03e4;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 399s [p11_child[3165]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 399s [p11_child[3165]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 399s [p11_child[3165]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 399s [p11_child[3165]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 399s [p11_child[3165]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 399s [p11_child[3165]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 399s [p11_child[3165]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 399s [p11_child[3165]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 399s [p11_child[3165]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 399s [p11_child[3165]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 399s [p11_child[3165]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 399s [p11_child[3165]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 399s [p11_child[3165]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 399s [p11_child[3165]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 399s [p11_child[3165]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 399s [p11_child[3165]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 399s [p11_child[3165]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 399s [p11_child[3165]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 399s [p11_child[3165]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 399s [p11_child[3165]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 399s [p11_child[3165]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 399s [p11_child[3165]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 399s [p11_child[3165]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 399s [p11_child[3165]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 399s [p11_child[3165]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 399s [p11_child[3165]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 399s [p11_child[3165]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 399s [p11_child[3165]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 399s [p11_child[3165]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 399s [p11_child[3165]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 399s [p11_child[3165]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 399s [p11_child[3165]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 399s [p11_child[3165]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 399s [p11_child[3165]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 399s [p11_child[3165]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 399s [p11_child[3165]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 399s [p11_child[3165]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 399s [p11_child[3165]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 399s [p11_child[3165]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 399s [p11_child[3165]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 399s [p11_child[3165]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 399s [p11_child[3165]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 399s [p11_child[3165]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 399s [p11_child[3165]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 399s [p11_child[3165]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 399s [p11_child[3165]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 399s [p11_child[3165]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 399s [p11_child[3165]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 399s [p11_child[3165]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 399s [p11_child[3165]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 399s [p11_child[3165]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 399s [p11_child[3165]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 399s [p11_child[3165]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 399s [p11_child[3165]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 399s [p11_child[3165]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 399s [p11_child[3165]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 399s [p11_child[3165]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 399s [p11_child[3165]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 399s [p11_child[3165]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 399s [p11_child[3165]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 399s [p11_child[3165]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 399s [p11_child[3165]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 399s [p11_child[3165]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 399s [p11_child[3165]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 399s [p11_child[3165]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 399s [p11_child[3165]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 399s [p11_child[3165]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 399s [p11_child[3165]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 399s [p11_child[3165]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 399s [p11_child[3165]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 399s [p11_child[3165]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 399s [p11_child[3165]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 399s [p11_child[3165]] [do_card] (0x4000): Certificate verified and validated. 399s [p11_child[3165]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 399s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-GIPATm/SSSD-child-16567-auth.output 399s + echo '-----BEGIN CERTIFICATE-----' 399s + tail -n1 /tmp/sssd-softhsm2-GIPATm/SSSD-child-16567-auth.output 399s + echo '-----END CERTIFICATE-----' 399s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-GIPATm/SSSD-child-16567-auth.pem 399s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-GIPATm/SSSD-child-16567-auth.pem 399s Certificate: 399s Data: 399s Version: 3 (0x2) 399s Serial Number: 3 (0x3) 399s Signature Algorithm: sha256WithRSAEncryption 399s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 399s Validity 399s Not Before: Apr 11 17:25:10 2024 GMT 399s Not After : Apr 11 17:25:10 2025 GMT 399s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 399s Subject Public Key Info: 399s Public Key Algorithm: rsaEncryption 399s Public-Key: (1024 bit) 399s Modulus: 399s 00:c9:48:ed:25:ef:73:80:7b:23:91:d1:f2:f4:17: 399s 74:d2:07:b5:0f:09:ad:e3:fa:45:4f:d3:20:b0:d9: 399s b9:29:7f:18:49:ec:8c:b8:27:5b:aa:80:16:3c:c8: 399s 98:6b:bf:3f:cd:23:ee:6b:5e:b0:5d:d3:22:02:d0: 399s 4c:9a:53:cb:b3:a0:fc:30:5a:dd:63:9d:91:c4:63: 399s a9:a6:17:7f:0c:bb:f6:31:35:80:e9:62:a4:09:5b: 399s 0d:34:f7:05:7d:34:2b:da:b7:f0:85:cc:19:60:a9: 399s bb:50:e4:c5:ed:9d:f8:39:81:eb:16:d0:57:ea:53: 399s 9f:5c:15:82:9d:4d:00:12:e5 399s Exponent: 65537 (0x10001) 399s X509v3 extensions: 399s X509v3 Authority Key Identifier: 399s D0:27:EE:8A:9F:9A:32:B0:4D:3A:C9:2F:9C:6D:8B:FB:23:0E:FA:B6 399s X509v3 Basic Constraints: 399s CA:FALSE 399s Netscape Cert Type: 399s SSL Client, S/MIME 399s Netscape Comment: 399s Test Organization Root CA trusted Certificate 399s X509v3 Subject Key Identifier: 399s A4:62:E5:38:E0:03:E6:C7:50:B0:1F:BD:5B:FE:A7:15:11:56:98:E0 399s X509v3 Key Usage: critical 399s Digital Signature, Non Repudiation, Key Encipherment 399s X509v3 Extended Key Usage: 399s TLS Web Client Authentication, E-mail Protection 399s X509v3 Subject Alternative Name: 399s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 399s Signature Algorithm: sha256WithRSAEncryption 399s Signature Value: 399s 33:c3:0c:b9:0a:55:ac:c4:ae:0f:14:51:09:2a:3b:2a:3b:14: 399s 0c:fb:2b:97:70:77:f5:21:67:b7:9c:fd:86:4a:06:b4:49:e6: 399s b3:80:30:f6:b3:47:f6:03:55:3b:2f:8f:bb:7e:52:72:34:2e: 399s bb:d5:54:fd:bc:f3:52:d9:8e:e3:e7:09:a0:f6:25:41:8d:ec: 399s 26:0b:13:41:cf:48:e6:3b:43:6e:31:8b:3d:eb:f7:e5:d3:6e: 399s d4:41:d6:53:87:21:e6:23:dc:ec:c6:ee:c4:1a:fd:48:76:56: 399s 43:ce:5b:7a:07:c3:65:ec:8f:81:7f:ba:4c:86:99:03:79:c2: 399s 5d:79 399s + found_md5=Modulus=C948ED25EF73807B2391D1F2F41774D207B50F09ADE3FA454FD320B0D9B9297F1849EC8CB8275BAA80163CC8986BBF3FCD23EE6B5EB05DD32202D04C9A53CBB3A0FC305ADD639D91C463A9A6177F0CBBF6313580E962A4095B0D34F7057D342BDAB7F085CC1960A9BB50E4C5ED9DF83981EB16D057EA539F5C15829D4D0012E5 399s + '[' Modulus=C948ED25EF73807B2391D1F2F41774D207B50F09ADE3FA454FD320B0D9B9297F1849EC8CB8275BAA80163CC8986BBF3FCD23EE6B5EB05DD32202D04C9A53CBB3A0FC305ADD639D91C463A9A6177F0CBBF6313580E962A4095B0D34F7057D342BDAB7F085CC1960A9BB50E4C5ED9DF83981EB16D057EA539F5C15829D4D0012E5 '!=' Modulus=C948ED25EF73807B2391D1F2F41774D207B50F09ADE3FA454FD320B0D9B9297F1849EC8CB8275BAA80163CC8986BBF3FCD23EE6B5EB05DD32202D04C9A53CBB3A0FC305ADD639D91C463A9A6177F0CBBF6313580E962A4095B0D34F7057D342BDAB7F085CC1960A9BB50E4C5ED9DF83981EB16D057EA539F5C15829D4D0012E5 ']' 399s + invalid_certificate /tmp/sssd-softhsm2-GIPATm/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-7250 /tmp/sssd-softhsm2-GIPATm/test-intermediate-CA.pem 399s + check_certificate /tmp/sssd-softhsm2-GIPATm/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-7250 /tmp/sssd-softhsm2-GIPATm/test-intermediate-CA.pem 399s + local certificate=/tmp/sssd-softhsm2-GIPATm/test-root-CA-trusted-certificate-0001.pem 399s + local key_pass=pass:random-root-ca-trusted-cert-0001-7250 399s + local key_ring=/tmp/sssd-softhsm2-GIPATm/test-intermediate-CA.pem 399s + local verify_option= 399s + prepare_softhsm2_card /tmp/sssd-softhsm2-GIPATm/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-7250 399s + local certificate=/tmp/sssd-softhsm2-GIPATm/test-root-CA-trusted-certificate-0001.pem 399s + local key_pass=pass:random-root-ca-trusted-cert-0001-7250 399s + local key_cn 399s + local key_name 399s + local tokens_dir 399s + local output_cert_file 399s + token_name= 399s ++ basename /tmp/sssd-softhsm2-GIPATm/test-root-CA-trusted-certificate-0001.pem .pem 399s + key_name=test-root-CA-trusted-certificate-0001 399s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-GIPATm/test-root-CA-trusted-certificate-0001.pem 399s ++ sed -n 's/ *commonName *= //p' 399s + key_cn='Test Organization Root Trusted Certificate 0001' 399s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 399s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-GIPATm/softhsm2-test-root-CA-trusted-certificate-0001.conf 399s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-GIPATm/softhsm2-test-root-CA-trusted-certificate-0001.conf 399s ++ basename /tmp/sssd-softhsm2-GIPATm/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 399s + tokens_dir=/tmp/sssd-softhsm2-GIPATm/softhsm2-test-root-CA-trusted-certificate-0001 399s + token_name='Test Organization Root Tr Token' 399s + '[' '!' -e /tmp/sssd-softhsm2-GIPATm/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 399s + '[' '!' -d /tmp/sssd-softhsm2-GIPATm/softhsm2-test-root-CA-trusted-certificate-0001 ']' 399s + echo 'Test Organization Root Tr Token' 399s + '[' -n '' ']' 399s + local output_base_name=SSSD-child-3690 399s + local output_file=/tmp/sssd-softhsm2-GIPATm/SSSD-child-3690.output 399s + output_cert_file=/tmp/sssd-softhsm2-GIPATm/SSSD-child-3690.pem 399s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-GIPATm/test-intermediate-CA.pem 399s Test Organization Root Tr Token 399s [p11_child[3175]] [main] (0x0400): p11_child started. 399s [p11_child[3175]] [main] (0x2000): Running in [pre-auth] mode. 399s [p11_child[3175]] [main] (0x2000): Running with effective IDs: [0][0]. 399s [p11_child[3175]] [main] (0x2000): Running with real IDs [0][0]. 399s [p11_child[3175]] [do_card] (0x4000): Module List: 399s [p11_child[3175]] [do_card] (0x4000): common name: [softhsm2]. 399s [p11_child[3175]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 399s [p11_child[3175]] [do_card] (0x4000): Description [SoftHSM slot ID 0x765c03e4] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 399s [p11_child[3175]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 399s [p11_child[3175]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x765c03e4][1985741796] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 399s [p11_child[3175]] [do_card] (0x4000): Login NOT required. 399s [p11_child[3175]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 399s [p11_child[3175]] [do_verification] (0x0040): X509_verify_cert failed [0]. 399s [p11_child[3175]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 399s [p11_child[3175]] [read_certs] (0x0040): Certificate [Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] not valid, skipping. 399s [p11_child[3175]] [do_card] (0x4000): No certificate found. 399s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-GIPATm/SSSD-child-3690.output 399s + return 2 399s + invalid_certificate /tmp/sssd-softhsm2-GIPATm/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-7250 /tmp/sssd-softhsm2-GIPATm/test-intermediate-CA.pem partial_chain 399s + check_certificate /tmp/sssd-softhsm2-GIPATm/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-7250 /tmp/sssd-softhsm2-GIPATm/test-intermediate-CA.pem partial_chain 399s + local certificate=/tmp/sssd-softhsm2-GIPATm/test-root-CA-trusted-certificate-0001.pem 399s + local key_pass=pass:random-root-ca-trusted-cert-0001-7250 399s + local key_ring=/tmp/sssd-softhsm2-GIPATm/test-intermediate-CA.pem 399s + local verify_option=partial_chain 399s + prepare_softhsm2_card /tmp/sssd-softhsm2-GIPATm/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-7250 399s + local certificate=/tmp/sssd-softhsm2-GIPATm/test-root-CA-trusted-certificate-0001.pem 399s + local key_pass=pass:random-root-ca-trusted-cert-0001-7250 399s + local key_cn 399s + local key_name 399s + local tokens_dir 399s + local output_cert_file 399s + token_name= 399s ++ basename /tmp/sssd-softhsm2-GIPATm/test-root-CA-trusted-certificate-0001.pem .pem 399s + key_name=test-root-CA-trusted-certificate-0001 399s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-GIPATm/test-root-CA-trusted-certificate-0001.pem 399s ++ sed -n 's/ *commonName *= //p' 399s + key_cn='Test Organization Root Trusted Certificate 0001' 399s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 399s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-GIPATm/softhsm2-test-root-CA-trusted-certificate-0001.conf 399s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-GIPATm/softhsm2-test-root-CA-trusted-certificate-0001.conf 399s Test Organization Root Tr Token 399s ++ basename /tmp/sssd-softhsm2-GIPATm/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 399s + tokens_dir=/tmp/sssd-softhsm2-GIPATm/softhsm2-test-root-CA-trusted-certificate-0001 399s + token_name='Test Organization Root Tr Token' 399s + '[' '!' -e /tmp/sssd-softhsm2-GIPATm/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 399s + '[' '!' -d /tmp/sssd-softhsm2-GIPATm/softhsm2-test-root-CA-trusted-certificate-0001 ']' 399s + echo 'Test Organization Root Tr Token' 399s + '[' -n partial_chain ']' 399s + local verify_arg=--verify=partial_chain 399s + local output_base_name=SSSD-child-11456 399s + local output_file=/tmp/sssd-softhsm2-GIPATm/SSSD-child-11456.output 399s + output_cert_file=/tmp/sssd-softhsm2-GIPATm/SSSD-child-11456.pem 399s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-GIPATm/test-intermediate-CA.pem 399s [p11_child[3182]] [main] (0x0400): p11_child started. 399s [p11_child[3182]] [main] (0x2000): Running in [pre-auth] mode. 399s [p11_child[3182]] [main] (0x2000): Running with effective IDs: [0][0]. 399s [p11_child[3182]] [main] (0x2000): Running with real IDs [0][0]. 399s [p11_child[3182]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 399s [p11_child[3182]] [do_card] (0x4000): Module List: 399s [p11_child[3182]] [do_card] (0x4000): common name: [softhsm2]. 399s [p11_child[3182]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 399s [p11_child[3182]] [do_card] (0x4000): Description [SoftHSM slot ID 0x765c03e4] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 399s [p11_child[3182]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 399s [p11_child[3182]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x765c03e4][1985741796] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 399s [p11_child[3182]] [do_card] (0x4000): Login NOT required. 399s [p11_child[3182]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 399s [p11_child[3182]] [do_verification] (0x0040): X509_verify_cert failed [0]. 399s [p11_child[3182]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 399s [p11_child[3182]] [read_certs] (0x0040): Certificate [Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] not valid, skipping. 399s [p11_child[3182]] [do_card] (0x4000): No certificate found. 399s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-GIPATm/SSSD-child-11456.output 399s + return 2 399s + invalid_certificate /tmp/sssd-softhsm2-GIPATm/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-14261 /dev/null 399s + check_certificate /tmp/sssd-softhsm2-GIPATm/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-14261 /dev/null 399s + local certificate=/tmp/sssd-softhsm2-GIPATm/test-intermediate-CA-trusted-certificate-0001.pem 399s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-14261 399s + local key_ring=/dev/null 399s + local verify_option= 399s + prepare_softhsm2_card /tmp/sssd-softhsm2-GIPATm/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-14261 399s + local certificate=/tmp/sssd-softhsm2-GIPATm/test-intermediate-CA-trusted-certificate-0001.pem 399s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-14261 399s + local key_cn 399s + local key_name 399s + local tokens_dir 399s + local output_cert_file 399s + token_name= 399s ++ basename /tmp/sssd-softhsm2-GIPATm/test-intermediate-CA-trusted-certificate-0001.pem .pem 399s + key_name=test-intermediate-CA-trusted-certificate-0001 399s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-GIPATm/test-intermediate-CA-trusted-certificate-0001.pem 399s ++ sed -n 's/ *commonName *= //p' 399s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 399s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 399s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-GIPATm/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 399s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-GIPATm/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 399s ++ basename /tmp/sssd-softhsm2-GIPATm/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 399s + tokens_dir=/tmp/sssd-softhsm2-GIPATm/softhsm2-test-intermediate-CA-trusted-certificate-0001 399s + token_name='Test Organization Interme Token' 399s + '[' '!' -e /tmp/sssd-softhsm2-GIPATm/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 399s + local key_file 399s + local decrypted_key 399s + mkdir -p /tmp/sssd-softhsm2-GIPATm/softhsm2-test-intermediate-CA-trusted-certificate-0001 399s + key_file=/tmp/sssd-softhsm2-GIPATm/test-intermediate-CA-trusted-certificate-0001-key.pem 399s + decrypted_key=/tmp/sssd-softhsm2-GIPATm/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 399s + cat 399s + softhsm2-util --init-token --label 'Test Organization Interme Token' --pin 053350 --so-pin 053350 --free 399s Slot 0 has a free/uninitialized token. 399s The token has been initialized and is reassigned to slot 1626570101 399s + softhsm2-util --show-slots 399s Available slots: 399s Slot 1626570101 399s Slot info: 399s Description: SoftHSM slot ID 0x60f37d75 399s Manufacturer ID: SoftHSM project 399s Hardware version: 2.6 399s Firmware version: 2.6 399s Token present: yes 399s Token info: 399s Manufacturer ID: SoftHSM project 399s Model: SoftHSM v2 399s Hardware version: 2.6 399s Firmware version: 2.6 399s Serial number: bc849410e0f37d75 399s Initialized: yes 399s User PIN init.: yes 399s Label: Test Organization Interme Token 399s Slot 1 399s Slot info: 399s Description: SoftHSM slot ID 0x1 399s Manufacturer ID: SoftHSM project 399s Hardware version: 2.6 399s Firmware version: 2.6 399s Token present: yes 399s Token info: 399s Manufacturer ID: SoftHSM project 399s Model: SoftHSM v2 399s Hardware version: 2.6 399s Firmware version: 2.6 399s Serial number: 399s Initialized: no 399s User PIN init.: no 399s Label: 399s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=/tmp/sssd-softhsm2-GIPATm/test-intermediate-CA-trusted-certificate-0001.pem --login --set-pin=053350 --label 'Test Organization Intermediate Trusted Certificate 0001' --id 00112233445566778899FFAABBCCDDEEFF012345 399s + openssl rsa -passin pass:random-intermediate-ca-trusted-cert-0001-14261 -in /tmp/sssd-softhsm2-GIPATm/test-intermediate-CA-trusted-certificate-0001-key.pem -out /tmp/sssd-softhsm2-GIPATm/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 399s writing RSA key 399s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --write --load-privkey=/tmp/sssd-softhsm2-GIPATm/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem --login --set-pin=053350 --label 'Test Organization Intermediate Trusted Certificate 0001 Key' --id 00112233445566778899FFAABBCCDDEEFF012345 399s + rm /tmp/sssd-softhsm2-GIPATm/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 399s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --list-all 399s Object 0: 399s URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=bc849410e0f37d75;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert 399s Type: X.509 Certificate (RSA-1024) 399s Expires: Fri Apr 11 17:25:10 2025 399s Label: Test Organization Intermediate Trusted Certificate 0001 399s ID: 00:11:22:33:44:55:66:77:88:99:ff:aa:bb:cc:dd:ee:ff:01:23:45 399s 399s Test Organization Interme Token 399s + echo 'Test Organization Interme Token' 399s + '[' -n '' ']' 399s + local output_base_name=SSSD-child-11697 399s + local output_file=/tmp/sssd-softhsm2-GIPATm/SSSD-child-11697.output 399s + output_cert_file=/tmp/sssd-softhsm2-GIPATm/SSSD-child-11697.pem 399s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/dev/null 399s [p11_child[3198]] [main] (0x0400): p11_child started. 399s [p11_child[3198]] [main] (0x2000): Running in [pre-auth] mode. 399s [p11_child[3198]] [main] (0x2000): Running with effective IDs: [0][0]. 399s [p11_child[3198]] [main] (0x2000): Running with real IDs [0][0]. 399s [p11_child[3198]] [init_verification] (0x0040): X509_LOOKUP_load_file [/dev/null] failed [92274824][error:05800088:x509 certificate routines::no certificate or crl found]. 399s [p11_child[3198]] [do_work] (0x0040): init_verification failed. 399s [p11_child[3198]] [main] (0x0020): p11_child failed (5) 399s + return 2 399s + valid_certificate /tmp/sssd-softhsm2-GIPATm/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-14261 /dev/null no_verification 399s + check_certificate /tmp/sssd-softhsm2-GIPATm/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-14261 /dev/null no_verification 399s + local certificate=/tmp/sssd-softhsm2-GIPATm/test-intermediate-CA-trusted-certificate-0001.pem 399s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-14261 399s + local key_ring=/dev/null 399s + local verify_option=no_verification 399s + prepare_softhsm2_card /tmp/sssd-softhsm2-GIPATm/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-14261 399s + local certificate=/tmp/sssd-softhsm2-GIPATm/test-intermediate-CA-trusted-certificate-0001.pem 399s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-14261 399s + local key_cn 399s + local key_name 399s + local tokens_dir 399s + local output_cert_file 399s + token_name= 399s ++ basename /tmp/sssd-softhsm2-GIPATm/test-intermediate-CA-trusted-certificate-0001.pem .pem 399s + key_name=test-intermediate-CA-trusted-certificate-0001 399s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-GIPATm/test-intermediate-CA-trusted-certificate-0001.pem 399s ++ sed -n 's/ *commonName *= //p' 399s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 399s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 399s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-GIPATm/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 399s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-GIPATm/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 399s ++ basename /tmp/sssd-softhsm2-GIPATm/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 399s + tokens_dir=/tmp/sssd-softhsm2-GIPATm/softhsm2-test-intermediate-CA-trusted-certificate-0001 399s Test Organization Interme Token 399s + token_name='Test Organization Interme Token' 399s + '[' '!' -e /tmp/sssd-softhsm2-GIPATm/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 399s + '[' '!' -d /tmp/sssd-softhsm2-GIPATm/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 399s + echo 'Test Organization Interme Token' 399s + '[' -n no_verification ']' 399s + local verify_arg=--verify=no_verification 399s + local output_base_name=SSSD-child-31083 399s + local output_file=/tmp/sssd-softhsm2-GIPATm/SSSD-child-31083.output 399s + output_cert_file=/tmp/sssd-softhsm2-GIPATm/SSSD-child-31083.pem 399s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --verify=no_verification --ca_db=/dev/null 399s [p11_child[3204]] [main] (0x0400): p11_child started. 399s [p11_child[3204]] [main] (0x2000): Running in [pre-auth] mode. 399s [p11_child[3204]] [main] (0x2000): Running with effective IDs: [0][0]. 399s [p11_child[3204]] [main] (0x2000): Running with real IDs [0][0]. 399s [p11_child[3204]] [parse_cert_verify_opts] (0x0020): Found 'no_verification' option, disabling verification completely. This should not be used in production. 399s [p11_child[3204]] [do_card] (0x4000): Module List: 399s [p11_child[3204]] [do_card] (0x4000): common name: [softhsm2]. 399s [p11_child[3204]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 399s [p11_child[3204]] [do_card] (0x4000): Description [SoftHSM slot ID 0x60f37d75] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 399s [p11_child[3204]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 399s [p11_child[3204]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x60f37d75][1626570101] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 399s [p11_child[3204]] [do_card] (0x4000): Login NOT required. 399s [p11_child[3204]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 399s [p11_child[3204]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Interme Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 399s [p11_child[3204]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x60f37d75;slot-manufacturer=SoftHSM%20project;slot-id=1626570101;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=bc849410e0f37d75;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 399s [p11_child[3204]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 399s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-GIPATm/SSSD-child-31083.output 399s + echo '-----BEGIN CERTIFICATE-----' 399s + tail -n1 /tmp/sssd-softhsm2-GIPATm/SSSD-child-31083.output 399s + echo '-----END CERTIFICATE-----' 399s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-GIPATm/SSSD-child-31083.pem 399s + local found_md5 expected_md5 399s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-GIPATm/test-intermediate-CA-trusted-certificate-0001.pem 399s Certificate: 399s Data: 399s Version: 3 (0x2) 399s Serial Number: 4 (0x4) 399s Signature Algorithm: sha256WithRSAEncryption 399s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 399s Validity 399s Not Before: Apr 11 17:25:10 2024 GMT 399s Not After : Apr 11 17:25:10 2025 GMT 399s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 399s Subject Public Key Info: 399s Public Key Algorithm: rsaEncryption 399s Public-Key: (1024 bit) 399s Modulus: 399s 00:ad:c2:dd:91:e8:77:50:b3:92:a9:f9:3f:57:ef: 399s c3:78:9c:cc:f7:97:7c:23:32:52:e7:7b:ed:df:1d: 399s 96:17:9e:9d:11:54:8f:f3:39:41:bd:43:2a:5b:28: 399s c9:7e:ba:61:05:d3:06:83:b7:56:bc:02:bc:51:49: 399s cb:05:76:6c:02:16:50:0f:ce:37:69:fd:10:08:e4: 399s 52:92:ef:94:00:0c:2c:76:25:46:79:95:24:9d:f0: 399s b9:81:e3:9e:24:68:ef:54:ee:58:7a:3f:bd:6f:f7: 399s a5:f6:f1:9c:70:fb:3a:5a:e7:70:7a:40:f5:b3:f2: 399s 5d:c7:32:e9:6e:b9:52:15:cb 399s Exponent: 65537 (0x10001) 399s X509v3 extensions: 399s X509v3 Authority Key Identifier: 399s C0:6E:16:26:5E:0A:9F:81:8D:10:91:DD:F3:CF:77:37:C3:E0:90:A5 399s X509v3 Basic Constraints: 399s CA:FALSE 399s Netscape Cert Type: 399s SSL Client, S/MIME 399s Netscape Comment: 399s Test Organization Intermediate CA trusted Certificate 399s X509v3 Subject Key Identifier: 399s 25:57:24:24:24:6A:91:18:F4:59:F2:86:C8:B6:7E:19:CF:49:52:70 399s X509v3 Key Usage: critical 399s Digital Signature, Non Repudiation, Key Encipherment 399s X509v3 Extended Key Usage: 399s TLS Web Client Authentication, E-mail Protection 399s X509v3 Subject Alternative Name: 399s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 399s Signature Algorithm: sha256WithRSAEncryption 399s Signature Value: 399s 37:77:a4:89:b9:60:d0:bc:84:f2:04:71:75:88:ee:16:c1:9d: 399s 00:cf:c6:65:e6:a6:ea:84:9f:33:f0:a6:31:cb:ec:0b:a3:65: 399s 24:10:6f:b8:b0:c3:b7:a3:05:7f:c0:a7:21:08:27:be:73:8d: 399s 0e:56:24:23:95:01:f7:12:82:d7:ab:d5:df:ec:a0:88:73:ec: 399s c9:63:59:8a:21:40:78:f4:57:2a:58:e3:13:22:9c:28:30:4e: 399s cf:dc:af:92:22:0b:8f:b1:17:a5:b4:ed:ff:1f:93:b4:e8:a7: 399s 9b:36:f6:b3:67:4f:3b:22:75:65:a9:31:d1:c6:26:9d:14:a9: 399s 4b:7d 399s + expected_md5=Modulus=ADC2DD91E87750B392A9F93F57EFC3789CCCF7977C233252E77BEDDF1D96179E9D11548FF33941BD432A5B28C97EBA6105D30683B756BC02BC5149CB05766C0216500FCE3769FD1008E45292EF94000C2C7625467995249DF0B981E39E2468EF54EE587A3FBD6FF7A5F6F19C70FB3A5AE7707A40F5B3F25DC732E96EB95215CB 399s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-GIPATm/SSSD-child-31083.pem 399s + found_md5=Modulus=ADC2DD91E87750B392A9F93F57EFC3789CCCF7977C233252E77BEDDF1D96179E9D11548FF33941BD432A5B28C97EBA6105D30683B756BC02BC5149CB05766C0216500FCE3769FD1008E45292EF94000C2C7625467995249DF0B981E39E2468EF54EE587A3FBD6FF7A5F6F19C70FB3A5AE7707A40F5B3F25DC732E96EB95215CB 399s + '[' Modulus=ADC2DD91E87750B392A9F93F57EFC3789CCCF7977C233252E77BEDDF1D96179E9D11548FF33941BD432A5B28C97EBA6105D30683B756BC02BC5149CB05766C0216500FCE3769FD1008E45292EF94000C2C7625467995249DF0B981E39E2468EF54EE587A3FBD6FF7A5F6F19C70FB3A5AE7707A40F5B3F25DC732E96EB95215CB '!=' Modulus=ADC2DD91E87750B392A9F93F57EFC3789CCCF7977C233252E77BEDDF1D96179E9D11548FF33941BD432A5B28C97EBA6105D30683B756BC02BC5149CB05766C0216500FCE3769FD1008E45292EF94000C2C7625467995249DF0B981E39E2468EF54EE587A3FBD6FF7A5F6F19C70FB3A5AE7707A40F5B3F25DC732E96EB95215CB ']' 399s + output_file=/tmp/sssd-softhsm2-GIPATm/SSSD-child-31083-auth.output 399s ++ basename /tmp/sssd-softhsm2-GIPATm/SSSD-child-31083-auth.output .output 399s + output_cert_file=/tmp/sssd-softhsm2-GIPATm/SSSD-child-31083-auth.pem 399s + echo -n 053350 399s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/dev/null --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=no_verification --token_name 'Test Organization Interme Token' --module_name /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so 399s [p11_child[3212]] [main] (0x0400): p11_child started. 399s [p11_child[3212]] [main] (0x2000): Running in [auth] mode. 399s [p11_child[3212]] [main] (0x2000): Running with effective IDs: [0][0]. 399s [p11_child[3212]] [main] (0x2000): Running with real IDs [0][0]. 399s [p11_child[3212]] [parse_cert_verify_opts] (0x0020): Found 'no_verification' option, disabling verification completely. This should not be used in production. 399s [p11_child[3212]] [do_card] (0x4000): Module List: 399s [p11_child[3212]] [do_card] (0x4000): common name: [softhsm2]. 399s [p11_child[3212]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 399s [p11_child[3212]] [do_card] (0x4000): Description [SoftHSM slot ID 0x60f37d75] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 399s [p11_child[3212]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 399s [p11_child[3212]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x60f37d75][1626570101] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 399s [p11_child[3212]] [do_card] (0x4000): Login required. 399s [p11_child[3212]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 399s [p11_child[3212]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so Test Organization Interme Token Test Organization Interme Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 399s [p11_child[3212]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x60f37d75;slot-manufacturer=SoftHSM%20project;slot-id=1626570101;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=bc849410e0f37d75;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 399s [p11_child[3212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 399s [p11_child[3212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 399s [p11_child[3212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 399s [p11_child[3212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 399s [p11_child[3212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 399s [p11_child[3212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 399s [p11_child[3212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 399s [p11_child[3212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 399s [p11_child[3212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 399s [p11_child[3212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 399s [p11_child[3212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 399s [p11_child[3212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 399s [p11_child[3212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 399s [p11_child[3212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 399s [p11_child[3212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 399s [p11_child[3212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 399s [p11_child[3212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 399s [p11_child[3212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 399s [p11_child[3212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 399s [p11_child[3212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 399s [p11_child[3212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 399s [p11_child[3212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 399s [p11_child[3212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 399s [p11_child[3212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 399s [p11_child[3212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 399s [p11_child[3212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 399s [p11_child[3212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 399s [p11_child[3212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 399s [p11_child[3212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 399s [p11_child[3212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 399s [p11_child[3212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 399s [p11_child[3212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 399s [p11_child[3212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 399s [p11_child[3212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 399s [p11_child[3212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 399s [p11_child[3212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 399s [p11_child[3212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 399s [p11_child[3212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 399s [p11_child[3212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 399s [p11_child[3212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 399s [p11_child[3212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 399s [p11_child[3212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 399s [p11_child[3212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 399s [p11_child[3212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 399s [p11_child[3212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 399s [p11_child[3212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 399s [p11_child[3212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 399s [p11_child[3212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 399s [p11_child[3212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 399s [p11_child[3212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 399s [p11_child[3212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 399s [p11_child[3212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 399s [p11_child[3212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 399s [p11_child[3212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 399s [p11_child[3212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 399s [p11_child[3212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 399s [p11_child[3212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 399s [p11_child[3212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 399s [p11_child[3212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 399s [p11_child[3212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 399s [p11_child[3212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 399s [p11_child[3212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 399s [p11_child[3212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 399s [p11_child[3212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 399s [p11_child[3212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 399s [p11_child[3212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 399s [p11_child[3212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 399s [p11_child[3212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 399s [p11_child[3212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 399s [p11_child[3212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 399s [p11_child[3212]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 399s [p11_child[3212]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 399s [p11_child[3212]] [do_card] (0x4000): Certificate verified and validated. 399s [p11_child[3212]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 399s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-GIPATm/SSSD-child-31083-auth.output 399s + echo '-----BEGIN CERTIFICATE-----' 399s + tail -n1 /tmp/sssd-softhsm2-GIPATm/SSSD-child-31083-auth.output 399s + echo '-----END CERTIFICATE-----' 399s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-GIPATm/SSSD-child-31083-auth.pem 399s Certificate: 399s Data: 399s Version: 3 (0x2) 399s Serial Number: 4 (0x4) 399s Signature Algorithm: sha256WithRSAEncryption 399s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 399s Validity 399s Not Before: Apr 11 17:25:10 2024 GMT 399s Not After : Apr 11 17:25:10 2025 GMT 399s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 399s Subject Public Key Info: 399s Public Key Algorithm: rsaEncryption 399s Public-Key: (1024 bit) 399s Modulus: 399s 00:ad:c2:dd:91:e8:77:50:b3:92:a9:f9:3f:57:ef: 399s c3:78:9c:cc:f7:97:7c:23:32:52:e7:7b:ed:df:1d: 399s 96:17:9e:9d:11:54:8f:f3:39:41:bd:43:2a:5b:28: 399s c9:7e:ba:61:05:d3:06:83:b7:56:bc:02:bc:51:49: 399s cb:05:76:6c:02:16:50:0f:ce:37:69:fd:10:08:e4: 399s 52:92:ef:94:00:0c:2c:76:25:46:79:95:24:9d:f0: 399s b9:81:e3:9e:24:68:ef:54:ee:58:7a:3f:bd:6f:f7: 399s a5:f6:f1:9c:70:fb:3a:5a:e7:70:7a:40:f5:b3:f2: 399s 5d:c7:32:e9:6e:b9:52:15:cb 399s Exponent: 65537 (0x10001) 399s X509v3 extensions: 399s X509v3 Authority Key Identifier: 399s C0:6E:16:26:5E:0A:9F:81:8D:10:91:DD:F3:CF:77:37:C3:E0:90:A5 399s X509v3 Basic Constraints: 399s CA:FALSE 399s Netscape Cert Type: 399s SSL Client, S/MIME 399s Netscape Comment: 399s Test Organization Intermediate CA trusted Certificate 399s X509v3 Subject Key Identifier: 399s 25:57:24:24:24:6A:91:18:F4:59:F2:86:C8:B6:7E:19:CF:49:52:70 399s X509v3 Key Usage: critical 399s Digital Signature, Non Repudiation, Key Encipherment 399s X509v3 Extended Key Usage: 399s TLS Web Client Authentication, E-mail Protection 399s X509v3 Subject Alternative Name: 399s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 399s Signature Algorithm: sha256WithRSAEncryption 399s Signature Value: 399s 37:77:a4:89:b9:60:d0:bc:84:f2:04:71:75:88:ee:16:c1:9d: 399s 00:cf:c6:65:e6:a6:ea:84:9f:33:f0:a6:31:cb:ec:0b:a3:65: 399s 24:10:6f:b8:b0:c3:b7:a3:05:7f:c0:a7:21:08:27:be:73:8d: 399s 0e:56:24:23:95:01:f7:12:82:d7:ab:d5:df:ec:a0:88:73:ec: 399s c9:63:59:8a:21:40:78:f4:57:2a:58:e3:13:22:9c:28:30:4e: 399s cf:dc:af:92:22:0b:8f:b1:17:a5:b4:ed:ff:1f:93:b4:e8:a7: 399s 9b:36:f6:b3:67:4f:3b:22:75:65:a9:31:d1:c6:26:9d:14:a9: 399s 4b:7d 399s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-GIPATm/SSSD-child-31083-auth.pem 399s + found_md5=Modulus=ADC2DD91E87750B392A9F93F57EFC3789CCCF7977C233252E77BEDDF1D96179E9D11548FF33941BD432A5B28C97EBA6105D30683B756BC02BC5149CB05766C0216500FCE3769FD1008E45292EF94000C2C7625467995249DF0B981E39E2468EF54EE587A3FBD6FF7A5F6F19C70FB3A5AE7707A40F5B3F25DC732E96EB95215CB 399s + '[' Modulus=ADC2DD91E87750B392A9F93F57EFC3789CCCF7977C233252E77BEDDF1D96179E9D11548FF33941BD432A5B28C97EBA6105D30683B756BC02BC5149CB05766C0216500FCE3769FD1008E45292EF94000C2C7625467995249DF0B981E39E2468EF54EE587A3FBD6FF7A5F6F19C70FB3A5AE7707A40F5B3F25DC732E96EB95215CB '!=' Modulus=ADC2DD91E87750B392A9F93F57EFC3789CCCF7977C233252E77BEDDF1D96179E9D11548FF33941BD432A5B28C97EBA6105D30683B756BC02BC5149CB05766C0216500FCE3769FD1008E45292EF94000C2C7625467995249DF0B981E39E2468EF54EE587A3FBD6FF7A5F6F19C70FB3A5AE7707A40F5B3F25DC732E96EB95215CB ']' 399s + invalid_certificate /tmp/sssd-softhsm2-GIPATm/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-14261 /tmp/sssd-softhsm2-GIPATm/test-root-CA.pem 399s + check_certificate /tmp/sssd-softhsm2-GIPATm/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-14261 /tmp/sssd-softhsm2-GIPATm/test-root-CA.pem 399s + local certificate=/tmp/sssd-softhsm2-GIPATm/test-intermediate-CA-trusted-certificate-0001.pem 399s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-14261 399s + local key_ring=/tmp/sssd-softhsm2-GIPATm/test-root-CA.pem 399s + local verify_option= 399s + prepare_softhsm2_card /tmp/sssd-softhsm2-GIPATm/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-14261 399s + local certificate=/tmp/sssd-softhsm2-GIPATm/test-intermediate-CA-trusted-certificate-0001.pem 399s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-14261 399s + local key_cn 399s + local key_name 399s + local tokens_dir 399s + local output_cert_file 399s + token_name= 399s ++ basename /tmp/sssd-softhsm2-GIPATm/test-intermediate-CA-trusted-certificate-0001.pem .pem 399s + key_name=test-intermediate-CA-trusted-certificate-0001 399s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-GIPATm/test-intermediate-CA-trusted-certificate-0001.pem 399s ++ sed -n 's/ *commonName *= //p' 399s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 399s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 399s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-GIPATm/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 399s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-GIPATm/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 399s ++ basename /tmp/sssd-softhsm2-GIPATm/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 399s + tokens_dir=/tmp/sssd-softhsm2-GIPATm/softhsm2-test-intermediate-CA-trusted-certificate-0001 399s + token_name='Test Organization Interme Token' 399s + '[' '!' -e /tmp/sssd-softhsm2-GIPATm/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 399s + '[' '!' -d /tmp/sssd-softhsm2-GIPATm/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 399s + echo 'Test Organization Interme Token' 399s + '[' -n '' ']' 399s + local output_base_name=SSSD-child-515 399s + local output_file=/tmp/sssd-softhsm2-GIPATm/SSSD-child-515.output 399s + output_cert_file=/tmp/sssd-softhsm2-GIPATm/SSSD-child-515.pem 399s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-GIPATm/test-root-CA.pem 399s [p11_child[3222]] [main] (0x0400): p11_child started. 399s [p11_child[3222]] [main] (0x2000): Running in [pre-auth] mode. 399s [p11_child[3222]] [main] (0x2000): Running with effective IDs: [0][0]. 399s [p11_child[3222]] [main] (0x2000): Running with real IDs [0][0]. 399s Test Organization Interme Token 399s [p11_child[3222]] [do_card] (0x4000): Module List: 399s [p11_child[3222]] [do_card] (0x4000): common name: [softhsm2]. 399s [p11_child[3222]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 399s [p11_child[3222]] [do_card] (0x4000): Description [SoftHSM slot ID 0x60f37d75] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 399s [p11_child[3222]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 399s [p11_child[3222]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x60f37d75][1626570101] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 399s [p11_child[3222]] [do_card] (0x4000): Login NOT required. 399s [p11_child[3222]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 399s [p11_child[3222]] [do_verification] (0x0040): X509_verify_cert failed [0]. 399s [p11_child[3222]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 399s [p11_child[3222]] [read_certs] (0x0040): Certificate [Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] not valid, skipping. 399s [p11_child[3222]] [do_card] (0x4000): No certificate found. 399s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-GIPATm/SSSD-child-515.output 399s + return 2 399s + invalid_certificate /tmp/sssd-softhsm2-GIPATm/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-14261 /tmp/sssd-softhsm2-GIPATm/test-root-CA.pem partial_chain 399s + check_certificate /tmp/sssd-softhsm2-GIPATm/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-14261 /tmp/sssd-softhsm2-GIPATm/test-root-CA.pem partial_chain 399s + local certificate=/tmp/sssd-softhsm2-GIPATm/test-intermediate-CA-trusted-certificate-0001.pem 399s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-14261 399s + local key_ring=/tmp/sssd-softhsm2-GIPATm/test-root-CA.pem 399s + local verify_option=partial_chain 399s + prepare_softhsm2_card /tmp/sssd-softhsm2-GIPATm/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-14261 399s + local certificate=/tmp/sssd-softhsm2-GIPATm/test-intermediate-CA-trusted-certificate-0001.pem 399s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-14261 399s + local key_cn 399s + local key_name 399s + local tokens_dir 399s + local output_cert_file 399s + token_name= 399s ++ basename /tmp/sssd-softhsm2-GIPATm/test-intermediate-CA-trusted-certificate-0001.pem .pem 399s + key_name=test-intermediate-CA-trusted-certificate-0001 399s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-GIPATm/test-intermediate-CA-trusted-certificate-0001.pem 399s ++ sed -n 's/ *commonName *= //p' 399s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 399s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 399s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-GIPATm/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 399s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-GIPATm/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 399s ++ basename /tmp/sssd-softhsm2-GIPATm/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 399s + tokens_dir=/tmp/sssd-softhsm2-GIPATm/softhsm2-test-intermediate-CA-trusted-certificate-0001 399s + token_name='Test Organization Interme Token' 399s + '[' '!' -e /tmp/sssd-softhsm2-GIPATm/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 399s + '[' '!' -d /tmp/sssd-softhsm2-GIPATm/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 399s + echo 'Test Organization Interme Token' 399s + '[' -n partial_chain ']' 399s + local verify_arg=--verify=partial_chain 399s + local output_base_name=SSSD-child-2200 399s + local output_file=/tmp/sssd-softhsm2-GIPATm/SSSD-child-2200.output 399s + output_cert_file=/tmp/sssd-softhsm2-GIPATm/SSSD-child-2200.pem 399s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-GIPATm/test-root-CA.pem 399s [p11_child[3229]] [main] (0x0400): p11_child started. 399s [p11_child[3229]] [main] (0x2000): Running in [pre-auth] mode. 399s [p11_child[3229]] [main] (0x2000): Running with effective IDs: [0][0]. 399s [p11_child[3229]] [main] (0x2000): Running with real IDs [0][0]. 399s [p11_child[3229]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 399s [p11_child[3229]] [do_card] (0x4000): Module List: 399s [p11_child[3229]] [do_card] (0x4000): common name: [softhsm2]. 399s [p11_child[3229]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 399s [p11_child[3229]] [do_card] (0x4000): Description [SoftHSM slot ID 0x60f37d75] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 399s [p11_child[3229]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 399s [p11_child[3229]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x60f37d75][1626570101] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 399s [p11_child[3229]] [do_card] (0x4000): Login NOT required. 399s [p11_child[3229]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 399s [p11_child[3229]] [do_verification] (0x0040): X509_verify_cert failed [0]. 399s [p11_child[3229]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 399s [p11_child[3229]] [read_certs] (0x0040): Certificate [Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] not valid, skipping. 399s [p11_child[3229]] [do_card] (0x4000): No certificate found. 399s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-GIPATm/SSSD-child-2200.output 399s + return 2 399s + valid_certificate /tmp/sssd-softhsm2-GIPATm/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-14261 /tmp/sssd-softhsm2-GIPATm/test-full-chain-CA.pem 399s + check_certificate /tmp/sssd-softhsm2-GIPATm/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-14261 /tmp/sssd-softhsm2-GIPATm/test-full-chain-CA.pem 399s + local certificate=/tmp/sssd-softhsm2-GIPATm/test-intermediate-CA-trusted-certificate-0001.pem 399s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-14261 399s + local key_ring=/tmp/sssd-softhsm2-GIPATm/test-full-chain-CA.pem 399s + local verify_option= 399s + prepare_softhsm2_card /tmp/sssd-softhsm2-GIPATm/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-14261 399s + local certificate=/tmp/sssd-softhsm2-GIPATm/test-intermediate-CA-trusted-certificate-0001.pem 399s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-14261 399s + local key_cn 399s + local key_name 399s + local tokens_dir 399s + local output_cert_file 399s + token_name= 399s ++ basename /tmp/sssd-softhsm2-GIPATm/test-intermediate-CA-trusted-certificate-0001.pem .pem 399s + key_name=test-intermediate-CA-trusted-certificate-0001 399s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-GIPATm/test-intermediate-CA-trusted-certificate-0001.pem 399s ++ sed -n 's/ *commonName *= //p' 399s Test Organization Interme Token 399s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 399s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 399s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-GIPATm/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 399s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-GIPATm/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 399s ++ basename /tmp/sssd-softhsm2-GIPATm/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 399s + tokens_dir=/tmp/sssd-softhsm2-GIPATm/softhsm2-test-intermediate-CA-trusted-certificate-0001 399s + token_name='Test Organization Interme Token' 399s + '[' '!' -e /tmp/sssd-softhsm2-GIPATm/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 399s + '[' '!' -d /tmp/sssd-softhsm2-GIPATm/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 399s Test Organization Interme Token 399s + echo 'Test Organization Interme Token' 399s + '[' -n '' ']' 399s + local output_base_name=SSSD-child-5131 399s + local output_file=/tmp/sssd-softhsm2-GIPATm/SSSD-child-5131.output 399s + output_cert_file=/tmp/sssd-softhsm2-GIPATm/SSSD-child-5131.pem 399s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-GIPATm/test-full-chain-CA.pem 399s [p11_child[3236]] [main] (0x0400): p11_child started. 399s [p11_child[3236]] [main] (0x2000): Running in [pre-auth] mode. 399s [p11_child[3236]] [main] (0x2000): Running with effective IDs: [0][0]. 399s [p11_child[3236]] [main] (0x2000): Running with real IDs [0][0]. 399s [p11_child[3236]] [do_card] (0x4000): Module List: 399s [p11_child[3236]] [do_card] (0x4000): common name: [softhsm2]. 399s [p11_child[3236]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 399s [p11_child[3236]] [do_card] (0x4000): Description [SoftHSM slot ID 0x60f37d75] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 399s [p11_child[3236]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 399s [p11_child[3236]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x60f37d75][1626570101] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 399s [p11_child[3236]] [do_card] (0x4000): Login NOT required. 399s [p11_child[3236]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 399s [p11_child[3236]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 399s [p11_child[3236]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Interme Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 399s [p11_child[3236]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x60f37d75;slot-manufacturer=SoftHSM%20project;slot-id=1626570101;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=bc849410e0f37d75;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 399s [p11_child[3236]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 399s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-GIPATm/SSSD-child-5131.output 399s + echo '-----BEGIN CERTIFICATE-----' 399s + tail -n1 /tmp/sssd-softhsm2-GIPATm/SSSD-child-5131.output 399s + echo '-----END CERTIFICATE-----' 399s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-GIPATm/SSSD-child-5131.pem 399s Certificate: 399s Data: 399s Version: 3 (0x2) 399s Serial Number: 4 (0x4) 399s Signature Algorithm: sha256WithRSAEncryption 399s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 399s Validity 399s Not Before: Apr 11 17:25:10 2024 GMT 399s Not After : Apr 11 17:25:10 2025 GMT 399s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 399s Subject Public Key Info: 399s Public Key Algorithm: rsaEncryption 399s Public-Key: (1024 bit) 399s Modulus: 399s 00:ad:c2:dd:91:e8:77:50:b3:92:a9:f9:3f:57:ef: 399s c3:78:9c:cc:f7:97:7c:23:32:52:e7:7b:ed:df:1d: 399s 96:17:9e:9d:11:54:8f:f3:39:41:bd:43:2a:5b:28: 399s c9:7e:ba:61:05:d3:06:83:b7:56:bc:02:bc:51:49: 399s cb:05:76:6c:02:16:50:0f:ce:37:69:fd:10:08:e4: 399s 52:92:ef:94:00:0c:2c:76:25:46:79:95:24:9d:f0: 399s b9:81:e3:9e:24:68:ef:54:ee:58:7a:3f:bd:6f:f7: 399s a5:f6:f1:9c:70:fb:3a:5a:e7:70:7a:40:f5:b3:f2: 399s 5d:c7:32:e9:6e:b9:52:15:cb 399s Exponent: 65537 (0x10001) 399s X509v3 extensions: 399s X509v3 Authority Key Identifier: 399s C0:6E:16:26:5E:0A:9F:81:8D:10:91:DD:F3:CF:77:37:C3:E0:90:A5 399s X509v3 Basic Constraints: 399s CA:FALSE 399s Netscape Cert Type: 399s SSL Client, S/MIME 399s Netscape Comment: 399s Test Organization Intermediate CA trusted Certificate 399s X509v3 Subject Key Identifier: 399s 25:57:24:24:24:6A:91:18:F4:59:F2:86:C8:B6:7E:19:CF:49:52:70 399s X509v3 Key Usage: critical 399s Digital Signature, Non Repudiation, Key Encipherment 399s X509v3 Extended Key Usage: 399s TLS Web Client Authentication, E-mail Protection 399s X509v3 Subject Alternative Name: 399s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 399s Signature Algorithm: sha256WithRSAEncryption 399s Signature Value: 399s 37:77:a4:89:b9:60:d0:bc:84:f2:04:71:75:88:ee:16:c1:9d: 399s 00:cf:c6:65:e6:a6:ea:84:9f:33:f0:a6:31:cb:ec:0b:a3:65: 399s 24:10:6f:b8:b0:c3:b7:a3:05:7f:c0:a7:21:08:27:be:73:8d: 399s 0e:56:24:23:95:01:f7:12:82:d7:ab:d5:df:ec:a0:88:73:ec: 399s c9:63:59:8a:21:40:78:f4:57:2a:58:e3:13:22:9c:28:30:4e: 399s cf:dc:af:92:22:0b:8f:b1:17:a5:b4:ed:ff:1f:93:b4:e8:a7: 399s 9b:36:f6:b3:67:4f:3b:22:75:65:a9:31:d1:c6:26:9d:14:a9: 399s 4b:7d 399s + local found_md5 expected_md5 399s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-GIPATm/test-intermediate-CA-trusted-certificate-0001.pem 399s + expected_md5=Modulus=ADC2DD91E87750B392A9F93F57EFC3789CCCF7977C233252E77BEDDF1D96179E9D11548FF33941BD432A5B28C97EBA6105D30683B756BC02BC5149CB05766C0216500FCE3769FD1008E45292EF94000C2C7625467995249DF0B981E39E2468EF54EE587A3FBD6FF7A5F6F19C70FB3A5AE7707A40F5B3F25DC732E96EB95215CB 399s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-GIPATm/SSSD-child-5131.pem 399s + found_md5=Modulus=ADC2DD91E87750B392A9F93F57EFC3789CCCF7977C233252E77BEDDF1D96179E9D11548FF33941BD432A5B28C97EBA6105D30683B756BC02BC5149CB05766C0216500FCE3769FD1008E45292EF94000C2C7625467995249DF0B981E39E2468EF54EE587A3FBD6FF7A5F6F19C70FB3A5AE7707A40F5B3F25DC732E96EB95215CB 399s + '[' Modulus=ADC2DD91E87750B392A9F93F57EFC3789CCCF7977C233252E77BEDDF1D96179E9D11548FF33941BD432A5B28C97EBA6105D30683B756BC02BC5149CB05766C0216500FCE3769FD1008E45292EF94000C2C7625467995249DF0B981E39E2468EF54EE587A3FBD6FF7A5F6F19C70FB3A5AE7707A40F5B3F25DC732E96EB95215CB '!=' Modulus=ADC2DD91E87750B392A9F93F57EFC3789CCCF7977C233252E77BEDDF1D96179E9D11548FF33941BD432A5B28C97EBA6105D30683B756BC02BC5149CB05766C0216500FCE3769FD1008E45292EF94000C2C7625467995249DF0B981E39E2468EF54EE587A3FBD6FF7A5F6F19C70FB3A5AE7707A40F5B3F25DC732E96EB95215CB ']' 399s + output_file=/tmp/sssd-softhsm2-GIPATm/SSSD-child-5131-auth.output 399s ++ basename /tmp/sssd-softhsm2-GIPATm/SSSD-child-5131-auth.output .output 399s + output_cert_file=/tmp/sssd-softhsm2-GIPATm/SSSD-child-5131-auth.pem 399s + echo -n 053350 399s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-GIPATm/test-full-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 '' --token_name 'Test Organization Interme Token' --module_name /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so 399s [p11_child[3244]] [main] (0x0400): p11_child started. 399s [p11_child[3244]] [main] (0x2000): Running in [auth] mode. 399s [p11_child[3244]] [main] (0x2000): Running with effective IDs: [0][0]. 399s [p11_child[3244]] [main] (0x2000): Running with real IDs [0][0]. 399s [p11_child[3244]] [do_card] (0x4000): Module List: 399s [p11_child[3244]] [do_card] (0x4000): common name: [softhsm2]. 399s [p11_child[3244]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 399s [p11_child[3244]] [do_card] (0x4000): Description [SoftHSM slot ID 0x60f37d75] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 399s [p11_child[3244]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 399s [p11_child[3244]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x60f37d75][1626570101] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 399s [p11_child[3244]] [do_card] (0x4000): Login required. 399s [p11_child[3244]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 399s [p11_child[3244]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 399s [p11_child[3244]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so Test Organization Interme Token Test Organization Interme Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 399s [p11_child[3244]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x60f37d75;slot-manufacturer=SoftHSM%20project;slot-id=1626570101;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=bc849410e0f37d75;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 399s [p11_child[3244]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 399s [p11_child[3244]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 399s [p11_child[3244]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 399s [p11_child[3244]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 399s [p11_child[3244]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 399s [p11_child[3244]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 399s [p11_child[3244]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 399s [p11_child[3244]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 399s [p11_child[3244]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 399s [p11_child[3244]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 399s [p11_child[3244]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 399s [p11_child[3244]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 399s [p11_child[3244]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 399s [p11_child[3244]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 399s [p11_child[3244]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 399s [p11_child[3244]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 399s [p11_child[3244]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 399s [p11_child[3244]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 399s [p11_child[3244]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 399s [p11_child[3244]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 399s [p11_child[3244]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 399s [p11_child[3244]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 399s [p11_child[3244]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 399s [p11_child[3244]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 399s [p11_child[3244]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 399s [p11_child[3244]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 399s [p11_child[3244]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 399s [p11_child[3244]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 399s [p11_child[3244]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 399s [p11_child[3244]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 399s [p11_child[3244]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 399s [p11_child[3244]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 399s [p11_child[3244]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 399s [p11_child[3244]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 399s [p11_child[3244]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 399s [p11_child[3244]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 399s [p11_child[3244]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 399s [p11_child[3244]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 399s [p11_child[3244]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 399s [p11_child[3244]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 399s [p11_child[3244]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 399s [p11_child[3244]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 399s [p11_child[3244]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 399s [p11_child[3244]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 399s [p11_child[3244]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 399s [p11_child[3244]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 399s [p11_child[3244]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 399s [p11_child[3244]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 399s [p11_child[3244]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 399s [p11_child[3244]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 399s [p11_child[3244]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 399s [p11_child[3244]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 399s [p11_child[3244]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 399s [p11_child[3244]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 399s [p11_child[3244]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 399s [p11_child[3244]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 399s [p11_child[3244]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 399s [p11_child[3244]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 399s [p11_child[3244]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 399s [p11_child[3244]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 399s [p11_child[3244]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 399s [p11_child[3244]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 399s [p11_child[3244]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 399s [p11_child[3244]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 399s [p11_child[3244]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 399s [p11_child[3244]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 399s [p11_child[3244]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 399s [p11_child[3244]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 399s [p11_child[3244]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 399s [p11_child[3244]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 399s [p11_child[3244]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 399s [p11_child[3244]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 399s [p11_child[3244]] [do_card] (0x4000): Certificate verified and validated. 399s [p11_child[3244]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 399s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-GIPATm/SSSD-child-5131-auth.output 399s + echo '-----BEGIN CERTIFICATE-----' 399s + tail -n1 /tmp/sssd-softhsm2-GIPATm/SSSD-child-5131-auth.output 399s + echo '-----END CERTIFICATE-----' 399s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-GIPATm/SSSD-child-5131-auth.pem 399s Certificate: 399s Data: 399s Version: 3 (0x2) 399s Serial Number: 4 (0x4) 399s Signature Algorithm: sha256WithRSAEncryption 399s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 399s Validity 399s Not Before: Apr 11 17:25:10 2024 GMT 399s Not After : Apr 11 17:25:10 2025 GMT 399s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 399s Subject Public Key Info: 399s Public Key Algorithm: rsaEncryption 399s Public-Key: (1024 bit) 399s Modulus: 399s 00:ad:c2:dd:91:e8:77:50:b3:92:a9:f9:3f:57:ef: 399s c3:78:9c:cc:f7:97:7c:23:32:52:e7:7b:ed:df:1d: 399s 96:17:9e:9d:11:54:8f:f3:39:41:bd:43:2a:5b:28: 399s c9:7e:ba:61:05:d3:06:83:b7:56:bc:02:bc:51:49: 399s cb:05:76:6c:02:16:50:0f:ce:37:69:fd:10:08:e4: 399s 52:92:ef:94:00:0c:2c:76:25:46:79:95:24:9d:f0: 399s b9:81:e3:9e:24:68:ef:54:ee:58:7a:3f:bd:6f:f7: 399s a5:f6:f1:9c:70:fb:3a:5a:e7:70:7a:40:f5:b3:f2: 399s 5d:c7:32:e9:6e:b9:52:15:cb 399s Exponent: 65537 (0x10001) 399s X509v3 extensions: 399s X509v3 Authority Key Identifier: 399s C0:6E:16:26:5E:0A:9F:81:8D:10:91:DD:F3:CF:77:37:C3:E0:90:A5 399s X509v3 Basic Constraints: 399s CA:FALSE 399s Netscape Cert Type: 399s SSL Client, S/MIME 399s Netscape Comment: 399s Test Organization Intermediate CA trusted Certificate 399s X509v3 Subject Key Identifier: 399s 25:57:24:24:24:6A:91:18:F4:59:F2:86:C8:B6:7E:19:CF:49:52:70 399s X509v3 Key Usage: critical 399s Digital Signature, Non Repudiation, Key Encipherment 399s X509v3 Extended Key Usage: 399s TLS Web Client Authentication, E-mail Protection 399s X509v3 Subject Alternative Name: 399s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 399s Signature Algorithm: sha256WithRSAEncryption 399s Signature Value: 399s 37:77:a4:89:b9:60:d0:bc:84:f2:04:71:75:88:ee:16:c1:9d: 399s 00:cf:c6:65:e6:a6:ea:84:9f:33:f0:a6:31:cb:ec:0b:a3:65: 399s 24:10:6f:b8:b0:c3:b7:a3:05:7f:c0:a7:21:08:27:be:73:8d: 399s 0e:56:24:23:95:01:f7:12:82:d7:ab:d5:df:ec:a0:88:73:ec: 399s c9:63:59:8a:21:40:78:f4:57:2a:58:e3:13:22:9c:28:30:4e: 399s cf:dc:af:92:22:0b:8f:b1:17:a5:b4:ed:ff:1f:93:b4:e8:a7: 399s 9b:36:f6:b3:67:4f:3b:22:75:65:a9:31:d1:c6:26:9d:14:a9: 399s 4b:7d 399s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-GIPATm/SSSD-child-5131-auth.pem 399s + found_md5=Modulus=ADC2DD91E87750B392A9F93F57EFC3789CCCF7977C233252E77BEDDF1D96179E9D11548FF33941BD432A5B28C97EBA6105D30683B756BC02BC5149CB05766C0216500FCE3769FD1008E45292EF94000C2C7625467995249DF0B981E39E2468EF54EE587A3FBD6FF7A5F6F19C70FB3A5AE7707A40F5B3F25DC732E96EB95215CB 399s + '[' Modulus=ADC2DD91E87750B392A9F93F57EFC3789CCCF7977C233252E77BEDDF1D96179E9D11548FF33941BD432A5B28C97EBA6105D30683B756BC02BC5149CB05766C0216500FCE3769FD1008E45292EF94000C2C7625467995249DF0B981E39E2468EF54EE587A3FBD6FF7A5F6F19C70FB3A5AE7707A40F5B3F25DC732E96EB95215CB '!=' Modulus=ADC2DD91E87750B392A9F93F57EFC3789CCCF7977C233252E77BEDDF1D96179E9D11548FF33941BD432A5B28C97EBA6105D30683B756BC02BC5149CB05766C0216500FCE3769FD1008E45292EF94000C2C7625467995249DF0B981E39E2468EF54EE587A3FBD6FF7A5F6F19C70FB3A5AE7707A40F5B3F25DC732E96EB95215CB ']' 399s + valid_certificate /tmp/sssd-softhsm2-GIPATm/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-14261 /tmp/sssd-softhsm2-GIPATm/test-full-chain-CA.pem partial_chain 399s + check_certificate /tmp/sssd-softhsm2-GIPATm/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-14261 /tmp/sssd-softhsm2-GIPATm/test-full-chain-CA.pem partial_chain 399s + local certificate=/tmp/sssd-softhsm2-GIPATm/test-intermediate-CA-trusted-certificate-0001.pem 399s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-14261 399s + local key_ring=/tmp/sssd-softhsm2-GIPATm/test-full-chain-CA.pem 399s + local verify_option=partial_chain 399s + prepare_softhsm2_card /tmp/sssd-softhsm2-GIPATm/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-14261 399s + local certificate=/tmp/sssd-softhsm2-GIPATm/test-intermediate-CA-trusted-certificate-0001.pem 399s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-14261 399s + local key_cn 399s + local key_name 399s + local tokens_dir 399s + local output_cert_file 399s + token_name= 399s ++ basename /tmp/sssd-softhsm2-GIPATm/test-intermediate-CA-trusted-certificate-0001.pem .pem 399s + key_name=test-intermediate-CA-trusted-certificate-0001 399s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-GIPATm/test-intermediate-CA-trusted-certificate-0001.pem 399s ++ sed -n 's/ *commonName *= //p' 399s Test Organization Interme Token 399s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 399s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 399s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-GIPATm/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 399s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-GIPATm/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 399s ++ basename /tmp/sssd-softhsm2-GIPATm/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 399s + tokens_dir=/tmp/sssd-softhsm2-GIPATm/softhsm2-test-intermediate-CA-trusted-certificate-0001 399s + token_name='Test Organization Interme Token' 399s + '[' '!' -e /tmp/sssd-softhsm2-GIPATm/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 399s + '[' '!' -d /tmp/sssd-softhsm2-GIPATm/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 399s + echo 'Test Organization Interme Token' 399s + '[' -n partial_chain ']' 399s + local verify_arg=--verify=partial_chain 399s + local output_base_name=SSSD-child-13023 399s + local output_file=/tmp/sssd-softhsm2-GIPATm/SSSD-child-13023.output 399s + output_cert_file=/tmp/sssd-softhsm2-GIPATm/SSSD-child-13023.pem 399s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-GIPATm/test-full-chain-CA.pem 399s [p11_child[3254]] [main] (0x0400): p11_child started. 399s [p11_child[3254]] [main] (0x2000): Running in [pre-auth] mode. 399s [p11_child[3254]] [main] (0x2000): Running with effective IDs: [0][0]. 399s [p11_child[3254]] [main] (0x2000): Running with real IDs [0][0]. 399s [p11_child[3254]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 399s [p11_child[3254]] [do_card] (0x4000): Module List: 399s [p11_child[3254]] [do_card] (0x4000): common name: [softhsm2]. 399s [p11_child[3254]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 399s [p11_child[3254]] [do_card] (0x4000): Description [SoftHSM slot ID 0x60f37d75] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 399s [p11_child[3254]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 399s [p11_child[3254]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x60f37d75][1626570101] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 399s [p11_child[3254]] [do_card] (0x4000): Login NOT required. 399s [p11_child[3254]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 399s [p11_child[3254]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 399s [p11_child[3254]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Interme Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 399s [p11_child[3254]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x60f37d75;slot-manufacturer=SoftHSM%20project;slot-id=1626570101;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=bc849410e0f37d75;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 399s [p11_child[3254]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 399s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-GIPATm/SSSD-child-13023.output 399s + echo '-----BEGIN CERTIFICATE-----' 399s + tail -n1 /tmp/sssd-softhsm2-GIPATm/SSSD-child-13023.output 399s + echo '-----END CERTIFICATE-----' 399s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-GIPATm/SSSD-child-13023.pem 400s Certificate: 400s Data: 400s Version: 3 (0x2) 400s Serial Number: 4 (0x4) 400s Signature Algorithm: sha256WithRSAEncryption 400s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 400s Validity 400s Not Before: Apr 11 17:25:10 2024 GMT 400s Not After : Apr 11 17:25:10 2025 GMT 400s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 400s Subject Public Key Info: 400s Public Key Algorithm: rsaEncryption 400s Public-Key: (1024 bit) 400s Modulus: 400s 00:ad:c2:dd:91:e8:77:50:b3:92:a9:f9:3f:57:ef: 400s c3:78:9c:cc:f7:97:7c:23:32:52:e7:7b:ed:df:1d: 400s 96:17:9e:9d:11:54:8f:f3:39:41:bd:43:2a:5b:28: 400s c9:7e:ba:61:05:d3:06:83:b7:56:bc:02:bc:51:49: 400s cb:05:76:6c:02:16:50:0f:ce:37:69:fd:10:08:e4: 400s 52:92:ef:94:00:0c:2c:76:25:46:79:95:24:9d:f0: 400s b9:81:e3:9e:24:68:ef:54:ee:58:7a:3f:bd:6f:f7: 400s a5:f6:f1:9c:70:fb:3a:5a:e7:70:7a:40:f5:b3:f2: 400s 5d:c7:32:e9:6e:b9:52:15:cb 400s Exponent: 65537 (0x10001) 400s X509v3 extensions: 400s X509v3 Authority Key Identifier: 400s C0:6E:16:26:5E:0A:9F:81:8D:10:91:DD:F3:CF:77:37:C3:E0:90:A5 400s X509v3 Basic Constraints: 400s CA:FALSE 400s Netscape Cert Type: 400s SSL Client, S/MIME 400s Netscape Comment: 400s Test Organization Intermediate CA trusted Certificate 400s X509v3 Subject Key Identifier: 400s 25:57:24:24:24:6A:91:18:F4:59:F2:86:C8:B6:7E:19:CF:49:52:70 400s X509v3 Key Usage: critical 400s Digital Signature, Non Repudiation, Key Encipherment 400s X509v3 Extended Key Usage: 400s TLS Web Client Authentication, E-mail Protection 400s X509v3 Subject Alternative Name: 400s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 400s Signature Algorithm: sha256WithRSAEncryption 400s Signature Value: 400s 37:77:a4:89:b9:60:d0:bc:84:f2:04:71:75:88:ee:16:c1:9d: 400s 00:cf:c6:65:e6:a6:ea:84:9f:33:f0:a6:31:cb:ec:0b:a3:65: 400s 24:10:6f:b8:b0:c3:b7:a3:05:7f:c0:a7:21:08:27:be:73:8d: 400s 0e:56:24:23:95:01:f7:12:82:d7:ab:d5:df:ec:a0:88:73:ec: 400s c9:63:59:8a:21:40:78:f4:57:2a:58:e3:13:22:9c:28:30:4e: 400s cf:dc:af:92:22:0b:8f:b1:17:a5:b4:ed:ff:1f:93:b4:e8:a7: 400s 9b:36:f6:b3:67:4f:3b:22:75:65:a9:31:d1:c6:26:9d:14:a9: 400s 4b:7d 400s + local found_md5 expected_md5 400s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-GIPATm/test-intermediate-CA-trusted-certificate-0001.pem 400s + expected_md5=Modulus=ADC2DD91E87750B392A9F93F57EFC3789CCCF7977C233252E77BEDDF1D96179E9D11548FF33941BD432A5B28C97EBA6105D30683B756BC02BC5149CB05766C0216500FCE3769FD1008E45292EF94000C2C7625467995249DF0B981E39E2468EF54EE587A3FBD6FF7A5F6F19C70FB3A5AE7707A40F5B3F25DC732E96EB95215CB 400s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-GIPATm/SSSD-child-13023.pem 400s + found_md5=Modulus=ADC2DD91E87750B392A9F93F57EFC3789CCCF7977C233252E77BEDDF1D96179E9D11548FF33941BD432A5B28C97EBA6105D30683B756BC02BC5149CB05766C0216500FCE3769FD1008E45292EF94000C2C7625467995249DF0B981E39E2468EF54EE587A3FBD6FF7A5F6F19C70FB3A5AE7707A40F5B3F25DC732E96EB95215CB 400s + '[' Modulus=ADC2DD91E87750B392A9F93F57EFC3789CCCF7977C233252E77BEDDF1D96179E9D11548FF33941BD432A5B28C97EBA6105D30683B756BC02BC5149CB05766C0216500FCE3769FD1008E45292EF94000C2C7625467995249DF0B981E39E2468EF54EE587A3FBD6FF7A5F6F19C70FB3A5AE7707A40F5B3F25DC732E96EB95215CB '!=' Modulus=ADC2DD91E87750B392A9F93F57EFC3789CCCF7977C233252E77BEDDF1D96179E9D11548FF33941BD432A5B28C97EBA6105D30683B756BC02BC5149CB05766C0216500FCE3769FD1008E45292EF94000C2C7625467995249DF0B981E39E2468EF54EE587A3FBD6FF7A5F6F19C70FB3A5AE7707A40F5B3F25DC732E96EB95215CB ']' 400s + output_file=/tmp/sssd-softhsm2-GIPATm/SSSD-child-13023-auth.output 400s ++ basename /tmp/sssd-softhsm2-GIPATm/SSSD-child-13023-auth.output .output 400s + output_cert_file=/tmp/sssd-softhsm2-GIPATm/SSSD-child-13023-auth.pem 400s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-GIPATm/test-full-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Interme Token' --module_name /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so 400s + echo -n 053350 400s [p11_child[3262]] [main] (0x0400): p11_child started. 400s [p11_child[3262]] [main] (0x2000): Running in [auth] mode. 400s [p11_child[3262]] [main] (0x2000): Running with effective IDs: [0][0]. 400s [p11_child[3262]] [main] (0x2000): Running with real IDs [0][0]. 400s [p11_child[3262]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 400s [p11_child[3262]] [do_card] (0x4000): Module List: 400s [p11_child[3262]] [do_card] (0x4000): common name: [softhsm2]. 400s [p11_child[3262]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 400s [p11_child[3262]] [do_card] (0x4000): Description [SoftHSM slot ID 0x60f37d75] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 400s [p11_child[3262]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 400s [p11_child[3262]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x60f37d75][1626570101] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 400s [p11_child[3262]] [do_card] (0x4000): Login required. 400s [p11_child[3262]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 400s [p11_child[3262]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 400s [p11_child[3262]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so Test Organization Interme Token Test Organization Interme Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 400s [p11_child[3262]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x60f37d75;slot-manufacturer=SoftHSM%20project;slot-id=1626570101;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=bc849410e0f37d75;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 400s [p11_child[3262]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 400s [p11_child[3262]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 400s [p11_child[3262]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 400s [p11_child[3262]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 400s [p11_child[3262]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 400s [p11_child[3262]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 400s [p11_child[3262]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 400s [p11_child[3262]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 400s [p11_child[3262]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 400s [p11_child[3262]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 400s [p11_child[3262]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 400s [p11_child[3262]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 400s [p11_child[3262]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 400s [p11_child[3262]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 400s [p11_child[3262]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 400s [p11_child[3262]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 400s [p11_child[3262]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 400s [p11_child[3262]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 400s [p11_child[3262]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 400s [p11_child[3262]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 400s [p11_child[3262]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 400s [p11_child[3262]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 400s [p11_child[3262]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 400s [p11_child[3262]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 400s [p11_child[3262]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 400s [p11_child[3262]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 400s [p11_child[3262]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 400s [p11_child[3262]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 400s [p11_child[3262]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 400s [p11_child[3262]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 400s [p11_child[3262]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 400s [p11_child[3262]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 400s [p11_child[3262]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 400s [p11_child[3262]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 400s [p11_child[3262]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 400s [p11_child[3262]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 400s [p11_child[3262]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 400s [p11_child[3262]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 400s [p11_child[3262]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 400s [p11_child[3262]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 400s [p11_child[3262]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 400s [p11_child[3262]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 400s [p11_child[3262]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 400s [p11_child[3262]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 400s [p11_child[3262]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 400s [p11_child[3262]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 400s [p11_child[3262]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 400s [p11_child[3262]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 400s [p11_child[3262]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 400s [p11_child[3262]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 400s [p11_child[3262]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 400s [p11_child[3262]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 400s [p11_child[3262]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 400s [p11_child[3262]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 400s [p11_child[3262]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 400s [p11_child[3262]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 400s [p11_child[3262]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 400s [p11_child[3262]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 400s [p11_child[3262]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 400s [p11_child[3262]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 400s [p11_child[3262]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 400s [p11_child[3262]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 400s [p11_child[3262]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 400s [p11_child[3262]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 400s [p11_child[3262]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 400s [p11_child[3262]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 400s [p11_child[3262]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 400s [p11_child[3262]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 400s [p11_child[3262]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 400s [p11_child[3262]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 400s [p11_child[3262]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 400s [p11_child[3262]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 400s [p11_child[3262]] [do_card] (0x4000): Certificate verified and validated. 400s [p11_child[3262]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 400s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-GIPATm/SSSD-child-13023-auth.output 400s + echo '-----BEGIN CERTIFICATE-----' 400s + tail -n1 /tmp/sssd-softhsm2-GIPATm/SSSD-child-13023-auth.output 400s + echo '-----END CERTIFICATE-----' 400s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-GIPATm/SSSD-child-13023-auth.pem 400s Certificate: 400s Data: 400s Version: 3 (0x2) 400s Serial Number: 4 (0x4) 400s Signature Algorithm: sha256WithRSAEncryption 400s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 400s Validity 400s Not Before: Apr 11 17:25:10 2024 GMT 400s Not After : Apr 11 17:25:10 2025 GMT 400s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 400s Subject Public Key Info: 400s Public Key Algorithm: rsaEncryption 400s Public-Key: (1024 bit) 400s Modulus: 400s 00:ad:c2:dd:91:e8:77:50:b3:92:a9:f9:3f:57:ef: 400s c3:78:9c:cc:f7:97:7c:23:32:52:e7:7b:ed:df:1d: 400s 96:17:9e:9d:11:54:8f:f3:39:41:bd:43:2a:5b:28: 400s c9:7e:ba:61:05:d3:06:83:b7:56:bc:02:bc:51:49: 400s cb:05:76:6c:02:16:50:0f:ce:37:69:fd:10:08:e4: 400s 52:92:ef:94:00:0c:2c:76:25:46:79:95:24:9d:f0: 400s b9:81:e3:9e:24:68:ef:54:ee:58:7a:3f:bd:6f:f7: 400s a5:f6:f1:9c:70:fb:3a:5a:e7:70:7a:40:f5:b3:f2: 400s 5d:c7:32:e9:6e:b9:52:15:cb 400s Exponent: 65537 (0x10001) 400s X509v3 extensions: 400s X509v3 Authority Key Identifier: 400s C0:6E:16:26:5E:0A:9F:81:8D:10:91:DD:F3:CF:77:37:C3:E0:90:A5 400s X509v3 Basic Constraints: 400s CA:FALSE 400s Netscape Cert Type: 400s SSL Client, S/MIME 400s Netscape Comment: 400s Test Organization Intermediate CA trusted Certificate 400s X509v3 Subject Key Identifier: 400s 25:57:24:24:24:6A:91:18:F4:59:F2:86:C8:B6:7E:19:CF:49:52:70 400s X509v3 Key Usage: critical 400s Digital Signature, Non Repudiation, Key Encipherment 400s X509v3 Extended Key Usage: 400s TLS Web Client Authentication, E-mail Protection 400s X509v3 Subject Alternative Name: 400s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 400s Signature Algorithm: sha256WithRSAEncryption 400s Signature Value: 400s 37:77:a4:89:b9:60:d0:bc:84:f2:04:71:75:88:ee:16:c1:9d: 400s 00:cf:c6:65:e6:a6:ea:84:9f:33:f0:a6:31:cb:ec:0b:a3:65: 400s 24:10:6f:b8:b0:c3:b7:a3:05:7f:c0:a7:21:08:27:be:73:8d: 400s 0e:56:24:23:95:01:f7:12:82:d7:ab:d5:df:ec:a0:88:73:ec: 400s c9:63:59:8a:21:40:78:f4:57:2a:58:e3:13:22:9c:28:30:4e: 400s cf:dc:af:92:22:0b:8f:b1:17:a5:b4:ed:ff:1f:93:b4:e8:a7: 400s 9b:36:f6:b3:67:4f:3b:22:75:65:a9:31:d1:c6:26:9d:14:a9: 400s 4b:7d 400s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-GIPATm/SSSD-child-13023-auth.pem 400s + found_md5=Modulus=ADC2DD91E87750B392A9F93F57EFC3789CCCF7977C233252E77BEDDF1D96179E9D11548FF33941BD432A5B28C97EBA6105D30683B756BC02BC5149CB05766C0216500FCE3769FD1008E45292EF94000C2C7625467995249DF0B981E39E2468EF54EE587A3FBD6FF7A5F6F19C70FB3A5AE7707A40F5B3F25DC732E96EB95215CB 400s + '[' Modulus=ADC2DD91E87750B392A9F93F57EFC3789CCCF7977C233252E77BEDDF1D96179E9D11548FF33941BD432A5B28C97EBA6105D30683B756BC02BC5149CB05766C0216500FCE3769FD1008E45292EF94000C2C7625467995249DF0B981E39E2468EF54EE587A3FBD6FF7A5F6F19C70FB3A5AE7707A40F5B3F25DC732E96EB95215CB '!=' Modulus=ADC2DD91E87750B392A9F93F57EFC3789CCCF7977C233252E77BEDDF1D96179E9D11548FF33941BD432A5B28C97EBA6105D30683B756BC02BC5149CB05766C0216500FCE3769FD1008E45292EF94000C2C7625467995249DF0B981E39E2468EF54EE587A3FBD6FF7A5F6F19C70FB3A5AE7707A40F5B3F25DC732E96EB95215CB ']' 400s + invalid_certificate /tmp/sssd-softhsm2-GIPATm/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-14261 /tmp/sssd-softhsm2-GIPATm/test-intermediate-CA.pem 400s + check_certificate /tmp/sssd-softhsm2-GIPATm/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-14261 /tmp/sssd-softhsm2-GIPATm/test-intermediate-CA.pem 400s + local certificate=/tmp/sssd-softhsm2-GIPATm/test-intermediate-CA-trusted-certificate-0001.pem 400s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-14261 400s + local key_ring=/tmp/sssd-softhsm2-GIPATm/test-intermediate-CA.pem 400s + local verify_option= 400s + prepare_softhsm2_card /tmp/sssd-softhsm2-GIPATm/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-14261 400s + local certificate=/tmp/sssd-softhsm2-GIPATm/test-intermediate-CA-trusted-certificate-0001.pem 400s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-14261 400s + local key_cn 400s + local key_name 400s + local tokens_dir 400s + local output_cert_file 400s + token_name= 400s ++ basename /tmp/sssd-softhsm2-GIPATm/test-intermediate-CA-trusted-certificate-0001.pem .pem 400s + key_name=test-intermediate-CA-trusted-certificate-0001 400s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-GIPATm/test-intermediate-CA-trusted-certificate-0001.pem 400s ++ sed -n 's/ *commonName *= //p' 400s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 400s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 400s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-GIPATm/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 400s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-GIPATm/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 400s ++ basename /tmp/sssd-softhsm2-GIPATm/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 400s + tokens_dir=/tmp/sssd-softhsm2-GIPATm/softhsm2-test-intermediate-CA-trusted-certificate-0001 400s + token_name='Test Organization Interme Token' 400s + '[' '!' -e /tmp/sssd-softhsm2-GIPATm/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 400s + '[' '!' -d /tmp/sssd-softhsm2-GIPATm/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 400s + echo 'Test Organization Interme Token' 400s + '[' -n '' ']' 400s + local output_base_name=SSSD-child-900 400s + local output_file=/tmp/sssd-softhsm2-GIPATm/SSSD-child-900.output 400s + output_cert_file=/tmp/sssd-softhsm2-GIPATm/SSSD-child-900.pem 400s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-GIPATm/test-intermediate-CA.pem 400s Test Organization Interme Token 400s [p11_child[3272]] [main] (0x0400): p11_child started. 400s [p11_child[3272]] [main] (0x2000): Running in [pre-auth] mode. 400s [p11_child[3272]] [main] (0x2000): Running with effective IDs: [0][0]. 400s [p11_child[3272]] [main] (0x2000): Running with real IDs [0][0]. 400s [p11_child[3272]] [do_card] (0x4000): Module List: 400s [p11_child[3272]] [do_card] (0x4000): common name: [softhsm2]. 400s [p11_child[3272]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 400s [p11_child[3272]] [do_card] (0x4000): Description [SoftHSM slot ID 0x60f37d75] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 400s [p11_child[3272]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 400s [p11_child[3272]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x60f37d75][1626570101] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 400s [p11_child[3272]] [do_card] (0x4000): Login NOT required. 400s [p11_child[3272]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 400s [p11_child[3272]] [do_verification] (0x0040): X509_verify_cert failed [0]. 400s [p11_child[3272]] [do_verification] (0x0040): X509_verify_cert failed [2][unable to get issuer certificate]. 400s [p11_child[3272]] [read_certs] (0x0040): Certificate [Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] not valid, skipping. 400s [p11_child[3272]] [do_card] (0x4000): No certificate found. 400s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-GIPATm/SSSD-child-900.output 400s + return 2 400s + valid_certificate /tmp/sssd-softhsm2-GIPATm/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-14261 /tmp/sssd-softhsm2-GIPATm/test-intermediate-CA.pem partial_chain 400s + check_certificate /tmp/sssd-softhsm2-GIPATm/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-14261 /tmp/sssd-softhsm2-GIPATm/test-intermediate-CA.pem partial_chain 400s + local certificate=/tmp/sssd-softhsm2-GIPATm/test-intermediate-CA-trusted-certificate-0001.pem 400s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-14261 400s + local key_ring=/tmp/sssd-softhsm2-GIPATm/test-intermediate-CA.pem 400s + local verify_option=partial_chain 400s + prepare_softhsm2_card /tmp/sssd-softhsm2-GIPATm/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-14261 400s + local certificate=/tmp/sssd-softhsm2-GIPATm/test-intermediate-CA-trusted-certificate-0001.pem 400s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-14261 400s + local key_cn 400s + local key_name 400s + local tokens_dir 400s + local output_cert_file 400s + token_name= 400s ++ basename /tmp/sssd-softhsm2-GIPATm/test-intermediate-CA-trusted-certificate-0001.pem .pem 400s + key_name=test-intermediate-CA-trusted-certificate-0001 400s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-GIPATm/test-intermediate-CA-trusted-certificate-0001.pem 400s ++ sed -n 's/ *commonName *= //p' 400s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 400s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 400s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-GIPATm/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 400s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-GIPATm/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 400s ++ basename /tmp/sssd-softhsm2-GIPATm/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 400s + tokens_dir=/tmp/sssd-softhsm2-GIPATm/softhsm2-test-intermediate-CA-trusted-certificate-0001 400s + token_name='Test Organization Interme Token' 400s + '[' '!' -e /tmp/sssd-softhsm2-GIPATm/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 400s + '[' '!' -d /tmp/sssd-softhsm2-GIPATm/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 400s + echo 'Test Organization Interme Token' 400s + '[' -n partial_chain ']' 400s + local verify_arg=--verify=partial_chain 400s + local output_base_name=SSSD-child-4780 400s + local output_file=/tmp/sssd-softhsm2-GIPATm/SSSD-child-4780.output 400s Test Organization Interme Token 400s + output_cert_file=/tmp/sssd-softhsm2-GIPATm/SSSD-child-4780.pem 400s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-GIPATm/test-intermediate-CA.pem 400s [p11_child[3279]] [main] (0x0400): p11_child started. 400s [p11_child[3279]] [main] (0x2000): Running in [pre-auth] mode. 400s [p11_child[3279]] [main] (0x2000): Running with effective IDs: [0][0]. 400s [p11_child[3279]] [main] (0x2000): Running with real IDs [0][0]. 400s [p11_child[3279]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 400s [p11_child[3279]] [do_card] (0x4000): Module List: 400s [p11_child[3279]] [do_card] (0x4000): common name: [softhsm2]. 400s [p11_child[3279]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 400s [p11_child[3279]] [do_card] (0x4000): Description [SoftHSM slot ID 0x60f37d75] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 400s [p11_child[3279]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 400s [p11_child[3279]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x60f37d75][1626570101] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 400s [p11_child[3279]] [do_card] (0x4000): Login NOT required. 400s [p11_child[3279]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 400s [p11_child[3279]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 400s [p11_child[3279]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Interme Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 400s [p11_child[3279]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x60f37d75;slot-manufacturer=SoftHSM%20project;slot-id=1626570101;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=bc849410e0f37d75;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 400s [p11_child[3279]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 400s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-GIPATm/SSSD-child-4780.output 400s + echo '-----BEGIN CERTIFICATE-----' 400s + tail -n1 /tmp/sssd-softhsm2-GIPATm/SSSD-child-4780.output 400s + echo '-----END CERTIFICATE-----' 400s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-GIPATm/SSSD-child-4780.pem 400s Certificate: 400s Data: 400s Version: 3 (0x2) 400s Serial Number: 4 (0x4) 400s Signature Algorithm: sha256WithRSAEncryption 400s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 400s Validity 400s Not Before: Apr 11 17:25:10 2024 GMT 400s Not After : Apr 11 17:25:10 2025 GMT 400s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 400s Subject Public Key Info: 400s Public Key Algorithm: rsaEncryption 400s Public-Key: (1024 bit) 400s Modulus: 400s 00:ad:c2:dd:91:e8:77:50:b3:92:a9:f9:3f:57:ef: 400s c3:78:9c:cc:f7:97:7c:23:32:52:e7:7b:ed:df:1d: 400s 96:17:9e:9d:11:54:8f:f3:39:41:bd:43:2a:5b:28: 400s c9:7e:ba:61:05:d3:06:83:b7:56:bc:02:bc:51:49: 400s cb:05:76:6c:02:16:50:0f:ce:37:69:fd:10:08:e4: 400s 52:92:ef:94:00:0c:2c:76:25:46:79:95:24:9d:f0: 400s b9:81:e3:9e:24:68:ef:54:ee:58:7a:3f:bd:6f:f7: 400s a5:f6:f1:9c:70:fb:3a:5a:e7:70:7a:40:f5:b3:f2: 400s 5d:c7:32:e9:6e:b9:52:15:cb 400s Exponent: 65537 (0x10001) 400s X509v3 extensions: 400s X509v3 Authority Key Identifier: 400s C0:6E:16:26:5E:0A:9F:81:8D:10:91:DD:F3:CF:77:37:C3:E0:90:A5 400s X509v3 Basic Constraints: 400s CA:FALSE 400s Netscape Cert Type: 400s SSL Client, S/MIME 400s Netscape Comment: 400s Test Organization Intermediate CA trusted Certificate 400s X509v3 Subject Key Identifier: 400s 25:57:24:24:24:6A:91:18:F4:59:F2:86:C8:B6:7E:19:CF:49:52:70 400s X509v3 Key Usage: critical 400s Digital Signature, Non Repudiation, Key Encipherment 400s X509v3 Extended Key Usage: 400s TLS Web Client Authentication, E-mail Protection 400s X509v3 Subject Alternative Name: 400s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 400s Signature Algorithm: sha256WithRSAEncryption 400s Signature Value: 400s 37:77:a4:89:b9:60:d0:bc:84:f2:04:71:75:88:ee:16:c1:9d: 400s 00:cf:c6:65:e6:a6:ea:84:9f:33:f0:a6:31:cb:ec:0b:a3:65: 400s 24:10:6f:b8:b0:c3:b7:a3:05:7f:c0:a7:21:08:27:be:73:8d: 400s 0e:56:24:23:95:01:f7:12:82:d7:ab:d5:df:ec:a0:88:73:ec: 400s c9:63:59:8a:21:40:78:f4:57:2a:58:e3:13:22:9c:28:30:4e: 400s cf:dc:af:92:22:0b:8f:b1:17:a5:b4:ed:ff:1f:93:b4:e8:a7: 400s 9b:36:f6:b3:67:4f:3b:22:75:65:a9:31:d1:c6:26:9d:14:a9: 400s 4b:7d 400s + local found_md5 expected_md5 400s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-GIPATm/test-intermediate-CA-trusted-certificate-0001.pem 400s + expected_md5=Modulus=ADC2DD91E87750B392A9F93F57EFC3789CCCF7977C233252E77BEDDF1D96179E9D11548FF33941BD432A5B28C97EBA6105D30683B756BC02BC5149CB05766C0216500FCE3769FD1008E45292EF94000C2C7625467995249DF0B981E39E2468EF54EE587A3FBD6FF7A5F6F19C70FB3A5AE7707A40F5B3F25DC732E96EB95215CB 400s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-GIPATm/SSSD-child-4780.pem 400s + found_md5=Modulus=ADC2DD91E87750B392A9F93F57EFC3789CCCF7977C233252E77BEDDF1D96179E9D11548FF33941BD432A5B28C97EBA6105D30683B756BC02BC5149CB05766C0216500FCE3769FD1008E45292EF94000C2C7625467995249DF0B981E39E2468EF54EE587A3FBD6FF7A5F6F19C70FB3A5AE7707A40F5B3F25DC732E96EB95215CB 400s + '[' Modulus=ADC2DD91E87750B392A9F93F57EFC3789CCCF7977C233252E77BEDDF1D96179E9D11548FF33941BD432A5B28C97EBA6105D30683B756BC02BC5149CB05766C0216500FCE3769FD1008E45292EF94000C2C7625467995249DF0B981E39E2468EF54EE587A3FBD6FF7A5F6F19C70FB3A5AE7707A40F5B3F25DC732E96EB95215CB '!=' Modulus=ADC2DD91E87750B392A9F93F57EFC3789CCCF7977C233252E77BEDDF1D96179E9D11548FF33941BD432A5B28C97EBA6105D30683B756BC02BC5149CB05766C0216500FCE3769FD1008E45292EF94000C2C7625467995249DF0B981E39E2468EF54EE587A3FBD6FF7A5F6F19C70FB3A5AE7707A40F5B3F25DC732E96EB95215CB ']' 400s + output_file=/tmp/sssd-softhsm2-GIPATm/SSSD-child-4780-auth.output 400s ++ basename /tmp/sssd-softhsm2-GIPATm/SSSD-child-4780-auth.output .output 400s + output_cert_file=/tmp/sssd-softhsm2-GIPATm/SSSD-child-4780-auth.pem 400s + echo -n 053350 400s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-GIPATm/test-intermediate-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Interme Token' --module_name /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so 400s [p11_child[3287]] [main] (0x0400): p11_child started. 400s [p11_child[3287]] [main] (0x2000): Running in [auth] mode. 400s [p11_child[3287]] [main] (0x2000): Running with effective IDs: [0][0]. 400s [p11_child[3287]] [main] (0x2000): Running with real IDs [0][0]. 400s [p11_child[3287]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 400s [p11_child[3287]] [do_card] (0x4000): Module List: 400s [p11_child[3287]] [do_card] (0x4000): common name: [softhsm2]. 400s [p11_child[3287]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 400s [p11_child[3287]] [do_card] (0x4000): Description [SoftHSM slot ID 0x60f37d75] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 400s [p11_child[3287]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 400s [p11_child[3287]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x60f37d75][1626570101] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 400s [p11_child[3287]] [do_card] (0x4000): Login required. 400s [p11_child[3287]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 400s [p11_child[3287]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 400s [p11_child[3287]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so Test Organization Interme Token Test Organization Interme Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 400s [p11_child[3287]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x60f37d75;slot-manufacturer=SoftHSM%20project;slot-id=1626570101;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=bc849410e0f37d75;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 400s [p11_child[3287]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 400s [p11_child[3287]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 400s [p11_child[3287]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 400s [p11_child[3287]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 400s [p11_child[3287]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 400s [p11_child[3287]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 400s [p11_child[3287]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 400s [p11_child[3287]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 400s [p11_child[3287]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 400s [p11_child[3287]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 400s [p11_child[3287]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 400s [p11_child[3287]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 400s [p11_child[3287]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 400s [p11_child[3287]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 400s [p11_child[3287]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 400s [p11_child[3287]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 400s [p11_child[3287]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 400s [p11_child[3287]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 400s [p11_child[3287]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 400s [p11_child[3287]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 400s [p11_child[3287]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 400s [p11_child[3287]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 400s [p11_child[3287]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 400s [p11_child[3287]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 400s [p11_child[3287]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 400s [p11_child[3287]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 400s [p11_child[3287]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 400s [p11_child[3287]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 400s [p11_child[3287]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 400s [p11_child[3287]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 400s [p11_child[3287]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 400s [p11_child[3287]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 400s [p11_child[3287]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 400s [p11_child[3287]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 400s [p11_child[3287]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 400s [p11_child[3287]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 400s [p11_child[3287]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 400s [p11_child[3287]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 400s [p11_child[3287]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 400s [p11_child[3287]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 400s [p11_child[3287]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 400s [p11_child[3287]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 400s [p11_child[3287]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 400s [p11_child[3287]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 400s [p11_child[3287]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 400s [p11_child[3287]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 400s [p11_child[3287]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 400s [p11_child[3287]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 400s [p11_child[3287]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 400s [p11_child[3287]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 400s [p11_child[3287]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 400s [p11_child[3287]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 400s [p11_child[3287]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 400s [p11_child[3287]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 400s [p11_child[3287]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 400s [p11_child[3287]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 400s [p11_child[3287]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 400s [p11_child[3287]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 400s [p11_child[3287]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 400s [p11_child[3287]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 400s [p11_child[3287]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 400s [p11_child[3287]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 400s [p11_child[3287]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 400s [p11_child[3287]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 400s [p11_child[3287]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 400s [p11_child[3287]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 400s [p11_child[3287]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 400s [p11_child[3287]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 400s [p11_child[3287]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 400s [p11_child[3287]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 400s [p11_child[3287]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 400s [p11_child[3287]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 400s [p11_child[3287]] [do_card] (0x4000): Certificate verified and validated. 400s [p11_child[3287]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 400s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-GIPATm/SSSD-child-4780-auth.output 400s + echo '-----BEGIN CERTIFICATE-----' 400s + tail -n1 /tmp/sssd-softhsm2-GIPATm/SSSD-child-4780-auth.output 400s + echo '-----END CERTIFICATE-----' 400s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-GIPATm/SSSD-child-4780-auth.pem 400s Certificate: 400s Data: 400s Version: 3 (0x2) 400s Serial Number: 4 (0x4) 400s Signature Algorithm: sha256WithRSAEncryption 400s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 400s Validity 400s Not Before: Apr 11 17:25:10 2024 GMT 400s Not After : Apr 11 17:25:10 2025 GMT 400s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 400s Subject Public Key Info: 400s Public Key Algorithm: rsaEncryption 400s Public-Key: (1024 bit) 400s Modulus: 400s 00:ad:c2:dd:91:e8:77:50:b3:92:a9:f9:3f:57:ef: 400s c3:78:9c:cc:f7:97:7c:23:32:52:e7:7b:ed:df:1d: 400s 96:17:9e:9d:11:54:8f:f3:39:41:bd:43:2a:5b:28: 400s c9:7e:ba:61:05:d3:06:83:b7:56:bc:02:bc:51:49: 400s cb:05:76:6c:02:16:50:0f:ce:37:69:fd:10:08:e4: 400s 52:92:ef:94:00:0c:2c:76:25:46:79:95:24:9d:f0: 400s b9:81:e3:9e:24:68:ef:54:ee:58:7a:3f:bd:6f:f7: 400s a5:f6:f1:9c:70:fb:3a:5a:e7:70:7a:40:f5:b3:f2: 400s 5d:c7:32:e9:6e:b9:52:15:cb 400s Exponent: 65537 (0x10001) 400s X509v3 extensions: 400s X509v3 Authority Key Identifier: 400s C0:6E:16:26:5E:0A:9F:81:8D:10:91:DD:F3:CF:77:37:C3:E0:90:A5 400s X509v3 Basic Constraints: 400s CA:FALSE 400s Netscape Cert Type: 400s SSL Client, S/MIME 400s Netscape Comment: 400s Test Organization Intermediate CA trusted Certificate 400s X509v3 Subject Key Identifier: 400s 25:57:24:24:24:6A:91:18:F4:59:F2:86:C8:B6:7E:19:CF:49:52:70 400s X509v3 Key Usage: critical 400s Digital Signature, Non Repudiation, Key Encipherment 400s X509v3 Extended Key Usage: 400s TLS Web Client Authentication, E-mail Protection 400s X509v3 Subject Alternative Name: 400s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 400s Signature Algorithm: sha256WithRSAEncryption 400s Signature Value: 400s 37:77:a4:89:b9:60:d0:bc:84:f2:04:71:75:88:ee:16:c1:9d: 400s 00:cf:c6:65:e6:a6:ea:84:9f:33:f0:a6:31:cb:ec:0b:a3:65: 400s 24:10:6f:b8:b0:c3:b7:a3:05:7f:c0:a7:21:08:27:be:73:8d: 400s 0e:56:24:23:95:01:f7:12:82:d7:ab:d5:df:ec:a0:88:73:ec: 400s c9:63:59:8a:21:40:78:f4:57:2a:58:e3:13:22:9c:28:30:4e: 400s cf:dc:af:92:22:0b:8f:b1:17:a5:b4:ed:ff:1f:93:b4:e8:a7: 400s 9b:36:f6:b3:67:4f:3b:22:75:65:a9:31:d1:c6:26:9d:14:a9: 400s 4b:7d 400s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-GIPATm/SSSD-child-4780-auth.pem 400s + found_md5=Modulus=ADC2DD91E87750B392A9F93F57EFC3789CCCF7977C233252E77BEDDF1D96179E9D11548FF33941BD432A5B28C97EBA6105D30683B756BC02BC5149CB05766C0216500FCE3769FD1008E45292EF94000C2C7625467995249DF0B981E39E2468EF54EE587A3FBD6FF7A5F6F19C70FB3A5AE7707A40F5B3F25DC732E96EB95215CB 400s + '[' Modulus=ADC2DD91E87750B392A9F93F57EFC3789CCCF7977C233252E77BEDDF1D96179E9D11548FF33941BD432A5B28C97EBA6105D30683B756BC02BC5149CB05766C0216500FCE3769FD1008E45292EF94000C2C7625467995249DF0B981E39E2468EF54EE587A3FBD6FF7A5F6F19C70FB3A5AE7707A40F5B3F25DC732E96EB95215CB '!=' Modulus=ADC2DD91E87750B392A9F93F57EFC3789CCCF7977C233252E77BEDDF1D96179E9D11548FF33941BD432A5B28C97EBA6105D30683B756BC02BC5149CB05766C0216500FCE3769FD1008E45292EF94000C2C7625467995249DF0B981E39E2468EF54EE587A3FBD6FF7A5F6F19C70FB3A5AE7707A40F5B3F25DC732E96EB95215CB ']' 400s + invalid_certificate /tmp/sssd-softhsm2-GIPATm/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-32422 /tmp/sssd-softhsm2-GIPATm/test-root-CA.pem 400s + check_certificate /tmp/sssd-softhsm2-GIPATm/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-32422 /tmp/sssd-softhsm2-GIPATm/test-root-CA.pem 400s + local certificate=/tmp/sssd-softhsm2-GIPATm/test-sub-intermediate-CA-trusted-certificate-0001.pem 400s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-32422 400s + local key_ring=/tmp/sssd-softhsm2-GIPATm/test-root-CA.pem 400s + local verify_option= 400s + prepare_softhsm2_card /tmp/sssd-softhsm2-GIPATm/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-32422 400s + local certificate=/tmp/sssd-softhsm2-GIPATm/test-sub-intermediate-CA-trusted-certificate-0001.pem 400s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-32422 400s + local key_cn 400s + local key_name 400s + local tokens_dir 400s + local output_cert_file 400s + token_name= 400s ++ basename /tmp/sssd-softhsm2-GIPATm/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 400s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 400s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-GIPATm/test-sub-intermediate-CA-trusted-certificate-0001.pem 400s ++ sed -n 's/ *commonName *= //p' 400s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 400s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 400s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-GIPATm/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 400s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-GIPATm/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 400s ++ basename /tmp/sssd-softhsm2-GIPATm/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 400s + tokens_dir=/tmp/sssd-softhsm2-GIPATm/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 400s + token_name='Test Organization Sub Int Token' 400s + '[' '!' -e /tmp/sssd-softhsm2-GIPATm/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 400s + local key_file 400s + local decrypted_key 400s + mkdir -p /tmp/sssd-softhsm2-GIPATm/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 400s + key_file=/tmp/sssd-softhsm2-GIPATm/test-sub-intermediate-CA-trusted-certificate-0001-key.pem 400s + decrypted_key=/tmp/sssd-softhsm2-GIPATm/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 400s + cat 400s + softhsm2-util --init-token --label 'Test Organization Sub Int Token' --pin 053350 --so-pin 053350 --free 400s Slot 0 has a free/uninitialized token. 400s The token has been initialized and is reassigned to slot 1044214088 400s + softhsm2-util --show-slots 400s Available slots: 400s Slot 1044214088 400s Slot info: 400s Description: SoftHSM slot ID 0x3e3d7148 400s Manufacturer ID: SoftHSM project 400s Hardware version: 2.6 400s Firmware version: 2.6 400s Token present: yes 400s Token info: 400s Manufacturer ID: SoftHSM project 400s Model: SoftHSM v2 400s Hardware version: 2.6 400s Firmware version: 2.6 400s Serial number: 364017bb3e3d7148 400s Initialized: yes 400s User PIN init.: yes 400s Label: Test Organization Sub Int Token 400s Slot 1 400s Slot info: 400s Description: SoftHSM slot ID 0x1 400s Manufacturer ID: SoftHSM project 400s Hardware version: 2.6 400s Firmware version: 2.6 400s Token present: yes 400s Token info: 400s Manufacturer ID: SoftHSM project 400s Model: SoftHSM v2 400s Hardware version: 2.6 400s Firmware version: 2.6 400s Serial number: 400s Initialized: no 400s User PIN init.: no 400s Label: 400s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=/tmp/sssd-softhsm2-GIPATm/test-sub-intermediate-CA-trusted-certificate-0001.pem --login --set-pin=053350 --label 'Test Organization Sub Intermediate Trusted Certificate 0001' --id 00112233445566778899FFAABBCCDDEEFF012345 400s + openssl rsa -passin pass:random-sub-intermediate-ca-trusted-cert-0001-32422 -in /tmp/sssd-softhsm2-GIPATm/test-sub-intermediate-CA-trusted-certificate-0001-key.pem -out /tmp/sssd-softhsm2-GIPATm/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 400s writing RSA key 400s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --write --load-privkey=/tmp/sssd-softhsm2-GIPATm/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem --login --set-pin=053350 --label 'Test Organization Sub Intermediate Trusted Certificate 0001 Key' --id 00112233445566778899FFAABBCCDDEEFF012345 400s + rm /tmp/sssd-softhsm2-GIPATm/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 400s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --list-all 400s Object 0: 400s URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=364017bb3e3d7148;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert 400s Type: X.509 Certificate (RSA-1024) 400s Expires: Fri Apr 11 17:25:10 2025 400s Label: Test Organization Sub Intermediate Trusted Certificate 0001 400s ID: 00:11:22:33:44:55:66:77:88:99:ff:aa:bb:cc:dd:ee:ff:01:23:45 400s 400s + echo 'Test Organization Sub Int Token' 400s Test Organization Sub Int Token 400s + '[' -n '' ']' 400s + local output_base_name=SSSD-child-26903 400s + local output_file=/tmp/sssd-softhsm2-GIPATm/SSSD-child-26903.output 400s + output_cert_file=/tmp/sssd-softhsm2-GIPATm/SSSD-child-26903.pem 400s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-GIPATm/test-root-CA.pem 400s [p11_child[3306]] [main] (0x0400): p11_child started. 400s [p11_child[3306]] [main] (0x2000): Running in [pre-auth] mode. 400s [p11_child[3306]] [main] (0x2000): Running with effective IDs: [0][0]. 400s [p11_child[3306]] [main] (0x2000): Running with real IDs [0][0]. 400s [p11_child[3306]] [do_card] (0x4000): Module List: 400s [p11_child[3306]] [do_card] (0x4000): common name: [softhsm2]. 400s [p11_child[3306]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 400s [p11_child[3306]] [do_card] (0x4000): Description [SoftHSM slot ID 0x3e3d7148] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 400s [p11_child[3306]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 400s [p11_child[3306]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x3e3d7148][1044214088] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 400s [p11_child[3306]] [do_card] (0x4000): Login NOT required. 400s [p11_child[3306]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 400s [p11_child[3306]] [do_verification] (0x0040): X509_verify_cert failed [0]. 400s [p11_child[3306]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 400s [p11_child[3306]] [read_certs] (0x0040): Certificate [Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] not valid, skipping. 400s [p11_child[3306]] [do_card] (0x4000): No certificate found. 400s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-GIPATm/SSSD-child-26903.output 400s + return 2 400s + invalid_certificate /tmp/sssd-softhsm2-GIPATm/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-32422 /tmp/sssd-softhsm2-GIPATm/test-root-CA.pem partial_chain 400s + check_certificate /tmp/sssd-softhsm2-GIPATm/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-32422 /tmp/sssd-softhsm2-GIPATm/test-root-CA.pem partial_chain 400s + local certificate=/tmp/sssd-softhsm2-GIPATm/test-sub-intermediate-CA-trusted-certificate-0001.pem 400s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-32422 400s + local key_ring=/tmp/sssd-softhsm2-GIPATm/test-root-CA.pem 400s + local verify_option=partial_chain 400s + prepare_softhsm2_card /tmp/sssd-softhsm2-GIPATm/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-32422 400s + local certificate=/tmp/sssd-softhsm2-GIPATm/test-sub-intermediate-CA-trusted-certificate-0001.pem 400s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-32422 400s + local key_cn 400s + local key_name 400s + local tokens_dir 400s + local output_cert_file 400s + token_name= 400s ++ basename /tmp/sssd-softhsm2-GIPATm/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 400s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 400s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-GIPATm/test-sub-intermediate-CA-trusted-certificate-0001.pem 400s ++ sed -n 's/ *commonName *= //p' 400s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 400s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 400s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-GIPATm/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 400s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-GIPATm/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 400s ++ basename /tmp/sssd-softhsm2-GIPATm/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 400s Test Organization Sub Int Token 400s + tokens_dir=/tmp/sssd-softhsm2-GIPATm/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 400s + token_name='Test Organization Sub Int Token' 400s + '[' '!' -e /tmp/sssd-softhsm2-GIPATm/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 400s + '[' '!' -d /tmp/sssd-softhsm2-GIPATm/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 400s + echo 'Test Organization Sub Int Token' 400s + '[' -n partial_chain ']' 400s + local verify_arg=--verify=partial_chain 400s + local output_base_name=SSSD-child-10879 400s + local output_file=/tmp/sssd-softhsm2-GIPATm/SSSD-child-10879.output 400s + output_cert_file=/tmp/sssd-softhsm2-GIPATm/SSSD-child-10879.pem 400s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-GIPATm/test-root-CA.pem 400s [p11_child[3313]] [main] (0x0400): p11_child started. 400s [p11_child[3313]] [main] (0x2000): Running in [pre-auth] mode. 400s [p11_child[3313]] [main] (0x2000): Running with effective IDs: [0][0]. 400s [p11_child[3313]] [main] (0x2000): Running with real IDs [0][0]. 400s [p11_child[3313]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 400s [p11_child[3313]] [do_card] (0x4000): Module List: 400s [p11_child[3313]] [do_card] (0x4000): common name: [softhsm2]. 400s [p11_child[3313]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 400s [p11_child[3313]] [do_card] (0x4000): Description [SoftHSM slot ID 0x3e3d7148] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 400s [p11_child[3313]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 400s [p11_child[3313]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x3e3d7148][1044214088] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 400s [p11_child[3313]] [do_card] (0x4000): Login NOT required. 400s [p11_child[3313]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 400s [p11_child[3313]] [do_verification] (0x0040): X509_verify_cert failed [0]. 400s [p11_child[3313]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 400s [p11_child[3313]] [read_certs] (0x0040): Certificate [Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] not valid, skipping. 400s [p11_child[3313]] [do_card] (0x4000): No certificate found. 400s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-GIPATm/SSSD-child-10879.output 400s + return 2 400s + valid_certificate /tmp/sssd-softhsm2-GIPATm/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-32422 /tmp/sssd-softhsm2-GIPATm/test-full-chain-CA.pem 400s + check_certificate /tmp/sssd-softhsm2-GIPATm/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-32422 /tmp/sssd-softhsm2-GIPATm/test-full-chain-CA.pem 400s + local certificate=/tmp/sssd-softhsm2-GIPATm/test-sub-intermediate-CA-trusted-certificate-0001.pem 400s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-32422 400s + local key_ring=/tmp/sssd-softhsm2-GIPATm/test-full-chain-CA.pem 400s + local verify_option= 400s + prepare_softhsm2_card /tmp/sssd-softhsm2-GIPATm/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-32422 400s + local certificate=/tmp/sssd-softhsm2-GIPATm/test-sub-intermediate-CA-trusted-certificate-0001.pem 400s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-32422 400s + local key_cn 400s + local key_name 400s + local tokens_dir 400s + local output_cert_file 400s + token_name= 400s ++ basename /tmp/sssd-softhsm2-GIPATm/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 400s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 400s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-GIPATm/test-sub-intermediate-CA-trusted-certificate-0001.pem 400s ++ sed -n 's/ *commonName *= //p' 400s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 400s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 400s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-GIPATm/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 400s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-GIPATm/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 400s ++ basename /tmp/sssd-softhsm2-GIPATm/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 400s + tokens_dir=/tmp/sssd-softhsm2-GIPATm/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 400s + token_name='Test Organization Sub Int Token' 400s + '[' '!' -e /tmp/sssd-softhsm2-GIPATm/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 400s + '[' '!' -d /tmp/sssd-softhsm2-GIPATm/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 400s + echo 'Test Organization Sub Int Token' 400s + '[' -n '' ']' 400s + local output_base_name=SSSD-child-3797 400s + local output_file=/tmp/sssd-softhsm2-GIPATm/SSSD-child-3797.output 400s + output_cert_file=/tmp/sssd-softhsm2-GIPATm/SSSD-child-3797.pem 400s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-GIPATm/test-full-chain-CA.pem 400s Test Organization Sub Int Token 400s [p11_child[3320]] [main] (0x0400): p11_child started. 400s [p11_child[3320]] [main] (0x2000): Running in [pre-auth] mode. 400s [p11_child[3320]] [main] (0x2000): Running with effective IDs: [0][0]. 400s [p11_child[3320]] [main] (0x2000): Running with real IDs [0][0]. 400s [p11_child[3320]] [do_card] (0x4000): Module List: 400s [p11_child[3320]] [do_card] (0x4000): common name: [softhsm2]. 400s [p11_child[3320]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 400s [p11_child[3320]] [do_card] (0x4000): Description [SoftHSM slot ID 0x3e3d7148] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 400s [p11_child[3320]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 400s [p11_child[3320]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x3e3d7148][1044214088] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 400s [p11_child[3320]] [do_card] (0x4000): Login NOT required. 400s [p11_child[3320]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 400s [p11_child[3320]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 400s [p11_child[3320]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Sub Int Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 400s [p11_child[3320]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x3e3d7148;slot-manufacturer=SoftHSM%20project;slot-id=1044214088;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=364017bb3e3d7148;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 400s [p11_child[3320]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 400s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-GIPATm/SSSD-child-3797.output 400s + echo '-----BEGIN CERTIFICATE-----' 400s + tail -n1 /tmp/sssd-softhsm2-GIPATm/SSSD-child-3797.output 400s + echo '-----END CERTIFICATE-----' 400s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-GIPATm/SSSD-child-3797.pem 400s + local found_md5 expected_md5 400s Certificate: 400s Data: 400s Version: 3 (0x2) 400s Serial Number: 5 (0x5) 400s Signature Algorithm: sha256WithRSAEncryption 400s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 400s Validity 400s Not Before: Apr 11 17:25:10 2024 GMT 400s Not After : Apr 11 17:25:10 2025 GMT 400s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 400s Subject Public Key Info: 400s Public Key Algorithm: rsaEncryption 400s Public-Key: (1024 bit) 400s Modulus: 400s 00:b2:14:1e:ce:b5:c9:c1:08:3f:30:e5:b9:8d:85: 400s 67:53:2a:cb:86:1e:1b:44:91:b7:28:1b:b8:b5:8d: 400s fb:4a:4b:e9:9a:46:aa:91:ce:ae:98:6a:3a:88:62: 400s bd:40:de:3f:cf:c6:7f:fb:b6:72:47:81:73:33:da: 400s ac:f4:04:d6:91:30:43:07:bd:51:48:6a:8b:38:03: 400s 70:35:9e:bf:52:73:ea:3e:11:16:ce:28:dc:d7:86: 400s 0d:50:23:bd:33:2a:f4:da:82:bc:92:0b:e7:f1:f4: 400s 6a:f9:ac:13:b4:cf:16:c0:f9:bd:d3:9d:f0:d4:3b: 400s ab:4b:d0:f9:e2:e1:58:13:1b 400s Exponent: 65537 (0x10001) 400s X509v3 extensions: 400s X509v3 Authority Key Identifier: 400s 9F:5F:EE:22:27:F1:E0:CC:F0:40:7A:8A:61:7C:94:A1:D1:A9:95:95 400s X509v3 Basic Constraints: 400s CA:FALSE 400s Netscape Cert Type: 400s SSL Client, S/MIME 400s Netscape Comment: 400s Test Organization Sub Intermediate CA trusted Certificate 400s X509v3 Subject Key Identifier: 400s 9E:AB:9B:5B:E2:70:65:77:DD:59:69:91:52:3D:C5:87:B2:69:47:47 400s X509v3 Key Usage: critical 400s Digital Signature, Non Repudiation, Key Encipherment 400s X509v3 Extended Key Usage: 400s TLS Web Client Authentication, E-mail Protection 400s X509v3 Subject Alternative Name: 400s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 400s Signature Algorithm: sha256WithRSAEncryption 400s Signature Value: 400s 13:78:87:a0:25:5f:f8:b9:61:ae:63:58:25:5f:26:a5:97:c1: 400s da:25:23:b7:91:4d:fd:cb:7a:46:e8:f9:90:ac:5d:13:58:9e: 400s d0:c7:23:3a:d2:4a:dd:40:1f:66:50:1c:a2:dd:cc:f2:8b:1e: 400s 11:1b:c8:7f:54:8e:01:e8:e0:93:02:eb:27:a8:fd:5a:ee:88: 400s 45:f6:ce:1a:4e:57:a2:3b:b2:38:8b:04:53:98:c4:3a:a3:a3: 400s 5c:bc:bb:e8:42:a4:14:fc:00:44:06:28:28:03:ae:09:16:00: 400s 31:fa:b0:64:66:d4:22:93:8e:94:a0:3d:91:d0:88:e3:e3:b9: 400s 7a:bd 400s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-GIPATm/test-sub-intermediate-CA-trusted-certificate-0001.pem 400s + expected_md5=Modulus=B2141ECEB5C9C1083F30E5B98D8567532ACB861E1B4491B7281BB8B58DFB4A4BE99A46AA91CEAE986A3A8862BD40DE3FCFC67FFBB67247817333DAACF404D691304307BD51486A8B380370359EBF5273EA3E1116CE28DCD7860D5023BD332AF4DA82BC920BE7F1F46AF9AC13B4CF16C0F9BDD39DF0D43BAB4BD0F9E2E158131B 400s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-GIPATm/SSSD-child-3797.pem 400s + found_md5=Modulus=B2141ECEB5C9C1083F30E5B98D8567532ACB861E1B4491B7281BB8B58DFB4A4BE99A46AA91CEAE986A3A8862BD40DE3FCFC67FFBB67247817333DAACF404D691304307BD51486A8B380370359EBF5273EA3E1116CE28DCD7860D5023BD332AF4DA82BC920BE7F1F46AF9AC13B4CF16C0F9BDD39DF0D43BAB4BD0F9E2E158131B 400s + '[' Modulus=B2141ECEB5C9C1083F30E5B98D8567532ACB861E1B4491B7281BB8B58DFB4A4BE99A46AA91CEAE986A3A8862BD40DE3FCFC67FFBB67247817333DAACF404D691304307BD51486A8B380370359EBF5273EA3E1116CE28DCD7860D5023BD332AF4DA82BC920BE7F1F46AF9AC13B4CF16C0F9BDD39DF0D43BAB4BD0F9E2E158131B '!=' Modulus=B2141ECEB5C9C1083F30E5B98D8567532ACB861E1B4491B7281BB8B58DFB4A4BE99A46AA91CEAE986A3A8862BD40DE3FCFC67FFBB67247817333DAACF404D691304307BD51486A8B380370359EBF5273EA3E1116CE28DCD7860D5023BD332AF4DA82BC920BE7F1F46AF9AC13B4CF16C0F9BDD39DF0D43BAB4BD0F9E2E158131B ']' 400s + output_file=/tmp/sssd-softhsm2-GIPATm/SSSD-child-3797-auth.output 400s ++ basename /tmp/sssd-softhsm2-GIPATm/SSSD-child-3797-auth.output .output 400s + output_cert_file=/tmp/sssd-softhsm2-GIPATm/SSSD-child-3797-auth.pem 400s + echo -n 053350 400s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-GIPATm/test-full-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 '' --token_name 'Test Organization Sub Int Token' --module_name /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so 400s [p11_child[3328]] [main] (0x0400): p11_child started. 400s [p11_child[3328]] [main] (0x2000): Running in [auth] mode. 400s [p11_child[3328]] [main] (0x2000): Running with effective IDs: [0][0]. 400s [p11_child[3328]] [main] (0x2000): Running with real IDs [0][0]. 400s [p11_child[3328]] [do_card] (0x4000): Module List: 400s [p11_child[3328]] [do_card] (0x4000): common name: [softhsm2]. 400s [p11_child[3328]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 400s [p11_child[3328]] [do_card] (0x4000): Description [SoftHSM slot ID 0x3e3d7148] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 400s [p11_child[3328]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 400s [p11_child[3328]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x3e3d7148][1044214088] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 400s [p11_child[3328]] [do_card] (0x4000): Login required. 400s [p11_child[3328]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 400s [p11_child[3328]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 400s [p11_child[3328]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so Test Organization Sub Int Token Test Organization Sub Int Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 400s [p11_child[3328]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x3e3d7148;slot-manufacturer=SoftHSM%20project;slot-id=1044214088;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=364017bb3e3d7148;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 400s [p11_child[3328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 400s [p11_child[3328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 400s [p11_child[3328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 400s [p11_child[3328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 400s [p11_child[3328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 400s [p11_child[3328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 400s [p11_child[3328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 400s [p11_child[3328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 400s [p11_child[3328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 400s [p11_child[3328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 400s [p11_child[3328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 400s [p11_child[3328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 400s [p11_child[3328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 400s [p11_child[3328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 400s [p11_child[3328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 400s [p11_child[3328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 400s [p11_child[3328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 400s [p11_child[3328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 400s [p11_child[3328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 400s [p11_child[3328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 400s [p11_child[3328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 400s [p11_child[3328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 400s [p11_child[3328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 400s [p11_child[3328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 400s [p11_child[3328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 400s [p11_child[3328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 400s [p11_child[3328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 400s [p11_child[3328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 400s [p11_child[3328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 400s [p11_child[3328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 400s [p11_child[3328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 400s [p11_child[3328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 400s [p11_child[3328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 400s [p11_child[3328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 400s [p11_child[3328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 400s [p11_child[3328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 400s [p11_child[3328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 400s [p11_child[3328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 400s [p11_child[3328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 400s [p11_child[3328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 400s [p11_child[3328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 400s [p11_child[3328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 400s [p11_child[3328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 400s [p11_child[3328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 400s [p11_child[3328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 400s [p11_child[3328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 400s [p11_child[3328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 400s [p11_child[3328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 400s [p11_child[3328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 400s [p11_child[3328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 400s [p11_child[3328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 400s [p11_child[3328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 400s [p11_child[3328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 400s [p11_child[3328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 400s [p11_child[3328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 400s [p11_child[3328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 400s [p11_child[3328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 400s [p11_child[3328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 400s [p11_child[3328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 400s [p11_child[3328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 400s [p11_child[3328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 400s [p11_child[3328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 400s [p11_child[3328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 400s [p11_child[3328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 400s [p11_child[3328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 400s [p11_child[3328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 400s [p11_child[3328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 400s [p11_child[3328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 400s [p11_child[3328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 400s [p11_child[3328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 400s [p11_child[3328]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 400s [p11_child[3328]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 400s [p11_child[3328]] [do_card] (0x4000): Certificate verified and validated. 400s [p11_child[3328]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 400s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-GIPATm/SSSD-child-3797-auth.output 400s + echo '-----BEGIN CERTIFICATE-----' 400s + tail -n1 /tmp/sssd-softhsm2-GIPATm/SSSD-child-3797-auth.output 400s + echo '-----END CERTIFICATE-----' 400s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-GIPATm/SSSD-child-3797-auth.pem 400s Certificate: 400s Data: 400s Version: 3 (0x2) 400s Serial Number: 5 (0x5) 400s Signature Algorithm: sha256WithRSAEncryption 400s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 400s Validity 400s Not Before: Apr 11 17:25:10 2024 GMT 400s Not After : Apr 11 17:25:10 2025 GMT 400s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 400s Subject Public Key Info: 400s Public Key Algorithm: rsaEncryption 400s Public-Key: (1024 bit) 400s Modulus: 400s 00:b2:14:1e:ce:b5:c9:c1:08:3f:30:e5:b9:8d:85: 400s 67:53:2a:cb:86:1e:1b:44:91:b7:28:1b:b8:b5:8d: 400s fb:4a:4b:e9:9a:46:aa:91:ce:ae:98:6a:3a:88:62: 400s bd:40:de:3f:cf:c6:7f:fb:b6:72:47:81:73:33:da: 400s ac:f4:04:d6:91:30:43:07:bd:51:48:6a:8b:38:03: 400s 70:35:9e:bf:52:73:ea:3e:11:16:ce:28:dc:d7:86: 400s 0d:50:23:bd:33:2a:f4:da:82:bc:92:0b:e7:f1:f4: 400s 6a:f9:ac:13:b4:cf:16:c0:f9:bd:d3:9d:f0:d4:3b: 400s ab:4b:d0:f9:e2:e1:58:13:1b 400s Exponent: 65537 (0x10001) 400s X509v3 extensions: 400s X509v3 Authority Key Identifier: 400s 9F:5F:EE:22:27:F1:E0:CC:F0:40:7A:8A:61:7C:94:A1:D1:A9:95:95 400s X509v3 Basic Constraints: 400s CA:FALSE 400s Netscape Cert Type: 400s SSL Client, S/MIME 400s Netscape Comment: 400s Test Organization Sub Intermediate CA trusted Certificate 400s X509v3 Subject Key Identifier: 400s 9E:AB:9B:5B:E2:70:65:77:DD:59:69:91:52:3D:C5:87:B2:69:47:47 400s X509v3 Key Usage: critical 400s Digital Signature, Non Repudiation, Key Encipherment 400s X509v3 Extended Key Usage: 400s TLS Web Client Authentication, E-mail Protection 400s X509v3 Subject Alternative Name: 400s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 400s Signature Algorithm: sha256WithRSAEncryption 400s Signature Value: 400s 13:78:87:a0:25:5f:f8:b9:61:ae:63:58:25:5f:26:a5:97:c1: 400s da:25:23:b7:91:4d:fd:cb:7a:46:e8:f9:90:ac:5d:13:58:9e: 400s d0:c7:23:3a:d2:4a:dd:40:1f:66:50:1c:a2:dd:cc:f2:8b:1e: 400s 11:1b:c8:7f:54:8e:01:e8:e0:93:02:eb:27:a8:fd:5a:ee:88: 400s 45:f6:ce:1a:4e:57:a2:3b:b2:38:8b:04:53:98:c4:3a:a3:a3: 400s 5c:bc:bb:e8:42:a4:14:fc:00:44:06:28:28:03:ae:09:16:00: 400s 31:fa:b0:64:66:d4:22:93:8e:94:a0:3d:91:d0:88:e3:e3:b9: 400s 7a:bd 400s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-GIPATm/SSSD-child-3797-auth.pem 400s + found_md5=Modulus=B2141ECEB5C9C1083F30E5B98D8567532ACB861E1B4491B7281BB8B58DFB4A4BE99A46AA91CEAE986A3A8862BD40DE3FCFC67FFBB67247817333DAACF404D691304307BD51486A8B380370359EBF5273EA3E1116CE28DCD7860D5023BD332AF4DA82BC920BE7F1F46AF9AC13B4CF16C0F9BDD39DF0D43BAB4BD0F9E2E158131B 400s + '[' Modulus=B2141ECEB5C9C1083F30E5B98D8567532ACB861E1B4491B7281BB8B58DFB4A4BE99A46AA91CEAE986A3A8862BD40DE3FCFC67FFBB67247817333DAACF404D691304307BD51486A8B380370359EBF5273EA3E1116CE28DCD7860D5023BD332AF4DA82BC920BE7F1F46AF9AC13B4CF16C0F9BDD39DF0D43BAB4BD0F9E2E158131B '!=' Modulus=B2141ECEB5C9C1083F30E5B98D8567532ACB861E1B4491B7281BB8B58DFB4A4BE99A46AA91CEAE986A3A8862BD40DE3FCFC67FFBB67247817333DAACF404D691304307BD51486A8B380370359EBF5273EA3E1116CE28DCD7860D5023BD332AF4DA82BC920BE7F1F46AF9AC13B4CF16C0F9BDD39DF0D43BAB4BD0F9E2E158131B ']' 400s + valid_certificate /tmp/sssd-softhsm2-GIPATm/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-32422 /tmp/sssd-softhsm2-GIPATm/test-full-chain-CA.pem partial_chain 400s + check_certificate /tmp/sssd-softhsm2-GIPATm/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-32422 /tmp/sssd-softhsm2-GIPATm/test-full-chain-CA.pem partial_chain 400s + local certificate=/tmp/sssd-softhsm2-GIPATm/test-sub-intermediate-CA-trusted-certificate-0001.pem 400s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-32422 400s + local key_ring=/tmp/sssd-softhsm2-GIPATm/test-full-chain-CA.pem 400s + local verify_option=partial_chain 400s + prepare_softhsm2_card /tmp/sssd-softhsm2-GIPATm/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-32422 400s + local certificate=/tmp/sssd-softhsm2-GIPATm/test-sub-intermediate-CA-trusted-certificate-0001.pem 400s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-32422 400s + local key_cn 400s + local key_name 400s + local tokens_dir 400s + local output_cert_file 400s + token_name= 400s ++ basename /tmp/sssd-softhsm2-GIPATm/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 400s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 400s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-GIPATm/test-sub-intermediate-CA-trusted-certificate-0001.pem 400s ++ sed -n 's/ *commonName *= //p' 400s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 400s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 400s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-GIPATm/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 400s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-GIPATm/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 400s ++ basename /tmp/sssd-softhsm2-GIPATm/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 400s Test Organization Sub Int Token 400s + tokens_dir=/tmp/sssd-softhsm2-GIPATm/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 400s + token_name='Test Organization Sub Int Token' 400s + '[' '!' -e /tmp/sssd-softhsm2-GIPATm/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 400s + '[' '!' -d /tmp/sssd-softhsm2-GIPATm/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 400s + echo 'Test Organization Sub Int Token' 400s + '[' -n partial_chain ']' 400s + local verify_arg=--verify=partial_chain 400s + local output_base_name=SSSD-child-1873 400s + local output_file=/tmp/sssd-softhsm2-GIPATm/SSSD-child-1873.output 400s + output_cert_file=/tmp/sssd-softhsm2-GIPATm/SSSD-child-1873.pem 400s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-GIPATm/test-full-chain-CA.pem 400s [p11_child[3338]] [main] (0x0400): p11_child started. 400s [p11_child[3338]] [main] (0x2000): Running in [pre-auth] mode. 400s [p11_child[3338]] [main] (0x2000): Running with effective IDs: [0][0]. 400s [p11_child[3338]] [main] (0x2000): Running with real IDs [0][0]. 400s [p11_child[3338]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 400s [p11_child[3338]] [do_card] (0x4000): Module List: 400s [p11_child[3338]] [do_card] (0x4000): common name: [softhsm2]. 400s [p11_child[3338]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 400s [p11_child[3338]] [do_card] (0x4000): Description [SoftHSM slot ID 0x3e3d7148] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 400s [p11_child[3338]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 400s [p11_child[3338]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x3e3d7148][1044214088] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 400s [p11_child[3338]] [do_card] (0x4000): Login NOT required. 400s [p11_child[3338]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 400s [p11_child[3338]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 400s [p11_child[3338]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Sub Int Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 400s [p11_child[3338]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x3e3d7148;slot-manufacturer=SoftHSM%20project;slot-id=1044214088;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=364017bb3e3d7148;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 400s [p11_child[3338]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 400s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-GIPATm/SSSD-child-1873.output 400s + echo '-----BEGIN CERTIFICATE-----' 400s + tail -n1 /tmp/sssd-softhsm2-GIPATm/SSSD-child-1873.output 400s + echo '-----END CERTIFICATE-----' 400s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-GIPATm/SSSD-child-1873.pem 400s Certificate: 400s Data: 400s Version: 3 (0x2) 400s Serial Number: 5 (0x5) 400s Signature Algorithm: sha256WithRSAEncryption 400s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 400s Validity 400s Not Before: Apr 11 17:25:10 2024 GMT 400s Not After : Apr 11 17:25:10 2025 GMT 400s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 400s Subject Public Key Info: 400s Public Key Algorithm: rsaEncryption 400s Public-Key: (1024 bit) 400s Modulus: 400s 00:b2:14:1e:ce:b5:c9:c1:08:3f:30:e5:b9:8d:85: 400s 67:53:2a:cb:86:1e:1b:44:91:b7:28:1b:b8:b5:8d: 400s fb:4a:4b:e9:9a:46:aa:91:ce:ae:98:6a:3a:88:62: 400s bd:40:de:3f:cf:c6:7f:fb:b6:72:47:81:73:33:da: 400s ac:f4:04:d6:91:30:43:07:bd:51:48:6a:8b:38:03: 400s 70:35:9e:bf:52:73:ea:3e:11:16:ce:28:dc:d7:86: 400s 0d:50:23:bd:33:2a:f4:da:82:bc:92:0b:e7:f1:f4: 400s 6a:f9:ac:13:b4:cf:16:c0:f9:bd:d3:9d:f0:d4:3b: 400s ab:4b:d0:f9:e2:e1:58:13:1b 400s Exponent: 65537 (0x10001) 400s X509v3 extensions: 400s X509v3 Authority Key Identifier: 400s 9F:5F:EE:22:27:F1:E0:CC:F0:40:7A:8A:61:7C:94:A1:D1:A9:95:95 400s X509v3 Basic Constraints: 400s CA:FALSE 400s Netscape Cert Type: 400s SSL Client, S/MIME 400s Netscape Comment: 400s Test Organization Sub Intermediate CA trusted Certificate 400s X509v3 Subject Key Identifier: 400s 9E:AB:9B:5B:E2:70:65:77:DD:59:69:91:52:3D:C5:87:B2:69:47:47 400s X509v3 Key Usage: critical 400s Digital Signature, Non Repudiation, Key Encipherment 400s X509v3 Extended Key Usage: 400s TLS Web Client Authentication, E-mail Protection 400s X509v3 Subject Alternative Name: 400s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 400s Signature Algorithm: sha256WithRSAEncryption 400s Signature Value: 400s 13:78:87:a0:25:5f:f8:b9:61:ae:63:58:25:5f:26:a5:97:c1: 400s da:25:23:b7:91:4d:fd:cb:7a:46:e8:f9:90:ac:5d:13:58:9e: 400s d0:c7:23:3a:d2:4a:dd:40:1f:66:50:1c:a2:dd:cc:f2:8b:1e: 400s 11:1b:c8:7f:54:8e:01:e8:e0:93:02:eb:27:a8:fd:5a:ee:88: 400s 45:f6:ce:1a:4e:57:a2:3b:b2:38:8b:04:53:98:c4:3a:a3:a3: 400s 5c:bc:bb:e8:42:a4:14:fc:00:44:06:28:28:03:ae:09:16:00: 400s 31:fa:b0:64:66:d4:22:93:8e:94:a0:3d:91:d0:88:e3:e3:b9: 400s 7a:bd 400s + local found_md5 expected_md5 400s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-GIPATm/test-sub-intermediate-CA-trusted-certificate-0001.pem 400s + expected_md5=Modulus=B2141ECEB5C9C1083F30E5B98D8567532ACB861E1B4491B7281BB8B58DFB4A4BE99A46AA91CEAE986A3A8862BD40DE3FCFC67FFBB67247817333DAACF404D691304307BD51486A8B380370359EBF5273EA3E1116CE28DCD7860D5023BD332AF4DA82BC920BE7F1F46AF9AC13B4CF16C0F9BDD39DF0D43BAB4BD0F9E2E158131B 400s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-GIPATm/SSSD-child-1873.pem 401s + found_md5=Modulus=B2141ECEB5C9C1083F30E5B98D8567532ACB861E1B4491B7281BB8B58DFB4A4BE99A46AA91CEAE986A3A8862BD40DE3FCFC67FFBB67247817333DAACF404D691304307BD51486A8B380370359EBF5273EA3E1116CE28DCD7860D5023BD332AF4DA82BC920BE7F1F46AF9AC13B4CF16C0F9BDD39DF0D43BAB4BD0F9E2E158131B 401s + '[' Modulus=B2141ECEB5C9C1083F30E5B98D8567532ACB861E1B4491B7281BB8B58DFB4A4BE99A46AA91CEAE986A3A8862BD40DE3FCFC67FFBB67247817333DAACF404D691304307BD51486A8B380370359EBF5273EA3E1116CE28DCD7860D5023BD332AF4DA82BC920BE7F1F46AF9AC13B4CF16C0F9BDD39DF0D43BAB4BD0F9E2E158131B '!=' Modulus=B2141ECEB5C9C1083F30E5B98D8567532ACB861E1B4491B7281BB8B58DFB4A4BE99A46AA91CEAE986A3A8862BD40DE3FCFC67FFBB67247817333DAACF404D691304307BD51486A8B380370359EBF5273EA3E1116CE28DCD7860D5023BD332AF4DA82BC920BE7F1F46AF9AC13B4CF16C0F9BDD39DF0D43BAB4BD0F9E2E158131B ']' 401s + output_file=/tmp/sssd-softhsm2-GIPATm/SSSD-child-1873-auth.output 401s ++ basename /tmp/sssd-softhsm2-GIPATm/SSSD-child-1873-auth.output .output 401s + output_cert_file=/tmp/sssd-softhsm2-GIPATm/SSSD-child-1873-auth.pem 401s + echo -n 053350 401s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-GIPATm/test-full-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Sub Int Token' --module_name /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so 401s [p11_child[3346]] [main] (0x0400): p11_child started. 401s [p11_child[3346]] [main] (0x2000): Running in [auth] mode. 401s [p11_child[3346]] [main] (0x2000): Running with effective IDs: [0][0]. 401s [p11_child[3346]] [main] (0x2000): Running with real IDs [0][0]. 401s [p11_child[3346]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 401s [p11_child[3346]] [do_card] (0x4000): Module List: 401s [p11_child[3346]] [do_card] (0x4000): common name: [softhsm2]. 401s [p11_child[3346]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 401s [p11_child[3346]] [do_card] (0x4000): Description [SoftHSM slot ID 0x3e3d7148] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 401s [p11_child[3346]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 401s [p11_child[3346]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x3e3d7148][1044214088] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 401s [p11_child[3346]] [do_card] (0x4000): Login required. 401s [p11_child[3346]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 401s [p11_child[3346]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 401s [p11_child[3346]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so Test Organization Sub Int Token Test Organization Sub Int Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 401s [p11_child[3346]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x3e3d7148;slot-manufacturer=SoftHSM%20project;slot-id=1044214088;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=364017bb3e3d7148;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 401s [p11_child[3346]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 401s [p11_child[3346]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 401s [p11_child[3346]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 401s [p11_child[3346]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 401s [p11_child[3346]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 401s [p11_child[3346]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 401s [p11_child[3346]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 401s [p11_child[3346]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 401s [p11_child[3346]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 401s [p11_child[3346]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 401s [p11_child[3346]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 401s [p11_child[3346]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 401s [p11_child[3346]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 401s [p11_child[3346]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 401s [p11_child[3346]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 401s [p11_child[3346]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 401s [p11_child[3346]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 401s [p11_child[3346]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 401s [p11_child[3346]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 401s [p11_child[3346]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 401s [p11_child[3346]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 401s [p11_child[3346]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 401s [p11_child[3346]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 401s [p11_child[3346]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 401s [p11_child[3346]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 401s [p11_child[3346]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 401s [p11_child[3346]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 401s [p11_child[3346]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 401s [p11_child[3346]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 401s [p11_child[3346]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 401s [p11_child[3346]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 401s [p11_child[3346]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 401s [p11_child[3346]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 401s [p11_child[3346]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 401s [p11_child[3346]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 401s [p11_child[3346]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 401s [p11_child[3346]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 401s [p11_child[3346]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 401s [p11_child[3346]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 401s [p11_child[3346]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 401s [p11_child[3346]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 401s [p11_child[3346]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 401s [p11_child[3346]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 401s [p11_child[3346]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 401s [p11_child[3346]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 401s [p11_child[3346]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 401s [p11_child[3346]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 401s [p11_child[3346]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 401s [p11_child[3346]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 401s [p11_child[3346]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 401s [p11_child[3346]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 401s [p11_child[3346]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 401s [p11_child[3346]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 401s [p11_child[3346]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 401s [p11_child[3346]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 401s [p11_child[3346]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 401s [p11_child[3346]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 401s [p11_child[3346]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 401s [p11_child[3346]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 401s [p11_child[3346]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 401s [p11_child[3346]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 401s [p11_child[3346]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 401s [p11_child[3346]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 401s [p11_child[3346]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 401s [p11_child[3346]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 401s [p11_child[3346]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 401s [p11_child[3346]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 401s [p11_child[3346]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 401s [p11_child[3346]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 401s [p11_child[3346]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 401s [p11_child[3346]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 401s [p11_child[3346]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 401s [p11_child[3346]] [do_card] (0x4000): Certificate verified and validated. 401s [p11_child[3346]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 401s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-GIPATm/SSSD-child-1873-auth.output 401s + echo '-----BEGIN CERTIFICATE-----' 401s + tail -n1 /tmp/sssd-softhsm2-GIPATm/SSSD-child-1873-auth.output 401s + echo '-----END CERTIFICATE-----' 401s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-GIPATm/SSSD-child-1873-auth.pem 401s Certificate: 401s Data: 401s Version: 3 (0x2) 401s Serial Number: 5 (0x5) 401s Signature Algorithm: sha256WithRSAEncryption 401s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 401s Validity 401s Not Before: Apr 11 17:25:10 2024 GMT 401s Not After : Apr 11 17:25:10 2025 GMT 401s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 401s Subject Public Key Info: 401s Public Key Algorithm: rsaEncryption 401s Public-Key: (1024 bit) 401s Modulus: 401s 00:b2:14:1e:ce:b5:c9:c1:08:3f:30:e5:b9:8d:85: 401s 67:53:2a:cb:86:1e:1b:44:91:b7:28:1b:b8:b5:8d: 401s fb:4a:4b:e9:9a:46:aa:91:ce:ae:98:6a:3a:88:62: 401s bd:40:de:3f:cf:c6:7f:fb:b6:72:47:81:73:33:da: 401s ac:f4:04:d6:91:30:43:07:bd:51:48:6a:8b:38:03: 401s 70:35:9e:bf:52:73:ea:3e:11:16:ce:28:dc:d7:86: 401s 0d:50:23:bd:33:2a:f4:da:82:bc:92:0b:e7:f1:f4: 401s 6a:f9:ac:13:b4:cf:16:c0:f9:bd:d3:9d:f0:d4:3b: 401s ab:4b:d0:f9:e2:e1:58:13:1b 401s Exponent: 65537 (0x10001) 401s X509v3 extensions: 401s X509v3 Authority Key Identifier: 401s 9F:5F:EE:22:27:F1:E0:CC:F0:40:7A:8A:61:7C:94:A1:D1:A9:95:95 401s X509v3 Basic Constraints: 401s CA:FALSE 401s Netscape Cert Type: 401s SSL Client, S/MIME 401s Netscape Comment: 401s Test Organization Sub Intermediate CA trusted Certificate 401s X509v3 Subject Key Identifier: 401s 9E:AB:9B:5B:E2:70:65:77:DD:59:69:91:52:3D:C5:87:B2:69:47:47 401s X509v3 Key Usage: critical 401s Digital Signature, Non Repudiation, Key Encipherment 401s X509v3 Extended Key Usage: 401s TLS Web Client Authentication, E-mail Protection 401s X509v3 Subject Alternative Name: 401s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 401s Signature Algorithm: sha256WithRSAEncryption 401s Signature Value: 401s 13:78:87:a0:25:5f:f8:b9:61:ae:63:58:25:5f:26:a5:97:c1: 401s da:25:23:b7:91:4d:fd:cb:7a:46:e8:f9:90:ac:5d:13:58:9e: 401s d0:c7:23:3a:d2:4a:dd:40:1f:66:50:1c:a2:dd:cc:f2:8b:1e: 401s 11:1b:c8:7f:54:8e:01:e8:e0:93:02:eb:27:a8:fd:5a:ee:88: 401s 45:f6:ce:1a:4e:57:a2:3b:b2:38:8b:04:53:98:c4:3a:a3:a3: 401s 5c:bc:bb:e8:42:a4:14:fc:00:44:06:28:28:03:ae:09:16:00: 401s 31:fa:b0:64:66:d4:22:93:8e:94:a0:3d:91:d0:88:e3:e3:b9: 401s 7a:bd 401s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-GIPATm/SSSD-child-1873-auth.pem 401s + found_md5=Modulus=B2141ECEB5C9C1083F30E5B98D8567532ACB861E1B4491B7281BB8B58DFB4A4BE99A46AA91CEAE986A3A8862BD40DE3FCFC67FFBB67247817333DAACF404D691304307BD51486A8B380370359EBF5273EA3E1116CE28DCD7860D5023BD332AF4DA82BC920BE7F1F46AF9AC13B4CF16C0F9BDD39DF0D43BAB4BD0F9E2E158131B 401s + '[' Modulus=B2141ECEB5C9C1083F30E5B98D8567532ACB861E1B4491B7281BB8B58DFB4A4BE99A46AA91CEAE986A3A8862BD40DE3FCFC67FFBB67247817333DAACF404D691304307BD51486A8B380370359EBF5273EA3E1116CE28DCD7860D5023BD332AF4DA82BC920BE7F1F46AF9AC13B4CF16C0F9BDD39DF0D43BAB4BD0F9E2E158131B '!=' Modulus=B2141ECEB5C9C1083F30E5B98D8567532ACB861E1B4491B7281BB8B58DFB4A4BE99A46AA91CEAE986A3A8862BD40DE3FCFC67FFBB67247817333DAACF404D691304307BD51486A8B380370359EBF5273EA3E1116CE28DCD7860D5023BD332AF4DA82BC920BE7F1F46AF9AC13B4CF16C0F9BDD39DF0D43BAB4BD0F9E2E158131B ']' 401s + invalid_certificate /tmp/sssd-softhsm2-GIPATm/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-32422 /tmp/sssd-softhsm2-GIPATm/test-sub-intermediate-CA.pem 401s + check_certificate /tmp/sssd-softhsm2-GIPATm/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-32422 /tmp/sssd-softhsm2-GIPATm/test-sub-intermediate-CA.pem 401s + local certificate=/tmp/sssd-softhsm2-GIPATm/test-sub-intermediate-CA-trusted-certificate-0001.pem 401s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-32422 401s + local key_ring=/tmp/sssd-softhsm2-GIPATm/test-sub-intermediate-CA.pem 401s + local verify_option= 401s + prepare_softhsm2_card /tmp/sssd-softhsm2-GIPATm/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-32422 401s + local certificate=/tmp/sssd-softhsm2-GIPATm/test-sub-intermediate-CA-trusted-certificate-0001.pem 401s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-32422 401s + local key_cn 401s + local key_name 401s + local tokens_dir 401s + local output_cert_file 401s + token_name= 401s ++ basename /tmp/sssd-softhsm2-GIPATm/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 401s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 401s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-GIPATm/test-sub-intermediate-CA-trusted-certificate-0001.pem 401s ++ sed -n 's/ *commonName *= //p' 401s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 401s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 401s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-GIPATm/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 401s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-GIPATm/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 401s ++ basename /tmp/sssd-softhsm2-GIPATm/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 401s Test Organization Sub Int Token 401s + tokens_dir=/tmp/sssd-softhsm2-GIPATm/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 401s + token_name='Test Organization Sub Int Token' 401s + '[' '!' -e /tmp/sssd-softhsm2-GIPATm/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 401s + '[' '!' -d /tmp/sssd-softhsm2-GIPATm/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 401s + echo 'Test Organization Sub Int Token' 401s + '[' -n '' ']' 401s + local output_base_name=SSSD-child-20934 401s + local output_file=/tmp/sssd-softhsm2-GIPATm/SSSD-child-20934.output 401s + output_cert_file=/tmp/sssd-softhsm2-GIPATm/SSSD-child-20934.pem 401s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-GIPATm/test-sub-intermediate-CA.pem 401s [p11_child[3356]] [main] (0x0400): p11_child started. 401s [p11_child[3356]] [main] (0x2000): Running in [pre-auth] mode. 401s [p11_child[3356]] [main] (0x2000): Running with effective IDs: [0][0]. 401s [p11_child[3356]] [main] (0x2000): Running with real IDs [0][0]. 401s [p11_child[3356]] [do_card] (0x4000): Module List: 401s [p11_child[3356]] [do_card] (0x4000): common name: [softhsm2]. 401s [p11_child[3356]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 401s [p11_child[3356]] [do_card] (0x4000): Description [SoftHSM slot ID 0x3e3d7148] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 401s [p11_child[3356]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 401s [p11_child[3356]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x3e3d7148][1044214088] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 401s [p11_child[3356]] [do_card] (0x4000): Login NOT required. 401s [p11_child[3356]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 401s [p11_child[3356]] [do_verification] (0x0040): X509_verify_cert failed [0]. 401s [p11_child[3356]] [do_verification] (0x0040): X509_verify_cert failed [2][unable to get issuer certificate]. 401s [p11_child[3356]] [read_certs] (0x0040): Certificate [Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] not valid, skipping. 401s [p11_child[3356]] [do_card] (0x4000): No certificate found. 401s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-GIPATm/SSSD-child-20934.output 401s + return 2 401s + invalid_certificate /tmp/sssd-softhsm2-GIPATm/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-32422 /tmp/sssd-softhsm2-GIPATm/test-root-intermediate-chain-CA.pem partial_chain 401s + check_certificate /tmp/sssd-softhsm2-GIPATm/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-32422 /tmp/sssd-softhsm2-GIPATm/test-root-intermediate-chain-CA.pem partial_chain 401s + local certificate=/tmp/sssd-softhsm2-GIPATm/test-sub-intermediate-CA-trusted-certificate-0001.pem 401s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-32422 401s + local key_ring=/tmp/sssd-softhsm2-GIPATm/test-root-intermediate-chain-CA.pem 401s + local verify_option=partial_chain 401s + prepare_softhsm2_card /tmp/sssd-softhsm2-GIPATm/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-32422 401s + local certificate=/tmp/sssd-softhsm2-GIPATm/test-sub-intermediate-CA-trusted-certificate-0001.pem 401s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-32422 401s + local key_cn 401s + local key_name 401s + local tokens_dir 401s + local output_cert_file 401s + token_name= 401s ++ basename /tmp/sssd-softhsm2-GIPATm/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 401s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 401s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-GIPATm/test-sub-intermediate-CA-trusted-certificate-0001.pem 401s ++ sed -n 's/ *commonName *= //p' 401s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 401s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 401s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-GIPATm/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 401s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-GIPATm/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 401s ++ basename /tmp/sssd-softhsm2-GIPATm/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 401s + tokens_dir=/tmp/sssd-softhsm2-GIPATm/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 401s + token_name='Test Organization Sub Int Token' 401s Test Organization Sub Int Token 401s + '[' '!' -e /tmp/sssd-softhsm2-GIPATm/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 401s + '[' '!' -d /tmp/sssd-softhsm2-GIPATm/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 401s + echo 'Test Organization Sub Int Token' 401s + '[' -n partial_chain ']' 401s + local verify_arg=--verify=partial_chain 401s + local output_base_name=SSSD-child-25504 401s + local output_file=/tmp/sssd-softhsm2-GIPATm/SSSD-child-25504.output 401s + output_cert_file=/tmp/sssd-softhsm2-GIPATm/SSSD-child-25504.pem 401s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-GIPATm/test-root-intermediate-chain-CA.pem 401s [p11_child[3363]] [main] (0x0400): p11_child started. 401s [p11_child[3363]] [main] (0x2000): Running in [pre-auth] mode. 401s [p11_child[3363]] [main] (0x2000): Running with effective IDs: [0][0]. 401s [p11_child[3363]] [main] (0x2000): Running with real IDs [0][0]. 401s [p11_child[3363]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 401s [p11_child[3363]] [do_card] (0x4000): Module List: 401s [p11_child[3363]] [do_card] (0x4000): common name: [softhsm2]. 401s [p11_child[3363]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 401s [p11_child[3363]] [do_card] (0x4000): Description [SoftHSM slot ID 0x3e3d7148] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 401s [p11_child[3363]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 401s [p11_child[3363]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x3e3d7148][1044214088] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 401s [p11_child[3363]] [do_card] (0x4000): Login NOT required. 401s [p11_child[3363]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 401s [p11_child[3363]] [do_verification] (0x0040): X509_verify_cert failed [0]. 401s [p11_child[3363]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 401s [p11_child[3363]] [read_certs] (0x0040): Certificate [Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] not valid, skipping. 401s [p11_child[3363]] [do_card] (0x4000): No certificate found. 401s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-GIPATm/SSSD-child-25504.output 401s + return 2 401s + valid_certificate /tmp/sssd-softhsm2-GIPATm/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-32422 /tmp/sssd-softhsm2-GIPATm/test-sub-intermediate-CA.pem partial_chain 401s + check_certificate /tmp/sssd-softhsm2-GIPATm/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-32422 /tmp/sssd-softhsm2-GIPATm/test-sub-intermediate-CA.pem partial_chain 401s + local certificate=/tmp/sssd-softhsm2-GIPATm/test-sub-intermediate-CA-trusted-certificate-0001.pem 401s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-32422 401s + local key_ring=/tmp/sssd-softhsm2-GIPATm/test-sub-intermediate-CA.pem 401s + local verify_option=partial_chain 401s + prepare_softhsm2_card /tmp/sssd-softhsm2-GIPATm/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-32422 401s + local certificate=/tmp/sssd-softhsm2-GIPATm/test-sub-intermediate-CA-trusted-certificate-0001.pem 401s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-32422 401s + local key_cn 401s + local key_name 401s + local tokens_dir 401s + local output_cert_file 401s + token_name= 401s ++ basename /tmp/sssd-softhsm2-GIPATm/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 401s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 401s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-GIPATm/test-sub-intermediate-CA-trusted-certificate-0001.pem 401s ++ sed -n 's/ *commonName *= //p' 401s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 401s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 401s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-GIPATm/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 401s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-GIPATm/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 401s ++ basename /tmp/sssd-softhsm2-GIPATm/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 401s Test Organization Sub Int Token 401s + tokens_dir=/tmp/sssd-softhsm2-GIPATm/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 401s + token_name='Test Organization Sub Int Token' 401s + '[' '!' -e /tmp/sssd-softhsm2-GIPATm/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 401s + '[' '!' -d /tmp/sssd-softhsm2-GIPATm/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 401s + echo 'Test Organization Sub Int Token' 401s + '[' -n partial_chain ']' 401s + local verify_arg=--verify=partial_chain 401s + local output_base_name=SSSD-child-6518 401s + local output_file=/tmp/sssd-softhsm2-GIPATm/SSSD-child-6518.output 401s + output_cert_file=/tmp/sssd-softhsm2-GIPATm/SSSD-child-6518.pem 401s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-GIPATm/test-sub-intermediate-CA.pem 401s [p11_child[3370]] [main] (0x0400): p11_child started. 401s [p11_child[3370]] [main] (0x2000): Running in [pre-auth] mode. 401s [p11_child[3370]] [main] (0x2000): Running with effective IDs: [0][0]. 401s [p11_child[3370]] [main] (0x2000): Running with real IDs [0][0]. 401s [p11_child[3370]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 401s [p11_child[3370]] [do_card] (0x4000): Module List: 401s [p11_child[3370]] [do_card] (0x4000): common name: [softhsm2]. 401s [p11_child[3370]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 401s [p11_child[3370]] [do_card] (0x4000): Description [SoftHSM slot ID 0x3e3d7148] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 401s [p11_child[3370]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 401s [p11_child[3370]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x3e3d7148][1044214088] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 401s [p11_child[3370]] [do_card] (0x4000): Login NOT required. 401s [p11_child[3370]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 401s [p11_child[3370]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 401s [p11_child[3370]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Sub Int Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 401s [p11_child[3370]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x3e3d7148;slot-manufacturer=SoftHSM%20project;slot-id=1044214088;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=364017bb3e3d7148;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 401s [p11_child[3370]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 401s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-GIPATm/SSSD-child-6518.output 401s + echo '-----BEGIN CERTIFICATE-----' 401s + tail -n1 /tmp/sssd-softhsm2-GIPATm/SSSD-child-6518.output 401s + echo '-----END CERTIFICATE-----' 401s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-GIPATm/SSSD-child-6518.pem 401s Certificate: 401s Data: 401s Version: 3 (0x2) 401s Serial Number: 5 (0x5) 401s Signature Algorithm: sha256WithRSAEncryption 401s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 401s Validity 401s Not Before: Apr 11 17:25:10 2024 GMT 401s Not After : Apr 11 17:25:10 2025 GMT 401s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 401s Subject Public Key Info: 401s Public Key Algorithm: rsaEncryption 401s Public-Key: (1024 bit) 401s Modulus: 401s 00:b2:14:1e:ce:b5:c9:c1:08:3f:30:e5:b9:8d:85: 401s 67:53:2a:cb:86:1e:1b:44:91:b7:28:1b:b8:b5:8d: 401s fb:4a:4b:e9:9a:46:aa:91:ce:ae:98:6a:3a:88:62: 401s bd:40:de:3f:cf:c6:7f:fb:b6:72:47:81:73:33:da: 401s ac:f4:04:d6:91:30:43:07:bd:51:48:6a:8b:38:03: 401s 70:35:9e:bf:52:73:ea:3e:11:16:ce:28:dc:d7:86: 401s 0d:50:23:bd:33:2a:f4:da:82:bc:92:0b:e7:f1:f4: 401s 6a:f9:ac:13:b4:cf:16:c0:f9:bd:d3:9d:f0:d4:3b: 401s ab:4b:d0:f9:e2:e1:58:13:1b 401s Exponent: 65537 (0x10001) 401s X509v3 extensions: 401s X509v3 Authority Key Identifier: 401s 9F:5F:EE:22:27:F1:E0:CC:F0:40:7A:8A:61:7C:94:A1:D1:A9:95:95 401s X509v3 Basic Constraints: 401s CA:FALSE 401s Netscape Cert Type: 401s SSL Client, S/MIME 401s Netscape Comment: 401s Test Organization Sub Intermediate CA trusted Certificate 401s X509v3 Subject Key Identifier: 401s 9E:AB:9B:5B:E2:70:65:77:DD:59:69:91:52:3D:C5:87:B2:69:47:47 401s X509v3 Key Usage: critical 401s Digital Signature, Non Repudiation, Key Encipherment 401s X509v3 Extended Key Usage: 401s TLS Web Client Authentication, E-mail Protection 401s X509v3 Subject Alternative Name: 401s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 401s Signature Algorithm: sha256WithRSAEncryption 401s Signature Value: 401s 13:78:87:a0:25:5f:f8:b9:61:ae:63:58:25:5f:26:a5:97:c1: 401s da:25:23:b7:91:4d:fd:cb:7a:46:e8:f9:90:ac:5d:13:58:9e: 401s d0:c7:23:3a:d2:4a:dd:40:1f:66:50:1c:a2:dd:cc:f2:8b:1e: 401s 11:1b:c8:7f:54:8e:01:e8:e0:93:02:eb:27:a8:fd:5a:ee:88: 401s 45:f6:ce:1a:4e:57:a2:3b:b2:38:8b:04:53:98:c4:3a:a3:a3: 401s 5c:bc:bb:e8:42:a4:14:fc:00:44:06:28:28:03:ae:09:16:00: 401s 31:fa:b0:64:66:d4:22:93:8e:94:a0:3d:91:d0:88:e3:e3:b9: 401s 7a:bd 401s + local found_md5 expected_md5 401s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-GIPATm/test-sub-intermediate-CA-trusted-certificate-0001.pem 401s + expected_md5=Modulus=B2141ECEB5C9C1083F30E5B98D8567532ACB861E1B4491B7281BB8B58DFB4A4BE99A46AA91CEAE986A3A8862BD40DE3FCFC67FFBB67247817333DAACF404D691304307BD51486A8B380370359EBF5273EA3E1116CE28DCD7860D5023BD332AF4DA82BC920BE7F1F46AF9AC13B4CF16C0F9BDD39DF0D43BAB4BD0F9E2E158131B 401s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-GIPATm/SSSD-child-6518.pem 401s + found_md5=Modulus=B2141ECEB5C9C1083F30E5B98D8567532ACB861E1B4491B7281BB8B58DFB4A4BE99A46AA91CEAE986A3A8862BD40DE3FCFC67FFBB67247817333DAACF404D691304307BD51486A8B380370359EBF5273EA3E1116CE28DCD7860D5023BD332AF4DA82BC920BE7F1F46AF9AC13B4CF16C0F9BDD39DF0D43BAB4BD0F9E2E158131B 401s + '[' Modulus=B2141ECEB5C9C1083F30E5B98D8567532ACB861E1B4491B7281BB8B58DFB4A4BE99A46AA91CEAE986A3A8862BD40DE3FCFC67FFBB67247817333DAACF404D691304307BD51486A8B380370359EBF5273EA3E1116CE28DCD7860D5023BD332AF4DA82BC920BE7F1F46AF9AC13B4CF16C0F9BDD39DF0D43BAB4BD0F9E2E158131B '!=' Modulus=B2141ECEB5C9C1083F30E5B98D8567532ACB861E1B4491B7281BB8B58DFB4A4BE99A46AA91CEAE986A3A8862BD40DE3FCFC67FFBB67247817333DAACF404D691304307BD51486A8B380370359EBF5273EA3E1116CE28DCD7860D5023BD332AF4DA82BC920BE7F1F46AF9AC13B4CF16C0F9BDD39DF0D43BAB4BD0F9E2E158131B ']' 401s + output_file=/tmp/sssd-softhsm2-GIPATm/SSSD-child-6518-auth.output 401s ++ basename /tmp/sssd-softhsm2-GIPATm/SSSD-child-6518-auth.output .output 401s + output_cert_file=/tmp/sssd-softhsm2-GIPATm/SSSD-child-6518-auth.pem 401s + echo -n 053350 401s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-GIPATm/test-sub-intermediate-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Sub Int Token' --module_name /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so 401s [p11_child[3378]] [main] (0x0400): p11_child started. 401s [p11_child[3378]] [main] (0x2000): Running in [auth] mode. 401s [p11_child[3378]] [main] (0x2000): Running with effective IDs: [0][0]. 401s [p11_child[3378]] [main] (0x2000): Running with real IDs [0][0]. 401s [p11_child[3378]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 401s [p11_child[3378]] [do_card] (0x4000): Module List: 401s [p11_child[3378]] [do_card] (0x4000): common name: [softhsm2]. 401s [p11_child[3378]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 401s [p11_child[3378]] [do_card] (0x4000): Description [SoftHSM slot ID 0x3e3d7148] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 401s [p11_child[3378]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 401s [p11_child[3378]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x3e3d7148][1044214088] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 401s [p11_child[3378]] [do_card] (0x4000): Login required. 401s [p11_child[3378]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 401s [p11_child[3378]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 401s [p11_child[3378]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so Test Organization Sub Int Token Test Organization Sub Int Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 401s [p11_child[3378]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x3e3d7148;slot-manufacturer=SoftHSM%20project;slot-id=1044214088;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=364017bb3e3d7148;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 401s [p11_child[3378]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 401s [p11_child[3378]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 401s [p11_child[3378]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 401s [p11_child[3378]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 401s [p11_child[3378]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 401s [p11_child[3378]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 401s [p11_child[3378]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 401s [p11_child[3378]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 401s [p11_child[3378]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 401s [p11_child[3378]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 401s [p11_child[3378]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 401s [p11_child[3378]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 401s [p11_child[3378]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 401s [p11_child[3378]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 401s [p11_child[3378]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 401s [p11_child[3378]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 401s [p11_child[3378]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 401s [p11_child[3378]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 401s [p11_child[3378]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 401s [p11_child[3378]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 401s [p11_child[3378]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 401s [p11_child[3378]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 401s [p11_child[3378]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 401s [p11_child[3378]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 401s [p11_child[3378]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 401s [p11_child[3378]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 401s [p11_child[3378]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 401s [p11_child[3378]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 401s [p11_child[3378]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 401s [p11_child[3378]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 401s [p11_child[3378]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 401s [p11_child[3378]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 401s [p11_child[3378]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 401s [p11_child[3378]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 401s [p11_child[3378]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 401s [p11_child[3378]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 401s [p11_child[3378]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 401s [p11_child[3378]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 401s [p11_child[3378]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 401s [p11_child[3378]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 401s [p11_child[3378]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 401s [p11_child[3378]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 401s [p11_child[3378]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 401s [p11_child[3378]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 401s [p11_child[3378]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 401s [p11_child[3378]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 401s [p11_child[3378]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 401s [p11_child[3378]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 401s [p11_child[3378]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 401s [p11_child[3378]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 401s [p11_child[3378]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 401s [p11_child[3378]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 401s [p11_child[3378]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 401s [p11_child[3378]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 401s [p11_child[3378]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 401s [p11_child[3378]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 401s [p11_child[3378]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 401s [p11_child[3378]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 401s [p11_child[3378]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 401s [p11_child[3378]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 401s [p11_child[3378]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 401s [p11_child[3378]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 401s [p11_child[3378]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 401s [p11_child[3378]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 401s [p11_child[3378]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 401s [p11_child[3378]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 401s [p11_child[3378]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 401s [p11_child[3378]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 401s [p11_child[3378]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 401s [p11_child[3378]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 401s [p11_child[3378]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 401s [p11_child[3378]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 401s [p11_child[3378]] [do_card] (0x4000): Certificate verified and validated. 401s [p11_child[3378]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 401s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-GIPATm/SSSD-child-6518-auth.output 401s + echo '-----BEGIN CERTIFICATE-----' 401s + tail -n1 /tmp/sssd-softhsm2-GIPATm/SSSD-child-6518-auth.output 401s + echo '-----END CERTIFICATE-----' 401s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-GIPATm/SSSD-child-6518-auth.pem 401s Certificate: 401s Data: 401s Version: 3 (0x2) 401s Serial Number: 5 (0x5) 401s Signature Algorithm: sha256WithRSAEncryption 401s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 401s Validity 401s Not Before: Apr 11 17:25:10 2024 GMT 401s Not After : Apr 11 17:25:10 2025 GMT 401s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 401s Subject Public Key Info: 401s Public Key Algorithm: rsaEncryption 401s Public-Key: (1024 bit) 401s Modulus: 401s 00:b2:14:1e:ce:b5:c9:c1:08:3f:30:e5:b9:8d:85: 401s 67:53:2a:cb:86:1e:1b:44:91:b7:28:1b:b8:b5:8d: 401s fb:4a:4b:e9:9a:46:aa:91:ce:ae:98:6a:3a:88:62: 401s bd:40:de:3f:cf:c6:7f:fb:b6:72:47:81:73:33:da: 401s ac:f4:04:d6:91:30:43:07:bd:51:48:6a:8b:38:03: 401s 70:35:9e:bf:52:73:ea:3e:11:16:ce:28:dc:d7:86: 401s 0d:50:23:bd:33:2a:f4:da:82:bc:92:0b:e7:f1:f4: 401s 6a:f9:ac:13:b4:cf:16:c0:f9:bd:d3:9d:f0:d4:3b: 401s ab:4b:d0:f9:e2:e1:58:13:1b 401s Exponent: 65537 (0x10001) 401s X509v3 extensions: 401s X509v3 Authority Key Identifier: 401s 9F:5F:EE:22:27:F1:E0:CC:F0:40:7A:8A:61:7C:94:A1:D1:A9:95:95 401s X509v3 Basic Constraints: 401s CA:FALSE 401s Netscape Cert Type: 401s SSL Client, S/MIME 401s Netscape Comment: 401s Test Organization Sub Intermediate CA trusted Certificate 401s X509v3 Subject Key Identifier: 401s 9E:AB:9B:5B:E2:70:65:77:DD:59:69:91:52:3D:C5:87:B2:69:47:47 401s X509v3 Key Usage: critical 401s Digital Signature, Non Repudiation, Key Encipherment 401s X509v3 Extended Key Usage: 401s TLS Web Client Authentication, E-mail Protection 401s X509v3 Subject Alternative Name: 401s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 401s Signature Algorithm: sha256WithRSAEncryption 401s Signature Value: 401s 13:78:87:a0:25:5f:f8:b9:61:ae:63:58:25:5f:26:a5:97:c1: 401s da:25:23:b7:91:4d:fd:cb:7a:46:e8:f9:90:ac:5d:13:58:9e: 401s d0:c7:23:3a:d2:4a:dd:40:1f:66:50:1c:a2:dd:cc:f2:8b:1e: 401s 11:1b:c8:7f:54:8e:01:e8:e0:93:02:eb:27:a8:fd:5a:ee:88: 401s 45:f6:ce:1a:4e:57:a2:3b:b2:38:8b:04:53:98:c4:3a:a3:a3: 401s 5c:bc:bb:e8:42:a4:14:fc:00:44:06:28:28:03:ae:09:16:00: 401s 31:fa:b0:64:66:d4:22:93:8e:94:a0:3d:91:d0:88:e3:e3:b9: 401s 7a:bd 401s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-GIPATm/SSSD-child-6518-auth.pem 401s + found_md5=Modulus=B2141ECEB5C9C1083F30E5B98D8567532ACB861E1B4491B7281BB8B58DFB4A4BE99A46AA91CEAE986A3A8862BD40DE3FCFC67FFBB67247817333DAACF404D691304307BD51486A8B380370359EBF5273EA3E1116CE28DCD7860D5023BD332AF4DA82BC920BE7F1F46AF9AC13B4CF16C0F9BDD39DF0D43BAB4BD0F9E2E158131B 401s + '[' Modulus=B2141ECEB5C9C1083F30E5B98D8567532ACB861E1B4491B7281BB8B58DFB4A4BE99A46AA91CEAE986A3A8862BD40DE3FCFC67FFBB67247817333DAACF404D691304307BD51486A8B380370359EBF5273EA3E1116CE28DCD7860D5023BD332AF4DA82BC920BE7F1F46AF9AC13B4CF16C0F9BDD39DF0D43BAB4BD0F9E2E158131B '!=' Modulus=B2141ECEB5C9C1083F30E5B98D8567532ACB861E1B4491B7281BB8B58DFB4A4BE99A46AA91CEAE986A3A8862BD40DE3FCFC67FFBB67247817333DAACF404D691304307BD51486A8B380370359EBF5273EA3E1116CE28DCD7860D5023BD332AF4DA82BC920BE7F1F46AF9AC13B4CF16C0F9BDD39DF0D43BAB4BD0F9E2E158131B ']' 401s + valid_certificate /tmp/sssd-softhsm2-GIPATm/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-32422 /tmp/sssd-softhsm2-GIPATm/test-intermediate-sub-chain-CA.pem partial_chain 401s + check_certificate /tmp/sssd-softhsm2-GIPATm/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-32422 /tmp/sssd-softhsm2-GIPATm/test-intermediate-sub-chain-CA.pem partial_chain 401s + local certificate=/tmp/sssd-softhsm2-GIPATm/test-sub-intermediate-CA-trusted-certificate-0001.pem 401s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-32422 401s + local key_ring=/tmp/sssd-softhsm2-GIPATm/test-intermediate-sub-chain-CA.pem 401s + local verify_option=partial_chain 401s + prepare_softhsm2_card /tmp/sssd-softhsm2-GIPATm/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-32422 401s + local certificate=/tmp/sssd-softhsm2-GIPATm/test-sub-intermediate-CA-trusted-certificate-0001.pem 401s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-32422 401s + local key_cn 401s + local key_name 401s + local tokens_dir 401s + local output_cert_file 401s + token_name= 401s ++ basename /tmp/sssd-softhsm2-GIPATm/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 401s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 401s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-GIPATm/test-sub-intermediate-CA-trusted-certificate-0001.pem 401s ++ sed -n 's/ *commonName *= //p' 401s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 401s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 401s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-GIPATm/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 401s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-GIPATm/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 401s ++ basename /tmp/sssd-softhsm2-GIPATm/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 401s + tokens_dir=/tmp/sssd-softhsm2-GIPATm/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 401s + token_name='Test Organization Sub Int Token' 401s Test Organization Sub Int Token 401s + '[' '!' -e /tmp/sssd-softhsm2-GIPATm/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 401s + '[' '!' -d /tmp/sssd-softhsm2-GIPATm/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 401s + echo 'Test Organization Sub Int Token' 401s + '[' -n partial_chain ']' 401s + local verify_arg=--verify=partial_chain 401s + local output_base_name=SSSD-child-18235 401s + local output_file=/tmp/sssd-softhsm2-GIPATm/SSSD-child-18235.output 401s + output_cert_file=/tmp/sssd-softhsm2-GIPATm/SSSD-child-18235.pem 401s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-GIPATm/test-intermediate-sub-chain-CA.pem 401s [p11_child[3388]] [main] (0x0400): p11_child started. 401s [p11_child[3388]] [main] (0x2000): Running in [pre-auth] mode. 401s [p11_child[3388]] [main] (0x2000): Running with effective IDs: [0][0]. 401s [p11_child[3388]] [main] (0x2000): Running with real IDs [0][0]. 401s [p11_child[3388]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 401s [p11_child[3388]] [do_card] (0x4000): Module List: 401s [p11_child[3388]] [do_card] (0x4000): common name: [softhsm2]. 401s [p11_child[3388]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 401s [p11_child[3388]] [do_card] (0x4000): Description [SoftHSM slot ID 0x3e3d7148] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 401s [p11_child[3388]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 401s [p11_child[3388]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x3e3d7148][1044214088] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 401s [p11_child[3388]] [do_card] (0x4000): Login NOT required. 401s [p11_child[3388]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 401s [p11_child[3388]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 401s [p11_child[3388]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Sub Int Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 401s [p11_child[3388]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x3e3d7148;slot-manufacturer=SoftHSM%20project;slot-id=1044214088;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=364017bb3e3d7148;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 401s [p11_child[3388]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 401s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-GIPATm/SSSD-child-18235.output 401s + echo '-----BEGIN CERTIFICATE-----' 401s + tail -n1 /tmp/sssd-softhsm2-GIPATm/SSSD-child-18235.output 401s + echo '-----END CERTIFICATE-----' 401s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-GIPATm/SSSD-child-18235.pem 401s Certificate: 401s Data: 401s Version: 3 (0x2) 401s Serial Number: 5 (0x5) 401s Signature Algorithm: sha256WithRSAEncryption 401s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 401s Validity 401s Not Before: Apr 11 17:25:10 2024 GMT 401s Not After : Apr 11 17:25:10 2025 GMT 401s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 401s Subject Public Key Info: 401s Public Key Algorithm: rsaEncryption 401s Public-Key: (1024 bit) 401s Modulus: 401s 00:b2:14:1e:ce:b5:c9:c1:08:3f:30:e5:b9:8d:85: 401s 67:53:2a:cb:86:1e:1b:44:91:b7:28:1b:b8:b5:8d: 401s fb:4a:4b:e9:9a:46:aa:91:ce:ae:98:6a:3a:88:62: 401s bd:40:de:3f:cf:c6:7f:fb:b6:72:47:81:73:33:da: 401s ac:f4:04:d6:91:30:43:07:bd:51:48:6a:8b:38:03: 401s 70:35:9e:bf:52:73:ea:3e:11:16:ce:28:dc:d7:86: 401s 0d:50:23:bd:33:2a:f4:da:82:bc:92:0b:e7:f1:f4: 401s 6a:f9:ac:13:b4:cf:16:c0:f9:bd:d3:9d:f0:d4:3b: 401s ab:4b:d0:f9:e2:e1:58:13:1b 401s Exponent: 65537 (0x10001) 401s X509v3 extensions: 401s X509v3 Authority Key Identifier: 401s 9F:5F:EE:22:27:F1:E0:CC:F0:40:7A:8A:61:7C:94:A1:D1:A9:95:95 401s X509v3 Basic Constraints: 401s CA:FALSE 401s Netscape Cert Type: 401s SSL Client, S/MIME 401s Netscape Comment: 401s Test Organization Sub Intermediate CA trusted Certificate 401s X509v3 Subject Key Identifier: 401s 9E:AB:9B:5B:E2:70:65:77:DD:59:69:91:52:3D:C5:87:B2:69:47:47 401s X509v3 Key Usage: critical 401s Digital Signature, Non Repudiation, Key Encipherment 401s X509v3 Extended Key Usage: 401s TLS Web Client Authentication, E-mail Protection 401s X509v3 Subject Alternative Name: 401s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 401s Signature Algorithm: sha256WithRSAEncryption 401s Signature Value: 401s 13:78:87:a0:25:5f:f8:b9:61:ae:63:58:25:5f:26:a5:97:c1: 401s da:25:23:b7:91:4d:fd:cb:7a:46:e8:f9:90:ac:5d:13:58:9e: 401s d0:c7:23:3a:d2:4a:dd:40:1f:66:50:1c:a2:dd:cc:f2:8b:1e: 401s 11:1b:c8:7f:54:8e:01:e8:e0:93:02:eb:27:a8:fd:5a:ee:88: 401s 45:f6:ce:1a:4e:57:a2:3b:b2:38:8b:04:53:98:c4:3a:a3:a3: 401s 5c:bc:bb:e8:42:a4:14:fc:00:44:06:28:28:03:ae:09:16:00: 401s 31:fa:b0:64:66:d4:22:93:8e:94:a0:3d:91:d0:88:e3:e3:b9: 401s 7a:bd 401s + local found_md5 expected_md5 401s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-GIPATm/test-sub-intermediate-CA-trusted-certificate-0001.pem 401s + expected_md5=Modulus=B2141ECEB5C9C1083F30E5B98D8567532ACB861E1B4491B7281BB8B58DFB4A4BE99A46AA91CEAE986A3A8862BD40DE3FCFC67FFBB67247817333DAACF404D691304307BD51486A8B380370359EBF5273EA3E1116CE28DCD7860D5023BD332AF4DA82BC920BE7F1F46AF9AC13B4CF16C0F9BDD39DF0D43BAB4BD0F9E2E158131B 401s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-GIPATm/SSSD-child-18235.pem 401s + found_md5=Modulus=B2141ECEB5C9C1083F30E5B98D8567532ACB861E1B4491B7281BB8B58DFB4A4BE99A46AA91CEAE986A3A8862BD40DE3FCFC67FFBB67247817333DAACF404D691304307BD51486A8B380370359EBF5273EA3E1116CE28DCD7860D5023BD332AF4DA82BC920BE7F1F46AF9AC13B4CF16C0F9BDD39DF0D43BAB4BD0F9E2E158131B 401s + '[' Modulus=B2141ECEB5C9C1083F30E5B98D8567532ACB861E1B4491B7281BB8B58DFB4A4BE99A46AA91CEAE986A3A8862BD40DE3FCFC67FFBB67247817333DAACF404D691304307BD51486A8B380370359EBF5273EA3E1116CE28DCD7860D5023BD332AF4DA82BC920BE7F1F46AF9AC13B4CF16C0F9BDD39DF0D43BAB4BD0F9E2E158131B '!=' Modulus=B2141ECEB5C9C1083F30E5B98D8567532ACB861E1B4491B7281BB8B58DFB4A4BE99A46AA91CEAE986A3A8862BD40DE3FCFC67FFBB67247817333DAACF404D691304307BD51486A8B380370359EBF5273EA3E1116CE28DCD7860D5023BD332AF4DA82BC920BE7F1F46AF9AC13B4CF16C0F9BDD39DF0D43BAB4BD0F9E2E158131B ']' 401s + output_file=/tmp/sssd-softhsm2-GIPATm/SSSD-child-18235-auth.output 401s ++ basename /tmp/sssd-softhsm2-GIPATm/SSSD-child-18235-auth.output .output 401s + output_cert_file=/tmp/sssd-softhsm2-GIPATm/SSSD-child-18235-auth.pem 401s + echo -n 053350 401s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-GIPATm/test-intermediate-sub-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Sub Int Token' --module_name /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so 401s [p11_child[3396]] [main] (0x0400): p11_child started. 401s [p11_child[3396]] [main] (0x2000): Running in [auth] mode. 401s [p11_child[3396]] [main] (0x2000): Running with effective IDs: [0][0]. 401s [p11_child[3396]] [main] (0x2000): Running with real IDs [0][0]. 401s [p11_child[3396]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 401s [p11_child[3396]] [do_card] (0x4000): Module List: 401s [p11_child[3396]] [do_card] (0x4000): common name: [softhsm2]. 401s [p11_child[3396]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 401s [p11_child[3396]] [do_card] (0x4000): Description [SoftHSM slot ID 0x3e3d7148] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 401s [p11_child[3396]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 401s [p11_child[3396]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x3e3d7148][1044214088] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 401s [p11_child[3396]] [do_card] (0x4000): Login required. 401s [p11_child[3396]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 401s [p11_child[3396]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 401s [p11_child[3396]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so Test Organization Sub Int Token Test Organization Sub Int Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 401s [p11_child[3396]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x3e3d7148;slot-manufacturer=SoftHSM%20project;slot-id=1044214088;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=364017bb3e3d7148;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 401s [p11_child[3396]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 401s [p11_child[3396]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 401s [p11_child[3396]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 401s [p11_child[3396]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 401s [p11_child[3396]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 401s [p11_child[3396]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 401s [p11_child[3396]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 401s [p11_child[3396]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 401s [p11_child[3396]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 401s [p11_child[3396]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 401s [p11_child[3396]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 401s [p11_child[3396]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 401s [p11_child[3396]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 401s [p11_child[3396]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 401s [p11_child[3396]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 401s [p11_child[3396]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 401s [p11_child[3396]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 401s [p11_child[3396]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 401s [p11_child[3396]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 401s [p11_child[3396]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 401s [p11_child[3396]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 401s [p11_child[3396]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 401s [p11_child[3396]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 401s [p11_child[3396]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 401s [p11_child[3396]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 401s [p11_child[3396]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 401s [p11_child[3396]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 401s [p11_child[3396]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 401s [p11_child[3396]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 401s [p11_child[3396]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 401s [p11_child[3396]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 401s [p11_child[3396]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 401s [p11_child[3396]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 401s [p11_child[3396]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 401s [p11_child[3396]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 401s [p11_child[3396]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 401s [p11_child[3396]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 401s [p11_child[3396]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 401s [p11_child[3396]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 401s [p11_child[3396]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 401s [p11_child[3396]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 401s [p11_child[3396]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 401s [p11_child[3396]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 401s [p11_child[3396]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 401s [p11_child[3396]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 401s [p11_child[3396]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 401s [p11_child[3396]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 401s [p11_child[3396]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 401s [p11_child[3396]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 401s [p11_child[3396]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 401s [p11_child[3396]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 401s [p11_child[3396]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 401s [p11_child[3396]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 401s [p11_child[3396]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 401s [p11_child[3396]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 401s [p11_child[3396]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 401s [p11_child[3396]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 401s [p11_child[3396]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 401s [p11_child[3396]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 401s [p11_child[3396]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 401s [p11_child[3396]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 401s [p11_child[3396]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 401s [p11_child[3396]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 401s [p11_child[3396]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 401s [p11_child[3396]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 401s [p11_child[3396]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 401s [p11_child[3396]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 401s [p11_child[3396]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 401s [p11_child[3396]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 401s [p11_child[3396]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 401s [p11_child[3396]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 401s [p11_child[3396]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 401s [p11_child[3396]] [do_card] (0x4000): Certificate verified and validated. 401s [p11_child[3396]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 401s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-GIPATm/SSSD-child-18235-auth.output 401s + echo '-----BEGIN CERTIFICATE-----' 401s + tail -n1 /tmp/sssd-softhsm2-GIPATm/SSSD-child-18235-auth.output 401s + echo '-----END CERTIFICATE-----' 401s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-GIPATm/SSSD-child-18235-auth.pem 401s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-GIPATm/SSSD-child-18235-auth.pem 401s Certificate: 401s Data: 401s Version: 3 (0x2) 401s Serial Number: 5 (0x5) 401s Signature Algorithm: sha256WithRSAEncryption 401s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 401s Validity 401s Not Before: Apr 11 17:25:10 2024 GMT 401s Not After : Apr 11 17:25:10 2025 GMT 401s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 401s Subject Public Key Info: 401s Public Key Algorithm: rsaEncryption 401s Public-Key: (1024 bit) 401s Modulus: 401s 00:b2:14:1e:ce:b5:c9:c1:08:3f:30:e5:b9:8d:85: 401s 67:53:2a:cb:86:1e:1b:44:91:b7:28:1b:b8:b5:8d: 401s fb:4a:4b:e9:9a:46:aa:91:ce:ae:98:6a:3a:88:62: 401s bd:40:de:3f:cf:c6:7f:fb:b6:72:47:81:73:33:da: 401s ac:f4:04:d6:91:30:43:07:bd:51:48:6a:8b:38:03: 401s 70:35:9e:bf:52:73:ea:3e:11:16:ce:28:dc:d7:86: 401s 0d:50:23:bd:33:2a:f4:da:82:bc:92:0b:e7:f1:f4: 401s 6a:f9:ac:13:b4:cf:16:c0:f9:bd:d3:9d:f0:d4:3b: 401s ab:4b:d0:f9:e2:e1:58:13:1b 401s Exponent: 65537 (0x10001) 401s X509v3 extensions: 401s X509v3 Authority Key Identifier: 401s 9F:5F:EE:22:27:F1:E0:CC:F0:40:7A:8A:61:7C:94:A1:D1:A9:95:95 401s X509v3 Basic Constraints: 401s CA:FALSE 401s Netscape Cert Type: 401s SSL Client, S/MIME 401s Netscape Comment: 401s Test Organization Sub Intermediate CA trusted Certificate 401s X509v3 Subject Key Identifier: 401s 9E:AB:9B:5B:E2:70:65:77:DD:59:69:91:52:3D:C5:87:B2:69:47:47 401s X509v3 Key Usage: critical 401s Digital Signature, Non Repudiation, Key Encipherment 401s X509v3 Extended Key Usage: 401s TLS Web Client Authentication, E-mail Protection 401s X509v3 Subject Alternative Name: 401s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 401s Signature Algorithm: sha256WithRSAEncryption 401s Signature Value: 401s 13:78:87:a0:25:5f:f8:b9:61:ae:63:58:25:5f:26:a5:97:c1: 401s da:25:23:b7:91:4d:fd:cb:7a:46:e8:f9:90:ac:5d:13:58:9e: 401s d0:c7:23:3a:d2:4a:dd:40:1f:66:50:1c:a2:dd:cc:f2:8b:1e: 401s 11:1b:c8:7f:54:8e:01:e8:e0:93:02:eb:27:a8:fd:5a:ee:88: 401s 45:f6:ce:1a:4e:57:a2:3b:b2:38:8b:04:53:98:c4:3a:a3:a3: 401s 5c:bc:bb:e8:42:a4:14:fc:00:44:06:28:28:03:ae:09:16:00: 401s 31:fa:b0:64:66:d4:22:93:8e:94:a0:3d:91:d0:88:e3:e3:b9: 401s 7a:bd 401s + found_md5=Modulus=B2141ECEB5C9C1083F30E5B98D8567532ACB861E1B4491B7281BB8B58DFB4A4BE99A46AA91CEAE986A3A8862BD40DE3FCFC67FFBB67247817333DAACF404D691304307BD51486A8B380370359EBF5273EA3E1116CE28DCD7860D5023BD332AF4DA82BC920BE7F1F46AF9AC13B4CF16C0F9BDD39DF0D43BAB4BD0F9E2E158131B 401s + '[' Modulus=B2141ECEB5C9C1083F30E5B98D8567532ACB861E1B4491B7281BB8B58DFB4A4BE99A46AA91CEAE986A3A8862BD40DE3FCFC67FFBB67247817333DAACF404D691304307BD51486A8B380370359EBF5273EA3E1116CE28DCD7860D5023BD332AF4DA82BC920BE7F1F46AF9AC13B4CF16C0F9BDD39DF0D43BAB4BD0F9E2E158131B '!=' Modulus=B2141ECEB5C9C1083F30E5B98D8567532ACB861E1B4491B7281BB8B58DFB4A4BE99A46AA91CEAE986A3A8862BD40DE3FCFC67FFBB67247817333DAACF404D691304307BD51486A8B380370359EBF5273EA3E1116CE28DCD7860D5023BD332AF4DA82BC920BE7F1F46AF9AC13B4CF16C0F9BDD39DF0D43BAB4BD0F9E2E158131B ']' 401s + set +x 401s 401s Test completed, Root CA and intermediate issued certificates verified! 402s autopkgtest [17:25:15]: test sssd-softhism2-certificates-tests.sh: -----------------------] 402s sssd-softhism2-certificates-tests.sh PASS 402s autopkgtest [17:25:15]: test sssd-softhism2-certificates-tests.sh: - - - - - - - - - - results - - - - - - - - - - 403s autopkgtest [17:25:16]: test sssd-smart-card-pam-auth-configs: preparing testbed 407s Reading package lists... 407s Building dependency tree... 407s Reading state information... 408s Starting pkgProblemResolver with broken count: 0 408s Starting 2 pkgProblemResolver with broken count: 0 408s Done 408s The following additional packages will be installed: 408s pamtester 408s The following NEW packages will be installed: 408s autopkgtest-satdep pamtester 408s 0 upgraded, 2 newly installed, 0 to remove and 0 not upgraded. 408s Need to get 12.3 kB/13.0 kB of archives. 408s After this operation, 36.9 kB of additional disk space will be used. 408s Get:1 /tmp/autopkgtest.ecjSaf/4-autopkgtest-satdep.deb autopkgtest-satdep arm64 0 [764 B] 409s Get:2 http://ftpmaster.internal/ubuntu noble/universe arm64 pamtester arm64 0.1.2-4 [12.3 kB] 409s Fetched 12.3 kB in 0s (81.3 kB/s) 409s Selecting previously unselected package pamtester. 409s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 78348 files and directories currently installed.) 409s Preparing to unpack .../pamtester_0.1.2-4_arm64.deb ... 409s Unpacking pamtester (0.1.2-4) ... 409s Selecting previously unselected package autopkgtest-satdep. 409s Preparing to unpack .../4-autopkgtest-satdep.deb ... 409s Unpacking autopkgtest-satdep (0) ... 409s Setting up pamtester (0.1.2-4) ... 409s Setting up autopkgtest-satdep (0) ... 409s Processing triggers for man-db (2.12.0-4build1) ... 412s (Reading database ... 78354 files and directories currently installed.) 412s Removing autopkgtest-satdep (0) ... 413s autopkgtest [17:25:26]: test sssd-smart-card-pam-auth-configs: env OFFLINE_MODE=1 bash debian/tests/sssd-smart-card-pam-auth-configs-tester.sh 413s autopkgtest [17:25:26]: test sssd-smart-card-pam-auth-configs: [----------------------- 413s + '[' -z ubuntu ']' 413s + export DEBIAN_FRONTEND=noninteractive 413s + DEBIAN_FRONTEND=noninteractive 413s + required_tools=(pamtester softhsm2-util sssd) 413s + [[ ! -v OFFLINE_MODE ]] 413s + for cmd in "${required_tools[@]}" 413s + command -v pamtester 413s + for cmd in "${required_tools[@]}" 413s + command -v softhsm2-util 413s + for cmd in "${required_tools[@]}" 413s + command -v sssd 413s + PIN=123456 413s ++ mktemp -d -t sssd-softhsm2-certs-XXXXXX 413s + tmpdir=/tmp/sssd-softhsm2-certs-1PgOfu 413s + backupsdir= 413s + alternative_pam_configs=(sss-smart-card-optional sss-smart-card-required) 413s + declare -a restore_paths 413s + declare -a delete_paths 413s + trap handle_exit EXIT 413s ++ dirname debian/tests/sssd-smart-card-pam-auth-configs-tester.sh 413s + tester=debian/tests/sssd-softhism2-certificates-tests.sh 413s + '[' '!' -e debian/tests/sssd-softhism2-certificates-tests.sh ']' 413s + '[' '!' -e debian/tests/sssd-softhism2-certificates-tests.sh ']' 413s + export PIN TEST_TMPDIR=/tmp/sssd-softhsm2-certs-1PgOfu GENERATE_SMART_CARDS=1 KEEP_TEMPORARY_FILES=1 NO_SSSD_TESTS=1 413s + TEST_TMPDIR=/tmp/sssd-softhsm2-certs-1PgOfu 413s + GENERATE_SMART_CARDS=1 413s + KEEP_TEMPORARY_FILES=1 413s + NO_SSSD_TESTS=1 413s + bash debian/tests/sssd-softhism2-certificates-tests.sh 413s + '[' -z ubuntu ']' 413s + required_tools=(p11tool openssl softhsm2-util) 413s + for cmd in "${required_tools[@]}" 413s + command -v p11tool 413s + for cmd in "${required_tools[@]}" 413s + command -v openssl 413s + for cmd in "${required_tools[@]}" 413s + command -v softhsm2-util 413s + PIN=123456 413s +++ find /usr/lib/softhsm/libsofthsm2.so 413s +++ head -n 1 413s ++ realpath /usr/lib/softhsm/libsofthsm2.so 413s + SOFTHSM2_MODULE=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so 413s + SSSD_P11_CHILD=/usr/libexec/sssd/p11_child 413s + TOKEN_ID=00112233445566778899FFAABBCCDDEEFF012345 413s + '[' '!' -v NO_SSSD_TESTS ']' 413s + '[' '!' -e /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so ']' 413s + tmpdir=/tmp/sssd-softhsm2-certs-1PgOfu 413s + keys_size=1024 413s + [[ ! -v KEEP_TEMPORARY_FILES ]] 413s + trap 'set +x; echo -e "\nUnexpected failure!!!"' ERR 413s + echo -n 01 413s + touch /tmp/sssd-softhsm2-certs-1PgOfu/index.txt 413s + mkdir -p /tmp/sssd-softhsm2-certs-1PgOfu/new_certs 413s + cat 413s + root_ca_key_pass=pass:random-root-CA-password-24193 413s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-certs-1PgOfu/test-root-CA-key.pem -passout pass:random-root-CA-password-24193 1024 413s + openssl req -passin pass:random-root-CA-password-24193 -batch -config /tmp/sssd-softhsm2-certs-1PgOfu/test-root-CA.config -x509 -new -nodes -key /tmp/sssd-softhsm2-certs-1PgOfu/test-root-CA-key.pem -sha256 -days 1024 -set_serial 0 -extensions v3_ca -out /tmp/sssd-softhsm2-certs-1PgOfu/test-root-CA.pem 413s + openssl x509 -noout -in /tmp/sssd-softhsm2-certs-1PgOfu/test-root-CA.pem 413s + cat 413s + intermediate_ca_key_pass=pass:random-intermediate-CA-password-22392 413s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-certs-1PgOfu/test-intermediate-CA-key.pem -passout pass:random-intermediate-CA-password-22392 1024 413s + openssl req -batch -new -nodes -passin pass:random-intermediate-CA-password-22392 -config /tmp/sssd-softhsm2-certs-1PgOfu/test-intermediate-CA.config -key /tmp/sssd-softhsm2-certs-1PgOfu/test-intermediate-CA-key.pem -passout pass:random-root-CA-password-24193 -sha256 -extensions v3_ca -out /tmp/sssd-softhsm2-certs-1PgOfu/test-intermediate-CA-certificate-request.pem 413s Certificate Request: 413s Data: 413s Version: 1 (0x0) 413s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 413s Subject Public Key Info: 413s Public Key Algorithm: rsaEncryption 413s Public-Key: (1024 bit) 413s Modulus: 413s 00:c3:45:96:a8:61:d3:f8:32:a1:63:84:fc:97:9c: 413s d2:0d:66:f2:b9:72:5b:2a:9a:e5:67:ed:53:64:17: 413s cf:5f:ba:3f:84:f8:da:3d:7d:76:9f:90:5c:29:95: 413s a3:3f:21:02:bb:ef:90:eb:8b:52:cd:1e:0f:ca:23: 413s 43:2d:f3:8f:30:a8:a2:d9:1b:f2:39:6b:4f:34:f7: 413s a7:0b:3e:32:d6:c2:2c:15:53:f1:09:11:ee:53:80: 413s da:e5:a8:61:e1:46:cf:ba:7e:26:3f:cf:f9:eb:74: 413s 81:af:79:6b:5a:fe:57:4b:d5:58:00:d1:6f:a0:b7: 413s e5:db:75:b7:2f:30:b1:e4:3f 413s Exponent: 65537 (0x10001) 413s Attributes: 413s (none) 413s Requested Extensions: 413s Signature Algorithm: sha256WithRSAEncryption 413s Signature Value: 413s 2e:73:5e:e2:2e:82:38:8a:5f:48:07:3d:ec:4a:55:85:ee:06: 413s 68:ba:7b:af:fc:40:d5:db:b8:70:11:05:31:e6:20:71:b0:85: 413s 99:c7:1c:18:f5:cd:b2:4d:46:32:d4:ed:af:db:44:a1:3e:ff: 413s a2:38:3d:2c:ce:68:95:66:0f:4a:f4:a8:d3:e3:0f:db:93:9c: 413s 94:9e:ef:29:b0:1a:38:b1:57:a1:77:bf:46:48:e5:c6:93:4e: 413s c1:ce:2f:03:4a:61:50:94:c8:92:a0:97:0d:bf:4b:c9:e3:c6: 413s 62:4c:4d:f8:8a:04:2b:bc:01:d8:c4:48:ab:a3:a7:c6:1c:d1: 413s 6a:b7 413s + openssl req -text -noout -in /tmp/sssd-softhsm2-certs-1PgOfu/test-intermediate-CA-certificate-request.pem 413s + openssl ca -batch -notext -config /tmp/sssd-softhsm2-certs-1PgOfu/test-root-CA.config -passin pass:random-root-CA-password-24193 -keyfile /tmp/sssd-softhsm2-certs-1PgOfu/test-root-CA-key.pem -in /tmp/sssd-softhsm2-certs-1PgOfu/test-intermediate-CA-certificate-request.pem -days 365 -extensions v3_intermediate_ca -out /tmp/sssd-softhsm2-certs-1PgOfu/test-intermediate-CA.pem 413s Using configuration from /tmp/sssd-softhsm2-certs-1PgOfu/test-root-CA.config 413s Check that the request matches the signature 413s Signature ok 413s Certificate Details: 413s Serial Number: 1 (0x1) 413s Validity 413s Not Before: Apr 11 17:25:26 2024 GMT 413s Not After : Apr 11 17:25:26 2025 GMT 413s Subject: 413s organizationName = Test Organization 413s organizationalUnitName = Test Organization Unit 413s commonName = Test Organization Intermediate CA 413s X509v3 extensions: 413s X509v3 Subject Key Identifier: 413s A0:05:DF:EF:4A:0B:35:BF:84:1F:3D:C4:32:11:23:05:1F:37:57:18 413s X509v3 Authority Key Identifier: 413s keyid:85:65:6D:25:2D:FF:1A:89:65:0A:B9:8A:84:B7:F3:9C:9D:1F:FC:85 413s DirName:/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root CA 413s serial:00 413s X509v3 Basic Constraints: 413s CA:TRUE 413s X509v3 Key Usage: critical 413s Digital Signature, Certificate Sign, CRL Sign 413s Certificate is to be certified until Apr 11 17:25:26 2025 GMT (365 days) 413s 413s Write out database with 1 new entries 413s Database updated 413s + openssl x509 -noout -in /tmp/sssd-softhsm2-certs-1PgOfu/test-intermediate-CA.pem 413s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-1PgOfu/test-root-CA.pem /tmp/sssd-softhsm2-certs-1PgOfu/test-intermediate-CA.pem 413s /tmp/sssd-softhsm2-certs-1PgOfu/test-intermediate-CA.pem: OK 413s + cat 413s + sub_intermediate_ca_key_pass=pass:random-sub-intermediate-CA-password-17422 413s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-certs-1PgOfu/test-sub-intermediate-CA-key.pem -passout pass:random-sub-intermediate-CA-password-17422 1024 413s + openssl req -batch -new -nodes -passin pass:random-sub-intermediate-CA-password-17422 -config /tmp/sssd-softhsm2-certs-1PgOfu/test-sub-intermediate-CA.config -key /tmp/sssd-softhsm2-certs-1PgOfu/test-sub-intermediate-CA-key.pem -passout pass:random-intermediate-CA-password-22392 -sha256 -extensions v3_ca -out /tmp/sssd-softhsm2-certs-1PgOfu/test-sub-intermediate-CA-certificate-request.pem 413s + openssl req -text -noout -in /tmp/sssd-softhsm2-certs-1PgOfu/test-sub-intermediate-CA-certificate-request.pem 413s Certificate Request: 413s Data: 413s Version: 1 (0x0) 413s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 413s Subject Public Key Info: 413s Public Key Algorithm: rsaEncryption 413s Public-Key: (1024 bit) 413s Modulus: 413s 00:ce:5e:d8:c3:8d:25:bd:e2:26:e8:78:37:17:b8: 413s a9:17:a8:97:f6:98:46:3f:43:9d:76:2c:2b:b6:04: 413s de:27:d2:97:de:e8:4d:dc:1e:20:74:8a:1a:1c:a5: 413s 55:a0:d4:b4:80:2b:e6:36:cc:cd:9e:31:4b:c5:08: 413s 47:73:58:70:6b:19:34:40:82:89:02:ee:01:11:0b: 413s e0:e8:26:cb:8a:6a:28:e8:97:ef:83:89:5a:ba:e4: 413s fa:29:15:39:c3:31:e4:83:10:93:ae:c0:ce:6b:7b: 413s 82:08:20:fa:ad:c2:18:3d:50:4d:7e:08:65:8c:0d: 413s a6:e1:ed:ea:f8:a8:2f:6a:99 413s Exponent: 65537 (0x10001) 413s Attributes: 413s (none) 413s Requested Extensions: 413s Signature Algorithm: sha256WithRSAEncryption 413s Signature Value: 413s 8e:0a:9b:68:5b:19:49:8f:54:1e:0a:62:11:8d:46:ef:ca:a1: 413s 76:24:23:60:6f:ad:61:b9:61:46:99:be:08:97:8d:e3:4b:7e: 413s 71:f5:0b:43:73:ca:e6:dc:d4:b8:fe:14:fb:e9:9f:8c:38:36: 413s 4b:d8:43:a3:8e:eb:3d:af:46:ad:9a:77:cb:15:be:79:58:56: 413s 3e:d4:60:e3:a8:ac:86:a9:66:34:bc:5b:0a:63:14:fa:47:91: 413s 4f:43:49:74:f0:f0:76:da:73:9a:09:aa:29:e4:ce:a2:13:45: 413s 69:d9:a0:80:b1:80:68:a2:3f:e2:01:2b:47:88:08:b7:ab:f3: 413s 6a:3c 413s + openssl ca -batch -notext -config /tmp/sssd-softhsm2-certs-1PgOfu/test-intermediate-CA.config -passin pass:random-intermediate-CA-password-22392 -keyfile /tmp/sssd-softhsm2-certs-1PgOfu/test-intermediate-CA-key.pem -in /tmp/sssd-softhsm2-certs-1PgOfu/test-sub-intermediate-CA-certificate-request.pem -days 365 -extensions v3_intermediate_ca -out /tmp/sssd-softhsm2-certs-1PgOfu/test-sub-intermediate-CA.pem 413s Using configuration from /tmp/sssd-softhsm2-certs-1PgOfu/test-intermediate-CA.config 413s Check that the request matches the signature 413s Signature ok 413s Certificate Details: 413s Serial Number: 2 (0x2) 413s Validity 413s Not Before: Apr 11 17:25:26 2024 GMT 413s Not After : Apr 11 17:25:26 2025 GMT 413s Subject: 413s organizationName = Test Organization 413s organizationalUnitName = Test Organization Unit 413s commonName = Test Organization Sub Intermediate CA 413s X509v3 extensions: 413s X509v3 Subject Key Identifier: 413s 6D:39:43:77:84:9A:EF:0E:10:81:FF:C8:5C:8C:B9:F2:E3:B4:2C:9D 413s X509v3 Authority Key Identifier: 413s keyid:A0:05:DF:EF:4A:0B:35:BF:84:1F:3D:C4:32:11:23:05:1F:37:57:18 413s DirName:/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root CA 413s serial:01 413s X509v3 Basic Constraints: 413s CA:TRUE 413s X509v3 Key Usage: critical 413s Digital Signature, Certificate Sign, CRL Sign 413s Certificate is to be certified until Apr 11 17:25:26 2025 GMT (365 days) 413s 414s Write out database with 1 new entries 414s Database updated 414s + openssl x509 -noout -in /tmp/sssd-softhsm2-certs-1PgOfu/test-sub-intermediate-CA.pem 414s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-certs-1PgOfu/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-1PgOfu/test-sub-intermediate-CA.pem 414s /tmp/sssd-softhsm2-certs-1PgOfu/test-sub-intermediate-CA.pem: OK 414s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-certs-1PgOfu/test-root-CA.pem /tmp/sssd-softhsm2-certs-1PgOfu/test-sub-intermediate-CA.pem 414s + local cmd=openssl 414s + shift 414s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-1PgOfu/test-root-CA.pem /tmp/sssd-softhsm2-certs-1PgOfu/test-sub-intermediate-CA.pem 414s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 414s error 20 at 0 depth lookup: unable to get local issuer certificate 414s error /tmp/sssd-softhsm2-certs-1PgOfu/test-sub-intermediate-CA.pem: verification failed 414s + cat 414s + root_ca_trusted_cert_0001_key_pass=pass:random-root-ca-trusted-cert-0001-25015 414s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-certs-1PgOfu/test-root-CA-trusted-certificate-0001-key.pem -passout pass:random-root-ca-trusted-cert-0001-25015 1024 414s + openssl req -new -nodes -reqexts req_exts -passin pass:random-root-ca-trusted-cert-0001-25015 -key /tmp/sssd-softhsm2-certs-1PgOfu/test-root-CA-trusted-certificate-0001-key.pem -config /tmp/sssd-softhsm2-certs-1PgOfu/test-root-CA-trusted-certificate-0001.config -out /tmp/sssd-softhsm2-certs-1PgOfu/test-root-CA-trusted-certificate-0001-request.pem 414s + openssl req -text -noout -in /tmp/sssd-softhsm2-certs-1PgOfu/test-root-CA-trusted-certificate-0001-request.pem 414s Certificate Request: 414s Data: 414s Version: 1 (0x0) 414s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 414s Subject Public Key Info: 414s Public Key Algorithm: rsaEncryption 414s Public-Key: (1024 bit) 414s Modulus: 414s 00:c7:ca:6a:6c:a3:a7:3c:e0:0d:0a:54:21:61:b1: 414s e5:64:d1:88:e7:4e:88:12:2c:d4:51:be:70:ff:cc: 414s d6:96:e6:a4:e5:21:ff:e2:e7:24:5d:6f:12:04:a7: 414s 01:03:8c:ca:89:56:08:26:e3:f3:d2:97:b2:d1:80: 414s 04:b3:4b:67:13:63:0e:90:32:e3:1b:e6:27:cf:42: 414s 51:11:33:ed:b5:5e:0f:82:07:2e:73:fb:23:80:ca: 414s 5b:b8:8b:37:b3:06:ca:f8:17:4b:ba:b4:03:26:41: 414s 5a:df:0b:20:9c:c4:ea:d2:5f:09:8f:77:0e:8c:fa: 414s 91:d1:c8:e5:ef:43:78:74:f7 414s Exponent: 65537 (0x10001) 414s Attributes: 414s Requested Extensions: 414s X509v3 Basic Constraints: 414s CA:FALSE 414s Netscape Cert Type: 414s SSL Client, S/MIME 414s Netscape Comment: 414s Test Organization Root CA trusted Certificate 414s X509v3 Subject Key Identifier: 414s 8F:6D:ED:A7:78:2A:01:AE:27:D8:23:8E:28:75:3F:BA:E4:76:3E:78 414s X509v3 Key Usage: critical 414s Digital Signature, Non Repudiation, Key Encipherment 414s X509v3 Extended Key Usage: 414s TLS Web Client Authentication, E-mail Protection 414s X509v3 Subject Alternative Name: 414s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 414s Signature Algorithm: sha256WithRSAEncryption 414s Signature Value: 414s 94:f6:8c:32:61:eb:e2:1a:7a:7b:b2:78:75:01:50:d0:8e:dd: 414s 70:1b:88:20:20:51:27:bb:b6:29:4b:c6:64:d4:71:60:5a:c0: 414s cc:df:d1:70:cb:a8:f1:51:7f:12:de:20:c7:62:03:ac:6d:29: 414s f0:1f:0d:76:f3:b7:98:be:c7:33:4f:32:d9:88:c7:e8:84:a2: 414s 72:6f:32:65:eb:6e:0a:c6:76:d4:77:d7:2b:55:2a:de:d8:3d: 414s 87:19:44:aa:62:fe:be:14:23:9f:bf:d6:b7:aa:e3:d5:44:1d: 414s 0e:c0:22:20:7c:47:49:55:44:11:20:f4:61:49:a2:75:a5:76: 414s 1a:32 414s + openssl ca -batch -notext -config /tmp/sssd-softhsm2-certs-1PgOfu/test-root-CA.config -passin pass:random-root-CA-password-24193 -keyfile /tmp/sssd-softhsm2-certs-1PgOfu/test-root-CA-key.pem -in /tmp/sssd-softhsm2-certs-1PgOfu/test-root-CA-trusted-certificate-0001-request.pem -days 365 -extensions usr_cert -out /tmp/sssd-softhsm2-certs-1PgOfu/test-root-CA-trusted-certificate-0001.pem 414s Using configuration from /tmp/sssd-softhsm2-certs-1PgOfu/test-root-CA.config 414s Check that the request matches the signature 414s Signature ok 414s Certificate Details: 414s Serial Number: 3 (0x3) 414s Validity 414s Not Before: Apr 11 17:25:27 2024 GMT 414s Not After : Apr 11 17:25:27 2025 GMT 414s Subject: 414s organizationName = Test Organization 414s organizationalUnitName = Test Organization Unit 414s commonName = Test Organization Root Trusted Certificate 0001 414s X509v3 extensions: 414s X509v3 Authority Key Identifier: 414s 85:65:6D:25:2D:FF:1A:89:65:0A:B9:8A:84:B7:F3:9C:9D:1F:FC:85 414s X509v3 Basic Constraints: 414s CA:FALSE 414s Netscape Cert Type: 414s SSL Client, S/MIME 414s Netscape Comment: 414s Test Organization Root CA trusted Certificate 414s X509v3 Subject Key Identifier: 414s 8F:6D:ED:A7:78:2A:01:AE:27:D8:23:8E:28:75:3F:BA:E4:76:3E:78 414s X509v3 Key Usage: critical 414s Digital Signature, Non Repudiation, Key Encipherment 414s X509v3 Extended Key Usage: 414s TLS Web Client Authentication, E-mail Protection 414s X509v3 Subject Alternative Name: 414s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 414s Certificate is to be certified until Apr 11 17:25:27 2025 GMT (365 days) 414s 414s Write out database with 1 new entries 414s Database updated 414s + openssl x509 -noout -in /tmp/sssd-softhsm2-certs-1PgOfu/test-root-CA-trusted-certificate-0001.pem 414s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-1PgOfu/test-root-CA.pem /tmp/sssd-softhsm2-certs-1PgOfu/test-root-CA-trusted-certificate-0001.pem 414s /tmp/sssd-softhsm2-certs-1PgOfu/test-root-CA-trusted-certificate-0001.pem: OK 414s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-certs-1PgOfu/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-1PgOfu/test-root-CA-trusted-certificate-0001.pem 414s + local cmd=openssl 414s + shift 414s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-1PgOfu/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-1PgOfu/test-root-CA-trusted-certificate-0001.pem 414s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 414s error 20 at 0 depth lookup: unable to get local issuer certificate 414s error /tmp/sssd-softhsm2-certs-1PgOfu/test-root-CA-trusted-certificate-0001.pem: verification failed 414s + cat 414s + intermediate_ca_trusted_cert_0001_key_pass=pass:random-intermediate-ca-trusted-cert-0001-20598 414s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-certs-1PgOfu/test-intermediate-CA-trusted-certificate-0001-key.pem -passout pass:random-intermediate-ca-trusted-cert-0001-20598 1024 414s + openssl req -new -nodes -reqexts req_exts -passin pass:random-intermediate-ca-trusted-cert-0001-20598 -key /tmp/sssd-softhsm2-certs-1PgOfu/test-intermediate-CA-trusted-certificate-0001-key.pem -config /tmp/sssd-softhsm2-certs-1PgOfu/test-intermediate-CA-trusted-certificate-0001.config -out /tmp/sssd-softhsm2-certs-1PgOfu/test-intermediate-CA-trusted-certificate-0001-request.pem 414s + openssl req -text -noout -in /tmp/sssd-softhsm2-certs-1PgOfu/test-intermediate-CA-trusted-certificate-0001-request.pem 414s Certificate Request: 414s Data: 414s Version: 1 (0x0) 414s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 414s Subject Public Key Info: 414s Public Key Algorithm: rsaEncryption 414s Public-Key: (1024 bit) 414s Modulus: 414s 00:a2:7d:91:b3:f7:c0:94:d8:2c:69:97:48:95:68: 414s c3:a6:8a:c6:cd:4b:d4:26:29:6b:0d:06:9c:f9:1c: 414s 31:4b:2e:29:03:5d:9b:90:af:38:d3:de:da:4c:27: 414s 4a:ea:41:b6:61:e3:1e:36:2a:55:42:f2:9d:b6:db: 414s 3f:31:ee:92:70:7a:ab:a6:2f:ef:31:57:7a:24:89: 414s 55:61:3a:0d:c2:40:a8:b1:55:e0:58:31:52:66:fa: 414s 1b:b2:26:36:ef:ef:72:73:23:bb:57:f1:d1:b6:bf: 414s 64:2c:af:db:c4:82:ec:38:60:37:e6:d2:b3:6e:e7: 414s 8b:2b:97:56:ed:96:4e:dd:db 414s Exponent: 65537 (0x10001) 414s Attributes: 414s Requested Extensions: 414s X509v3 Basic Constraints: 414s CA:FALSE 414s Netscape Cert Type: 414s SSL Client, S/MIME 414s Netscape Comment: 414s Test Organization Intermediate CA trusted Certificate 414s X509v3 Subject Key Identifier: 414s 6B:53:04:D8:55:6F:69:DA:B2:E2:00:45:7B:01:0D:03:79:7E:11:74 414s X509v3 Key Usage: critical 414s Digital Signature, Non Repudiation, Key Encipherment 414s X509v3 Extended Key Usage: 414s TLS Web Client Authentication, E-mail Protection 414s X509v3 Subject Alternative Name: 414s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 414s Signature Algorithm: sha256WithRSAEncryption 414s Signature Value: 414s 6d:7d:cd:39:6c:eb:f8:e3:6c:1d:75:6c:f6:f4:4e:3b:b6:a8: 414s 2c:00:1b:36:4c:10:ab:ec:5d:7b:33:0c:78:7f:57:78:d3:ef: 414s 87:f2:8e:fd:85:1b:db:b7:a4:be:bf:91:11:04:84:c6:60:27: 414s 7d:3b:9e:47:e9:1c:0d:e7:74:93:52:87:f4:86:e4:db:f4:3b: 414s 65:6e:f0:71:7b:02:ad:60:be:84:20:76:bd:bc:76:e9:55:fc: 414s e2:d0:d9:03:9a:1b:e6:79:22:f2:f7:d1:d7:0d:2c:9e:e3:bb: 414s e5:4e:e2:7a:c3:b4:9d:bb:15:7a:67:3a:3c:22:48:7f:25:03: 414s 30:e1 414s + openssl ca -passin pass:random-intermediate-CA-password-22392 -config /tmp/sssd-softhsm2-certs-1PgOfu/test-intermediate-CA.config -batch -notext -keyfile /tmp/sssd-softhsm2-certs-1PgOfu/test-intermediate-CA-key.pem -in /tmp/sssd-softhsm2-certs-1PgOfu/test-intermediate-CA-trusted-certificate-0001-request.pem -days 365 -extensions usr_cert -out /tmp/sssd-softhsm2-certs-1PgOfu/test-intermediate-CA-trusted-certificate-0001.pem 414s Using configuration from /tmp/sssd-softhsm2-certs-1PgOfu/test-intermediate-CA.config 414s Check that the request matches the signature 414s Signature ok 414s Certificate Details: 414s Serial Number: 4 (0x4) 414s Validity 414s Not Before: Apr 11 17:25:27 2024 GMT 414s Not After : Apr 11 17:25:27 2025 GMT 414s Subject: 414s organizationName = Test Organization 414s organizationalUnitName = Test Organization Unit 414s commonName = Test Organization Intermediate Trusted Certificate 0001 414s X509v3 extensions: 414s X509v3 Authority Key Identifier: 414s A0:05:DF:EF:4A:0B:35:BF:84:1F:3D:C4:32:11:23:05:1F:37:57:18 414s X509v3 Basic Constraints: 414s CA:FALSE 414s Netscape Cert Type: 414s SSL Client, S/MIME 414s Netscape Comment: 414s Test Organization Intermediate CA trusted Certificate 414s X509v3 Subject Key Identifier: 414s 6B:53:04:D8:55:6F:69:DA:B2:E2:00:45:7B:01:0D:03:79:7E:11:74 414s X509v3 Key Usage: critical 414s Digital Signature, Non Repudiation, Key Encipherment 414s X509v3 Extended Key Usage: 414s TLS Web Client Authentication, E-mail Protection 414s X509v3 Subject Alternative Name: 414s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 414s Certificate is to be certified until Apr 11 17:25:27 2025 GMT (365 days) 414s 414s Write out database with 1 new entries 414s Database updated 414s + openssl x509 -noout -in /tmp/sssd-softhsm2-certs-1PgOfu/test-intermediate-CA-trusted-certificate-0001.pem 414s This certificate should not be trusted fully 414s + echo 'This certificate should not be trusted fully' 414s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-certs-1PgOfu/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-1PgOfu/test-intermediate-CA-trusted-certificate-0001.pem 414s + local cmd=openssl 414s + shift 414s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-1PgOfu/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-1PgOfu/test-intermediate-CA-trusted-certificate-0001.pem 414s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 414s error 2 at 1 depth lookup: unable to get issuer certificate 414s error /tmp/sssd-softhsm2-certs-1PgOfu/test-intermediate-CA-trusted-certificate-0001.pem: verification failed 414s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-certs-1PgOfu/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-1PgOfu/test-intermediate-CA-trusted-certificate-0001.pem 414s /tmp/sssd-softhsm2-certs-1PgOfu/test-intermediate-CA-trusted-certificate-0001.pem: OK 414s + cat 414s + sub_intermediate_ca_trusted_cert_0001_key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-29808 414s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-certs-1PgOfu/test-sub-intermediate-CA-trusted-certificate-0001-key.pem -passout pass:random-sub-intermediate-ca-trusted-cert-0001-29808 1024 414s + openssl req -new -nodes -reqexts req_exts -passin pass:random-sub-intermediate-ca-trusted-cert-0001-29808 -key /tmp/sssd-softhsm2-certs-1PgOfu/test-sub-intermediate-CA-trusted-certificate-0001-key.pem -config /tmp/sssd-softhsm2-certs-1PgOfu/test-sub-intermediate-CA-trusted-certificate-0001.config -out /tmp/sssd-softhsm2-certs-1PgOfu/test-sub-intermediate-CA-trusted-certificate-0001-request.pem 414s + openssl req -text -noout -in /tmp/sssd-softhsm2-certs-1PgOfu/test-sub-intermediate-CA-trusted-certificate-0001-request.pem 414s Certificate Request: 414s Data: 414s Version: 1 (0x0) 414s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 414s Subject Public Key Info: 414s Public Key Algorithm: rsaEncryption 414s Public-Key: (1024 bit) 414s Modulus: 414s 00:fa:dc:a4:be:4a:ac:96:3a:3c:94:30:e4:d7:38: 414s 42:1a:35:96:ac:2e:cb:dc:e4:dc:f6:b7:bf:e9:db: 414s 21:ae:82:a8:de:d8:c0:83:94:39:e1:81:12:1e:01: 414s 77:55:7d:f1:6e:ac:7f:e2:dd:74:ea:4b:2a:b8:49: 414s 31:2f:76:ce:fb:e1:3f:83:ac:3f:91:90:5d:cf:08: 414s df:00:b4:86:c2:9a:1f:e8:27:aa:c5:10:95:94:d5: 414s 52:cf:6c:42:e0:4d:bb:da:7a:d9:40:42:69:0c:af: 414s d5:16:55:b0:13:96:d7:5f:bf:d4:25:c3:24:f5:c3: 414s 04:30:48:a6:39:84:9c:ea:31 414s Exponent: 65537 (0x10001) 414s Attributes: 414s Requested Extensions: 414s X509v3 Basic Constraints: 414s CA:FALSE 414s Netscape Cert Type: 414s SSL Client, S/MIME 414s Netscape Comment: 414s Test Organization Sub Intermediate CA trusted Certificate 414s X509v3 Subject Key Identifier: 414s 4D:25:00:C1:66:02:1B:B1:61:17:6E:18:77:31:A3:F4:CA:05:33:EE 414s X509v3 Key Usage: critical 414s Digital Signature, Non Repudiation, Key Encipherment 414s X509v3 Extended Key Usage: 414s TLS Web Client Authentication, E-mail Protection 414s X509v3 Subject Alternative Name: 414s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 414s Signature Algorithm: sha256WithRSAEncryption 414s Signature Value: 414s a1:79:f0:75:fa:b8:78:bb:4b:73:91:c3:0a:71:b6:38:d1:47: 414s 73:1d:3f:64:e1:c6:3a:bf:07:26:4a:3a:08:dd:c5:bf:a0:fd: 414s 22:5a:d0:62:30:e2:b9:f9:2b:13:49:14:85:c3:27:ce:8a:cc: 414s ea:13:87:35:98:47:7d:48:cb:3f:b0:99:2d:27:a5:26:09:8a: 414s 06:18:a1:68:e9:71:19:be:4c:81:3f:6a:7a:6f:f5:4a:41:2d: 414s fa:06:a6:f8:d9:54:4a:95:4c:61:c1:08:ef:51:3c:83:7b:23: 414s b3:56:72:bd:51:35:70:d8:ca:e5:a5:35:3e:be:01:97:a3:82: 414s 6c:58 414s + openssl ca -passin pass:random-sub-intermediate-CA-password-17422 -config /tmp/sssd-softhsm2-certs-1PgOfu/test-sub-intermediate-CA.config -batch -notext -keyfile /tmp/sssd-softhsm2-certs-1PgOfu/test-sub-intermediate-CA-key.pem -in /tmp/sssd-softhsm2-certs-1PgOfu/test-sub-intermediate-CA-trusted-certificate-0001-request.pem -days 365 -extensions usr_cert -out /tmp/sssd-softhsm2-certs-1PgOfu/test-sub-intermediate-CA-trusted-certificate-0001.pem 414s Using configuration from /tmp/sssd-softhsm2-certs-1PgOfu/test-sub-intermediate-CA.config 414s Check that the request matches the signature 414s Signature ok 414s Certificate Details: 414s Serial Number: 5 (0x5) 414s Validity 414s Not Before: Apr 11 17:25:27 2024 GMT 414s Not After : Apr 11 17:25:27 2025 GMT 414s Subject: 414s organizationName = Test Organization 414s organizationalUnitName = Test Organization Unit 414s commonName = Test Organization Sub Intermediate Trusted Certificate 0001 414s X509v3 extensions: 414s X509v3 Authority Key Identifier: 414s 6D:39:43:77:84:9A:EF:0E:10:81:FF:C8:5C:8C:B9:F2:E3:B4:2C:9D 414s X509v3 Basic Constraints: 414s CA:FALSE 414s Netscape Cert Type: 414s SSL Client, S/MIME 414s Netscape Comment: 414s Test Organization Sub Intermediate CA trusted Certificate 414s X509v3 Subject Key Identifier: 414s 4D:25:00:C1:66:02:1B:B1:61:17:6E:18:77:31:A3:F4:CA:05:33:EE 414s X509v3 Key Usage: critical 414s Digital Signature, Non Repudiation, Key Encipherment 414s X509v3 Extended Key Usage: 414s TLS Web Client Authentication, E-mail Protection 414s X509v3 Subject Alternative Name: 414s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 414s Certificate is to be certified until Apr 11 17:25:27 2025 GMT (365 days) 414s 414s Write out database with 1 new entries 414s Database updated 414s + openssl x509 -noout -in /tmp/sssd-softhsm2-certs-1PgOfu/test-sub-intermediate-CA-trusted-certificate-0001.pem 414s + echo 'This certificate should not be trusted fully' 414s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-certs-1PgOfu/test-sub-intermediate-CA.pem /tmp/sssd-softhsm2-certs-1PgOfu/test-sub-intermediate-CA-trusted-certificate-0001.pem 414s + local cmd=openssl 414s + shift 414s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-1PgOfu/test-sub-intermediate-CA.pem /tmp/sssd-softhsm2-certs-1PgOfu/test-sub-intermediate-CA-trusted-certificate-0001.pem 414s This certificate should not be trusted fully 414s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 414s error 2 at 1 depth lookup: unable to get issuer certificate 414s error /tmp/sssd-softhsm2-certs-1PgOfu/test-sub-intermediate-CA-trusted-certificate-0001.pem: verification failed 414s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-certs-1PgOfu/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-1PgOfu/test-sub-intermediate-CA-trusted-certificate-0001.pem 414s + local cmd=openssl 414s + shift 414s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-1PgOfu/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-1PgOfu/test-sub-intermediate-CA-trusted-certificate-0001.pem 414s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 414s error 20 at 0 depth lookup: unable to get local issuer certificate 414s error /tmp/sssd-softhsm2-certs-1PgOfu/test-sub-intermediate-CA-trusted-certificate-0001.pem: verification failed 414s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-certs-1PgOfu/test-sub-intermediate-CA.pem /tmp/sssd-softhsm2-certs-1PgOfu/test-sub-intermediate-CA-trusted-certificate-0001.pem 414s /tmp/sssd-softhsm2-certs-1PgOfu/test-sub-intermediate-CA-trusted-certificate-0001.pem: OK 414s + expect_fail openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-certs-1PgOfu/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-1PgOfu/test-sub-intermediate-CA-trusted-certificate-0001.pem 414s + local cmd=openssl 414s + shift 414s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-certs-1PgOfu/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-1PgOfu/test-sub-intermediate-CA-trusted-certificate-0001.pem 414s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 414s error 20 at 0 depth lookup: unable to get local issuer certificate 414s error /tmp/sssd-softhsm2-certs-1PgOfu/test-sub-intermediate-CA-trusted-certificate-0001.pem: verification failed 414s + echo 'Building a the full-chain CA file...' 414s + cat /tmp/sssd-softhsm2-certs-1PgOfu/test-root-CA.pem /tmp/sssd-softhsm2-certs-1PgOfu/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-1PgOfu/test-sub-intermediate-CA.pem 414s Building a the full-chain CA file... 414s + cat /tmp/sssd-softhsm2-certs-1PgOfu/test-root-CA.pem /tmp/sssd-softhsm2-certs-1PgOfu/test-intermediate-CA.pem 414s + cat /tmp/sssd-softhsm2-certs-1PgOfu/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-1PgOfu/test-sub-intermediate-CA.pem 414s + openssl crl2pkcs7 -nocrl -certfile /tmp/sssd-softhsm2-certs-1PgOfu/test-full-chain-CA.pem 414s + openssl pkcs7 -print_certs -noout 414s subject=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 414s issuer=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 414s 414s subject=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 414s issuer=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 414s 414s subject=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 414s issuer=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 414s 414s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-1PgOfu/test-full-chain-CA.pem /tmp/sssd-softhsm2-certs-1PgOfu/test-intermediate-CA.pem 414s /tmp/sssd-softhsm2-certs-1PgOfu/test-intermediate-CA.pem: OK 414s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-1PgOfu/test-full-chain-CA.pem /tmp/sssd-softhsm2-certs-1PgOfu/test-root-CA-trusted-certificate-0001.pem 414s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-1PgOfu/test-full-chain-CA.pem /tmp/sssd-softhsm2-certs-1PgOfu/test-intermediate-CA-trusted-certificate-0001.pem 414s /tmp/sssd-softhsm2-certs-1PgOfu/test-root-CA-trusted-certificate-0001.pem: OK 414s /tmp/sssd-softhsm2-certs-1PgOfu/test-intermediate-CA-trusted-certificate-0001.pem: OK 414s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-1PgOfu/test-full-chain-CA.pem /tmp/sssd-softhsm2-certs-1PgOfu/test-root-intermediate-chain-CA.pem 414s /tmp/sssd-softhsm2-certs-1PgOfu/test-root-intermediate-chain-CA.pem: OK 414s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-1PgOfu/test-full-chain-CA.pem /tmp/sssd-softhsm2-certs-1PgOfu/test-sub-intermediate-CA-trusted-certificate-0001.pem 414s /tmp/sssd-softhsm2-certs-1PgOfu/test-sub-intermediate-CA-trusted-certificate-0001.pem: OK 414s + echo 'Certificates generation completed!' 414s Certificates generation completed! 414s + [[ -v NO_SSSD_TESTS ]] 414s + [[ -v GENERATE_SMART_CARDS ]] 414s + prepare_softhsm2_card /tmp/sssd-softhsm2-certs-1PgOfu/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-25015 414s + local certificate=/tmp/sssd-softhsm2-certs-1PgOfu/test-root-CA-trusted-certificate-0001.pem 414s + local key_pass=pass:random-root-ca-trusted-cert-0001-25015 414s + local key_cn 414s + local key_name 414s + local tokens_dir 414s + local output_cert_file 414s + token_name= 414s ++ basename /tmp/sssd-softhsm2-certs-1PgOfu/test-root-CA-trusted-certificate-0001.pem .pem 414s + key_name=test-root-CA-trusted-certificate-0001 414s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-certs-1PgOfu/test-root-CA-trusted-certificate-0001.pem 414s ++ sed -n 's/ *commonName *= //p' 414s + key_cn='Test Organization Root Trusted Certificate 0001' 414s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 414s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-certs-1PgOfu/softhsm2-test-root-CA-trusted-certificate-0001.conf 414s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-certs-1PgOfu/softhsm2-test-root-CA-trusted-certificate-0001.conf 414s ++ basename /tmp/sssd-softhsm2-certs-1PgOfu/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 414s + tokens_dir=/tmp/sssd-softhsm2-certs-1PgOfu/softhsm2-test-root-CA-trusted-certificate-0001 414s + token_name='Test Organization Root Tr Token' 414s + '[' '!' -e /tmp/sssd-softhsm2-certs-1PgOfu/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 414s + local key_file 414s + local decrypted_key 414s + mkdir -p /tmp/sssd-softhsm2-certs-1PgOfu/softhsm2-test-root-CA-trusted-certificate-0001 414s + key_file=/tmp/sssd-softhsm2-certs-1PgOfu/test-root-CA-trusted-certificate-0001-key.pem 414s + decrypted_key=/tmp/sssd-softhsm2-certs-1PgOfu/test-root-CA-trusted-certificate-0001-key-decrypted.pem 414s + cat 414s + softhsm2-util --init-token --label 'Test Organization Root Tr Token' --pin 123456 --so-pin 123456 --free 414s Slot 0 has a free/uninitialized token. 414s The token has been initialized and is reassigned to slot 1755562565 414s + softhsm2-util --show-slots 414s Available slots: 414s Slot 1755562565 414s Slot info: 414s Description: SoftHSM slot ID 0x68a3c245 414s Manufacturer ID: SoftHSM project 414s Hardware version: 2.6 414s Firmware version: 2.6 414s Token present: yes 414s Token info: 414s Manufacturer ID: SoftHSM project 414s Model: SoftHSM v2 414s Hardware version: 2.6 414s Firmware version: 2.6 414s Serial number: 651098b168a3c245 414s Initialized: yes 414s User PIN init.: yes 414s Label: Test Organization Root Tr Token 414s Slot 1 414s Slot info: 414s Description: SoftHSM slot ID 0x1 414s Manufacturer ID: SoftHSM project 414s Hardware version: 2.6 414s Firmware version: 2.6 414s Token present: yes 414s Token info: 414s Manufacturer ID: SoftHSM project 414s Model: SoftHSM v2 414s Hardware version: 2.6 414s Firmware version: 2.6 414s Serial number: 414s Initialized: no 414s User PIN init.: no 414s Label: 414s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=/tmp/sssd-softhsm2-certs-1PgOfu/test-root-CA-trusted-certificate-0001.pem --login --set-pin=123456 --label 'Test Organization Root Trusted Certificate 0001' --id 00112233445566778899FFAABBCCDDEEFF012345 414s + openssl rsa -passin pass:random-root-ca-trusted-cert-0001-25015 -in /tmp/sssd-softhsm2-certs-1PgOfu/test-root-CA-trusted-certificate-0001-key.pem -out /tmp/sssd-softhsm2-certs-1PgOfu/test-root-CA-trusted-certificate-0001-key-decrypted.pem 414s writing RSA key 414s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --write --load-privkey=/tmp/sssd-softhsm2-certs-1PgOfu/test-root-CA-trusted-certificate-0001-key-decrypted.pem --login --set-pin=123456 --label 'Test Organization Root Trusted Certificate 0001 Key' --id 00112233445566778899FFAABBCCDDEEFF012345 414s + rm /tmp/sssd-softhsm2-certs-1PgOfu/test-root-CA-trusted-certificate-0001-key-decrypted.pem 414s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --list-all 414s Object 0: 414s URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=651098b168a3c245;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert 414s Type: X.509 Certificate (RSA-1024) 414s Expires: Fri Apr 11 17:25:27 2025 414s Label: Test Organization Root Trusted Certificate 0001 414s ID: 00:11:22:33:44:55:66:77:88:99:ff:aa:bb:cc:dd:ee:ff:01:23:45 414s 414s Test Organization Root Tr Token 414s + echo 'Test Organization Root Tr Token' 414s + prepare_softhsm2_card /tmp/sssd-softhsm2-certs-1PgOfu/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-20598 414s + local certificate=/tmp/sssd-softhsm2-certs-1PgOfu/test-intermediate-CA-trusted-certificate-0001.pem 414s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-20598 414s + local key_cn 414s + local key_name 414s + local tokens_dir 414s + local output_cert_file 414s + token_name= 414s ++ basename /tmp/sssd-softhsm2-certs-1PgOfu/test-intermediate-CA-trusted-certificate-0001.pem .pem 414s + key_name=test-intermediate-CA-trusted-certificate-0001 414s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-certs-1PgOfu/test-intermediate-CA-trusted-certificate-0001.pem 414s ++ sed -n 's/ *commonName *= //p' 414s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 414s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 414s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-certs-1PgOfu/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 414s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-certs-1PgOfu/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 414s ++ basename /tmp/sssd-softhsm2-certs-1PgOfu/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 414s + tokens_dir=/tmp/sssd-softhsm2-certs-1PgOfu/softhsm2-test-intermediate-CA-trusted-certificate-0001 414s + token_name='Test Organization Interme Token' 414s + '[' '!' -e /tmp/sssd-softhsm2-certs-1PgOfu/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 414s + local key_file 414s + local decrypted_key 414s + mkdir -p /tmp/sssd-softhsm2-certs-1PgOfu/softhsm2-test-intermediate-CA-trusted-certificate-0001 414s + key_file=/tmp/sssd-softhsm2-certs-1PgOfu/test-intermediate-CA-trusted-certificate-0001-key.pem 414s + decrypted_key=/tmp/sssd-softhsm2-certs-1PgOfu/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 414s + cat 414s + softhsm2-util --init-token --label 'Test Organization Interme Token' --pin 123456 --so-pin 123456 --free 414s Slot 0 has a free/uninitialized token. 414s The token has been initialized and is reassigned to slot 402887599 414s + softhsm2-util --show-slots 414s Available slots: 414s Slot 402887599 414s Slot info: 414s Description: SoftHSM slot ID 0x180393af 414s Manufacturer ID: SoftHSM project 414s Hardware version: 2.6 414s Firmware version: 2.6 414s Token present: yes 414s Token info: 414s Manufacturer ID: SoftHSM project 414s Model: SoftHSM v2 414s Hardware version: 2.6 414s Firmware version: 2.6 414s Serial number: 3a260627180393af 414s Initialized: yes 414s User PIN init.: yes 414s Label: Test Organization Interme Token 414s Slot 1 414s Slot info: 414s Description: SoftHSM slot ID 0x1 414s Manufacturer ID: SoftHSM project 414s Hardware version: 2.6 414s Firmware version: 2.6 414s Token present: yes 414s Token info: 414s Manufacturer ID: SoftHSM project 414s Model: SoftHSM v2 414s Hardware version: 2.6 414s Firmware version: 2.6 414s Serial number: 414s Initialized: no 414s User PIN init.: no 414s Label: 414s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=/tmp/sssd-softhsm2-certs-1PgOfu/test-intermediate-CA-trusted-certificate-0001.pem --login --set-pin=123456 --label 'Test Organization Intermediate Trusted Certificate 0001' --id 00112233445566778899FFAABBCCDDEEFF012345 414s + openssl rsa -passin pass:random-intermediate-ca-trusted-cert-0001-20598 -in /tmp/sssd-softhsm2-certs-1PgOfu/test-intermediate-CA-trusted-certificate-0001-key.pem -out /tmp/sssd-softhsm2-certs-1PgOfu/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 414s writing RSA key 414s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --write --load-privkey=/tmp/sssd-softhsm2-certs-1PgOfu/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem --login --set-pin=123456 --label 'Test Organization Intermediate Trusted Certificate 0001 Key' --id 00112233445566778899FFAABBCCDDEEFF012345 414s + rm /tmp/sssd-softhsm2-certs-1PgOfu/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 414s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --list-all 414s Object 0: 414s URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=3a260627180393af;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert 414s Type: X.509 Certificate (RSA-1024) 414s Expires: Fri Apr 11 17:25:27 2025 414s Label: Test Organization Intermediate Trusted Certificate 0001 414s ID: 00:11:22:33:44:55:66:77:88:99:ff:aa:bb:cc:dd:ee:ff:01:23:45 414s 414s + echo 'Test Organization Interme Token' 414s Test Organization Interme Token 414s + prepare_softhsm2_card /tmp/sssd-softhsm2-certs-1PgOfu/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-29808 414s + local certificate=/tmp/sssd-softhsm2-certs-1PgOfu/test-sub-intermediate-CA-trusted-certificate-0001.pem 414s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-29808 414s + local key_cn 414s + local key_name 414s + local tokens_dir 414s + local output_cert_file 414s + token_name= 414s ++ basename /tmp/sssd-softhsm2-certs-1PgOfu/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 414s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 414s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-certs-1PgOfu/test-sub-intermediate-CA-trusted-certificate-0001.pem 414s ++ sed -n 's/ *commonName *= //p' 414s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 414s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 414s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-certs-1PgOfu/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 414s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-certs-1PgOfu/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 414s ++ basename /tmp/sssd-softhsm2-certs-1PgOfu/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 414s + tokens_dir=/tmp/sssd-softhsm2-certs-1PgOfu/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 414s + token_name='Test Organization Sub Int Token' 414s + '[' '!' -e /tmp/sssd-softhsm2-certs-1PgOfu/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 414s + local key_file 414s + local decrypted_key 414s + mkdir -p /tmp/sssd-softhsm2-certs-1PgOfu/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 414s + key_file=/tmp/sssd-softhsm2-certs-1PgOfu/test-sub-intermediate-CA-trusted-certificate-0001-key.pem 414s + decrypted_key=/tmp/sssd-softhsm2-certs-1PgOfu/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 414s + cat 414s + softhsm2-util --init-token --label 'Test Organization Sub Int Token' --pin 123456 --so-pin 123456 --free 414s Slot 0 has a free/uninitialized token. 414s The token has been initialized and is reassigned to slot 446741946 414s + softhsm2-util --show-slots 414s Available slots: 414s Slot 446741946 414s Slot info: 414s Description: SoftHSM slot ID 0x1aa0bdba 414s Manufacturer ID: SoftHSM project 414s Hardware version: 2.6 414s Firmware version: 2.6 414s Token present: yes 414s Token info: 414s Manufacturer ID: SoftHSM project 414s Model: SoftHSM v2 414s Hardware version: 2.6 414s Firmware version: 2.6 414s Serial number: 524c4a919aa0bdba 414s Initialized: yes 414s User PIN init.: yes 414s Label: Test Organization Sub Int Token 414s Slot 1 414s Slot info: 414s Description: SoftHSM slot ID 0x1 414s Manufacturer ID: SoftHSM project 414s Hardware version: 2.6 414s Firmware version: 2.6 414s Token present: yes 414s Token info: 414s Manufacturer ID: SoftHSM project 414s Model: SoftHSM v2 414s Hardware version: 2.6 414s Firmware version: 2.6 414s Serial number: 414s Initialized: no 414s User PIN init.: no 414s Label: 414s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=/tmp/sssd-softhsm2-certs-1PgOfu/test-sub-intermediate-CA-trusted-certificate-0001.pem --login --set-pin=123456 --label 'Test Organization Sub Intermediate Trusted Certificate 0001' --id 00112233445566778899FFAABBCCDDEEFF012345 414s + openssl rsa -passin pass:random-sub-intermediate-ca-trusted-cert-0001-29808 -in /tmp/sssd-softhsm2-certs-1PgOfu/test-sub-intermediate-CA-trusted-certificate-0001-key.pem -out /tmp/sssd-softhsm2-certs-1PgOfu/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 414s writing RSA key 414s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --write --load-privkey=/tmp/sssd-softhsm2-certs-1PgOfu/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem --login --set-pin=123456 --label 'Test Organization Sub Intermediate Trusted Certificate 0001 Key' --id 00112233445566778899FFAABBCCDDEEFF012345 414s + rm /tmp/sssd-softhsm2-certs-1PgOfu/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 414s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --list-all 414s Object 0: 414s URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=524c4a919aa0bdba;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert 414s Type: X.509 Certificate (RSA-1024) 414s Expires: Fri Apr 11 17:25:27 2025 414s Label: Test Organization Sub Intermediate Trusted Certificate 0001 414s ID: 00:11:22:33:44:55:66:77:88:99:ff:aa:bb:cc:dd:ee:ff:01:23:45 414s 414s Test Organization Sub Int Token 414s + echo 'Test Organization Sub Int Token' 414s + echo 'Certificates generation completed!' 414s + exit 0 414s Certificates generation completed! 414s + find /tmp/sssd-softhsm2-certs-1PgOfu -type d -exec chmod 777 '{}' ';' 414s + find /tmp/sssd-softhsm2-certs-1PgOfu -type f -exec chmod 666 '{}' ';' 414s + backup_file /etc/sssd/sssd.conf 414s + '[' -z '' ']' 414s ++ mktemp -d -t sssd-softhsm2-backups-XXXXXX 414s + backupsdir=/tmp/sssd-softhsm2-backups-eoRoB8 414s + '[' -e /etc/sssd/sssd.conf ']' 414s + delete_paths+=("$1") 414s + rm -f /etc/sssd/sssd.conf 414s ++ runuser -u ubuntu -- sh -c 'echo ~' 414s + user_home=/home/ubuntu 414s + mkdir -p /home/ubuntu 414s + chown ubuntu:ubuntu /home/ubuntu 414s ++ runuser -u ubuntu -- sh -c 'echo ${XDG_CONFIG_HOME:-~/.config}' 414s + user_config=/home/ubuntu/.config 414s + system_config=/etc 414s + softhsm2_conf_paths=("${AUTOPKGTEST_NORMAL_USER}:$user_config/softhsm2/softhsm2.conf" "root:$system_config/softhsm/softhsm2.conf") 414s + for path_pair in "${softhsm2_conf_paths[@]}" 414s + IFS=: 414s + read -r -a path 414s + path=/home/ubuntu/.config/softhsm2/softhsm2.conf 414s + backup_file /home/ubuntu/.config/softhsm2/softhsm2.conf 414s + '[' -z /tmp/sssd-softhsm2-backups-eoRoB8 ']' 414s + '[' -e /home/ubuntu/.config/softhsm2/softhsm2.conf ']' 414s + delete_paths+=("$1") 414s + rm -f /home/ubuntu/.config/softhsm2/softhsm2.conf 414s + for path_pair in "${softhsm2_conf_paths[@]}" 414s + IFS=: 414s + read -r -a path 414s + path=/etc/softhsm/softhsm2.conf 414s + backup_file /etc/softhsm/softhsm2.conf 414s + '[' -z /tmp/sssd-softhsm2-backups-eoRoB8 ']' 414s + '[' -e /etc/softhsm/softhsm2.conf ']' 414s ++ dirname /etc/softhsm/softhsm2.conf 414s + local back_dir=/tmp/sssd-softhsm2-backups-eoRoB8//etc/softhsm 414s ++ basename /etc/softhsm/softhsm2.conf 414s + local back_path=/tmp/sssd-softhsm2-backups-eoRoB8//etc/softhsm/softhsm2.conf 414s + '[' '!' -e /tmp/sssd-softhsm2-backups-eoRoB8//etc/softhsm/softhsm2.conf ']' 414s + mkdir -p /tmp/sssd-softhsm2-backups-eoRoB8//etc/softhsm 414s + cp -a /etc/softhsm/softhsm2.conf /tmp/sssd-softhsm2-backups-eoRoB8//etc/softhsm/softhsm2.conf 414s + restore_paths+=("$back_path") 414s + rm -f /etc/softhsm/softhsm2.conf 414s + test_authentication login /tmp/sssd-softhsm2-certs-1PgOfu/softhsm2-test-root-CA-trusted-certificate-0001.conf /tmp/sssd-softhsm2-certs-1PgOfu/test-full-chain-CA.pem 414s + pam_service=login 414s + certificate_config=/tmp/sssd-softhsm2-certs-1PgOfu/softhsm2-test-root-CA-trusted-certificate-0001.conf 414s + ca_db=/tmp/sssd-softhsm2-certs-1PgOfu/test-full-chain-CA.pem 414s + verification_options= 414s + mkdir -p -m 700 /etc/sssd 414s + echo 'Using CA DB '\''/tmp/sssd-softhsm2-certs-1PgOfu/test-full-chain-CA.pem'\'' with verification options: '\'''\''' 414s + cat 414s Using CA DB '/tmp/sssd-softhsm2-certs-1PgOfu/test-full-chain-CA.pem' with verification options: '' 414s + chmod 600 /etc/sssd/sssd.conf 414s + for path_pair in "${softhsm2_conf_paths[@]}" 414s + IFS=: 414s + read -r -a path 414s + user=ubuntu 414s + path=/home/ubuntu/.config/softhsm2/softhsm2.conf 414s ++ dirname /home/ubuntu/.config/softhsm2/softhsm2.conf 414s + runuser -u ubuntu -- mkdir -p /home/ubuntu/.config/softhsm2 414s + runuser -u ubuntu -- ln -sf /tmp/sssd-softhsm2-certs-1PgOfu/softhsm2-test-root-CA-trusted-certificate-0001.conf /home/ubuntu/.config/softhsm2/softhsm2.conf 414s + runuser -u ubuntu -- softhsm2-util --show-slots 414s + grep 'Test Organization' 414s Label: Test Organization Root Tr Token 414s + for path_pair in "${softhsm2_conf_paths[@]}" 414s + IFS=: 414s + read -r -a path 414s + user=root 414s + path=/etc/softhsm/softhsm2.conf 414s ++ dirname /etc/softhsm/softhsm2.conf 414s + runuser -u root -- mkdir -p /etc/softhsm 414s + runuser -u root -- ln -sf /tmp/sssd-softhsm2-certs-1PgOfu/softhsm2-test-root-CA-trusted-certificate-0001.conf /etc/softhsm/softhsm2.conf 414s + runuser -u root -- softhsm2-util --show-slots 414s + grep 'Test Organization' 414s Label: Test Organization Root Tr Token 414s + systemctl restart sssd 415s + pam-auth-update --disable sss-smart-card-optional sss-smart-card-required 415s + for alternative in "${alternative_pam_configs[@]}" 415s + pam-auth-update --enable sss-smart-card-optional 415s # 415s # /etc/pam.d/common-auth - authentication settings common to all services 415s # 415s # This file is included from other service-specific PAM config files, 415s # and should contain a list of the authentication modules that define 415s # the central authentication scheme for use on the system 415s # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the 415s # traditional Unix authentication mechanisms. 415s # 415s # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. 415s # To take advantage of this, it is recommended that you configure any 415s # local modules either before or after the default block, and use 415s # pam-auth-update to manage selection of other modules. See 415s # pam-auth-update(8) for details. 415s 415s # here are the per-package modules (the "Primary" block) 415s auth [success=3 default=ignore] pam_sss.so allow_missing_name try_cert_auth 415s auth [success=2 default=ignore] pam_unix.so nullok try_first_pass 415s auth [success=1 default=ignore] pam_sss.so use_first_pass 415s # here's the fallback if no module succeeds 415s auth requisite pam_deny.so 415s # prime the stack with a positive return value if there isn't one already; 415s # this avoids us returning an error just because nothing sets a success code 415s # since the modules above will each just jump around 415s auth required pam_permit.so 415s # and here are more per-package modules (the "Additional" block) 415s auth optional pam_cap.so 415s # end of pam-auth-update config 415s + cat /etc/pam.d/common-auth 415s + echo -n -e 123456 415s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 415s pamtester: invoking pam_start(login, ubuntu, ...) 415s pamtester: performing operation - authenticate 415s PIN for Test Organization Root Tr Token: pamtester: successfully authenticated 415s + echo -n -e 123456 415s + runuser -u ubuntu -- pamtester -v login '' authenticate 415s pamtester: invoking pam_start(login, , ...) 415s pamtester: performing operation - authenticate 415s PIN for Test Organization Root Tr Token: pamtester: successfully authenticated 415s + echo -n -e wrong123456 415s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 415s pamtester: invoking pam_start(login, ubuntu, ...) 415s pamtester: performing operation - authenticate 419s PIN for Test Organization Root Tr Token: Password: pamtester: Authentication failure 419s + echo -n -e wrong123456 419s + runuser -u ubuntu -- pamtester -v login '' authenticate 419s pamtester: invoking pam_start(login, , ...) 419s pamtester: performing operation - authenticate 423s PIN for Test Organization Root Tr Token: Password: pamtester: Authentication failure 423s + echo -n -e 123456 423s + pamtester -v login root authenticate 423s pamtester: invoking pam_start(login, root, ...) 423s pamtester: performing operation - authenticate 426s Password: pamtester: Authentication failure 426s + for alternative in "${alternative_pam_configs[@]}" 426s + pam-auth-update --enable sss-smart-card-required 426s PAM configuration 426s ----------------- 426s 426s Incompatible PAM profiles selected. 426s 426s The following PAM profiles cannot be used together: 426s 426s SSS required smart card authentication, SSS optional smart card 426s authentication 426s 426s Please select a different set of modules to enable. 426s 426s + cat /etc/pam.d/common-auth 426s # 426s # /etc/pam.d/common-auth - authentication settings common to all services 426s # 426s # This file is included from other service-specific PAM config files, 426s # and should contain a list of the authentication modules that define 426s # the central authentication scheme for use on the system 426s # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the 426s # traditional Unix authentication mechanisms. 426s # 426s # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. 426s # To take advantage of this, it is recommended that you configure any 426s # local modules either before or after the default block, and use 426s # pam-auth-update to manage selection of other modules. See 426s # pam-auth-update(8) for details. 426s 426s # here are the per-package modules (the "Primary" block) 426s auth [success=3 ignore=ignore default=die] pam_sss.so allow_missing_name require_cert_auth 426s auth [success=2 default=ignore] pam_unix.so nullok try_first_pass 426s auth [success=1 default=ignore] pam_sss.so use_first_pass 426s # here's the fallback if no module succeeds 426s auth requisite pam_deny.so 426s # prime the stack with a positive return value if there isn't one already; 426s # this avoids us returning an error just because nothing sets a success code 426s # since the modules above will each just jump around 426s auth required pam_permit.so 426s # and here are more per-package modules (the "Additional" block) 426s auth optional pam_cap.so 426s # end of pam-auth-update config 426s + echo -n -e 123456 426s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 426s pamtester: invoking pam_start(login, ubuntu, ...) 426s pamtester: performing operation - authenticate 426s PIN for Test Organization Root Tr Token: pamtester: successfully authenticated 426s + echo -n -e 123456 426s + runuser -u ubuntu -- pamtester -v login '' authenticate 426s pamtester: invoking pam_start(login, , ...) 426s pamtester: performing operation - authenticate 426s PIN for Test Organization Root Tr Token: pamtester: successfully authenticated 426s + echo -n -e wrong123456 426s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 426s pamtester: invoking pam_start(login, ubuntu, ...) 426s pamtester: performing operation - authenticate 430s PIN for Test Organization Root Tr Token: pamtester: Authentication failure 430s + echo -n -e wrong123456 430s + runuser -u ubuntu -- pamtester -v login '' authenticate 430s pamtester: invoking pam_start(login, , ...) 430s pamtester: performing operation - authenticate 433s PIN for Test Organization Root Tr Token: pamtester: Authentication failure 433s + echo -n -e 123456 433s + pamtester -v login root authenticate 433s pamtester: invoking pam_start(login, root, ...) 433s pamtester: performing operation - authenticate 436s pamtester: Authentication service cannot retrieve authentication info 436s + test_authentication login /tmp/sssd-softhsm2-certs-1PgOfu/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf /tmp/sssd-softhsm2-certs-1PgOfu/test-full-chain-CA.pem 436s Using CA DB '/tmp/sssd-softhsm2-certs-1PgOfu/test-full-chain-CA.pem' with verification options: '' 436s + pam_service=login 436s + certificate_config=/tmp/sssd-softhsm2-certs-1PgOfu/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 436s + ca_db=/tmp/sssd-softhsm2-certs-1PgOfu/test-full-chain-CA.pem 436s + verification_options= 436s + mkdir -p -m 700 /etc/sssd 436s + echo 'Using CA DB '\''/tmp/sssd-softhsm2-certs-1PgOfu/test-full-chain-CA.pem'\'' with verification options: '\'''\''' 436s + cat 436s + chmod 600 /etc/sssd/sssd.conf 436s + for path_pair in "${softhsm2_conf_paths[@]}" 436s + IFS=: 436s + read -r -a path 436s + user=ubuntu 436s + path=/home/ubuntu/.config/softhsm2/softhsm2.conf 436s ++ dirname /home/ubuntu/.config/softhsm2/softhsm2.conf 436s + runuser -u ubuntu -- mkdir -p /home/ubuntu/.config/softhsm2 436s + runuser -u ubuntu -- ln -sf /tmp/sssd-softhsm2-certs-1PgOfu/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf /home/ubuntu/.config/softhsm2/softhsm2.conf 436s + runuser -u ubuntu -- softhsm2-util --show-slots 436s + grep 'Test Organization' 436s Label: Test Organization Sub Int Token 436s + for path_pair in "${softhsm2_conf_paths[@]}" 436s + IFS=: 436s + read -r -a path 436s + user=root 436s Label: Test Organization Sub Int Token 436s + path=/etc/softhsm/softhsm2.conf 436s ++ dirname /etc/softhsm/softhsm2.conf 436s + runuser -u root -- mkdir -p /etc/softhsm 436s + runuser -u root -- ln -sf /tmp/sssd-softhsm2-certs-1PgOfu/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf /etc/softhsm/softhsm2.conf 436s + runuser -u root -- softhsm2-util --show-slots 436s + grep 'Test Organization' 436s + systemctl restart sssd 436s + pam-auth-update --disable sss-smart-card-optional sss-smart-card-required 440s + for alternative in "${alternative_pam_configs[@]}" 440s + pam-auth-update --enable sss-smart-card-optional 440s # 440s # /etc/pam.d/common-auth - authentication settings common to all services 440s # 440s # This file is included from other service-specific PAM config files, 440s # and should contain a list of the authentication modules that define 440s # the central authentication scheme for use on the system 440s # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the 440s # traditional Unix authentication mechanisms. 440s # 440s # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. 440s # To take advantage of this, it is recommended that you configure any 440s # local modules either before or after the default block, and use 440s # pam-auth-update to manage selection of other modules. See 440s # pam-auth-update(8) for details. 440s 440s # here are the per-package modules (the "Primary" block) 440s auth [success=3 default=ignore] pam_sss.so allow_missing_name try_cert_auth 440s auth [success=2 default=ignore] pam_unix.so nullok try_first_pass 440s auth [success=1 default=ignore] pam_sss.so use_first_pass 440s # here's the fallback if no module succeeds 440s auth requisite pam_deny.so 440s # prime the stack with a positive return value if there isn't one already; 440s # this avoids us returning an error just because nothing sets a success code 440s # since the modules above will each just jump around 440s auth required pam_permit.so 440s # and here are more per-package modules (the "Additional" block) 440s auth optional pam_cap.so 440s # end of pam-auth-update config 440s + cat /etc/pam.d/common-auth 440s + echo -n -e 123456 440s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 440s pamtester: invoking pam_start(login, ubuntu, ...) 440s pamtester: performing operation - authenticate 440s PIN for Test Organization Sub Int Token: + runuser -u ubuntu -- pamtester -v login '' authenticate 440s + echo -n -e 123456 440s pamtester: invoking pam_start(login, , ...) 440s pamtester: performing operation - authenticate 440s PIN for Test Organization Sub Int Token: + echo -n -e wrong123456 440s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 440s pamtester: invoking pam_start(login, ubuntu, ...) 440s pamtester: performing operation - authenticate 440s PIN for Test Organization Sub Int Token: Password: pamtester: successfully authenticated 440s pamtester: successfully authenticated 440s pamtester: Authentication failure 440s + echo -n -e wrong123456 440s + runuser -u ubuntu -- pamtester -v login '' authenticate 440s pamtester: invoking pam_start(login, , ...) 440s pamtester: performing operation - authenticate 444s PIN for Test Organization Sub Int Token: Password: pamtester: Authentication failure 444s + echo -n -e 123456 444s + pamtester -v login root authenticate 444s pamtester: invoking pam_start(login, root, ...) 444s pamtester: performing operation - authenticate 448s Password: pamtester: Authentication failure 448s PAM configuration 448s ----------------- 448s 448s Incompatible PAM profiles selected. 448s 448s The following PAM profiles cannot be used together: 448s 448s SSS required smart card authentication, SSS optional smart card 448s authentication 448s 448s Please select a different set of modules to enable. 448s 448s # 448s # /etc/pam.d/common-auth - authentication settings common to all services 448s # 448s # This file is included from other service-specific PAM config files, 448s # and should contain a list of the authentication modules that define 448s # the central authentication scheme for use on the system 448s # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the 448s # traditional Unix authentication mechanisms. 448s # 448s # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. 448s # To take advantage of this, it is recommended that you configure any 448s # local modules either before or after the default block, and use 448s # pam-auth-update to manage selection of other modules. See 448s # pam-auth-update(8) for details. 448s 448s # here are the per-package modules (the "Primary" block) 448s auth [success=3 ignore=ignore default=die] pam_sss.so allow_missing_name require_cert_auth 448s auth [success=2 default=ignore] pam_unix.so nullok try_first_pass 448s auth [success=1 default=ignore] pam_sss.so use_first_pass 448s # here's the fallback if no module succeeds 448s auth requisite pam_deny.so 448s # prime the stack with a positive return value if there isn't one already; 448s # this avoids us returning an error just because nothing sets a success code 448s # since the modules above will each just jump around 448s auth required pam_permit.so 448s # and here are more per-package modules (the "Additional" block) 448s auth optional pam_cap.so 448s # end of pam-auth-update config 448s pamtester: successfully authenticated 448s pamtester: successfully authenticated 448s + for alternative in "${alternative_pam_configs[@]}" 448s + pam-auth-update --enable sss-smart-card-required 448s + cat /etc/pam.d/common-auth 448s + echo -n -e 123456 448s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 448s pamtester: invoking pam_start(login, ubuntu, ...) 448s pamtester: performing operation - authenticate 448s PIN for Test Organization Sub Int Token: + echo -n -e 123456 448s + runuser -u ubuntu -- pamtester -v login '' authenticate 448s pamtester: invoking pam_start(login, , ...) 448s pamtester: performing operation - authenticate 448s PIN for Test Organization Sub Int Token: + echo -n -e wrong123456 448s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 448s pamtester: invoking pam_start(login, ubuntu, ...) 448s pamtester: performing operation - authenticate 450s PIN for Test Organization Sub Int Token: pamtester: Authentication failure 450s + echo -n -e wrong123456 450s + runuser -u ubuntu -- pamtester -v login '' authenticate 450s pamtester: invoking pam_start(login, , ...) 450s pamtester: performing operation - authenticate 454s PIN for Test Organization Sub Int Token: pamtester: Authentication failure 454s + echo -n -e 123456 454s + pamtester -v login root authenticate 454s pamtester: invoking pam_start(login, root, ...) 454s pamtester: performing operation - authenticate 457s pamtester: Authentication service cannot retrieve authentication info 457s + test_authentication login /tmp/sssd-softhsm2-certs-1PgOfu/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf /tmp/sssd-softhsm2-certs-1PgOfu/test-sub-intermediate-CA.pem partial_chain 457s + pam_service=login 457s + certificate_config=/tmp/sssd-softhsm2-certs-1PgOfu/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 457s + ca_db=/tmp/sssd-softhsm2-certs-1PgOfu/test-sub-intermediate-CA.pem 457s + verification_options=partial_chain 457s + mkdir -p -m 700 /etc/sssd 457s + echo 'Using CA DB '\''/tmp/sssd-softhsm2-certs-1PgOfu/test-sub-intermediate-CA.pem'\'' with verification options: '\''partial_chain'\''' 457s Using CA DB '/tmp/sssd-softhsm2-certs-1PgOfu/test-sub-intermediate-CA.pem' with verification options: 'partial_chain' 457s + cat 457s + chmod 600 /etc/sssd/sssd.conf 457s + for path_pair in "${softhsm2_conf_paths[@]}" 457s + IFS=: 457s + read -r -a path 457s + user=ubuntu 457s Label: Test Organization Sub Int Token 457s + path=/home/ubuntu/.config/softhsm2/softhsm2.conf 457s ++ dirname /home/ubuntu/.config/softhsm2/softhsm2.conf 457s + runuser -u ubuntu -- mkdir -p /home/ubuntu/.config/softhsm2 457s + runuser -u ubuntu -- ln -sf /tmp/sssd-softhsm2-certs-1PgOfu/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf /home/ubuntu/.config/softhsm2/softhsm2.conf 457s + runuser -u ubuntu -- softhsm2-util --show-slots 457s + grep 'Test Organization' 457s + for path_pair in "${softhsm2_conf_paths[@]}" 457s + IFS=: 457s + read -r -a path 457s + user=root 457s + path=/etc/softhsm/softhsm2.conf 457s ++ dirname /etc/softhsm/softhsm2.conf 457s + runuser -u root -- mkdir -p /etc/softhsm 457s + runuser -u root -- ln -sf /tmp/sssd-softhsm2-certs-1PgOfu/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf /etc/softhsm/softhsm2.conf 457s + runuser -u root -- softhsm2-util --show-slots 457s + grep 'Test Organization' 457s + systemctl restart sssd 457s Label: Test Organization Sub Int Token 457s + pam-auth-update --disable sss-smart-card-optional sss-smart-card-required 457s + for alternative in "${alternative_pam_configs[@]}" 457s + pam-auth-update --enable sss-smart-card-optional 457s + cat /etc/pam.d/common-auth 457s # 457s # /etc/pam.d/common-auth - authentication settings common to all services 457s # 457s # This file is included from other service-specific PAM config files, 457s # and should contain a list of the authentication modules that define 457s # the central authentication scheme for use on the system 457s # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the 457s # traditional Unix authentication mechanisms. 457s # 457s # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. 457s # To take advantage of this, it is recommended that you configure any 457s # local modules either before or after the default block, and use 457s # pam-auth-update to manage selection of other modules. See 457s # pam-auth-update(8) for details. 457s 457s # here are the per-package modules (the "Primary" block) 457s auth [success=3 default=ignore] pam_sss.so allow_missing_name try_cert_auth 457s auth [success=2 default=ignore] pam_unix.so nullok try_first_pass 457s auth [success=1 default=ignore] pam_sss.so use_first_pass 457s # here's the fallback if no module succeeds 457s auth requisite pam_deny.so 457s # prime the stack with a positive return value if there isn't one already; 457s # this avoids us returning an error just because nothing sets a success code 457s # since the modules above will each just jump around 457s auth required pam_permit.so 457s # and here are more per-package modules (the "Additional" block) 457s auth optional pam_cap.so 457s # end of pam-auth-update config 457s + echo -n -e 123456 457s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 457s pamtester: invoking pam_start(login, ubuntu, ...) 457s pamtester: performing operation - authenticate 458s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 458s + echo -n -e 123456 458s + runuser -u ubuntu -- pamtester -v login '' authenticate 458s pamtester: invoking pam_start(login, , ...) 458s pamtester: performing operation - authenticate 458s PIN for Test Organization Sub Int Token: + echo -n -e wrong123456 458s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 458s pamtester: successfully authenticated 460s pamtester: invoking pam_start(login, ubuntu, ...) 460s pamtester: performing operation - authenticate 460s PIN for Test Organization Sub Int Token: Password: pamtester: Authentication failure 460s + echo -n -e wrong123456 460s + runuser -u ubuntu -- pamtester -v login '' authenticate 460s pamtester: invoking pam_start(login, , ...) 460s pamtester: performing operation - authenticate 464s PIN for Test Organization Sub Int Token: Password: pamtester: Authentication failure 464s + echo -n -e 123456 464s + pamtester -v login root authenticate 464s pamtester: invoking pam_start(login, root, ...) 464s pamtester: performing operation - authenticate 468s Password: pamtester: Authentication failure 468s + for alternative in "${alternative_pam_configs[@]}" 468s + pam-auth-update --enable sss-smart-card-required 468s + cat /etc/pam.d/common-auth 468s PAM configuration 468s ----------------- 468s 468s Incompatible PAM profiles selected. 468s 468s The following PAM profiles cannot be used together: 468s 468s SSS required smart card authentication, SSS optional smart card 468s authentication 468s 468s Please select a different set of modules to enable. 468s 468s # 468s # /etc/pam.d/common-auth - authentication settings common to all services 468s # 468s # This file is included from other service-specific PAM config files, 468s # and should contain a list of the authentication modules that define 468s # the central authentication scheme for use on the system 468s # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the 468s # traditional Unix authentication mechanisms. 468s # 468s # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. 468s # To take advantage of this, it is recommended that you configure any 468s # local modules either before or after the default block, and use 468s # pam-auth-update to manage selection of other modules. See 468s # pam-auth-update(8) for details. 468s 468s # here are the per-package modules (the "Primary" block) 468s auth [success=3 ignore=ignore default=die] pam_sss.so allow_missing_name require_cert_auth 468s auth [success=2 default=ignore] pam_unix.so nullok try_first_pass 468s auth [success=1 default=ignore] pam_sss.so use_first_pass 468s # here's the fallback if no module succeeds 468s auth requisite pam_deny.so 468s # prime the stack with a positive return value if there isn't one already; 468s # this avoids us returning an error just because nothing sets a success code 468s # since the modules above will each just jump around 468s auth required pam_permit.so 468s # and here are more per-package modules (the "Additional" block) 468s auth optional pam_cap.so 468s # end of pam-auth-update config 468s + echo -n -e 123456 468s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 468s pamtester: invoking pam_start(login, ubuntu, ...) 468s pamtester: performing operation - authenticate 468s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 468s + echo -n -e 123456 468s + runuser -u ubuntu -- pamtester -v login '' authenticate 468s pamtester: invoking pam_start(login, , ...) 468s pamtester: performing operation - authenticate 468s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 468s + echo -n -e wrong123456 468s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 468s pamtester: invoking pam_start(login, ubuntu, ...) 468s pamtester: performing operation - authenticate 471s PIN for Test Organization Sub Int Token: pamtester: Authentication failure 471s + echo -n -e wrong123456 471s + runuser -u ubuntu -- pamtester -v login '' authenticate 471s pamtester: invoking pam_start(login, , ...) 471s pamtester: performing operation - authenticate 477s PIN for Test Organization Sub Int Token: pamtester: Authentication failure 477s + echo -n -e 123456 477s + pamtester -v login root authenticate 477s pamtester: invoking pam_start(login, root, ...) 477s pamtester: performing operation - authenticate 479s pamtester: Authentication service cannot retrieve authentication info 479s Script completed successfully! 479s + handle_exit 479s + exit_code=0 479s + restore_changes 479s + for path in "${restore_paths[@]}" 479s + local original_path 479s ++ realpath --strip --relative-base=/tmp/sssd-softhsm2-backups-eoRoB8 /tmp/sssd-softhsm2-backups-eoRoB8//etc/softhsm/softhsm2.conf 479s + original_path=/etc/softhsm/softhsm2.conf 479s + rm /etc/softhsm/softhsm2.conf 479s + mv /tmp/sssd-softhsm2-backups-eoRoB8//etc/softhsm/softhsm2.conf /etc/softhsm/softhsm2.conf 479s + for path in "${delete_paths[@]}" 479s + rm -f /etc/sssd/sssd.conf 479s + for path in "${delete_paths[@]}" 479s + rm -f /home/ubuntu/.config/softhsm2/softhsm2.conf 479s + pam-auth-update --disable sss-smart-card-optional sss-smart-card-required 479s + '[' -e /etc/sssd/sssd.conf ']' 479s + systemctl stop sssd 479s + '[' -e /etc/softhsm/softhsm2.conf ']' 479s + chmod 600 /etc/softhsm/softhsm2.conf 479s + rm -rf /tmp/sssd-softhsm2-certs-1PgOfu 479s + '[' 0 = 0 ']' 479s + rm -rf /tmp/sssd-softhsm2-backups-eoRoB8 479s + set +x 479s autopkgtest [17:26:31]: test sssd-smart-card-pam-auth-configs: -----------------------] 480s autopkgtest [17:26:33]: test sssd-smart-card-pam-auth-configs: - - - - - - - - - - results - - - - - - - - - - 480s sssd-smart-card-pam-auth-configs PASS 480s autopkgtest [17:26:33]: @@@@@@@@@@@@@@@@@@@@ summary 480s ldap-user-group-ldap-auth PASS 480s ldap-user-group-krb5-auth PASS 480s sssd-softhism2-certificates-tests.sh PASS 480s sssd-smart-card-pam-auth-configs PASS 495s Creating nova instance adt-noble-arm64-sssd-20240411-171832-juju-7f2275-prod-proposed-migration-environment-2-c8cd56bd-1908-4066-bc54-c28e0de72ea2 from image adt/ubuntu-noble-arm64-server-20240411.img (UUID ac02ead6-e282-483a-8ad1-fd0233d966dc)... 495s Creating nova instance adt-noble-arm64-sssd-20240411-171832-juju-7f2275-prod-proposed-migration-environment-2-c8cd56bd-1908-4066-bc54-c28e0de72ea2 from image adt/ubuntu-noble-arm64-server-20240411.img (UUID ac02ead6-e282-483a-8ad1-fd0233d966dc)...