0s autopkgtest [17:00:59]: starting date and time: 2024-06-14 17:00:59+0000 0s autopkgtest [17:00:59]: git checkout: 433ed4cb Merge branch 'skia/nova_flock' into 'ubuntu/5.34+prod' 0s autopkgtest [17:00:59]: host juju-7f2275-prod-proposed-migration-environment-3; command line: /home/ubuntu/autopkgtest/runner/autopkgtest --output-dir /tmp/autopkgtest-work.6n7ahuvb/out --timeout-copy=6000 --setup-commands /home/ubuntu/autopkgtest-cloud/worker-config-production/setup-canonical.sh --apt-pocket=proposed=src:shadow --apt-upgrade sssd --timeout-short=300 --timeout-copy=20000 --timeout-build=20000 --env=ADT_TEST_TRIGGERS=shadow/1:4.13+dfsg1-4ubuntu3.2 -- ssh -s /home/ubuntu/autopkgtest/ssh-setup/nova -- --flavor autopkgtest --security-groups autopkgtest-juju-7f2275-prod-proposed-migration-environment-3@bos03-arm64-17.secgroup --name adt-noble-arm64-sssd-20240614-170059-juju-7f2275-prod-proposed-migration-environment-3-81e51bee-7934-4fbc-965a-dc20839a3fc9 --image adt/ubuntu-noble-arm64-server --keyname testbed-juju-7f2275-prod-proposed-migration-environment-3 --net-id=net_prod-proposed-migration -e TERM=linux -e ''"'"'http_proxy=http://squid.internal:3128'"'"'' -e ''"'"'https_proxy=http://squid.internal:3128'"'"'' -e ''"'"'no_proxy=127.0.0.1,127.0.1.1,login.ubuntu.com,localhost,localdomain,novalocal,internal,archive.ubuntu.com,ports.ubuntu.com,security.ubuntu.com,ddebs.ubuntu.com,changelogs.ubuntu.com,keyserver.ubuntu.com,launchpadlibrarian.net,launchpadcontent.net,launchpad.net,10.24.0.0/24,keystone.ps5.canonical.com,objectstorage.prodstack5.canonical.com'"'"'' --mirror=http://ftpmaster.internal/ubuntu/ 66s autopkgtest [17:02:05]: testbed dpkg architecture: arm64 67s autopkgtest [17:02:06]: testbed apt version: 2.7.14build2 67s autopkgtest [17:02:06]: @@@@@@@@@@@@@@@@@@@@ test bed setup 67s Get:1 http://ftpmaster.internal/ubuntu noble-proposed InRelease [265 kB] 68s Get:2 http://ftpmaster.internal/ubuntu noble-proposed/multiverse Sources [5468 B] 68s Get:3 http://ftpmaster.internal/ubuntu noble-proposed/main Sources [28.4 kB] 68s Get:4 http://ftpmaster.internal/ubuntu noble-proposed/universe Sources [17.1 kB] 68s Get:5 http://ftpmaster.internal/ubuntu noble-proposed/restricted Sources [10.5 kB] 68s Get:6 http://ftpmaster.internal/ubuntu noble-proposed/main arm64 Packages [49.9 kB] 68s Get:7 http://ftpmaster.internal/ubuntu noble-proposed/main arm64 c-n-f Metadata [3144 B] 68s Get:8 http://ftpmaster.internal/ubuntu noble-proposed/restricted arm64 Packages [66.1 kB] 68s Get:9 http://ftpmaster.internal/ubuntu noble-proposed/restricted arm64 c-n-f Metadata [116 B] 68s Get:10 http://ftpmaster.internal/ubuntu noble-proposed/universe arm64 Packages [46.3 kB] 68s Get:11 http://ftpmaster.internal/ubuntu noble-proposed/universe arm64 c-n-f Metadata [8528 B] 68s Get:12 http://ftpmaster.internal/ubuntu noble-proposed/multiverse arm64 Packages [10.1 kB] 68s Get:13 http://ftpmaster.internal/ubuntu noble-proposed/multiverse arm64 c-n-f Metadata [116 B] 70s Fetched 511 kB in 1s (617 kB/s) 70s Reading package lists... 72s Reading package lists... 72s Building dependency tree... 72s Reading state information... 73s Calculating upgrade... 73s The following packages will be upgraded: 73s login passwd 73s 2 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 73s Need to get 1039 kB of archives. 73s After this operation, 0 B of additional disk space will be used. 73s Get:1 http://ftpmaster.internal/ubuntu noble-proposed/main arm64 login arm64 1:4.13+dfsg1-4ubuntu3.2 [200 kB] 74s Get:2 http://ftpmaster.internal/ubuntu noble-proposed/main arm64 passwd arm64 1:4.13+dfsg1-4ubuntu3.2 [838 kB] 74s Fetched 1039 kB in 1s (1754 kB/s) 75s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 77969 files and directories currently installed.) 75s Preparing to unpack .../login_1%3a4.13+dfsg1-4ubuntu3.2_arm64.deb ... 75s Unpacking login (1:4.13+dfsg1-4ubuntu3.2) over (1:4.13+dfsg1-4ubuntu3) ... 75s Setting up login (1:4.13+dfsg1-4ubuntu3.2) ... 75s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 77969 files and directories currently installed.) 75s Preparing to unpack .../passwd_1%3a4.13+dfsg1-4ubuntu3.2_arm64.deb ... 75s Unpacking passwd (1:4.13+dfsg1-4ubuntu3.2) over (1:4.13+dfsg1-4ubuntu3) ... 75s Setting up passwd (1:4.13+dfsg1-4ubuntu3.2) ... 75s Processing triggers for man-db (2.12.0-4build2) ... 77s Reading package lists... 77s Building dependency tree... 77s Reading state information... 78s 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 79s Hit:1 http://ftpmaster.internal/ubuntu noble-proposed InRelease 79s Hit:2 http://ftpmaster.internal/ubuntu noble InRelease 79s Hit:3 http://ftpmaster.internal/ubuntu noble-updates InRelease 79s Hit:4 http://ftpmaster.internal/ubuntu noble-security InRelease 80s Reading package lists... 80s Reading package lists... 80s Building dependency tree... 80s Reading state information... 81s Calculating upgrade... 82s 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 82s Reading package lists... 82s Building dependency tree... 82s Reading state information... 83s 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 86s autopkgtest [17:02:25]: testbed running kernel: Linux 6.8.0-35-generic #35-Ubuntu SMP PREEMPT_DYNAMIC Tue May 21 07:52:29 UTC 2024 86s autopkgtest [17:02:25]: @@@@@@@@@@@@@@@@@@@@ apt-source sssd 102s Get:1 http://ftpmaster.internal/ubuntu noble/main sssd 2.9.4-1.1ubuntu6 (dsc) [5056 B] 102s Get:2 http://ftpmaster.internal/ubuntu noble/main sssd 2.9.4-1.1ubuntu6 (tar) [7983 kB] 102s Get:3 http://ftpmaster.internal/ubuntu noble/main sssd 2.9.4-1.1ubuntu6 (diff) [49.2 kB] 103s gpgv: Signature made Tue Apr 16 09:55:57 2024 UTC 103s gpgv: using RSA key 568BF22A66337CBFC9A6B9B72C83DBC8E9BD0E37 103s gpgv: Can't check signature: No public key 103s dpkg-source: warning: cannot verify inline signature for ./sssd_2.9.4-1.1ubuntu6.dsc: no acceptable signature found 103s autopkgtest [17:02:42]: testing package sssd version 2.9.4-1.1ubuntu6 104s autopkgtest [17:02:43]: build not needed 106s autopkgtest [17:02:45]: test ldap-user-group-ldap-auth: preparing testbed 107s Reading package lists... 107s Building dependency tree... 107s Reading state information... 108s Starting pkgProblemResolver with broken count: 0 108s Starting 2 pkgProblemResolver with broken count: 0 108s Done 108s The following additional packages will be installed: 108s expect ldap-utils libavahi-client3 libavahi-common-data libavahi-common3 108s libbasicobjects0t64 libcares2 libcollection4t64 libcrack2 libdhash1t64 108s libevent-2.1-7t64 libini-config5t64 libipa-hbac-dev libipa-hbac0t64 libjose0 108s libkrad0 libldb2 libltdl7 libnfsidmap1 libnss-sss libnss-sudo libodbc2 108s libpam-pwquality libpam-sss libpath-utils1t64 libpwquality-common 108s libpwquality1 libref-array1t64 libsmbclient0 libsss-certmap-dev 108s libsss-certmap0 libsss-idmap-dev libsss-idmap0 libsss-nss-idmap-dev 108s libsss-nss-idmap0 libsss-sudo libtalloc2 libtcl8.6 libtdb1 libtevent0t64 108s libverto-libevent1t64 libverto1t64 libwbclient0 python3-libipa-hbac 108s python3-libsss-nss-idmap python3-sss samba-libs slapd sssd sssd-ad 108s sssd-ad-common sssd-common sssd-dbus sssd-idp sssd-ipa sssd-kcm sssd-krb5 108s sssd-krb5-common sssd-ldap sssd-passkey sssd-proxy sssd-tools tcl-expect 108s tcl8.6 108s Suggested packages: 108s tk8.6 libsasl2-modules-gssapi-mit | libsasl2-modules-gssapi-heimdal 108s odbc-postgresql tdsodbc adcli libsasl2-modules-ldap tcl-tclreadline 108s Recommended packages: 108s cracklib-runtime libsasl2-modules-gssapi-mit 108s | libsasl2-modules-gssapi-heimdal 109s The following NEW packages will be installed: 109s autopkgtest-satdep expect ldap-utils libavahi-client3 libavahi-common-data 109s libavahi-common3 libbasicobjects0t64 libcares2 libcollection4t64 libcrack2 109s libdhash1t64 libevent-2.1-7t64 libini-config5t64 libipa-hbac-dev 109s libipa-hbac0t64 libjose0 libkrad0 libldb2 libltdl7 libnfsidmap1 libnss-sss 109s libnss-sudo libodbc2 libpam-pwquality libpam-sss libpath-utils1t64 109s libpwquality-common libpwquality1 libref-array1t64 libsmbclient0 109s libsss-certmap-dev libsss-certmap0 libsss-idmap-dev libsss-idmap0 109s libsss-nss-idmap-dev libsss-nss-idmap0 libsss-sudo libtalloc2 libtcl8.6 109s libtdb1 libtevent0t64 libverto-libevent1t64 libverto1t64 libwbclient0 109s python3-libipa-hbac python3-libsss-nss-idmap python3-sss samba-libs slapd 109s sssd sssd-ad sssd-ad-common sssd-common sssd-dbus sssd-idp sssd-ipa sssd-kcm 109s sssd-krb5 sssd-krb5-common sssd-ldap sssd-passkey sssd-proxy sssd-tools 109s tcl-expect tcl8.6 109s 0 upgraded, 65 newly installed, 0 to remove and 0 not upgraded. 109s Need to get 12.7 MB/12.7 MB of archives. 109s After this operation, 60.1 MB of additional disk space will be used. 109s Get:1 /tmp/autopkgtest.GSXCpf/1-autopkgtest-satdep.deb autopkgtest-satdep arm64 0 [872 B] 109s Get:2 http://ftpmaster.internal/ubuntu noble/main arm64 libltdl7 arm64 2.4.7-7build1 [40.4 kB] 109s Get:3 http://ftpmaster.internal/ubuntu noble-updates/main arm64 libodbc2 arm64 2.3.12-1ubuntu0.24.04.1 [145 kB] 109s Get:4 http://ftpmaster.internal/ubuntu noble/main arm64 slapd arm64 2.6.7+dfsg-1~exp1ubuntu8 [1515 kB] 109s Get:5 http://ftpmaster.internal/ubuntu noble/main arm64 libtcl8.6 arm64 8.6.14+dfsg-1build1 [978 kB] 110s Get:6 http://ftpmaster.internal/ubuntu noble/main arm64 tcl8.6 arm64 8.6.14+dfsg-1build1 [14.6 kB] 110s Get:7 http://ftpmaster.internal/ubuntu noble/universe arm64 tcl-expect arm64 5.45.4-3 [112 kB] 110s Get:8 http://ftpmaster.internal/ubuntu noble/universe arm64 expect arm64 5.45.4-3 [137 kB] 110s Get:9 http://ftpmaster.internal/ubuntu noble/main arm64 ldap-utils arm64 2.6.7+dfsg-1~exp1ubuntu8 [149 kB] 110s Get:10 http://ftpmaster.internal/ubuntu noble/main arm64 libavahi-common-data arm64 0.8-13ubuntu6 [29.6 kB] 110s Get:11 http://ftpmaster.internal/ubuntu noble/main arm64 libavahi-common3 arm64 0.8-13ubuntu6 [23.3 kB] 110s Get:12 http://ftpmaster.internal/ubuntu noble/main arm64 libavahi-client3 arm64 0.8-13ubuntu6 [27.2 kB] 110s Get:13 http://ftpmaster.internal/ubuntu noble/main arm64 libbasicobjects0t64 arm64 0.6.2-2.1build1 [5850 B] 110s Get:14 http://ftpmaster.internal/ubuntu noble/main arm64 libcares2 arm64 1.27.0-1.0ubuntu1 [74.1 kB] 110s Get:15 http://ftpmaster.internal/ubuntu noble/main arm64 libcollection4t64 arm64 0.6.2-2.1build1 [23.5 kB] 110s Get:16 http://ftpmaster.internal/ubuntu noble/main arm64 libcrack2 arm64 2.9.6-5.1build2 [28.9 kB] 110s Get:17 http://ftpmaster.internal/ubuntu noble/main arm64 libdhash1t64 arm64 0.6.2-2.1build1 [8882 B] 110s Get:18 http://ftpmaster.internal/ubuntu noble/main arm64 libevent-2.1-7t64 arm64 2.1.12-stable-9ubuntu2 [140 kB] 110s Get:19 http://ftpmaster.internal/ubuntu noble/main arm64 libpath-utils1t64 arm64 0.6.2-2.1build1 [9120 B] 110s Get:20 http://ftpmaster.internal/ubuntu noble/main arm64 libref-array1t64 arm64 0.6.2-2.1build1 [7322 B] 110s Get:21 http://ftpmaster.internal/ubuntu noble/main arm64 libini-config5t64 arm64 0.6.2-2.1build1 [44.6 kB] 110s Get:22 http://ftpmaster.internal/ubuntu noble/main arm64 libipa-hbac0t64 arm64 2.9.4-1.1ubuntu6 [17.1 kB] 110s Get:23 http://ftpmaster.internal/ubuntu noble/universe arm64 libjose0 arm64 13-1 [44.5 kB] 110s Get:24 http://ftpmaster.internal/ubuntu noble/main arm64 libverto-libevent1t64 arm64 0.3.1-1.2ubuntu3 [6328 B] 110s Get:25 http://ftpmaster.internal/ubuntu noble/main arm64 libverto1t64 arm64 0.3.1-1.2ubuntu3 [10.4 kB] 110s Get:26 http://ftpmaster.internal/ubuntu noble/main arm64 libkrad0 arm64 1.20.1-6ubuntu2 [22.1 kB] 110s Get:27 http://ftpmaster.internal/ubuntu noble/main arm64 libtalloc2 arm64 2.4.2-1build2 [26.7 kB] 110s Get:28 http://ftpmaster.internal/ubuntu noble/main arm64 libtdb1 arm64 1.4.10-1build1 [48.5 kB] 110s Get:29 http://ftpmaster.internal/ubuntu noble/main arm64 libtevent0t64 arm64 0.16.1-2build1 [42.3 kB] 110s Get:30 http://ftpmaster.internal/ubuntu noble/main arm64 libldb2 arm64 2:2.8.0+samba4.19.5+dfsg-4ubuntu9 [188 kB] 110s Get:31 http://ftpmaster.internal/ubuntu noble/main arm64 libnfsidmap1 arm64 1:2.6.4-3ubuntu5 [48.2 kB] 110s Get:32 http://ftpmaster.internal/ubuntu noble/universe arm64 libnss-sudo all 1.9.15p5-3ubuntu5 [15.2 kB] 110s Get:33 http://ftpmaster.internal/ubuntu noble/main arm64 libpwquality-common all 1.4.5-3build1 [7748 B] 110s Get:34 http://ftpmaster.internal/ubuntu noble/main arm64 libpwquality1 arm64 1.4.5-3build1 [13.3 kB] 110s Get:35 http://ftpmaster.internal/ubuntu noble/main arm64 libpam-pwquality arm64 1.4.5-3build1 [11.7 kB] 110s Get:36 http://ftpmaster.internal/ubuntu noble/main arm64 libwbclient0 arm64 2:4.19.5+dfsg-4ubuntu9 [71.4 kB] 110s Get:37 http://ftpmaster.internal/ubuntu noble/main arm64 samba-libs arm64 2:4.19.5+dfsg-4ubuntu9 [6061 kB] 110s Get:38 http://ftpmaster.internal/ubuntu noble/main arm64 libsmbclient0 arm64 2:4.19.5+dfsg-4ubuntu9 [62.1 kB] 110s Get:39 http://ftpmaster.internal/ubuntu noble/main arm64 libnss-sss arm64 2.9.4-1.1ubuntu6 [32.0 kB] 110s Get:40 http://ftpmaster.internal/ubuntu noble/main arm64 libpam-sss arm64 2.9.4-1.1ubuntu6 [49.1 kB] 110s Get:41 http://ftpmaster.internal/ubuntu noble/main arm64 python3-sss arm64 2.9.4-1.1ubuntu6 [46.9 kB] 110s Get:42 http://ftpmaster.internal/ubuntu noble/main arm64 libsss-certmap0 arm64 2.9.4-1.1ubuntu6 [46.2 kB] 110s Get:43 http://ftpmaster.internal/ubuntu noble/main arm64 libsss-idmap0 arm64 2.9.4-1.1ubuntu6 [22.2 kB] 110s Get:44 http://ftpmaster.internal/ubuntu noble/main arm64 libsss-nss-idmap0 arm64 2.9.4-1.1ubuntu6 [30.7 kB] 110s Get:45 http://ftpmaster.internal/ubuntu noble/main arm64 sssd-common arm64 2.9.4-1.1ubuntu6 [1147 kB] 110s Get:46 http://ftpmaster.internal/ubuntu noble/universe arm64 sssd-idp arm64 2.9.4-1.1ubuntu6 [27.9 kB] 110s Get:47 http://ftpmaster.internal/ubuntu noble/universe arm64 sssd-passkey arm64 2.9.4-1.1ubuntu6 [32.7 kB] 110s Get:48 http://ftpmaster.internal/ubuntu noble/main arm64 sssd-ad-common arm64 2.9.4-1.1ubuntu6 [75.4 kB] 110s Get:49 http://ftpmaster.internal/ubuntu noble/main arm64 sssd-krb5-common arm64 2.9.4-1.1ubuntu6 [87.9 kB] 110s Get:50 http://ftpmaster.internal/ubuntu noble/main arm64 sssd-ad arm64 2.9.4-1.1ubuntu6 [134 kB] 110s Get:51 http://ftpmaster.internal/ubuntu noble/main arm64 sssd-ipa arm64 2.9.4-1.1ubuntu6 [220 kB] 110s Get:52 http://ftpmaster.internal/ubuntu noble/main arm64 sssd-krb5 arm64 2.9.4-1.1ubuntu6 [14.3 kB] 110s Get:53 http://ftpmaster.internal/ubuntu noble/main arm64 sssd-ldap arm64 2.9.4-1.1ubuntu6 [31.3 kB] 110s Get:54 http://ftpmaster.internal/ubuntu noble/main arm64 sssd-proxy arm64 2.9.4-1.1ubuntu6 [44.6 kB] 110s Get:55 http://ftpmaster.internal/ubuntu noble/main arm64 sssd arm64 2.9.4-1.1ubuntu6 [4118 B] 110s Get:56 http://ftpmaster.internal/ubuntu noble/main arm64 sssd-dbus arm64 2.9.4-1.1ubuntu6 [103 kB] 110s Get:57 http://ftpmaster.internal/ubuntu noble/universe arm64 sssd-kcm arm64 2.9.4-1.1ubuntu6 [139 kB] 110s Get:58 http://ftpmaster.internal/ubuntu noble/main arm64 sssd-tools arm64 2.9.4-1.1ubuntu6 [97.5 kB] 110s Get:59 http://ftpmaster.internal/ubuntu noble/main arm64 libipa-hbac-dev arm64 2.9.4-1.1ubuntu6 [6668 B] 110s Get:60 http://ftpmaster.internal/ubuntu noble/main arm64 libsss-certmap-dev arm64 2.9.4-1.1ubuntu6 [5730 B] 110s Get:61 http://ftpmaster.internal/ubuntu noble/main arm64 libsss-idmap-dev arm64 2.9.4-1.1ubuntu6 [8380 B] 110s Get:62 http://ftpmaster.internal/ubuntu noble/main arm64 libsss-nss-idmap-dev arm64 2.9.4-1.1ubuntu6 [6714 B] 110s Get:63 http://ftpmaster.internal/ubuntu noble/universe arm64 libsss-sudo arm64 2.9.4-1.1ubuntu6 [20.7 kB] 110s Get:64 http://ftpmaster.internal/ubuntu noble/universe arm64 python3-libipa-hbac arm64 2.9.4-1.1ubuntu6 [16.6 kB] 110s Get:65 http://ftpmaster.internal/ubuntu noble/universe arm64 python3-libsss-nss-idmap arm64 2.9.4-1.1ubuntu6 [9152 B] 111s Preconfiguring packages ... 111s Fetched 12.7 MB in 2s (8258 kB/s) 112s Selecting previously unselected package libltdl7:arm64. 112s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 77969 files and directories currently installed.) 112s Preparing to unpack .../00-libltdl7_2.4.7-7build1_arm64.deb ... 112s Unpacking libltdl7:arm64 (2.4.7-7build1) ... 112s Selecting previously unselected package libodbc2:arm64. 112s Preparing to unpack .../01-libodbc2_2.3.12-1ubuntu0.24.04.1_arm64.deb ... 112s Unpacking libodbc2:arm64 (2.3.12-1ubuntu0.24.04.1) ... 112s Selecting previously unselected package slapd. 112s Preparing to unpack .../02-slapd_2.6.7+dfsg-1~exp1ubuntu8_arm64.deb ... 112s Unpacking slapd (2.6.7+dfsg-1~exp1ubuntu8) ... 112s Selecting previously unselected package libtcl8.6:arm64. 112s Preparing to unpack .../03-libtcl8.6_8.6.14+dfsg-1build1_arm64.deb ... 112s Unpacking libtcl8.6:arm64 (8.6.14+dfsg-1build1) ... 112s Selecting previously unselected package tcl8.6. 112s Preparing to unpack .../04-tcl8.6_8.6.14+dfsg-1build1_arm64.deb ... 112s Unpacking tcl8.6 (8.6.14+dfsg-1build1) ... 112s Selecting previously unselected package tcl-expect:arm64. 112s Preparing to unpack .../05-tcl-expect_5.45.4-3_arm64.deb ... 112s Unpacking tcl-expect:arm64 (5.45.4-3) ... 112s Selecting previously unselected package expect. 112s Preparing to unpack .../06-expect_5.45.4-3_arm64.deb ... 112s Unpacking expect (5.45.4-3) ... 112s Selecting previously unselected package ldap-utils. 112s Preparing to unpack .../07-ldap-utils_2.6.7+dfsg-1~exp1ubuntu8_arm64.deb ... 112s Unpacking ldap-utils (2.6.7+dfsg-1~exp1ubuntu8) ... 112s Selecting previously unselected package libavahi-common-data:arm64. 112s Preparing to unpack .../08-libavahi-common-data_0.8-13ubuntu6_arm64.deb ... 112s Unpacking libavahi-common-data:arm64 (0.8-13ubuntu6) ... 112s Selecting previously unselected package libavahi-common3:arm64. 112s Preparing to unpack .../09-libavahi-common3_0.8-13ubuntu6_arm64.deb ... 112s Unpacking libavahi-common3:arm64 (0.8-13ubuntu6) ... 112s Selecting previously unselected package libavahi-client3:arm64. 112s Preparing to unpack .../10-libavahi-client3_0.8-13ubuntu6_arm64.deb ... 112s Unpacking libavahi-client3:arm64 (0.8-13ubuntu6) ... 113s Selecting previously unselected package libbasicobjects0t64:arm64. 113s Preparing to unpack .../11-libbasicobjects0t64_0.6.2-2.1build1_arm64.deb ... 113s Unpacking libbasicobjects0t64:arm64 (0.6.2-2.1build1) ... 113s Selecting previously unselected package libcares2:arm64. 113s Preparing to unpack .../12-libcares2_1.27.0-1.0ubuntu1_arm64.deb ... 113s Unpacking libcares2:arm64 (1.27.0-1.0ubuntu1) ... 113s Selecting previously unselected package libcollection4t64:arm64. 113s Preparing to unpack .../13-libcollection4t64_0.6.2-2.1build1_arm64.deb ... 113s Unpacking libcollection4t64:arm64 (0.6.2-2.1build1) ... 113s Selecting previously unselected package libcrack2:arm64. 113s Preparing to unpack .../14-libcrack2_2.9.6-5.1build2_arm64.deb ... 114s Unpacking libcrack2:arm64 (2.9.6-5.1build2) ... 114s Selecting previously unselected package libdhash1t64:arm64. 114s Preparing to unpack .../15-libdhash1t64_0.6.2-2.1build1_arm64.deb ... 114s Unpacking libdhash1t64:arm64 (0.6.2-2.1build1) ... 114s Selecting previously unselected package libevent-2.1-7t64:arm64. 114s Preparing to unpack .../16-libevent-2.1-7t64_2.1.12-stable-9ubuntu2_arm64.deb ... 114s Unpacking libevent-2.1-7t64:arm64 (2.1.12-stable-9ubuntu2) ... 114s Selecting previously unselected package libpath-utils1t64:arm64. 114s Preparing to unpack .../17-libpath-utils1t64_0.6.2-2.1build1_arm64.deb ... 114s Unpacking libpath-utils1t64:arm64 (0.6.2-2.1build1) ... 114s Selecting previously unselected package libref-array1t64:arm64. 114s Preparing to unpack .../18-libref-array1t64_0.6.2-2.1build1_arm64.deb ... 114s Unpacking libref-array1t64:arm64 (0.6.2-2.1build1) ... 114s Selecting previously unselected package libini-config5t64:arm64. 114s Preparing to unpack .../19-libini-config5t64_0.6.2-2.1build1_arm64.deb ... 114s Unpacking libini-config5t64:arm64 (0.6.2-2.1build1) ... 114s Selecting previously unselected package libipa-hbac0t64. 114s Preparing to unpack .../20-libipa-hbac0t64_2.9.4-1.1ubuntu6_arm64.deb ... 114s Unpacking libipa-hbac0t64 (2.9.4-1.1ubuntu6) ... 114s Selecting previously unselected package libjose0:arm64. 114s Preparing to unpack .../21-libjose0_13-1_arm64.deb ... 114s Unpacking libjose0:arm64 (13-1) ... 114s Selecting previously unselected package libverto-libevent1t64:arm64. 114s Preparing to unpack .../22-libverto-libevent1t64_0.3.1-1.2ubuntu3_arm64.deb ... 114s Unpacking libverto-libevent1t64:arm64 (0.3.1-1.2ubuntu3) ... 114s Selecting previously unselected package libverto1t64:arm64. 114s Preparing to unpack .../23-libverto1t64_0.3.1-1.2ubuntu3_arm64.deb ... 114s Unpacking libverto1t64:arm64 (0.3.1-1.2ubuntu3) ... 114s Selecting previously unselected package libkrad0:arm64. 114s Preparing to unpack .../24-libkrad0_1.20.1-6ubuntu2_arm64.deb ... 114s Unpacking libkrad0:arm64 (1.20.1-6ubuntu2) ... 114s Selecting previously unselected package libtalloc2:arm64. 114s Preparing to unpack .../25-libtalloc2_2.4.2-1build2_arm64.deb ... 114s Unpacking libtalloc2:arm64 (2.4.2-1build2) ... 115s Selecting previously unselected package libtdb1:arm64. 115s Preparing to unpack .../26-libtdb1_1.4.10-1build1_arm64.deb ... 115s Unpacking libtdb1:arm64 (1.4.10-1build1) ... 115s Selecting previously unselected package libtevent0t64:arm64. 115s Preparing to unpack .../27-libtevent0t64_0.16.1-2build1_arm64.deb ... 115s Unpacking libtevent0t64:arm64 (0.16.1-2build1) ... 115s Selecting previously unselected package libldb2:arm64. 115s Preparing to unpack .../28-libldb2_2%3a2.8.0+samba4.19.5+dfsg-4ubuntu9_arm64.deb ... 115s Unpacking libldb2:arm64 (2:2.8.0+samba4.19.5+dfsg-4ubuntu9) ... 115s Selecting previously unselected package libnfsidmap1:arm64. 115s Preparing to unpack .../29-libnfsidmap1_1%3a2.6.4-3ubuntu5_arm64.deb ... 115s Unpacking libnfsidmap1:arm64 (1:2.6.4-3ubuntu5) ... 115s Selecting previously unselected package libnss-sudo. 115s Preparing to unpack .../30-libnss-sudo_1.9.15p5-3ubuntu5_all.deb ... 115s Unpacking libnss-sudo (1.9.15p5-3ubuntu5) ... 115s Selecting previously unselected package libpwquality-common. 115s Preparing to unpack .../31-libpwquality-common_1.4.5-3build1_all.deb ... 115s Unpacking libpwquality-common (1.4.5-3build1) ... 115s Selecting previously unselected package libpwquality1:arm64. 115s Preparing to unpack .../32-libpwquality1_1.4.5-3build1_arm64.deb ... 115s Unpacking libpwquality1:arm64 (1.4.5-3build1) ... 115s Selecting previously unselected package libpam-pwquality:arm64. 115s Preparing to unpack .../33-libpam-pwquality_1.4.5-3build1_arm64.deb ... 115s Unpacking libpam-pwquality:arm64 (1.4.5-3build1) ... 115s Selecting previously unselected package libwbclient0:arm64. 115s Preparing to unpack .../34-libwbclient0_2%3a4.19.5+dfsg-4ubuntu9_arm64.deb ... 115s Unpacking libwbclient0:arm64 (2:4.19.5+dfsg-4ubuntu9) ... 115s Selecting previously unselected package samba-libs:arm64. 115s Preparing to unpack .../35-samba-libs_2%3a4.19.5+dfsg-4ubuntu9_arm64.deb ... 115s Unpacking samba-libs:arm64 (2:4.19.5+dfsg-4ubuntu9) ... 115s Selecting previously unselected package libsmbclient0:arm64. 115s Preparing to unpack .../36-libsmbclient0_2%3a4.19.5+dfsg-4ubuntu9_arm64.deb ... 115s Unpacking libsmbclient0:arm64 (2:4.19.5+dfsg-4ubuntu9) ... 115s Selecting previously unselected package libnss-sss:arm64. 115s Preparing to unpack .../37-libnss-sss_2.9.4-1.1ubuntu6_arm64.deb ... 115s Unpacking libnss-sss:arm64 (2.9.4-1.1ubuntu6) ... 115s Selecting previously unselected package libpam-sss:arm64. 115s Preparing to unpack .../38-libpam-sss_2.9.4-1.1ubuntu6_arm64.deb ... 115s Unpacking libpam-sss:arm64 (2.9.4-1.1ubuntu6) ... 116s Selecting previously unselected package python3-sss. 116s Preparing to unpack .../39-python3-sss_2.9.4-1.1ubuntu6_arm64.deb ... 116s Unpacking python3-sss (2.9.4-1.1ubuntu6) ... 116s Selecting previously unselected package libsss-certmap0. 116s Preparing to unpack .../40-libsss-certmap0_2.9.4-1.1ubuntu6_arm64.deb ... 116s Unpacking libsss-certmap0 (2.9.4-1.1ubuntu6) ... 116s Selecting previously unselected package libsss-idmap0. 116s Preparing to unpack .../41-libsss-idmap0_2.9.4-1.1ubuntu6_arm64.deb ... 116s Unpacking libsss-idmap0 (2.9.4-1.1ubuntu6) ... 116s Selecting previously unselected package libsss-nss-idmap0. 116s Preparing to unpack .../42-libsss-nss-idmap0_2.9.4-1.1ubuntu6_arm64.deb ... 116s Unpacking libsss-nss-idmap0 (2.9.4-1.1ubuntu6) ... 116s Selecting previously unselected package sssd-common. 116s Preparing to unpack .../43-sssd-common_2.9.4-1.1ubuntu6_arm64.deb ... 116s Unpacking sssd-common (2.9.4-1.1ubuntu6) ... 116s Selecting previously unselected package sssd-idp. 116s Preparing to unpack .../44-sssd-idp_2.9.4-1.1ubuntu6_arm64.deb ... 116s Unpacking sssd-idp (2.9.4-1.1ubuntu6) ... 116s Selecting previously unselected package sssd-passkey. 116s Preparing to unpack .../45-sssd-passkey_2.9.4-1.1ubuntu6_arm64.deb ... 116s Unpacking sssd-passkey (2.9.4-1.1ubuntu6) ... 116s Selecting previously unselected package sssd-ad-common. 116s Preparing to unpack .../46-sssd-ad-common_2.9.4-1.1ubuntu6_arm64.deb ... 116s Unpacking sssd-ad-common (2.9.4-1.1ubuntu6) ... 116s Selecting previously unselected package sssd-krb5-common. 116s Preparing to unpack .../47-sssd-krb5-common_2.9.4-1.1ubuntu6_arm64.deb ... 116s Unpacking sssd-krb5-common (2.9.4-1.1ubuntu6) ... 116s Selecting previously unselected package sssd-ad. 116s Preparing to unpack .../48-sssd-ad_2.9.4-1.1ubuntu6_arm64.deb ... 116s Unpacking sssd-ad (2.9.4-1.1ubuntu6) ... 116s Selecting previously unselected package sssd-ipa. 117s Preparing to unpack .../49-sssd-ipa_2.9.4-1.1ubuntu6_arm64.deb ... 117s Unpacking sssd-ipa (2.9.4-1.1ubuntu6) ... 117s Selecting previously unselected package sssd-krb5. 117s Preparing to unpack .../50-sssd-krb5_2.9.4-1.1ubuntu6_arm64.deb ... 117s Unpacking sssd-krb5 (2.9.4-1.1ubuntu6) ... 117s Selecting previously unselected package sssd-ldap. 117s Preparing to unpack .../51-sssd-ldap_2.9.4-1.1ubuntu6_arm64.deb ... 117s Unpacking sssd-ldap (2.9.4-1.1ubuntu6) ... 117s Selecting previously unselected package sssd-proxy. 117s Preparing to unpack .../52-sssd-proxy_2.9.4-1.1ubuntu6_arm64.deb ... 117s Unpacking sssd-proxy (2.9.4-1.1ubuntu6) ... 117s Selecting previously unselected package sssd. 117s Preparing to unpack .../53-sssd_2.9.4-1.1ubuntu6_arm64.deb ... 117s Unpacking sssd (2.9.4-1.1ubuntu6) ... 117s Selecting previously unselected package sssd-dbus. 117s Preparing to unpack .../54-sssd-dbus_2.9.4-1.1ubuntu6_arm64.deb ... 117s Unpacking sssd-dbus (2.9.4-1.1ubuntu6) ... 117s Selecting previously unselected package sssd-kcm. 117s Preparing to unpack .../55-sssd-kcm_2.9.4-1.1ubuntu6_arm64.deb ... 117s Unpacking sssd-kcm (2.9.4-1.1ubuntu6) ... 117s Selecting previously unselected package sssd-tools. 117s Preparing to unpack .../56-sssd-tools_2.9.4-1.1ubuntu6_arm64.deb ... 117s Unpacking sssd-tools (2.9.4-1.1ubuntu6) ... 117s Selecting previously unselected package libipa-hbac-dev. 118s Preparing to unpack .../57-libipa-hbac-dev_2.9.4-1.1ubuntu6_arm64.deb ... 118s Unpacking libipa-hbac-dev (2.9.4-1.1ubuntu6) ... 118s Selecting previously unselected package libsss-certmap-dev. 118s Preparing to unpack .../58-libsss-certmap-dev_2.9.4-1.1ubuntu6_arm64.deb ... 118s Unpacking libsss-certmap-dev (2.9.4-1.1ubuntu6) ... 118s Selecting previously unselected package libsss-idmap-dev. 118s Preparing to unpack .../59-libsss-idmap-dev_2.9.4-1.1ubuntu6_arm64.deb ... 118s Unpacking libsss-idmap-dev (2.9.4-1.1ubuntu6) ... 118s Selecting previously unselected package libsss-nss-idmap-dev. 118s Preparing to unpack .../60-libsss-nss-idmap-dev_2.9.4-1.1ubuntu6_arm64.deb ... 118s Unpacking libsss-nss-idmap-dev (2.9.4-1.1ubuntu6) ... 118s Selecting previously unselected package libsss-sudo. 118s Preparing to unpack .../61-libsss-sudo_2.9.4-1.1ubuntu6_arm64.deb ... 118s Unpacking libsss-sudo (2.9.4-1.1ubuntu6) ... 118s Selecting previously unselected package python3-libipa-hbac. 118s Preparing to unpack .../62-python3-libipa-hbac_2.9.4-1.1ubuntu6_arm64.deb ... 118s Unpacking python3-libipa-hbac (2.9.4-1.1ubuntu6) ... 118s Selecting previously unselected package python3-libsss-nss-idmap. 118s Preparing to unpack .../63-python3-libsss-nss-idmap_2.9.4-1.1ubuntu6_arm64.deb ... 118s Unpacking python3-libsss-nss-idmap (2.9.4-1.1ubuntu6) ... 118s Selecting previously unselected package autopkgtest-satdep. 118s Preparing to unpack .../64-1-autopkgtest-satdep.deb ... 118s Unpacking autopkgtest-satdep (0) ... 118s Setting up libpwquality-common (1.4.5-3build1) ... 118s Setting up libnfsidmap1:arm64 (1:2.6.4-3ubuntu5) ... 118s Setting up libsss-idmap0 (2.9.4-1.1ubuntu6) ... 118s Setting up libbasicobjects0t64:arm64 (0.6.2-2.1build1) ... 118s Setting up libipa-hbac0t64 (2.9.4-1.1ubuntu6) ... 118s Setting up libsss-idmap-dev (2.9.4-1.1ubuntu6) ... 118s Setting up libref-array1t64:arm64 (0.6.2-2.1build1) ... 118s Setting up libipa-hbac-dev (2.9.4-1.1ubuntu6) ... 118s Setting up libtdb1:arm64 (1.4.10-1build1) ... 118s Setting up libcollection4t64:arm64 (0.6.2-2.1build1) ... 118s Setting up libevent-2.1-7t64:arm64 (2.1.12-stable-9ubuntu2) ... 119s Setting up ldap-utils (2.6.7+dfsg-1~exp1ubuntu8) ... 119s Setting up libjose0:arm64 (13-1) ... 119s Setting up libwbclient0:arm64 (2:4.19.5+dfsg-4ubuntu9) ... 119s Setting up libtalloc2:arm64 (2.4.2-1build2) ... 119s Setting up libpath-utils1t64:arm64 (0.6.2-2.1build1) ... 119s Setting up libavahi-common-data:arm64 (0.8-13ubuntu6) ... 119s Setting up libcares2:arm64 (1.27.0-1.0ubuntu1) ... 119s Setting up libdhash1t64:arm64 (0.6.2-2.1build1) ... 119s Setting up libtcl8.6:arm64 (8.6.14+dfsg-1build1) ... 119s Setting up libltdl7:arm64 (2.4.7-7build1) ... 119s Setting up libcrack2:arm64 (2.9.6-5.1build2) ... 119s Setting up libodbc2:arm64 (2.3.12-1ubuntu0.24.04.1) ... 119s Setting up python3-libipa-hbac (2.9.4-1.1ubuntu6) ... 119s Setting up libnss-sudo (1.9.15p5-3ubuntu5) ... 119s Setting up libsss-nss-idmap0 (2.9.4-1.1ubuntu6) ... 119s Setting up libini-config5t64:arm64 (0.6.2-2.1build1) ... 119s Setting up libtevent0t64:arm64 (0.16.1-2build1) ... 119s Setting up libnss-sss:arm64 (2.9.4-1.1ubuntu6) ... 119s Setting up slapd (2.6.7+dfsg-1~exp1ubuntu8) ... 120s Creating new user openldap... done. 121s Creating initial configuration... done. 121s Creating LDAP directory... done. 122s Setting up tcl8.6 (8.6.14+dfsg-1build1) ... 122s Setting up libsss-sudo (2.9.4-1.1ubuntu6) ... 122s Setting up libsss-nss-idmap-dev (2.9.4-1.1ubuntu6) ... 122s Setting up libavahi-common3:arm64 (0.8-13ubuntu6) ... 122s Setting up tcl-expect:arm64 (5.45.4-3) ... 122s Setting up libsss-certmap0 (2.9.4-1.1ubuntu6) ... 122s Setting up libpwquality1:arm64 (1.4.5-3build1) ... 122s Setting up python3-libsss-nss-idmap (2.9.4-1.1ubuntu6) ... 122s Setting up libldb2:arm64 (2:2.8.0+samba4.19.5+dfsg-4ubuntu9) ... 122s Setting up libavahi-client3:arm64 (0.8-13ubuntu6) ... 122s Setting up expect (5.45.4-3) ... 122s Setting up libpam-pwquality:arm64 (1.4.5-3build1) ... 122s Setting up samba-libs:arm64 (2:4.19.5+dfsg-4ubuntu9) ... 122s Setting up libsss-certmap-dev (2.9.4-1.1ubuntu6) ... 122s Setting up python3-sss (2.9.4-1.1ubuntu6) ... 122s Setting up libsmbclient0:arm64 (2:4.19.5+dfsg-4ubuntu9) ... 122s Setting up libpam-sss:arm64 (2.9.4-1.1ubuntu6) ... 123s Setting up sssd-common (2.9.4-1.1ubuntu6) ... 123s Creating SSSD system user & group... 123s warn: The home directory `/var/lib/sss' already exists. Not touching this directory. 123s warn: Warning: The home directory `/var/lib/sss' does not belong to the user you are currently creating. 123s Warning: found usr.sbin.sssd in /etc/apparmor.d/force-complain, forcing complain mode 123s Warning from /etc/apparmor.d/usr.sbin.sssd (/etc/apparmor.d/usr.sbin.sssd line 63): Caching disabled for: 'usr.sbin.sssd' due to force complain 123s Created symlink /etc/systemd/system/sssd.service.wants/sssd-autofs.socket → /usr/lib/systemd/system/sssd-autofs.socket. 124s Created symlink /etc/systemd/system/sssd.service.wants/sssd-nss.socket → /usr/lib/systemd/system/sssd-nss.socket. 124s Created symlink /etc/systemd/system/sssd.service.wants/sssd-pam-priv.socket → /usr/lib/systemd/system/sssd-pam-priv.socket. 124s Created symlink /etc/systemd/system/sssd.service.wants/sssd-pam.socket → /usr/lib/systemd/system/sssd-pam.socket. 124s Created symlink /etc/systemd/system/sssd.service.wants/sssd-ssh.socket → /usr/lib/systemd/system/sssd-ssh.socket. 124s Created symlink /etc/systemd/system/sssd.service.wants/sssd-sudo.socket → /usr/lib/systemd/system/sssd-sudo.socket. 125s Created symlink /etc/systemd/system/multi-user.target.wants/sssd.service → /usr/lib/systemd/system/sssd.service. 125s sssd-autofs.service is a disabled or a static unit, not starting it. 125s sssd-nss.service is a disabled or a static unit, not starting it. 125s sssd-pam.service is a disabled or a static unit, not starting it. 125s sssd-ssh.service is a disabled or a static unit, not starting it. 125s sssd-sudo.service is a disabled or a static unit, not starting it. 125s Could not execute systemctl: at /usr/bin/deb-systemd-invoke line 148. 125s Setting up sssd-proxy (2.9.4-1.1ubuntu6) ... 125s Setting up sssd-kcm (2.9.4-1.1ubuntu6) ... 125s Created symlink /etc/systemd/system/sockets.target.wants/sssd-kcm.socket → /usr/lib/systemd/system/sssd-kcm.socket. 126s sssd-kcm.service is a disabled or a static unit, not starting it. 126s Setting up sssd-dbus (2.9.4-1.1ubuntu6) ... 126s sssd-ifp.service is a disabled or a static unit, not starting it. 126s Setting up sssd-ad-common (2.9.4-1.1ubuntu6) ... 126s Created symlink /etc/systemd/system/sssd.service.wants/sssd-pac.socket → /usr/lib/systemd/system/sssd-pac.socket. 127s sssd-pac.service is a disabled or a static unit, not starting it. 127s Could not execute systemctl: at /usr/bin/deb-systemd-invoke line 148. 127s Setting up sssd-krb5-common (2.9.4-1.1ubuntu6) ... 127s Setting up sssd-krb5 (2.9.4-1.1ubuntu6) ... 127s Setting up sssd-ldap (2.9.4-1.1ubuntu6) ... 127s Setting up sssd-ad (2.9.4-1.1ubuntu6) ... 127s Setting up sssd-tools (2.9.4-1.1ubuntu6) ... 127s Setting up sssd-ipa (2.9.4-1.1ubuntu6) ... 127s Setting up sssd (2.9.4-1.1ubuntu6) ... 127s Setting up libverto-libevent1t64:arm64 (0.3.1-1.2ubuntu3) ... 127s Setting up libverto1t64:arm64 (0.3.1-1.2ubuntu3) ... 127s Setting up libkrad0:arm64 (1.20.1-6ubuntu2) ... 127s Setting up sssd-passkey (2.9.4-1.1ubuntu6) ... 127s Setting up sssd-idp (2.9.4-1.1ubuntu6) ... 127s Setting up autopkgtest-satdep (0) ... 127s Processing triggers for libc-bin (2.39-0ubuntu8.2) ... 127s Processing triggers for ufw (0.36.2-6) ... 127s Processing triggers for man-db (2.12.0-4build2) ... 128s Processing triggers for dbus (1.14.10-4ubuntu4) ... 140s (Reading database ... 79260 files and directories currently installed.) 140s Removing autopkgtest-satdep (0) ... 141s autopkgtest [17:03:20]: test ldap-user-group-ldap-auth: [----------------------- 142s + . debian/tests/util 142s + . debian/tests/common-tests 142s + mydomain=example.com 142s + myhostname=ldap.example.com 142s + mysuffix=dc=example,dc=com 142s + admin_dn=cn=admin,dc=example,dc=com 142s + admin_pw=secret 142s + ldap_user=testuser1 142s + ldap_user_pw=testuser1secret 142s + ldap_group=ldapusers 142s + adjust_hostname ldap.example.com 142s + local myhostname=ldap.example.com 142s + echo ldap.example.com 142s + hostname ldap.example.com 142s + grep -qE ldap.example.com /etc/hosts 142s + echo 127.0.1.10 ldap.example.com 142s + reconfigure_slapd 142s + debconf-set-selections 142s + rm -rf /var/backups/*slapd* /var/backups/unknown*ldapdb 142s + dpkg-reconfigure -fnoninteractive -pcritical slapd 143s Backing up /etc/ldap/slapd.d in /var/backups/slapd-2.6.7+dfsg-1~exp1ubuntu8... done. 143s Moving old database directory to /var/backups: 143s - directory unknown... done. 144s Creating initial configuration... done. 144s Creating LDAP directory... done. 145s + generate_certs ldap.example.com 145s + local cn=ldap.example.com 145s + local cert=/etc/ldap/server.pem 145s + local key=/etc/ldap/server.key 145s + local cnf=/etc/ldap/openssl.cnf 145s + cat 145s + openssl req -new -x509 -nodes -out /etc/ldap/server.pem -keyout /etc/ldap/server.key -config /etc/ldap/openssl.cnf 145s ...................++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 146s ...............................................................++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 146s ----- 146s + chmod 0640 /etc/ldap/server.key 146s + chgrp openldap /etc/ldap/server.key 146s + [ ! -f /etc/ldap/server.pem ] 146s + [ ! -f /etc/ldap/server.key ] 146s + enable_ldap_ssl 146s + cat 146s + cat 146s + ldapmodify -H ldapi:/// -Y EXTERNAL -Q 146s modifying entry "cn=config" 146s 146s + populate_ldap_rfc2307 146s + cat 146s + ldapadd -x -D cn=admin,dc=example,dc=com -w secret 146s adding new entry "ou=People,dc=example,dc=com" 146s 146s adding new entry "ou=Group,dc=example,dc=com" 146s 146s adding new entry "uid=testuser1,ou=People,dc=example,dc=com" 146s 146s adding new entry "cn=testuser1,ou=Group,dc=example,dc=com" 146s 146s adding new entry "cn=ldapusers,ou=Group,dc=example,dc=com" 146s 146s + configure_sssd_ldap_rfc2307 146s + cat 146s + chmod 0600 /etc/sssd/sssd.conf 146s + systemctl restart sssd 146s + enable_pam_mkhomedir 146s + grep -qE ^session.*pam_mkhomedir\.so /etc/pam.d/common-session 146s + echo session optional pam_mkhomedir.so 146s + run_common_tests 146s + echo Assert local user databases do not have our LDAP test data 146s Assert local user databases do not have our LDAP test data 146s The LDAP user is known to the system via getent 146s + check_local_user testuser1 146s + local local_user=testuser1 146s + grep -q ^testuser1 /etc/passwd 146s + check_local_group testuser1 146s + local local_group=testuser1 146s + grep -q ^testuser1 /etc/group 146s + check_local_group ldapusers 146s + local local_group=ldapusers 146s + grep -q ^ldapusers /etc/group 146s + echo The LDAP user is known to the system via getent 146s + check_getent_user testuser1 146s + local getent_user=testuser1 146s + local output 146s + getent passwd testuser1 146s + output=testuser1:*:10001:10001:testuser1:/home/testuser1:/bin/bash 146s + [ -z testuser1:*:10001:10001:testuser1:/home/testuser1:/bin/bash ] 146s + echo The LDAP user's private group is known to the system via getent 146s The LDAP user's private group is known to the system via getent 146s + check_getent_group testuser1 146s + local getent_group=testuser1 146s + local output 146s + getent group testuser1 146s + output=testuser1:*:10001:testuser1 146s + [ -z testuser1:*:10001:testuser1 ] 146s + echo The LDAP group ldapusers is known to the system via getent 146s The LDAP group ldapusers is known to the system via getent 146s + check_getent_group ldapusers 146s + local getent_group=ldapusers 146s + local output 146s + getent group ldapusers 146s The id(1) command can resolve the group membership of the LDAP user 146s + output=ldapusers:*:10100:testuser1 146s + [ -z ldapusers:*:10100:testuser1 ] 146s + echo The id(1) command can resolve the group membership of the LDAP user 146s + id -Gn testuser1 146s + output=testuser1 ldapusers 146s + [ testuser1 ldapusers != testuser1 ldapusers ] 146s + echo The LDAP user can login on a terminal 146s + /usr/bin/expect -f debian/tests/login.exp testuser1 testuser1secret 146s The LDAP user can login on a terminal 146s spawn login 147s ldap.example.com login: testuser1 147s Password: 147s Welcome to Ubuntu 24.04 LTS (GNU/Linux 6.8.0-35-generic aarch64) 147s 147s * Documentation: https://help.ubuntu.com 147s * Management: https://landscape.canonical.com 147s * Support: https://ubuntu.com/pro 147s 147s 147s The programs included with the Ubuntu system are free software; 147s the exact distribution terms for each program are described in the 147s individual files in /usr/share/doc/*/copyright. 147s 147s Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by 147s applicable law. 147s 147s 147s The programs included with the Ubuntu system are free software; 147s the exact distribution terms for each program are described in the 147s individual files in /usr/share/doc/*/copyright. 147s 147s Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by 147s applicable law. 147s 147s Creating directory '/home/testuser1'. 147s [?2004htestuser1@ldap:~$ id -un 147s [?2004l testuser1 147s [?2004htestuser1@ldap:~$ autopkgtest [17:03:26]: test ldap-user-group-ldap-auth: -----------------------] 148s autopkgtest [17:03:27]: test ldap-user-group-ldap-auth: - - - - - - - - - - results - - - - - - - - - - 148s ldap-user-group-ldap-auth PASS 148s autopkgtest [17:03:27]: test ldap-user-group-krb5-auth: preparing testbed 149s Reading package lists... 150s Building dependency tree... 150s Reading state information... 150s Starting pkgProblemResolver with broken count: 0 150s Starting 2 pkgProblemResolver with broken count: 0 150s Done 151s The following additional packages will be installed: 151s krb5-admin-server krb5-config krb5-kdc krb5-user libgssrpc4t64 151s libkadm5clnt-mit12 libkadm5srv-mit12 libkdb5-10t64 151s Suggested packages: 151s krb5-kdc-ldap krb5-kpropd krb5-k5tls krb5-doc 151s The following NEW packages will be installed: 151s autopkgtest-satdep krb5-admin-server krb5-config krb5-kdc krb5-user 151s libgssrpc4t64 libkadm5clnt-mit12 libkadm5srv-mit12 libkdb5-10t64 151s 0 upgraded, 9 newly installed, 0 to remove and 0 not upgraded. 151s Need to get 597 kB/598 kB of archives. 151s After this operation, 2914 kB of additional disk space will be used. 151s Get:1 /tmp/autopkgtest.GSXCpf/2-autopkgtest-satdep.deb autopkgtest-satdep arm64 0 [888 B] 151s Get:2 http://ftpmaster.internal/ubuntu noble/main arm64 krb5-config all 2.7 [22.0 kB] 151s Get:3 http://ftpmaster.internal/ubuntu noble/main arm64 libgssrpc4t64 arm64 1.20.1-6ubuntu2 [57.9 kB] 151s Get:4 http://ftpmaster.internal/ubuntu noble/main arm64 libkadm5clnt-mit12 arm64 1.20.1-6ubuntu2 [40.0 kB] 151s Get:5 http://ftpmaster.internal/ubuntu noble/main arm64 libkdb5-10t64 arm64 1.20.1-6ubuntu2 [40.5 kB] 152s Get:6 http://ftpmaster.internal/ubuntu noble/main arm64 libkadm5srv-mit12 arm64 1.20.1-6ubuntu2 [53.4 kB] 152s Get:7 http://ftpmaster.internal/ubuntu noble/universe arm64 krb5-user arm64 1.20.1-6ubuntu2 [108 kB] 152s Get:8 http://ftpmaster.internal/ubuntu noble/universe arm64 krb5-kdc arm64 1.20.1-6ubuntu2 [180 kB] 152s Get:9 http://ftpmaster.internal/ubuntu noble/universe arm64 krb5-admin-server arm64 1.20.1-6ubuntu2 [94.9 kB] 152s Preconfiguring packages ... 153s Fetched 597 kB in 1s (994 kB/s) 153s Selecting previously unselected package krb5-config. 153s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 79260 files and directories currently installed.) 153s Preparing to unpack .../0-krb5-config_2.7_all.deb ... 153s Unpacking krb5-config (2.7) ... 153s Selecting previously unselected package libgssrpc4t64:arm64. 153s Preparing to unpack .../1-libgssrpc4t64_1.20.1-6ubuntu2_arm64.deb ... 153s Unpacking libgssrpc4t64:arm64 (1.20.1-6ubuntu2) ... 153s Selecting previously unselected package libkadm5clnt-mit12:arm64. 153s Preparing to unpack .../2-libkadm5clnt-mit12_1.20.1-6ubuntu2_arm64.deb ... 153s Unpacking libkadm5clnt-mit12:arm64 (1.20.1-6ubuntu2) ... 153s Selecting previously unselected package libkdb5-10t64:arm64. 153s Preparing to unpack .../3-libkdb5-10t64_1.20.1-6ubuntu2_arm64.deb ... 153s Unpacking libkdb5-10t64:arm64 (1.20.1-6ubuntu2) ... 153s Selecting previously unselected package libkadm5srv-mit12:arm64. 153s Preparing to unpack .../4-libkadm5srv-mit12_1.20.1-6ubuntu2_arm64.deb ... 153s Unpacking libkadm5srv-mit12:arm64 (1.20.1-6ubuntu2) ... 153s Selecting previously unselected package krb5-user. 153s Preparing to unpack .../5-krb5-user_1.20.1-6ubuntu2_arm64.deb ... 153s Unpacking krb5-user (1.20.1-6ubuntu2) ... 153s Selecting previously unselected package krb5-kdc. 153s Preparing to unpack .../6-krb5-kdc_1.20.1-6ubuntu2_arm64.deb ... 153s Unpacking krb5-kdc (1.20.1-6ubuntu2) ... 153s Selecting previously unselected package krb5-admin-server. 153s Preparing to unpack .../7-krb5-admin-server_1.20.1-6ubuntu2_arm64.deb ... 153s Unpacking krb5-admin-server (1.20.1-6ubuntu2) ... 154s Selecting previously unselected package autopkgtest-satdep. 154s Preparing to unpack .../8-2-autopkgtest-satdep.deb ... 154s Unpacking autopkgtest-satdep (0) ... 154s Setting up libgssrpc4t64:arm64 (1.20.1-6ubuntu2) ... 154s Setting up krb5-config (2.7) ... 155s Setting up libkadm5clnt-mit12:arm64 (1.20.1-6ubuntu2) ... 155s Setting up libkdb5-10t64:arm64 (1.20.1-6ubuntu2) ... 155s Setting up libkadm5srv-mit12:arm64 (1.20.1-6ubuntu2) ... 155s Setting up krb5-user (1.20.1-6ubuntu2) ... 155s update-alternatives: using /usr/bin/kinit.mit to provide /usr/bin/kinit (kinit) in auto mode 155s update-alternatives: using /usr/bin/klist.mit to provide /usr/bin/klist (klist) in auto mode 155s update-alternatives: using /usr/bin/kswitch.mit to provide /usr/bin/kswitch (kswitch) in auto mode 155s update-alternatives: using /usr/bin/ksu.mit to provide /usr/bin/ksu (ksu) in auto mode 155s update-alternatives: using /usr/bin/kpasswd.mit to provide /usr/bin/kpasswd (kpasswd) in auto mode 155s update-alternatives: using /usr/bin/kdestroy.mit to provide /usr/bin/kdestroy (kdestroy) in auto mode 155s update-alternatives: using /usr/bin/kadmin.mit to provide /usr/bin/kadmin (kadmin) in auto mode 155s update-alternatives: using /usr/bin/ktutil.mit to provide /usr/bin/ktutil (ktutil) in auto mode 155s Setting up krb5-kdc (1.20.1-6ubuntu2) ... 156s Created symlink /etc/systemd/system/multi-user.target.wants/krb5-kdc.service → /usr/lib/systemd/system/krb5-kdc.service. 156s Could not execute systemctl: at /usr/bin/deb-systemd-invoke line 148. 156s Setting up krb5-admin-server (1.20.1-6ubuntu2) ... 157s Created symlink /etc/systemd/system/multi-user.target.wants/krb5-admin-server.service → /usr/lib/systemd/system/krb5-admin-server.service. 157s Setting up autopkgtest-satdep (0) ... 157s Processing triggers for man-db (2.12.0-4build2) ... 158s Processing triggers for libc-bin (2.39-0ubuntu8.2) ... 167s (Reading database ... 79355 files and directories currently installed.) 167s Removing autopkgtest-satdep (0) ... 168s autopkgtest [17:03:47]: test ldap-user-group-krb5-auth: [----------------------- 169s + . debian/tests/util 169s + . debian/tests/common-tests 169s + mydomain=example.com 169s + myhostname=ldap.example.com 169s + mysuffix=dc=example,dc=com 169s + myrealm=EXAMPLE.COM 169s + admin_dn=cn=admin,dc=example,dc=com 169s + admin_pw=secret 169s + ldap_user=testuser1 169s + ldap_user_pw=testuser1secret 169s + kerberos_principal_pw=testuser1kerberos 169s + ldap_group=ldapusers 169s + adjust_hostname ldap.example.com 169s + local myhostname=ldap.example.com 169s + echo ldap.example.com 169s + hostname ldap.example.com 169s + grep -qE ldap.example.com /etc/hosts 169s + reconfigure_slapd 169s + debconf-set-selections 169s + rm -rf /var/backups/slapd-2.6.7+dfsg-1~exp1ubuntu8 /var/backups/unknown-2.6.7+dfsg-1~exp1ubuntu8-20240614-170322.ldapdb 169s + dpkg-reconfigure -fnoninteractive -pcritical slapd 170s Backing up /etc/ldap/slapd.d in /var/backups/slapd-2.6.7+dfsg-1~exp1ubuntu8... done. 170s Moving old database directory to /var/backups: 170s - directory unknown... done. 170s Creating initial configuration... done. 170s Creating LDAP directory... done. 171s + generate_certs ldap.example.com 171s + local cn=ldap.example.com 171s + local cert=/etc/ldap/server.pem 171s + local key=/etc/ldap/server.key 171s + local cnf=/etc/ldap/openssl.cnf 171s + cat 171s + openssl req -new -x509 -nodes -out /etc/ldap/server.pem -keyout /etc/ldap/server.key -config /etc/ldap/openssl.cnf 171s ............................++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 171s ..................................................................................................................................................++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 171s ----- 171s + chmod 0640 /etc/ldap/server.key 171s + chgrp openldap /etc/ldap/server.key 171s + [ ! -f /etc/ldap/server.pem ] 171s + [ ! -f /etc/ldap/server.key ] 171s + enable_ldap_ssl 171s + cat 171s + cat 171s + ldapmodify -H ldapi:/// -Y EXTERNAL -Q 171s + populate_ldap_rfc2307 171s + cat 171s modifying entry "cn=config" 171s 171s + ldapadd -x -D cn=admin,dc=example,dc=com -w secret 171s adding new entry "ou=People,dc=example,dc=com" 171s 171s adding new entry "ou=Group,dc=example,dc=com" 171s 171s adding new entry "uid=testuser1,ou=People,dc=example,dc=com" 171s 171s adding new entry "cn=testuser1,ou=Group,dc=example,dc=com" 171s 171s adding new entry "cn=ldapusers,ou=Group,dc=example,dc=com" 171s 171s + create_realm EXAMPLE.COM ldap.example.com 171s + local realm_name=EXAMPLE.COM 171s + local kerberos_server=ldap.example.com 171s + rm -rf /var/lib/krb5kdc/* 171s + rm -rf /etc/krb5kdc/kdc.conf 171s + rm -f /etc/krb5.keytab 171s + cat 171s + cat 171s + echo # */admin * 171s + kdb5_util create -s -P secretpassword 171s Initializing database '/var/lib/krb5kdc/principal' for realm 'EXAMPLE.COM', 171s master key name 'K/M@EXAMPLE.COM' 171s + systemctl restart krb5-kdc.service krb5-admin-server.service 171s + create_krb_principal testuser1 testuser1kerberos 171s + local principal=testuser1 171s + local password=testuser1kerberos 171s + kadmin.local -q addprinc -pw testuser1kerberos testuser1 171s No policy specified for testuser1@EXAMPLE.COM; defaulting to no policy 171s Authenticating as principal root/admin@EXAMPLE.COM with password. 171s Principal "testuser1@EXAMPLE.COM" created. 171s + configure_sssd_ldap_rfc2307_krb5_auth 171s + cat 171s + chmod 0600 /etc/sssd/sssd.conf 171s + systemctl restart sssd 171s + enable_pam_mkhomedir 171s + grep -qE ^session.*pam_mkhomedir\.so /etc/pam.d/common-session 171s + run_common_tests 171s + echo Assert local user databases do not have our LDAP test data 171s Assert local user databases do not have our LDAP test data 171s + check_local_user testuser1 171s + local local_user=testuser1 171s + grep -q ^testuser1 /etc/passwd 171s + check_local_group testuser1 171s + local local_group=testuser1 171s + grep -q ^testuser1 /etc/group 171s + check_local_group ldapusers 171s + local local_group=ldapusers 171s + grep -q ^ldapusers /etc/group 171s The LDAP user is known to the system via getent 171s + echo The LDAP user is known to the system via getent 171s + check_getent_user testuser1 171s + local getent_user=testuser1 171s + local output 171s + getent passwd testuser1 171s + output=testuser1:*:10001:10001:testuser1:/home/testuser1:/bin/bash 171s + [ -z testuser1:*:10001:10001:testuser1:/home/testuser1:/bin/bash ] 171s + echo The LDAP user's private group is known to the system via getent 171s The LDAP user's private group is known to the system via getent 171s + check_getent_group testuser1 171s + local getent_group=testuser1 171s + local output 171s + getent group testuser1 171s + output=testuser1:*:10001:testuser1 171s + [ -z testuser1:*:10001:testuser1 ] 171s + echo The LDAP group ldapusers is known to the system via getent 171s + check_getent_group ldapusers 171s + local getent_group=ldapusers 171s + local output 171s + getent group ldapusers 171s + output=ldapusers:*:10100:testuser1 171s + [ -z ldapusers:*:10100:testuser1 ] 171s + echo The id(1) command can resolve the group membership of the LDAP user 171s + id -Gn testuser1 171s The LDAP group ldapusers is known to the system via getent 171s The id(1) command can resolve the group membership of the LDAP user 171s The Kerberos principal can login on a terminal 171s + output=testuser1 ldapusers 171s + [ testuser1 ldapusers != testuser1 ldapusers ] 171s + echo The Kerberos principal can login on a terminal 171s + kdestroy 171s + /usr/bin/expect -f debian/tests/login.exp testuser1 testuser1kerberos testuser1@EXAMPLE.COM 171s spawn login 171s ldap.example.com login: testuser1 171s Password: 172s Welcome to Ubuntu 24.04 LTS (GNU/Linux 6.8.0-35-generic aarch64) 172s 172s * Documentation: https://help.ubuntu.com 172s * Management: https://landscape.canonical.com 172s * Support: https://ubuntu.com/pro 172s 172s 172s The programs included with the Ubuntu system are free software; 172s the exact distribution terms for each program are described in the 172s individual files in /usr/share/doc/*/copyright. 172s 172s Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by 172s applicable law. 172s 172s [?2004htestuser1@ldap:~$ id -un 172s [?2004l testuser1 172s [?2004htestuser1@ldap:~$ klist 172s [?2004l Ticket cache: FILE:/tmp/krb5cc_10001_rpZB7e 172s Default principal: testuser1@EXAMPLE.COM 172s 172s Valid starting Expires Service principal 172s 06/14/24 17:03:51 06/15/24 03:03:51 krbtgt/EXAMPLE.COM@EXAMPLE.COM 172s renew until 06/15/24 17:03:51 172s autopkgtest [17:03:51]: test ldap-user-group-krb5-auth: -----------------------] 173s ldap-user-group-krb5-auth PASS 173s autopkgtest [17:03:52]: test ldap-user-group-krb5-auth: - - - - - - - - - - results - - - - - - - - - - 173s autopkgtest [17:03:52]: test sssd-softhism2-certificates-tests.sh: preparing testbed 232s autopkgtest [17:04:51]: testbed dpkg architecture: arm64 232s autopkgtest [17:04:51]: testbed apt version: 2.7.14build2 232s autopkgtest [17:04:51]: @@@@@@@@@@@@@@@@@@@@ test bed setup 233s Get:1 http://ftpmaster.internal/ubuntu noble-proposed InRelease [265 kB] 234s Get:2 http://ftpmaster.internal/ubuntu noble-proposed/multiverse Sources [5468 B] 234s Get:3 http://ftpmaster.internal/ubuntu noble-proposed/universe Sources [17.1 kB] 234s Get:4 http://ftpmaster.internal/ubuntu noble-proposed/restricted Sources [10.5 kB] 234s Get:5 http://ftpmaster.internal/ubuntu noble-proposed/main Sources [28.4 kB] 234s Get:6 http://ftpmaster.internal/ubuntu noble-proposed/main arm64 Packages [49.9 kB] 234s Get:7 http://ftpmaster.internal/ubuntu noble-proposed/main arm64 c-n-f Metadata [3144 B] 234s Get:8 http://ftpmaster.internal/ubuntu noble-proposed/restricted arm64 Packages [66.1 kB] 234s Get:9 http://ftpmaster.internal/ubuntu noble-proposed/restricted arm64 c-n-f Metadata [116 B] 234s Get:10 http://ftpmaster.internal/ubuntu noble-proposed/universe arm64 Packages [46.3 kB] 234s Get:11 http://ftpmaster.internal/ubuntu noble-proposed/universe arm64 c-n-f Metadata [8528 B] 234s Get:12 http://ftpmaster.internal/ubuntu noble-proposed/multiverse arm64 Packages [10.1 kB] 234s Get:13 http://ftpmaster.internal/ubuntu noble-proposed/multiverse arm64 c-n-f Metadata [116 B] 235s Fetched 511 kB in 1s (498 kB/s) 235s Reading package lists... 238s Reading package lists... 238s Building dependency tree... 238s Reading state information... 238s Calculating upgrade... 239s The following packages will be upgraded: 239s login passwd 239s 2 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 239s Need to get 1039 kB of archives. 239s After this operation, 0 B of additional disk space will be used. 239s Get:1 http://ftpmaster.internal/ubuntu noble-proposed/main arm64 login arm64 1:4.13+dfsg1-4ubuntu3.2 [200 kB] 239s Get:2 http://ftpmaster.internal/ubuntu noble-proposed/main arm64 passwd arm64 1:4.13+dfsg1-4ubuntu3.2 [838 kB] 240s Fetched 1039 kB in 1s (1857 kB/s) 241s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 77969 files and directories currently installed.) 241s Preparing to unpack .../login_1%3a4.13+dfsg1-4ubuntu3.2_arm64.deb ... 241s Unpacking login (1:4.13+dfsg1-4ubuntu3.2) over (1:4.13+dfsg1-4ubuntu3) ... 241s Setting up login (1:4.13+dfsg1-4ubuntu3.2) ... 241s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 77969 files and directories currently installed.) 241s Preparing to unpack .../passwd_1%3a4.13+dfsg1-4ubuntu3.2_arm64.deb ... 241s Unpacking passwd (1:4.13+dfsg1-4ubuntu3.2) over (1:4.13+dfsg1-4ubuntu3) ... 241s Setting up passwd (1:4.13+dfsg1-4ubuntu3.2) ... 241s Processing triggers for man-db (2.12.0-4build2) ... 243s Reading package lists... 244s Building dependency tree... 244s Reading state information... 245s 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 246s Hit:1 http://ftpmaster.internal/ubuntu noble-proposed InRelease 246s Hit:2 http://ftpmaster.internal/ubuntu noble InRelease 246s Hit:3 http://ftpmaster.internal/ubuntu noble-updates InRelease 246s Hit:4 http://ftpmaster.internal/ubuntu noble-security InRelease 247s Reading package lists... 247s Reading package lists... 247s Building dependency tree... 247s Reading state information... 248s Calculating upgrade... 248s 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 249s Reading package lists... 249s Building dependency tree... 249s Reading state information... 250s 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 254s Reading package lists... 254s Building dependency tree... 254s Reading state information... 254s Starting pkgProblemResolver with broken count: 0 254s Starting 2 pkgProblemResolver with broken count: 0 254s Done 255s The following additional packages will be installed: 255s gnutls-bin libavahi-client3 libavahi-common-data libavahi-common3 255s libbasicobjects0t64 libcares2 libcollection4t64 libcrack2 libdhash1t64 255s libevent-2.1-7t64 libgnutls-dane0t64 libini-config5t64 libipa-hbac0t64 255s libldb2 libnfsidmap1 libnss-sss libpam-pwquality libpam-sss 255s libpath-utils1t64 libpwquality-common libpwquality1 libref-array1t64 255s libsmbclient0 libsofthsm2 libsss-certmap0 libsss-idmap0 libsss-nss-idmap0 255s libtalloc2 libtdb1 libtevent0t64 libunbound8 libwbclient0 python3-sss 255s samba-libs softhsm2 softhsm2-common sssd sssd-ad sssd-ad-common sssd-common 255s sssd-ipa sssd-krb5 sssd-krb5-common sssd-ldap sssd-proxy 255s Suggested packages: 255s dns-root-data adcli libsss-sudo sssd-tools libsasl2-modules-ldap 255s Recommended packages: 255s cracklib-runtime libsasl2-modules-gssapi-mit 255s | libsasl2-modules-gssapi-heimdal ldap-utils 255s The following NEW packages will be installed: 255s autopkgtest-satdep gnutls-bin libavahi-client3 libavahi-common-data 255s libavahi-common3 libbasicobjects0t64 libcares2 libcollection4t64 libcrack2 255s libdhash1t64 libevent-2.1-7t64 libgnutls-dane0t64 libini-config5t64 255s libipa-hbac0t64 libldb2 libnfsidmap1 libnss-sss libpam-pwquality libpam-sss 255s libpath-utils1t64 libpwquality-common libpwquality1 libref-array1t64 255s libsmbclient0 libsofthsm2 libsss-certmap0 libsss-idmap0 libsss-nss-idmap0 255s libtalloc2 libtdb1 libtevent0t64 libunbound8 libwbclient0 python3-sss 255s samba-libs softhsm2 softhsm2-common sssd sssd-ad sssd-ad-common sssd-common 255s sssd-ipa sssd-krb5 sssd-krb5-common sssd-ldap sssd-proxy 255s 0 upgraded, 46 newly installed, 0 to remove and 0 not upgraded. 255s Need to get 10.1 MB/10.1 MB of archives. 255s After this operation, 48.7 MB of additional disk space will be used. 255s Get:1 /tmp/autopkgtest.GSXCpf/3-autopkgtest-satdep.deb autopkgtest-satdep arm64 0 [748 B] 255s Get:2 http://ftpmaster.internal/ubuntu noble/main arm64 libevent-2.1-7t64 arm64 2.1.12-stable-9ubuntu2 [140 kB] 255s Get:3 http://ftpmaster.internal/ubuntu noble-updates/main arm64 libunbound8 arm64 1.19.2-1ubuntu3.1 [425 kB] 256s Get:4 http://ftpmaster.internal/ubuntu noble-updates/main arm64 libgnutls-dane0t64 arm64 3.8.3-1.1ubuntu3.1 [23.5 kB] 256s Get:5 http://ftpmaster.internal/ubuntu noble-updates/universe arm64 gnutls-bin arm64 3.8.3-1.1ubuntu3.1 [267 kB] 256s Get:6 http://ftpmaster.internal/ubuntu noble/main arm64 libavahi-common-data arm64 0.8-13ubuntu6 [29.6 kB] 256s Get:7 http://ftpmaster.internal/ubuntu noble/main arm64 libavahi-common3 arm64 0.8-13ubuntu6 [23.3 kB] 256s Get:8 http://ftpmaster.internal/ubuntu noble/main arm64 libavahi-client3 arm64 0.8-13ubuntu6 [27.2 kB] 256s Get:9 http://ftpmaster.internal/ubuntu noble/main arm64 libbasicobjects0t64 arm64 0.6.2-2.1build1 [5850 B] 256s Get:10 http://ftpmaster.internal/ubuntu noble/main arm64 libcares2 arm64 1.27.0-1.0ubuntu1 [74.1 kB] 256s Get:11 http://ftpmaster.internal/ubuntu noble/main arm64 libcollection4t64 arm64 0.6.2-2.1build1 [23.5 kB] 256s Get:12 http://ftpmaster.internal/ubuntu noble/main arm64 libcrack2 arm64 2.9.6-5.1build2 [28.9 kB] 256s Get:13 http://ftpmaster.internal/ubuntu noble/main arm64 libdhash1t64 arm64 0.6.2-2.1build1 [8882 B] 256s Get:14 http://ftpmaster.internal/ubuntu noble/main arm64 libpath-utils1t64 arm64 0.6.2-2.1build1 [9120 B] 256s Get:15 http://ftpmaster.internal/ubuntu noble/main arm64 libref-array1t64 arm64 0.6.2-2.1build1 [7322 B] 256s Get:16 http://ftpmaster.internal/ubuntu noble/main arm64 libini-config5t64 arm64 0.6.2-2.1build1 [44.6 kB] 256s Get:17 http://ftpmaster.internal/ubuntu noble/main arm64 libipa-hbac0t64 arm64 2.9.4-1.1ubuntu6 [17.1 kB] 256s Get:18 http://ftpmaster.internal/ubuntu noble/main arm64 libtalloc2 arm64 2.4.2-1build2 [26.7 kB] 256s Get:19 http://ftpmaster.internal/ubuntu noble/main arm64 libtdb1 arm64 1.4.10-1build1 [48.5 kB] 256s Get:20 http://ftpmaster.internal/ubuntu noble/main arm64 libtevent0t64 arm64 0.16.1-2build1 [42.3 kB] 256s Get:21 http://ftpmaster.internal/ubuntu noble/main arm64 libldb2 arm64 2:2.8.0+samba4.19.5+dfsg-4ubuntu9 [188 kB] 256s Get:22 http://ftpmaster.internal/ubuntu noble/main arm64 libnfsidmap1 arm64 1:2.6.4-3ubuntu5 [48.2 kB] 256s Get:23 http://ftpmaster.internal/ubuntu noble/main arm64 libpwquality-common all 1.4.5-3build1 [7748 B] 256s Get:24 http://ftpmaster.internal/ubuntu noble/main arm64 libpwquality1 arm64 1.4.5-3build1 [13.3 kB] 256s Get:25 http://ftpmaster.internal/ubuntu noble/main arm64 libpam-pwquality arm64 1.4.5-3build1 [11.7 kB] 256s Get:26 http://ftpmaster.internal/ubuntu noble/main arm64 libwbclient0 arm64 2:4.19.5+dfsg-4ubuntu9 [71.4 kB] 256s Get:27 http://ftpmaster.internal/ubuntu noble/main arm64 samba-libs arm64 2:4.19.5+dfsg-4ubuntu9 [6061 kB] 256s Get:28 http://ftpmaster.internal/ubuntu noble/main arm64 libsmbclient0 arm64 2:4.19.5+dfsg-4ubuntu9 [62.1 kB] 256s Get:29 http://ftpmaster.internal/ubuntu noble/universe arm64 softhsm2-common arm64 2.6.1-2.2ubuntu3 [6196 B] 256s Get:30 http://ftpmaster.internal/ubuntu noble/universe arm64 libsofthsm2 arm64 2.6.1-2.2ubuntu3 [247 kB] 256s Get:31 http://ftpmaster.internal/ubuntu noble/universe arm64 softhsm2 arm64 2.6.1-2.2ubuntu3 [167 kB] 256s Get:32 http://ftpmaster.internal/ubuntu noble/main arm64 python3-sss arm64 2.9.4-1.1ubuntu6 [46.9 kB] 256s Get:33 http://ftpmaster.internal/ubuntu noble/main arm64 libsss-idmap0 arm64 2.9.4-1.1ubuntu6 [22.2 kB] 256s Get:34 http://ftpmaster.internal/ubuntu noble/main arm64 libnss-sss arm64 2.9.4-1.1ubuntu6 [32.0 kB] 256s Get:35 http://ftpmaster.internal/ubuntu noble/main arm64 libpam-sss arm64 2.9.4-1.1ubuntu6 [49.1 kB] 256s Get:36 http://ftpmaster.internal/ubuntu noble/main arm64 libsss-certmap0 arm64 2.9.4-1.1ubuntu6 [46.2 kB] 256s Get:37 http://ftpmaster.internal/ubuntu noble/main arm64 libsss-nss-idmap0 arm64 2.9.4-1.1ubuntu6 [30.7 kB] 256s Get:38 http://ftpmaster.internal/ubuntu noble/main arm64 sssd-common arm64 2.9.4-1.1ubuntu6 [1147 kB] 256s Get:39 http://ftpmaster.internal/ubuntu noble/main arm64 sssd-ad-common arm64 2.9.4-1.1ubuntu6 [75.4 kB] 256s Get:40 http://ftpmaster.internal/ubuntu noble/main arm64 sssd-krb5-common arm64 2.9.4-1.1ubuntu6 [87.9 kB] 256s Get:41 http://ftpmaster.internal/ubuntu noble/main arm64 sssd-ad arm64 2.9.4-1.1ubuntu6 [134 kB] 256s Get:42 http://ftpmaster.internal/ubuntu noble/main arm64 sssd-ipa arm64 2.9.4-1.1ubuntu6 [220 kB] 256s Get:43 http://ftpmaster.internal/ubuntu noble/main arm64 sssd-krb5 arm64 2.9.4-1.1ubuntu6 [14.3 kB] 256s Get:44 http://ftpmaster.internal/ubuntu noble/main arm64 sssd-ldap arm64 2.9.4-1.1ubuntu6 [31.3 kB] 256s Get:45 http://ftpmaster.internal/ubuntu noble/main arm64 sssd-proxy arm64 2.9.4-1.1ubuntu6 [44.6 kB] 256s Get:46 http://ftpmaster.internal/ubuntu noble/main arm64 sssd arm64 2.9.4-1.1ubuntu6 [4118 B] 257s Fetched 10.1 MB in 1s (8392 kB/s) 257s Selecting previously unselected package libevent-2.1-7t64:arm64. 257s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 77969 files and directories currently installed.) 257s Preparing to unpack .../00-libevent-2.1-7t64_2.1.12-stable-9ubuntu2_arm64.deb ... 257s Unpacking libevent-2.1-7t64:arm64 (2.1.12-stable-9ubuntu2) ... 257s Selecting previously unselected package libunbound8:arm64. 257s Preparing to unpack .../01-libunbound8_1.19.2-1ubuntu3.1_arm64.deb ... 257s Unpacking libunbound8:arm64 (1.19.2-1ubuntu3.1) ... 257s Selecting previously unselected package libgnutls-dane0t64:arm64. 257s Preparing to unpack .../02-libgnutls-dane0t64_3.8.3-1.1ubuntu3.1_arm64.deb ... 257s Unpacking libgnutls-dane0t64:arm64 (3.8.3-1.1ubuntu3.1) ... 257s Selecting previously unselected package gnutls-bin. 257s Preparing to unpack .../03-gnutls-bin_3.8.3-1.1ubuntu3.1_arm64.deb ... 257s Unpacking gnutls-bin (3.8.3-1.1ubuntu3.1) ... 257s Selecting previously unselected package libavahi-common-data:arm64. 257s Preparing to unpack .../04-libavahi-common-data_0.8-13ubuntu6_arm64.deb ... 257s Unpacking libavahi-common-data:arm64 (0.8-13ubuntu6) ... 257s Selecting previously unselected package libavahi-common3:arm64. 257s Preparing to unpack .../05-libavahi-common3_0.8-13ubuntu6_arm64.deb ... 257s Unpacking libavahi-common3:arm64 (0.8-13ubuntu6) ... 257s Selecting previously unselected package libavahi-client3:arm64. 257s Preparing to unpack .../06-libavahi-client3_0.8-13ubuntu6_arm64.deb ... 257s Unpacking libavahi-client3:arm64 (0.8-13ubuntu6) ... 257s Selecting previously unselected package libbasicobjects0t64:arm64. 257s Preparing to unpack .../07-libbasicobjects0t64_0.6.2-2.1build1_arm64.deb ... 257s Unpacking libbasicobjects0t64:arm64 (0.6.2-2.1build1) ... 257s Selecting previously unselected package libcares2:arm64. 257s Preparing to unpack .../08-libcares2_1.27.0-1.0ubuntu1_arm64.deb ... 257s Unpacking libcares2:arm64 (1.27.0-1.0ubuntu1) ... 257s Selecting previously unselected package libcollection4t64:arm64. 257s Preparing to unpack .../09-libcollection4t64_0.6.2-2.1build1_arm64.deb ... 257s Unpacking libcollection4t64:arm64 (0.6.2-2.1build1) ... 258s Selecting previously unselected package libcrack2:arm64. 258s Preparing to unpack .../10-libcrack2_2.9.6-5.1build2_arm64.deb ... 258s Unpacking libcrack2:arm64 (2.9.6-5.1build2) ... 258s Selecting previously unselected package libdhash1t64:arm64. 258s Preparing to unpack .../11-libdhash1t64_0.6.2-2.1build1_arm64.deb ... 258s Unpacking libdhash1t64:arm64 (0.6.2-2.1build1) ... 258s Selecting previously unselected package libpath-utils1t64:arm64. 258s Preparing to unpack .../12-libpath-utils1t64_0.6.2-2.1build1_arm64.deb ... 258s Unpacking libpath-utils1t64:arm64 (0.6.2-2.1build1) ... 258s Selecting previously unselected package libref-array1t64:arm64. 258s Preparing to unpack .../13-libref-array1t64_0.6.2-2.1build1_arm64.deb ... 258s Unpacking libref-array1t64:arm64 (0.6.2-2.1build1) ... 258s Selecting previously unselected package libini-config5t64:arm64. 258s Preparing to unpack .../14-libini-config5t64_0.6.2-2.1build1_arm64.deb ... 258s Unpacking libini-config5t64:arm64 (0.6.2-2.1build1) ... 258s Selecting previously unselected package libipa-hbac0t64. 258s Preparing to unpack .../15-libipa-hbac0t64_2.9.4-1.1ubuntu6_arm64.deb ... 258s Unpacking libipa-hbac0t64 (2.9.4-1.1ubuntu6) ... 258s Selecting previously unselected package libtalloc2:arm64. 258s Preparing to unpack .../16-libtalloc2_2.4.2-1build2_arm64.deb ... 258s Unpacking libtalloc2:arm64 (2.4.2-1build2) ... 258s Selecting previously unselected package libtdb1:arm64. 258s Preparing to unpack .../17-libtdb1_1.4.10-1build1_arm64.deb ... 258s Unpacking libtdb1:arm64 (1.4.10-1build1) ... 258s Selecting previously unselected package libtevent0t64:arm64. 258s Preparing to unpack .../18-libtevent0t64_0.16.1-2build1_arm64.deb ... 258s Unpacking libtevent0t64:arm64 (0.16.1-2build1) ... 258s Selecting previously unselected package libldb2:arm64. 258s Preparing to unpack .../19-libldb2_2%3a2.8.0+samba4.19.5+dfsg-4ubuntu9_arm64.deb ... 258s Unpacking libldb2:arm64 (2:2.8.0+samba4.19.5+dfsg-4ubuntu9) ... 258s Selecting previously unselected package libnfsidmap1:arm64. 258s Preparing to unpack .../20-libnfsidmap1_1%3a2.6.4-3ubuntu5_arm64.deb ... 258s Unpacking libnfsidmap1:arm64 (1:2.6.4-3ubuntu5) ... 258s Selecting previously unselected package libpwquality-common. 258s Preparing to unpack .../21-libpwquality-common_1.4.5-3build1_all.deb ... 258s Unpacking libpwquality-common (1.4.5-3build1) ... 258s Selecting previously unselected package libpwquality1:arm64. 258s Preparing to unpack .../22-libpwquality1_1.4.5-3build1_arm64.deb ... 258s Unpacking libpwquality1:arm64 (1.4.5-3build1) ... 258s Selecting previously unselected package libpam-pwquality:arm64. 258s Preparing to unpack .../23-libpam-pwquality_1.4.5-3build1_arm64.deb ... 258s Unpacking libpam-pwquality:arm64 (1.4.5-3build1) ... 258s Selecting previously unselected package libwbclient0:arm64. 258s Preparing to unpack .../24-libwbclient0_2%3a4.19.5+dfsg-4ubuntu9_arm64.deb ... 258s Unpacking libwbclient0:arm64 (2:4.19.5+dfsg-4ubuntu9) ... 258s Selecting previously unselected package samba-libs:arm64. 258s Preparing to unpack .../25-samba-libs_2%3a4.19.5+dfsg-4ubuntu9_arm64.deb ... 258s Unpacking samba-libs:arm64 (2:4.19.5+dfsg-4ubuntu9) ... 258s Selecting previously unselected package libsmbclient0:arm64. 258s Preparing to unpack .../26-libsmbclient0_2%3a4.19.5+dfsg-4ubuntu9_arm64.deb ... 258s Unpacking libsmbclient0:arm64 (2:4.19.5+dfsg-4ubuntu9) ... 258s Selecting previously unselected package softhsm2-common. 258s Preparing to unpack .../27-softhsm2-common_2.6.1-2.2ubuntu3_arm64.deb ... 258s Unpacking softhsm2-common (2.6.1-2.2ubuntu3) ... 258s Selecting previously unselected package libsofthsm2. 258s Preparing to unpack .../28-libsofthsm2_2.6.1-2.2ubuntu3_arm64.deb ... 258s Unpacking libsofthsm2 (2.6.1-2.2ubuntu3) ... 258s Selecting previously unselected package softhsm2. 258s Preparing to unpack .../29-softhsm2_2.6.1-2.2ubuntu3_arm64.deb ... 258s Unpacking softhsm2 (2.6.1-2.2ubuntu3) ... 259s Selecting previously unselected package python3-sss. 259s Preparing to unpack .../30-python3-sss_2.9.4-1.1ubuntu6_arm64.deb ... 259s Unpacking python3-sss (2.9.4-1.1ubuntu6) ... 259s Selecting previously unselected package libsss-idmap0. 259s Preparing to unpack .../31-libsss-idmap0_2.9.4-1.1ubuntu6_arm64.deb ... 259s Unpacking libsss-idmap0 (2.9.4-1.1ubuntu6) ... 259s Selecting previously unselected package libnss-sss:arm64. 259s Preparing to unpack .../32-libnss-sss_2.9.4-1.1ubuntu6_arm64.deb ... 259s Unpacking libnss-sss:arm64 (2.9.4-1.1ubuntu6) ... 259s Selecting previously unselected package libpam-sss:arm64. 259s Preparing to unpack .../33-libpam-sss_2.9.4-1.1ubuntu6_arm64.deb ... 259s Unpacking libpam-sss:arm64 (2.9.4-1.1ubuntu6) ... 259s Selecting previously unselected package libsss-certmap0. 259s Preparing to unpack .../34-libsss-certmap0_2.9.4-1.1ubuntu6_arm64.deb ... 259s Unpacking libsss-certmap0 (2.9.4-1.1ubuntu6) ... 259s Selecting previously unselected package libsss-nss-idmap0. 259s Preparing to unpack .../35-libsss-nss-idmap0_2.9.4-1.1ubuntu6_arm64.deb ... 259s Unpacking libsss-nss-idmap0 (2.9.4-1.1ubuntu6) ... 259s Selecting previously unselected package sssd-common. 260s Preparing to unpack .../36-sssd-common_2.9.4-1.1ubuntu6_arm64.deb ... 260s Unpacking sssd-common (2.9.4-1.1ubuntu6) ... 260s Selecting previously unselected package sssd-ad-common. 260s Preparing to unpack .../37-sssd-ad-common_2.9.4-1.1ubuntu6_arm64.deb ... 260s Unpacking sssd-ad-common (2.9.4-1.1ubuntu6) ... 260s Selecting previously unselected package sssd-krb5-common. 260s Preparing to unpack .../38-sssd-krb5-common_2.9.4-1.1ubuntu6_arm64.deb ... 260s Unpacking sssd-krb5-common (2.9.4-1.1ubuntu6) ... 260s Selecting previously unselected package sssd-ad. 260s Preparing to unpack .../39-sssd-ad_2.9.4-1.1ubuntu6_arm64.deb ... 260s Unpacking sssd-ad (2.9.4-1.1ubuntu6) ... 260s Selecting previously unselected package sssd-ipa. 260s Preparing to unpack .../40-sssd-ipa_2.9.4-1.1ubuntu6_arm64.deb ... 260s Unpacking sssd-ipa (2.9.4-1.1ubuntu6) ... 260s Selecting previously unselected package sssd-krb5. 260s Preparing to unpack .../41-sssd-krb5_2.9.4-1.1ubuntu6_arm64.deb ... 260s Unpacking sssd-krb5 (2.9.4-1.1ubuntu6) ... 260s Selecting previously unselected package sssd-ldap. 260s Preparing to unpack .../42-sssd-ldap_2.9.4-1.1ubuntu6_arm64.deb ... 260s Unpacking sssd-ldap (2.9.4-1.1ubuntu6) ... 260s Selecting previously unselected package sssd-proxy. 260s Preparing to unpack .../43-sssd-proxy_2.9.4-1.1ubuntu6_arm64.deb ... 260s Unpacking sssd-proxy (2.9.4-1.1ubuntu6) ... 260s Selecting previously unselected package sssd. 260s Preparing to unpack .../44-sssd_2.9.4-1.1ubuntu6_arm64.deb ... 260s Unpacking sssd (2.9.4-1.1ubuntu6) ... 260s Selecting previously unselected package autopkgtest-satdep. 260s Preparing to unpack .../45-3-autopkgtest-satdep.deb ... 260s Unpacking autopkgtest-satdep (0) ... 260s Setting up libpwquality-common (1.4.5-3build1) ... 260s Setting up softhsm2-common (2.6.1-2.2ubuntu3) ... 261s 261s Creating config file /etc/softhsm/softhsm2.conf with new version 261s Setting up libnfsidmap1:arm64 (1:2.6.4-3ubuntu5) ... 261s Setting up libsss-idmap0 (2.9.4-1.1ubuntu6) ... 261s Setting up libbasicobjects0t64:arm64 (0.6.2-2.1build1) ... 261s Setting up libipa-hbac0t64 (2.9.4-1.1ubuntu6) ... 261s Setting up libref-array1t64:arm64 (0.6.2-2.1build1) ... 261s Setting up libtdb1:arm64 (1.4.10-1build1) ... 261s Setting up libcollection4t64:arm64 (0.6.2-2.1build1) ... 261s Setting up libevent-2.1-7t64:arm64 (2.1.12-stable-9ubuntu2) ... 261s Setting up libwbclient0:arm64 (2:4.19.5+dfsg-4ubuntu9) ... 261s Setting up libtalloc2:arm64 (2.4.2-1build2) ... 261s Setting up libpath-utils1t64:arm64 (0.6.2-2.1build1) ... 261s Setting up libunbound8:arm64 (1.19.2-1ubuntu3.1) ... 261s Setting up libgnutls-dane0t64:arm64 (3.8.3-1.1ubuntu3.1) ... 261s Setting up libavahi-common-data:arm64 (0.8-13ubuntu6) ... 261s Setting up libcares2:arm64 (1.27.0-1.0ubuntu1) ... 261s Setting up libdhash1t64:arm64 (0.6.2-2.1build1) ... 261s Setting up libcrack2:arm64 (2.9.6-5.1build2) ... 261s Setting up libsss-nss-idmap0 (2.9.4-1.1ubuntu6) ... 261s Setting up libini-config5t64:arm64 (0.6.2-2.1build1) ... 261s Setting up libtevent0t64:arm64 (0.16.1-2build1) ... 261s Setting up libnss-sss:arm64 (2.9.4-1.1ubuntu6) ... 261s Setting up gnutls-bin (3.8.3-1.1ubuntu3.1) ... 261s Setting up libsofthsm2 (2.6.1-2.2ubuntu3) ... 261s Setting up softhsm2 (2.6.1-2.2ubuntu3) ... 261s Setting up libavahi-common3:arm64 (0.8-13ubuntu6) ... 261s Setting up libsss-certmap0 (2.9.4-1.1ubuntu6) ... 261s Setting up libpwquality1:arm64 (1.4.5-3build1) ... 261s Setting up libldb2:arm64 (2:2.8.0+samba4.19.5+dfsg-4ubuntu9) ... 261s Setting up libavahi-client3:arm64 (0.8-13ubuntu6) ... 261s Setting up libpam-pwquality:arm64 (1.4.5-3build1) ... 261s Setting up samba-libs:arm64 (2:4.19.5+dfsg-4ubuntu9) ... 261s Setting up python3-sss (2.9.4-1.1ubuntu6) ... 261s Setting up libsmbclient0:arm64 (2:4.19.5+dfsg-4ubuntu9) ... 261s Setting up libpam-sss:arm64 (2.9.4-1.1ubuntu6) ... 262s Setting up sssd-common (2.9.4-1.1ubuntu6) ... 262s Creating SSSD system user & group... 262s warn: The home directory `/var/lib/sss' already exists. Not touching this directory. 262s warn: Warning: The home directory `/var/lib/sss' does not belong to the user you are currently creating. 262s Warning: found usr.sbin.sssd in /etc/apparmor.d/force-complain, forcing complain mode 262s Warning from /etc/apparmor.d/usr.sbin.sssd (/etc/apparmor.d/usr.sbin.sssd line 63): Caching disabled for: 'usr.sbin.sssd' due to force complain 263s Created symlink /etc/systemd/system/sssd.service.wants/sssd-autofs.socket → /usr/lib/systemd/system/sssd-autofs.socket. 264s Created symlink /etc/systemd/system/sssd.service.wants/sssd-nss.socket → /usr/lib/systemd/system/sssd-nss.socket. 264s Created symlink /etc/systemd/system/sssd.service.wants/sssd-pam-priv.socket → /usr/lib/systemd/system/sssd-pam-priv.socket. 264s Created symlink /etc/systemd/system/sssd.service.wants/sssd-pam.socket → /usr/lib/systemd/system/sssd-pam.socket. 264s Created symlink /etc/systemd/system/sssd.service.wants/sssd-ssh.socket → /usr/lib/systemd/system/sssd-ssh.socket. 264s Created symlink /etc/systemd/system/sssd.service.wants/sssd-sudo.socket → /usr/lib/systemd/system/sssd-sudo.socket. 265s Created symlink /etc/systemd/system/multi-user.target.wants/sssd.service → /usr/lib/systemd/system/sssd.service. 265s sssd-autofs.service is a disabled or a static unit, not starting it. 266s sssd-nss.service is a disabled or a static unit, not starting it. 266s sssd-pam.service is a disabled or a static unit, not starting it. 266s sssd-ssh.service is a disabled or a static unit, not starting it. 266s sssd-sudo.service is a disabled or a static unit, not starting it. 266s Could not execute systemctl: at /usr/bin/deb-systemd-invoke line 148. 266s Setting up sssd-proxy (2.9.4-1.1ubuntu6) ... 266s Setting up sssd-ad-common (2.9.4-1.1ubuntu6) ... 266s Created symlink /etc/systemd/system/sssd.service.wants/sssd-pac.socket → /usr/lib/systemd/system/sssd-pac.socket. 266s sssd-pac.service is a disabled or a static unit, not starting it. 266s Could not execute systemctl: at /usr/bin/deb-systemd-invoke line 148. 266s Setting up sssd-krb5-common (2.9.4-1.1ubuntu6) ... 266s Setting up sssd-krb5 (2.9.4-1.1ubuntu6) ... 266s Setting up sssd-ldap (2.9.4-1.1ubuntu6) ... 266s Setting up sssd-ad (2.9.4-1.1ubuntu6) ... 266s Setting up sssd-ipa (2.9.4-1.1ubuntu6) ... 266s Setting up sssd (2.9.4-1.1ubuntu6) ... 266s Setting up autopkgtest-satdep (0) ... 266s Processing triggers for man-db (2.12.0-4build2) ... 267s Processing triggers for libc-bin (2.39-0ubuntu8.2) ... 272s (Reading database ... 78565 files and directories currently installed.) 272s Removing autopkgtest-satdep (0) ... 278s autopkgtest [17:05:37]: test sssd-softhism2-certificates-tests.sh: [----------------------- 278s + '[' -z ubuntu ']' 278s + required_tools=(p11tool openssl softhsm2-util) 278s + for cmd in "${required_tools[@]}" 278s + command -v p11tool 278s + for cmd in "${required_tools[@]}" 278s + command -v openssl 278s + for cmd in "${required_tools[@]}" 278s + command -v softhsm2-util 278s + PIN=053350 278s +++ find /usr/lib/softhsm/libsofthsm2.so 278s +++ head -n 1 278s ++ realpath /usr/lib/softhsm/libsofthsm2.so 278s + SOFTHSM2_MODULE=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so 278s + SSSD_P11_CHILD=/usr/libexec/sssd/p11_child 278s + TOKEN_ID=00112233445566778899FFAABBCCDDEEFF012345 278s + '[' '!' -v NO_SSSD_TESTS ']' 278s + '[' '!' -x /usr/libexec/sssd/p11_child ']' 278s + ca_db_arg=ca_db 278s ++ /usr/libexec/sssd/p11_child --help 278s + p11_child_help='Usage: p11_child [OPTION...] 278s -d, --debug-level=INT Debug level 278s --debug-timestamps=INT Add debug timestamps 278s --debug-microseconds=INT Show timestamps with microseconds 278s --dumpable=INT Allow core dumps 278s --debug-fd=INT An open file descriptor for the debug 278s logs 278s --logger=stderr|files|journald Set logger 278s --auth Run in auth mode 278s --pre Run in pre-auth mode 278s --wait_for_card Wait until card is available 278s --verification Run in verification mode 278s --pin Expect PIN on stdin 278s --keypad Expect PIN on keypad 278s --verify=STRING Tune validation 278s --ca_db=STRING CA DB to use 278s --module_name=STRING Module name for authentication 278s --token_name=STRING Token name for authentication 278s --key_id=STRING Key ID for authentication 278s --label=STRING Label for authentication 278s --certificate=STRING certificate to verify, base64 encoded 278s --uri=STRING PKCS#11 URI to restrict selection 278s --chain-id=LONG Tevent chain ID used for logging 278s purposes 278s 278s Help options: 278s -?, --help Show this help message 278s --usage Display brief usage message' 278s + echo 'Usage: p11_child [OPTION...] 278s -d, --debug-level=INT Debug level 278s --debug-timestamps=INT Add debug timestamps 278s --debug-microseconds=INT Show timestamps with microseconds 278s --dumpable=INT Allow core dumps 278s --debug-fd=INT An open file descriptor for the debug 278s logs 278s --logger=stderr|files|journald Set logger 278s --auth Run in auth mode 278s --pre Run in pre-auth mode 278s --wait_for_card Wait until card is available 278s --verification Run in verification mode 278s --pin Expect PIN on stdin 278s --keypad Expect PIN on keypad 278s --verify=STRING Tune validation 278s --ca_db=STRING CA DB to use 278s --module_name=STRING Module name for authentication 278s --token_name=STRING Token name for authentication 278s --key_id=STRING Key ID for authentication 278s --label=STRING Label for authentication 278s --certificate=STRING certificate to verify, base64 encoded 278s --uri=STRING PKCS#11 URI to restrict selection 278s --chain-id=LONG Tevent chain ID used for logging 278s purposes 278s 278s Help options: 278s -?, --help Show this help message 278s --usage Display brief usage message' 278s + grep nssdb -qs 278s + echo 'Usage: p11_child [OPTION...] 278s -d, --debug-level=INT Debug level 278s --debug-timestamps=INT Add debug timestamps 278s --debug-microseconds=INT Show timestamps with microseconds 278s --dumpable=INT Allow core dumps 278s --debug-fd=INT An open file descriptor for the debug 278s logs 278s --logger=stderr|files|journald Set logger 278s --auth Run in auth mode 278s --pre Run in pre-auth mode 278s --wait_for_card Wait until card is available 278s --verification Run in verification mode 278s --pin Expect PIN on stdin 278s --keypad Expect PIN on keypad 278s --verify=STRING Tune validation 278s --ca_db=STRING CA DB to use 278s --module_name=STRING Module name for authentication 278s --token_name=STRING Token name for authentication 278s --key_id=STRING Key ID for authentication 278s --label=STRING Label for authentication 278s --certificate=STRING certificate to verify, base64 encoded 278s --uri=STRING PKCS#11 URI to restrict selection 278s --chain-id=LONG Tevent chain ID used for logging 278s purposes 278s 278s Help options: 278s -?, --help Show this help message 278s --usage Display brief usage message' 278s + grep -qs -- --ca_db 278s + '[' '!' -e /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so ']' 278s ++ mktemp -d -t sssd-softhsm2-XXXXXX 278s + tmpdir=/tmp/sssd-softhsm2-ejg3vy 278s + keys_size=1024 278s + [[ ! -v KEEP_TEMPORARY_FILES ]] 278s + trap 'rm -rf "$tmpdir"' EXIT 278s + trap 'set +x; echo -e "\nUnexpected failure!!!"' ERR 278s + echo -n 01 278s + touch /tmp/sssd-softhsm2-ejg3vy/index.txt 278s + mkdir -p /tmp/sssd-softhsm2-ejg3vy/new_certs 278s + cat 278s + root_ca_key_pass=pass:random-root-CA-password-1420 278s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-ejg3vy/test-root-CA-key.pem -passout pass:random-root-CA-password-1420 1024 278s + openssl req -passin pass:random-root-CA-password-1420 -batch -config /tmp/sssd-softhsm2-ejg3vy/test-root-CA.config -x509 -new -nodes -key /tmp/sssd-softhsm2-ejg3vy/test-root-CA-key.pem -sha256 -days 1024 -set_serial 0 -extensions v3_ca -out /tmp/sssd-softhsm2-ejg3vy/test-root-CA.pem 278s + openssl x509 -noout -in /tmp/sssd-softhsm2-ejg3vy/test-root-CA.pem 278s + cat 278s + intermediate_ca_key_pass=pass:random-intermediate-CA-password-10703 278s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-ejg3vy/test-intermediate-CA-key.pem -passout pass:random-intermediate-CA-password-10703 1024 278s + openssl req -batch -new -nodes -passin pass:random-intermediate-CA-password-10703 -config /tmp/sssd-softhsm2-ejg3vy/test-intermediate-CA.config -key /tmp/sssd-softhsm2-ejg3vy/test-intermediate-CA-key.pem -passout pass:random-root-CA-password-1420 -sha256 -extensions v3_ca -out /tmp/sssd-softhsm2-ejg3vy/test-intermediate-CA-certificate-request.pem 278s + openssl req -text -noout -in /tmp/sssd-softhsm2-ejg3vy/test-intermediate-CA-certificate-request.pem 278s Certificate Request: 278s Data: 278s Version: 1 (0x0) 278s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 278s Subject Public Key Info: 278s Public Key Algorithm: rsaEncryption 278s Public-Key: (1024 bit) 278s Modulus: 278s 00:d9:ac:aa:4b:3a:21:ed:bd:99:77:5a:5c:13:b0: 278s 4b:3a:92:e6:65:a3:fd:51:74:a7:35:96:7e:d3:80: 278s 36:af:f7:51:5d:4b:26:96:24:31:c4:e2:42:ee:b3: 278s bd:44:4a:e8:98:e1:d3:42:92:67:53:24:c1:49:86: 278s df:14:5f:9f:00:b5:b0:60:ab:93:cc:19:20:87:da: 278s cb:5e:77:c6:a5:0c:78:5b:23:bb:0e:0a:29:b1:d0: 278s 96:15:ea:fd:13:5b:c4:ef:21:cf:74:6f:ab:8d:8f: 278s 5a:e1:31:e7:fc:9b:df:8f:29:4c:f7:b9:4e:97:14: 278s 7b:ea:1f:7c:a5:0b:c6:2d:23 278s Exponent: 65537 (0x10001) 278s Attributes: 278s (none) 278s Requested Extensions: 278s Signature Algorithm: sha256WithRSAEncryption 278s Signature Value: 278s 4d:05:01:80:bf:d7:cf:0b:bb:ee:94:69:3e:1b:eb:c6:51:6f: 278s ec:18:00:1c:f2:b5:5f:58:98:4f:52:4e:7c:56:ce:07:ef:44: 278s 32:d3:b4:03:54:1d:a9:e4:10:04:8e:34:1b:02:e0:bf:e5:30: 278s 8f:c1:ce:38:a2:59:ff:65:c4:40:20:c0:56:01:e8:35:4f:eb: 278s f6:38:d2:17:9a:81:a6:d5:cd:c3:77:85:d0:95:dd:77:40:87: 278s 7f:01:f9:86:28:a9:55:c5:64:d6:f7:c5:7e:15:33:9e:1f:c4: 278s 3f:23:d9:cf:6a:39:41:af:fe:5a:8a:f0:b3:82:9f:90:b7:98: 278s 89:06 278s + openssl ca -batch -notext -config /tmp/sssd-softhsm2-ejg3vy/test-root-CA.config -passin pass:random-root-CA-password-1420 -keyfile /tmp/sssd-softhsm2-ejg3vy/test-root-CA-key.pem -in /tmp/sssd-softhsm2-ejg3vy/test-intermediate-CA-certificate-request.pem -days 365 -extensions v3_intermediate_ca -out /tmp/sssd-softhsm2-ejg3vy/test-intermediate-CA.pem 278s Using configuration from /tmp/sssd-softhsm2-ejg3vy/test-root-CA.config 278s Check that the request matches the signature 278s Signature ok 278s Certificate Details: 278s Serial Number: 1 (0x1) 278s Validity 278s Not Before: Jun 14 17:05:37 2024 GMT 278s Not After : Jun 14 17:05:37 2025 GMT 278s Subject: 278s organizationName = Test Organization 278s organizationalUnitName = Test Organization Unit 278s commonName = Test Organization Intermediate CA 278s X509v3 extensions: 278s X509v3 Subject Key Identifier: 278s 8A:28:25:6A:AA:3D:95:2F:7D:FE:42:B9:DF:3F:C1:25:C2:9B:DC:06 278s X509v3 Authority Key Identifier: 278s keyid:95:F2:FA:D5:DE:25:EA:7C:77:C1:BB:C3:F5:B9:90:01:98:E0:94:D5 278s DirName:/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root CA 278s serial:00 278s X509v3 Basic Constraints: 278s CA:TRUE 278s X509v3 Key Usage: critical 278s Digital Signature, Certificate Sign, CRL Sign 278s Certificate is to be certified until Jun 14 17:05:37 2025 GMT (365 days) 278s 278s Write out database with 1 new entries 278s Database updated 278s + openssl x509 -noout -in /tmp/sssd-softhsm2-ejg3vy/test-intermediate-CA.pem 278s + openssl verify -CAfile /tmp/sssd-softhsm2-ejg3vy/test-root-CA.pem /tmp/sssd-softhsm2-ejg3vy/test-intermediate-CA.pem 278s /tmp/sssd-softhsm2-ejg3vy/test-intermediate-CA.pem: OK 278s + cat 278s + sub_intermediate_ca_key_pass=pass:random-sub-intermediate-CA-password-18470 278s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-ejg3vy/test-sub-intermediate-CA-key.pem -passout pass:random-sub-intermediate-CA-password-18470 1024 278s + openssl req -batch -new -nodes -passin pass:random-sub-intermediate-CA-password-18470 -config /tmp/sssd-softhsm2-ejg3vy/test-sub-intermediate-CA.config -key /tmp/sssd-softhsm2-ejg3vy/test-sub-intermediate-CA-key.pem -passout pass:random-intermediate-CA-password-10703 -sha256 -extensions v3_ca -out /tmp/sssd-softhsm2-ejg3vy/test-sub-intermediate-CA-certificate-request.pem 278s + openssl req -text -noout -in /tmp/sssd-softhsm2-ejg3vy/test-sub-intermediate-CA-certificate-request.pem 278s Certificate Request: 278s Data: 278s Version: 1 (0x0) 278s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 278s Subject Public Key Info: 278s Public Key Algorithm: rsaEncryption 278s Public-Key: (1024 bit) 278s Modulus: 278s 00:c1:04:e7:76:4b:ea:28:be:0a:d0:b4:9e:bc:fb: 278s 65:72:f8:49:d9:4d:d3:02:e6:4f:42:6d:32:b8:77: 278s 50:c3:95:34:41:d7:a0:c9:e5:d0:91:f2:5d:bc:38: 278s 9f:45:55:52:1a:38:19:d8:5b:50:5e:4b:15:bc:6c: 278s 76:aa:32:20:b4:54:cd:37:26:ff:5c:4e:86:c3:54: 278s 90:3b:82:87:c7:7a:cb:64:50:06:5b:22:a0:6c:ca: 278s ff:0d:8e:cf:c6:15:fc:93:4b:56:7e:f8:58:b7:1e: 278s ca:e1:de:3d:1c:1c:60:63:8f:42:73:78:5d:3e:86: 278s fb:b1:ed:e7:e5:a2:7b:13:97 278s Exponent: 65537 (0x10001) 278s Attributes: 278s (none) 278s Requested Extensions: 278s Signature Algorithm: sha256WithRSAEncryption 278s Signature Value: 278s 51:7a:78:43:3f:9e:76:dc:b2:15:88:bd:e7:4d:bf:2f:87:d2: 278s d9:9a:1f:29:79:02:cb:d2:50:26:96:39:cb:f3:f2:4c:3d:de: 278s 44:e8:03:0c:55:a3:f8:51:be:f8:db:01:4f:3b:cd:c0:9e:29: 278s 04:ff:1e:19:40:2b:6c:0b:f5:90:b7:cc:f9:e2:e0:e9:98:e8: 278s b7:7a:a7:19:ab:01:9e:6b:93:2e:8b:8e:94:30:77:96:71:17: 278s aa:cc:13:39:cc:f6:3d:5e:6d:4e:e9:34:93:4f:b9:f1:72:78: 278s 61:dc:df:fd:6c:56:e7:2a:3c:0a:1a:e0:5c:e6:01:a4:ba:55: 278s 45:2e 278s + openssl ca -batch -notext -config /tmp/sssd-softhsm2-ejg3vy/test-intermediate-CA.config -passin pass:random-intermediate-CA-password-10703 -keyfile /tmp/sssd-softhsm2-ejg3vy/test-intermediate-CA-key.pem -in /tmp/sssd-softhsm2-ejg3vy/test-sub-intermediate-CA-certificate-request.pem -days 365 -extensions v3_intermediate_ca -out /tmp/sssd-softhsm2-ejg3vy/test-sub-intermediate-CA.pem 279s Using configuration from /tmp/sssd-softhsm2-ejg3vy/test-intermediate-CA.config 279s Check that the request matches the signature 279s Signature ok 279s Certificate Details: 279s Serial Number: 2 (0x2) 279s Validity 279s Not Before: Jun 14 17:05:37 2024 GMT 279s Not After : Jun 14 17:05:37 2025 GMT 279s Subject: 279s organizationName = Test Organization 279s organizationalUnitName = Test Organization Unit 279s commonName = Test Organization Sub Intermediate CA 279s X509v3 extensions: 279s X509v3 Subject Key Identifier: 279s 3D:0C:3B:AB:15:47:56:34:3B:71:81:7F:9C:CA:8C:79:25:B1:7D:DF 279s X509v3 Authority Key Identifier: 279s keyid:8A:28:25:6A:AA:3D:95:2F:7D:FE:42:B9:DF:3F:C1:25:C2:9B:DC:06 279s DirName:/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root CA 279s serial:01 279s X509v3 Basic Constraints: 279s CA:TRUE 279s X509v3 Key Usage: critical 279s Digital Signature, Certificate Sign, CRL Sign 279s Certificate is to be certified until Jun 14 17:05:37 2025 GMT (365 days) 279s 279s Write out database with 1 new entries 279s Database updated 279s + openssl x509 -noout -in /tmp/sssd-softhsm2-ejg3vy/test-sub-intermediate-CA.pem 279s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-ejg3vy/test-intermediate-CA.pem /tmp/sssd-softhsm2-ejg3vy/test-sub-intermediate-CA.pem 279s /tmp/sssd-softhsm2-ejg3vy/test-sub-intermediate-CA.pem: OK 279s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-ejg3vy/test-root-CA.pem /tmp/sssd-softhsm2-ejg3vy/test-sub-intermediate-CA.pem 279s + local cmd=openssl 279s + shift 279s + openssl verify -CAfile /tmp/sssd-softhsm2-ejg3vy/test-root-CA.pem /tmp/sssd-softhsm2-ejg3vy/test-sub-intermediate-CA.pem 279s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 279s error 20 at 0 depth lookup: unable to get local issuer certificate 279s error /tmp/sssd-softhsm2-ejg3vy/test-sub-intermediate-CA.pem: verification failed 279s + cat 279s + root_ca_trusted_cert_0001_key_pass=pass:random-root-ca-trusted-cert-0001-30035 279s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-ejg3vy/test-root-CA-trusted-certificate-0001-key.pem -passout pass:random-root-ca-trusted-cert-0001-30035 1024 279s + openssl req -new -nodes -reqexts req_exts -passin pass:random-root-ca-trusted-cert-0001-30035 -key /tmp/sssd-softhsm2-ejg3vy/test-root-CA-trusted-certificate-0001-key.pem -config /tmp/sssd-softhsm2-ejg3vy/test-root-CA-trusted-certificate-0001.config -out /tmp/sssd-softhsm2-ejg3vy/test-root-CA-trusted-certificate-0001-request.pem 279s + openssl req -text -noout -in /tmp/sssd-softhsm2-ejg3vy/test-root-CA-trusted-certificate-0001-request.pem 279s Certificate Request: 279s Data: 279s Version: 1 (0x0) 279s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 279s Subject Public Key Info: 279s Public Key Algorithm: rsaEncryption 279s Public-Key: (1024 bit) 279s Modulus: 279s 00:c4:34:f6:0b:ac:73:68:02:8a:fa:6b:50:57:af: 279s ce:49:98:89:54:20:6f:ee:57:44:b9:23:ce:59:e2: 279s 6d:72:b8:b7:c6:16:27:1d:87:b4:8d:fe:5d:2d:10: 279s b4:ce:ec:9a:00:9c:0b:53:61:6d:b4:6b:fb:7a:bd: 279s 97:08:d0:39:e1:a9:44:f1:ee:08:e5:b3:ef:93:8a: 279s ae:24:df:47:4a:1d:5c:21:9e:e4:fd:19:13:c5:53: 279s 0d:d8:0d:33:e7:42:ae:f6:00:8b:07:2a:ce:b3:86: 279s ee:73:cc:b3:7f:37:73:29:7b:b4:11:f5:5d:98:43: 279s 98:90:90:36:e9:b6:c0:78:17 279s Exponent: 65537 (0x10001) 279s Attributes: 279s Requested Extensions: 279s X509v3 Basic Constraints: 279s CA:FALSE 279s Netscape Cert Type: 279s SSL Client, S/MIME 279s Netscape Comment: 279s Test Organization Root CA trusted Certificate 279s X509v3 Subject Key Identifier: 279s C6:02:35:4F:5D:6F:CF:22:9D:D3:E0:A8:6E:75:1E:EF:EC:2B:76:6B 279s X509v3 Key Usage: critical 279s Digital Signature, Non Repudiation, Key Encipherment 279s X509v3 Extended Key Usage: 279s TLS Web Client Authentication, E-mail Protection 279s X509v3 Subject Alternative Name: 279s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 279s Signature Algorithm: sha256WithRSAEncryption 279s Signature Value: 279s 43:0a:d3:83:d0:d2:d4:12:51:b2:30:1a:75:96:92:a8:56:93: 279s 9e:67:57:cf:48:09:62:03:da:d3:6c:f4:5e:52:3f:73:34:f1: 279s 89:af:8a:ef:47:3d:4d:15:61:b4:ad:b5:98:ab:5e:fc:41:93: 279s ef:e1:1e:3d:ca:fd:77:9f:d8:05:2a:ab:f8:29:9d:3c:f5:a8: 279s af:26:57:48:02:34:ad:92:d2:45:b7:f3:08:69:0d:f5:65:52: 279s 18:5b:ba:5e:97:63:b8:c9:11:98:23:79:cd:02:f5:24:3f:50: 279s cf:c0:d3:b2:0a:0c:86:24:d3:7e:40:fe:5e:1f:da:9d:1f:4a: 279s 7b:60 279s + openssl ca -batch -notext -config /tmp/sssd-softhsm2-ejg3vy/test-root-CA.config -passin pass:random-root-CA-password-1420 -keyfile /tmp/sssd-softhsm2-ejg3vy/test-root-CA-key.pem -in /tmp/sssd-softhsm2-ejg3vy/test-root-CA-trusted-certificate-0001-request.pem -days 365 -extensions usr_cert -out /tmp/sssd-softhsm2-ejg3vy/test-root-CA-trusted-certificate-0001.pem 279s Using configuration from /tmp/sssd-softhsm2-ejg3vy/test-root-CA.config 279s Check that the request matches the signature 279s Signature ok 279s Certificate Details: 279s Serial Number: 3 (0x3) 279s Validity 279s Not Before: Jun 14 17:05:38 2024 GMT 279s Not After : Jun 14 17:05:38 2025 GMT 279s Subject: 279s organizationName = Test Organization 279s organizationalUnitName = Test Organization Unit 279s commonName = Test Organization Root Trusted Certificate 0001 279s X509v3 extensions: 279s X509v3 Authority Key Identifier: 279s 95:F2:FA:D5:DE:25:EA:7C:77:C1:BB:C3:F5:B9:90:01:98:E0:94:D5 279s X509v3 Basic Constraints: 279s CA:FALSE 279s Netscape Cert Type: 279s SSL Client, S/MIME 279s Netscape Comment: 279s Test Organization Root CA trusted Certificate 279s X509v3 Subject Key Identifier: 279s C6:02:35:4F:5D:6F:CF:22:9D:D3:E0:A8:6E:75:1E:EF:EC:2B:76:6B 279s X509v3 Key Usage: critical 279s Digital Signature, Non Repudiation, Key Encipherment 279s X509v3 Extended Key Usage: 279s TLS Web Client Authentication, E-mail Protection 279s X509v3 Subject Alternative Name: 279s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 279s Certificate is to be certified until Jun 14 17:05:38 2025 GMT (365 days) 279s 279s Write out database with 1 new entries 279s Database updated 279s + openssl x509 -noout -in /tmp/sssd-softhsm2-ejg3vy/test-root-CA-trusted-certificate-0001.pem 279s + openssl verify -CAfile /tmp/sssd-softhsm2-ejg3vy/test-root-CA.pem /tmp/sssd-softhsm2-ejg3vy/test-root-CA-trusted-certificate-0001.pem 279s /tmp/sssd-softhsm2-ejg3vy/test-root-CA-trusted-certificate-0001.pem: OK 279s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-ejg3vy/test-intermediate-CA.pem /tmp/sssd-softhsm2-ejg3vy/test-root-CA-trusted-certificate-0001.pem 279s + local cmd=openssl 279s + shift 279s + openssl verify -CAfile /tmp/sssd-softhsm2-ejg3vy/test-intermediate-CA.pem /tmp/sssd-softhsm2-ejg3vy/test-root-CA-trusted-certificate-0001.pem 279s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 279s error 20 at 0 depth lookup: unable to get local issuer certificate 279s error /tmp/sssd-softhsm2-ejg3vy/test-root-CA-trusted-certificate-0001.pem: verification failed 279s + cat 279s + intermediate_ca_trusted_cert_0001_key_pass=pass:random-intermediate-ca-trusted-cert-0001-29806 279s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-ejg3vy/test-intermediate-CA-trusted-certificate-0001-key.pem -passout pass:random-intermediate-ca-trusted-cert-0001-29806 1024 279s + openssl req -new -nodes -reqexts req_exts -passin pass:random-intermediate-ca-trusted-cert-0001-29806 -key /tmp/sssd-softhsm2-ejg3vy/test-intermediate-CA-trusted-certificate-0001-key.pem -config /tmp/sssd-softhsm2-ejg3vy/test-intermediate-CA-trusted-certificate-0001.config -out /tmp/sssd-softhsm2-ejg3vy/test-intermediate-CA-trusted-certificate-0001-request.pem 279s + openssl req -text -noout -in /tmp/sssd-softhsm2-ejg3vy/test-intermediate-CA-trusted-certificate-0001-request.pem 279s + openssl ca -passin pass:random-intermediate-CA-password-10703 -config /tmp/sssd-softhsm2-ejg3vy/test-intermediate-CA.config -batch -notext -keyfile /tmp/sssd-softhsm2-ejg3vy/test-intermediate-CA-key.pem -in /tmp/sssd-softhsm2-ejg3vy/test-intermediate-CA-trusted-certificate-0001-request.pem -days 365 -extensions usr_cert -out /tmp/sssd-softhsm2-ejg3vy/test-intermediate-CA-trusted-certificate-0001.pem 279s Certificate Request: 279s Data: 279s Version: 1 (0x0) 279s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 279s Subject Public Key Info: 279s Public Key Algorithm: rsaEncryption 279s Public-Key: (1024 bit) 279s Modulus: 279s 00:f0:4a:cd:6d:eb:24:a8:20:ef:98:c1:ee:05:b8: 279s b1:fc:6f:f9:88:c8:62:62:97:ca:ee:6f:4f:67:34: 279s 98:fe:6a:70:cd:57:fe:15:23:18:c8:00:31:56:e3: 279s 1d:01:58:c9:85:50:7c:a4:cf:11:66:ce:05:28:5a: 279s 02:72:d1:30:c0:3d:33:48:a7:41:f6:b0:42:f1:07: 279s db:49:ce:18:5f:5b:f8:d2:6f:99:d8:2e:f1:a2:fb: 279s 65:04:4a:ed:ec:44:45:07:23:4b:2d:e4:16:6d:2b: 279s 4c:72:57:ab:44:fd:f9:ed:03:bb:d7:4b:08:60:c8: 279s 66:35:2b:0f:5b:73:23:aa:cf 279s Exponent: 65537 (0x10001) 279s Attributes: 279s Requested Extensions: 279s X509v3 Basic Constraints: 279s CA:FALSE 279s Netscape Cert Type: 279s SSL Client, S/MIME 279s Netscape Comment: 279s Test Organization Intermediate CA trusted Certificate 279s X509v3 Subject Key Identifier: 279s 79:83:81:DF:56:FE:E0:C3:D7:83:85:7D:39:D7:C6:5F:0F:04:F3:58 279s X509v3 Key Usage: critical 279s Digital Signature, Non Repudiation, Key Encipherment 279s X509v3 Extended Key Usage: 279s TLS Web Client Authentication, E-mail Protection 279s X509v3 Subject Alternative Name: 279s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 279s Signature Algorithm: sha256WithRSAEncryption 279s Signature Value: 279s be:ac:43:17:fa:46:a0:df:5e:88:b9:8a:c2:fd:56:3a:48:bd: 279s f5:ef:4e:ae:4d:68:7a:ec:6e:39:ab:1e:80:cf:2a:82:f5:82: 279s 75:1c:65:ee:d4:b2:0d:ef:4e:42:1d:0c:34:a7:ac:e1:3e:bb: 279s 8a:33:e6:9b:95:34:4f:03:1c:01:fd:74:4f:93:e7:ae:54:bf: 279s 42:3f:b4:0a:57:17:70:0d:04:c7:48:d1:63:bb:94:3f:e0:b8: 279s aa:0c:11:93:c2:c5:dc:38:84:91:a4:d9:44:9f:25:b3:4a:83: 279s ff:31:3a:64:ab:e4:a5:0e:67:a2:e9:52:31:4e:ac:30:c7:b7: 279s 8e:60 279s Using configuration from /tmp/sssd-softhsm2-ejg3vy/test-intermediate-CA.config 279s Check that the request matches the signature 279s Signature ok 279s Certificate Details: 279s Serial Number: 4 (0x4) 279s Validity 279s Not Before: Jun 14 17:05:38 2024 GMT 279s Not After : Jun 14 17:05:38 2025 GMT 279s Subject: 279s organizationName = Test Organization 279s organizationalUnitName = Test Organization Unit 279s commonName = Test Organization Intermediate Trusted Certificate 0001 279s X509v3 extensions: 279s X509v3 Authority Key Identifier: 279s 8A:28:25:6A:AA:3D:95:2F:7D:FE:42:B9:DF:3F:C1:25:C2:9B:DC:06 279s X509v3 Basic Constraints: 279s CA:FALSE 279s Netscape Cert Type: 279s SSL Client, S/MIME 279s Netscape Comment: 279s Test Organization Intermediate CA trusted Certificate 279s X509v3 Subject Key Identifier: 279s 79:83:81:DF:56:FE:E0:C3:D7:83:85:7D:39:D7:C6:5F:0F:04:F3:58 279s X509v3 Key Usage: critical 279s Digital Signature, Non Repudiation, Key Encipherment 279s X509v3 Extended Key Usage: 279s TLS Web Client Authentication, E-mail Protection 279s X509v3 Subject Alternative Name: 279s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 279s Certificate is to be certified until Jun 14 17:05:38 2025 GMT (365 days) 279s 279s Write out database with 1 new entries 279s Database updated 279s + openssl x509 -noout -in /tmp/sssd-softhsm2-ejg3vy/test-intermediate-CA-trusted-certificate-0001.pem 279s + echo 'This certificate should not be trusted fully' 279s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-ejg3vy/test-intermediate-CA.pem /tmp/sssd-softhsm2-ejg3vy/test-intermediate-CA-trusted-certificate-0001.pem 279s + local cmd=openssl 279s + shift 279s + openssl verify -CAfile /tmp/sssd-softhsm2-ejg3vy/test-intermediate-CA.pem /tmp/sssd-softhsm2-ejg3vy/test-intermediate-CA-trusted-certificate-0001.pem 279s This certificate should not be trusted fully 279s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 279s error 2 at 1 depth lookup: unable to get issuer certificate 279s error /tmp/sssd-softhsm2-ejg3vy/test-intermediate-CA-trusted-certificate-0001.pem: verification failed 279s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-ejg3vy/test-intermediate-CA.pem /tmp/sssd-softhsm2-ejg3vy/test-intermediate-CA-trusted-certificate-0001.pem 279s /tmp/sssd-softhsm2-ejg3vy/test-intermediate-CA-trusted-certificate-0001.pem: OK 279s + cat 279s + sub_intermediate_ca_trusted_cert_0001_key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-18367 279s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-ejg3vy/test-sub-intermediate-CA-trusted-certificate-0001-key.pem -passout pass:random-sub-intermediate-ca-trusted-cert-0001-18367 1024 279s + openssl req -new -nodes -reqexts req_exts -passin pass:random-sub-intermediate-ca-trusted-cert-0001-18367 -key /tmp/sssd-softhsm2-ejg3vy/test-sub-intermediate-CA-trusted-certificate-0001-key.pem -config /tmp/sssd-softhsm2-ejg3vy/test-sub-intermediate-CA-trusted-certificate-0001.config -out /tmp/sssd-softhsm2-ejg3vy/test-sub-intermediate-CA-trusted-certificate-0001-request.pem 279s + openssl req -text -noout -in /tmp/sssd-softhsm2-ejg3vy/test-sub-intermediate-CA-trusted-certificate-0001-request.pem 279s + openssl ca -passin pass:random-sub-intermediate-CA-password-18470 -config /tmp/sssd-softhsm2-ejg3vy/test-sub-intermediate-CA.config -batch -notext -keyfile /tmp/sssd-softhsm2-ejg3vy/test-sub-intermediate-CA-key.pem -in /tmp/sssd-softhsm2-ejg3vy/test-sub-intermediate-CA-trusted-certificate-0001-request.pem -days 365 -extensions usr_cert -out /tmp/sssd-softhsm2-ejg3vy/test-sub-intermediate-CA-trusted-certificate-0001.pem 279s Certificate Request: 279s Data: 279s Version: 1 (0x0) 279s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 279s Subject Public Key Info: 279s Public Key Algorithm: rsaEncryption 279s Public-Key: (1024 bit) 279s Modulus: 279s 00:b0:a4:d9:6b:2f:82:5c:f2:90:ba:89:fa:50:e5: 279s 14:5e:66:5c:f9:7e:fb:88:cd:42:c6:00:7a:61:e6: 279s 72:f8:aa:16:32:2c:08:b5:e4:76:65:2c:30:64:fb: 279s cd:b7:84:fe:1d:be:33:0d:b3:89:2f:e0:81:8b:93: 279s 07:a7:0f:25:f8:06:c2:19:5b:96:4d:84:bf:84:34: 279s ec:70:e2:95:c7:04:d3:89:de:fa:b7:ed:6f:0c:71: 279s 59:0f:1f:d2:e8:2f:41:91:e7:79:66:98:59:f5:31: 279s 43:67:e7:c6:a3:40:9a:1b:79:fe:2b:7c:c5:3a:17: 279s 47:9f:e9:5b:7e:fa:d2:5c:a5 279s Exponent: 65537 (0x10001) 279s Attributes: 279s Requested Extensions: 279s X509v3 Basic Constraints: 279s CA:FALSE 279s Netscape Cert Type: 279s SSL Client, S/MIME 279s Netscape Comment: 279s Test Organization Sub Intermediate CA trusted Certificate 279s X509v3 Subject Key Identifier: 279s 22:91:B6:05:16:F4:2B:46:71:84:8E:04:ED:F2:FC:A3:00:40:ED:AA 279s X509v3 Key Usage: critical 279s Digital Signature, Non Repudiation, Key Encipherment 279s X509v3 Extended Key Usage: 279s TLS Web Client Authentication, E-mail Protection 279s X509v3 Subject Alternative Name: 279s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 279s Signature Algorithm: sha256WithRSAEncryption 279s Signature Value: 279s a6:5b:ff:74:87:82:0a:52:5d:1e:ab:59:a9:f5:48:c9:1a:be: 279s 39:30:f8:a5:38:1d:62:84:d6:08:d0:27:86:d6:2c:dd:51:c5: 279s c5:c0:8a:d4:19:fe:cd:21:2f:99:f1:6d:29:50:a5:97:c0:cb: 279s 0f:4d:ab:2c:59:36:54:62:84:ed:4b:6a:1d:53:31:f1:fa:48: 279s 82:e3:a2:d2:38:a6:a3:c2:4a:e3:17:76:31:31:f3:71:ae:06: 279s 46:7b:e5:02:94:d6:44:0c:40:89:2c:4e:72:3a:d9:bd:a5:0d: 279s f9:b0:f6:02:a5:c1:12:9f:02:28:66:20:ba:c0:d6:42:48:99: 279s d5:fc 279s Using configuration from /tmp/sssd-softhsm2-ejg3vy/test-sub-intermediate-CA.config 279s Check that the request matches the signature 279s Signature ok 279s Certificate Details: 279s Serial Number: 5 (0x5) 279s Validity 279s Not Before: Jun 14 17:05:38 2024 GMT 279s Not After : Jun 14 17:05:38 2025 GMT 279s Subject: 279s organizationName = Test Organization 279s organizationalUnitName = Test Organization Unit 279s commonName = Test Organization Sub Intermediate Trusted Certificate 0001 279s X509v3 extensions: 279s X509v3 Authority Key Identifier: 279s 3D:0C:3B:AB:15:47:56:34:3B:71:81:7F:9C:CA:8C:79:25:B1:7D:DF 279s X509v3 Basic Constraints: 279s CA:FALSE 279s Netscape Cert Type: 279s SSL Client, S/MIME 279s Netscape Comment: 279s Test Organization Sub Intermediate CA trusted Certificate 279s X509v3 Subject Key Identifier: 279s 22:91:B6:05:16:F4:2B:46:71:84:8E:04:ED:F2:FC:A3:00:40:ED:AA 279s X509v3 Key Usage: critical 279s Digital Signature, Non Repudiation, Key Encipherment 279s X509v3 Extended Key Usage: 279s TLS Web Client Authentication, E-mail Protection 279s X509v3 Subject Alternative Name: 279s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 279s Certificate is to be certified until Jun 14 17:05:38 2025 GMT (365 days) 279s 279s Write out database with 1 new entries 279s Database updated 279s + openssl x509 -noout -in /tmp/sssd-softhsm2-ejg3vy/test-sub-intermediate-CA-trusted-certificate-0001.pem 279s This certificate should not be trusted fully 279s + echo 'This certificate should not be trusted fully' 279s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-ejg3vy/test-sub-intermediate-CA.pem /tmp/sssd-softhsm2-ejg3vy/test-sub-intermediate-CA-trusted-certificate-0001.pem 279s + local cmd=openssl 279s + shift 279s + openssl verify -CAfile /tmp/sssd-softhsm2-ejg3vy/test-sub-intermediate-CA.pem /tmp/sssd-softhsm2-ejg3vy/test-sub-intermediate-CA-trusted-certificate-0001.pem 279s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 279s error 2 at 1 depth lookup: unable to get issuer certificate 279s error /tmp/sssd-softhsm2-ejg3vy/test-sub-intermediate-CA-trusted-certificate-0001.pem: verification failed 279s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-ejg3vy/test-intermediate-CA.pem /tmp/sssd-softhsm2-ejg3vy/test-sub-intermediate-CA-trusted-certificate-0001.pem 279s + local cmd=openssl 279s + shift 279s + openssl verify -CAfile /tmp/sssd-softhsm2-ejg3vy/test-intermediate-CA.pem /tmp/sssd-softhsm2-ejg3vy/test-sub-intermediate-CA-trusted-certificate-0001.pem 279s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 279s error 20 at 0 depth lookup: unable to get local issuer certificate 279s error /tmp/sssd-softhsm2-ejg3vy/test-sub-intermediate-CA-trusted-certificate-0001.pem: verification failed 279s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-ejg3vy/test-sub-intermediate-CA.pem /tmp/sssd-softhsm2-ejg3vy/test-sub-intermediate-CA-trusted-certificate-0001.pem 279s /tmp/sssd-softhsm2-ejg3vy/test-sub-intermediate-CA-trusted-certificate-0001.pem: OK 279s + expect_fail openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-ejg3vy/test-intermediate-CA.pem /tmp/sssd-softhsm2-ejg3vy/test-sub-intermediate-CA-trusted-certificate-0001.pem 279s + local cmd=openssl 279s + shift 279s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-ejg3vy/test-intermediate-CA.pem /tmp/sssd-softhsm2-ejg3vy/test-sub-intermediate-CA-trusted-certificate-0001.pem 279s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 279s error 20 at 0 depth lookup: unable to get local issuer certificate 279s error /tmp/sssd-softhsm2-ejg3vy/test-sub-intermediate-CA-trusted-certificate-0001.pem: verification failed 279s + echo 'Building a the full-chain CA file...' 279s + cat /tmp/sssd-softhsm2-ejg3vy/test-root-CA.pem /tmp/sssd-softhsm2-ejg3vy/test-intermediate-CA.pem /tmp/sssd-softhsm2-ejg3vy/test-sub-intermediate-CA.pem 279s Building a the full-chain CA file... 279s + cat /tmp/sssd-softhsm2-ejg3vy/test-root-CA.pem /tmp/sssd-softhsm2-ejg3vy/test-intermediate-CA.pem 279s + cat /tmp/sssd-softhsm2-ejg3vy/test-intermediate-CA.pem /tmp/sssd-softhsm2-ejg3vy/test-sub-intermediate-CA.pem 279s + openssl crl2pkcs7 -nocrl -certfile /tmp/sssd-softhsm2-ejg3vy/test-full-chain-CA.pem 279s + openssl pkcs7 -print_certs -noout 279s subject=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 279s issuer=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 279s 279s subject=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 279s issuer=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 279s 279s subject=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 279s issuer=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 279s 279s + openssl verify -CAfile /tmp/sssd-softhsm2-ejg3vy/test-full-chain-CA.pem /tmp/sssd-softhsm2-ejg3vy/test-intermediate-CA.pem 279s /tmp/sssd-softhsm2-ejg3vy/test-intermediate-CA.pem: OK 279s + openssl verify -CAfile /tmp/sssd-softhsm2-ejg3vy/test-full-chain-CA.pem /tmp/sssd-softhsm2-ejg3vy/test-root-CA-trusted-certificate-0001.pem 279s /tmp/sssd-softhsm2-ejg3vy/test-root-CA-trusted-certificate-0001.pem: OK 279s + openssl verify -CAfile /tmp/sssd-softhsm2-ejg3vy/test-full-chain-CA.pem /tmp/sssd-softhsm2-ejg3vy/test-intermediate-CA-trusted-certificate-0001.pem 279s /tmp/sssd-softhsm2-ejg3vy/test-intermediate-CA-trusted-certificate-0001.pem: OK 279s + openssl verify -CAfile /tmp/sssd-softhsm2-ejg3vy/test-full-chain-CA.pem /tmp/sssd-softhsm2-ejg3vy/test-root-intermediate-chain-CA.pem 279s /tmp/sssd-softhsm2-ejg3vy/test-root-intermediate-chain-CA.pem: OK 279s + openssl verify -CAfile /tmp/sssd-softhsm2-ejg3vy/test-full-chain-CA.pem /tmp/sssd-softhsm2-ejg3vy/test-sub-intermediate-CA-trusted-certificate-0001.pem 279s /tmp/sssd-softhsm2-ejg3vy/test-sub-intermediate-CA-trusted-certificate-0001.pem: OK 279s + echo 'Certificates generation completed!' 279s + [[ -v NO_SSSD_TESTS ]] 279s + invalid_certificate /tmp/sssd-softhsm2-ejg3vy/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-30035 /dev/null 279s + check_certificate /tmp/sssd-softhsm2-ejg3vy/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-30035 /dev/null 279s + local certificate=/tmp/sssd-softhsm2-ejg3vy/test-root-CA-trusted-certificate-0001.pem 279s + local key_pass=pass:random-root-ca-trusted-cert-0001-30035 279s + local key_ring=/dev/null 279s + local verify_option= 279s + prepare_softhsm2_card /tmp/sssd-softhsm2-ejg3vy/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-30035 279s + local certificate=/tmp/sssd-softhsm2-ejg3vy/test-root-CA-trusted-certificate-0001.pem 279s + local key_pass=pass:random-root-ca-trusted-cert-0001-30035 279s + local key_cn 279s Certificates generation completed! 279s + local key_name 279s + local tokens_dir 279s + local output_cert_file 279s + token_name= 279s ++ basename /tmp/sssd-softhsm2-ejg3vy/test-root-CA-trusted-certificate-0001.pem .pem 279s + key_name=test-root-CA-trusted-certificate-0001 279s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-ejg3vy/test-root-CA-trusted-certificate-0001.pem 279s ++ sed -n 's/ *commonName *= //p' 279s + key_cn='Test Organization Root Trusted Certificate 0001' 279s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 279s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-ejg3vy/softhsm2-test-root-CA-trusted-certificate-0001.conf 279s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-ejg3vy/softhsm2-test-root-CA-trusted-certificate-0001.conf 279s ++ basename /tmp/sssd-softhsm2-ejg3vy/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 279s + tokens_dir=/tmp/sssd-softhsm2-ejg3vy/softhsm2-test-root-CA-trusted-certificate-0001 279s + token_name='Test Organization Root Tr Token' 279s + '[' '!' -e /tmp/sssd-softhsm2-ejg3vy/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 279s + local key_file 279s + local decrypted_key 279s + mkdir -p /tmp/sssd-softhsm2-ejg3vy/softhsm2-test-root-CA-trusted-certificate-0001 279s + key_file=/tmp/sssd-softhsm2-ejg3vy/test-root-CA-trusted-certificate-0001-key.pem 279s + decrypted_key=/tmp/sssd-softhsm2-ejg3vy/test-root-CA-trusted-certificate-0001-key-decrypted.pem 279s + cat 279s + softhsm2-util --init-token --label 'Test Organization Root Tr Token' --pin 053350 --so-pin 053350 --free 279s Slot 0 has a free/uninitialized token. 279s The token has been initialized and is reassigned to slot 721022173 279s + softhsm2-util --show-slots 279s Available slots: 279s Slot 721022173 279s Slot info: 279s Description: SoftHSM slot ID 0x2af9ecdd 279s Manufacturer ID: SoftHSM project 279s Hardware version: 2.6 279s Firmware version: 2.6 279s Token present: yes 279s Token info: 279s Manufacturer ID: SoftHSM project 279s Model: SoftHSM v2 279s Hardware version: 2.6 279s Firmware version: 2.6 279s Serial number: 6aa493732af9ecdd 279s Initialized: yes 279s User PIN init.: yes 279s Label: Test Organization Root Tr Token 279s Slot 1 279s Slot info: 279s Description: SoftHSM slot ID 0x1 279s Manufacturer ID: SoftHSM project 279s Hardware version: 2.6 279s Firmware version: 2.6 279s Token present: yes 279s Token info: 279s Manufacturer ID: SoftHSM project 279s Model: SoftHSM v2 279s Hardware version: 2.6 279s Firmware version: 2.6 279s Serial number: 279s Initialized: no 279s User PIN init.: no 279s Label: 279s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=/tmp/sssd-softhsm2-ejg3vy/test-root-CA-trusted-certificate-0001.pem --login --set-pin=053350 --label 'Test Organization Root Trusted Certificate 0001' --id 00112233445566778899FFAABBCCDDEEFF012345 279s + openssl rsa -passin pass:random-root-ca-trusted-cert-0001-30035 -in /tmp/sssd-softhsm2-ejg3vy/test-root-CA-trusted-certificate-0001-key.pem -out /tmp/sssd-softhsm2-ejg3vy/test-root-CA-trusted-certificate-0001-key-decrypted.pem 279s writing RSA key 279s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --write --load-privkey=/tmp/sssd-softhsm2-ejg3vy/test-root-CA-trusted-certificate-0001-key-decrypted.pem --login --set-pin=053350 --label 'Test Organization Root Trusted Certificate 0001 Key' --id 00112233445566778899FFAABBCCDDEEFF012345 279s + rm /tmp/sssd-softhsm2-ejg3vy/test-root-CA-trusted-certificate-0001-key-decrypted.pem 279s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --list-all 279s Object 0: 279s URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=6aa493732af9ecdd;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert 279s Type: X.509 Certificate (RSA-1024) 279s Expires: Sat Jun 14 17:05:38 2025 279s Label: Test Organization Root Trusted Certificate 0001 279s ID: 00:11:22:33:44:55:66:77:88:99:ff:aa:bb:cc:dd:ee:ff:01:23:45 279s 279s + echo 'Test Organization Root Tr Token' 279s + '[' -n '' ']' 279s + local output_base_name=SSSD-child-13771 279s + local output_file=/tmp/sssd-softhsm2-ejg3vy/SSSD-child-13771.output 279s + output_cert_file=/tmp/sssd-softhsm2-ejg3vy/SSSD-child-13771.pem 279s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/dev/null 279s Test Organization Root Tr Token 279s [p11_child[3162]] [main] (0x0400): p11_child started. 279s [p11_child[3162]] [main] (0x2000): Running in [pre-auth] mode. 279s [p11_child[3162]] [main] (0x2000): Running with effective IDs: [0][0]. 279s [p11_child[3162]] [main] (0x2000): Running with real IDs [0][0]. 279s [p11_child[3162]] [init_verification] (0x0040): X509_LOOKUP_load_file [/dev/null] failed [92274824][error:05800088:x509 certificate routines::no certificate or crl found]. 279s [p11_child[3162]] [do_work] (0x0040): init_verification failed. 279s [p11_child[3162]] [main] (0x0020): p11_child failed (5) 279s + return 2 279s + valid_certificate /tmp/sssd-softhsm2-ejg3vy/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-30035 /dev/null no_verification 279s + check_certificate /tmp/sssd-softhsm2-ejg3vy/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-30035 /dev/null no_verification 279s + local certificate=/tmp/sssd-softhsm2-ejg3vy/test-root-CA-trusted-certificate-0001.pem 279s + local key_pass=pass:random-root-ca-trusted-cert-0001-30035 279s + local key_ring=/dev/null 279s + local verify_option=no_verification 279s + prepare_softhsm2_card /tmp/sssd-softhsm2-ejg3vy/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-30035 279s + local certificate=/tmp/sssd-softhsm2-ejg3vy/test-root-CA-trusted-certificate-0001.pem 279s + local key_pass=pass:random-root-ca-trusted-cert-0001-30035 279s + local key_cn 279s + local key_name 279s + local tokens_dir 279s + local output_cert_file 279s + token_name= 279s ++ basename /tmp/sssd-softhsm2-ejg3vy/test-root-CA-trusted-certificate-0001.pem .pem 279s + key_name=test-root-CA-trusted-certificate-0001 279s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-ejg3vy/test-root-CA-trusted-certificate-0001.pem 279s ++ sed -n 's/ *commonName *= //p' 279s + key_cn='Test Organization Root Trusted Certificate 0001' 279s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 279s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-ejg3vy/softhsm2-test-root-CA-trusted-certificate-0001.conf 279s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-ejg3vy/softhsm2-test-root-CA-trusted-certificate-0001.conf 279s ++ basename /tmp/sssd-softhsm2-ejg3vy/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 279s + tokens_dir=/tmp/sssd-softhsm2-ejg3vy/softhsm2-test-root-CA-trusted-certificate-0001 279s + token_name='Test Organization Root Tr Token' 279s + '[' '!' -e /tmp/sssd-softhsm2-ejg3vy/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 279s + '[' '!' -d /tmp/sssd-softhsm2-ejg3vy/softhsm2-test-root-CA-trusted-certificate-0001 ']' 279s + echo 'Test Organization Root Tr Token' 279s + '[' -n no_verification ']' 279s + local verify_arg=--verify=no_verification 279s + local output_base_name=SSSD-child-28251 279s + local output_file=/tmp/sssd-softhsm2-ejg3vy/SSSD-child-28251.output 279s + output_cert_file=/tmp/sssd-softhsm2-ejg3vy/SSSD-child-28251.pem 279s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --verify=no_verification --ca_db=/dev/null 279s Test Organization Root Tr Token 279s [p11_child[3168]] [main] (0x0400): p11_child started. 279s [p11_child[3168]] [main] (0x2000): Running in [pre-auth] mode. 279s [p11_child[3168]] [main] (0x2000): Running with effective IDs: [0][0]. 279s [p11_child[3168]] [main] (0x2000): Running with real IDs [0][0]. 279s [p11_child[3168]] [parse_cert_verify_opts] (0x0020): Found 'no_verification' option, disabling verification completely. This should not be used in production. 279s [p11_child[3168]] [do_card] (0x4000): Module List: 279s [p11_child[3168]] [do_card] (0x4000): common name: [softhsm2]. 279s [p11_child[3168]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 279s [p11_child[3168]] [do_card] (0x4000): Description [SoftHSM slot ID 0x2af9ecdd] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 279s [p11_child[3168]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 279s [p11_child[3168]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x2af9ecdd][721022173] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 279s [p11_child[3168]] [do_card] (0x4000): Login NOT required. 279s [p11_child[3168]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 279s [p11_child[3168]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Root Tr Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 279s [p11_child[3168]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x2af9ecdd;slot-manufacturer=SoftHSM%20project;slot-id=721022173;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=6aa493732af9ecdd;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 279s [p11_child[3168]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 279s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-ejg3vy/SSSD-child-28251.output 279s + echo '-----BEGIN CERTIFICATE-----' 279s + tail -n1 /tmp/sssd-softhsm2-ejg3vy/SSSD-child-28251.output 280s + echo '-----END CERTIFICATE-----' 280s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-ejg3vy/SSSD-child-28251.pem 280s Certificate: 280s Data: 280s Version: 3 (0x2) 280s Serial Number: 3 (0x3) 280s Signature Algorithm: sha256WithRSAEncryption 280s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 280s Validity 280s Not Before: Jun 14 17:05:38 2024 GMT 280s Not After : Jun 14 17:05:38 2025 GMT 280s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 280s Subject Public Key Info: 280s Public Key Algorithm: rsaEncryption 280s Public-Key: (1024 bit) 280s Modulus: 280s 00:c4:34:f6:0b:ac:73:68:02:8a:fa:6b:50:57:af: 280s ce:49:98:89:54:20:6f:ee:57:44:b9:23:ce:59:e2: 280s 6d:72:b8:b7:c6:16:27:1d:87:b4:8d:fe:5d:2d:10: 280s b4:ce:ec:9a:00:9c:0b:53:61:6d:b4:6b:fb:7a:bd: 280s 97:08:d0:39:e1:a9:44:f1:ee:08:e5:b3:ef:93:8a: 280s ae:24:df:47:4a:1d:5c:21:9e:e4:fd:19:13:c5:53: 280s 0d:d8:0d:33:e7:42:ae:f6:00:8b:07:2a:ce:b3:86: 280s ee:73:cc:b3:7f:37:73:29:7b:b4:11:f5:5d:98:43: 280s 98:90:90:36:e9:b6:c0:78:17 280s Exponent: 65537 (0x10001) 280s X509v3 extensions: 280s X509v3 Authority Key Identifier: 280s 95:F2:FA:D5:DE:25:EA:7C:77:C1:BB:C3:F5:B9:90:01:98:E0:94:D5 280s X509v3 Basic Constraints: 280s CA:FALSE 280s Netscape Cert Type: 280s SSL Client, S/MIME 280s Netscape Comment: 280s Test Organization Root CA trusted Certificate 280s X509v3 Subject Key Identifier: 280s C6:02:35:4F:5D:6F:CF:22:9D:D3:E0:A8:6E:75:1E:EF:EC:2B:76:6B 280s X509v3 Key Usage: critical 280s Digital Signature, Non Repudiation, Key Encipherment 280s X509v3 Extended Key Usage: 280s TLS Web Client Authentication, E-mail Protection 280s X509v3 Subject Alternative Name: 280s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 280s Signature Algorithm: sha256WithRSAEncryption 280s Signature Value: 280s 7b:3d:76:e5:41:2e:a1:b9:c8:1c:a3:b2:36:c0:97:d4:5c:99: 280s 73:d3:29:53:16:ee:86:51:e5:05:65:93:62:1e:7e:8c:3f:7e: 280s 6e:cd:97:2f:61:1b:83:0f:51:6c:90:48:ad:01:62:fb:ca:3d: 280s c1:0e:91:52:d8:58:de:88:fd:72:14:e7:df:13:c6:1c:74:7e: 280s ba:8a:ea:c7:fb:97:b7:c1:35:ea:fe:20:54:83:20:ce:54:0f: 280s c3:c4:24:46:77:b5:5e:e1:ad:dd:8e:28:c9:23:48:dd:f1:aa: 280s ca:bf:bb:c7:3d:dc:e8:ae:af:c4:54:77:06:e6:f2:ce:69:e3: 280s 5b:c2 280s + local found_md5 expected_md5 280s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-ejg3vy/test-root-CA-trusted-certificate-0001.pem 280s + expected_md5=Modulus=C434F60BAC7368028AFA6B5057AFCE49988954206FEE5744B923CE59E26D72B8B7C616271D87B48DFE5D2D10B4CEEC9A009C0B53616DB46BFB7ABD9708D039E1A944F1EE08E5B3EF938AAE24DF474A1D5C219EE4FD1913C5530DD80D33E742AEF6008B072ACEB386EE73CCB37F3773297BB411F55D984398909036E9B6C07817 280s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-ejg3vy/SSSD-child-28251.pem 280s + found_md5=Modulus=C434F60BAC7368028AFA6B5057AFCE49988954206FEE5744B923CE59E26D72B8B7C616271D87B48DFE5D2D10B4CEEC9A009C0B53616DB46BFB7ABD9708D039E1A944F1EE08E5B3EF938AAE24DF474A1D5C219EE4FD1913C5530DD80D33E742AEF6008B072ACEB386EE73CCB37F3773297BB411F55D984398909036E9B6C07817 280s + '[' Modulus=C434F60BAC7368028AFA6B5057AFCE49988954206FEE5744B923CE59E26D72B8B7C616271D87B48DFE5D2D10B4CEEC9A009C0B53616DB46BFB7ABD9708D039E1A944F1EE08E5B3EF938AAE24DF474A1D5C219EE4FD1913C5530DD80D33E742AEF6008B072ACEB386EE73CCB37F3773297BB411F55D984398909036E9B6C07817 '!=' Modulus=C434F60BAC7368028AFA6B5057AFCE49988954206FEE5744B923CE59E26D72B8B7C616271D87B48DFE5D2D10B4CEEC9A009C0B53616DB46BFB7ABD9708D039E1A944F1EE08E5B3EF938AAE24DF474A1D5C219EE4FD1913C5530DD80D33E742AEF6008B072ACEB386EE73CCB37F3773297BB411F55D984398909036E9B6C07817 ']' 280s + output_file=/tmp/sssd-softhsm2-ejg3vy/SSSD-child-28251-auth.output 280s ++ basename /tmp/sssd-softhsm2-ejg3vy/SSSD-child-28251-auth.output .output 280s + output_cert_file=/tmp/sssd-softhsm2-ejg3vy/SSSD-child-28251-auth.pem 280s + echo -n 053350 280s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/dev/null --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=no_verification --token_name 'Test Organization Root Tr Token' --module_name /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so 280s [p11_child[3176]] [main] (0x0400): p11_child started. 280s [p11_child[3176]] [main] (0x2000): Running in [auth] mode. 280s [p11_child[3176]] [main] (0x2000): Running with effective IDs: [0][0]. 280s [p11_child[3176]] [main] (0x2000): Running with real IDs [0][0]. 280s [p11_child[3176]] [parse_cert_verify_opts] (0x0020): Found 'no_verification' option, disabling verification completely. This should not be used in production. 280s [p11_child[3176]] [do_card] (0x4000): Module List: 280s [p11_child[3176]] [do_card] (0x4000): common name: [softhsm2]. 280s [p11_child[3176]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 280s [p11_child[3176]] [do_card] (0x4000): Description [SoftHSM slot ID 0x2af9ecdd] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 280s [p11_child[3176]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 280s [p11_child[3176]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x2af9ecdd][721022173] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 280s [p11_child[3176]] [do_card] (0x4000): Login required. 280s [p11_child[3176]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 280s [p11_child[3176]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so Test Organization Root Tr Token Test Organization Root Tr Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 280s [p11_child[3176]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x2af9ecdd;slot-manufacturer=SoftHSM%20project;slot-id=721022173;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=6aa493732af9ecdd;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 280s [p11_child[3176]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 280s [p11_child[3176]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 280s [p11_child[3176]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 280s [p11_child[3176]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 280s [p11_child[3176]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 280s [p11_child[3176]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 280s [p11_child[3176]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 280s [p11_child[3176]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 280s [p11_child[3176]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 280s [p11_child[3176]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 280s [p11_child[3176]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 280s [p11_child[3176]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 280s [p11_child[3176]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 280s [p11_child[3176]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 280s [p11_child[3176]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 280s [p11_child[3176]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 280s [p11_child[3176]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 280s [p11_child[3176]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 280s [p11_child[3176]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 280s [p11_child[3176]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 280s [p11_child[3176]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 280s [p11_child[3176]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 280s [p11_child[3176]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 280s [p11_child[3176]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 280s [p11_child[3176]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 280s [p11_child[3176]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 280s [p11_child[3176]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 280s [p11_child[3176]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 280s [p11_child[3176]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 280s [p11_child[3176]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 280s [p11_child[3176]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 280s [p11_child[3176]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 280s [p11_child[3176]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 280s [p11_child[3176]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 280s [p11_child[3176]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 280s [p11_child[3176]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 280s [p11_child[3176]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 280s [p11_child[3176]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 280s [p11_child[3176]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 280s [p11_child[3176]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 280s [p11_child[3176]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 280s [p11_child[3176]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 280s [p11_child[3176]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 280s [p11_child[3176]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 280s [p11_child[3176]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 280s [p11_child[3176]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 280s [p11_child[3176]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 280s [p11_child[3176]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 280s [p11_child[3176]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 280s [p11_child[3176]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 280s [p11_child[3176]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 280s [p11_child[3176]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 280s [p11_child[3176]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 280s [p11_child[3176]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 280s [p11_child[3176]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 280s [p11_child[3176]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 280s [p11_child[3176]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 280s [p11_child[3176]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 280s [p11_child[3176]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 280s [p11_child[3176]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 280s [p11_child[3176]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 280s [p11_child[3176]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 280s [p11_child[3176]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 280s [p11_child[3176]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 280s [p11_child[3176]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 280s [p11_child[3176]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 280s [p11_child[3176]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 280s [p11_child[3176]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 280s [p11_child[3176]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 280s [p11_child[3176]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 280s [p11_child[3176]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 280s [p11_child[3176]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 280s [p11_child[3176]] [do_card] (0x4000): Certificate verified and validated. 280s [p11_child[3176]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 280s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-ejg3vy/SSSD-child-28251-auth.output 280s + echo '-----BEGIN CERTIFICATE-----' 280s + tail -n1 /tmp/sssd-softhsm2-ejg3vy/SSSD-child-28251-auth.output 280s + echo '-----END CERTIFICATE-----' 280s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-ejg3vy/SSSD-child-28251-auth.pem 280s Certificate: 280s Data: 280s Version: 3 (0x2) 280s Serial Number: 3 (0x3) 280s Signature Algorithm: sha256WithRSAEncryption 280s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 280s Validity 280s Not Before: Jun 14 17:05:38 2024 GMT 280s Not After : Jun 14 17:05:38 2025 GMT 280s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 280s Subject Public Key Info: 280s Public Key Algorithm: rsaEncryption 280s Public-Key: (1024 bit) 280s Modulus: 280s 00:c4:34:f6:0b:ac:73:68:02:8a:fa:6b:50:57:af: 280s ce:49:98:89:54:20:6f:ee:57:44:b9:23:ce:59:e2: 280s 6d:72:b8:b7:c6:16:27:1d:87:b4:8d:fe:5d:2d:10: 280s b4:ce:ec:9a:00:9c:0b:53:61:6d:b4:6b:fb:7a:bd: 280s 97:08:d0:39:e1:a9:44:f1:ee:08:e5:b3:ef:93:8a: 280s ae:24:df:47:4a:1d:5c:21:9e:e4:fd:19:13:c5:53: 280s 0d:d8:0d:33:e7:42:ae:f6:00:8b:07:2a:ce:b3:86: 280s ee:73:cc:b3:7f:37:73:29:7b:b4:11:f5:5d:98:43: 280s 98:90:90:36:e9:b6:c0:78:17 280s Exponent: 65537 (0x10001) 280s X509v3 extensions: 280s X509v3 Authority Key Identifier: 280s 95:F2:FA:D5:DE:25:EA:7C:77:C1:BB:C3:F5:B9:90:01:98:E0:94:D5 280s X509v3 Basic Constraints: 280s CA:FALSE 280s Netscape Cert Type: 280s SSL Client, S/MIME 280s Netscape Comment: 280s Test Organization Root CA trusted Certificate 280s X509v3 Subject Key Identifier: 280s C6:02:35:4F:5D:6F:CF:22:9D:D3:E0:A8:6E:75:1E:EF:EC:2B:76:6B 280s X509v3 Key Usage: critical 280s Digital Signature, Non Repudiation, Key Encipherment 280s X509v3 Extended Key Usage: 280s TLS Web Client Authentication, E-mail Protection 280s X509v3 Subject Alternative Name: 280s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 280s Signature Algorithm: sha256WithRSAEncryption 280s Signature Value: 280s 7b:3d:76:e5:41:2e:a1:b9:c8:1c:a3:b2:36:c0:97:d4:5c:99: 280s 73:d3:29:53:16:ee:86:51:e5:05:65:93:62:1e:7e:8c:3f:7e: 280s 6e:cd:97:2f:61:1b:83:0f:51:6c:90:48:ad:01:62:fb:ca:3d: 280s c1:0e:91:52:d8:58:de:88:fd:72:14:e7:df:13:c6:1c:74:7e: 280s ba:8a:ea:c7:fb:97:b7:c1:35:ea:fe:20:54:83:20:ce:54:0f: 280s c3:c4:24:46:77:b5:5e:e1:ad:dd:8e:28:c9:23:48:dd:f1:aa: 280s ca:bf:bb:c7:3d:dc:e8:ae:af:c4:54:77:06:e6:f2:ce:69:e3: 280s 5b:c2 280s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-ejg3vy/SSSD-child-28251-auth.pem 280s + found_md5=Modulus=C434F60BAC7368028AFA6B5057AFCE49988954206FEE5744B923CE59E26D72B8B7C616271D87B48DFE5D2D10B4CEEC9A009C0B53616DB46BFB7ABD9708D039E1A944F1EE08E5B3EF938AAE24DF474A1D5C219EE4FD1913C5530DD80D33E742AEF6008B072ACEB386EE73CCB37F3773297BB411F55D984398909036E9B6C07817 280s + '[' Modulus=C434F60BAC7368028AFA6B5057AFCE49988954206FEE5744B923CE59E26D72B8B7C616271D87B48DFE5D2D10B4CEEC9A009C0B53616DB46BFB7ABD9708D039E1A944F1EE08E5B3EF938AAE24DF474A1D5C219EE4FD1913C5530DD80D33E742AEF6008B072ACEB386EE73CCB37F3773297BB411F55D984398909036E9B6C07817 '!=' Modulus=C434F60BAC7368028AFA6B5057AFCE49988954206FEE5744B923CE59E26D72B8B7C616271D87B48DFE5D2D10B4CEEC9A009C0B53616DB46BFB7ABD9708D039E1A944F1EE08E5B3EF938AAE24DF474A1D5C219EE4FD1913C5530DD80D33E742AEF6008B072ACEB386EE73CCB37F3773297BB411F55D984398909036E9B6C07817 ']' 280s + valid_certificate /tmp/sssd-softhsm2-ejg3vy/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-30035 /tmp/sssd-softhsm2-ejg3vy/test-root-CA.pem 280s + check_certificate /tmp/sssd-softhsm2-ejg3vy/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-30035 /tmp/sssd-softhsm2-ejg3vy/test-root-CA.pem 280s + local certificate=/tmp/sssd-softhsm2-ejg3vy/test-root-CA-trusted-certificate-0001.pem 280s + local key_pass=pass:random-root-ca-trusted-cert-0001-30035 280s + local key_ring=/tmp/sssd-softhsm2-ejg3vy/test-root-CA.pem 280s + local verify_option= 280s + prepare_softhsm2_card /tmp/sssd-softhsm2-ejg3vy/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-30035 280s + local certificate=/tmp/sssd-softhsm2-ejg3vy/test-root-CA-trusted-certificate-0001.pem 280s + local key_pass=pass:random-root-ca-trusted-cert-0001-30035 280s + local key_cn 280s + local key_name 280s + local tokens_dir 280s + local output_cert_file 280s + token_name= 280s ++ basename /tmp/sssd-softhsm2-ejg3vy/test-root-CA-trusted-certificate-0001.pem .pem 280s + key_name=test-root-CA-trusted-certificate-0001 280s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-ejg3vy/test-root-CA-trusted-certificate-0001.pem 280s ++ sed -n 's/ *commonName *= //p' 280s + key_cn='Test Organization Root Trusted Certificate 0001' 280s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 280s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-ejg3vy/softhsm2-test-root-CA-trusted-certificate-0001.conf 280s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-ejg3vy/softhsm2-test-root-CA-trusted-certificate-0001.conf 280s ++ basename /tmp/sssd-softhsm2-ejg3vy/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 280s + tokens_dir=/tmp/sssd-softhsm2-ejg3vy/softhsm2-test-root-CA-trusted-certificate-0001 280s + token_name='Test Organization Root Tr Token' 280s + '[' '!' -e /tmp/sssd-softhsm2-ejg3vy/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 280s + '[' '!' -d /tmp/sssd-softhsm2-ejg3vy/softhsm2-test-root-CA-trusted-certificate-0001 ']' 280s + echo 'Test Organization Root Tr Token' 280s Test Organization Root Tr Token 280s + '[' -n '' ']' 280s + local output_base_name=SSSD-child-8338 280s + local output_file=/tmp/sssd-softhsm2-ejg3vy/SSSD-child-8338.output 280s + output_cert_file=/tmp/sssd-softhsm2-ejg3vy/SSSD-child-8338.pem 280s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-ejg3vy/test-root-CA.pem 280s [p11_child[3186]] [main] (0x0400): p11_child started. 280s [p11_child[3186]] [main] (0x2000): Running in [pre-auth] mode. 280s [p11_child[3186]] [main] (0x2000): Running with effective IDs: [0][0]. 280s [p11_child[3186]] [main] (0x2000): Running with real IDs [0][0]. 280s [p11_child[3186]] [do_card] (0x4000): Module List: 280s [p11_child[3186]] [do_card] (0x4000): common name: [softhsm2]. 280s [p11_child[3186]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 280s [p11_child[3186]] [do_card] (0x4000): Description [SoftHSM slot ID 0x2af9ecdd] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 280s [p11_child[3186]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 280s [p11_child[3186]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x2af9ecdd][721022173] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 280s [p11_child[3186]] [do_card] (0x4000): Login NOT required. 280s [p11_child[3186]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 280s [p11_child[3186]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 280s [p11_child[3186]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Root Tr Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 280s [p11_child[3186]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x2af9ecdd;slot-manufacturer=SoftHSM%20project;slot-id=721022173;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=6aa493732af9ecdd;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 280s [p11_child[3186]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 280s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-ejg3vy/SSSD-child-8338.output 280s + echo '-----BEGIN CERTIFICATE-----' 280s + tail -n1 /tmp/sssd-softhsm2-ejg3vy/SSSD-child-8338.output 280s + echo '-----END CERTIFICATE-----' 280s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-ejg3vy/SSSD-child-8338.pem 280s + local found_md5 expected_md5 280s Certificate: 280s Data: 280s Version: 3 (0x2) 280s Serial Number: 3 (0x3) 280s Signature Algorithm: sha256WithRSAEncryption 280s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 280s Validity 280s Not Before: Jun 14 17:05:38 2024 GMT 280s Not After : Jun 14 17:05:38 2025 GMT 280s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 280s Subject Public Key Info: 280s Public Key Algorithm: rsaEncryption 280s Public-Key: (1024 bit) 280s Modulus: 280s 00:c4:34:f6:0b:ac:73:68:02:8a:fa:6b:50:57:af: 280s ce:49:98:89:54:20:6f:ee:57:44:b9:23:ce:59:e2: 280s 6d:72:b8:b7:c6:16:27:1d:87:b4:8d:fe:5d:2d:10: 280s b4:ce:ec:9a:00:9c:0b:53:61:6d:b4:6b:fb:7a:bd: 280s 97:08:d0:39:e1:a9:44:f1:ee:08:e5:b3:ef:93:8a: 280s ae:24:df:47:4a:1d:5c:21:9e:e4:fd:19:13:c5:53: 280s 0d:d8:0d:33:e7:42:ae:f6:00:8b:07:2a:ce:b3:86: 280s ee:73:cc:b3:7f:37:73:29:7b:b4:11:f5:5d:98:43: 280s 98:90:90:36:e9:b6:c0:78:17 280s Exponent: 65537 (0x10001) 280s X509v3 extensions: 280s X509v3 Authority Key Identifier: 280s 95:F2:FA:D5:DE:25:EA:7C:77:C1:BB:C3:F5:B9:90:01:98:E0:94:D5 280s X509v3 Basic Constraints: 280s CA:FALSE 280s Netscape Cert Type: 280s SSL Client, S/MIME 280s Netscape Comment: 280s Test Organization Root CA trusted Certificate 280s X509v3 Subject Key Identifier: 280s C6:02:35:4F:5D:6F:CF:22:9D:D3:E0:A8:6E:75:1E:EF:EC:2B:76:6B 280s X509v3 Key Usage: critical 280s Digital Signature, Non Repudiation, Key Encipherment 280s X509v3 Extended Key Usage: 280s TLS Web Client Authentication, E-mail Protection 280s X509v3 Subject Alternative Name: 280s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 280s Signature Algorithm: sha256WithRSAEncryption 280s Signature Value: 280s 7b:3d:76:e5:41:2e:a1:b9:c8:1c:a3:b2:36:c0:97:d4:5c:99: 280s 73:d3:29:53:16:ee:86:51:e5:05:65:93:62:1e:7e:8c:3f:7e: 280s 6e:cd:97:2f:61:1b:83:0f:51:6c:90:48:ad:01:62:fb:ca:3d: 280s c1:0e:91:52:d8:58:de:88:fd:72:14:e7:df:13:c6:1c:74:7e: 280s ba:8a:ea:c7:fb:97:b7:c1:35:ea:fe:20:54:83:20:ce:54:0f: 280s c3:c4:24:46:77:b5:5e:e1:ad:dd:8e:28:c9:23:48:dd:f1:aa: 280s ca:bf:bb:c7:3d:dc:e8:ae:af:c4:54:77:06:e6:f2:ce:69:e3: 280s 5b:c2 280s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-ejg3vy/test-root-CA-trusted-certificate-0001.pem 280s + expected_md5=Modulus=C434F60BAC7368028AFA6B5057AFCE49988954206FEE5744B923CE59E26D72B8B7C616271D87B48DFE5D2D10B4CEEC9A009C0B53616DB46BFB7ABD9708D039E1A944F1EE08E5B3EF938AAE24DF474A1D5C219EE4FD1913C5530DD80D33E742AEF6008B072ACEB386EE73CCB37F3773297BB411F55D984398909036E9B6C07817 280s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-ejg3vy/SSSD-child-8338.pem 280s + found_md5=Modulus=C434F60BAC7368028AFA6B5057AFCE49988954206FEE5744B923CE59E26D72B8B7C616271D87B48DFE5D2D10B4CEEC9A009C0B53616DB46BFB7ABD9708D039E1A944F1EE08E5B3EF938AAE24DF474A1D5C219EE4FD1913C5530DD80D33E742AEF6008B072ACEB386EE73CCB37F3773297BB411F55D984398909036E9B6C07817 280s + '[' Modulus=C434F60BAC7368028AFA6B5057AFCE49988954206FEE5744B923CE59E26D72B8B7C616271D87B48DFE5D2D10B4CEEC9A009C0B53616DB46BFB7ABD9708D039E1A944F1EE08E5B3EF938AAE24DF474A1D5C219EE4FD1913C5530DD80D33E742AEF6008B072ACEB386EE73CCB37F3773297BB411F55D984398909036E9B6C07817 '!=' Modulus=C434F60BAC7368028AFA6B5057AFCE49988954206FEE5744B923CE59E26D72B8B7C616271D87B48DFE5D2D10B4CEEC9A009C0B53616DB46BFB7ABD9708D039E1A944F1EE08E5B3EF938AAE24DF474A1D5C219EE4FD1913C5530DD80D33E742AEF6008B072ACEB386EE73CCB37F3773297BB411F55D984398909036E9B6C07817 ']' 280s + output_file=/tmp/sssd-softhsm2-ejg3vy/SSSD-child-8338-auth.output 280s ++ basename /tmp/sssd-softhsm2-ejg3vy/SSSD-child-8338-auth.output .output 280s + output_cert_file=/tmp/sssd-softhsm2-ejg3vy/SSSD-child-8338-auth.pem 280s + echo -n 053350 280s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-ejg3vy/test-root-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 '' --token_name 'Test Organization Root Tr Token' --module_name /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so 280s [p11_child[3194]] [main] (0x0400): p11_child started. 280s [p11_child[3194]] [main] (0x2000): Running in [auth] mode. 280s [p11_child[3194]] [main] (0x2000): Running with effective IDs: [0][0]. 280s [p11_child[3194]] [main] (0x2000): Running with real IDs [0][0]. 280s [p11_child[3194]] [do_card] (0x4000): Module List: 280s [p11_child[3194]] [do_card] (0x4000): common name: [softhsm2]. 280s [p11_child[3194]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 280s [p11_child[3194]] [do_card] (0x4000): Description [SoftHSM slot ID 0x2af9ecdd] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 280s [p11_child[3194]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 280s [p11_child[3194]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x2af9ecdd][721022173] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 280s [p11_child[3194]] [do_card] (0x4000): Login required. 280s [p11_child[3194]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 280s [p11_child[3194]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 280s [p11_child[3194]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so Test Organization Root Tr Token Test Organization Root Tr Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 280s [p11_child[3194]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x2af9ecdd;slot-manufacturer=SoftHSM%20project;slot-id=721022173;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=6aa493732af9ecdd;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 280s [p11_child[3194]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 280s [p11_child[3194]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 280s [p11_child[3194]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 280s [p11_child[3194]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 280s [p11_child[3194]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 280s [p11_child[3194]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 280s [p11_child[3194]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 280s [p11_child[3194]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 280s [p11_child[3194]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 280s [p11_child[3194]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 280s [p11_child[3194]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 280s [p11_child[3194]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 280s [p11_child[3194]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 280s [p11_child[3194]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 280s [p11_child[3194]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 280s [p11_child[3194]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 280s [p11_child[3194]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 280s [p11_child[3194]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 280s [p11_child[3194]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 280s [p11_child[3194]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 280s [p11_child[3194]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 280s [p11_child[3194]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 280s [p11_child[3194]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 280s [p11_child[3194]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 280s [p11_child[3194]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 280s [p11_child[3194]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 280s [p11_child[3194]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 280s [p11_child[3194]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 280s [p11_child[3194]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 280s [p11_child[3194]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 280s [p11_child[3194]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 280s [p11_child[3194]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 280s [p11_child[3194]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 280s [p11_child[3194]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 280s [p11_child[3194]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 280s [p11_child[3194]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 280s [p11_child[3194]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 280s [p11_child[3194]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 280s [p11_child[3194]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 280s [p11_child[3194]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 280s [p11_child[3194]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 280s [p11_child[3194]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 280s [p11_child[3194]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 280s [p11_child[3194]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 280s [p11_child[3194]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 280s [p11_child[3194]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 280s [p11_child[3194]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 280s [p11_child[3194]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 280s [p11_child[3194]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 280s [p11_child[3194]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 280s [p11_child[3194]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 280s [p11_child[3194]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 280s [p11_child[3194]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 280s [p11_child[3194]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 280s [p11_child[3194]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 280s [p11_child[3194]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 280s [p11_child[3194]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 280s [p11_child[3194]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 280s [p11_child[3194]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 280s [p11_child[3194]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 280s [p11_child[3194]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 280s [p11_child[3194]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 280s [p11_child[3194]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 280s [p11_child[3194]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 280s [p11_child[3194]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 280s [p11_child[3194]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 280s [p11_child[3194]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 280s [p11_child[3194]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 280s [p11_child[3194]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 280s [p11_child[3194]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 280s [p11_child[3194]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 280s [p11_child[3194]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 280s [p11_child[3194]] [do_card] (0x4000): Certificate verified and validated. 280s [p11_child[3194]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 280s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-ejg3vy/SSSD-child-8338-auth.output 280s + echo '-----BEGIN CERTIFICATE-----' 280s + tail -n1 /tmp/sssd-softhsm2-ejg3vy/SSSD-child-8338-auth.output 280s + echo '-----END CERTIFICATE-----' 280s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-ejg3vy/SSSD-child-8338-auth.pem 280s Certificate: 280s Data: 280s Version: 3 (0x2) 280s Serial Number: 3 (0x3) 280s Signature Algorithm: sha256WithRSAEncryption 280s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 280s Validity 280s Not Before: Jun 14 17:05:38 2024 GMT 280s Not After : Jun 14 17:05:38 2025 GMT 280s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 280s Subject Public Key Info: 280s Public Key Algorithm: rsaEncryption 280s Public-Key: (1024 bit) 280s Modulus: 280s 00:c4:34:f6:0b:ac:73:68:02:8a:fa:6b:50:57:af: 280s ce:49:98:89:54:20:6f:ee:57:44:b9:23:ce:59:e2: 280s 6d:72:b8:b7:c6:16:27:1d:87:b4:8d:fe:5d:2d:10: 280s b4:ce:ec:9a:00:9c:0b:53:61:6d:b4:6b:fb:7a:bd: 280s 97:08:d0:39:e1:a9:44:f1:ee:08:e5:b3:ef:93:8a: 280s ae:24:df:47:4a:1d:5c:21:9e:e4:fd:19:13:c5:53: 280s 0d:d8:0d:33:e7:42:ae:f6:00:8b:07:2a:ce:b3:86: 280s ee:73:cc:b3:7f:37:73:29:7b:b4:11:f5:5d:98:43: 280s 98:90:90:36:e9:b6:c0:78:17 280s Exponent: 65537 (0x10001) 280s X509v3 extensions: 280s X509v3 Authority Key Identifier: 280s 95:F2:FA:D5:DE:25:EA:7C:77:C1:BB:C3:F5:B9:90:01:98:E0:94:D5 280s X509v3 Basic Constraints: 280s CA:FALSE 280s Netscape Cert Type: 280s SSL Client, S/MIME 280s Netscape Comment: 280s Test Organization Root CA trusted Certificate 280s X509v3 Subject Key Identifier: 280s C6:02:35:4F:5D:6F:CF:22:9D:D3:E0:A8:6E:75:1E:EF:EC:2B:76:6B 280s X509v3 Key Usage: critical 280s Digital Signature, Non Repudiation, Key Encipherment 280s X509v3 Extended Key Usage: 280s TLS Web Client Authentication, E-mail Protection 280s X509v3 Subject Alternative Name: 280s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 280s Signature Algorithm: sha256WithRSAEncryption 280s Signature Value: 280s 7b:3d:76:e5:41:2e:a1:b9:c8:1c:a3:b2:36:c0:97:d4:5c:99: 280s 73:d3:29:53:16:ee:86:51:e5:05:65:93:62:1e:7e:8c:3f:7e: 280s 6e:cd:97:2f:61:1b:83:0f:51:6c:90:48:ad:01:62:fb:ca:3d: 280s c1:0e:91:52:d8:58:de:88:fd:72:14:e7:df:13:c6:1c:74:7e: 280s ba:8a:ea:c7:fb:97:b7:c1:35:ea:fe:20:54:83:20:ce:54:0f: 280s c3:c4:24:46:77:b5:5e:e1:ad:dd:8e:28:c9:23:48:dd:f1:aa: 280s ca:bf:bb:c7:3d:dc:e8:ae:af:c4:54:77:06:e6:f2:ce:69:e3: 280s 5b:c2 280s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-ejg3vy/SSSD-child-8338-auth.pem 280s + found_md5=Modulus=C434F60BAC7368028AFA6B5057AFCE49988954206FEE5744B923CE59E26D72B8B7C616271D87B48DFE5D2D10B4CEEC9A009C0B53616DB46BFB7ABD9708D039E1A944F1EE08E5B3EF938AAE24DF474A1D5C219EE4FD1913C5530DD80D33E742AEF6008B072ACEB386EE73CCB37F3773297BB411F55D984398909036E9B6C07817 280s + '[' Modulus=C434F60BAC7368028AFA6B5057AFCE49988954206FEE5744B923CE59E26D72B8B7C616271D87B48DFE5D2D10B4CEEC9A009C0B53616DB46BFB7ABD9708D039E1A944F1EE08E5B3EF938AAE24DF474A1D5C219EE4FD1913C5530DD80D33E742AEF6008B072ACEB386EE73CCB37F3773297BB411F55D984398909036E9B6C07817 '!=' Modulus=C434F60BAC7368028AFA6B5057AFCE49988954206FEE5744B923CE59E26D72B8B7C616271D87B48DFE5D2D10B4CEEC9A009C0B53616DB46BFB7ABD9708D039E1A944F1EE08E5B3EF938AAE24DF474A1D5C219EE4FD1913C5530DD80D33E742AEF6008B072ACEB386EE73CCB37F3773297BB411F55D984398909036E9B6C07817 ']' 280s + valid_certificate /tmp/sssd-softhsm2-ejg3vy/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-30035 /tmp/sssd-softhsm2-ejg3vy/test-root-CA.pem partial_chain 280s + check_certificate /tmp/sssd-softhsm2-ejg3vy/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-30035 /tmp/sssd-softhsm2-ejg3vy/test-root-CA.pem partial_chain 280s + local certificate=/tmp/sssd-softhsm2-ejg3vy/test-root-CA-trusted-certificate-0001.pem 280s + local key_pass=pass:random-root-ca-trusted-cert-0001-30035 280s + local key_ring=/tmp/sssd-softhsm2-ejg3vy/test-root-CA.pem 280s + local verify_option=partial_chain 280s + prepare_softhsm2_card /tmp/sssd-softhsm2-ejg3vy/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-30035 280s + local certificate=/tmp/sssd-softhsm2-ejg3vy/test-root-CA-trusted-certificate-0001.pem 280s + local key_pass=pass:random-root-ca-trusted-cert-0001-30035 280s + local key_cn 280s + local key_name 280s + local tokens_dir 280s + local output_cert_file 280s + token_name= 280s ++ basename /tmp/sssd-softhsm2-ejg3vy/test-root-CA-trusted-certificate-0001.pem .pem 280s + key_name=test-root-CA-trusted-certificate-0001 280s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-ejg3vy/test-root-CA-trusted-certificate-0001.pem 280s ++ sed -n 's/ *commonName *= //p' 280s + key_cn='Test Organization Root Trusted Certificate 0001' 280s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 280s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-ejg3vy/softhsm2-test-root-CA-trusted-certificate-0001.conf 280s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-ejg3vy/softhsm2-test-root-CA-trusted-certificate-0001.conf 280s ++ basename /tmp/sssd-softhsm2-ejg3vy/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 280s + tokens_dir=/tmp/sssd-softhsm2-ejg3vy/softhsm2-test-root-CA-trusted-certificate-0001 280s + token_name='Test Organization Root Tr Token' 280s + '[' '!' -e /tmp/sssd-softhsm2-ejg3vy/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 280s + '[' '!' -d /tmp/sssd-softhsm2-ejg3vy/softhsm2-test-root-CA-trusted-certificate-0001 ']' 280s + echo 'Test Organization Root Tr Token' 280s Test Organization Root Tr Token 280s + '[' -n partial_chain ']' 280s + local verify_arg=--verify=partial_chain 280s + local output_base_name=SSSD-child-10108 280s + local output_file=/tmp/sssd-softhsm2-ejg3vy/SSSD-child-10108.output 280s + output_cert_file=/tmp/sssd-softhsm2-ejg3vy/SSSD-child-10108.pem 280s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-ejg3vy/test-root-CA.pem 281s [p11_child[3204]] [main] (0x0400): p11_child started. 281s [p11_child[3204]] [main] (0x2000): Running in [pre-auth] mode. 281s [p11_child[3204]] [main] (0x2000): Running with effective IDs: [0][0]. 281s [p11_child[3204]] [main] (0x2000): Running with real IDs [0][0]. 281s [p11_child[3204]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 281s [p11_child[3204]] [do_card] (0x4000): Module List: 281s [p11_child[3204]] [do_card] (0x4000): common name: [softhsm2]. 281s [p11_child[3204]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 281s [p11_child[3204]] [do_card] (0x4000): Description [SoftHSM slot ID 0x2af9ecdd] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 281s [p11_child[3204]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 281s [p11_child[3204]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x2af9ecdd][721022173] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 281s [p11_child[3204]] [do_card] (0x4000): Login NOT required. 281s [p11_child[3204]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 281s [p11_child[3204]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 281s [p11_child[3204]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Root Tr Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 281s [p11_child[3204]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x2af9ecdd;slot-manufacturer=SoftHSM%20project;slot-id=721022173;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=6aa493732af9ecdd;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 281s [p11_child[3204]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 281s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-ejg3vy/SSSD-child-10108.output 281s + echo '-----BEGIN CERTIFICATE-----' 281s + tail -n1 /tmp/sssd-softhsm2-ejg3vy/SSSD-child-10108.output 281s + echo '-----END CERTIFICATE-----' 281s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-ejg3vy/SSSD-child-10108.pem 281s Certificate: 281s Data: 281s Version: 3 (0x2) 281s Serial Number: 3 (0x3) 281s Signature Algorithm: sha256WithRSAEncryption 281s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 281s Validity 281s Not Before: Jun 14 17:05:38 2024 GMT 281s Not After : Jun 14 17:05:38 2025 GMT 281s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 281s Subject Public Key Info: 281s Public Key Algorithm: rsaEncryption 281s Public-Key: (1024 bit) 281s Modulus: 281s 00:c4:34:f6:0b:ac:73:68:02:8a:fa:6b:50:57:af: 281s ce:49:98:89:54:20:6f:ee:57:44:b9:23:ce:59:e2: 281s 6d:72:b8:b7:c6:16:27:1d:87:b4:8d:fe:5d:2d:10: 281s b4:ce:ec:9a:00:9c:0b:53:61:6d:b4:6b:fb:7a:bd: 281s 97:08:d0:39:e1:a9:44:f1:ee:08:e5:b3:ef:93:8a: 281s ae:24:df:47:4a:1d:5c:21:9e:e4:fd:19:13:c5:53: 281s 0d:d8:0d:33:e7:42:ae:f6:00:8b:07:2a:ce:b3:86: 281s ee:73:cc:b3:7f:37:73:29:7b:b4:11:f5:5d:98:43: 281s 98:90:90:36:e9:b6:c0:78:17 281s Exponent: 65537 (0x10001) 281s X509v3 extensions: 281s X509v3 Authority Key Identifier: 281s 95:F2:FA:D5:DE:25:EA:7C:77:C1:BB:C3:F5:B9:90:01:98:E0:94:D5 281s X509v3 Basic Constraints: 281s CA:FALSE 281s Netscape Cert Type: 281s SSL Client, S/MIME 281s Netscape Comment: 281s Test Organization Root CA trusted Certificate 281s X509v3 Subject Key Identifier: 281s C6:02:35:4F:5D:6F:CF:22:9D:D3:E0:A8:6E:75:1E:EF:EC:2B:76:6B 281s X509v3 Key Usage: critical 281s Digital Signature, Non Repudiation, Key Encipherment 281s X509v3 Extended Key Usage: 281s TLS Web Client Authentication, E-mail Protection 281s X509v3 Subject Alternative Name: 281s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 281s Signature Algorithm: sha256WithRSAEncryption 281s Signature Value: 281s 7b:3d:76:e5:41:2e:a1:b9:c8:1c:a3:b2:36:c0:97:d4:5c:99: 281s 73:d3:29:53:16:ee:86:51:e5:05:65:93:62:1e:7e:8c:3f:7e: 281s 6e:cd:97:2f:61:1b:83:0f:51:6c:90:48:ad:01:62:fb:ca:3d: 281s c1:0e:91:52:d8:58:de:88:fd:72:14:e7:df:13:c6:1c:74:7e: 281s ba:8a:ea:c7:fb:97:b7:c1:35:ea:fe:20:54:83:20:ce:54:0f: 281s c3:c4:24:46:77:b5:5e:e1:ad:dd:8e:28:c9:23:48:dd:f1:aa: 281s ca:bf:bb:c7:3d:dc:e8:ae:af:c4:54:77:06:e6:f2:ce:69:e3: 281s 5b:c2 281s + local found_md5 expected_md5 281s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-ejg3vy/test-root-CA-trusted-certificate-0001.pem 281s + expected_md5=Modulus=C434F60BAC7368028AFA6B5057AFCE49988954206FEE5744B923CE59E26D72B8B7C616271D87B48DFE5D2D10B4CEEC9A009C0B53616DB46BFB7ABD9708D039E1A944F1EE08E5B3EF938AAE24DF474A1D5C219EE4FD1913C5530DD80D33E742AEF6008B072ACEB386EE73CCB37F3773297BB411F55D984398909036E9B6C07817 281s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-ejg3vy/SSSD-child-10108.pem 281s + found_md5=Modulus=C434F60BAC7368028AFA6B5057AFCE49988954206FEE5744B923CE59E26D72B8B7C616271D87B48DFE5D2D10B4CEEC9A009C0B53616DB46BFB7ABD9708D039E1A944F1EE08E5B3EF938AAE24DF474A1D5C219EE4FD1913C5530DD80D33E742AEF6008B072ACEB386EE73CCB37F3773297BB411F55D984398909036E9B6C07817 281s + '[' Modulus=C434F60BAC7368028AFA6B5057AFCE49988954206FEE5744B923CE59E26D72B8B7C616271D87B48DFE5D2D10B4CEEC9A009C0B53616DB46BFB7ABD9708D039E1A944F1EE08E5B3EF938AAE24DF474A1D5C219EE4FD1913C5530DD80D33E742AEF6008B072ACEB386EE73CCB37F3773297BB411F55D984398909036E9B6C07817 '!=' Modulus=C434F60BAC7368028AFA6B5057AFCE49988954206FEE5744B923CE59E26D72B8B7C616271D87B48DFE5D2D10B4CEEC9A009C0B53616DB46BFB7ABD9708D039E1A944F1EE08E5B3EF938AAE24DF474A1D5C219EE4FD1913C5530DD80D33E742AEF6008B072ACEB386EE73CCB37F3773297BB411F55D984398909036E9B6C07817 ']' 281s + output_file=/tmp/sssd-softhsm2-ejg3vy/SSSD-child-10108-auth.output 281s ++ basename /tmp/sssd-softhsm2-ejg3vy/SSSD-child-10108-auth.output .output 281s + output_cert_file=/tmp/sssd-softhsm2-ejg3vy/SSSD-child-10108-auth.pem 281s + echo -n 053350 281s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-ejg3vy/test-root-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Root Tr Token' --module_name /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so 281s [p11_child[3212]] [main] (0x0400): p11_child started. 281s [p11_child[3212]] [main] (0x2000): Running in [auth] mode. 281s [p11_child[3212]] [main] (0x2000): Running with effective IDs: [0][0]. 281s [p11_child[3212]] [main] (0x2000): Running with real IDs [0][0]. 281s [p11_child[3212]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 281s [p11_child[3212]] [do_card] (0x4000): Module List: 281s [p11_child[3212]] [do_card] (0x4000): common name: [softhsm2]. 281s [p11_child[3212]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 281s [p11_child[3212]] [do_card] (0x4000): Description [SoftHSM slot ID 0x2af9ecdd] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 281s [p11_child[3212]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 281s [p11_child[3212]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x2af9ecdd][721022173] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 281s [p11_child[3212]] [do_card] (0x4000): Login required. 281s [p11_child[3212]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 281s [p11_child[3212]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 281s [p11_child[3212]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so Test Organization Root Tr Token Test Organization Root Tr Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 281s [p11_child[3212]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x2af9ecdd;slot-manufacturer=SoftHSM%20project;slot-id=721022173;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=6aa493732af9ecdd;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 281s [p11_child[3212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 281s [p11_child[3212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 281s [p11_child[3212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 281s [p11_child[3212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 281s [p11_child[3212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 281s [p11_child[3212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 281s [p11_child[3212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 281s [p11_child[3212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 281s [p11_child[3212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 281s [p11_child[3212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 281s [p11_child[3212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 281s [p11_child[3212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 281s [p11_child[3212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 281s [p11_child[3212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 281s [p11_child[3212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 281s [p11_child[3212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 281s [p11_child[3212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 281s [p11_child[3212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 281s [p11_child[3212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 281s [p11_child[3212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 281s [p11_child[3212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 281s [p11_child[3212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 281s [p11_child[3212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 281s [p11_child[3212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 281s [p11_child[3212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 281s [p11_child[3212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 281s [p11_child[3212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 281s [p11_child[3212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 281s [p11_child[3212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 281s [p11_child[3212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 281s [p11_child[3212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 281s [p11_child[3212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 281s [p11_child[3212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 281s [p11_child[3212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 281s [p11_child[3212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 281s [p11_child[3212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 281s [p11_child[3212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 281s [p11_child[3212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 281s [p11_child[3212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 281s [p11_child[3212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 281s [p11_child[3212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 281s [p11_child[3212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 281s [p11_child[3212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 281s [p11_child[3212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 281s [p11_child[3212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 281s [p11_child[3212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 281s [p11_child[3212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 281s [p11_child[3212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 281s [p11_child[3212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 281s [p11_child[3212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 281s [p11_child[3212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 281s [p11_child[3212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 281s [p11_child[3212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 281s [p11_child[3212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 281s [p11_child[3212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 281s [p11_child[3212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 281s [p11_child[3212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 281s [p11_child[3212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 281s [p11_child[3212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 281s [p11_child[3212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 281s [p11_child[3212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 281s [p11_child[3212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 281s [p11_child[3212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 281s [p11_child[3212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 281s [p11_child[3212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 281s [p11_child[3212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 281s [p11_child[3212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 281s [p11_child[3212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 281s [p11_child[3212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 281s [p11_child[3212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 281s [p11_child[3212]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 281s [p11_child[3212]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 281s [p11_child[3212]] [do_card] (0x4000): Certificate verified and validated. 281s [p11_child[3212]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 281s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-ejg3vy/SSSD-child-10108-auth.output 281s + echo '-----BEGIN CERTIFICATE-----' 281s + tail -n1 /tmp/sssd-softhsm2-ejg3vy/SSSD-child-10108-auth.output 281s + echo '-----END CERTIFICATE-----' 281s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-ejg3vy/SSSD-child-10108-auth.pem 282s Certificate: 282s Data: 282s Version: 3 (0x2) 282s Serial Number: 3 (0x3) 282s Signature Algorithm: sha256WithRSAEncryption 282s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 282s Validity 282s Not Before: Jun 14 17:05:38 2024 GMT 282s Not After : Jun 14 17:05:38 2025 GMT 282s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 282s Subject Public Key Info: 282s Public Key Algorithm: rsaEncryption 282s Public-Key: (1024 bit) 282s Modulus: 282s 00:c4:34:f6:0b:ac:73:68:02:8a:fa:6b:50:57:af: 282s ce:49:98:89:54:20:6f:ee:57:44:b9:23:ce:59:e2: 282s 6d:72:b8:b7:c6:16:27:1d:87:b4:8d:fe:5d:2d:10: 282s b4:ce:ec:9a:00:9c:0b:53:61:6d:b4:6b:fb:7a:bd: 282s 97:08:d0:39:e1:a9:44:f1:ee:08:e5:b3:ef:93:8a: 282s ae:24:df:47:4a:1d:5c:21:9e:e4:fd:19:13:c5:53: 282s 0d:d8:0d:33:e7:42:ae:f6:00:8b:07:2a:ce:b3:86: 282s ee:73:cc:b3:7f:37:73:29:7b:b4:11:f5:5d:98:43: 282s 98:90:90:36:e9:b6:c0:78:17 282s Exponent: 65537 (0x10001) 282s X509v3 extensions: 282s X509v3 Authority Key Identifier: 282s 95:F2:FA:D5:DE:25:EA:7C:77:C1:BB:C3:F5:B9:90:01:98:E0:94:D5 282s X509v3 Basic Constraints: 282s CA:FALSE 282s Netscape Cert Type: 282s SSL Client, S/MIME 282s Netscape Comment: 282s Test Organization Root CA trusted Certificate 282s X509v3 Subject Key Identifier: 282s C6:02:35:4F:5D:6F:CF:22:9D:D3:E0:A8:6E:75:1E:EF:EC:2B:76:6B 282s X509v3 Key Usage: critical 282s Digital Signature, Non Repudiation, Key Encipherment 282s X509v3 Extended Key Usage: 282s TLS Web Client Authentication, E-mail Protection 282s X509v3 Subject Alternative Name: 282s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 282s Signature Algorithm: sha256WithRSAEncryption 282s Signature Value: 282s 7b:3d:76:e5:41:2e:a1:b9:c8:1c:a3:b2:36:c0:97:d4:5c:99: 282s 73:d3:29:53:16:ee:86:51:e5:05:65:93:62:1e:7e:8c:3f:7e: 282s 6e:cd:97:2f:61:1b:83:0f:51:6c:90:48:ad:01:62:fb:ca:3d: 282s c1:0e:91:52:d8:58:de:88:fd:72:14:e7:df:13:c6:1c:74:7e: 282s ba:8a:ea:c7:fb:97:b7:c1:35:ea:fe:20:54:83:20:ce:54:0f: 282s c3:c4:24:46:77:b5:5e:e1:ad:dd:8e:28:c9:23:48:dd:f1:aa: 282s ca:bf:bb:c7:3d:dc:e8:ae:af:c4:54:77:06:e6:f2:ce:69:e3: 282s 5b:c2 282s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-ejg3vy/SSSD-child-10108-auth.pem 282s + found_md5=Modulus=C434F60BAC7368028AFA6B5057AFCE49988954206FEE5744B923CE59E26D72B8B7C616271D87B48DFE5D2D10B4CEEC9A009C0B53616DB46BFB7ABD9708D039E1A944F1EE08E5B3EF938AAE24DF474A1D5C219EE4FD1913C5530DD80D33E742AEF6008B072ACEB386EE73CCB37F3773297BB411F55D984398909036E9B6C07817 282s + '[' Modulus=C434F60BAC7368028AFA6B5057AFCE49988954206FEE5744B923CE59E26D72B8B7C616271D87B48DFE5D2D10B4CEEC9A009C0B53616DB46BFB7ABD9708D039E1A944F1EE08E5B3EF938AAE24DF474A1D5C219EE4FD1913C5530DD80D33E742AEF6008B072ACEB386EE73CCB37F3773297BB411F55D984398909036E9B6C07817 '!=' Modulus=C434F60BAC7368028AFA6B5057AFCE49988954206FEE5744B923CE59E26D72B8B7C616271D87B48DFE5D2D10B4CEEC9A009C0B53616DB46BFB7ABD9708D039E1A944F1EE08E5B3EF938AAE24DF474A1D5C219EE4FD1913C5530DD80D33E742AEF6008B072ACEB386EE73CCB37F3773297BB411F55D984398909036E9B6C07817 ']' 282s + valid_certificate /tmp/sssd-softhsm2-ejg3vy/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-30035 /tmp/sssd-softhsm2-ejg3vy/test-full-chain-CA.pem 282s + check_certificate /tmp/sssd-softhsm2-ejg3vy/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-30035 /tmp/sssd-softhsm2-ejg3vy/test-full-chain-CA.pem 282s + local certificate=/tmp/sssd-softhsm2-ejg3vy/test-root-CA-trusted-certificate-0001.pem 282s + local key_pass=pass:random-root-ca-trusted-cert-0001-30035 282s + local key_ring=/tmp/sssd-softhsm2-ejg3vy/test-full-chain-CA.pem 282s + local verify_option= 282s + prepare_softhsm2_card /tmp/sssd-softhsm2-ejg3vy/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-30035 282s + local certificate=/tmp/sssd-softhsm2-ejg3vy/test-root-CA-trusted-certificate-0001.pem 282s + local key_pass=pass:random-root-ca-trusted-cert-0001-30035 282s + local key_cn 282s + local key_name 282s + local tokens_dir 282s + local output_cert_file 282s + token_name= 282s ++ basename /tmp/sssd-softhsm2-ejg3vy/test-root-CA-trusted-certificate-0001.pem .pem 282s + key_name=test-root-CA-trusted-certificate-0001 282s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-ejg3vy/test-root-CA-trusted-certificate-0001.pem 282s ++ sed -n 's/ *commonName *= //p' 282s + key_cn='Test Organization Root Trusted Certificate 0001' 282s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 282s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-ejg3vy/softhsm2-test-root-CA-trusted-certificate-0001.conf 282s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-ejg3vy/softhsm2-test-root-CA-trusted-certificate-0001.conf 282s ++ basename /tmp/sssd-softhsm2-ejg3vy/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 282s + tokens_dir=/tmp/sssd-softhsm2-ejg3vy/softhsm2-test-root-CA-trusted-certificate-0001 282s Test Organization Root Tr Token 282s + token_name='Test Organization Root Tr Token' 282s + '[' '!' -e /tmp/sssd-softhsm2-ejg3vy/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 282s + '[' '!' -d /tmp/sssd-softhsm2-ejg3vy/softhsm2-test-root-CA-trusted-certificate-0001 ']' 282s + echo 'Test Organization Root Tr Token' 282s + '[' -n '' ']' 282s + local output_base_name=SSSD-child-7094 282s + local output_file=/tmp/sssd-softhsm2-ejg3vy/SSSD-child-7094.output 282s + output_cert_file=/tmp/sssd-softhsm2-ejg3vy/SSSD-child-7094.pem 282s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-ejg3vy/test-full-chain-CA.pem 282s [p11_child[3222]] [main] (0x0400): p11_child started. 282s [p11_child[3222]] [main] (0x2000): Running in [pre-auth] mode. 282s [p11_child[3222]] [main] (0x2000): Running with effective IDs: [0][0]. 282s [p11_child[3222]] [main] (0x2000): Running with real IDs [0][0]. 282s [p11_child[3222]] [do_card] (0x4000): Module List: 282s [p11_child[3222]] [do_card] (0x4000): common name: [softhsm2]. 282s [p11_child[3222]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 282s [p11_child[3222]] [do_card] (0x4000): Description [SoftHSM slot ID 0x2af9ecdd] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 282s [p11_child[3222]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 282s [p11_child[3222]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x2af9ecdd][721022173] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 282s [p11_child[3222]] [do_card] (0x4000): Login NOT required. 282s [p11_child[3222]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 282s [p11_child[3222]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 282s [p11_child[3222]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Root Tr Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 282s [p11_child[3222]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x2af9ecdd;slot-manufacturer=SoftHSM%20project;slot-id=721022173;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=6aa493732af9ecdd;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 282s [p11_child[3222]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 282s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-ejg3vy/SSSD-child-7094.output 282s + echo '-----BEGIN CERTIFICATE-----' 282s + tail -n1 /tmp/sssd-softhsm2-ejg3vy/SSSD-child-7094.output 282s + echo '-----END CERTIFICATE-----' 282s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-ejg3vy/SSSD-child-7094.pem 282s Certificate: 282s Data: 282s Version: 3 (0x2) 282s Serial Number: 3 (0x3) 282s Signature Algorithm: sha256WithRSAEncryption 282s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 282s Validity 282s Not Before: Jun 14 17:05:38 2024 GMT 282s Not After : Jun 14 17:05:38 2025 GMT 282s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 282s Subject Public Key Info: 282s Public Key Algorithm: rsaEncryption 282s Public-Key: (1024 bit) 282s Modulus: 282s 00:c4:34:f6:0b:ac:73:68:02:8a:fa:6b:50:57:af: 282s ce:49:98:89:54:20:6f:ee:57:44:b9:23:ce:59:e2: 282s 6d:72:b8:b7:c6:16:27:1d:87:b4:8d:fe:5d:2d:10: 282s b4:ce:ec:9a:00:9c:0b:53:61:6d:b4:6b:fb:7a:bd: 282s 97:08:d0:39:e1:a9:44:f1:ee:08:e5:b3:ef:93:8a: 282s ae:24:df:47:4a:1d:5c:21:9e:e4:fd:19:13:c5:53: 282s 0d:d8:0d:33:e7:42:ae:f6:00:8b:07:2a:ce:b3:86: 282s ee:73:cc:b3:7f:37:73:29:7b:b4:11:f5:5d:98:43: 282s 98:90:90:36:e9:b6:c0:78:17 282s Exponent: 65537 (0x10001) 282s X509v3 extensions: 282s X509v3 Authority Key Identifier: 282s 95:F2:FA:D5:DE:25:EA:7C:77:C1:BB:C3:F5:B9:90:01:98:E0:94:D5 282s X509v3 Basic Constraints: 282s CA:FALSE 282s Netscape Cert Type: 282s SSL Client, S/MIME 282s Netscape Comment: 282s Test Organization Root CA trusted Certificate 282s X509v3 Subject Key Identifier: 282s C6:02:35:4F:5D:6F:CF:22:9D:D3:E0:A8:6E:75:1E:EF:EC:2B:76:6B 282s X509v3 Key Usage: critical 282s Digital Signature, Non Repudiation, Key Encipherment 282s X509v3 Extended Key Usage: 282s TLS Web Client Authentication, E-mail Protection 282s X509v3 Subject Alternative Name: 282s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 282s Signature Algorithm: sha256WithRSAEncryption 282s Signature Value: 282s 7b:3d:76:e5:41:2e:a1:b9:c8:1c:a3:b2:36:c0:97:d4:5c:99: 282s 73:d3:29:53:16:ee:86:51:e5:05:65:93:62:1e:7e:8c:3f:7e: 282s 6e:cd:97:2f:61:1b:83:0f:51:6c:90:48:ad:01:62:fb:ca:3d: 282s c1:0e:91:52:d8:58:de:88:fd:72:14:e7:df:13:c6:1c:74:7e: 282s ba:8a:ea:c7:fb:97:b7:c1:35:ea:fe:20:54:83:20:ce:54:0f: 282s c3:c4:24:46:77:b5:5e:e1:ad:dd:8e:28:c9:23:48:dd:f1:aa: 282s ca:bf:bb:c7:3d:dc:e8:ae:af:c4:54:77:06:e6:f2:ce:69:e3: 282s 5b:c2 282s + local found_md5 expected_md5 282s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-ejg3vy/test-root-CA-trusted-certificate-0001.pem 282s + expected_md5=Modulus=C434F60BAC7368028AFA6B5057AFCE49988954206FEE5744B923CE59E26D72B8B7C616271D87B48DFE5D2D10B4CEEC9A009C0B53616DB46BFB7ABD9708D039E1A944F1EE08E5B3EF938AAE24DF474A1D5C219EE4FD1913C5530DD80D33E742AEF6008B072ACEB386EE73CCB37F3773297BB411F55D984398909036E9B6C07817 282s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-ejg3vy/SSSD-child-7094.pem 282s + found_md5=Modulus=C434F60BAC7368028AFA6B5057AFCE49988954206FEE5744B923CE59E26D72B8B7C616271D87B48DFE5D2D10B4CEEC9A009C0B53616DB46BFB7ABD9708D039E1A944F1EE08E5B3EF938AAE24DF474A1D5C219EE4FD1913C5530DD80D33E742AEF6008B072ACEB386EE73CCB37F3773297BB411F55D984398909036E9B6C07817 282s + '[' Modulus=C434F60BAC7368028AFA6B5057AFCE49988954206FEE5744B923CE59E26D72B8B7C616271D87B48DFE5D2D10B4CEEC9A009C0B53616DB46BFB7ABD9708D039E1A944F1EE08E5B3EF938AAE24DF474A1D5C219EE4FD1913C5530DD80D33E742AEF6008B072ACEB386EE73CCB37F3773297BB411F55D984398909036E9B6C07817 '!=' Modulus=C434F60BAC7368028AFA6B5057AFCE49988954206FEE5744B923CE59E26D72B8B7C616271D87B48DFE5D2D10B4CEEC9A009C0B53616DB46BFB7ABD9708D039E1A944F1EE08E5B3EF938AAE24DF474A1D5C219EE4FD1913C5530DD80D33E742AEF6008B072ACEB386EE73CCB37F3773297BB411F55D984398909036E9B6C07817 ']' 282s + output_file=/tmp/sssd-softhsm2-ejg3vy/SSSD-child-7094-auth.output 282s ++ basename /tmp/sssd-softhsm2-ejg3vy/SSSD-child-7094-auth.output .output 282s + output_cert_file=/tmp/sssd-softhsm2-ejg3vy/SSSD-child-7094-auth.pem 282s + echo -n 053350 282s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-ejg3vy/test-full-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 '' --token_name 'Test Organization Root Tr Token' --module_name /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so 282s [p11_child[3230]] [main] (0x0400): p11_child started. 282s [p11_child[3230]] [main] (0x2000): Running in [auth] mode. 282s [p11_child[3230]] [main] (0x2000): Running with effective IDs: [0][0]. 282s [p11_child[3230]] [main] (0x2000): Running with real IDs [0][0]. 282s [p11_child[3230]] [do_card] (0x4000): Module List: 282s [p11_child[3230]] [do_card] (0x4000): common name: [softhsm2]. 282s [p11_child[3230]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 282s [p11_child[3230]] [do_card] (0x4000): Description [SoftHSM slot ID 0x2af9ecdd] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 282s [p11_child[3230]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 282s [p11_child[3230]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x2af9ecdd][721022173] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 282s [p11_child[3230]] [do_card] (0x4000): Login required. 282s [p11_child[3230]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 282s [p11_child[3230]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 282s [p11_child[3230]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so Test Organization Root Tr Token Test Organization Root Tr Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 282s [p11_child[3230]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x2af9ecdd;slot-manufacturer=SoftHSM%20project;slot-id=721022173;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=6aa493732af9ecdd;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 282s [p11_child[3230]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 282s [p11_child[3230]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 282s [p11_child[3230]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 282s [p11_child[3230]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 282s [p11_child[3230]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 282s [p11_child[3230]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 282s [p11_child[3230]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 282s [p11_child[3230]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 282s [p11_child[3230]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 282s [p11_child[3230]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 282s [p11_child[3230]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 282s [p11_child[3230]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 282s [p11_child[3230]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 282s [p11_child[3230]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 282s [p11_child[3230]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 282s [p11_child[3230]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 282s [p11_child[3230]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 282s [p11_child[3230]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 282s [p11_child[3230]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 282s [p11_child[3230]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 282s [p11_child[3230]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 282s [p11_child[3230]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 282s [p11_child[3230]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 282s [p11_child[3230]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 282s [p11_child[3230]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 282s [p11_child[3230]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 282s [p11_child[3230]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 282s [p11_child[3230]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 282s [p11_child[3230]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 282s [p11_child[3230]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 282s [p11_child[3230]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 282s [p11_child[3230]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 282s [p11_child[3230]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 282s [p11_child[3230]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 282s [p11_child[3230]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 282s [p11_child[3230]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 282s [p11_child[3230]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 282s [p11_child[3230]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 282s [p11_child[3230]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 282s [p11_child[3230]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 282s [p11_child[3230]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 282s [p11_child[3230]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 282s [p11_child[3230]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 282s [p11_child[3230]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 282s [p11_child[3230]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 282s [p11_child[3230]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 282s [p11_child[3230]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 282s [p11_child[3230]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 282s [p11_child[3230]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 282s [p11_child[3230]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 282s [p11_child[3230]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 282s [p11_child[3230]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 282s [p11_child[3230]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 282s [p11_child[3230]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 282s [p11_child[3230]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 282s [p11_child[3230]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 282s [p11_child[3230]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 282s [p11_child[3230]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 282s [p11_child[3230]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 282s [p11_child[3230]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 282s [p11_child[3230]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 282s [p11_child[3230]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 282s [p11_child[3230]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 282s [p11_child[3230]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 282s [p11_child[3230]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 282s [p11_child[3230]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 282s [p11_child[3230]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 282s [p11_child[3230]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 282s [p11_child[3230]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 282s [p11_child[3230]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 282s [p11_child[3230]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 282s [p11_child[3230]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 282s [p11_child[3230]] [do_card] (0x4000): Certificate verified and validated. 282s [p11_child[3230]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 282s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-ejg3vy/SSSD-child-7094-auth.output 282s + echo '-----BEGIN CERTIFICATE-----' 282s + tail -n1 /tmp/sssd-softhsm2-ejg3vy/SSSD-child-7094-auth.output 282s + echo '-----END CERTIFICATE-----' 282s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-ejg3vy/SSSD-child-7094-auth.pem 282s Certificate: 282s Data: 282s Version: 3 (0x2) 282s Serial Number: 3 (0x3) 282s Signature Algorithm: sha256WithRSAEncryption 282s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 282s Validity 282s Not Before: Jun 14 17:05:38 2024 GMT 282s Not After : Jun 14 17:05:38 2025 GMT 282s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 282s Subject Public Key Info: 282s Public Key Algorithm: rsaEncryption 282s Public-Key: (1024 bit) 282s Modulus: 282s 00:c4:34:f6:0b:ac:73:68:02:8a:fa:6b:50:57:af: 282s ce:49:98:89:54:20:6f:ee:57:44:b9:23:ce:59:e2: 282s 6d:72:b8:b7:c6:16:27:1d:87:b4:8d:fe:5d:2d:10: 282s b4:ce:ec:9a:00:9c:0b:53:61:6d:b4:6b:fb:7a:bd: 282s 97:08:d0:39:e1:a9:44:f1:ee:08:e5:b3:ef:93:8a: 282s ae:24:df:47:4a:1d:5c:21:9e:e4:fd:19:13:c5:53: 282s 0d:d8:0d:33:e7:42:ae:f6:00:8b:07:2a:ce:b3:86: 282s ee:73:cc:b3:7f:37:73:29:7b:b4:11:f5:5d:98:43: 282s 98:90:90:36:e9:b6:c0:78:17 282s Exponent: 65537 (0x10001) 282s X509v3 extensions: 282s X509v3 Authority Key Identifier: 282s 95:F2:FA:D5:DE:25:EA:7C:77:C1:BB:C3:F5:B9:90:01:98:E0:94:D5 282s X509v3 Basic Constraints: 282s CA:FALSE 282s Netscape Cert Type: 282s SSL Client, S/MIME 282s Netscape Comment: 282s Test Organization Root CA trusted Certificate 282s X509v3 Subject Key Identifier: 282s C6:02:35:4F:5D:6F:CF:22:9D:D3:E0:A8:6E:75:1E:EF:EC:2B:76:6B 282s X509v3 Key Usage: critical 282s Digital Signature, Non Repudiation, Key Encipherment 282s X509v3 Extended Key Usage: 282s TLS Web Client Authentication, E-mail Protection 282s X509v3 Subject Alternative Name: 282s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 282s Signature Algorithm: sha256WithRSAEncryption 282s Signature Value: 282s 7b:3d:76:e5:41:2e:a1:b9:c8:1c:a3:b2:36:c0:97:d4:5c:99: 282s 73:d3:29:53:16:ee:86:51:e5:05:65:93:62:1e:7e:8c:3f:7e: 282s 6e:cd:97:2f:61:1b:83:0f:51:6c:90:48:ad:01:62:fb:ca:3d: 282s c1:0e:91:52:d8:58:de:88:fd:72:14:e7:df:13:c6:1c:74:7e: 282s ba:8a:ea:c7:fb:97:b7:c1:35:ea:fe:20:54:83:20:ce:54:0f: 282s c3:c4:24:46:77:b5:5e:e1:ad:dd:8e:28:c9:23:48:dd:f1:aa: 282s ca:bf:bb:c7:3d:dc:e8:ae:af:c4:54:77:06:e6:f2:ce:69:e3: 282s 5b:c2 282s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-ejg3vy/SSSD-child-7094-auth.pem 282s + found_md5=Modulus=C434F60BAC7368028AFA6B5057AFCE49988954206FEE5744B923CE59E26D72B8B7C616271D87B48DFE5D2D10B4CEEC9A009C0B53616DB46BFB7ABD9708D039E1A944F1EE08E5B3EF938AAE24DF474A1D5C219EE4FD1913C5530DD80D33E742AEF6008B072ACEB386EE73CCB37F3773297BB411F55D984398909036E9B6C07817 282s + '[' Modulus=C434F60BAC7368028AFA6B5057AFCE49988954206FEE5744B923CE59E26D72B8B7C616271D87B48DFE5D2D10B4CEEC9A009C0B53616DB46BFB7ABD9708D039E1A944F1EE08E5B3EF938AAE24DF474A1D5C219EE4FD1913C5530DD80D33E742AEF6008B072ACEB386EE73CCB37F3773297BB411F55D984398909036E9B6C07817 '!=' Modulus=C434F60BAC7368028AFA6B5057AFCE49988954206FEE5744B923CE59E26D72B8B7C616271D87B48DFE5D2D10B4CEEC9A009C0B53616DB46BFB7ABD9708D039E1A944F1EE08E5B3EF938AAE24DF474A1D5C219EE4FD1913C5530DD80D33E742AEF6008B072ACEB386EE73CCB37F3773297BB411F55D984398909036E9B6C07817 ']' 282s + valid_certificate /tmp/sssd-softhsm2-ejg3vy/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-30035 /tmp/sssd-softhsm2-ejg3vy/test-full-chain-CA.pem partial_chain 282s + check_certificate /tmp/sssd-softhsm2-ejg3vy/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-30035 /tmp/sssd-softhsm2-ejg3vy/test-full-chain-CA.pem partial_chain 282s + local certificate=/tmp/sssd-softhsm2-ejg3vy/test-root-CA-trusted-certificate-0001.pem 282s + local key_pass=pass:random-root-ca-trusted-cert-0001-30035 282s + local key_ring=/tmp/sssd-softhsm2-ejg3vy/test-full-chain-CA.pem 282s + local verify_option=partial_chain 282s + prepare_softhsm2_card /tmp/sssd-softhsm2-ejg3vy/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-30035 282s + local certificate=/tmp/sssd-softhsm2-ejg3vy/test-root-CA-trusted-certificate-0001.pem 282s + local key_pass=pass:random-root-ca-trusted-cert-0001-30035 282s + local key_cn 282s + local key_name 282s + local tokens_dir 282s + local output_cert_file 282s + token_name= 282s ++ basename /tmp/sssd-softhsm2-ejg3vy/test-root-CA-trusted-certificate-0001.pem .pem 282s + key_name=test-root-CA-trusted-certificate-0001 282s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-ejg3vy/test-root-CA-trusted-certificate-0001.pem 282s ++ sed -n 's/ *commonName *= //p' 282s + key_cn='Test Organization Root Trusted Certificate 0001' 282s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 282s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-ejg3vy/softhsm2-test-root-CA-trusted-certificate-0001.conf 282s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-ejg3vy/softhsm2-test-root-CA-trusted-certificate-0001.conf 282s ++ basename /tmp/sssd-softhsm2-ejg3vy/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 282s + tokens_dir=/tmp/sssd-softhsm2-ejg3vy/softhsm2-test-root-CA-trusted-certificate-0001 282s + token_name='Test Organization Root Tr Token' 282s + '[' '!' -e /tmp/sssd-softhsm2-ejg3vy/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 282s + '[' '!' -d /tmp/sssd-softhsm2-ejg3vy/softhsm2-test-root-CA-trusted-certificate-0001 ']' 282s + echo 'Test Organization Root Tr Token' 282s Test Organization Root Tr Token 282s + '[' -n partial_chain ']' 282s + local verify_arg=--verify=partial_chain 282s + local output_base_name=SSSD-child-21522 282s + local output_file=/tmp/sssd-softhsm2-ejg3vy/SSSD-child-21522.output 282s + output_cert_file=/tmp/sssd-softhsm2-ejg3vy/SSSD-child-21522.pem 282s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-ejg3vy/test-full-chain-CA.pem 282s [p11_child[3240]] [main] (0x0400): p11_child started. 282s [p11_child[3240]] [main] (0x2000): Running in [pre-auth] mode. 282s [p11_child[3240]] [main] (0x2000): Running with effective IDs: [0][0]. 282s [p11_child[3240]] [main] (0x2000): Running with real IDs [0][0]. 282s [p11_child[3240]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 282s [p11_child[3240]] [do_card] (0x4000): Module List: 282s [p11_child[3240]] [do_card] (0x4000): common name: [softhsm2]. 282s [p11_child[3240]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 282s [p11_child[3240]] [do_card] (0x4000): Description [SoftHSM slot ID 0x2af9ecdd] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 282s [p11_child[3240]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 282s [p11_child[3240]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x2af9ecdd][721022173] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 282s [p11_child[3240]] [do_card] (0x4000): Login NOT required. 282s [p11_child[3240]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 282s [p11_child[3240]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 282s [p11_child[3240]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Root Tr Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 282s [p11_child[3240]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x2af9ecdd;slot-manufacturer=SoftHSM%20project;slot-id=721022173;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=6aa493732af9ecdd;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 282s [p11_child[3240]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 282s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-ejg3vy/SSSD-child-21522.output 282s + echo '-----BEGIN CERTIFICATE-----' 282s + tail -n1 /tmp/sssd-softhsm2-ejg3vy/SSSD-child-21522.output 282s + echo '-----END CERTIFICATE-----' 282s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-ejg3vy/SSSD-child-21522.pem 282s Certificate: 282s Data: 282s Version: 3 (0x2) 282s Serial Number: 3 (0x3) 282s Signature Algorithm: sha256WithRSAEncryption 282s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 282s Validity 282s Not Before: Jun 14 17:05:38 2024 GMT 282s Not After : Jun 14 17:05:38 2025 GMT 282s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 282s Subject Public Key Info: 282s Public Key Algorithm: rsaEncryption 282s Public-Key: (1024 bit) 282s Modulus: 282s 00:c4:34:f6:0b:ac:73:68:02:8a:fa:6b:50:57:af: 282s ce:49:98:89:54:20:6f:ee:57:44:b9:23:ce:59:e2: 282s 6d:72:b8:b7:c6:16:27:1d:87:b4:8d:fe:5d:2d:10: 282s b4:ce:ec:9a:00:9c:0b:53:61:6d:b4:6b:fb:7a:bd: 282s 97:08:d0:39:e1:a9:44:f1:ee:08:e5:b3:ef:93:8a: 282s ae:24:df:47:4a:1d:5c:21:9e:e4:fd:19:13:c5:53: 282s 0d:d8:0d:33:e7:42:ae:f6:00:8b:07:2a:ce:b3:86: 282s ee:73:cc:b3:7f:37:73:29:7b:b4:11:f5:5d:98:43: 282s 98:90:90:36:e9:b6:c0:78:17 282s Exponent: 65537 (0x10001) 282s X509v3 extensions: 282s X509v3 Authority Key Identifier: 282s 95:F2:FA:D5:DE:25:EA:7C:77:C1:BB:C3:F5:B9:90:01:98:E0:94:D5 282s X509v3 Basic Constraints: 282s CA:FALSE 282s Netscape Cert Type: 282s SSL Client, S/MIME 282s Netscape Comment: 282s Test Organization Root CA trusted Certificate 282s X509v3 Subject Key Identifier: 282s C6:02:35:4F:5D:6F:CF:22:9D:D3:E0:A8:6E:75:1E:EF:EC:2B:76:6B 282s X509v3 Key Usage: critical 282s Digital Signature, Non Repudiation, Key Encipherment 282s X509v3 Extended Key Usage: 282s TLS Web Client Authentication, E-mail Protection 282s X509v3 Subject Alternative Name: 282s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 282s Signature Algorithm: sha256WithRSAEncryption 282s Signature Value: 282s 7b:3d:76:e5:41:2e:a1:b9:c8:1c:a3:b2:36:c0:97:d4:5c:99: 282s 73:d3:29:53:16:ee:86:51:e5:05:65:93:62:1e:7e:8c:3f:7e: 282s 6e:cd:97:2f:61:1b:83:0f:51:6c:90:48:ad:01:62:fb:ca:3d: 282s c1:0e:91:52:d8:58:de:88:fd:72:14:e7:df:13:c6:1c:74:7e: 282s ba:8a:ea:c7:fb:97:b7:c1:35:ea:fe:20:54:83:20:ce:54:0f: 282s c3:c4:24:46:77:b5:5e:e1:ad:dd:8e:28:c9:23:48:dd:f1:aa: 282s ca:bf:bb:c7:3d:dc:e8:ae:af:c4:54:77:06:e6:f2:ce:69:e3: 282s 5b:c2 282s + local found_md5 expected_md5 282s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-ejg3vy/test-root-CA-trusted-certificate-0001.pem 282s + expected_md5=Modulus=C434F60BAC7368028AFA6B5057AFCE49988954206FEE5744B923CE59E26D72B8B7C616271D87B48DFE5D2D10B4CEEC9A009C0B53616DB46BFB7ABD9708D039E1A944F1EE08E5B3EF938AAE24DF474A1D5C219EE4FD1913C5530DD80D33E742AEF6008B072ACEB386EE73CCB37F3773297BB411F55D984398909036E9B6C07817 282s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-ejg3vy/SSSD-child-21522.pem 282s + found_md5=Modulus=C434F60BAC7368028AFA6B5057AFCE49988954206FEE5744B923CE59E26D72B8B7C616271D87B48DFE5D2D10B4CEEC9A009C0B53616DB46BFB7ABD9708D039E1A944F1EE08E5B3EF938AAE24DF474A1D5C219EE4FD1913C5530DD80D33E742AEF6008B072ACEB386EE73CCB37F3773297BB411F55D984398909036E9B6C07817 282s + '[' Modulus=C434F60BAC7368028AFA6B5057AFCE49988954206FEE5744B923CE59E26D72B8B7C616271D87B48DFE5D2D10B4CEEC9A009C0B53616DB46BFB7ABD9708D039E1A944F1EE08E5B3EF938AAE24DF474A1D5C219EE4FD1913C5530DD80D33E742AEF6008B072ACEB386EE73CCB37F3773297BB411F55D984398909036E9B6C07817 '!=' Modulus=C434F60BAC7368028AFA6B5057AFCE49988954206FEE5744B923CE59E26D72B8B7C616271D87B48DFE5D2D10B4CEEC9A009C0B53616DB46BFB7ABD9708D039E1A944F1EE08E5B3EF938AAE24DF474A1D5C219EE4FD1913C5530DD80D33E742AEF6008B072ACEB386EE73CCB37F3773297BB411F55D984398909036E9B6C07817 ']' 282s + output_file=/tmp/sssd-softhsm2-ejg3vy/SSSD-child-21522-auth.output 282s ++ basename /tmp/sssd-softhsm2-ejg3vy/SSSD-child-21522-auth.output .output 282s + output_cert_file=/tmp/sssd-softhsm2-ejg3vy/SSSD-child-21522-auth.pem 282s + echo -n 053350 282s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-ejg3vy/test-full-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Root Tr Token' --module_name /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so 282s [p11_child[3248]] [main] (0x0400): p11_child started. 282s [p11_child[3248]] [main] (0x2000): Running in [auth] mode. 282s [p11_child[3248]] [main] (0x2000): Running with effective IDs: [0][0]. 282s [p11_child[3248]] [main] (0x2000): Running with real IDs [0][0]. 282s [p11_child[3248]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 282s [p11_child[3248]] [do_card] (0x4000): Module List: 282s [p11_child[3248]] [do_card] (0x4000): common name: [softhsm2]. 282s [p11_child[3248]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 282s [p11_child[3248]] [do_card] (0x4000): Description [SoftHSM slot ID 0x2af9ecdd] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 282s [p11_child[3248]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 282s [p11_child[3248]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x2af9ecdd][721022173] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 282s [p11_child[3248]] [do_card] (0x4000): Login required. 282s [p11_child[3248]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 282s [p11_child[3248]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 282s [p11_child[3248]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so Test Organization Root Tr Token Test Organization Root Tr Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 282s [p11_child[3248]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x2af9ecdd;slot-manufacturer=SoftHSM%20project;slot-id=721022173;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=6aa493732af9ecdd;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 282s [p11_child[3248]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 282s [p11_child[3248]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 282s [p11_child[3248]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 282s [p11_child[3248]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 282s [p11_child[3248]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 282s [p11_child[3248]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 282s [p11_child[3248]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 282s [p11_child[3248]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 282s [p11_child[3248]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 282s [p11_child[3248]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 282s [p11_child[3248]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 282s [p11_child[3248]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 282s [p11_child[3248]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 282s [p11_child[3248]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 282s [p11_child[3248]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 282s [p11_child[3248]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 282s [p11_child[3248]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 282s [p11_child[3248]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 282s [p11_child[3248]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 282s [p11_child[3248]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 282s [p11_child[3248]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 282s [p11_child[3248]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 282s [p11_child[3248]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 282s [p11_child[3248]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 282s [p11_child[3248]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 282s [p11_child[3248]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 282s [p11_child[3248]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 282s [p11_child[3248]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 282s [p11_child[3248]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 282s [p11_child[3248]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 282s [p11_child[3248]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 282s [p11_child[3248]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 282s [p11_child[3248]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 282s [p11_child[3248]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 282s [p11_child[3248]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 282s [p11_child[3248]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 282s [p11_child[3248]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 282s [p11_child[3248]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 282s [p11_child[3248]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 282s [p11_child[3248]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 282s [p11_child[3248]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 282s [p11_child[3248]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 282s [p11_child[3248]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 282s [p11_child[3248]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 282s [p11_child[3248]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 282s [p11_child[3248]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 282s [p11_child[3248]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 282s [p11_child[3248]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 282s [p11_child[3248]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 282s [p11_child[3248]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 282s [p11_child[3248]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 282s [p11_child[3248]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 282s [p11_child[3248]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 282s [p11_child[3248]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 282s [p11_child[3248]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 282s [p11_child[3248]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 282s [p11_child[3248]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 282s [p11_child[3248]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 282s [p11_child[3248]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 282s [p11_child[3248]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 282s [p11_child[3248]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 282s [p11_child[3248]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 282s [p11_child[3248]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 282s [p11_child[3248]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 282s [p11_child[3248]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 282s [p11_child[3248]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 282s [p11_child[3248]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 282s [p11_child[3248]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 282s [p11_child[3248]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 282s [p11_child[3248]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 282s [p11_child[3248]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 282s [p11_child[3248]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 282s [p11_child[3248]] [do_card] (0x4000): Certificate verified and validated. 282s [p11_child[3248]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 282s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-ejg3vy/SSSD-child-21522-auth.output 282s + echo '-----BEGIN CERTIFICATE-----' 282s + tail -n1 /tmp/sssd-softhsm2-ejg3vy/SSSD-child-21522-auth.output 282s + echo '-----END CERTIFICATE-----' 282s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-ejg3vy/SSSD-child-21522-auth.pem 282s Certificate: 282s Data: 282s Version: 3 (0x2) 282s Serial Number: 3 (0x3) 282s Signature Algorithm: sha256WithRSAEncryption 282s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 282s Validity 282s Not Before: Jun 14 17:05:38 2024 GMT 282s Not After : Jun 14 17:05:38 2025 GMT 282s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 282s Subject Public Key Info: 282s Public Key Algorithm: rsaEncryption 282s Public-Key: (1024 bit) 282s Modulus: 282s 00:c4:34:f6:0b:ac:73:68:02:8a:fa:6b:50:57:af: 282s ce:49:98:89:54:20:6f:ee:57:44:b9:23:ce:59:e2: 282s 6d:72:b8:b7:c6:16:27:1d:87:b4:8d:fe:5d:2d:10: 282s b4:ce:ec:9a:00:9c:0b:53:61:6d:b4:6b:fb:7a:bd: 282s 97:08:d0:39:e1:a9:44:f1:ee:08:e5:b3:ef:93:8a: 282s ae:24:df:47:4a:1d:5c:21:9e:e4:fd:19:13:c5:53: 282s 0d:d8:0d:33:e7:42:ae:f6:00:8b:07:2a:ce:b3:86: 282s ee:73:cc:b3:7f:37:73:29:7b:b4:11:f5:5d:98:43: 282s 98:90:90:36:e9:b6:c0:78:17 282s Exponent: 65537 (0x10001) 282s X509v3 extensions: 282s X509v3 Authority Key Identifier: 282s 95:F2:FA:D5:DE:25:EA:7C:77:C1:BB:C3:F5:B9:90:01:98:E0:94:D5 282s X509v3 Basic Constraints: 282s CA:FALSE 282s Netscape Cert Type: 282s SSL Client, S/MIME 282s Netscape Comment: 282s Test Organization Root CA trusted Certificate 282s X509v3 Subject Key Identifier: 282s C6:02:35:4F:5D:6F:CF:22:9D:D3:E0:A8:6E:75:1E:EF:EC:2B:76:6B 282s X509v3 Key Usage: critical 282s Digital Signature, Non Repudiation, Key Encipherment 282s X509v3 Extended Key Usage: 282s TLS Web Client Authentication, E-mail Protection 282s X509v3 Subject Alternative Name: 282s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 282s Signature Algorithm: sha256WithRSAEncryption 282s Signature Value: 282s 7b:3d:76:e5:41:2e:a1:b9:c8:1c:a3:b2:36:c0:97:d4:5c:99: 282s 73:d3:29:53:16:ee:86:51:e5:05:65:93:62:1e:7e:8c:3f:7e: 282s 6e:cd:97:2f:61:1b:83:0f:51:6c:90:48:ad:01:62:fb:ca:3d: 282s c1:0e:91:52:d8:58:de:88:fd:72:14:e7:df:13:c6:1c:74:7e: 282s ba:8a:ea:c7:fb:97:b7:c1:35:ea:fe:20:54:83:20:ce:54:0f: 282s c3:c4:24:46:77:b5:5e:e1:ad:dd:8e:28:c9:23:48:dd:f1:aa: 282s ca:bf:bb:c7:3d:dc:e8:ae:af:c4:54:77:06:e6:f2:ce:69:e3: 282s 5b:c2 282s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-ejg3vy/SSSD-child-21522-auth.pem 282s + found_md5=Modulus=C434F60BAC7368028AFA6B5057AFCE49988954206FEE5744B923CE59E26D72B8B7C616271D87B48DFE5D2D10B4CEEC9A009C0B53616DB46BFB7ABD9708D039E1A944F1EE08E5B3EF938AAE24DF474A1D5C219EE4FD1913C5530DD80D33E742AEF6008B072ACEB386EE73CCB37F3773297BB411F55D984398909036E9B6C07817 282s + '[' Modulus=C434F60BAC7368028AFA6B5057AFCE49988954206FEE5744B923CE59E26D72B8B7C616271D87B48DFE5D2D10B4CEEC9A009C0B53616DB46BFB7ABD9708D039E1A944F1EE08E5B3EF938AAE24DF474A1D5C219EE4FD1913C5530DD80D33E742AEF6008B072ACEB386EE73CCB37F3773297BB411F55D984398909036E9B6C07817 '!=' Modulus=C434F60BAC7368028AFA6B5057AFCE49988954206FEE5744B923CE59E26D72B8B7C616271D87B48DFE5D2D10B4CEEC9A009C0B53616DB46BFB7ABD9708D039E1A944F1EE08E5B3EF938AAE24DF474A1D5C219EE4FD1913C5530DD80D33E742AEF6008B072ACEB386EE73CCB37F3773297BB411F55D984398909036E9B6C07817 ']' 282s + invalid_certificate /tmp/sssd-softhsm2-ejg3vy/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-30035 /tmp/sssd-softhsm2-ejg3vy/test-intermediate-CA.pem 282s + check_certificate /tmp/sssd-softhsm2-ejg3vy/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-30035 /tmp/sssd-softhsm2-ejg3vy/test-intermediate-CA.pem 282s + local certificate=/tmp/sssd-softhsm2-ejg3vy/test-root-CA-trusted-certificate-0001.pem 282s + local key_pass=pass:random-root-ca-trusted-cert-0001-30035 282s + local key_ring=/tmp/sssd-softhsm2-ejg3vy/test-intermediate-CA.pem 282s + local verify_option= 282s + prepare_softhsm2_card /tmp/sssd-softhsm2-ejg3vy/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-30035 282s + local certificate=/tmp/sssd-softhsm2-ejg3vy/test-root-CA-trusted-certificate-0001.pem 282s + local key_pass=pass:random-root-ca-trusted-cert-0001-30035 282s + local key_cn 282s + local key_name 282s + local tokens_dir 282s + local output_cert_file 282s + token_name= 282s ++ basename /tmp/sssd-softhsm2-ejg3vy/test-root-CA-trusted-certificate-0001.pem .pem 282s + key_name=test-root-CA-trusted-certificate-0001 282s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-ejg3vy/test-root-CA-trusted-certificate-0001.pem 282s ++ sed -n 's/ *commonName *= //p' 283s + key_cn='Test Organization Root Trusted Certificate 0001' 283s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 283s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-ejg3vy/softhsm2-test-root-CA-trusted-certificate-0001.conf 283s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-ejg3vy/softhsm2-test-root-CA-trusted-certificate-0001.conf 283s ++ basename /tmp/sssd-softhsm2-ejg3vy/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 283s + tokens_dir=/tmp/sssd-softhsm2-ejg3vy/softhsm2-test-root-CA-trusted-certificate-0001 283s + token_name='Test Organization Root Tr Token' 283s + '[' '!' -e /tmp/sssd-softhsm2-ejg3vy/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 283s + '[' '!' -d /tmp/sssd-softhsm2-ejg3vy/softhsm2-test-root-CA-trusted-certificate-0001 ']' 283s + echo 'Test Organization Root Tr Token' 283s + '[' -n '' ']' 283s Test Organization Root Tr Token 283s + local output_base_name=SSSD-child-11420 283s + local output_file=/tmp/sssd-softhsm2-ejg3vy/SSSD-child-11420.output 283s + output_cert_file=/tmp/sssd-softhsm2-ejg3vy/SSSD-child-11420.pem 283s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-ejg3vy/test-intermediate-CA.pem 283s [p11_child[3258]] [main] (0x0400): p11_child started. 283s [p11_child[3258]] [main] (0x2000): Running in [pre-auth] mode. 283s [p11_child[3258]] [main] (0x2000): Running with effective IDs: [0][0]. 283s [p11_child[3258]] [main] (0x2000): Running with real IDs [0][0]. 283s [p11_child[3258]] [do_card] (0x4000): Module List: 283s [p11_child[3258]] [do_card] (0x4000): common name: [softhsm2]. 283s [p11_child[3258]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 283s [p11_child[3258]] [do_card] (0x4000): Description [SoftHSM slot ID 0x2af9ecdd] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 283s [p11_child[3258]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 283s [p11_child[3258]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x2af9ecdd][721022173] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 283s [p11_child[3258]] [do_card] (0x4000): Login NOT required. 283s [p11_child[3258]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 283s [p11_child[3258]] [do_verification] (0x0040): X509_verify_cert failed [0]. 283s [p11_child[3258]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 283s [p11_child[3258]] [read_certs] (0x0040): Certificate [Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] not valid, skipping. 283s [p11_child[3258]] [do_card] (0x4000): No certificate found. 283s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-ejg3vy/SSSD-child-11420.output 283s + return 2 283s + invalid_certificate /tmp/sssd-softhsm2-ejg3vy/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-30035 /tmp/sssd-softhsm2-ejg3vy/test-intermediate-CA.pem partial_chain 283s + check_certificate /tmp/sssd-softhsm2-ejg3vy/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-30035 /tmp/sssd-softhsm2-ejg3vy/test-intermediate-CA.pem partial_chain 283s + local certificate=/tmp/sssd-softhsm2-ejg3vy/test-root-CA-trusted-certificate-0001.pem 283s + local key_pass=pass:random-root-ca-trusted-cert-0001-30035 283s + local key_ring=/tmp/sssd-softhsm2-ejg3vy/test-intermediate-CA.pem 283s + local verify_option=partial_chain 283s + prepare_softhsm2_card /tmp/sssd-softhsm2-ejg3vy/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-30035 283s + local certificate=/tmp/sssd-softhsm2-ejg3vy/test-root-CA-trusted-certificate-0001.pem 283s + local key_pass=pass:random-root-ca-trusted-cert-0001-30035 283s + local key_cn 283s + local key_name 283s + local tokens_dir 283s + local output_cert_file 283s + token_name= 283s ++ basename /tmp/sssd-softhsm2-ejg3vy/test-root-CA-trusted-certificate-0001.pem .pem 283s + key_name=test-root-CA-trusted-certificate-0001 283s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-ejg3vy/test-root-CA-trusted-certificate-0001.pem 283s ++ sed -n 's/ *commonName *= //p' 283s + key_cn='Test Organization Root Trusted Certificate 0001' 283s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 283s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-ejg3vy/softhsm2-test-root-CA-trusted-certificate-0001.conf 283s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-ejg3vy/softhsm2-test-root-CA-trusted-certificate-0001.conf 283s ++ basename /tmp/sssd-softhsm2-ejg3vy/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 283s + tokens_dir=/tmp/sssd-softhsm2-ejg3vy/softhsm2-test-root-CA-trusted-certificate-0001 283s + token_name='Test Organization Root Tr Token' 283s + '[' '!' -e /tmp/sssd-softhsm2-ejg3vy/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 283s + '[' '!' -d /tmp/sssd-softhsm2-ejg3vy/softhsm2-test-root-CA-trusted-certificate-0001 ']' 283s + echo 'Test Organization Root Tr Token' 283s + '[' -n partial_chain ']' 283s + local verify_arg=--verify=partial_chain 283s + local output_base_name=SSSD-child-31575 283s + local output_file=/tmp/sssd-softhsm2-ejg3vy/SSSD-child-31575.output 283s + output_cert_file=/tmp/sssd-softhsm2-ejg3vy/SSSD-child-31575.pem 283s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-ejg3vy/test-intermediate-CA.pem 283s Test Organization Root Tr Token 283s [p11_child[3265]] [main] (0x0400): p11_child started. 283s [p11_child[3265]] [main] (0x2000): Running in [pre-auth] mode. 283s [p11_child[3265]] [main] (0x2000): Running with effective IDs: [0][0]. 283s [p11_child[3265]] [main] (0x2000): Running with real IDs [0][0]. 283s [p11_child[3265]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 283s [p11_child[3265]] [do_card] (0x4000): Module List: 283s [p11_child[3265]] [do_card] (0x4000): common name: [softhsm2]. 283s [p11_child[3265]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 283s [p11_child[3265]] [do_card] (0x4000): Description [SoftHSM slot ID 0x2af9ecdd] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 283s [p11_child[3265]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 283s [p11_child[3265]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x2af9ecdd][721022173] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 283s [p11_child[3265]] [do_card] (0x4000): Login NOT required. 283s [p11_child[3265]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 283s [p11_child[3265]] [do_verification] (0x0040): X509_verify_cert failed [0]. 283s [p11_child[3265]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 283s [p11_child[3265]] [read_certs] (0x0040): Certificate [Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] not valid, skipping. 283s [p11_child[3265]] [do_card] (0x4000): No certificate found. 283s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-ejg3vy/SSSD-child-31575.output 283s + return 2 283s + invalid_certificate /tmp/sssd-softhsm2-ejg3vy/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-29806 /dev/null 283s + check_certificate /tmp/sssd-softhsm2-ejg3vy/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-29806 /dev/null 283s + local certificate=/tmp/sssd-softhsm2-ejg3vy/test-intermediate-CA-trusted-certificate-0001.pem 283s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-29806 283s + local key_ring=/dev/null 283s + local verify_option= 283s + prepare_softhsm2_card /tmp/sssd-softhsm2-ejg3vy/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-29806 283s + local certificate=/tmp/sssd-softhsm2-ejg3vy/test-intermediate-CA-trusted-certificate-0001.pem 283s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-29806 283s + local key_cn 283s + local key_name 283s + local tokens_dir 283s + local output_cert_file 283s + token_name= 283s ++ basename /tmp/sssd-softhsm2-ejg3vy/test-intermediate-CA-trusted-certificate-0001.pem .pem 283s + key_name=test-intermediate-CA-trusted-certificate-0001 283s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-ejg3vy/test-intermediate-CA-trusted-certificate-0001.pem 283s ++ sed -n 's/ *commonName *= //p' 283s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 283s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 283s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-ejg3vy/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 283s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-ejg3vy/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 283s ++ basename /tmp/sssd-softhsm2-ejg3vy/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 283s + tokens_dir=/tmp/sssd-softhsm2-ejg3vy/softhsm2-test-intermediate-CA-trusted-certificate-0001 283s + token_name='Test Organization Interme Token' 283s + '[' '!' -e /tmp/sssd-softhsm2-ejg3vy/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 283s + local key_file 283s + local decrypted_key 283s + mkdir -p /tmp/sssd-softhsm2-ejg3vy/softhsm2-test-intermediate-CA-trusted-certificate-0001 283s + key_file=/tmp/sssd-softhsm2-ejg3vy/test-intermediate-CA-trusted-certificate-0001-key.pem 283s + decrypted_key=/tmp/sssd-softhsm2-ejg3vy/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 283s + cat 283s + softhsm2-util --init-token --label 'Test Organization Interme Token' --pin 053350 --so-pin 053350 --free 283s + softhsm2-util --show-slots 283s Slot 0 has a free/uninitialized token. 283s The token has been initialized and is reassigned to slot 908140947 283s Available slots: 283s Slot 908140947 283s Slot info: 283s Description: SoftHSM slot ID 0x36212193 283s Manufacturer ID: SoftHSM project 283s Hardware version: 2.6 283s Firmware version: 2.6 283s Token present: yes 283s Token info: 283s Manufacturer ID: SoftHSM project 283s Model: SoftHSM v2 283s Hardware version: 2.6 283s Firmware version: 2.6 283s Serial number: f33046dbb6212193 283s Initialized: yes 283s User PIN init.: yes 283s Label: Test Organization Interme Token 283s Slot 1 283s Slot info: 283s Description: SoftHSM slot ID 0x1 283s Manufacturer ID: SoftHSM project 283s Hardware version: 2.6 283s Firmware version: 2.6 283s Token present: yes 283s Token info: 283s Manufacturer ID: SoftHSM project 283s Model: SoftHSM v2 283s Hardware version: 2.6 283s Firmware version: 2.6 283s Serial number: 283s Initialized: no 283s User PIN init.: no 283s Label: 283s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=/tmp/sssd-softhsm2-ejg3vy/test-intermediate-CA-trusted-certificate-0001.pem --login --set-pin=053350 --label 'Test Organization Intermediate Trusted Certificate 0001' --id 00112233445566778899FFAABBCCDDEEFF012345 283s + openssl rsa -passin pass:random-intermediate-ca-trusted-cert-0001-29806 -in /tmp/sssd-softhsm2-ejg3vy/test-intermediate-CA-trusted-certificate-0001-key.pem -out /tmp/sssd-softhsm2-ejg3vy/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 283s writing RSA key 283s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --write --load-privkey=/tmp/sssd-softhsm2-ejg3vy/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem --login --set-pin=053350 --label 'Test Organization Intermediate Trusted Certificate 0001 Key' --id 00112233445566778899FFAABBCCDDEEFF012345 283s + rm /tmp/sssd-softhsm2-ejg3vy/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 283s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --list-all 283s Object 0: 283s URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=f33046dbb6212193;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert 283s Type: X.509 Certificate (RSA-1024) 283s Expires: Sat Jun 14 17:05:38 2025 283s Label: Test Organization Intermediate Trusted Certificate 0001 283s ID: 00:11:22:33:44:55:66:77:88:99:ff:aa:bb:cc:dd:ee:ff:01:23:45 283s 283s Test Organization Interme Token 283s + echo 'Test Organization Interme Token' 283s + '[' -n '' ']' 283s + local output_base_name=SSSD-child-2301 283s + local output_file=/tmp/sssd-softhsm2-ejg3vy/SSSD-child-2301.output 283s + output_cert_file=/tmp/sssd-softhsm2-ejg3vy/SSSD-child-2301.pem 283s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/dev/null 283s [p11_child[3281]] [main] (0x0400): p11_child started. 283s [p11_child[3281]] [main] (0x2000): Running in [pre-auth] mode. 283s [p11_child[3281]] [main] (0x2000): Running with effective IDs: [0][0]. 283s [p11_child[3281]] [main] (0x2000): Running with real IDs [0][0]. 283s [p11_child[3281]] [init_verification] (0x0040): X509_LOOKUP_load_file [/dev/null] failed [92274824][error:05800088:x509 certificate routines::no certificate or crl found]. 283s [p11_child[3281]] [do_work] (0x0040): init_verification failed. 283s [p11_child[3281]] [main] (0x0020): p11_child failed (5) 283s + return 2 283s + valid_certificate /tmp/sssd-softhsm2-ejg3vy/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-29806 /dev/null no_verification 283s + check_certificate /tmp/sssd-softhsm2-ejg3vy/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-29806 /dev/null no_verification 283s + local certificate=/tmp/sssd-softhsm2-ejg3vy/test-intermediate-CA-trusted-certificate-0001.pem 283s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-29806 283s + local key_ring=/dev/null 283s + local verify_option=no_verification 283s + prepare_softhsm2_card /tmp/sssd-softhsm2-ejg3vy/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-29806 283s + local certificate=/tmp/sssd-softhsm2-ejg3vy/test-intermediate-CA-trusted-certificate-0001.pem 283s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-29806 283s + local key_cn 283s + local key_name 283s + local tokens_dir 283s + local output_cert_file 283s + token_name= 283s ++ basename /tmp/sssd-softhsm2-ejg3vy/test-intermediate-CA-trusted-certificate-0001.pem .pem 283s + key_name=test-intermediate-CA-trusted-certificate-0001 283s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-ejg3vy/test-intermediate-CA-trusted-certificate-0001.pem 283s ++ sed -n 's/ *commonName *= //p' 283s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 283s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 283s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-ejg3vy/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 283s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-ejg3vy/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 283s ++ basename /tmp/sssd-softhsm2-ejg3vy/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 283s + tokens_dir=/tmp/sssd-softhsm2-ejg3vy/softhsm2-test-intermediate-CA-trusted-certificate-0001 283s + token_name='Test Organization Interme Token' 283s + '[' '!' -e /tmp/sssd-softhsm2-ejg3vy/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 283s + '[' '!' -d /tmp/sssd-softhsm2-ejg3vy/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 283s + echo 'Test Organization Interme Token' 283s + '[' -n no_verification ']' 283s + local verify_arg=--verify=no_verification 283s + local output_base_name=SSSD-child-18176 283s + local output_file=/tmp/sssd-softhsm2-ejg3vy/SSSD-child-18176.output 283s + output_cert_file=/tmp/sssd-softhsm2-ejg3vy/SSSD-child-18176.pem 283s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --verify=no_verification --ca_db=/dev/null 283s Test Organization Interme Token 283s [p11_child[3287]] [main] (0x0400): p11_child started. 283s [p11_child[3287]] [main] (0x2000): Running in [pre-auth] mode. 283s [p11_child[3287]] [main] (0x2000): Running with effective IDs: [0][0]. 283s [p11_child[3287]] [main] (0x2000): Running with real IDs [0][0]. 283s [p11_child[3287]] [parse_cert_verify_opts] (0x0020): Found 'no_verification' option, disabling verification completely. This should not be used in production. 283s [p11_child[3287]] [do_card] (0x4000): Module List: 283s [p11_child[3287]] [do_card] (0x4000): common name: [softhsm2]. 283s [p11_child[3287]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 283s [p11_child[3287]] [do_card] (0x4000): Description [SoftHSM slot ID 0x36212193] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 283s [p11_child[3287]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 283s [p11_child[3287]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x36212193][908140947] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 283s [p11_child[3287]] [do_card] (0x4000): Login NOT required. 283s [p11_child[3287]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 283s [p11_child[3287]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Interme Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 283s [p11_child[3287]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x36212193;slot-manufacturer=SoftHSM%20project;slot-id=908140947;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=f33046dbb6212193;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 283s [p11_child[3287]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 283s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-ejg3vy/SSSD-child-18176.output 283s + echo '-----BEGIN CERTIFICATE-----' 283s + tail -n1 /tmp/sssd-softhsm2-ejg3vy/SSSD-child-18176.output 283s + echo '-----END CERTIFICATE-----' 283s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-ejg3vy/SSSD-child-18176.pem 283s Certificate: 283s Data: 283s Version: 3 (0x2) 283s Serial Number: 4 (0x4) 283s Signature Algorithm: sha256WithRSAEncryption 283s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 283s Validity 283s Not Before: Jun 14 17:05:38 2024 GMT 283s Not After : Jun 14 17:05:38 2025 GMT 283s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 283s Subject Public Key Info: 283s Public Key Algorithm: rsaEncryption 283s Public-Key: (1024 bit) 283s Modulus: 283s 00:f0:4a:cd:6d:eb:24:a8:20:ef:98:c1:ee:05:b8: 283s b1:fc:6f:f9:88:c8:62:62:97:ca:ee:6f:4f:67:34: 283s 98:fe:6a:70:cd:57:fe:15:23:18:c8:00:31:56:e3: 283s 1d:01:58:c9:85:50:7c:a4:cf:11:66:ce:05:28:5a: 283s 02:72:d1:30:c0:3d:33:48:a7:41:f6:b0:42:f1:07: 283s db:49:ce:18:5f:5b:f8:d2:6f:99:d8:2e:f1:a2:fb: 283s 65:04:4a:ed:ec:44:45:07:23:4b:2d:e4:16:6d:2b: 283s 4c:72:57:ab:44:fd:f9:ed:03:bb:d7:4b:08:60:c8: 283s 66:35:2b:0f:5b:73:23:aa:cf 283s Exponent: 65537 (0x10001) 283s X509v3 extensions: 283s X509v3 Authority Key Identifier: 283s 8A:28:25:6A:AA:3D:95:2F:7D:FE:42:B9:DF:3F:C1:25:C2:9B:DC:06 283s X509v3 Basic Constraints: 283s CA:FALSE 283s Netscape Cert Type: 283s SSL Client, S/MIME 283s Netscape Comment: 283s Test Organization Intermediate CA trusted Certificate 283s X509v3 Subject Key Identifier: 283s 79:83:81:DF:56:FE:E0:C3:D7:83:85:7D:39:D7:C6:5F:0F:04:F3:58 283s X509v3 Key Usage: critical 283s Digital Signature, Non Repudiation, Key Encipherment 283s X509v3 Extended Key Usage: 283s TLS Web Client Authentication, E-mail Protection 283s X509v3 Subject Alternative Name: 283s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 283s Signature Algorithm: sha256WithRSAEncryption 283s Signature Value: 283s c1:65:f8:58:45:7e:43:95:4a:dc:bf:f7:51:ac:42:cb:33:f8: 283s 83:11:ba:48:46:12:b2:a4:20:97:02:15:27:dc:e9:b1:45:02: 283s 2e:9e:bb:89:4b:89:b7:7c:92:89:11:4d:83:7e:8d:53:49:49: 283s 56:47:b4:6f:69:c2:a4:fa:01:41:7d:b2:26:1b:8c:5f:75:6c: 283s c9:e0:bc:46:dd:ef:16:fc:98:f9:7c:24:03:63:4f:ec:cc:98: 283s 82:bd:db:ab:59:61:8b:5e:0d:05:c7:77:b2:ba:3d:c6:b4:90: 283s c6:69:36:06:5a:bc:a1:49:a9:b6:cc:6e:d7:47:4f:05:74:5a: 283s 1c:ac 283s + local found_md5 expected_md5 283s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-ejg3vy/test-intermediate-CA-trusted-certificate-0001.pem 283s + expected_md5=Modulus=F04ACD6DEB24A820EF98C1EE05B8B1FC6FF988C8626297CAEE6F4F673498FE6A70CD57FE152318C8003156E31D0158C985507CA4CF1166CE05285A0272D130C03D3348A741F6B042F107DB49CE185F5BF8D26F99D82EF1A2FB65044AEDEC444507234B2DE4166D2B4C7257AB44FDF9ED03BBD74B0860C866352B0F5B7323AACF 283s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-ejg3vy/SSSD-child-18176.pem 283s + found_md5=Modulus=F04ACD6DEB24A820EF98C1EE05B8B1FC6FF988C8626297CAEE6F4F673498FE6A70CD57FE152318C8003156E31D0158C985507CA4CF1166CE05285A0272D130C03D3348A741F6B042F107DB49CE185F5BF8D26F99D82EF1A2FB65044AEDEC444507234B2DE4166D2B4C7257AB44FDF9ED03BBD74B0860C866352B0F5B7323AACF 283s + '[' Modulus=F04ACD6DEB24A820EF98C1EE05B8B1FC6FF988C8626297CAEE6F4F673498FE6A70CD57FE152318C8003156E31D0158C985507CA4CF1166CE05285A0272D130C03D3348A741F6B042F107DB49CE185F5BF8D26F99D82EF1A2FB65044AEDEC444507234B2DE4166D2B4C7257AB44FDF9ED03BBD74B0860C866352B0F5B7323AACF '!=' Modulus=F04ACD6DEB24A820EF98C1EE05B8B1FC6FF988C8626297CAEE6F4F673498FE6A70CD57FE152318C8003156E31D0158C985507CA4CF1166CE05285A0272D130C03D3348A741F6B042F107DB49CE185F5BF8D26F99D82EF1A2FB65044AEDEC444507234B2DE4166D2B4C7257AB44FDF9ED03BBD74B0860C866352B0F5B7323AACF ']' 283s + output_file=/tmp/sssd-softhsm2-ejg3vy/SSSD-child-18176-auth.output 283s ++ basename /tmp/sssd-softhsm2-ejg3vy/SSSD-child-18176-auth.output .output 283s + output_cert_file=/tmp/sssd-softhsm2-ejg3vy/SSSD-child-18176-auth.pem 283s + echo -n 053350 283s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/dev/null --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=no_verification --token_name 'Test Organization Interme Token' --module_name /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so 283s [p11_child[3295]] [main] (0x0400): p11_child started. 283s [p11_child[3295]] [main] (0x2000): Running in [auth] mode. 283s [p11_child[3295]] [main] (0x2000): Running with effective IDs: [0][0]. 283s [p11_child[3295]] [main] (0x2000): Running with real IDs [0][0]. 283s [p11_child[3295]] [parse_cert_verify_opts] (0x0020): Found 'no_verification' option, disabling verification completely. This should not be used in production. 283s [p11_child[3295]] [do_card] (0x4000): Module List: 283s [p11_child[3295]] [do_card] (0x4000): common name: [softhsm2]. 283s [p11_child[3295]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 283s [p11_child[3295]] [do_card] (0x4000): Description [SoftHSM slot ID 0x36212193] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 283s [p11_child[3295]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 283s [p11_child[3295]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x36212193][908140947] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 283s [p11_child[3295]] [do_card] (0x4000): Login required. 283s [p11_child[3295]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 283s [p11_child[3295]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so Test Organization Interme Token Test Organization Interme Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 283s [p11_child[3295]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x36212193;slot-manufacturer=SoftHSM%20project;slot-id=908140947;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=f33046dbb6212193;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 283s [p11_child[3295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 283s [p11_child[3295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 283s [p11_child[3295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 283s [p11_child[3295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 283s [p11_child[3295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 283s [p11_child[3295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 283s [p11_child[3295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 283s [p11_child[3295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 283s [p11_child[3295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 283s [p11_child[3295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 283s [p11_child[3295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 283s [p11_child[3295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 283s [p11_child[3295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 283s [p11_child[3295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 283s [p11_child[3295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 283s [p11_child[3295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 283s [p11_child[3295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 283s [p11_child[3295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 283s [p11_child[3295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 283s [p11_child[3295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 283s [p11_child[3295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 283s [p11_child[3295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 283s [p11_child[3295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 283s [p11_child[3295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 283s [p11_child[3295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 283s [p11_child[3295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 283s [p11_child[3295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 283s [p11_child[3295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 283s [p11_child[3295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 283s [p11_child[3295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 283s [p11_child[3295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 283s [p11_child[3295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 283s [p11_child[3295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 283s [p11_child[3295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 283s [p11_child[3295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 283s [p11_child[3295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 283s [p11_child[3295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 283s [p11_child[3295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 283s [p11_child[3295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 283s [p11_child[3295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 283s [p11_child[3295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 283s [p11_child[3295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 283s [p11_child[3295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 283s [p11_child[3295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 283s [p11_child[3295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 283s [p11_child[3295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 283s [p11_child[3295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 283s [p11_child[3295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 283s [p11_child[3295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 283s [p11_child[3295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 283s [p11_child[3295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 283s [p11_child[3295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 283s [p11_child[3295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 283s [p11_child[3295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 283s [p11_child[3295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 283s [p11_child[3295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 283s [p11_child[3295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 283s [p11_child[3295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 283s [p11_child[3295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 283s [p11_child[3295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 283s [p11_child[3295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 283s [p11_child[3295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 283s [p11_child[3295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 283s [p11_child[3295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 283s [p11_child[3295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 283s [p11_child[3295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 283s [p11_child[3295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 283s [p11_child[3295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 283s [p11_child[3295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 283s [p11_child[3295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 283s [p11_child[3295]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 283s [p11_child[3295]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 283s [p11_child[3295]] [do_card] (0x4000): Certificate verified and validated. 283s [p11_child[3295]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 283s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-ejg3vy/SSSD-child-18176-auth.output 283s + echo '-----BEGIN CERTIFICATE-----' 283s + tail -n1 /tmp/sssd-softhsm2-ejg3vy/SSSD-child-18176-auth.output 283s + echo '-----END CERTIFICATE-----' 283s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-ejg3vy/SSSD-child-18176-auth.pem 284s Certificate: 284s Data: 284s Version: 3 (0x2) 284s Serial Number: 4 (0x4) 284s Signature Algorithm: sha256WithRSAEncryption 284s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 284s Validity 284s Not Before: Jun 14 17:05:38 2024 GMT 284s Not After : Jun 14 17:05:38 2025 GMT 284s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 284s Subject Public Key Info: 284s Public Key Algorithm: rsaEncryption 284s Public-Key: (1024 bit) 284s Modulus: 284s 00:f0:4a:cd:6d:eb:24:a8:20:ef:98:c1:ee:05:b8: 284s b1:fc:6f:f9:88:c8:62:62:97:ca:ee:6f:4f:67:34: 284s 98:fe:6a:70:cd:57:fe:15:23:18:c8:00:31:56:e3: 284s 1d:01:58:c9:85:50:7c:a4:cf:11:66:ce:05:28:5a: 284s 02:72:d1:30:c0:3d:33:48:a7:41:f6:b0:42:f1:07: 284s db:49:ce:18:5f:5b:f8:d2:6f:99:d8:2e:f1:a2:fb: 284s 65:04:4a:ed:ec:44:45:07:23:4b:2d:e4:16:6d:2b: 284s 4c:72:57:ab:44:fd:f9:ed:03:bb:d7:4b:08:60:c8: 284s 66:35:2b:0f:5b:73:23:aa:cf 284s Exponent: 65537 (0x10001) 284s X509v3 extensions: 284s X509v3 Authority Key Identifier: 284s 8A:28:25:6A:AA:3D:95:2F:7D:FE:42:B9:DF:3F:C1:25:C2:9B:DC:06 284s X509v3 Basic Constraints: 284s CA:FALSE 284s Netscape Cert Type: 284s SSL Client, S/MIME 284s Netscape Comment: 284s Test Organization Intermediate CA trusted Certificate 284s X509v3 Subject Key Identifier: 284s 79:83:81:DF:56:FE:E0:C3:D7:83:85:7D:39:D7:C6:5F:0F:04:F3:58 284s X509v3 Key Usage: critical 284s Digital Signature, Non Repudiation, Key Encipherment 284s X509v3 Extended Key Usage: 284s TLS Web Client Authentication, E-mail Protection 284s X509v3 Subject Alternative Name: 284s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 284s Signature Algorithm: sha256WithRSAEncryption 284s Signature Value: 284s c1:65:f8:58:45:7e:43:95:4a:dc:bf:f7:51:ac:42:cb:33:f8: 284s 83:11:ba:48:46:12:b2:a4:20:97:02:15:27:dc:e9:b1:45:02: 284s 2e:9e:bb:89:4b:89:b7:7c:92:89:11:4d:83:7e:8d:53:49:49: 284s 56:47:b4:6f:69:c2:a4:fa:01:41:7d:b2:26:1b:8c:5f:75:6c: 284s c9:e0:bc:46:dd:ef:16:fc:98:f9:7c:24:03:63:4f:ec:cc:98: 284s 82:bd:db:ab:59:61:8b:5e:0d:05:c7:77:b2:ba:3d:c6:b4:90: 284s c6:69:36:06:5a:bc:a1:49:a9:b6:cc:6e:d7:47:4f:05:74:5a: 284s 1c:ac 284s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-ejg3vy/SSSD-child-18176-auth.pem 284s + found_md5=Modulus=F04ACD6DEB24A820EF98C1EE05B8B1FC6FF988C8626297CAEE6F4F673498FE6A70CD57FE152318C8003156E31D0158C985507CA4CF1166CE05285A0272D130C03D3348A741F6B042F107DB49CE185F5BF8D26F99D82EF1A2FB65044AEDEC444507234B2DE4166D2B4C7257AB44FDF9ED03BBD74B0860C866352B0F5B7323AACF 284s + '[' Modulus=F04ACD6DEB24A820EF98C1EE05B8B1FC6FF988C8626297CAEE6F4F673498FE6A70CD57FE152318C8003156E31D0158C985507CA4CF1166CE05285A0272D130C03D3348A741F6B042F107DB49CE185F5BF8D26F99D82EF1A2FB65044AEDEC444507234B2DE4166D2B4C7257AB44FDF9ED03BBD74B0860C866352B0F5B7323AACF '!=' Modulus=F04ACD6DEB24A820EF98C1EE05B8B1FC6FF988C8626297CAEE6F4F673498FE6A70CD57FE152318C8003156E31D0158C985507CA4CF1166CE05285A0272D130C03D3348A741F6B042F107DB49CE185F5BF8D26F99D82EF1A2FB65044AEDEC444507234B2DE4166D2B4C7257AB44FDF9ED03BBD74B0860C866352B0F5B7323AACF ']' 284s + invalid_certificate /tmp/sssd-softhsm2-ejg3vy/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-29806 /tmp/sssd-softhsm2-ejg3vy/test-root-CA.pem 284s + check_certificate /tmp/sssd-softhsm2-ejg3vy/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-29806 /tmp/sssd-softhsm2-ejg3vy/test-root-CA.pem 284s + local certificate=/tmp/sssd-softhsm2-ejg3vy/test-intermediate-CA-trusted-certificate-0001.pem 284s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-29806 284s + local key_ring=/tmp/sssd-softhsm2-ejg3vy/test-root-CA.pem 284s + local verify_option= 284s + prepare_softhsm2_card /tmp/sssd-softhsm2-ejg3vy/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-29806 284s + local certificate=/tmp/sssd-softhsm2-ejg3vy/test-intermediate-CA-trusted-certificate-0001.pem 284s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-29806 284s + local key_cn 284s + local key_name 284s + local tokens_dir 284s + local output_cert_file 284s + token_name= 284s ++ basename /tmp/sssd-softhsm2-ejg3vy/test-intermediate-CA-trusted-certificate-0001.pem .pem 284s + key_name=test-intermediate-CA-trusted-certificate-0001 284s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-ejg3vy/test-intermediate-CA-trusted-certificate-0001.pem 284s ++ sed -n 's/ *commonName *= //p' 284s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 284s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 284s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-ejg3vy/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 284s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-ejg3vy/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 284s ++ basename /tmp/sssd-softhsm2-ejg3vy/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 284s + tokens_dir=/tmp/sssd-softhsm2-ejg3vy/softhsm2-test-intermediate-CA-trusted-certificate-0001 284s + token_name='Test Organization Interme Token' 284s + '[' '!' -e /tmp/sssd-softhsm2-ejg3vy/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 284s + '[' '!' -d /tmp/sssd-softhsm2-ejg3vy/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 284s + echo 'Test Organization Interme Token' 284s + '[' -n '' ']' 284s + local output_base_name=SSSD-child-5693 284s + local output_file=/tmp/sssd-softhsm2-ejg3vy/SSSD-child-5693.output 284s + output_cert_file=/tmp/sssd-softhsm2-ejg3vy/SSSD-child-5693.pem 284s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-ejg3vy/test-root-CA.pem 284s Test Organization Interme Token 284s [p11_child[3305]] [main] (0x0400): p11_child started. 284s [p11_child[3305]] [main] (0x2000): Running in [pre-auth] mode. 284s [p11_child[3305]] [main] (0x2000): Running with effective IDs: [0][0]. 284s [p11_child[3305]] [main] (0x2000): Running with real IDs [0][0]. 284s [p11_child[3305]] [do_card] (0x4000): Module List: 284s [p11_child[3305]] [do_card] (0x4000): common name: [softhsm2]. 284s [p11_child[3305]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 284s [p11_child[3305]] [do_card] (0x4000): Description [SoftHSM slot ID 0x36212193] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 284s [p11_child[3305]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 284s [p11_child[3305]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x36212193][908140947] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 284s [p11_child[3305]] [do_card] (0x4000): Login NOT required. 284s [p11_child[3305]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 284s [p11_child[3305]] [do_verification] (0x0040): X509_verify_cert failed [0]. 284s [p11_child[3305]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 284s [p11_child[3305]] [read_certs] (0x0040): Certificate [Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] not valid, skipping. 284s [p11_child[3305]] [do_card] (0x4000): No certificate found. 284s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-ejg3vy/SSSD-child-5693.output 284s + return 2 284s + invalid_certificate /tmp/sssd-softhsm2-ejg3vy/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-29806 /tmp/sssd-softhsm2-ejg3vy/test-root-CA.pem partial_chain 284s + check_certificate /tmp/sssd-softhsm2-ejg3vy/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-29806 /tmp/sssd-softhsm2-ejg3vy/test-root-CA.pem partial_chain 284s + local certificate=/tmp/sssd-softhsm2-ejg3vy/test-intermediate-CA-trusted-certificate-0001.pem 284s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-29806 284s + local key_ring=/tmp/sssd-softhsm2-ejg3vy/test-root-CA.pem 284s + local verify_option=partial_chain 284s + prepare_softhsm2_card /tmp/sssd-softhsm2-ejg3vy/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-29806 284s + local certificate=/tmp/sssd-softhsm2-ejg3vy/test-intermediate-CA-trusted-certificate-0001.pem 284s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-29806 284s + local key_cn 284s + local key_name 284s + local tokens_dir 284s + local output_cert_file 284s + token_name= 284s ++ basename /tmp/sssd-softhsm2-ejg3vy/test-intermediate-CA-trusted-certificate-0001.pem .pem 284s + key_name=test-intermediate-CA-trusted-certificate-0001 284s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-ejg3vy/test-intermediate-CA-trusted-certificate-0001.pem 284s ++ sed -n 's/ *commonName *= //p' 284s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 284s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 284s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-ejg3vy/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 284s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-ejg3vy/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 284s ++ basename /tmp/sssd-softhsm2-ejg3vy/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 284s + tokens_dir=/tmp/sssd-softhsm2-ejg3vy/softhsm2-test-intermediate-CA-trusted-certificate-0001 284s + token_name='Test Organization Interme Token' 284s + '[' '!' -e /tmp/sssd-softhsm2-ejg3vy/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 284s + '[' '!' -d /tmp/sssd-softhsm2-ejg3vy/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 284s + echo 'Test Organization Interme Token' 284s Test Organization Interme Token 284s + '[' -n partial_chain ']' 284s + local verify_arg=--verify=partial_chain 284s + local output_base_name=SSSD-child-30624 284s + local output_file=/tmp/sssd-softhsm2-ejg3vy/SSSD-child-30624.output 284s + output_cert_file=/tmp/sssd-softhsm2-ejg3vy/SSSD-child-30624.pem 284s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-ejg3vy/test-root-CA.pem 284s [p11_child[3312]] [main] (0x0400): p11_child started. 284s [p11_child[3312]] [main] (0x2000): Running in [pre-auth] mode. 284s [p11_child[3312]] [main] (0x2000): Running with effective IDs: [0][0]. 284s [p11_child[3312]] [main] (0x2000): Running with real IDs [0][0]. 284s [p11_child[3312]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 284s [p11_child[3312]] [do_card] (0x4000): Module List: 284s [p11_child[3312]] [do_card] (0x4000): common name: [softhsm2]. 284s [p11_child[3312]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 284s [p11_child[3312]] [do_card] (0x4000): Description [SoftHSM slot ID 0x36212193] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 284s [p11_child[3312]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 284s [p11_child[3312]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x36212193][908140947] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 284s [p11_child[3312]] [do_card] (0x4000): Login NOT required. 284s [p11_child[3312]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 284s [p11_child[3312]] [do_verification] (0x0040): X509_verify_cert failed [0]. 284s [p11_child[3312]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 284s [p11_child[3312]] [read_certs] (0x0040): Certificate [Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] not valid, skipping. 284s [p11_child[3312]] [do_card] (0x4000): No certificate found. 284s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-ejg3vy/SSSD-child-30624.output 284s + return 2 284s + valid_certificate /tmp/sssd-softhsm2-ejg3vy/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-29806 /tmp/sssd-softhsm2-ejg3vy/test-full-chain-CA.pem 284s + check_certificate /tmp/sssd-softhsm2-ejg3vy/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-29806 /tmp/sssd-softhsm2-ejg3vy/test-full-chain-CA.pem 284s + local certificate=/tmp/sssd-softhsm2-ejg3vy/test-intermediate-CA-trusted-certificate-0001.pem 284s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-29806 284s + local key_ring=/tmp/sssd-softhsm2-ejg3vy/test-full-chain-CA.pem 284s + local verify_option= 284s + prepare_softhsm2_card /tmp/sssd-softhsm2-ejg3vy/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-29806 284s + local certificate=/tmp/sssd-softhsm2-ejg3vy/test-intermediate-CA-trusted-certificate-0001.pem 284s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-29806 284s + local key_cn 284s + local key_name 284s + local tokens_dir 284s + local output_cert_file 284s + token_name= 284s ++ basename /tmp/sssd-softhsm2-ejg3vy/test-intermediate-CA-trusted-certificate-0001.pem .pem 284s + key_name=test-intermediate-CA-trusted-certificate-0001 284s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-ejg3vy/test-intermediate-CA-trusted-certificate-0001.pem 284s ++ sed -n 's/ *commonName *= //p' 284s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 284s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 284s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-ejg3vy/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 284s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-ejg3vy/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 284s ++ basename /tmp/sssd-softhsm2-ejg3vy/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 284s + tokens_dir=/tmp/sssd-softhsm2-ejg3vy/softhsm2-test-intermediate-CA-trusted-certificate-0001 284s + token_name='Test Organization Interme Token' 284s + '[' '!' -e /tmp/sssd-softhsm2-ejg3vy/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 284s + '[' '!' -d /tmp/sssd-softhsm2-ejg3vy/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 284s + echo 'Test Organization Interme Token' 284s + '[' -n '' ']' 284s + local output_base_name=SSSD-child-25905 284s + local output_file=/tmp/sssd-softhsm2-ejg3vy/SSSD-child-25905.output 284s + output_cert_file=/tmp/sssd-softhsm2-ejg3vy/SSSD-child-25905.pem 284s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-ejg3vy/test-full-chain-CA.pem 284s Test Organization Interme Token 284s [p11_child[3319]] [main] (0x0400): p11_child started. 284s [p11_child[3319]] [main] (0x2000): Running in [pre-auth] mode. 284s [p11_child[3319]] [main] (0x2000): Running with effective IDs: [0][0]. 284s [p11_child[3319]] [main] (0x2000): Running with real IDs [0][0]. 284s [p11_child[3319]] [do_card] (0x4000): Module List: 284s [p11_child[3319]] [do_card] (0x4000): common name: [softhsm2]. 284s [p11_child[3319]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 284s [p11_child[3319]] [do_card] (0x4000): Description [SoftHSM slot ID 0x36212193] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 284s [p11_child[3319]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 284s [p11_child[3319]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x36212193][908140947] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 284s [p11_child[3319]] [do_card] (0x4000): Login NOT required. 284s [p11_child[3319]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 284s [p11_child[3319]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 284s [p11_child[3319]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Interme Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 284s [p11_child[3319]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x36212193;slot-manufacturer=SoftHSM%20project;slot-id=908140947;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=f33046dbb6212193;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 284s [p11_child[3319]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 284s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-ejg3vy/SSSD-child-25905.output 284s + echo '-----BEGIN CERTIFICATE-----' 284s + tail -n1 /tmp/sssd-softhsm2-ejg3vy/SSSD-child-25905.output 284s + echo '-----END CERTIFICATE-----' 284s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-ejg3vy/SSSD-child-25905.pem 284s + local found_md5 expected_md5 284s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-ejg3vy/test-intermediate-CA-trusted-certificate-0001.pem 284s Certificate: 284s Data: 284s Version: 3 (0x2) 284s Serial Number: 4 (0x4) 284s Signature Algorithm: sha256WithRSAEncryption 284s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 284s Validity 284s Not Before: Jun 14 17:05:38 2024 GMT 284s Not After : Jun 14 17:05:38 2025 GMT 284s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 284s Subject Public Key Info: 284s Public Key Algorithm: rsaEncryption 284s Public-Key: (1024 bit) 284s Modulus: 284s 00:f0:4a:cd:6d:eb:24:a8:20:ef:98:c1:ee:05:b8: 284s b1:fc:6f:f9:88:c8:62:62:97:ca:ee:6f:4f:67:34: 284s 98:fe:6a:70:cd:57:fe:15:23:18:c8:00:31:56:e3: 284s 1d:01:58:c9:85:50:7c:a4:cf:11:66:ce:05:28:5a: 284s 02:72:d1:30:c0:3d:33:48:a7:41:f6:b0:42:f1:07: 284s db:49:ce:18:5f:5b:f8:d2:6f:99:d8:2e:f1:a2:fb: 284s 65:04:4a:ed:ec:44:45:07:23:4b:2d:e4:16:6d:2b: 284s 4c:72:57:ab:44:fd:f9:ed:03:bb:d7:4b:08:60:c8: 284s 66:35:2b:0f:5b:73:23:aa:cf 284s Exponent: 65537 (0x10001) 284s X509v3 extensions: 284s X509v3 Authority Key Identifier: 284s 8A:28:25:6A:AA:3D:95:2F:7D:FE:42:B9:DF:3F:C1:25:C2:9B:DC:06 284s X509v3 Basic Constraints: 284s CA:FALSE 284s Netscape Cert Type: 284s SSL Client, S/MIME 284s Netscape Comment: 284s Test Organization Intermediate CA trusted Certificate 284s X509v3 Subject Key Identifier: 284s 79:83:81:DF:56:FE:E0:C3:D7:83:85:7D:39:D7:C6:5F:0F:04:F3:58 284s X509v3 Key Usage: critical 284s Digital Signature, Non Repudiation, Key Encipherment 284s X509v3 Extended Key Usage: 284s TLS Web Client Authentication, E-mail Protection 284s X509v3 Subject Alternative Name: 284s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 284s Signature Algorithm: sha256WithRSAEncryption 284s Signature Value: 284s c1:65:f8:58:45:7e:43:95:4a:dc:bf:f7:51:ac:42:cb:33:f8: 284s 83:11:ba:48:46:12:b2:a4:20:97:02:15:27:dc:e9:b1:45:02: 284s 2e:9e:bb:89:4b:89:b7:7c:92:89:11:4d:83:7e:8d:53:49:49: 284s 56:47:b4:6f:69:c2:a4:fa:01:41:7d:b2:26:1b:8c:5f:75:6c: 284s c9:e0:bc:46:dd:ef:16:fc:98:f9:7c:24:03:63:4f:ec:cc:98: 284s 82:bd:db:ab:59:61:8b:5e:0d:05:c7:77:b2:ba:3d:c6:b4:90: 284s c6:69:36:06:5a:bc:a1:49:a9:b6:cc:6e:d7:47:4f:05:74:5a: 284s 1c:ac 284s + expected_md5=Modulus=F04ACD6DEB24A820EF98C1EE05B8B1FC6FF988C8626297CAEE6F4F673498FE6A70CD57FE152318C8003156E31D0158C985507CA4CF1166CE05285A0272D130C03D3348A741F6B042F107DB49CE185F5BF8D26F99D82EF1A2FB65044AEDEC444507234B2DE4166D2B4C7257AB44FDF9ED03BBD74B0860C866352B0F5B7323AACF 284s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-ejg3vy/SSSD-child-25905.pem 284s + found_md5=Modulus=F04ACD6DEB24A820EF98C1EE05B8B1FC6FF988C8626297CAEE6F4F673498FE6A70CD57FE152318C8003156E31D0158C985507CA4CF1166CE05285A0272D130C03D3348A741F6B042F107DB49CE185F5BF8D26F99D82EF1A2FB65044AEDEC444507234B2DE4166D2B4C7257AB44FDF9ED03BBD74B0860C866352B0F5B7323AACF 284s + '[' Modulus=F04ACD6DEB24A820EF98C1EE05B8B1FC6FF988C8626297CAEE6F4F673498FE6A70CD57FE152318C8003156E31D0158C985507CA4CF1166CE05285A0272D130C03D3348A741F6B042F107DB49CE185F5BF8D26F99D82EF1A2FB65044AEDEC444507234B2DE4166D2B4C7257AB44FDF9ED03BBD74B0860C866352B0F5B7323AACF '!=' Modulus=F04ACD6DEB24A820EF98C1EE05B8B1FC6FF988C8626297CAEE6F4F673498FE6A70CD57FE152318C8003156E31D0158C985507CA4CF1166CE05285A0272D130C03D3348A741F6B042F107DB49CE185F5BF8D26F99D82EF1A2FB65044AEDEC444507234B2DE4166D2B4C7257AB44FDF9ED03BBD74B0860C866352B0F5B7323AACF ']' 284s + output_file=/tmp/sssd-softhsm2-ejg3vy/SSSD-child-25905-auth.output 284s ++ basename /tmp/sssd-softhsm2-ejg3vy/SSSD-child-25905-auth.output .output 284s + output_cert_file=/tmp/sssd-softhsm2-ejg3vy/SSSD-child-25905-auth.pem 284s + echo -n 053350 284s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-ejg3vy/test-full-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 '' --token_name 'Test Organization Interme Token' --module_name /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so 284s [p11_child[3327]] [main] (0x0400): p11_child started. 284s [p11_child[3327]] [main] (0x2000): Running in [auth] mode. 284s [p11_child[3327]] [main] (0x2000): Running with effective IDs: [0][0]. 284s [p11_child[3327]] [main] (0x2000): Running with real IDs [0][0]. 284s [p11_child[3327]] [do_card] (0x4000): Module List: 284s [p11_child[3327]] [do_card] (0x4000): common name: [softhsm2]. 284s [p11_child[3327]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 284s [p11_child[3327]] [do_card] (0x4000): Description [SoftHSM slot ID 0x36212193] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 284s [p11_child[3327]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 284s [p11_child[3327]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x36212193][908140947] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 284s [p11_child[3327]] [do_card] (0x4000): Login required. 284s [p11_child[3327]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 284s [p11_child[3327]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 284s [p11_child[3327]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so Test Organization Interme Token Test Organization Interme Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 284s [p11_child[3327]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x36212193;slot-manufacturer=SoftHSM%20project;slot-id=908140947;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=f33046dbb6212193;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 284s [p11_child[3327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 284s [p11_child[3327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 284s [p11_child[3327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 284s [p11_child[3327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 284s [p11_child[3327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 284s [p11_child[3327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 284s [p11_child[3327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 284s [p11_child[3327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 284s [p11_child[3327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 284s [p11_child[3327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 284s [p11_child[3327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 284s [p11_child[3327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 284s [p11_child[3327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 284s [p11_child[3327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 284s [p11_child[3327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 284s [p11_child[3327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 284s [p11_child[3327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 284s [p11_child[3327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 284s [p11_child[3327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 284s [p11_child[3327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 284s [p11_child[3327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 284s [p11_child[3327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 284s [p11_child[3327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 284s [p11_child[3327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 284s [p11_child[3327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 284s [p11_child[3327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 284s [p11_child[3327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 284s [p11_child[3327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 284s [p11_child[3327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 284s [p11_child[3327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 284s [p11_child[3327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 284s [p11_child[3327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 284s [p11_child[3327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 284s [p11_child[3327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 284s [p11_child[3327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 284s [p11_child[3327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 284s [p11_child[3327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 284s [p11_child[3327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 284s [p11_child[3327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 284s [p11_child[3327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 284s [p11_child[3327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 284s [p11_child[3327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 284s [p11_child[3327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 284s [p11_child[3327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 284s [p11_child[3327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 284s [p11_child[3327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 284s [p11_child[3327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 284s [p11_child[3327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 284s [p11_child[3327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 284s [p11_child[3327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 284s [p11_child[3327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 284s [p11_child[3327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 284s [p11_child[3327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 284s [p11_child[3327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 284s [p11_child[3327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 284s [p11_child[3327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 284s [p11_child[3327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 284s [p11_child[3327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 284s [p11_child[3327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 284s [p11_child[3327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 284s [p11_child[3327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 284s [p11_child[3327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 284s [p11_child[3327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 284s [p11_child[3327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 284s [p11_child[3327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 284s [p11_child[3327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 284s [p11_child[3327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 284s [p11_child[3327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 284s [p11_child[3327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 284s [p11_child[3327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 284s [p11_child[3327]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 284s [p11_child[3327]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 284s [p11_child[3327]] [do_card] (0x4000): Certificate verified and validated. 284s [p11_child[3327]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 284s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-ejg3vy/SSSD-child-25905-auth.output 284s + echo '-----BEGIN CERTIFICATE-----' 284s + tail -n1 /tmp/sssd-softhsm2-ejg3vy/SSSD-child-25905-auth.output 284s + echo '-----END CERTIFICATE-----' 284s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-ejg3vy/SSSD-child-25905-auth.pem 284s Certificate: 284s Data: 284s Version: 3 (0x2) 284s Serial Number: 4 (0x4) 284s Signature Algorithm: sha256WithRSAEncryption 284s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 284s Validity 284s Not Before: Jun 14 17:05:38 2024 GMT 284s Not After : Jun 14 17:05:38 2025 GMT 284s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 284s Subject Public Key Info: 284s Public Key Algorithm: rsaEncryption 284s Public-Key: (1024 bit) 284s Modulus: 284s 00:f0:4a:cd:6d:eb:24:a8:20:ef:98:c1:ee:05:b8: 284s b1:fc:6f:f9:88:c8:62:62:97:ca:ee:6f:4f:67:34: 284s 98:fe:6a:70:cd:57:fe:15:23:18:c8:00:31:56:e3: 284s 1d:01:58:c9:85:50:7c:a4:cf:11:66:ce:05:28:5a: 284s 02:72:d1:30:c0:3d:33:48:a7:41:f6:b0:42:f1:07: 284s db:49:ce:18:5f:5b:f8:d2:6f:99:d8:2e:f1:a2:fb: 284s 65:04:4a:ed:ec:44:45:07:23:4b:2d:e4:16:6d:2b: 284s 4c:72:57:ab:44:fd:f9:ed:03:bb:d7:4b:08:60:c8: 284s 66:35:2b:0f:5b:73:23:aa:cf 284s Exponent: 65537 (0x10001) 284s X509v3 extensions: 284s X509v3 Authority Key Identifier: 284s 8A:28:25:6A:AA:3D:95:2F:7D:FE:42:B9:DF:3F:C1:25:C2:9B:DC:06 284s X509v3 Basic Constraints: 284s CA:FALSE 284s Netscape Cert Type: 284s SSL Client, S/MIME 284s Netscape Comment: 284s Test Organization Intermediate CA trusted Certificate 284s X509v3 Subject Key Identifier: 284s 79:83:81:DF:56:FE:E0:C3:D7:83:85:7D:39:D7:C6:5F:0F:04:F3:58 284s X509v3 Key Usage: critical 284s Digital Signature, Non Repudiation, Key Encipherment 284s X509v3 Extended Key Usage: 284s TLS Web Client Authentication, E-mail Protection 284s X509v3 Subject Alternative Name: 284s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 284s Signature Algorithm: sha256WithRSAEncryption 284s Signature Value: 284s c1:65:f8:58:45:7e:43:95:4a:dc:bf:f7:51:ac:42:cb:33:f8: 284s 83:11:ba:48:46:12:b2:a4:20:97:02:15:27:dc:e9:b1:45:02: 284s 2e:9e:bb:89:4b:89:b7:7c:92:89:11:4d:83:7e:8d:53:49:49: 284s 56:47:b4:6f:69:c2:a4:fa:01:41:7d:b2:26:1b:8c:5f:75:6c: 284s c9:e0:bc:46:dd:ef:16:fc:98:f9:7c:24:03:63:4f:ec:cc:98: 284s 82:bd:db:ab:59:61:8b:5e:0d:05:c7:77:b2:ba:3d:c6:b4:90: 284s c6:69:36:06:5a:bc:a1:49:a9:b6:cc:6e:d7:47:4f:05:74:5a: 284s 1c:ac 284s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-ejg3vy/SSSD-child-25905-auth.pem 284s + found_md5=Modulus=F04ACD6DEB24A820EF98C1EE05B8B1FC6FF988C8626297CAEE6F4F673498FE6A70CD57FE152318C8003156E31D0158C985507CA4CF1166CE05285A0272D130C03D3348A741F6B042F107DB49CE185F5BF8D26F99D82EF1A2FB65044AEDEC444507234B2DE4166D2B4C7257AB44FDF9ED03BBD74B0860C866352B0F5B7323AACF 284s + '[' Modulus=F04ACD6DEB24A820EF98C1EE05B8B1FC6FF988C8626297CAEE6F4F673498FE6A70CD57FE152318C8003156E31D0158C985507CA4CF1166CE05285A0272D130C03D3348A741F6B042F107DB49CE185F5BF8D26F99D82EF1A2FB65044AEDEC444507234B2DE4166D2B4C7257AB44FDF9ED03BBD74B0860C866352B0F5B7323AACF '!=' Modulus=F04ACD6DEB24A820EF98C1EE05B8B1FC6FF988C8626297CAEE6F4F673498FE6A70CD57FE152318C8003156E31D0158C985507CA4CF1166CE05285A0272D130C03D3348A741F6B042F107DB49CE185F5BF8D26F99D82EF1A2FB65044AEDEC444507234B2DE4166D2B4C7257AB44FDF9ED03BBD74B0860C866352B0F5B7323AACF ']' 284s + valid_certificate /tmp/sssd-softhsm2-ejg3vy/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-29806 /tmp/sssd-softhsm2-ejg3vy/test-full-chain-CA.pem partial_chain 284s + check_certificate /tmp/sssd-softhsm2-ejg3vy/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-29806 /tmp/sssd-softhsm2-ejg3vy/test-full-chain-CA.pem partial_chain 284s + local certificate=/tmp/sssd-softhsm2-ejg3vy/test-intermediate-CA-trusted-certificate-0001.pem 284s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-29806 284s + local key_ring=/tmp/sssd-softhsm2-ejg3vy/test-full-chain-CA.pem 284s + local verify_option=partial_chain 284s + prepare_softhsm2_card /tmp/sssd-softhsm2-ejg3vy/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-29806 284s + local certificate=/tmp/sssd-softhsm2-ejg3vy/test-intermediate-CA-trusted-certificate-0001.pem 284s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-29806 284s + local key_cn 284s + local key_name 284s + local tokens_dir 284s + local output_cert_file 284s + token_name= 284s ++ basename /tmp/sssd-softhsm2-ejg3vy/test-intermediate-CA-trusted-certificate-0001.pem .pem 284s + key_name=test-intermediate-CA-trusted-certificate-0001 284s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-ejg3vy/test-intermediate-CA-trusted-certificate-0001.pem 284s ++ sed -n 's/ *commonName *= //p' 284s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 284s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 284s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-ejg3vy/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 284s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-ejg3vy/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 284s ++ basename /tmp/sssd-softhsm2-ejg3vy/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 284s + tokens_dir=/tmp/sssd-softhsm2-ejg3vy/softhsm2-test-intermediate-CA-trusted-certificate-0001 284s + token_name='Test Organization Interme Token' 284s + '[' '!' -e /tmp/sssd-softhsm2-ejg3vy/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 284s + '[' '!' -d /tmp/sssd-softhsm2-ejg3vy/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 284s + echo 'Test Organization Interme Token' 284s + '[' -n partial_chain ']' 284s + local verify_arg=--verify=partial_chain 284s + local output_base_name=SSSD-child-12923 284s + local output_file=/tmp/sssd-softhsm2-ejg3vy/SSSD-child-12923.output 284s + output_cert_file=/tmp/sssd-softhsm2-ejg3vy/SSSD-child-12923.pem 284s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-ejg3vy/test-full-chain-CA.pem 284s Test Organization Interme Token 284s [p11_child[3337]] [main] (0x0400): p11_child started. 284s [p11_child[3337]] [main] (0x2000): Running in [pre-auth] mode. 284s [p11_child[3337]] [main] (0x2000): Running with effective IDs: [0][0]. 284s [p11_child[3337]] [main] (0x2000): Running with real IDs [0][0]. 284s [p11_child[3337]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 284s [p11_child[3337]] [do_card] (0x4000): Module List: 284s [p11_child[3337]] [do_card] (0x4000): common name: [softhsm2]. 284s [p11_child[3337]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 284s [p11_child[3337]] [do_card] (0x4000): Description [SoftHSM slot ID 0x36212193] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 284s [p11_child[3337]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 284s [p11_child[3337]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x36212193][908140947] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 284s [p11_child[3337]] [do_card] (0x4000): Login NOT required. 284s [p11_child[3337]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 284s [p11_child[3337]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 284s [p11_child[3337]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Interme Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 284s [p11_child[3337]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x36212193;slot-manufacturer=SoftHSM%20project;slot-id=908140947;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=f33046dbb6212193;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 284s [p11_child[3337]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 284s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-ejg3vy/SSSD-child-12923.output 284s + echo '-----BEGIN CERTIFICATE-----' 284s + tail -n1 /tmp/sssd-softhsm2-ejg3vy/SSSD-child-12923.output 284s + echo '-----END CERTIFICATE-----' 284s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-ejg3vy/SSSD-child-12923.pem 284s + local found_md5 expected_md5 284s Certificate: 284s Data: 284s Version: 3 (0x2) 284s Serial Number: 4 (0x4) 284s Signature Algorithm: sha256WithRSAEncryption 284s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 284s Validity 284s Not Before: Jun 14 17:05:38 2024 GMT 284s Not After : Jun 14 17:05:38 2025 GMT 284s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 284s Subject Public Key Info: 284s Public Key Algorithm: rsaEncryption 284s Public-Key: (1024 bit) 284s Modulus: 284s 00:f0:4a:cd:6d:eb:24:a8:20:ef:98:c1:ee:05:b8: 284s b1:fc:6f:f9:88:c8:62:62:97:ca:ee:6f:4f:67:34: 284s 98:fe:6a:70:cd:57:fe:15:23:18:c8:00:31:56:e3: 284s 1d:01:58:c9:85:50:7c:a4:cf:11:66:ce:05:28:5a: 284s 02:72:d1:30:c0:3d:33:48:a7:41:f6:b0:42:f1:07: 284s db:49:ce:18:5f:5b:f8:d2:6f:99:d8:2e:f1:a2:fb: 284s 65:04:4a:ed:ec:44:45:07:23:4b:2d:e4:16:6d:2b: 284s 4c:72:57:ab:44:fd:f9:ed:03:bb:d7:4b:08:60:c8: 284s 66:35:2b:0f:5b:73:23:aa:cf 284s Exponent: 65537 (0x10001) 284s X509v3 extensions: 284s X509v3 Authority Key Identifier: 284s 8A:28:25:6A:AA:3D:95:2F:7D:FE:42:B9:DF:3F:C1:25:C2:9B:DC:06 284s X509v3 Basic Constraints: 284s CA:FALSE 284s Netscape Cert Type: 284s SSL Client, S/MIME 284s Netscape Comment: 284s Test Organization Intermediate CA trusted Certificate 284s X509v3 Subject Key Identifier: 284s 79:83:81:DF:56:FE:E0:C3:D7:83:85:7D:39:D7:C6:5F:0F:04:F3:58 284s X509v3 Key Usage: critical 284s Digital Signature, Non Repudiation, Key Encipherment 284s X509v3 Extended Key Usage: 284s TLS Web Client Authentication, E-mail Protection 284s X509v3 Subject Alternative Name: 284s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 284s Signature Algorithm: sha256WithRSAEncryption 284s Signature Value: 284s c1:65:f8:58:45:7e:43:95:4a:dc:bf:f7:51:ac:42:cb:33:f8: 284s 83:11:ba:48:46:12:b2:a4:20:97:02:15:27:dc:e9:b1:45:02: 284s 2e:9e:bb:89:4b:89:b7:7c:92:89:11:4d:83:7e:8d:53:49:49: 284s 56:47:b4:6f:69:c2:a4:fa:01:41:7d:b2:26:1b:8c:5f:75:6c: 284s c9:e0:bc:46:dd:ef:16:fc:98:f9:7c:24:03:63:4f:ec:cc:98: 284s 82:bd:db:ab:59:61:8b:5e:0d:05:c7:77:b2:ba:3d:c6:b4:90: 284s c6:69:36:06:5a:bc:a1:49:a9:b6:cc:6e:d7:47:4f:05:74:5a: 284s 1c:ac 284s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-ejg3vy/test-intermediate-CA-trusted-certificate-0001.pem 284s + expected_md5=Modulus=F04ACD6DEB24A820EF98C1EE05B8B1FC6FF988C8626297CAEE6F4F673498FE6A70CD57FE152318C8003156E31D0158C985507CA4CF1166CE05285A0272D130C03D3348A741F6B042F107DB49CE185F5BF8D26F99D82EF1A2FB65044AEDEC444507234B2DE4166D2B4C7257AB44FDF9ED03BBD74B0860C866352B0F5B7323AACF 284s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-ejg3vy/SSSD-child-12923.pem 284s + found_md5=Modulus=F04ACD6DEB24A820EF98C1EE05B8B1FC6FF988C8626297CAEE6F4F673498FE6A70CD57FE152318C8003156E31D0158C985507CA4CF1166CE05285A0272D130C03D3348A741F6B042F107DB49CE185F5BF8D26F99D82EF1A2FB65044AEDEC444507234B2DE4166D2B4C7257AB44FDF9ED03BBD74B0860C866352B0F5B7323AACF 284s + '[' Modulus=F04ACD6DEB24A820EF98C1EE05B8B1FC6FF988C8626297CAEE6F4F673498FE6A70CD57FE152318C8003156E31D0158C985507CA4CF1166CE05285A0272D130C03D3348A741F6B042F107DB49CE185F5BF8D26F99D82EF1A2FB65044AEDEC444507234B2DE4166D2B4C7257AB44FDF9ED03BBD74B0860C866352B0F5B7323AACF '!=' Modulus=F04ACD6DEB24A820EF98C1EE05B8B1FC6FF988C8626297CAEE6F4F673498FE6A70CD57FE152318C8003156E31D0158C985507CA4CF1166CE05285A0272D130C03D3348A741F6B042F107DB49CE185F5BF8D26F99D82EF1A2FB65044AEDEC444507234B2DE4166D2B4C7257AB44FDF9ED03BBD74B0860C866352B0F5B7323AACF ']' 284s + output_file=/tmp/sssd-softhsm2-ejg3vy/SSSD-child-12923-auth.output 284s ++ basename /tmp/sssd-softhsm2-ejg3vy/SSSD-child-12923-auth.output .output 284s + output_cert_file=/tmp/sssd-softhsm2-ejg3vy/SSSD-child-12923-auth.pem 284s + echo -n 053350 284s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-ejg3vy/test-full-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Interme Token' --module_name /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so 284s [p11_child[3345]] [main] (0x0400): p11_child started. 284s [p11_child[3345]] [main] (0x2000): Running in [auth] mode. 284s [p11_child[3345]] [main] (0x2000): Running with effective IDs: [0][0]. 284s [p11_child[3345]] [main] (0x2000): Running with real IDs [0][0]. 284s [p11_child[3345]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 284s [p11_child[3345]] [do_card] (0x4000): Module List: 284s [p11_child[3345]] [do_card] (0x4000): common name: [softhsm2]. 284s [p11_child[3345]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 284s [p11_child[3345]] [do_card] (0x4000): Description [SoftHSM slot ID 0x36212193] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 284s [p11_child[3345]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 284s [p11_child[3345]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x36212193][908140947] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 284s [p11_child[3345]] [do_card] (0x4000): Login required. 284s [p11_child[3345]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 284s [p11_child[3345]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 284s [p11_child[3345]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so Test Organization Interme Token Test Organization Interme Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 284s [p11_child[3345]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x36212193;slot-manufacturer=SoftHSM%20project;slot-id=908140947;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=f33046dbb6212193;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 284s [p11_child[3345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 284s [p11_child[3345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 284s [p11_child[3345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 284s [p11_child[3345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 284s [p11_child[3345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 284s [p11_child[3345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 284s [p11_child[3345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 284s [p11_child[3345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 284s [p11_child[3345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 284s [p11_child[3345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 284s [p11_child[3345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 284s [p11_child[3345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 284s [p11_child[3345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 284s [p11_child[3345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 284s [p11_child[3345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 284s [p11_child[3345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 284s [p11_child[3345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 284s [p11_child[3345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 284s [p11_child[3345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 284s [p11_child[3345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 284s [p11_child[3345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 284s [p11_child[3345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 284s [p11_child[3345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 284s [p11_child[3345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 284s [p11_child[3345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 284s [p11_child[3345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 284s [p11_child[3345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 284s [p11_child[3345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 284s [p11_child[3345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 284s [p11_child[3345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 284s [p11_child[3345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 284s [p11_child[3345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 284s [p11_child[3345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 284s [p11_child[3345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 284s [p11_child[3345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 284s [p11_child[3345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 284s [p11_child[3345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 284s [p11_child[3345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 284s [p11_child[3345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 284s [p11_child[3345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 284s [p11_child[3345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 284s [p11_child[3345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 284s [p11_child[3345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 284s [p11_child[3345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 284s [p11_child[3345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 284s [p11_child[3345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 284s [p11_child[3345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 284s [p11_child[3345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 284s [p11_child[3345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 284s [p11_child[3345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 284s [p11_child[3345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 284s [p11_child[3345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 284s [p11_child[3345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 284s [p11_child[3345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 284s [p11_child[3345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 284s [p11_child[3345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 284s [p11_child[3345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 284s [p11_child[3345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 284s [p11_child[3345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 284s [p11_child[3345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 284s [p11_child[3345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 284s [p11_child[3345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 284s [p11_child[3345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 284s [p11_child[3345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 284s [p11_child[3345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 284s [p11_child[3345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 284s [p11_child[3345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 284s [p11_child[3345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 284s [p11_child[3345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 284s [p11_child[3345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 284s [p11_child[3345]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 284s [p11_child[3345]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 284s [p11_child[3345]] [do_card] (0x4000): Certificate verified and validated. 284s [p11_child[3345]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 284s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-ejg3vy/SSSD-child-12923-auth.output 284s + echo '-----BEGIN CERTIFICATE-----' 284s + tail -n1 /tmp/sssd-softhsm2-ejg3vy/SSSD-child-12923-auth.output 284s + echo '-----END CERTIFICATE-----' 284s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-ejg3vy/SSSD-child-12923-auth.pem 284s Certificate: 284s Data: 284s Version: 3 (0x2) 284s Serial Number: 4 (0x4) 284s Signature Algorithm: sha256WithRSAEncryption 284s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 284s Validity 284s Not Before: Jun 14 17:05:38 2024 GMT 284s Not After : Jun 14 17:05:38 2025 GMT 284s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 284s Subject Public Key Info: 284s Public Key Algorithm: rsaEncryption 284s Public-Key: (1024 bit) 284s Modulus: 284s 00:f0:4a:cd:6d:eb:24:a8:20:ef:98:c1:ee:05:b8: 284s b1:fc:6f:f9:88:c8:62:62:97:ca:ee:6f:4f:67:34: 284s 98:fe:6a:70:cd:57:fe:15:23:18:c8:00:31:56:e3: 284s 1d:01:58:c9:85:50:7c:a4:cf:11:66:ce:05:28:5a: 284s 02:72:d1:30:c0:3d:33:48:a7:41:f6:b0:42:f1:07: 284s db:49:ce:18:5f:5b:f8:d2:6f:99:d8:2e:f1:a2:fb: 284s 65:04:4a:ed:ec:44:45:07:23:4b:2d:e4:16:6d:2b: 284s 4c:72:57:ab:44:fd:f9:ed:03:bb:d7:4b:08:60:c8: 284s 66:35:2b:0f:5b:73:23:aa:cf 284s Exponent: 65537 (0x10001) 284s X509v3 extensions: 284s X509v3 Authority Key Identifier: 284s 8A:28:25:6A:AA:3D:95:2F:7D:FE:42:B9:DF:3F:C1:25:C2:9B:DC:06 284s X509v3 Basic Constraints: 284s CA:FALSE 284s Netscape Cert Type: 284s SSL Client, S/MIME 284s Netscape Comment: 284s Test Organization Intermediate CA trusted Certificate 284s X509v3 Subject Key Identifier: 284s 79:83:81:DF:56:FE:E0:C3:D7:83:85:7D:39:D7:C6:5F:0F:04:F3:58 284s X509v3 Key Usage: critical 284s Digital Signature, Non Repudiation, Key Encipherment 284s X509v3 Extended Key Usage: 284s TLS Web Client Authentication, E-mail Protection 284s X509v3 Subject Alternative Name: 284s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 284s Signature Algorithm: sha256WithRSAEncryption 284s Signature Value: 284s c1:65:f8:58:45:7e:43:95:4a:dc:bf:f7:51:ac:42:cb:33:f8: 284s 83:11:ba:48:46:12:b2:a4:20:97:02:15:27:dc:e9:b1:45:02: 284s 2e:9e:bb:89:4b:89:b7:7c:92:89:11:4d:83:7e:8d:53:49:49: 284s 56:47:b4:6f:69:c2:a4:fa:01:41:7d:b2:26:1b:8c:5f:75:6c: 284s c9:e0:bc:46:dd:ef:16:fc:98:f9:7c:24:03:63:4f:ec:cc:98: 284s 82:bd:db:ab:59:61:8b:5e:0d:05:c7:77:b2:ba:3d:c6:b4:90: 284s c6:69:36:06:5a:bc:a1:49:a9:b6:cc:6e:d7:47:4f:05:74:5a: 284s 1c:ac 284s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-ejg3vy/SSSD-child-12923-auth.pem 284s + found_md5=Modulus=F04ACD6DEB24A820EF98C1EE05B8B1FC6FF988C8626297CAEE6F4F673498FE6A70CD57FE152318C8003156E31D0158C985507CA4CF1166CE05285A0272D130C03D3348A741F6B042F107DB49CE185F5BF8D26F99D82EF1A2FB65044AEDEC444507234B2DE4166D2B4C7257AB44FDF9ED03BBD74B0860C866352B0F5B7323AACF 284s + '[' Modulus=F04ACD6DEB24A820EF98C1EE05B8B1FC6FF988C8626297CAEE6F4F673498FE6A70CD57FE152318C8003156E31D0158C985507CA4CF1166CE05285A0272D130C03D3348A741F6B042F107DB49CE185F5BF8D26F99D82EF1A2FB65044AEDEC444507234B2DE4166D2B4C7257AB44FDF9ED03BBD74B0860C866352B0F5B7323AACF '!=' Modulus=F04ACD6DEB24A820EF98C1EE05B8B1FC6FF988C8626297CAEE6F4F673498FE6A70CD57FE152318C8003156E31D0158C985507CA4CF1166CE05285A0272D130C03D3348A741F6B042F107DB49CE185F5BF8D26F99D82EF1A2FB65044AEDEC444507234B2DE4166D2B4C7257AB44FDF9ED03BBD74B0860C866352B0F5B7323AACF ']' 284s + invalid_certificate /tmp/sssd-softhsm2-ejg3vy/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-29806 /tmp/sssd-softhsm2-ejg3vy/test-intermediate-CA.pem 284s + check_certificate /tmp/sssd-softhsm2-ejg3vy/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-29806 /tmp/sssd-softhsm2-ejg3vy/test-intermediate-CA.pem 284s + local certificate=/tmp/sssd-softhsm2-ejg3vy/test-intermediate-CA-trusted-certificate-0001.pem 284s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-29806 284s + local key_ring=/tmp/sssd-softhsm2-ejg3vy/test-intermediate-CA.pem 284s + local verify_option= 284s + prepare_softhsm2_card /tmp/sssd-softhsm2-ejg3vy/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-29806 284s + local certificate=/tmp/sssd-softhsm2-ejg3vy/test-intermediate-CA-trusted-certificate-0001.pem 284s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-29806 284s + local key_cn 284s + local key_name 284s + local tokens_dir 284s + local output_cert_file 284s + token_name= 284s ++ basename /tmp/sssd-softhsm2-ejg3vy/test-intermediate-CA-trusted-certificate-0001.pem .pem 284s + key_name=test-intermediate-CA-trusted-certificate-0001 284s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-ejg3vy/test-intermediate-CA-trusted-certificate-0001.pem 284s ++ sed -n 's/ *commonName *= //p' 284s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 284s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 284s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-ejg3vy/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 284s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-ejg3vy/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 284s ++ basename /tmp/sssd-softhsm2-ejg3vy/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 284s + tokens_dir=/tmp/sssd-softhsm2-ejg3vy/softhsm2-test-intermediate-CA-trusted-certificate-0001 284s + token_name='Test Organization Interme Token' 284s + '[' '!' -e /tmp/sssd-softhsm2-ejg3vy/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 284s + '[' '!' -d /tmp/sssd-softhsm2-ejg3vy/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 284s + echo 'Test Organization Interme Token' 284s + '[' -n '' ']' 284s + local output_base_name=SSSD-child-29834 284s + local output_file=/tmp/sssd-softhsm2-ejg3vy/SSSD-child-29834.output 284s + output_cert_file=/tmp/sssd-softhsm2-ejg3vy/SSSD-child-29834.pem 284s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-ejg3vy/test-intermediate-CA.pem 284s Test Organization Interme Token 284s [p11_child[3355]] [main] (0x0400): p11_child started. 284s [p11_child[3355]] [main] (0x2000): Running in [pre-auth] mode. 284s [p11_child[3355]] [main] (0x2000): Running with effective IDs: [0][0]. 284s [p11_child[3355]] [main] (0x2000): Running with real IDs [0][0]. 284s [p11_child[3355]] [do_card] (0x4000): Module List: 284s [p11_child[3355]] [do_card] (0x4000): common name: [softhsm2]. 284s [p11_child[3355]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 284s [p11_child[3355]] [do_card] (0x4000): Description [SoftHSM slot ID 0x36212193] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 284s [p11_child[3355]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 284s [p11_child[3355]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x36212193][908140947] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 284s [p11_child[3355]] [do_card] (0x4000): Login NOT required. 284s [p11_child[3355]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 284s [p11_child[3355]] [do_verification] (0x0040): X509_verify_cert failed [0]. 284s [p11_child[3355]] [do_verification] (0x0040): X509_verify_cert failed [2][unable to get issuer certificate]. 284s [p11_child[3355]] [read_certs] (0x0040): Certificate [Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] not valid, skipping. 284s [p11_child[3355]] [do_card] (0x4000): No certificate found. 284s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-ejg3vy/SSSD-child-29834.output 284s + return 2 284s + valid_certificate /tmp/sssd-softhsm2-ejg3vy/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-29806 /tmp/sssd-softhsm2-ejg3vy/test-intermediate-CA.pem partial_chain 284s + check_certificate /tmp/sssd-softhsm2-ejg3vy/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-29806 /tmp/sssd-softhsm2-ejg3vy/test-intermediate-CA.pem partial_chain 284s + local certificate=/tmp/sssd-softhsm2-ejg3vy/test-intermediate-CA-trusted-certificate-0001.pem 284s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-29806 284s + local key_ring=/tmp/sssd-softhsm2-ejg3vy/test-intermediate-CA.pem 284s + local verify_option=partial_chain 284s + prepare_softhsm2_card /tmp/sssd-softhsm2-ejg3vy/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-29806 284s + local certificate=/tmp/sssd-softhsm2-ejg3vy/test-intermediate-CA-trusted-certificate-0001.pem 284s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-29806 284s + local key_cn 284s + local key_name 284s + local tokens_dir 284s + local output_cert_file 284s + token_name= 284s ++ basename /tmp/sssd-softhsm2-ejg3vy/test-intermediate-CA-trusted-certificate-0001.pem .pem 284s + key_name=test-intermediate-CA-trusted-certificate-0001 284s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-ejg3vy/test-intermediate-CA-trusted-certificate-0001.pem 284s ++ sed -n 's/ *commonName *= //p' 284s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 284s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 284s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-ejg3vy/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 284s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-ejg3vy/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 284s ++ basename /tmp/sssd-softhsm2-ejg3vy/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 284s + tokens_dir=/tmp/sssd-softhsm2-ejg3vy/softhsm2-test-intermediate-CA-trusted-certificate-0001 284s + token_name='Test Organization Interme Token' 284s + '[' '!' -e /tmp/sssd-softhsm2-ejg3vy/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 284s + '[' '!' -d /tmp/sssd-softhsm2-ejg3vy/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 284s + echo 'Test Organization Interme Token' 284s + '[' -n partial_chain ']' 284s + local verify_arg=--verify=partial_chain 284s + local output_base_name=SSSD-child-537 284s + local output_file=/tmp/sssd-softhsm2-ejg3vy/SSSD-child-537.output 284s + output_cert_file=/tmp/sssd-softhsm2-ejg3vy/SSSD-child-537.pem 284s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-ejg3vy/test-intermediate-CA.pem 284s Test Organization Interme Token 284s [p11_child[3362]] [main] (0x0400): p11_child started. 284s [p11_child[3362]] [main] (0x2000): Running in [pre-auth] mode. 284s [p11_child[3362]] [main] (0x2000): Running with effective IDs: [0][0]. 284s [p11_child[3362]] [main] (0x2000): Running with real IDs [0][0]. 284s [p11_child[3362]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 284s [p11_child[3362]] [do_card] (0x4000): Module List: 284s [p11_child[3362]] [do_card] (0x4000): common name: [softhsm2]. 284s [p11_child[3362]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 284s [p11_child[3362]] [do_card] (0x4000): Description [SoftHSM slot ID 0x36212193] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 284s [p11_child[3362]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 284s [p11_child[3362]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x36212193][908140947] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 284s [p11_child[3362]] [do_card] (0x4000): Login NOT required. 284s [p11_child[3362]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 284s [p11_child[3362]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 284s [p11_child[3362]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Interme Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 284s [p11_child[3362]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x36212193;slot-manufacturer=SoftHSM%20project;slot-id=908140947;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=f33046dbb6212193;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 284s [p11_child[3362]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 284s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-ejg3vy/SSSD-child-537.output 284s + echo '-----BEGIN CERTIFICATE-----' 284s + tail -n1 /tmp/sssd-softhsm2-ejg3vy/SSSD-child-537.output 284s + echo '-----END CERTIFICATE-----' 284s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-ejg3vy/SSSD-child-537.pem 284s Certificate: 284s Data: 284s Version: 3 (0x2) 284s Serial Number: 4 (0x4) 284s Signature Algorithm: sha256WithRSAEncryption 284s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 284s Validity 284s Not Before: Jun 14 17:05:38 2024 GMT 284s Not After : Jun 14 17:05:38 2025 GMT 284s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 284s Subject Public Key Info: 284s Public Key Algorithm: rsaEncryption 284s Public-Key: (1024 bit) 284s Modulus: 284s 00:f0:4a:cd:6d:eb:24:a8:20:ef:98:c1:ee:05:b8: 284s b1:fc:6f:f9:88:c8:62:62:97:ca:ee:6f:4f:67:34: 284s 98:fe:6a:70:cd:57:fe:15:23:18:c8:00:31:56:e3: 284s 1d:01:58:c9:85:50:7c:a4:cf:11:66:ce:05:28:5a: 284s 02:72:d1:30:c0:3d:33:48:a7:41:f6:b0:42:f1:07: 284s db:49:ce:18:5f:5b:f8:d2:6f:99:d8:2e:f1:a2:fb: 284s 65:04:4a:ed:ec:44:45:07:23:4b:2d:e4:16:6d:2b: 284s 4c:72:57:ab:44:fd:f9:ed:03:bb:d7:4b:08:60:c8: 284s 66:35:2b:0f:5b:73:23:aa:cf 284s Exponent: 65537 (0x10001) 284s X509v3 extensions: 284s X509v3 Authority Key Identifier: 284s 8A:28:25:6A:AA:3D:95:2F:7D:FE:42:B9:DF:3F:C1:25:C2:9B:DC:06 284s X509v3 Basic Constraints: 284s CA:FALSE 284s Netscape Cert Type: 284s SSL Client, S/MIME 284s Netscape Comment: 284s Test Organization Intermediate CA trusted Certificate 284s X509v3 Subject Key Identifier: 284s 79:83:81:DF:56:FE:E0:C3:D7:83:85:7D:39:D7:C6:5F:0F:04:F3:58 284s X509v3 Key Usage: critical 284s Digital Signature, Non Repudiation, Key Encipherment 284s X509v3 Extended Key Usage: 284s TLS Web Client Authentication, E-mail Protection 284s X509v3 Subject Alternative Name: 284s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 284s Signature Algorithm: sha256WithRSAEncryption 284s Signature Value: 284s c1:65:f8:58:45:7e:43:95:4a:dc:bf:f7:51:ac:42:cb:33:f8: 284s 83:11:ba:48:46:12:b2:a4:20:97:02:15:27:dc:e9:b1:45:02: 284s 2e:9e:bb:89:4b:89:b7:7c:92:89:11:4d:83:7e:8d:53:49:49: 284s 56:47:b4:6f:69:c2:a4:fa:01:41:7d:b2:26:1b:8c:5f:75:6c: 284s c9:e0:bc:46:dd:ef:16:fc:98:f9:7c:24:03:63:4f:ec:cc:98: 284s 82:bd:db:ab:59:61:8b:5e:0d:05:c7:77:b2:ba:3d:c6:b4:90: 284s c6:69:36:06:5a:bc:a1:49:a9:b6:cc:6e:d7:47:4f:05:74:5a: 284s 1c:ac 284s + local found_md5 expected_md5 284s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-ejg3vy/test-intermediate-CA-trusted-certificate-0001.pem 285s + expected_md5=Modulus=F04ACD6DEB24A820EF98C1EE05B8B1FC6FF988C8626297CAEE6F4F673498FE6A70CD57FE152318C8003156E31D0158C985507CA4CF1166CE05285A0272D130C03D3348A741F6B042F107DB49CE185F5BF8D26F99D82EF1A2FB65044AEDEC444507234B2DE4166D2B4C7257AB44FDF9ED03BBD74B0860C866352B0F5B7323AACF 285s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-ejg3vy/SSSD-child-537.pem 285s + found_md5=Modulus=F04ACD6DEB24A820EF98C1EE05B8B1FC6FF988C8626297CAEE6F4F673498FE6A70CD57FE152318C8003156E31D0158C985507CA4CF1166CE05285A0272D130C03D3348A741F6B042F107DB49CE185F5BF8D26F99D82EF1A2FB65044AEDEC444507234B2DE4166D2B4C7257AB44FDF9ED03BBD74B0860C866352B0F5B7323AACF 285s + '[' Modulus=F04ACD6DEB24A820EF98C1EE05B8B1FC6FF988C8626297CAEE6F4F673498FE6A70CD57FE152318C8003156E31D0158C985507CA4CF1166CE05285A0272D130C03D3348A741F6B042F107DB49CE185F5BF8D26F99D82EF1A2FB65044AEDEC444507234B2DE4166D2B4C7257AB44FDF9ED03BBD74B0860C866352B0F5B7323AACF '!=' Modulus=F04ACD6DEB24A820EF98C1EE05B8B1FC6FF988C8626297CAEE6F4F673498FE6A70CD57FE152318C8003156E31D0158C985507CA4CF1166CE05285A0272D130C03D3348A741F6B042F107DB49CE185F5BF8D26F99D82EF1A2FB65044AEDEC444507234B2DE4166D2B4C7257AB44FDF9ED03BBD74B0860C866352B0F5B7323AACF ']' 285s + output_file=/tmp/sssd-softhsm2-ejg3vy/SSSD-child-537-auth.output 285s ++ basename /tmp/sssd-softhsm2-ejg3vy/SSSD-child-537-auth.output .output 285s + output_cert_file=/tmp/sssd-softhsm2-ejg3vy/SSSD-child-537-auth.pem 285s + echo -n 053350 285s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-ejg3vy/test-intermediate-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Interme Token' --module_name /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so 285s [p11_child[3370]] [main] (0x0400): p11_child started. 285s [p11_child[3370]] [main] (0x2000): Running in [auth] mode. 285s [p11_child[3370]] [main] (0x2000): Running with effective IDs: [0][0]. 285s [p11_child[3370]] [main] (0x2000): Running with real IDs [0][0]. 285s [p11_child[3370]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 285s [p11_child[3370]] [do_card] (0x4000): Module List: 285s [p11_child[3370]] [do_card] (0x4000): common name: [softhsm2]. 285s [p11_child[3370]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 285s [p11_child[3370]] [do_card] (0x4000): Description [SoftHSM slot ID 0x36212193] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 285s [p11_child[3370]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 285s [p11_child[3370]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x36212193][908140947] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 285s [p11_child[3370]] [do_card] (0x4000): Login required. 285s [p11_child[3370]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 285s [p11_child[3370]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 285s [p11_child[3370]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so Test Organization Interme Token Test Organization Interme Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 285s [p11_child[3370]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x36212193;slot-manufacturer=SoftHSM%20project;slot-id=908140947;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=f33046dbb6212193;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 285s [p11_child[3370]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 285s [p11_child[3370]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 285s [p11_child[3370]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 285s [p11_child[3370]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 285s [p11_child[3370]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 285s [p11_child[3370]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 285s [p11_child[3370]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 285s [p11_child[3370]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 285s [p11_child[3370]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 285s [p11_child[3370]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 285s [p11_child[3370]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 285s [p11_child[3370]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 285s [p11_child[3370]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 285s [p11_child[3370]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 285s [p11_child[3370]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 285s [p11_child[3370]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 285s [p11_child[3370]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 285s [p11_child[3370]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 285s [p11_child[3370]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 285s [p11_child[3370]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 285s [p11_child[3370]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 285s [p11_child[3370]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 285s [p11_child[3370]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 285s [p11_child[3370]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 285s [p11_child[3370]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 285s [p11_child[3370]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 285s [p11_child[3370]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 285s [p11_child[3370]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 285s [p11_child[3370]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 285s [p11_child[3370]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 285s [p11_child[3370]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 285s [p11_child[3370]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 285s [p11_child[3370]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 285s [p11_child[3370]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 285s [p11_child[3370]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 285s [p11_child[3370]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 285s [p11_child[3370]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 285s [p11_child[3370]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 285s [p11_child[3370]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 285s [p11_child[3370]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 285s [p11_child[3370]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 285s [p11_child[3370]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 285s [p11_child[3370]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 285s [p11_child[3370]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 285s [p11_child[3370]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 285s [p11_child[3370]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 285s [p11_child[3370]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 285s [p11_child[3370]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 285s [p11_child[3370]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 285s [p11_child[3370]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 285s [p11_child[3370]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 285s [p11_child[3370]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 285s [p11_child[3370]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 285s [p11_child[3370]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 285s [p11_child[3370]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 285s [p11_child[3370]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 285s [p11_child[3370]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 285s [p11_child[3370]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 285s [p11_child[3370]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 285s [p11_child[3370]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 285s [p11_child[3370]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 285s [p11_child[3370]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 285s [p11_child[3370]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 285s [p11_child[3370]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 285s [p11_child[3370]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 285s [p11_child[3370]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 285s [p11_child[3370]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 285s [p11_child[3370]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 285s [p11_child[3370]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 285s [p11_child[3370]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 285s [p11_child[3370]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 285s [p11_child[3370]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 285s [p11_child[3370]] [do_card] (0x4000): Certificate verified and validated. 285s [p11_child[3370]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 285s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-ejg3vy/SSSD-child-537-auth.output 285s + echo '-----BEGIN CERTIFICATE-----' 285s + tail -n1 /tmp/sssd-softhsm2-ejg3vy/SSSD-child-537-auth.output 285s + echo '-----END CERTIFICATE-----' 285s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-ejg3vy/SSSD-child-537-auth.pem 285s Certificate: 285s Data: 285s Version: 3 (0x2) 285s Serial Number: 4 (0x4) 285s Signature Algorithm: sha256WithRSAEncryption 285s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 285s Validity 285s Not Before: Jun 14 17:05:38 2024 GMT 285s Not After : Jun 14 17:05:38 2025 GMT 285s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 285s Subject Public Key Info: 285s Public Key Algorithm: rsaEncryption 285s Public-Key: (1024 bit) 285s Modulus: 285s 00:f0:4a:cd:6d:eb:24:a8:20:ef:98:c1:ee:05:b8: 285s b1:fc:6f:f9:88:c8:62:62:97:ca:ee:6f:4f:67:34: 285s 98:fe:6a:70:cd:57:fe:15:23:18:c8:00:31:56:e3: 285s 1d:01:58:c9:85:50:7c:a4:cf:11:66:ce:05:28:5a: 285s 02:72:d1:30:c0:3d:33:48:a7:41:f6:b0:42:f1:07: 285s db:49:ce:18:5f:5b:f8:d2:6f:99:d8:2e:f1:a2:fb: 285s 65:04:4a:ed:ec:44:45:07:23:4b:2d:e4:16:6d:2b: 285s 4c:72:57:ab:44:fd:f9:ed:03:bb:d7:4b:08:60:c8: 285s 66:35:2b:0f:5b:73:23:aa:cf 285s Exponent: 65537 (0x10001) 285s X509v3 extensions: 285s X509v3 Authority Key Identifier: 285s 8A:28:25:6A:AA:3D:95:2F:7D:FE:42:B9:DF:3F:C1:25:C2:9B:DC:06 285s X509v3 Basic Constraints: 285s CA:FALSE 285s Netscape Cert Type: 285s SSL Client, S/MIME 285s Netscape Comment: 285s Test Organization Intermediate CA trusted Certificate 285s X509v3 Subject Key Identifier: 285s 79:83:81:DF:56:FE:E0:C3:D7:83:85:7D:39:D7:C6:5F:0F:04:F3:58 285s X509v3 Key Usage: critical 285s Digital Signature, Non Repudiation, Key Encipherment 285s X509v3 Extended Key Usage: 285s TLS Web Client Authentication, E-mail Protection 285s X509v3 Subject Alternative Name: 285s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 285s Signature Algorithm: sha256WithRSAEncryption 285s Signature Value: 285s c1:65:f8:58:45:7e:43:95:4a:dc:bf:f7:51:ac:42:cb:33:f8: 285s 83:11:ba:48:46:12:b2:a4:20:97:02:15:27:dc:e9:b1:45:02: 285s 2e:9e:bb:89:4b:89:b7:7c:92:89:11:4d:83:7e:8d:53:49:49: 285s 56:47:b4:6f:69:c2:a4:fa:01:41:7d:b2:26:1b:8c:5f:75:6c: 285s c9:e0:bc:46:dd:ef:16:fc:98:f9:7c:24:03:63:4f:ec:cc:98: 285s 82:bd:db:ab:59:61:8b:5e:0d:05:c7:77:b2:ba:3d:c6:b4:90: 285s c6:69:36:06:5a:bc:a1:49:a9:b6:cc:6e:d7:47:4f:05:74:5a: 285s 1c:ac 285s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-ejg3vy/SSSD-child-537-auth.pem 285s + found_md5=Modulus=F04ACD6DEB24A820EF98C1EE05B8B1FC6FF988C8626297CAEE6F4F673498FE6A70CD57FE152318C8003156E31D0158C985507CA4CF1166CE05285A0272D130C03D3348A741F6B042F107DB49CE185F5BF8D26F99D82EF1A2FB65044AEDEC444507234B2DE4166D2B4C7257AB44FDF9ED03BBD74B0860C866352B0F5B7323AACF 285s + '[' Modulus=F04ACD6DEB24A820EF98C1EE05B8B1FC6FF988C8626297CAEE6F4F673498FE6A70CD57FE152318C8003156E31D0158C985507CA4CF1166CE05285A0272D130C03D3348A741F6B042F107DB49CE185F5BF8D26F99D82EF1A2FB65044AEDEC444507234B2DE4166D2B4C7257AB44FDF9ED03BBD74B0860C866352B0F5B7323AACF '!=' Modulus=F04ACD6DEB24A820EF98C1EE05B8B1FC6FF988C8626297CAEE6F4F673498FE6A70CD57FE152318C8003156E31D0158C985507CA4CF1166CE05285A0272D130C03D3348A741F6B042F107DB49CE185F5BF8D26F99D82EF1A2FB65044AEDEC444507234B2DE4166D2B4C7257AB44FDF9ED03BBD74B0860C866352B0F5B7323AACF ']' 285s + invalid_certificate /tmp/sssd-softhsm2-ejg3vy/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-18367 /tmp/sssd-softhsm2-ejg3vy/test-root-CA.pem 285s + check_certificate /tmp/sssd-softhsm2-ejg3vy/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-18367 /tmp/sssd-softhsm2-ejg3vy/test-root-CA.pem 285s + local certificate=/tmp/sssd-softhsm2-ejg3vy/test-sub-intermediate-CA-trusted-certificate-0001.pem 285s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-18367 285s + local key_ring=/tmp/sssd-softhsm2-ejg3vy/test-root-CA.pem 285s + local verify_option= 285s + prepare_softhsm2_card /tmp/sssd-softhsm2-ejg3vy/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-18367 285s + local certificate=/tmp/sssd-softhsm2-ejg3vy/test-sub-intermediate-CA-trusted-certificate-0001.pem 285s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-18367 285s + local key_cn 285s + local key_name 285s + local tokens_dir 285s + local output_cert_file 285s + token_name= 285s ++ basename /tmp/sssd-softhsm2-ejg3vy/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 285s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 285s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-ejg3vy/test-sub-intermediate-CA-trusted-certificate-0001.pem 285s ++ sed -n 's/ *commonName *= //p' 285s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 285s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 285s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-ejg3vy/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 285s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-ejg3vy/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 285s ++ basename /tmp/sssd-softhsm2-ejg3vy/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 285s + tokens_dir=/tmp/sssd-softhsm2-ejg3vy/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 285s + token_name='Test Organization Sub Int Token' 285s + '[' '!' -e /tmp/sssd-softhsm2-ejg3vy/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 285s + local key_file 285s + local decrypted_key 285s + mkdir -p /tmp/sssd-softhsm2-ejg3vy/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 285s + key_file=/tmp/sssd-softhsm2-ejg3vy/test-sub-intermediate-CA-trusted-certificate-0001-key.pem 285s + decrypted_key=/tmp/sssd-softhsm2-ejg3vy/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 285s + cat 285s + softhsm2-util --init-token --label 'Test Organization Sub Int Token' --pin 053350 --so-pin 053350 --free 285s Slot 0 has a free/uninitialized token. 285s The token has been initialized and is reassigned to slot 321746821 285s + softhsm2-util --show-slots 285s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=/tmp/sssd-softhsm2-ejg3vy/test-sub-intermediate-CA-trusted-certificate-0001.pem --login --set-pin=053350 --label 'Test Organization Sub Intermediate Trusted Certificate 0001' --id 00112233445566778899FFAABBCCDDEEFF012345 285s Available slots: 285s Slot 321746821 285s Slot info: 285s Description: SoftHSM slot ID 0x132d7785 285s Manufacturer ID: SoftHSM project 285s Hardware version: 2.6 285s Firmware version: 2.6 285s Token present: yes 285s Token info: 285s Manufacturer ID: SoftHSM project 285s Model: SoftHSM v2 285s Hardware version: 2.6 285s Firmware version: 2.6 285s Serial number: 5e961969932d7785 285s Initialized: yes 285s User PIN init.: yes 285s Label: Test Organization Sub Int Token 285s Slot 1 285s Slot info: 285s Description: SoftHSM slot ID 0x1 285s Manufacturer ID: SoftHSM project 285s Hardware version: 2.6 285s Firmware version: 2.6 285s Token present: yes 285s Token info: 285s Manufacturer ID: SoftHSM project 285s Model: SoftHSM v2 285s Hardware version: 2.6 285s Firmware version: 2.6 285s Serial number: 285s Initialized: no 285s User PIN init.: no 285s Label: 285s + openssl rsa -passin pass:random-sub-intermediate-ca-trusted-cert-0001-18367 -in /tmp/sssd-softhsm2-ejg3vy/test-sub-intermediate-CA-trusted-certificate-0001-key.pem -out /tmp/sssd-softhsm2-ejg3vy/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 285s writing RSA key 285s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --write --load-privkey=/tmp/sssd-softhsm2-ejg3vy/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem --login --set-pin=053350 --label 'Test Organization Sub Intermediate Trusted Certificate 0001 Key' --id 00112233445566778899FFAABBCCDDEEFF012345 285s + rm /tmp/sssd-softhsm2-ejg3vy/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 285s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --list-all 285s Object 0: 285s URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=5e961969932d7785;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert 285s Type: X.509 Certificate (RSA-1024) 285s Expires: Sat Jun 14 17:05:38 2025 285s Label: Test Organization Sub Intermediate Trusted Certificate 0001 285s ID: 00:11:22:33:44:55:66:77:88:99:ff:aa:bb:cc:dd:ee:ff:01:23:45 285s 285s + echo 'Test Organization Sub Int Token' 285s + '[' -n '' ']' 285s + local output_base_name=SSSD-child-1193 285s + local output_file=/tmp/sssd-softhsm2-ejg3vy/SSSD-child-1193.output 285s + output_cert_file=/tmp/sssd-softhsm2-ejg3vy/SSSD-child-1193.pem 285s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-ejg3vy/test-root-CA.pem 285s Test Organization Sub Int Token 285s [p11_child[3389]] [main] (0x0400): p11_child started. 285s [p11_child[3389]] [main] (0x2000): Running in [pre-auth] mode. 285s [p11_child[3389]] [main] (0x2000): Running with effective IDs: [0][0]. 285s [p11_child[3389]] [main] (0x2000): Running with real IDs [0][0]. 285s [p11_child[3389]] [do_card] (0x4000): Module List: 285s [p11_child[3389]] [do_card] (0x4000): common name: [softhsm2]. 285s [p11_child[3389]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 285s [p11_child[3389]] [do_card] (0x4000): Description [SoftHSM slot ID 0x132d7785] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 285s [p11_child[3389]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 285s [p11_child[3389]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x132d7785][321746821] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 285s [p11_child[3389]] [do_card] (0x4000): Login NOT required. 285s [p11_child[3389]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 285s [p11_child[3389]] [do_verification] (0x0040): X509_verify_cert failed [0]. 285s [p11_child[3389]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 285s [p11_child[3389]] [read_certs] (0x0040): Certificate [Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] not valid, skipping. 285s [p11_child[3389]] [do_card] (0x4000): No certificate found. 285s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-ejg3vy/SSSD-child-1193.output 285s + return 2 285s + invalid_certificate /tmp/sssd-softhsm2-ejg3vy/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-18367 /tmp/sssd-softhsm2-ejg3vy/test-root-CA.pem partial_chain 285s + check_certificate /tmp/sssd-softhsm2-ejg3vy/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-18367 /tmp/sssd-softhsm2-ejg3vy/test-root-CA.pem partial_chain 285s + local certificate=/tmp/sssd-softhsm2-ejg3vy/test-sub-intermediate-CA-trusted-certificate-0001.pem 285s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-18367 285s + local key_ring=/tmp/sssd-softhsm2-ejg3vy/test-root-CA.pem 285s + local verify_option=partial_chain 285s + prepare_softhsm2_card /tmp/sssd-softhsm2-ejg3vy/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-18367 285s + local certificate=/tmp/sssd-softhsm2-ejg3vy/test-sub-intermediate-CA-trusted-certificate-0001.pem 285s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-18367 285s + local key_cn 285s + local key_name 285s + local tokens_dir 285s + local output_cert_file 285s + token_name= 285s ++ basename /tmp/sssd-softhsm2-ejg3vy/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 285s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 285s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-ejg3vy/test-sub-intermediate-CA-trusted-certificate-0001.pem 285s ++ sed -n 's/ *commonName *= //p' 285s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 285s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 285s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-ejg3vy/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 285s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-ejg3vy/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 285s ++ basename /tmp/sssd-softhsm2-ejg3vy/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 285s + tokens_dir=/tmp/sssd-softhsm2-ejg3vy/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 285s + token_name='Test Organization Sub Int Token' 285s + '[' '!' -e /tmp/sssd-softhsm2-ejg3vy/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 285s + '[' '!' -d /tmp/sssd-softhsm2-ejg3vy/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 285s + echo 'Test Organization Sub Int Token' 285s + '[' -n partial_chain ']' 285s + local verify_arg=--verify=partial_chain 285s + local output_base_name=SSSD-child-28708 285s + local output_file=/tmp/sssd-softhsm2-ejg3vy/SSSD-child-28708.output 285s + output_cert_file=/tmp/sssd-softhsm2-ejg3vy/SSSD-child-28708.pem 285s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-ejg3vy/test-root-CA.pem 285s Test Organization Sub Int Token 285s [p11_child[3396]] [main] (0x0400): p11_child started. 285s [p11_child[3396]] [main] (0x2000): Running in [pre-auth] mode. 285s [p11_child[3396]] [main] (0x2000): Running with effective IDs: [0][0]. 285s [p11_child[3396]] [main] (0x2000): Running with real IDs [0][0]. 285s [p11_child[3396]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 285s [p11_child[3396]] [do_card] (0x4000): Module List: 285s [p11_child[3396]] [do_card] (0x4000): common name: [softhsm2]. 285s [p11_child[3396]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 285s [p11_child[3396]] [do_card] (0x4000): Description [SoftHSM slot ID 0x132d7785] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 285s [p11_child[3396]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 285s [p11_child[3396]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x132d7785][321746821] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 285s [p11_child[3396]] [do_card] (0x4000): Login NOT required. 285s [p11_child[3396]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 285s [p11_child[3396]] [do_verification] (0x0040): X509_verify_cert failed [0]. 285s [p11_child[3396]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 285s [p11_child[3396]] [read_certs] (0x0040): Certificate [Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] not valid, skipping. 285s [p11_child[3396]] [do_card] (0x4000): No certificate found. 285s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-ejg3vy/SSSD-child-28708.output 285s + return 2 285s + valid_certificate /tmp/sssd-softhsm2-ejg3vy/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-18367 /tmp/sssd-softhsm2-ejg3vy/test-full-chain-CA.pem 285s + check_certificate /tmp/sssd-softhsm2-ejg3vy/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-18367 /tmp/sssd-softhsm2-ejg3vy/test-full-chain-CA.pem 285s + local certificate=/tmp/sssd-softhsm2-ejg3vy/test-sub-intermediate-CA-trusted-certificate-0001.pem 285s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-18367 285s + local key_ring=/tmp/sssd-softhsm2-ejg3vy/test-full-chain-CA.pem 285s + local verify_option= 285s + prepare_softhsm2_card /tmp/sssd-softhsm2-ejg3vy/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-18367 285s + local certificate=/tmp/sssd-softhsm2-ejg3vy/test-sub-intermediate-CA-trusted-certificate-0001.pem 285s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-18367 285s + local key_cn 285s + local key_name 285s + local tokens_dir 285s + local output_cert_file 285s + token_name= 285s ++ basename /tmp/sssd-softhsm2-ejg3vy/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 285s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 285s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-ejg3vy/test-sub-intermediate-CA-trusted-certificate-0001.pem 285s ++ sed -n 's/ *commonName *= //p' 285s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 285s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 285s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-ejg3vy/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 285s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-ejg3vy/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 285s ++ basename /tmp/sssd-softhsm2-ejg3vy/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 285s + tokens_dir=/tmp/sssd-softhsm2-ejg3vy/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 285s + token_name='Test Organization Sub Int Token' 285s + '[' '!' -e /tmp/sssd-softhsm2-ejg3vy/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 285s + '[' '!' -d /tmp/sssd-softhsm2-ejg3vy/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 285s + echo 'Test Organization Sub Int Token' 285s + '[' -n '' ']' 285s + local output_base_name=SSSD-child-6943 285s + local output_file=/tmp/sssd-softhsm2-ejg3vy/SSSD-child-6943.output 285s + output_cert_file=/tmp/sssd-softhsm2-ejg3vy/SSSD-child-6943.pem 285s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-ejg3vy/test-full-chain-CA.pem 285s [p11_child[3403]] [main] (0x0400): p11_child started. 285s [p11_child[3403]] [main] (0x2000): Running in [pre-auth] mode. 285s [p11_child[3403]] [main] (0x2000): Running with effective IDs: [0][0]. 285s [p11_child[3403]] [main] (0x2000): Running with real IDs [0][0]. 285s [p11_child[3403]] [do_card] (0x4000): Module List: 285s [p11_child[3403]] [do_card] (0x4000): common name: [softhsm2]. 285s [p11_child[3403]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 285s [p11_child[3403]] [do_card] (0x4000): Description [SoftHSM slot ID 0x132d7785] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 285s [p11_child[3403]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 285s [p11_child[3403]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x132d7785][321746821] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 285s [p11_child[3403]] [do_card] (0x4000): Login NOT required. 285s [p11_child[3403]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 285s [p11_child[3403]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 285s [p11_child[3403]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Sub Int Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 285s [p11_child[3403]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x132d7785;slot-manufacturer=SoftHSM%20project;slot-id=321746821;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=5e961969932d7785;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 285s [p11_child[3403]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 285s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-ejg3vy/SSSD-child-6943.output 285s + echo '-----BEGIN CERTIFICATE-----' 285s + tail -n1 /tmp/sssd-softhsm2-ejg3vy/SSSD-child-6943.output 285s + echo '-----END CERTIFICATE-----' 285s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-ejg3vy/SSSD-child-6943.pem 285s Test Organization Sub Int Token 285s Certificate: 285s Data: 285s Version: 3 (0x2) 285s Serial Number: 5 (0x5) 285s Signature Algorithm: sha256WithRSAEncryption 285s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 285s Validity 285s Not Before: Jun 14 17:05:38 2024 GMT 285s Not After : Jun 14 17:05:38 2025 GMT 285s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 285s Subject Public Key Info: 285s Public Key Algorithm: rsaEncryption 285s Public-Key: (1024 bit) 285s Modulus: 285s 00:b0:a4:d9:6b:2f:82:5c:f2:90:ba:89:fa:50:e5: 285s 14:5e:66:5c:f9:7e:fb:88:cd:42:c6:00:7a:61:e6: 285s 72:f8:aa:16:32:2c:08:b5:e4:76:65:2c:30:64:fb: 285s cd:b7:84:fe:1d:be:33:0d:b3:89:2f:e0:81:8b:93: 285s 07:a7:0f:25:f8:06:c2:19:5b:96:4d:84:bf:84:34: 285s ec:70:e2:95:c7:04:d3:89:de:fa:b7:ed:6f:0c:71: 285s 59:0f:1f:d2:e8:2f:41:91:e7:79:66:98:59:f5:31: 285s 43:67:e7:c6:a3:40:9a:1b:79:fe:2b:7c:c5:3a:17: 285s 47:9f:e9:5b:7e:fa:d2:5c:a5 285s Exponent: 65537 (0x10001) 285s X509v3 extensions: 285s X509v3 Authority Key Identifier: 285s 3D:0C:3B:AB:15:47:56:34:3B:71:81:7F:9C:CA:8C:79:25:B1:7D:DF 285s X509v3 Basic Constraints: 285s CA:FALSE 285s Netscape Cert Type: 285s SSL Client, S/MIME 285s Netscape Comment: 285s Test Organization Sub Intermediate CA trusted Certificate 285s X509v3 Subject Key Identifier: 285s 22:91:B6:05:16:F4:2B:46:71:84:8E:04:ED:F2:FC:A3:00:40:ED:AA 285s X509v3 Key Usage: critical 285s Digital Signature, Non Repudiation, Key Encipherment 285s X509v3 Extended Key Usage: 285s TLS Web Client Authentication, E-mail Protection 285s X509v3 Subject Alternative Name: 285s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 285s Signature Algorithm: sha256WithRSAEncryption 285s Signature Value: 285s 76:24:17:93:d5:68:eb:2d:85:d7:cf:a3:36:5a:5a:c1:7c:e6: 285s 8b:45:a5:ab:c6:54:c8:f6:68:4f:d9:2c:fa:26:19:1e:75:71: 285s 33:d4:91:0d:17:9c:e7:15:14:e8:87:eb:54:34:db:46:96:04: 285s 08:6a:de:f9:2f:4e:eb:15:fa:31:f0:9d:e9:b3:11:5e:88:ab: 285s ba:14:1e:05:20:f3:cc:6c:d7:52:76:03:c4:c6:59:05:5b:0d: 285s 42:d7:99:7d:8c:e9:2f:8a:76:d5:8d:08:d3:71:b6:90:2c:cd: 285s 2f:08:e5:49:6f:de:38:72:be:c7:09:01:fd:fe:ef:43:bf:c2: 285s 70:cb 285s + local found_md5 expected_md5 285s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-ejg3vy/test-sub-intermediate-CA-trusted-certificate-0001.pem 285s + expected_md5=Modulus=B0A4D96B2F825CF290BA89FA50E5145E665CF97EFB88CD42C6007A61E672F8AA16322C08B5E476652C3064FBCDB784FE1DBE330DB3892FE0818B9307A70F25F806C2195B964D84BF8434EC70E295C704D389DEFAB7ED6F0C71590F1FD2E82F4191E779669859F5314367E7C6A3409A1B79FE2B7CC53A17479FE95B7EFAD25CA5 285s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-ejg3vy/SSSD-child-6943.pem 285s + found_md5=Modulus=B0A4D96B2F825CF290BA89FA50E5145E665CF97EFB88CD42C6007A61E672F8AA16322C08B5E476652C3064FBCDB784FE1DBE330DB3892FE0818B9307A70F25F806C2195B964D84BF8434EC70E295C704D389DEFAB7ED6F0C71590F1FD2E82F4191E779669859F5314367E7C6A3409A1B79FE2B7CC53A17479FE95B7EFAD25CA5 285s + '[' Modulus=B0A4D96B2F825CF290BA89FA50E5145E665CF97EFB88CD42C6007A61E672F8AA16322C08B5E476652C3064FBCDB784FE1DBE330DB3892FE0818B9307A70F25F806C2195B964D84BF8434EC70E295C704D389DEFAB7ED6F0C71590F1FD2E82F4191E779669859F5314367E7C6A3409A1B79FE2B7CC53A17479FE95B7EFAD25CA5 '!=' Modulus=B0A4D96B2F825CF290BA89FA50E5145E665CF97EFB88CD42C6007A61E672F8AA16322C08B5E476652C3064FBCDB784FE1DBE330DB3892FE0818B9307A70F25F806C2195B964D84BF8434EC70E295C704D389DEFAB7ED6F0C71590F1FD2E82F4191E779669859F5314367E7C6A3409A1B79FE2B7CC53A17479FE95B7EFAD25CA5 ']' 285s + output_file=/tmp/sssd-softhsm2-ejg3vy/SSSD-child-6943-auth.output 285s ++ basename /tmp/sssd-softhsm2-ejg3vy/SSSD-child-6943-auth.output .output 285s + output_cert_file=/tmp/sssd-softhsm2-ejg3vy/SSSD-child-6943-auth.pem 285s + echo -n 053350 285s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-ejg3vy/test-full-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 '' --token_name 'Test Organization Sub Int Token' --module_name /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so 285s [p11_child[3411]] [main] (0x0400): p11_child started. 285s [p11_child[3411]] [main] (0x2000): Running in [auth] mode. 285s [p11_child[3411]] [main] (0x2000): Running with effective IDs: [0][0]. 285s [p11_child[3411]] [main] (0x2000): Running with real IDs [0][0]. 285s [p11_child[3411]] [do_card] (0x4000): Module List: 285s [p11_child[3411]] [do_card] (0x4000): common name: [softhsm2]. 285s [p11_child[3411]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 285s [p11_child[3411]] [do_card] (0x4000): Description [SoftHSM slot ID 0x132d7785] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 285s [p11_child[3411]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 285s [p11_child[3411]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x132d7785][321746821] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 285s [p11_child[3411]] [do_card] (0x4000): Login required. 285s [p11_child[3411]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 285s [p11_child[3411]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 285s [p11_child[3411]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so Test Organization Sub Int Token Test Organization Sub Int Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 285s [p11_child[3411]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x132d7785;slot-manufacturer=SoftHSM%20project;slot-id=321746821;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=5e961969932d7785;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 285s [p11_child[3411]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 285s [p11_child[3411]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 285s [p11_child[3411]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 285s [p11_child[3411]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 285s [p11_child[3411]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 285s [p11_child[3411]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 285s [p11_child[3411]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 285s [p11_child[3411]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 285s [p11_child[3411]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 285s [p11_child[3411]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 285s [p11_child[3411]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 285s [p11_child[3411]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 285s [p11_child[3411]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 285s [p11_child[3411]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 285s [p11_child[3411]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 285s [p11_child[3411]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 285s [p11_child[3411]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 285s [p11_child[3411]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 285s [p11_child[3411]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 285s [p11_child[3411]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 285s [p11_child[3411]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 285s [p11_child[3411]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 285s [p11_child[3411]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 285s [p11_child[3411]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 285s [p11_child[3411]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 285s [p11_child[3411]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 285s [p11_child[3411]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 285s [p11_child[3411]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 285s [p11_child[3411]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 285s [p11_child[3411]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 285s [p11_child[3411]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 285s [p11_child[3411]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 285s [p11_child[3411]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 285s [p11_child[3411]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 285s [p11_child[3411]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 285s [p11_child[3411]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 285s [p11_child[3411]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 285s [p11_child[3411]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 285s [p11_child[3411]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 285s [p11_child[3411]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 285s [p11_child[3411]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 285s [p11_child[3411]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 285s [p11_child[3411]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 285s [p11_child[3411]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 285s [p11_child[3411]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 285s [p11_child[3411]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 285s [p11_child[3411]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 285s [p11_child[3411]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 285s [p11_child[3411]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 285s [p11_child[3411]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 285s [p11_child[3411]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 285s [p11_child[3411]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 285s [p11_child[3411]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 285s [p11_child[3411]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 285s [p11_child[3411]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 285s [p11_child[3411]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 285s [p11_child[3411]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 285s [p11_child[3411]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 285s [p11_child[3411]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 285s [p11_child[3411]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 285s [p11_child[3411]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 285s [p11_child[3411]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 285s [p11_child[3411]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 285s [p11_child[3411]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 285s [p11_child[3411]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 285s [p11_child[3411]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 285s [p11_child[3411]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 285s [p11_child[3411]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 285s [p11_child[3411]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 285s [p11_child[3411]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 285s [p11_child[3411]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 285s [p11_child[3411]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 285s [p11_child[3411]] [do_card] (0x4000): Certificate verified and validated. 285s [p11_child[3411]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 285s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-ejg3vy/SSSD-child-6943-auth.output 285s + echo '-----BEGIN CERTIFICATE-----' 285s + tail -n1 /tmp/sssd-softhsm2-ejg3vy/SSSD-child-6943-auth.output 285s + echo '-----END CERTIFICATE-----' 285s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-ejg3vy/SSSD-child-6943-auth.pem 285s Certificate: 285s Data: 285s Version: 3 (0x2) 285s Serial Number: 5 (0x5) 285s Signature Algorithm: sha256WithRSAEncryption 285s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 285s Validity 285s Not Before: Jun 14 17:05:38 2024 GMT 285s Not After : Jun 14 17:05:38 2025 GMT 285s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 285s Subject Public Key Info: 285s Public Key Algorithm: rsaEncryption 285s Public-Key: (1024 bit) 285s Modulus: 285s 00:b0:a4:d9:6b:2f:82:5c:f2:90:ba:89:fa:50:e5: 285s 14:5e:66:5c:f9:7e:fb:88:cd:42:c6:00:7a:61:e6: 285s 72:f8:aa:16:32:2c:08:b5:e4:76:65:2c:30:64:fb: 285s cd:b7:84:fe:1d:be:33:0d:b3:89:2f:e0:81:8b:93: 285s 07:a7:0f:25:f8:06:c2:19:5b:96:4d:84:bf:84:34: 285s ec:70:e2:95:c7:04:d3:89:de:fa:b7:ed:6f:0c:71: 285s 59:0f:1f:d2:e8:2f:41:91:e7:79:66:98:59:f5:31: 285s 43:67:e7:c6:a3:40:9a:1b:79:fe:2b:7c:c5:3a:17: 285s 47:9f:e9:5b:7e:fa:d2:5c:a5 285s Exponent: 65537 (0x10001) 285s X509v3 extensions: 285s X509v3 Authority Key Identifier: 285s 3D:0C:3B:AB:15:47:56:34:3B:71:81:7F:9C:CA:8C:79:25:B1:7D:DF 285s X509v3 Basic Constraints: 285s CA:FALSE 285s Netscape Cert Type: 285s SSL Client, S/MIME 285s Netscape Comment: 285s Test Organization Sub Intermediate CA trusted Certificate 285s X509v3 Subject Key Identifier: 285s 22:91:B6:05:16:F4:2B:46:71:84:8E:04:ED:F2:FC:A3:00:40:ED:AA 285s X509v3 Key Usage: critical 285s Digital Signature, Non Repudiation, Key Encipherment 285s X509v3 Extended Key Usage: 285s TLS Web Client Authentication, E-mail Protection 285s X509v3 Subject Alternative Name: 285s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 285s Signature Algorithm: sha256WithRSAEncryption 285s Signature Value: 285s 76:24:17:93:d5:68:eb:2d:85:d7:cf:a3:36:5a:5a:c1:7c:e6: 285s 8b:45:a5:ab:c6:54:c8:f6:68:4f:d9:2c:fa:26:19:1e:75:71: 285s 33:d4:91:0d:17:9c:e7:15:14:e8:87:eb:54:34:db:46:96:04: 285s 08:6a:de:f9:2f:4e:eb:15:fa:31:f0:9d:e9:b3:11:5e:88:ab: 285s ba:14:1e:05:20:f3:cc:6c:d7:52:76:03:c4:c6:59:05:5b:0d: 285s 42:d7:99:7d:8c:e9:2f:8a:76:d5:8d:08:d3:71:b6:90:2c:cd: 285s 2f:08:e5:49:6f:de:38:72:be:c7:09:01:fd:fe:ef:43:bf:c2: 285s 70:cb 285s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-ejg3vy/SSSD-child-6943-auth.pem 285s + found_md5=Modulus=B0A4D96B2F825CF290BA89FA50E5145E665CF97EFB88CD42C6007A61E672F8AA16322C08B5E476652C3064FBCDB784FE1DBE330DB3892FE0818B9307A70F25F806C2195B964D84BF8434EC70E295C704D389DEFAB7ED6F0C71590F1FD2E82F4191E779669859F5314367E7C6A3409A1B79FE2B7CC53A17479FE95B7EFAD25CA5 285s + '[' Modulus=B0A4D96B2F825CF290BA89FA50E5145E665CF97EFB88CD42C6007A61E672F8AA16322C08B5E476652C3064FBCDB784FE1DBE330DB3892FE0818B9307A70F25F806C2195B964D84BF8434EC70E295C704D389DEFAB7ED6F0C71590F1FD2E82F4191E779669859F5314367E7C6A3409A1B79FE2B7CC53A17479FE95B7EFAD25CA5 '!=' Modulus=B0A4D96B2F825CF290BA89FA50E5145E665CF97EFB88CD42C6007A61E672F8AA16322C08B5E476652C3064FBCDB784FE1DBE330DB3892FE0818B9307A70F25F806C2195B964D84BF8434EC70E295C704D389DEFAB7ED6F0C71590F1FD2E82F4191E779669859F5314367E7C6A3409A1B79FE2B7CC53A17479FE95B7EFAD25CA5 ']' 285s + valid_certificate /tmp/sssd-softhsm2-ejg3vy/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-18367 /tmp/sssd-softhsm2-ejg3vy/test-full-chain-CA.pem partial_chain 285s + check_certificate /tmp/sssd-softhsm2-ejg3vy/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-18367 /tmp/sssd-softhsm2-ejg3vy/test-full-chain-CA.pem partial_chain 285s + local certificate=/tmp/sssd-softhsm2-ejg3vy/test-sub-intermediate-CA-trusted-certificate-0001.pem 285s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-18367 285s + local key_ring=/tmp/sssd-softhsm2-ejg3vy/test-full-chain-CA.pem 285s + local verify_option=partial_chain 285s + prepare_softhsm2_card /tmp/sssd-softhsm2-ejg3vy/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-18367 285s + local certificate=/tmp/sssd-softhsm2-ejg3vy/test-sub-intermediate-CA-trusted-certificate-0001.pem 285s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-18367 285s + local key_cn 285s + local key_name 285s + local tokens_dir 285s + local output_cert_file 285s + token_name= 285s ++ basename /tmp/sssd-softhsm2-ejg3vy/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 285s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 285s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-ejg3vy/test-sub-intermediate-CA-trusted-certificate-0001.pem 285s ++ sed -n 's/ *commonName *= //p' 286s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 286s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 286s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-ejg3vy/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 286s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-ejg3vy/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 286s ++ basename /tmp/sssd-softhsm2-ejg3vy/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 286s + tokens_dir=/tmp/sssd-softhsm2-ejg3vy/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 286s + token_name='Test Organization Sub Int Token' 286s + '[' '!' -e /tmp/sssd-softhsm2-ejg3vy/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 286s + '[' '!' -d /tmp/sssd-softhsm2-ejg3vy/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 286s + echo 'Test Organization Sub Int Token' 286s + '[' -n partial_chain ']' 286s + local verify_arg=--verify=partial_chain 286s + local output_base_name=SSSD-child-28427 286s + local output_file=/tmp/sssd-softhsm2-ejg3vy/SSSD-child-28427.output 286s + output_cert_file=/tmp/sssd-softhsm2-ejg3vy/SSSD-child-28427.pem 286s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-ejg3vy/test-full-chain-CA.pem 286s Test Organization Sub Int Token 286s [p11_child[3421]] [main] (0x0400): p11_child started. 286s [p11_child[3421]] [main] (0x2000): Running in [pre-auth] mode. 286s [p11_child[3421]] [main] (0x2000): Running with effective IDs: [0][0]. 286s [p11_child[3421]] [main] (0x2000): Running with real IDs [0][0]. 286s [p11_child[3421]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 286s [p11_child[3421]] [do_card] (0x4000): Module List: 286s [p11_child[3421]] [do_card] (0x4000): common name: [softhsm2]. 286s [p11_child[3421]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 286s [p11_child[3421]] [do_card] (0x4000): Description [SoftHSM slot ID 0x132d7785] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 286s [p11_child[3421]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 286s [p11_child[3421]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x132d7785][321746821] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 286s [p11_child[3421]] [do_card] (0x4000): Login NOT required. 286s [p11_child[3421]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 286s [p11_child[3421]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 286s [p11_child[3421]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Sub Int Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 286s [p11_child[3421]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x132d7785;slot-manufacturer=SoftHSM%20project;slot-id=321746821;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=5e961969932d7785;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 286s [p11_child[3421]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 286s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-ejg3vy/SSSD-child-28427.output 286s + echo '-----BEGIN CERTIFICATE-----' 286s + tail -n1 /tmp/sssd-softhsm2-ejg3vy/SSSD-child-28427.output 286s + echo '-----END CERTIFICATE-----' 286s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-ejg3vy/SSSD-child-28427.pem 286s Certificate: 286s Data: 286s Version: 3 (0x2) 286s Serial Number: 5 (0x5) 286s Signature Algorithm: sha256WithRSAEncryption 286s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 286s Validity 286s Not Before: Jun 14 17:05:38 2024 GMT 286s Not After : Jun 14 17:05:38 2025 GMT 286s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 286s Subject Public Key Info: 286s Public Key Algorithm: rsaEncryption 286s Public-Key: (1024 bit) 286s Modulus: 286s 00:b0:a4:d9:6b:2f:82:5c:f2:90:ba:89:fa:50:e5: 286s 14:5e:66:5c:f9:7e:fb:88:cd:42:c6:00:7a:61:e6: 286s 72:f8:aa:16:32:2c:08:b5:e4:76:65:2c:30:64:fb: 286s cd:b7:84:fe:1d:be:33:0d:b3:89:2f:e0:81:8b:93: 286s 07:a7:0f:25:f8:06:c2:19:5b:96:4d:84:bf:84:34: 286s ec:70:e2:95:c7:04:d3:89:de:fa:b7:ed:6f:0c:71: 286s 59:0f:1f:d2:e8:2f:41:91:e7:79:66:98:59:f5:31: 286s 43:67:e7:c6:a3:40:9a:1b:79:fe:2b:7c:c5:3a:17: 286s 47:9f:e9:5b:7e:fa:d2:5c:a5 286s Exponent: 65537 (0x10001) 286s X509v3 extensions: 286s X509v3 Authority Key Identifier: 286s 3D:0C:3B:AB:15:47:56:34:3B:71:81:7F:9C:CA:8C:79:25:B1:7D:DF 286s X509v3 Basic Constraints: 286s CA:FALSE 286s Netscape Cert Type: 286s SSL Client, S/MIME 286s Netscape Comment: 286s Test Organization Sub Intermediate CA trusted Certificate 286s X509v3 Subject Key Identifier: 286s 22:91:B6:05:16:F4:2B:46:71:84:8E:04:ED:F2:FC:A3:00:40:ED:AA 286s X509v3 Key Usage: critical 286s Digital Signature, Non Repudiation, Key Encipherment 286s X509v3 Extended Key Usage: 286s TLS Web Client Authentication, E-mail Protection 286s X509v3 Subject Alternative Name: 286s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 286s Signature Algorithm: sha256WithRSAEncryption 286s Signature Value: 286s 76:24:17:93:d5:68:eb:2d:85:d7:cf:a3:36:5a:5a:c1:7c:e6: 286s 8b:45:a5:ab:c6:54:c8:f6:68:4f:d9:2c:fa:26:19:1e:75:71: 286s 33:d4:91:0d:17:9c:e7:15:14:e8:87:eb:54:34:db:46:96:04: 286s 08:6a:de:f9:2f:4e:eb:15:fa:31:f0:9d:e9:b3:11:5e:88:ab: 286s ba:14:1e:05:20:f3:cc:6c:d7:52:76:03:c4:c6:59:05:5b:0d: 286s 42:d7:99:7d:8c:e9:2f:8a:76:d5:8d:08:d3:71:b6:90:2c:cd: 286s 2f:08:e5:49:6f:de:38:72:be:c7:09:01:fd:fe:ef:43:bf:c2: 286s 70:cb 286s + local found_md5 expected_md5 286s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-ejg3vy/test-sub-intermediate-CA-trusted-certificate-0001.pem 286s + expected_md5=Modulus=B0A4D96B2F825CF290BA89FA50E5145E665CF97EFB88CD42C6007A61E672F8AA16322C08B5E476652C3064FBCDB784FE1DBE330DB3892FE0818B9307A70F25F806C2195B964D84BF8434EC70E295C704D389DEFAB7ED6F0C71590F1FD2E82F4191E779669859F5314367E7C6A3409A1B79FE2B7CC53A17479FE95B7EFAD25CA5 286s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-ejg3vy/SSSD-child-28427.pem 286s + found_md5=Modulus=B0A4D96B2F825CF290BA89FA50E5145E665CF97EFB88CD42C6007A61E672F8AA16322C08B5E476652C3064FBCDB784FE1DBE330DB3892FE0818B9307A70F25F806C2195B964D84BF8434EC70E295C704D389DEFAB7ED6F0C71590F1FD2E82F4191E779669859F5314367E7C6A3409A1B79FE2B7CC53A17479FE95B7EFAD25CA5 286s + '[' Modulus=B0A4D96B2F825CF290BA89FA50E5145E665CF97EFB88CD42C6007A61E672F8AA16322C08B5E476652C3064FBCDB784FE1DBE330DB3892FE0818B9307A70F25F806C2195B964D84BF8434EC70E295C704D389DEFAB7ED6F0C71590F1FD2E82F4191E779669859F5314367E7C6A3409A1B79FE2B7CC53A17479FE95B7EFAD25CA5 '!=' Modulus=B0A4D96B2F825CF290BA89FA50E5145E665CF97EFB88CD42C6007A61E672F8AA16322C08B5E476652C3064FBCDB784FE1DBE330DB3892FE0818B9307A70F25F806C2195B964D84BF8434EC70E295C704D389DEFAB7ED6F0C71590F1FD2E82F4191E779669859F5314367E7C6A3409A1B79FE2B7CC53A17479FE95B7EFAD25CA5 ']' 286s + output_file=/tmp/sssd-softhsm2-ejg3vy/SSSD-child-28427-auth.output 286s ++ basename /tmp/sssd-softhsm2-ejg3vy/SSSD-child-28427-auth.output .output 286s + output_cert_file=/tmp/sssd-softhsm2-ejg3vy/SSSD-child-28427-auth.pem 286s + echo -n 053350 286s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-ejg3vy/test-full-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Sub Int Token' --module_name /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so 286s [p11_child[3429]] [main] (0x0400): p11_child started. 286s [p11_child[3429]] [main] (0x2000): Running in [auth] mode. 286s [p11_child[3429]] [main] (0x2000): Running with effective IDs: [0][0]. 286s [p11_child[3429]] [main] (0x2000): Running with real IDs [0][0]. 286s [p11_child[3429]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 286s [p11_child[3429]] [do_card] (0x4000): Module List: 286s [p11_child[3429]] [do_card] (0x4000): common name: [softhsm2]. 286s [p11_child[3429]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 286s [p11_child[3429]] [do_card] (0x4000): Description [SoftHSM slot ID 0x132d7785] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 286s [p11_child[3429]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 286s [p11_child[3429]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x132d7785][321746821] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 286s [p11_child[3429]] [do_card] (0x4000): Login required. 286s [p11_child[3429]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 286s [p11_child[3429]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 286s [p11_child[3429]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so Test Organization Sub Int Token Test Organization Sub Int Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 286s [p11_child[3429]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x132d7785;slot-manufacturer=SoftHSM%20project;slot-id=321746821;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=5e961969932d7785;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 286s [p11_child[3429]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 286s [p11_child[3429]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 286s [p11_child[3429]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 286s [p11_child[3429]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 286s [p11_child[3429]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 286s [p11_child[3429]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 286s [p11_child[3429]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 286s [p11_child[3429]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 286s [p11_child[3429]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 286s [p11_child[3429]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 286s [p11_child[3429]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 286s [p11_child[3429]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 286s [p11_child[3429]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 286s [p11_child[3429]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 286s [p11_child[3429]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 286s [p11_child[3429]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 286s [p11_child[3429]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 286s [p11_child[3429]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 286s [p11_child[3429]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 286s [p11_child[3429]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 286s [p11_child[3429]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 286s [p11_child[3429]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 286s [p11_child[3429]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 286s [p11_child[3429]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 286s [p11_child[3429]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 286s [p11_child[3429]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 286s [p11_child[3429]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 286s [p11_child[3429]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 286s [p11_child[3429]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 286s [p11_child[3429]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 286s [p11_child[3429]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 286s [p11_child[3429]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 286s [p11_child[3429]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 286s [p11_child[3429]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 286s [p11_child[3429]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 286s [p11_child[3429]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 286s [p11_child[3429]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 286s [p11_child[3429]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 286s [p11_child[3429]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 286s [p11_child[3429]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 286s [p11_child[3429]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 286s [p11_child[3429]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 286s [p11_child[3429]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 286s [p11_child[3429]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 286s [p11_child[3429]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 286s [p11_child[3429]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 286s [p11_child[3429]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 286s [p11_child[3429]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 286s [p11_child[3429]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 286s [p11_child[3429]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 286s [p11_child[3429]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 286s [p11_child[3429]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 286s [p11_child[3429]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 286s [p11_child[3429]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 286s [p11_child[3429]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 286s [p11_child[3429]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 286s [p11_child[3429]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 286s [p11_child[3429]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 286s [p11_child[3429]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 286s [p11_child[3429]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 286s [p11_child[3429]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 286s [p11_child[3429]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 286s [p11_child[3429]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 286s [p11_child[3429]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 286s [p11_child[3429]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 286s [p11_child[3429]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 286s [p11_child[3429]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 286s [p11_child[3429]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 286s [p11_child[3429]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 286s [p11_child[3429]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 286s [p11_child[3429]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 286s [p11_child[3429]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 286s [p11_child[3429]] [do_card] (0x4000): Certificate verified and validated. 286s [p11_child[3429]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 286s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-ejg3vy/SSSD-child-28427-auth.output 286s + echo '-----BEGIN CERTIFICATE-----' 286s + tail -n1 /tmp/sssd-softhsm2-ejg3vy/SSSD-child-28427-auth.output 286s + echo '-----END CERTIFICATE-----' 286s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-ejg3vy/SSSD-child-28427-auth.pem 286s Certificate: 286s Data: 286s Version: 3 (0x2) 286s Serial Number: 5 (0x5) 286s Signature Algorithm: sha256WithRSAEncryption 286s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 286s Validity 286s Not Before: Jun 14 17:05:38 2024 GMT 286s Not After : Jun 14 17:05:38 2025 GMT 286s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 286s Subject Public Key Info: 286s Public Key Algorithm: rsaEncryption 286s Public-Key: (1024 bit) 286s Modulus: 286s 00:b0:a4:d9:6b:2f:82:5c:f2:90:ba:89:fa:50:e5: 286s 14:5e:66:5c:f9:7e:fb:88:cd:42:c6:00:7a:61:e6: 286s 72:f8:aa:16:32:2c:08:b5:e4:76:65:2c:30:64:fb: 286s cd:b7:84:fe:1d:be:33:0d:b3:89:2f:e0:81:8b:93: 286s 07:a7:0f:25:f8:06:c2:19:5b:96:4d:84:bf:84:34: 286s ec:70:e2:95:c7:04:d3:89:de:fa:b7:ed:6f:0c:71: 286s 59:0f:1f:d2:e8:2f:41:91:e7:79:66:98:59:f5:31: 286s 43:67:e7:c6:a3:40:9a:1b:79:fe:2b:7c:c5:3a:17: 286s 47:9f:e9:5b:7e:fa:d2:5c:a5 286s Exponent: 65537 (0x10001) 286s X509v3 extensions: 286s X509v3 Authority Key Identifier: 286s 3D:0C:3B:AB:15:47:56:34:3B:71:81:7F:9C:CA:8C:79:25:B1:7D:DF 286s X509v3 Basic Constraints: 286s CA:FALSE 286s Netscape Cert Type: 286s SSL Client, S/MIME 286s Netscape Comment: 286s Test Organization Sub Intermediate CA trusted Certificate 286s X509v3 Subject Key Identifier: 286s 22:91:B6:05:16:F4:2B:46:71:84:8E:04:ED:F2:FC:A3:00:40:ED:AA 286s X509v3 Key Usage: critical 286s Digital Signature, Non Repudiation, Key Encipherment 286s X509v3 Extended Key Usage: 286s TLS Web Client Authentication, E-mail Protection 286s X509v3 Subject Alternative Name: 286s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 286s Signature Algorithm: sha256WithRSAEncryption 286s Signature Value: 286s 76:24:17:93:d5:68:eb:2d:85:d7:cf:a3:36:5a:5a:c1:7c:e6: 286s 8b:45:a5:ab:c6:54:c8:f6:68:4f:d9:2c:fa:26:19:1e:75:71: 286s 33:d4:91:0d:17:9c:e7:15:14:e8:87:eb:54:34:db:46:96:04: 286s 08:6a:de:f9:2f:4e:eb:15:fa:31:f0:9d:e9:b3:11:5e:88:ab: 286s ba:14:1e:05:20:f3:cc:6c:d7:52:76:03:c4:c6:59:05:5b:0d: 286s 42:d7:99:7d:8c:e9:2f:8a:76:d5:8d:08:d3:71:b6:90:2c:cd: 286s 2f:08:e5:49:6f:de:38:72:be:c7:09:01:fd:fe:ef:43:bf:c2: 286s 70:cb 286s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-ejg3vy/SSSD-child-28427-auth.pem 286s + found_md5=Modulus=B0A4D96B2F825CF290BA89FA50E5145E665CF97EFB88CD42C6007A61E672F8AA16322C08B5E476652C3064FBCDB784FE1DBE330DB3892FE0818B9307A70F25F806C2195B964D84BF8434EC70E295C704D389DEFAB7ED6F0C71590F1FD2E82F4191E779669859F5314367E7C6A3409A1B79FE2B7CC53A17479FE95B7EFAD25CA5 286s + '[' Modulus=B0A4D96B2F825CF290BA89FA50E5145E665CF97EFB88CD42C6007A61E672F8AA16322C08B5E476652C3064FBCDB784FE1DBE330DB3892FE0818B9307A70F25F806C2195B964D84BF8434EC70E295C704D389DEFAB7ED6F0C71590F1FD2E82F4191E779669859F5314367E7C6A3409A1B79FE2B7CC53A17479FE95B7EFAD25CA5 '!=' Modulus=B0A4D96B2F825CF290BA89FA50E5145E665CF97EFB88CD42C6007A61E672F8AA16322C08B5E476652C3064FBCDB784FE1DBE330DB3892FE0818B9307A70F25F806C2195B964D84BF8434EC70E295C704D389DEFAB7ED6F0C71590F1FD2E82F4191E779669859F5314367E7C6A3409A1B79FE2B7CC53A17479FE95B7EFAD25CA5 ']' 286s + invalid_certificate /tmp/sssd-softhsm2-ejg3vy/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-18367 /tmp/sssd-softhsm2-ejg3vy/test-sub-intermediate-CA.pem 286s + check_certificate /tmp/sssd-softhsm2-ejg3vy/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-18367 /tmp/sssd-softhsm2-ejg3vy/test-sub-intermediate-CA.pem 286s + local certificate=/tmp/sssd-softhsm2-ejg3vy/test-sub-intermediate-CA-trusted-certificate-0001.pem 286s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-18367 286s + local key_ring=/tmp/sssd-softhsm2-ejg3vy/test-sub-intermediate-CA.pem 286s + local verify_option= 286s + prepare_softhsm2_card /tmp/sssd-softhsm2-ejg3vy/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-18367 286s + local certificate=/tmp/sssd-softhsm2-ejg3vy/test-sub-intermediate-CA-trusted-certificate-0001.pem 286s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-18367 286s + local key_cn 286s + local key_name 286s + local tokens_dir 286s + local output_cert_file 286s + token_name= 286s ++ basename /tmp/sssd-softhsm2-ejg3vy/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 286s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 286s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-ejg3vy/test-sub-intermediate-CA-trusted-certificate-0001.pem 286s ++ sed -n 's/ *commonName *= //p' 286s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 286s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 286s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-ejg3vy/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 286s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-ejg3vy/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 286s ++ basename /tmp/sssd-softhsm2-ejg3vy/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 286s Test Organization Sub Int Token 286s + tokens_dir=/tmp/sssd-softhsm2-ejg3vy/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 286s + token_name='Test Organization Sub Int Token' 286s + '[' '!' -e /tmp/sssd-softhsm2-ejg3vy/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 286s + '[' '!' -d /tmp/sssd-softhsm2-ejg3vy/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 286s + echo 'Test Organization Sub Int Token' 286s + '[' -n '' ']' 286s + local output_base_name=SSSD-child-19422 286s + local output_file=/tmp/sssd-softhsm2-ejg3vy/SSSD-child-19422.output 286s + output_cert_file=/tmp/sssd-softhsm2-ejg3vy/SSSD-child-19422.pem 286s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-ejg3vy/test-sub-intermediate-CA.pem 286s [p11_child[3439]] [main] (0x0400): p11_child started. 286s [p11_child[3439]] [main] (0x2000): Running in [pre-auth] mode. 286s [p11_child[3439]] [main] (0x2000): Running with effective IDs: [0][0]. 286s [p11_child[3439]] [main] (0x2000): Running with real IDs [0][0]. 286s [p11_child[3439]] [do_card] (0x4000): Module List: 286s [p11_child[3439]] [do_card] (0x4000): common name: [softhsm2]. 286s [p11_child[3439]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 286s [p11_child[3439]] [do_card] (0x4000): Description [SoftHSM slot ID 0x132d7785] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 286s [p11_child[3439]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 286s [p11_child[3439]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x132d7785][321746821] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 286s [p11_child[3439]] [do_card] (0x4000): Login NOT required. 286s [p11_child[3439]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 286s [p11_child[3439]] [do_verification] (0x0040): X509_verify_cert failed [0]. 286s [p11_child[3439]] [do_verification] (0x0040): X509_verify_cert failed [2][unable to get issuer certificate]. 286s [p11_child[3439]] [read_certs] (0x0040): Certificate [Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] not valid, skipping. 286s [p11_child[3439]] [do_card] (0x4000): No certificate found. 286s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-ejg3vy/SSSD-child-19422.output 286s + return 2 286s + invalid_certificate /tmp/sssd-softhsm2-ejg3vy/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-18367 /tmp/sssd-softhsm2-ejg3vy/test-root-intermediate-chain-CA.pem partial_chain 286s + check_certificate /tmp/sssd-softhsm2-ejg3vy/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-18367 /tmp/sssd-softhsm2-ejg3vy/test-root-intermediate-chain-CA.pem partial_chain 286s + local certificate=/tmp/sssd-softhsm2-ejg3vy/test-sub-intermediate-CA-trusted-certificate-0001.pem 286s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-18367 286s + local key_ring=/tmp/sssd-softhsm2-ejg3vy/test-root-intermediate-chain-CA.pem 286s + local verify_option=partial_chain 286s + prepare_softhsm2_card /tmp/sssd-softhsm2-ejg3vy/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-18367 286s + local certificate=/tmp/sssd-softhsm2-ejg3vy/test-sub-intermediate-CA-trusted-certificate-0001.pem 286s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-18367 286s + local key_cn 286s + local key_name 286s + local tokens_dir 286s + local output_cert_file 286s + token_name= 286s ++ basename /tmp/sssd-softhsm2-ejg3vy/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 286s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 286s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-ejg3vy/test-sub-intermediate-CA-trusted-certificate-0001.pem 286s ++ sed -n 's/ *commonName *= //p' 286s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 286s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 286s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-ejg3vy/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 286s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-ejg3vy/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 286s ++ basename /tmp/sssd-softhsm2-ejg3vy/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 286s + tokens_dir=/tmp/sssd-softhsm2-ejg3vy/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 286s + token_name='Test Organization Sub Int Token' 286s + '[' '!' -e /tmp/sssd-softhsm2-ejg3vy/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 286s + '[' '!' -d /tmp/sssd-softhsm2-ejg3vy/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 286s + echo 'Test Organization Sub Int Token' 286s + '[' -n partial_chain ']' 286s + local verify_arg=--verify=partial_chain 286s + local output_base_name=SSSD-child-1994 286s Test Organization Sub Int Token 286s + local output_file=/tmp/sssd-softhsm2-ejg3vy/SSSD-child-1994.output 286s + output_cert_file=/tmp/sssd-softhsm2-ejg3vy/SSSD-child-1994.pem 286s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-ejg3vy/test-root-intermediate-chain-CA.pem 286s [p11_child[3446]] [main] (0x0400): p11_child started. 286s [p11_child[3446]] [main] (0x2000): Running in [pre-auth] mode. 286s [p11_child[3446]] [main] (0x2000): Running with effective IDs: [0][0]. 286s [p11_child[3446]] [main] (0x2000): Running with real IDs [0][0]. 286s [p11_child[3446]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 286s [p11_child[3446]] [do_card] (0x4000): Module List: 286s [p11_child[3446]] [do_card] (0x4000): common name: [softhsm2]. 286s [p11_child[3446]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 286s [p11_child[3446]] [do_card] (0x4000): Description [SoftHSM slot ID 0x132d7785] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 286s [p11_child[3446]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 286s [p11_child[3446]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x132d7785][321746821] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 286s [p11_child[3446]] [do_card] (0x4000): Login NOT required. 286s [p11_child[3446]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 286s [p11_child[3446]] [do_verification] (0x0040): X509_verify_cert failed [0]. 286s [p11_child[3446]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 286s [p11_child[3446]] [read_certs] (0x0040): Certificate [Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] not valid, skipping. 286s [p11_child[3446]] [do_card] (0x4000): No certificate found. 286s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-ejg3vy/SSSD-child-1994.output 286s + return 2 286s + valid_certificate /tmp/sssd-softhsm2-ejg3vy/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-18367 /tmp/sssd-softhsm2-ejg3vy/test-sub-intermediate-CA.pem partial_chain 286s + check_certificate /tmp/sssd-softhsm2-ejg3vy/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-18367 /tmp/sssd-softhsm2-ejg3vy/test-sub-intermediate-CA.pem partial_chain 286s + local certificate=/tmp/sssd-softhsm2-ejg3vy/test-sub-intermediate-CA-trusted-certificate-0001.pem 286s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-18367 286s + local key_ring=/tmp/sssd-softhsm2-ejg3vy/test-sub-intermediate-CA.pem 286s + local verify_option=partial_chain 286s + prepare_softhsm2_card /tmp/sssd-softhsm2-ejg3vy/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-18367 286s + local certificate=/tmp/sssd-softhsm2-ejg3vy/test-sub-intermediate-CA-trusted-certificate-0001.pem 286s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-18367 286s + local key_cn 286s + local key_name 286s + local tokens_dir 286s + local output_cert_file 286s + token_name= 286s ++ basename /tmp/sssd-softhsm2-ejg3vy/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 286s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 286s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-ejg3vy/test-sub-intermediate-CA-trusted-certificate-0001.pem 286s ++ sed -n 's/ *commonName *= //p' 286s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 286s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 286s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-ejg3vy/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 286s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-ejg3vy/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 286s ++ basename /tmp/sssd-softhsm2-ejg3vy/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 286s + tokens_dir=/tmp/sssd-softhsm2-ejg3vy/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 286s + token_name='Test Organization Sub Int Token' 286s + '[' '!' -e /tmp/sssd-softhsm2-ejg3vy/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 286s + '[' '!' -d /tmp/sssd-softhsm2-ejg3vy/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 286s Test Organization Sub Int Token 286s + echo 'Test Organization Sub Int Token' 286s + '[' -n partial_chain ']' 286s + local verify_arg=--verify=partial_chain 286s + local output_base_name=SSSD-child-27819 286s + local output_file=/tmp/sssd-softhsm2-ejg3vy/SSSD-child-27819.output 286s + output_cert_file=/tmp/sssd-softhsm2-ejg3vy/SSSD-child-27819.pem 286s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-ejg3vy/test-sub-intermediate-CA.pem 286s [p11_child[3453]] [main] (0x0400): p11_child started. 286s [p11_child[3453]] [main] (0x2000): Running in [pre-auth] mode. 286s [p11_child[3453]] [main] (0x2000): Running with effective IDs: [0][0]. 286s [p11_child[3453]] [main] (0x2000): Running with real IDs [0][0]. 286s [p11_child[3453]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 286s [p11_child[3453]] [do_card] (0x4000): Module List: 286s [p11_child[3453]] [do_card] (0x4000): common name: [softhsm2]. 286s [p11_child[3453]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 286s [p11_child[3453]] [do_card] (0x4000): Description [SoftHSM slot ID 0x132d7785] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 286s [p11_child[3453]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 286s [p11_child[3453]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x132d7785][321746821] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 286s [p11_child[3453]] [do_card] (0x4000): Login NOT required. 286s [p11_child[3453]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 286s [p11_child[3453]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 286s [p11_child[3453]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Sub Int Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 286s [p11_child[3453]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x132d7785;slot-manufacturer=SoftHSM%20project;slot-id=321746821;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=5e961969932d7785;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 286s [p11_child[3453]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 286s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-ejg3vy/SSSD-child-27819.output 286s + echo '-----BEGIN CERTIFICATE-----' 286s + tail -n1 /tmp/sssd-softhsm2-ejg3vy/SSSD-child-27819.output 286s + echo '-----END CERTIFICATE-----' 286s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-ejg3vy/SSSD-child-27819.pem 286s Certificate: 286s Data: 286s Version: 3 (0x2) 286s Serial Number: 5 (0x5) 286s Signature Algorithm: sha256WithRSAEncryption 286s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 286s Validity 286s Not Before: Jun 14 17:05:38 2024 GMT 286s Not After : Jun 14 17:05:38 2025 GMT 286s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 286s Subject Public Key Info: 286s Public Key Algorithm: rsaEncryption 286s Public-Key: (1024 bit) 286s Modulus: 286s 00:b0:a4:d9:6b:2f:82:5c:f2:90:ba:89:fa:50:e5: 286s 14:5e:66:5c:f9:7e:fb:88:cd:42:c6:00:7a:61:e6: 286s 72:f8:aa:16:32:2c:08:b5:e4:76:65:2c:30:64:fb: 286s cd:b7:84:fe:1d:be:33:0d:b3:89:2f:e0:81:8b:93: 286s 07:a7:0f:25:f8:06:c2:19:5b:96:4d:84:bf:84:34: 286s ec:70:e2:95:c7:04:d3:89:de:fa:b7:ed:6f:0c:71: 286s 59:0f:1f:d2:e8:2f:41:91:e7:79:66:98:59:f5:31: 286s 43:67:e7:c6:a3:40:9a:1b:79:fe:2b:7c:c5:3a:17: 286s 47:9f:e9:5b:7e:fa:d2:5c:a5 286s Exponent: 65537 (0x10001) 286s X509v3 extensions: 286s X509v3 Authority Key Identifier: 286s 3D:0C:3B:AB:15:47:56:34:3B:71:81:7F:9C:CA:8C:79:25:B1:7D:DF 286s X509v3 Basic Constraints: 286s CA:FALSE 286s Netscape Cert Type: 286s SSL Client, S/MIME 286s Netscape Comment: 286s Test Organization Sub Intermediate CA trusted Certificate 286s X509v3 Subject Key Identifier: 286s 22:91:B6:05:16:F4:2B:46:71:84:8E:04:ED:F2:FC:A3:00:40:ED:AA 286s X509v3 Key Usage: critical 286s Digital Signature, Non Repudiation, Key Encipherment 286s X509v3 Extended Key Usage: 286s TLS Web Client Authentication, E-mail Protection 286s X509v3 Subject Alternative Name: 286s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 286s Signature Algorithm: sha256WithRSAEncryption 286s Signature Value: 286s 76:24:17:93:d5:68:eb:2d:85:d7:cf:a3:36:5a:5a:c1:7c:e6: 286s 8b:45:a5:ab:c6:54:c8:f6:68:4f:d9:2c:fa:26:19:1e:75:71: 286s 33:d4:91:0d:17:9c:e7:15:14:e8:87:eb:54:34:db:46:96:04: 286s 08:6a:de:f9:2f:4e:eb:15:fa:31:f0:9d:e9:b3:11:5e:88:ab: 286s ba:14:1e:05:20:f3:cc:6c:d7:52:76:03:c4:c6:59:05:5b:0d: 286s 42:d7:99:7d:8c:e9:2f:8a:76:d5:8d:08:d3:71:b6:90:2c:cd: 286s 2f:08:e5:49:6f:de:38:72:be:c7:09:01:fd:fe:ef:43:bf:c2: 286s 70:cb 286s + local found_md5 expected_md5 286s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-ejg3vy/test-sub-intermediate-CA-trusted-certificate-0001.pem 286s + expected_md5=Modulus=B0A4D96B2F825CF290BA89FA50E5145E665CF97EFB88CD42C6007A61E672F8AA16322C08B5E476652C3064FBCDB784FE1DBE330DB3892FE0818B9307A70F25F806C2195B964D84BF8434EC70E295C704D389DEFAB7ED6F0C71590F1FD2E82F4191E779669859F5314367E7C6A3409A1B79FE2B7CC53A17479FE95B7EFAD25CA5 286s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-ejg3vy/SSSD-child-27819.pem 286s + found_md5=Modulus=B0A4D96B2F825CF290BA89FA50E5145E665CF97EFB88CD42C6007A61E672F8AA16322C08B5E476652C3064FBCDB784FE1DBE330DB3892FE0818B9307A70F25F806C2195B964D84BF8434EC70E295C704D389DEFAB7ED6F0C71590F1FD2E82F4191E779669859F5314367E7C6A3409A1B79FE2B7CC53A17479FE95B7EFAD25CA5 286s + '[' Modulus=B0A4D96B2F825CF290BA89FA50E5145E665CF97EFB88CD42C6007A61E672F8AA16322C08B5E476652C3064FBCDB784FE1DBE330DB3892FE0818B9307A70F25F806C2195B964D84BF8434EC70E295C704D389DEFAB7ED6F0C71590F1FD2E82F4191E779669859F5314367E7C6A3409A1B79FE2B7CC53A17479FE95B7EFAD25CA5 '!=' Modulus=B0A4D96B2F825CF290BA89FA50E5145E665CF97EFB88CD42C6007A61E672F8AA16322C08B5E476652C3064FBCDB784FE1DBE330DB3892FE0818B9307A70F25F806C2195B964D84BF8434EC70E295C704D389DEFAB7ED6F0C71590F1FD2E82F4191E779669859F5314367E7C6A3409A1B79FE2B7CC53A17479FE95B7EFAD25CA5 ']' 286s + output_file=/tmp/sssd-softhsm2-ejg3vy/SSSD-child-27819-auth.output 286s ++ basename /tmp/sssd-softhsm2-ejg3vy/SSSD-child-27819-auth.output .output 286s + output_cert_file=/tmp/sssd-softhsm2-ejg3vy/SSSD-child-27819-auth.pem 286s + echo -n 053350 286s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-ejg3vy/test-sub-intermediate-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Sub Int Token' --module_name /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so 286s [p11_child[3461]] [main] (0x0400): p11_child started. 286s [p11_child[3461]] [main] (0x2000): Running in [auth] mode. 286s [p11_child[3461]] [main] (0x2000): Running with effective IDs: [0][0]. 286s [p11_child[3461]] [main] (0x2000): Running with real IDs [0][0]. 286s [p11_child[3461]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 286s [p11_child[3461]] [do_card] (0x4000): Module List: 286s [p11_child[3461]] [do_card] (0x4000): common name: [softhsm2]. 286s [p11_child[3461]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 286s [p11_child[3461]] [do_card] (0x4000): Description [SoftHSM slot ID 0x132d7785] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 286s [p11_child[3461]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 286s [p11_child[3461]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x132d7785][321746821] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 286s [p11_child[3461]] [do_card] (0x4000): Login required. 286s [p11_child[3461]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 286s [p11_child[3461]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 286s [p11_child[3461]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so Test Organization Sub Int Token Test Organization Sub Int Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 286s [p11_child[3461]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x132d7785;slot-manufacturer=SoftHSM%20project;slot-id=321746821;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=5e961969932d7785;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 286s [p11_child[3461]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 286s [p11_child[3461]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 286s [p11_child[3461]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 286s [p11_child[3461]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 286s [p11_child[3461]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 286s [p11_child[3461]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 286s [p11_child[3461]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 286s [p11_child[3461]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 286s [p11_child[3461]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 286s [p11_child[3461]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 286s [p11_child[3461]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 286s [p11_child[3461]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 286s [p11_child[3461]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 286s [p11_child[3461]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 286s [p11_child[3461]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 286s [p11_child[3461]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 286s [p11_child[3461]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 286s [p11_child[3461]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 286s [p11_child[3461]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 286s [p11_child[3461]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 286s [p11_child[3461]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 286s [p11_child[3461]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 286s [p11_child[3461]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 286s [p11_child[3461]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 286s [p11_child[3461]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 286s [p11_child[3461]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 286s [p11_child[3461]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 286s [p11_child[3461]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 286s [p11_child[3461]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 286s [p11_child[3461]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 286s [p11_child[3461]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 286s [p11_child[3461]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 286s [p11_child[3461]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 286s [p11_child[3461]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 286s [p11_child[3461]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 286s [p11_child[3461]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 286s [p11_child[3461]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 286s [p11_child[3461]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 286s [p11_child[3461]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 286s [p11_child[3461]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 286s [p11_child[3461]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 286s [p11_child[3461]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 286s [p11_child[3461]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 286s [p11_child[3461]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 286s [p11_child[3461]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 286s [p11_child[3461]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 286s [p11_child[3461]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 286s [p11_child[3461]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 286s [p11_child[3461]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 286s [p11_child[3461]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 286s [p11_child[3461]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 286s [p11_child[3461]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 286s [p11_child[3461]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 286s [p11_child[3461]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 286s [p11_child[3461]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 286s [p11_child[3461]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 286s [p11_child[3461]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 286s [p11_child[3461]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 286s [p11_child[3461]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 286s [p11_child[3461]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 286s [p11_child[3461]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 286s [p11_child[3461]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 286s [p11_child[3461]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 286s [p11_child[3461]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 286s [p11_child[3461]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 286s [p11_child[3461]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 286s [p11_child[3461]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 286s [p11_child[3461]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 286s [p11_child[3461]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 286s [p11_child[3461]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 286s [p11_child[3461]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 286s [p11_child[3461]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 286s [p11_child[3461]] [do_card] (0x4000): Certificate verified and validated. 286s [p11_child[3461]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 286s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-ejg3vy/SSSD-child-27819-auth.output 286s + echo '-----BEGIN CERTIFICATE-----' 286s + tail -n1 /tmp/sssd-softhsm2-ejg3vy/SSSD-child-27819-auth.output 286s + echo '-----END CERTIFICATE-----' 286s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-ejg3vy/SSSD-child-27819-auth.pem 286s Certificate: 286s Data: 286s Version: 3 (0x2) 286s Serial Number: 5 (0x5) 286s Signature Algorithm: sha256WithRSAEncryption 286s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 286s Validity 286s Not Before: Jun 14 17:05:38 2024 GMT 286s Not After : Jun 14 17:05:38 2025 GMT 286s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 286s Subject Public Key Info: 286s Public Key Algorithm: rsaEncryption 286s Public-Key: (1024 bit) 286s Modulus: 286s 00:b0:a4:d9:6b:2f:82:5c:f2:90:ba:89:fa:50:e5: 286s 14:5e:66:5c:f9:7e:fb:88:cd:42:c6:00:7a:61:e6: 286s 72:f8:aa:16:32:2c:08:b5:e4:76:65:2c:30:64:fb: 286s cd:b7:84:fe:1d:be:33:0d:b3:89:2f:e0:81:8b:93: 286s 07:a7:0f:25:f8:06:c2:19:5b:96:4d:84:bf:84:34: 286s ec:70:e2:95:c7:04:d3:89:de:fa:b7:ed:6f:0c:71: 286s 59:0f:1f:d2:e8:2f:41:91:e7:79:66:98:59:f5:31: 286s 43:67:e7:c6:a3:40:9a:1b:79:fe:2b:7c:c5:3a:17: 286s 47:9f:e9:5b:7e:fa:d2:5c:a5 286s Exponent: 65537 (0x10001) 286s X509v3 extensions: 286s X509v3 Authority Key Identifier: 286s 3D:0C:3B:AB:15:47:56:34:3B:71:81:7F:9C:CA:8C:79:25:B1:7D:DF 286s X509v3 Basic Constraints: 286s CA:FALSE 286s Netscape Cert Type: 286s SSL Client, S/MIME 286s Netscape Comment: 286s Test Organization Sub Intermediate CA trusted Certificate 286s X509v3 Subject Key Identifier: 286s 22:91:B6:05:16:F4:2B:46:71:84:8E:04:ED:F2:FC:A3:00:40:ED:AA 286s X509v3 Key Usage: critical 286s Digital Signature, Non Repudiation, Key Encipherment 286s X509v3 Extended Key Usage: 286s TLS Web Client Authentication, E-mail Protection 286s X509v3 Subject Alternative Name: 286s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 286s Signature Algorithm: sha256WithRSAEncryption 286s Signature Value: 286s 76:24:17:93:d5:68:eb:2d:85:d7:cf:a3:36:5a:5a:c1:7c:e6: 286s 8b:45:a5:ab:c6:54:c8:f6:68:4f:d9:2c:fa:26:19:1e:75:71: 286s 33:d4:91:0d:17:9c:e7:15:14:e8:87:eb:54:34:db:46:96:04: 286s 08:6a:de:f9:2f:4e:eb:15:fa:31:f0:9d:e9:b3:11:5e:88:ab: 286s ba:14:1e:05:20:f3:cc:6c:d7:52:76:03:c4:c6:59:05:5b:0d: 286s 42:d7:99:7d:8c:e9:2f:8a:76:d5:8d:08:d3:71:b6:90:2c:cd: 286s 2f:08:e5:49:6f:de:38:72:be:c7:09:01:fd:fe:ef:43:bf:c2: 286s 70:cb 286s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-ejg3vy/SSSD-child-27819-auth.pem 286s + found_md5=Modulus=B0A4D96B2F825CF290BA89FA50E5145E665CF97EFB88CD42C6007A61E672F8AA16322C08B5E476652C3064FBCDB784FE1DBE330DB3892FE0818B9307A70F25F806C2195B964D84BF8434EC70E295C704D389DEFAB7ED6F0C71590F1FD2E82F4191E779669859F5314367E7C6A3409A1B79FE2B7CC53A17479FE95B7EFAD25CA5 286s + '[' Modulus=B0A4D96B2F825CF290BA89FA50E5145E665CF97EFB88CD42C6007A61E672F8AA16322C08B5E476652C3064FBCDB784FE1DBE330DB3892FE0818B9307A70F25F806C2195B964D84BF8434EC70E295C704D389DEFAB7ED6F0C71590F1FD2E82F4191E779669859F5314367E7C6A3409A1B79FE2B7CC53A17479FE95B7EFAD25CA5 '!=' Modulus=B0A4D96B2F825CF290BA89FA50E5145E665CF97EFB88CD42C6007A61E672F8AA16322C08B5E476652C3064FBCDB784FE1DBE330DB3892FE0818B9307A70F25F806C2195B964D84BF8434EC70E295C704D389DEFAB7ED6F0C71590F1FD2E82F4191E779669859F5314367E7C6A3409A1B79FE2B7CC53A17479FE95B7EFAD25CA5 ']' 286s + valid_certificate /tmp/sssd-softhsm2-ejg3vy/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-18367 /tmp/sssd-softhsm2-ejg3vy/test-intermediate-sub-chain-CA.pem partial_chain 286s + check_certificate /tmp/sssd-softhsm2-ejg3vy/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-18367 /tmp/sssd-softhsm2-ejg3vy/test-intermediate-sub-chain-CA.pem partial_chain 286s + local certificate=/tmp/sssd-softhsm2-ejg3vy/test-sub-intermediate-CA-trusted-certificate-0001.pem 286s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-18367 286s + local key_ring=/tmp/sssd-softhsm2-ejg3vy/test-intermediate-sub-chain-CA.pem 286s + local verify_option=partial_chain 286s + prepare_softhsm2_card /tmp/sssd-softhsm2-ejg3vy/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-18367 286s + local certificate=/tmp/sssd-softhsm2-ejg3vy/test-sub-intermediate-CA-trusted-certificate-0001.pem 286s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-18367 286s + local key_cn 286s + local key_name 286s + local tokens_dir 286s + local output_cert_file 286s + token_name= 286s ++ basename /tmp/sssd-softhsm2-ejg3vy/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 286s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 286s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-ejg3vy/test-sub-intermediate-CA-trusted-certificate-0001.pem 286s ++ sed -n 's/ *commonName *= //p' 286s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 286s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 286s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-ejg3vy/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 286s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-ejg3vy/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 286s ++ basename /tmp/sssd-softhsm2-ejg3vy/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 286s + tokens_dir=/tmp/sssd-softhsm2-ejg3vy/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 286s + token_name='Test Organization Sub Int Token' 286s + '[' '!' -e /tmp/sssd-softhsm2-ejg3vy/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 286s + '[' '!' -d /tmp/sssd-softhsm2-ejg3vy/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 286s + echo 'Test Organization Sub Int Token' 286s Test Organization Sub Int Token 286s + '[' -n partial_chain ']' 286s + local verify_arg=--verify=partial_chain 286s + local output_base_name=SSSD-child-29501 286s + local output_file=/tmp/sssd-softhsm2-ejg3vy/SSSD-child-29501.output 286s + output_cert_file=/tmp/sssd-softhsm2-ejg3vy/SSSD-child-29501.pem 286s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-ejg3vy/test-intermediate-sub-chain-CA.pem 286s [p11_child[3471]] [main] (0x0400): p11_child started. 286s [p11_child[3471]] [main] (0x2000): Running in [pre-auth] mode. 286s [p11_child[3471]] [main] (0x2000): Running with effective IDs: [0][0]. 286s [p11_child[3471]] [main] (0x2000): Running with real IDs [0][0]. 286s [p11_child[3471]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 286s [p11_child[3471]] [do_card] (0x4000): Module List: 286s [p11_child[3471]] [do_card] (0x4000): common name: [softhsm2]. 286s [p11_child[3471]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 286s [p11_child[3471]] [do_card] (0x4000): Description [SoftHSM slot ID 0x132d7785] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 286s [p11_child[3471]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 286s [p11_child[3471]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x132d7785][321746821] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 286s [p11_child[3471]] [do_card] (0x4000): Login NOT required. 286s [p11_child[3471]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 286s [p11_child[3471]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 286s [p11_child[3471]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Sub Int Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 286s [p11_child[3471]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x132d7785;slot-manufacturer=SoftHSM%20project;slot-id=321746821;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=5e961969932d7785;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 286s [p11_child[3471]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 286s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-ejg3vy/SSSD-child-29501.output 286s + echo '-----BEGIN CERTIFICATE-----' 286s + tail -n1 /tmp/sssd-softhsm2-ejg3vy/SSSD-child-29501.output 286s + echo '-----END CERTIFICATE-----' 286s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-ejg3vy/SSSD-child-29501.pem 286s Certificate: 286s Data: 286s Version: 3 (0x2) 286s Serial Number: 5 (0x5) 286s Signature Algorithm: sha256WithRSAEncryption 286s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 286s Validity 286s Not Before: Jun 14 17:05:38 2024 GMT 286s Not After : Jun 14 17:05:38 2025 GMT 286s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 286s Subject Public Key Info: 286s Public Key Algorithm: rsaEncryption 286s Public-Key: (1024 bit) 286s Modulus: 286s 00:b0:a4:d9:6b:2f:82:5c:f2:90:ba:89:fa:50:e5: 286s 14:5e:66:5c:f9:7e:fb:88:cd:42:c6:00:7a:61:e6: 286s 72:f8:aa:16:32:2c:08:b5:e4:76:65:2c:30:64:fb: 286s cd:b7:84:fe:1d:be:33:0d:b3:89:2f:e0:81:8b:93: 286s 07:a7:0f:25:f8:06:c2:19:5b:96:4d:84:bf:84:34: 286s ec:70:e2:95:c7:04:d3:89:de:fa:b7:ed:6f:0c:71: 286s 59:0f:1f:d2:e8:2f:41:91:e7:79:66:98:59:f5:31: 286s 43:67:e7:c6:a3:40:9a:1b:79:fe:2b:7c:c5:3a:17: 286s 47:9f:e9:5b:7e:fa:d2:5c:a5 286s Exponent: 65537 (0x10001) 286s X509v3 extensions: 286s X509v3 Authority Key Identifier: 286s 3D:0C:3B:AB:15:47:56:34:3B:71:81:7F:9C:CA:8C:79:25:B1:7D:DF 286s X509v3 Basic Constraints: 286s CA:FALSE 286s Netscape Cert Type: 286s SSL Client, S/MIME 286s Netscape Comment: 286s Test Organization Sub Intermediate CA trusted Certificate 286s X509v3 Subject Key Identifier: 286s 22:91:B6:05:16:F4:2B:46:71:84:8E:04:ED:F2:FC:A3:00:40:ED:AA 286s X509v3 Key Usage: critical 286s Digital Signature, Non Repudiation, Key Encipherment 286s X509v3 Extended Key Usage: 286s TLS Web Client Authentication, E-mail Protection 286s X509v3 Subject Alternative Name: 286s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 286s Signature Algorithm: sha256WithRSAEncryption 286s Signature Value: 286s 76:24:17:93:d5:68:eb:2d:85:d7:cf:a3:36:5a:5a:c1:7c:e6: 286s 8b:45:a5:ab:c6:54:c8:f6:68:4f:d9:2c:fa:26:19:1e:75:71: 286s 33:d4:91:0d:17:9c:e7:15:14:e8:87:eb:54:34:db:46:96:04: 286s 08:6a:de:f9:2f:4e:eb:15:fa:31:f0:9d:e9:b3:11:5e:88:ab: 286s ba:14:1e:05:20:f3:cc:6c:d7:52:76:03:c4:c6:59:05:5b:0d: 286s 42:d7:99:7d:8c:e9:2f:8a:76:d5:8d:08:d3:71:b6:90:2c:cd: 286s 2f:08:e5:49:6f:de:38:72:be:c7:09:01:fd:fe:ef:43:bf:c2: 286s 70:cb 286s + local found_md5 expected_md5 286s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-ejg3vy/test-sub-intermediate-CA-trusted-certificate-0001.pem 286s + expected_md5=Modulus=B0A4D96B2F825CF290BA89FA50E5145E665CF97EFB88CD42C6007A61E672F8AA16322C08B5E476652C3064FBCDB784FE1DBE330DB3892FE0818B9307A70F25F806C2195B964D84BF8434EC70E295C704D389DEFAB7ED6F0C71590F1FD2E82F4191E779669859F5314367E7C6A3409A1B79FE2B7CC53A17479FE95B7EFAD25CA5 286s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-ejg3vy/SSSD-child-29501.pem 286s + found_md5=Modulus=B0A4D96B2F825CF290BA89FA50E5145E665CF97EFB88CD42C6007A61E672F8AA16322C08B5E476652C3064FBCDB784FE1DBE330DB3892FE0818B9307A70F25F806C2195B964D84BF8434EC70E295C704D389DEFAB7ED6F0C71590F1FD2E82F4191E779669859F5314367E7C6A3409A1B79FE2B7CC53A17479FE95B7EFAD25CA5 286s + '[' Modulus=B0A4D96B2F825CF290BA89FA50E5145E665CF97EFB88CD42C6007A61E672F8AA16322C08B5E476652C3064FBCDB784FE1DBE330DB3892FE0818B9307A70F25F806C2195B964D84BF8434EC70E295C704D389DEFAB7ED6F0C71590F1FD2E82F4191E779669859F5314367E7C6A3409A1B79FE2B7CC53A17479FE95B7EFAD25CA5 '!=' Modulus=B0A4D96B2F825CF290BA89FA50E5145E665CF97EFB88CD42C6007A61E672F8AA16322C08B5E476652C3064FBCDB784FE1DBE330DB3892FE0818B9307A70F25F806C2195B964D84BF8434EC70E295C704D389DEFAB7ED6F0C71590F1FD2E82F4191E779669859F5314367E7C6A3409A1B79FE2B7CC53A17479FE95B7EFAD25CA5 ']' 286s + output_file=/tmp/sssd-softhsm2-ejg3vy/SSSD-child-29501-auth.output 286s ++ basename /tmp/sssd-softhsm2-ejg3vy/SSSD-child-29501-auth.output .output 286s + output_cert_file=/tmp/sssd-softhsm2-ejg3vy/SSSD-child-29501-auth.pem 286s + echo -n 053350 286s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-ejg3vy/test-intermediate-sub-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Sub Int Token' --module_name /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so 286s [p11_child[3479]] [main] (0x0400): p11_child started. 286s [p11_child[3479]] [main] (0x2000): Running in [auth] mode. 286s [p11_child[3479]] [main] (0x2000): Running with effective IDs: [0][0]. 286s [p11_child[3479]] [main] (0x2000): Running with real IDs [0][0]. 286s [p11_child[3479]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 286s [p11_child[3479]] [do_card] (0x4000): Module List: 286s [p11_child[3479]] [do_card] (0x4000): common name: [softhsm2]. 286s [p11_child[3479]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 286s [p11_child[3479]] [do_card] (0x4000): Description [SoftHSM slot ID 0x132d7785] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 286s [p11_child[3479]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 286s [p11_child[3479]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x132d7785][321746821] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 286s [p11_child[3479]] [do_card] (0x4000): Login required. 286s [p11_child[3479]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 286s [p11_child[3479]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 286s [p11_child[3479]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so Test Organization Sub Int Token Test Organization Sub Int Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 286s [p11_child[3479]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x132d7785;slot-manufacturer=SoftHSM%20project;slot-id=321746821;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=5e961969932d7785;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 286s [p11_child[3479]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 286s [p11_child[3479]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 286s [p11_child[3479]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 286s [p11_child[3479]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 286s [p11_child[3479]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 286s [p11_child[3479]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 286s [p11_child[3479]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 286s [p11_child[3479]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 286s [p11_child[3479]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 286s [p11_child[3479]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 286s [p11_child[3479]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 286s [p11_child[3479]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 286s [p11_child[3479]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 286s [p11_child[3479]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 286s [p11_child[3479]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 286s [p11_child[3479]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 286s [p11_child[3479]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 286s [p11_child[3479]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 286s [p11_child[3479]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 286s [p11_child[3479]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 286s [p11_child[3479]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 286s [p11_child[3479]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 286s [p11_child[3479]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 286s [p11_child[3479]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 286s [p11_child[3479]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 286s [p11_child[3479]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 286s [p11_child[3479]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 286s [p11_child[3479]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 286s [p11_child[3479]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 286s [p11_child[3479]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 286s [p11_child[3479]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 286s [p11_child[3479]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 286s [p11_child[3479]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 286s [p11_child[3479]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 286s [p11_child[3479]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 286s [p11_child[3479]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 286s [p11_child[3479]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 286s [p11_child[3479]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 286s [p11_child[3479]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 286s [p11_child[3479]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 286s [p11_child[3479]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 286s [p11_child[3479]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 286s [p11_child[3479]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 286s [p11_child[3479]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 286s [p11_child[3479]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 286s [p11_child[3479]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 286s [p11_child[3479]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 286s [p11_child[3479]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 286s [p11_child[3479]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 286s [p11_child[3479]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 286s [p11_child[3479]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 286s [p11_child[3479]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 286s [p11_child[3479]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 286s [p11_child[3479]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 286s [p11_child[3479]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 286s [p11_child[3479]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 286s [p11_child[3479]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 286s [p11_child[3479]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 286s [p11_child[3479]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 286s [p11_child[3479]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 286s [p11_child[3479]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 286s [p11_child[3479]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 286s [p11_child[3479]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 286s [p11_child[3479]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 286s [p11_child[3479]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 286s [p11_child[3479]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 286s [p11_child[3479]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 286s [p11_child[3479]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 286s [p11_child[3479]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 286s [p11_child[3479]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 286s [p11_child[3479]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 286s [p11_child[3479]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 286s [p11_child[3479]] [do_card] (0x4000): Certificate verified and validated. 286s [p11_child[3479]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 286s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-ejg3vy/SSSD-child-29501-auth.output 286s + echo '-----BEGIN CERTIFICATE-----' 286s + tail -n1 /tmp/sssd-softhsm2-ejg3vy/SSSD-child-29501-auth.output 286s + echo '-----END CERTIFICATE-----' 286s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-ejg3vy/SSSD-child-29501-auth.pem 286s Certificate: 286s Data: 286s Version: 3 (0x2) 286s Serial Number: 5 (0x5) 286s Signature Algorithm: sha256WithRSAEncryption 286s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 286s Validity 286s Not Before: Jun 14 17:05:38 2024 GMT 286s Not After : Jun 14 17:05:38 2025 GMT 286s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 286s Subject Public Key Info: 286s Public Key Algorithm: rsaEncryption 286s Public-Key: (1024 bit) 286s Modulus: 286s 00:b0:a4:d9:6b:2f:82:5c:f2:90:ba:89:fa:50:e5: 286s 14:5e:66:5c:f9:7e:fb:88:cd:42:c6:00:7a:61:e6: 286s 72:f8:aa:16:32:2c:08:b5:e4:76:65:2c:30:64:fb: 286s cd:b7:84:fe:1d:be:33:0d:b3:89:2f:e0:81:8b:93: 286s 07:a7:0f:25:f8:06:c2:19:5b:96:4d:84:bf:84:34: 286s ec:70:e2:95:c7:04:d3:89:de:fa:b7:ed:6f:0c:71: 286s 59:0f:1f:d2:e8:2f:41:91:e7:79:66:98:59:f5:31: 286s 43:67:e7:c6:a3:40:9a:1b:79:fe:2b:7c:c5:3a:17: 286s 47:9f:e9:5b:7e:fa:d2:5c:a5 286s Exponent: 65537 (0x10001) 286s X509v3 extensions: 286s X509v3 Authority Key Identifier: 286s 3D:0C:3B:AB:15:47:56:34:3B:71:81:7F:9C:CA:8C:79:25:B1:7D:DF 286s X509v3 Basic Constraints: 286s CA:FALSE 286s Netscape Cert Type: 286s SSL Client, S/MIME 286s Netscape Comment: 286s Test Organization Sub Intermediate CA trusted Certificate 286s X509v3 Subject Key Identifier: 286s 22:91:B6:05:16:F4:2B:46:71:84:8E:04:ED:F2:FC:A3:00:40:ED:AA 286s X509v3 Key Usage: critical 286s Digital Signature, Non Repudiation, Key Encipherment 286s X509v3 Extended Key Usage: 286s TLS Web Client Authentication, E-mail Protection 286s X509v3 Subject Alternative Name: 286s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 286s Signature Algorithm: sha256WithRSAEncryption 286s Signature Value: 286s 76:24:17:93:d5:68:eb:2d:85:d7:cf:a3:36:5a:5a:c1:7c:e6: 286s 8b:45:a5:ab:c6:54:c8:f6:68:4f:d9:2c:fa:26:19:1e:75:71: 286s 33:d4:91:0d:17:9c:e7:15:14:e8:87:eb:54:34:db:46:96:04: 286s 08:6a:de:f9:2f:4e:eb:15:fa:31:f0:9d:e9:b3:11:5e:88:ab: 286s ba:14:1e:05:20:f3:cc:6c:d7:52:76:03:c4:c6:59:05:5b:0d: 286s 42:d7:99:7d:8c:e9:2f:8a:76:d5:8d:08:d3:71:b6:90:2c:cd: 286s 2f:08:e5:49:6f:de:38:72:be:c7:09:01:fd:fe:ef:43:bf:c2: 286s 70:cb 286s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-ejg3vy/SSSD-child-29501-auth.pem 287s 287s Test completed, Root CA and intermediate issued certificates verified! 287s + found_md5=Modulus=B0A4D96B2F825CF290BA89FA50E5145E665CF97EFB88CD42C6007A61E672F8AA16322C08B5E476652C3064FBCDB784FE1DBE330DB3892FE0818B9307A70F25F806C2195B964D84BF8434EC70E295C704D389DEFAB7ED6F0C71590F1FD2E82F4191E779669859F5314367E7C6A3409A1B79FE2B7CC53A17479FE95B7EFAD25CA5 287s + '[' Modulus=B0A4D96B2F825CF290BA89FA50E5145E665CF97EFB88CD42C6007A61E672F8AA16322C08B5E476652C3064FBCDB784FE1DBE330DB3892FE0818B9307A70F25F806C2195B964D84BF8434EC70E295C704D389DEFAB7ED6F0C71590F1FD2E82F4191E779669859F5314367E7C6A3409A1B79FE2B7CC53A17479FE95B7EFAD25CA5 '!=' Modulus=B0A4D96B2F825CF290BA89FA50E5145E665CF97EFB88CD42C6007A61E672F8AA16322C08B5E476652C3064FBCDB784FE1DBE330DB3892FE0818B9307A70F25F806C2195B964D84BF8434EC70E295C704D389DEFAB7ED6F0C71590F1FD2E82F4191E779669859F5314367E7C6A3409A1B79FE2B7CC53A17479FE95B7EFAD25CA5 ']' 287s + set +x 287s autopkgtest [17:05:46]: test sssd-softhism2-certificates-tests.sh: -----------------------] 288s autopkgtest [17:05:47]: test sssd-softhism2-certificates-tests.sh: - - - - - - - - - - results - - - - - - - - - - 288s sssd-softhism2-certificates-tests.sh PASS 289s autopkgtest [17:05:48]: test sssd-smart-card-pam-auth-configs: preparing testbed 291s Reading package lists... 291s Building dependency tree... 291s Reading state information... 292s Starting pkgProblemResolver with broken count: 0 293s Starting 2 pkgProblemResolver with broken count: 0 293s Done 295s The following additional packages will be installed: 295s pamtester 295s The following NEW packages will be installed: 295s autopkgtest-satdep pamtester 295s 0 upgraded, 2 newly installed, 0 to remove and 0 not upgraded. 295s Need to get 12.3 kB/13.0 kB of archives. 295s After this operation, 36.9 kB of additional disk space will be used. 295s Get:1 /tmp/autopkgtest.GSXCpf/4-autopkgtest-satdep.deb autopkgtest-satdep arm64 0 [756 B] 295s Get:2 http://ftpmaster.internal/ubuntu noble/universe arm64 pamtester arm64 0.1.2-4 [12.3 kB] 296s Fetched 12.3 kB in 1s (22.7 kB/s) 297s Selecting previously unselected package pamtester. 297s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 78566 files and directories currently installed.) 297s Preparing to unpack .../pamtester_0.1.2-4_arm64.deb ... 297s Unpacking pamtester (0.1.2-4) ... 297s Selecting previously unselected package autopkgtest-satdep. 297s Preparing to unpack .../4-autopkgtest-satdep.deb ... 297s Unpacking autopkgtest-satdep (0) ... 298s Setting up pamtester (0.1.2-4) ... 298s Setting up autopkgtest-satdep (0) ... 298s Processing triggers for man-db (2.12.0-4build2) ... 303s (Reading database ... 78572 files and directories currently installed.) 303s Removing autopkgtest-satdep (0) ... 304s autopkgtest [17:06:03]: test sssd-smart-card-pam-auth-configs: env OFFLINE_MODE=1 bash debian/tests/sssd-smart-card-pam-auth-configs-tester.sh 304s autopkgtest [17:06:03]: test sssd-smart-card-pam-auth-configs: [----------------------- 304s + '[' -z ubuntu ']' 304s + export DEBIAN_FRONTEND=noninteractive 304s + DEBIAN_FRONTEND=noninteractive 304s + required_tools=(pamtester softhsm2-util sssd) 304s + [[ ! -v OFFLINE_MODE ]] 304s + for cmd in "${required_tools[@]}" 304s + command -v pamtester 304s + for cmd in "${required_tools[@]}" 304s + command -v softhsm2-util 304s + for cmd in "${required_tools[@]}" 304s + command -v sssd 304s + PIN=123456 304s ++ mktemp -d -t sssd-softhsm2-certs-XXXXXX 304s + tmpdir=/tmp/sssd-softhsm2-certs-lLIkU9 304s + backupsdir= 304s + alternative_pam_configs=(sss-smart-card-optional sss-smart-card-required) 304s + declare -a restore_paths 304s + declare -a delete_paths 304s + trap handle_exit EXIT 304s ++ dirname debian/tests/sssd-smart-card-pam-auth-configs-tester.sh 304s + tester=debian/tests/sssd-softhism2-certificates-tests.sh 304s + '[' '!' -e debian/tests/sssd-softhism2-certificates-tests.sh ']' 304s + '[' '!' -e debian/tests/sssd-softhism2-certificates-tests.sh ']' 304s + export PIN TEST_TMPDIR=/tmp/sssd-softhsm2-certs-lLIkU9 GENERATE_SMART_CARDS=1 KEEP_TEMPORARY_FILES=1 NO_SSSD_TESTS=1 304s + TEST_TMPDIR=/tmp/sssd-softhsm2-certs-lLIkU9 304s + GENERATE_SMART_CARDS=1 304s + KEEP_TEMPORARY_FILES=1 304s + NO_SSSD_TESTS=1 304s + bash debian/tests/sssd-softhism2-certificates-tests.sh 304s + '[' -z ubuntu ']' 304s + required_tools=(p11tool openssl softhsm2-util) 304s + for cmd in "${required_tools[@]}" 304s + command -v p11tool 304s + for cmd in "${required_tools[@]}" 304s + command -v openssl 304s + for cmd in "${required_tools[@]}" 304s + command -v softhsm2-util 304s + PIN=123456 304s +++ find /usr/lib/softhsm/libsofthsm2.so 304s +++ head -n 1 304s ++ realpath /usr/lib/softhsm/libsofthsm2.so 304s + SOFTHSM2_MODULE=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so 304s + SSSD_P11_CHILD=/usr/libexec/sssd/p11_child 304s + TOKEN_ID=00112233445566778899FFAABBCCDDEEFF012345 304s + '[' '!' -v NO_SSSD_TESTS ']' 304s + '[' '!' -e /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so ']' 304s + tmpdir=/tmp/sssd-softhsm2-certs-lLIkU9 304s + keys_size=1024 304s + [[ ! -v KEEP_TEMPORARY_FILES ]] 304s + trap 'set +x; echo -e "\nUnexpected failure!!!"' ERR 304s + echo -n 01 304s + touch /tmp/sssd-softhsm2-certs-lLIkU9/index.txt 304s + mkdir -p /tmp/sssd-softhsm2-certs-lLIkU9/new_certs 304s + cat 304s + root_ca_key_pass=pass:random-root-CA-password-15419 304s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-certs-lLIkU9/test-root-CA-key.pem -passout pass:random-root-CA-password-15419 1024 304s + openssl req -passin pass:random-root-CA-password-15419 -batch -config /tmp/sssd-softhsm2-certs-lLIkU9/test-root-CA.config -x509 -new -nodes -key /tmp/sssd-softhsm2-certs-lLIkU9/test-root-CA-key.pem -sha256 -days 1024 -set_serial 0 -extensions v3_ca -out /tmp/sssd-softhsm2-certs-lLIkU9/test-root-CA.pem 304s + openssl x509 -noout -in /tmp/sssd-softhsm2-certs-lLIkU9/test-root-CA.pem 304s + cat 304s + intermediate_ca_key_pass=pass:random-intermediate-CA-password-15964 304s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-certs-lLIkU9/test-intermediate-CA-key.pem -passout pass:random-intermediate-CA-password-15964 1024 304s + openssl req -batch -new -nodes -passin pass:random-intermediate-CA-password-15964 -config /tmp/sssd-softhsm2-certs-lLIkU9/test-intermediate-CA.config -key /tmp/sssd-softhsm2-certs-lLIkU9/test-intermediate-CA-key.pem -passout pass:random-root-CA-password-15419 -sha256 -extensions v3_ca -out /tmp/sssd-softhsm2-certs-lLIkU9/test-intermediate-CA-certificate-request.pem 304s + openssl req -text -noout -in /tmp/sssd-softhsm2-certs-lLIkU9/test-intermediate-CA-certificate-request.pem 304s Certificate Request: 304s Data: 304s Version: 1 (0x0) 304s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 304s Subject Public Key Info: 304s Public Key Algorithm: rsaEncryption 304s Public-Key: (1024 bit) 304s Modulus: 304s 00:af:e3:a0:18:99:5d:92:3c:26:a1:af:33:bb:7e: 304s 10:46:d6:98:8d:a0:2f:6f:4f:8b:de:33:77:83:19: 304s 1f:8a:73:2e:ea:69:e5:a6:61:bb:bb:90:2e:63:1e: 304s 2d:f0:cd:0e:6d:62:f5:ec:a2:d2:9d:3e:e7:de:74: 304s a1:e9:32:39:a9:05:1b:d0:97:fe:21:91:6a:7d:56: 304s a6:ac:a2:4a:8c:18:0b:5b:36:59:c7:b7:b5:ed:70: 304s 63:c7:06:27:9e:4a:1d:f2:f2:9b:15:b1:84:6c:96: 304s 14:43:0a:46:77:c6:4b:ee:98:62:35:e7:e6:ff:b3: 304s 24:28:97:57:71:c0:28:11:0f 304s Exponent: 65537 (0x10001) 304s Attributes: 304s (none) 304s Requested Extensions: 304s Signature Algorithm: sha256WithRSAEncryption 304s Signature Value: 304s 3c:ce:da:c6:64:fb:42:05:da:1a:83:28:8d:d6:4f:f2:40:61: 304s 7e:69:0e:3f:1d:2b:3b:dd:c6:77:e8:b0:2b:a4:2a:5d:8a:af: 304s 66:6d:7c:0d:df:62:39:19:66:87:33:28:74:8d:f7:f1:08:2d: 304s c7:a0:59:73:bb:13:b1:7b:35:c9:ac:05:4f:46:71:06:12:26: 304s ed:6b:8b:93:7c:68:c5:12:8d:76:1c:50:f8:3c:5e:f7:67:d2: 304s ef:58:66:10:7d:0e:54:be:fa:d5:6d:2d:70:f7:71:02:b2:2d: 304s c6:ed:da:ff:80:d6:22:73:a6:04:67:55:00:30:ba:88:90:de: 304s 17:e4 304s + openssl ca -batch -notext -config /tmp/sssd-softhsm2-certs-lLIkU9/test-root-CA.config -passin pass:random-root-CA-password-15419 -keyfile /tmp/sssd-softhsm2-certs-lLIkU9/test-root-CA-key.pem -in /tmp/sssd-softhsm2-certs-lLIkU9/test-intermediate-CA-certificate-request.pem -days 365 -extensions v3_intermediate_ca -out /tmp/sssd-softhsm2-certs-lLIkU9/test-intermediate-CA.pem 304s Using configuration from /tmp/sssd-softhsm2-certs-lLIkU9/test-root-CA.config 304s Check that the request matches the signature 304s Signature ok 304s Certificate Details: 304s Serial Number: 1 (0x1) 304s Validity 304s Not Before: Jun 14 17:06:03 2024 GMT 304s Not After : Jun 14 17:06:03 2025 GMT 304s Subject: 304s organizationName = Test Organization 304s organizationalUnitName = Test Organization Unit 304s commonName = Test Organization Intermediate CA 304s X509v3 extensions: 304s X509v3 Subject Key Identifier: 304s 35:80:E0:C0:9D:28:8F:07:6D:9D:2B:7E:0A:A0:F9:C8:72:B4:88:14 304s X509v3 Authority Key Identifier: 304s keyid:3F:6A:33:B7:07:C8:51:BF:84:6C:60:D5:3D:5E:2A:FF:99:B4:39:43 304s DirName:/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root CA 304s serial:00 304s X509v3 Basic Constraints: 304s CA:TRUE 304s X509v3 Key Usage: critical 304s Digital Signature, Certificate Sign, CRL Sign 304s Certificate is to be certified until Jun 14 17:06:03 2025 GMT (365 days) 304s 304s Write out database with 1 new entries 304s Database updated 304s + openssl x509 -noout -in /tmp/sssd-softhsm2-certs-lLIkU9/test-intermediate-CA.pem 304s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-lLIkU9/test-root-CA.pem /tmp/sssd-softhsm2-certs-lLIkU9/test-intermediate-CA.pem 304s /tmp/sssd-softhsm2-certs-lLIkU9/test-intermediate-CA.pem: OK 304s + cat 304s + sub_intermediate_ca_key_pass=pass:random-sub-intermediate-CA-password-27013 304s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-certs-lLIkU9/test-sub-intermediate-CA-key.pem -passout pass:random-sub-intermediate-CA-password-27013 1024 304s + openssl req -batch -new -nodes -passin pass:random-sub-intermediate-CA-password-27013 -config /tmp/sssd-softhsm2-certs-lLIkU9/test-sub-intermediate-CA.config -key /tmp/sssd-softhsm2-certs-lLIkU9/test-sub-intermediate-CA-key.pem -passout pass:random-intermediate-CA-password-15964 -sha256 -extensions v3_ca -out /tmp/sssd-softhsm2-certs-lLIkU9/test-sub-intermediate-CA-certificate-request.pem 304s + openssl req -text -noout -in /tmp/sssd-softhsm2-certs-lLIkU9/test-sub-intermediate-CA-certificate-request.pem 304s Certificate Request: 304s Data: 304s Version: 1 (0x0) 304s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 304s Subject Public Key Info: 304s Public Key Algorithm: rsaEncryption 304s Public-Key: (1024 bit) 304s Modulus: 304s 00:e5:69:45:05:87:47:69:b1:bc:13:5f:eb:cb:cf: 304s 05:dd:11:43:04:88:d8:15:c5:b5:f1:c7:57:fb:4b: 304s b4:6f:9c:56:d1:c2:3e:06:e8:b1:f3:4a:01:c3:1c: 304s 96:8b:23:06:7a:5b:4f:d5:c4:47:b2:2b:45:32:6f: 304s 6a:87:fb:01:dd:a6:fd:a4:de:87:ef:6d:0c:92:60: 304s a0:99:11:76:ee:ce:22:ae:23:91:1f:53:09:f4:f3: 304s 37:3c:26:21:38:0e:45:81:44:04:06:10:50:5f:ab: 304s 98:e8:6f:9a:df:5f:42:41:d1:fb:27:81:ef:d8:9e: 304s b5:70:a5:44:60:01:8d:89:45 304s Exponent: 65537 (0x10001) 304s Attributes: 304s (none) 304s Requested Extensions: 304s Signature Algorithm: sha256WithRSAEncryption 304s Signature Value: 304s 95:8f:57:12:5e:0a:66:4b:d6:b8:ee:59:7f:1b:9a:e6:e0:dc: 304s 85:ae:e4:e3:6c:40:b9:97:45:f3:af:ff:d7:db:12:dd:ff:9e: 304s 65:ba:90:fe:62:1b:8b:67:ab:62:79:86:80:00:13:f2:d4:06: 304s a0:40:fe:57:3d:04:91:f7:48:a6:ec:28:d9:69:b5:c0:0e:c0: 304s f6:f5:b4:e8:3f:d6:37:e7:a9:4f:b0:67:ce:6e:14:de:9d:45: 304s a2:db:97:d7:87:15:12:80:6b:82:2b:bc:2e:39:f4:98:0d:a1: 304s b5:59:d6:b2:a5:17:f1:2d:25:8e:69:1b:96:1e:5f:fd:08:cd: 304s 63:b0 304s + openssl ca -batch -notext -config /tmp/sssd-softhsm2-certs-lLIkU9/test-intermediate-CA.config -passin pass:random-intermediate-CA-password-15964 -keyfile /tmp/sssd-softhsm2-certs-lLIkU9/test-intermediate-CA-key.pem -in /tmp/sssd-softhsm2-certs-lLIkU9/test-sub-intermediate-CA-certificate-request.pem -days 365 -extensions v3_intermediate_ca -out /tmp/sssd-softhsm2-certs-lLIkU9/test-sub-intermediate-CA.pem 304s Using configuration from /tmp/sssd-softhsm2-certs-lLIkU9/test-intermediate-CA.config 304s Check that the request matches the signature 304s Signature ok 304s Certificate Details: 304s Serial Number: 2 (0x2) 304s Validity 304s Not Before: Jun 14 17:06:03 2024 GMT 304s Not After : Jun 14 17:06:03 2025 GMT 304s Subject: 304s organizationName = Test Organization 304s organizationalUnitName = Test Organization Unit 304s commonName = Test Organization Sub Intermediate CA 304s X509v3 extensions: 304s X509v3 Subject Key Identifier: 304s 6E:71:D5:F2:8E:DC:77:3B:18:42:77:49:E8:77:1C:F1:01:FD:D3:6A 304s X509v3 Authority Key Identifier: 304s keyid:35:80:E0:C0:9D:28:8F:07:6D:9D:2B:7E:0A:A0:F9:C8:72:B4:88:14 304s DirName:/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root CA 304s serial:01 304s X509v3 Basic Constraints: 304s CA:TRUE 304s X509v3 Key Usage: critical 304s Digital Signature, Certificate Sign, CRL Sign 304s Certificate is to be certified until Jun 14 17:06:03 2025 GMT (365 days) 304s 304s Write out database with 1 new entries 304s Database updated 304s + openssl x509 -noout -in /tmp/sssd-softhsm2-certs-lLIkU9/test-sub-intermediate-CA.pem 304s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-certs-lLIkU9/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-lLIkU9/test-sub-intermediate-CA.pem 304s /tmp/sssd-softhsm2-certs-lLIkU9/test-sub-intermediate-CA.pem: OK 304s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-certs-lLIkU9/test-root-CA.pem /tmp/sssd-softhsm2-certs-lLIkU9/test-sub-intermediate-CA.pem 304s + local cmd=openssl 304s + shift 304s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-lLIkU9/test-root-CA.pem /tmp/sssd-softhsm2-certs-lLIkU9/test-sub-intermediate-CA.pem 304s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 304s error 20 at 0 depth lookup: unable to get local issuer certificate 304s error /tmp/sssd-softhsm2-certs-lLIkU9/test-sub-intermediate-CA.pem: verification failed 304s + cat 304s + root_ca_trusted_cert_0001_key_pass=pass:random-root-ca-trusted-cert-0001-13285 304s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-certs-lLIkU9/test-root-CA-trusted-certificate-0001-key.pem -passout pass:random-root-ca-trusted-cert-0001-13285 1024 305s + openssl req -new -nodes -reqexts req_exts -passin pass:random-root-ca-trusted-cert-0001-13285 -key /tmp/sssd-softhsm2-certs-lLIkU9/test-root-CA-trusted-certificate-0001-key.pem -config /tmp/sssd-softhsm2-certs-lLIkU9/test-root-CA-trusted-certificate-0001.config -out /tmp/sssd-softhsm2-certs-lLIkU9/test-root-CA-trusted-certificate-0001-request.pem 305s + openssl req -text -noout -in /tmp/sssd-softhsm2-certs-lLIkU9/test-root-CA-trusted-certificate-0001-request.pem 305s Certificate Request: 305s Data: 305s Version: 1 (0x0) 305s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 305s Subject Public Key Info: 305s Public Key Algorithm: rsaEncryption 305s Public-Key: (1024 bit) 305s Modulus: 305s 00:ce:52:5a:a7:90:75:1f:4e:83:e5:75:ed:8d:45: 305s 35:7b:f6:e6:ae:4f:ab:11:66:2c:26:5e:79:80:7f: 305s 64:e3:24:ac:03:2e:a7:cc:3b:d7:2f:12:d4:7c:ac: 305s 16:ec:28:3f:d1:fc:f3:f4:ac:8b:11:fa:81:b0:74: 305s 31:ca:c0:03:53:32:15:eb:49:c9:13:a8:4c:c5:17: 305s c2:75:90:75:1f:86:3e:91:4c:03:49:c2:ad:d2:f5: 305s a8:da:9b:98:c3:e7:ef:15:76:04:44:2b:56:0e:92: 305s 06:ac:09:fb:29:32:6e:13:f7:ba:85:f0:4b:fb:e3: 305s 8c:ff:27:85:88:12:f4:e7:4b 305s Exponent: 65537 (0x10001) 305s Attributes: 305s Requested Extensions: 305s X509v3 Basic Constraints: 305s CA:FALSE 305s Netscape Cert Type: 305s SSL Client, S/MIME 305s Netscape Comment: 305s Test Organization Root CA trusted Certificate 305s X509v3 Subject Key Identifier: 305s F6:B4:06:80:35:0D:39:66:C5:9E:38:DD:34:34:E3:1C:BD:80:2F:1A 305s X509v3 Key Usage: critical 305s Digital Signature, Non Repudiation, Key Encipherment 305s X509v3 Extended Key Usage: 305s TLS Web Client Authentication, E-mail Protection 305s X509v3 Subject Alternative Name: 305s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 305s Signature Algorithm: sha256WithRSAEncryption 305s Signature Value: 305s b7:29:bd:b4:6e:e4:6a:4f:ed:2f:fa:c2:f7:7e:59:42:e9:e7: 305s 54:28:20:ce:46:8d:71:f6:3a:04:84:01:78:5b:6a:75:a9:69: 305s cc:78:93:70:3c:a9:c5:66:60:8e:14:dc:b8:9e:45:cd:d8:a2: 305s 18:6a:d2:75:3b:f5:06:6d:f4:af:33:02:9e:63:ed:e2:80:54: 305s 30:77:43:06:e2:6c:ef:7a:2e:f8:67:7e:be:16:5a:a4:64:d3: 305s aa:cb:27:6b:00:3d:f5:a2:4d:ab:7f:64:c7:dc:0f:f0:31:0f: 305s 73:4c:fb:ea:32:6f:f2:5d:24:91:6b:41:77:bd:d7:12:a3:30: 305s 92:e0 305s + openssl ca -batch -notext -config /tmp/sssd-softhsm2-certs-lLIkU9/test-root-CA.config -passin pass:random-root-CA-password-15419 -keyfile /tmp/sssd-softhsm2-certs-lLIkU9/test-root-CA-key.pem -in /tmp/sssd-softhsm2-certs-lLIkU9/test-root-CA-trusted-certificate-0001-request.pem -days 365 -extensions usr_cert -out /tmp/sssd-softhsm2-certs-lLIkU9/test-root-CA-trusted-certificate-0001.pem 305s Using configuration from /tmp/sssd-softhsm2-certs-lLIkU9/test-root-CA.config 305s Check that the request matches the signature 305s Signature ok 305s Certificate Details: 305s Serial Number: 3 (0x3) 305s Validity 305s Not Before: Jun 14 17:06:04 2024 GMT 305s Not After : Jun 14 17:06:04 2025 GMT 305s Subject: 305s organizationName = Test Organization 305s organizationalUnitName = Test Organization Unit 305s commonName = Test Organization Root Trusted Certificate 0001 305s X509v3 extensions: 305s X509v3 Authority Key Identifier: 305s 3F:6A:33:B7:07:C8:51:BF:84:6C:60:D5:3D:5E:2A:FF:99:B4:39:43 305s X509v3 Basic Constraints: 305s CA:FALSE 305s Netscape Cert Type: 305s SSL Client, S/MIME 305s Netscape Comment: 305s Test Organization Root CA trusted Certificate 305s X509v3 Subject Key Identifier: 305s F6:B4:06:80:35:0D:39:66:C5:9E:38:DD:34:34:E3:1C:BD:80:2F:1A 305s X509v3 Key Usage: critical 305s Digital Signature, Non Repudiation, Key Encipherment 305s X509v3 Extended Key Usage: 305s TLS Web Client Authentication, E-mail Protection 305s X509v3 Subject Alternative Name: 305s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 305s Certificate is to be certified until Jun 14 17:06:04 2025 GMT (365 days) 305s 305s Write out database with 1 new entries 305s Database updated 305s + openssl x509 -noout -in /tmp/sssd-softhsm2-certs-lLIkU9/test-root-CA-trusted-certificate-0001.pem 305s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-lLIkU9/test-root-CA.pem /tmp/sssd-softhsm2-certs-lLIkU9/test-root-CA-trusted-certificate-0001.pem 305s /tmp/sssd-softhsm2-certs-lLIkU9/test-root-CA-trusted-certificate-0001.pem: OK 305s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-certs-lLIkU9/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-lLIkU9/test-root-CA-trusted-certificate-0001.pem 305s + local cmd=openssl 305s + shift 305s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-lLIkU9/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-lLIkU9/test-root-CA-trusted-certificate-0001.pem 305s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 305s error 20 at 0 depth lookup: unable to get local issuer certificate 305s error /tmp/sssd-softhsm2-certs-lLIkU9/test-root-CA-trusted-certificate-0001.pem: verification failed 305s + cat 305s + intermediate_ca_trusted_cert_0001_key_pass=pass:random-intermediate-ca-trusted-cert-0001-27998 305s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-certs-lLIkU9/test-intermediate-CA-trusted-certificate-0001-key.pem -passout pass:random-intermediate-ca-trusted-cert-0001-27998 1024 305s + openssl req -new -nodes -reqexts req_exts -passin pass:random-intermediate-ca-trusted-cert-0001-27998 -key /tmp/sssd-softhsm2-certs-lLIkU9/test-intermediate-CA-trusted-certificate-0001-key.pem -config /tmp/sssd-softhsm2-certs-lLIkU9/test-intermediate-CA-trusted-certificate-0001.config -out /tmp/sssd-softhsm2-certs-lLIkU9/test-intermediate-CA-trusted-certificate-0001-request.pem 305s + openssl req -text -noout -in /tmp/sssd-softhsm2-certs-lLIkU9/test-intermediate-CA-trusted-certificate-0001-request.pem 305s Certificate Request: 305s Data: 305s Version: 1 (0x0) 305s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 305s Subject Public Key Info: 305s Public Key Algorithm: rsaEncryption 305s Public-Key: (1024 bit) 305s Modulus: 305s 00:a8:2e:7d:06:20:6a:fe:86:b5:5a:ee:78:82:cd: 305s 79:2b:e6:9c:e1:ba:10:05:06:d7:0f:7e:02:8d:54: 305s 94:96:e3:da:5e:ff:b0:7b:c5:54:af:99:42:3c:42: 305s 5d:bc:60:81:8d:5d:1e:26:f8:20:38:b6:60:41:f1: 305s d0:88:2a:15:fb:63:0b:03:f4:49:d3:0e:d2:3d:be: 305s 8d:77:13:46:53:d6:95:b8:74:bd:43:9f:34:9c:fe: 305s 39:83:94:1d:ce:5a:73:04:f0:8a:77:bc:dc:6a:b3: 305s ac:aa:c3:77:6d:33:aa:01:92:a2:89:d6:01:88:62: 305s 57:4c:4f:9f:be:88:9b:f3:c3 305s Exponent: 65537 (0x10001) 305s Attributes: 305s Requested Extensions: 305s X509v3 Basic Constraints: 305s CA:FALSE 305s Netscape Cert Type: 305s SSL Client, S/MIME 305s Netscape Comment: 305s Test Organization Intermediate CA trusted Certificate 305s X509v3 Subject Key Identifier: 305s BB:14:7A:54:DB:0B:0F:D7:AF:CF:9B:4A:30:62:0E:63:6A:01:37:37 305s X509v3 Key Usage: critical 305s Digital Signature, Non Repudiation, Key Encipherment 305s X509v3 Extended Key Usage: 305s TLS Web Client Authentication, E-mail Protection 305s X509v3 Subject Alternative Name: 305s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 305s Signature Algorithm: sha256WithRSAEncryption 305s Signature Value: 305s 52:e6:63:15:d1:66:be:da:9f:10:69:cb:1d:0a:7e:c2:5a:86: 305s 51:9f:74:af:18:b8:7f:26:f9:22:fa:56:03:2d:7b:a4:8d:72: 305s 42:7f:8f:cf:1e:f5:09:6d:77:44:74:60:e4:99:55:d7:95:97: 305s a2:f2:49:80:d4:e7:b2:88:de:0c:01:59:2c:ef:57:84:88:25: 305s 64:02:36:7e:5d:46:e4:2a:8d:98:c6:a6:a1:23:f0:e7:28:af: 305s cd:26:69:4c:9d:ff:9b:4e:ec:d5:80:44:02:d6:22:58:fa:41: 305s 1e:a7:77:0b:0a:01:ca:1b:28:e7:f1:da:06:d2:71:aa:b5:46: 305s 79:9c 305s + openssl ca -passin pass:random-intermediate-CA-password-15964 -config /tmp/sssd-softhsm2-certs-lLIkU9/test-intermediate-CA.config -batch -notext -keyfile /tmp/sssd-softhsm2-certs-lLIkU9/test-intermediate-CA-key.pem -in /tmp/sssd-softhsm2-certs-lLIkU9/test-intermediate-CA-trusted-certificate-0001-request.pem -days 365 -extensions usr_cert -out /tmp/sssd-softhsm2-certs-lLIkU9/test-intermediate-CA-trusted-certificate-0001.pem 305s Using configuration from /tmp/sssd-softhsm2-certs-lLIkU9/test-intermediate-CA.config 305s Check that the request matches the signature 305s Signature ok 305s Certificate Details: 305s Serial Number: 4 (0x4) 305s Validity 305s Not Before: Jun 14 17:06:04 2024 GMT 305s Not After : Jun 14 17:06:04 2025 GMT 305s Subject: 305s organizationName = Test Organization 305s organizationalUnitName = Test Organization Unit 305s commonName = Test Organization Intermediate Trusted Certificate 0001 305s X509v3 extensions: 305s X509v3 Authority Key Identifier: 305s 35:80:E0:C0:9D:28:8F:07:6D:9D:2B:7E:0A:A0:F9:C8:72:B4:88:14 305s X509v3 Basic Constraints: 305s CA:FALSE 305s Netscape Cert Type: 305s SSL Client, S/MIME 305s Netscape Comment: 305s Test Organization Intermediate CA trusted Certificate 305s X509v3 Subject Key Identifier: 305s BB:14:7A:54:DB:0B:0F:D7:AF:CF:9B:4A:30:62:0E:63:6A:01:37:37 305s X509v3 Key Usage: critical 305s Digital Signature, Non Repudiation, Key Encipherment 305s X509v3 Extended Key Usage: 305s TLS Web Client Authentication, E-mail Protection 305s X509v3 Subject Alternative Name: 305s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 305s Certificate is to be certified until Jun 14 17:06:04 2025 GMT (365 days) 305s 305s Write out database with 1 new entries 305s Database updated 305s + openssl x509 -noout -in /tmp/sssd-softhsm2-certs-lLIkU9/test-intermediate-CA-trusted-certificate-0001.pem 305s + echo 'This certificate should not be trusted fully' 305s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-certs-lLIkU9/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-lLIkU9/test-intermediate-CA-trusted-certificate-0001.pem 305s + local cmd=openssl 305s + shift 305s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-lLIkU9/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-lLIkU9/test-intermediate-CA-trusted-certificate-0001.pem 305s This certificate should not be trusted fully 305s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 305s error 2 at 1 depth lookup: unable to get issuer certificate 305s error /tmp/sssd-softhsm2-certs-lLIkU9/test-intermediate-CA-trusted-certificate-0001.pem: verification failed 305s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-certs-lLIkU9/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-lLIkU9/test-intermediate-CA-trusted-certificate-0001.pem 305s /tmp/sssd-softhsm2-certs-lLIkU9/test-intermediate-CA-trusted-certificate-0001.pem: OK 305s + cat 305s + sub_intermediate_ca_trusted_cert_0001_key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-16517 305s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-certs-lLIkU9/test-sub-intermediate-CA-trusted-certificate-0001-key.pem -passout pass:random-sub-intermediate-ca-trusted-cert-0001-16517 1024 305s + openssl req -new -nodes -reqexts req_exts -passin pass:random-sub-intermediate-ca-trusted-cert-0001-16517 -key /tmp/sssd-softhsm2-certs-lLIkU9/test-sub-intermediate-CA-trusted-certificate-0001-key.pem -config /tmp/sssd-softhsm2-certs-lLIkU9/test-sub-intermediate-CA-trusted-certificate-0001.config -out /tmp/sssd-softhsm2-certs-lLIkU9/test-sub-intermediate-CA-trusted-certificate-0001-request.pem 305s Certificate Request: 305s Data: 305s Version: 1 (0x0) 305s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 305s Subject Public Key Info: 305s Public Key Algorithm: rsaEncryption 305s Public-Key: (1024 bit) 305s Modulus: 305s 00:a0:1f:46:68:9d:2f:16:3a:38:10:eb:07:09:fc: 305s cb:1d:ab:b7:d9:86:0a:94:6a:a4:1a:10:b8:e1:f7: 305s b8:e7:1e:a2:3a:e1:55:23:32:87:d1:45:e2:3a:f6: 305s b8:68:17:68:d1:b2:ec:25:bb:88:b5:7b:eb:29:ee: 305s 2d:24:63:15:99:6a:d6:96:51:d1:e8:bd:2e:45:b5: 305s cc:fe:18:3a:bb:05:24:e3:2a:da:bd:e7:6f:49:72: 305s eb:78:73:36:84:20:96:55:2e:38:f3:fe:c6:10:b2: 305s 0c:e6:64:38:8b:04:44:12:7b:85:18:d6:ac:a1:7c: 305s 27:11:c0:9f:ce:37:b6:3d:f9 305s Exponent: 65537 (0x10001) 305s Attributes: 305s Requested Extensions: 305s X509v3 Basic Constraints: 305s CA:FALSE 305s Netscape Cert Type: 305s SSL Client, S/MIME 305s Netscape Comment: 305s Test Organization Sub Intermediate CA trusted Certificate 305s X509v3 Subject Key Identifier: 305s E3:B8:C6:78:44:18:7B:8C:AA:7C:01:AD:0F:84:40:2D:8C:81:C6:F8 305s X509v3 Key Usage: critical 305s Digital Signature, Non Repudiation, Key Encipherment 305s X509v3 Extended Key Usage: 305s TLS Web Client Authentication, E-mail Protection 305s X509v3 Subject Alternative Name: 305s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 305s Signature Algorithm: sha256WithRSAEncryption 305s Signature Value: 305s 4f:e1:63:74:26:0f:ac:05:e1:45:27:ef:47:fe:c7:79:1e:a0: 305s cd:18:a7:cb:24:83:a5:94:1b:c2:d0:c2:77:bf:37:d9:96:fd: 305s 86:4f:28:13:08:99:86:04:81:60:3a:a8:dd:e2:77:7b:d8:d9: 305s 0a:fe:83:52:39:5d:6a:29:3f:cb:06:98:56:98:81:dd:f5:e1: 305s af:4c:43:fb:ed:a9:1b:86:20:4b:b1:b1:cd:08:f2:eb:11:16: 305s 3c:17:ec:9d:1d:3e:a2:60:cd:7d:80:68:f1:24:59:02:e9:b3: 305s 5f:51:3d:c4:cf:93:c1:cd:ed:11:a1:02:7f:31:f4:8e:fc:ea: 305s dc:78 305s + openssl req -text -noout -in /tmp/sssd-softhsm2-certs-lLIkU9/test-sub-intermediate-CA-trusted-certificate-0001-request.pem 305s + openssl ca -passin pass:random-sub-intermediate-CA-password-27013 -config /tmp/sssd-softhsm2-certs-lLIkU9/test-sub-intermediate-CA.config -batch -notext -keyfile /tmp/sssd-softhsm2-certs-lLIkU9/test-sub-intermediate-CA-key.pem -in /tmp/sssd-softhsm2-certs-lLIkU9/test-sub-intermediate-CA-trusted-certificate-0001-request.pem -days 365 -extensions usr_cert -out /tmp/sssd-softhsm2-certs-lLIkU9/test-sub-intermediate-CA-trusted-certificate-0001.pem 305s Using configuration from /tmp/sssd-softhsm2-certs-lLIkU9/test-sub-intermediate-CA.config 305s Check that the request matches the signature 305s Signature ok 305s Certificate Details: 305s Serial Number: 5 (0x5) 305s Validity 305s Not Before: Jun 14 17:06:04 2024 GMT 305s Not After : Jun 14 17:06:04 2025 GMT 305s Subject: 305s organizationName = Test Organization 305s organizationalUnitName = Test Organization Unit 305s commonName = Test Organization Sub Intermediate Trusted Certificate 0001 305s X509v3 extensions: 305s X509v3 Authority Key Identifier: 305s 6E:71:D5:F2:8E:DC:77:3B:18:42:77:49:E8:77:1C:F1:01:FD:D3:6A 305s X509v3 Basic Constraints: 305s CA:FALSE 305s Netscape Cert Type: 305s SSL Client, S/MIME 305s Netscape Comment: 305s Test Organization Sub Intermediate CA trusted Certificate 305s X509v3 Subject Key Identifier: 305s E3:B8:C6:78:44:18:7B:8C:AA:7C:01:AD:0F:84:40:2D:8C:81:C6:F8 305s X509v3 Key Usage: critical 305s Digital Signature, Non Repudiation, Key Encipherment 305s X509v3 Extended Key Usage: 305s TLS Web Client Authentication, E-mail Protection 305s X509v3 Subject Alternative Name: 305s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 305s Certificate is to be certified until Jun 14 17:06:04 2025 GMT (365 days) 305s 305s Write out database with 1 new entries 305s Database updated 305s + openssl x509 -noout -in /tmp/sssd-softhsm2-certs-lLIkU9/test-sub-intermediate-CA-trusted-certificate-0001.pem 305s This certificate should not be trusted fully 305s + echo 'This certificate should not be trusted fully' 305s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-certs-lLIkU9/test-sub-intermediate-CA.pem /tmp/sssd-softhsm2-certs-lLIkU9/test-sub-intermediate-CA-trusted-certificate-0001.pem 305s + local cmd=openssl 305s + shift 305s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-lLIkU9/test-sub-intermediate-CA.pem /tmp/sssd-softhsm2-certs-lLIkU9/test-sub-intermediate-CA-trusted-certificate-0001.pem 305s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 305s error 2 at 1 depth lookup: unable to get issuer certificate 305s error /tmp/sssd-softhsm2-certs-lLIkU9/test-sub-intermediate-CA-trusted-certificate-0001.pem: verification failed 305s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-certs-lLIkU9/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-lLIkU9/test-sub-intermediate-CA-trusted-certificate-0001.pem 305s + local cmd=openssl 305s + shift 305s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-lLIkU9/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-lLIkU9/test-sub-intermediate-CA-trusted-certificate-0001.pem 305s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 305s error 20 at 0 depth lookup: unable to get local issuer certificate 305s error /tmp/sssd-softhsm2-certs-lLIkU9/test-sub-intermediate-CA-trusted-certificate-0001.pem: verification failed 305s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-certs-lLIkU9/test-sub-intermediate-CA.pem /tmp/sssd-softhsm2-certs-lLIkU9/test-sub-intermediate-CA-trusted-certificate-0001.pem 305s /tmp/sssd-softhsm2-certs-lLIkU9/test-sub-intermediate-CA-trusted-certificate-0001.pem: OK 305s + expect_fail openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-certs-lLIkU9/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-lLIkU9/test-sub-intermediate-CA-trusted-certificate-0001.pem 305s + local cmd=openssl 305s + shift 305s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-certs-lLIkU9/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-lLIkU9/test-sub-intermediate-CA-trusted-certificate-0001.pem 305s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 305s error 20 at 0 depth lookup: unable to get local issuer certificate 305s error /tmp/sssd-softhsm2-certs-lLIkU9/test-sub-intermediate-CA-trusted-certificate-0001.pem: verification failed 305s Building a the full-chain CA file... 305s + echo 'Building a the full-chain CA file...' 305s + cat /tmp/sssd-softhsm2-certs-lLIkU9/test-root-CA.pem /tmp/sssd-softhsm2-certs-lLIkU9/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-lLIkU9/test-sub-intermediate-CA.pem 305s + cat /tmp/sssd-softhsm2-certs-lLIkU9/test-root-CA.pem /tmp/sssd-softhsm2-certs-lLIkU9/test-intermediate-CA.pem 305s + cat /tmp/sssd-softhsm2-certs-lLIkU9/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-lLIkU9/test-sub-intermediate-CA.pem 305s + openssl crl2pkcs7 -nocrl -certfile /tmp/sssd-softhsm2-certs-lLIkU9/test-full-chain-CA.pem 305s + openssl pkcs7 -print_certs -noout 305s subject=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 305s issuer=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 305s 305s subject=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 305s issuer=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 305s 305s subject=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 305s issuer=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 305s 305s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-lLIkU9/test-full-chain-CA.pem /tmp/sssd-softhsm2-certs-lLIkU9/test-intermediate-CA.pem 305s /tmp/sssd-softhsm2-certs-lLIkU9/test-intermediate-CA.pem: OK 305s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-lLIkU9/test-full-chain-CA.pem /tmp/sssd-softhsm2-certs-lLIkU9/test-root-CA-trusted-certificate-0001.pem 305s /tmp/sssd-softhsm2-certs-lLIkU9/test-root-CA-trusted-certificate-0001.pem: OK 305s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-lLIkU9/test-full-chain-CA.pem /tmp/sssd-softhsm2-certs-lLIkU9/test-intermediate-CA-trusted-certificate-0001.pem 305s /tmp/sssd-softhsm2-certs-lLIkU9/test-intermediate-CA-trusted-certificate-0001.pem: OK 305s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-lLIkU9/test-full-chain-CA.pem /tmp/sssd-softhsm2-certs-lLIkU9/test-root-intermediate-chain-CA.pem 305s /tmp/sssd-softhsm2-certs-lLIkU9/test-root-intermediate-chain-CA.pem: OK 305s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-lLIkU9/test-full-chain-CA.pem /tmp/sssd-softhsm2-certs-lLIkU9/test-sub-intermediate-CA-trusted-certificate-0001.pem 305s /tmp/sssd-softhsm2-certs-lLIkU9/test-sub-intermediate-CA-trusted-certificate-0001.pem: OK 305s Certificates generation completed! 305s + echo 'Certificates generation completed!' 305s + [[ -v NO_SSSD_TESTS ]] 305s + [[ -v GENERATE_SMART_CARDS ]] 305s + prepare_softhsm2_card /tmp/sssd-softhsm2-certs-lLIkU9/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-13285 305s + local certificate=/tmp/sssd-softhsm2-certs-lLIkU9/test-root-CA-trusted-certificate-0001.pem 305s + local key_pass=pass:random-root-ca-trusted-cert-0001-13285 305s + local key_cn 305s + local key_name 305s + local tokens_dir 305s + local output_cert_file 305s + token_name= 305s ++ basename /tmp/sssd-softhsm2-certs-lLIkU9/test-root-CA-trusted-certificate-0001.pem .pem 305s + key_name=test-root-CA-trusted-certificate-0001 305s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-certs-lLIkU9/test-root-CA-trusted-certificate-0001.pem 305s ++ sed -n 's/ *commonName *= //p' 306s + key_cn='Test Organization Root Trusted Certificate 0001' 306s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 306s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-certs-lLIkU9/softhsm2-test-root-CA-trusted-certificate-0001.conf 306s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-certs-lLIkU9/softhsm2-test-root-CA-trusted-certificate-0001.conf 306s ++ basename /tmp/sssd-softhsm2-certs-lLIkU9/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 306s + tokens_dir=/tmp/sssd-softhsm2-certs-lLIkU9/softhsm2-test-root-CA-trusted-certificate-0001 306s + token_name='Test Organization Root Tr Token' 306s + '[' '!' -e /tmp/sssd-softhsm2-certs-lLIkU9/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 306s + local key_file 306s + local decrypted_key 306s + mkdir -p /tmp/sssd-softhsm2-certs-lLIkU9/softhsm2-test-root-CA-trusted-certificate-0001 306s + key_file=/tmp/sssd-softhsm2-certs-lLIkU9/test-root-CA-trusted-certificate-0001-key.pem 306s + decrypted_key=/tmp/sssd-softhsm2-certs-lLIkU9/test-root-CA-trusted-certificate-0001-key-decrypted.pem 306s + cat 306s + softhsm2-util --init-token --label 'Test Organization Root Tr Token' --pin 123456 --so-pin 123456 --free 306s Slot 0 has a free/uninitialized token. 306s The token has been initialized and is reassigned to slot 1428359816 306s + softhsm2-util --show-slots 306s Available slots: 306s Slot 1428359816 306s Slot info: 306s Description: SoftHSM slot ID 0x55230a88 306s Manufacturer ID: SoftHSM project 306s Hardware version: 2.6 306s Firmware version: 2.6 306s Token present: yes 306s Token info: 306s Manufacturer ID: SoftHSM project 306s Model: SoftHSM v2 306s Hardware version: 2.6 306s Firmware version: 2.6 306s Serial number: 5510a48ad5230a88 306s Initialized: yes 306s User PIN init.: yes 306s Label: Test Organization Root Tr Token 306s Slot 1 306s Slot info: 306s Description: SoftHSM slot ID 0x1 306s Manufacturer ID: SoftHSM project 306s Hardware version: 2.6 306s Firmware version: 2.6 306s Token present: yes 306s Token info: 306s Manufacturer ID: SoftHSM project 306s Model: SoftHSM v2 306s Hardware version: 2.6 306s Firmware version: 2.6 306s Serial number: 306s Initialized: no 306s User PIN init.: no 306s Label: 306s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=/tmp/sssd-softhsm2-certs-lLIkU9/test-root-CA-trusted-certificate-0001.pem --login --set-pin=123456 --label 'Test Organization Root Trusted Certificate 0001' --id 00112233445566778899FFAABBCCDDEEFF012345 306s + openssl rsa -passin pass:random-root-ca-trusted-cert-0001-13285 -in /tmp/sssd-softhsm2-certs-lLIkU9/test-root-CA-trusted-certificate-0001-key.pem -out /tmp/sssd-softhsm2-certs-lLIkU9/test-root-CA-trusted-certificate-0001-key-decrypted.pem 306s writing RSA key 306s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --write --load-privkey=/tmp/sssd-softhsm2-certs-lLIkU9/test-root-CA-trusted-certificate-0001-key-decrypted.pem --login --set-pin=123456 --label 'Test Organization Root Trusted Certificate 0001 Key' --id 00112233445566778899FFAABBCCDDEEFF012345 306s + rm /tmp/sssd-softhsm2-certs-lLIkU9/test-root-CA-trusted-certificate-0001-key-decrypted.pem 306s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --list-all 306s Object 0: 306s URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=5510a48ad5230a88;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert 306s Type: X.509 Certificate (RSA-1024) 306s Expires: Sat Jun 14 17:06:04 2025 306s Label: Test Organization Root Trusted Certificate 0001 306s ID: 00:11:22:33:44:55:66:77:88:99:ff:aa:bb:cc:dd:ee:ff:01:23:45 306s 306s Test Organization Root Tr Token 306s + echo 'Test Organization Root Tr Token' 306s + prepare_softhsm2_card /tmp/sssd-softhsm2-certs-lLIkU9/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-27998 306s + local certificate=/tmp/sssd-softhsm2-certs-lLIkU9/test-intermediate-CA-trusted-certificate-0001.pem 306s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-27998 306s + local key_cn 306s + local key_name 306s + local tokens_dir 306s + local output_cert_file 306s + token_name= 306s ++ basename /tmp/sssd-softhsm2-certs-lLIkU9/test-intermediate-CA-trusted-certificate-0001.pem .pem 306s + key_name=test-intermediate-CA-trusted-certificate-0001 306s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-certs-lLIkU9/test-intermediate-CA-trusted-certificate-0001.pem 306s ++ sed -n 's/ *commonName *= //p' 306s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 306s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 306s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-certs-lLIkU9/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 306s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-certs-lLIkU9/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 306s ++ basename /tmp/sssd-softhsm2-certs-lLIkU9/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 306s + tokens_dir=/tmp/sssd-softhsm2-certs-lLIkU9/softhsm2-test-intermediate-CA-trusted-certificate-0001 306s + token_name='Test Organization Interme Token' 306s + '[' '!' -e /tmp/sssd-softhsm2-certs-lLIkU9/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 306s + local key_file 306s + local decrypted_key 306s + mkdir -p /tmp/sssd-softhsm2-certs-lLIkU9/softhsm2-test-intermediate-CA-trusted-certificate-0001 306s + key_file=/tmp/sssd-softhsm2-certs-lLIkU9/test-intermediate-CA-trusted-certificate-0001-key.pem 306s + decrypted_key=/tmp/sssd-softhsm2-certs-lLIkU9/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 306s + cat 306s + softhsm2-util --init-token --label 'Test Organization Interme Token' --pin 123456 --so-pin 123456 --free 306s Slot 0 has a free/uninitialized token. 306s The token has been initialized and is reassigned to slot 275228753 306s + softhsm2-util --show-slots 306s Available slots: 306s Slot 275228753 306s Slot info: 306s Description: SoftHSM slot ID 0x1067a851 306s Manufacturer ID: SoftHSM project 306s Hardware version: 2.6 306s Firmware version: 2.6 306s Token present: yes 306s Token info: 306s Manufacturer ID: SoftHSM project 306s Model: SoftHSM v2 306s Hardware version: 2.6 306s Firmware version: 2.6 306s Serial number: 4ad8ff699067a851 306s Initialized: yes 306s User PIN init.: yes 306s Label: Test Organization Interme Token 306s Slot 1 306s Slot info: 306s Description: SoftHSM slot ID 0x1 306s Manufacturer ID: SoftHSM project 306s Hardware version: 2.6 306s Firmware version: 2.6 306s Token present: yes 306s Token info: 306s Manufacturer ID: SoftHSM project 306s Model: SoftHSM v2 306s Hardware version: 2.6 306s Firmware version: 2.6 306s Serial number: 306s Initialized: no 306s User PIN init.: no 306s Label: 306s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=/tmp/sssd-softhsm2-certs-lLIkU9/test-intermediate-CA-trusted-certificate-0001.pem --login --set-pin=123456 --label 'Test Organization Intermediate Trusted Certificate 0001' --id 00112233445566778899FFAABBCCDDEEFF012345 307s + openssl rsa -passin pass:random-intermediate-ca-trusted-cert-0001-27998 -in /tmp/sssd-softhsm2-certs-lLIkU9/test-intermediate-CA-trusted-certificate-0001-key.pem -out /tmp/sssd-softhsm2-certs-lLIkU9/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 307s writing RSA key 307s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --write --load-privkey=/tmp/sssd-softhsm2-certs-lLIkU9/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem --login --set-pin=123456 --label 'Test Organization Intermediate Trusted Certificate 0001 Key' --id 00112233445566778899FFAABBCCDDEEFF012345 307s + rm /tmp/sssd-softhsm2-certs-lLIkU9/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 307s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --list-all 307s Object 0: 307s URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=4ad8ff699067a851;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert 307s Type: X.509 Certificate (RSA-1024) 307s Expires: Sat Jun 14 17:06:04 2025 307s Label: Test Organization Intermediate Trusted Certificate 0001 307s ID: 00:11:22:33:44:55:66:77:88:99:ff:aa:bb:cc:dd:ee:ff:01:23:45 307s 307s + echo 'Test Organization Interme Token' 307s Test Organization Interme Token 307s + prepare_softhsm2_card /tmp/sssd-softhsm2-certs-lLIkU9/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-16517 307s + local certificate=/tmp/sssd-softhsm2-certs-lLIkU9/test-sub-intermediate-CA-trusted-certificate-0001.pem 307s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-16517 307s + local key_cn 307s + local key_name 307s + local tokens_dir 307s + local output_cert_file 307s + token_name= 307s ++ basename /tmp/sssd-softhsm2-certs-lLIkU9/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 307s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 307s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-certs-lLIkU9/test-sub-intermediate-CA-trusted-certificate-0001.pem 307s ++ sed -n 's/ *commonName *= //p' 307s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 307s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 307s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-certs-lLIkU9/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 307s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-certs-lLIkU9/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 307s ++ basename /tmp/sssd-softhsm2-certs-lLIkU9/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 307s + tokens_dir=/tmp/sssd-softhsm2-certs-lLIkU9/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 307s + token_name='Test Organization Sub Int Token' 307s + '[' '!' -e /tmp/sssd-softhsm2-certs-lLIkU9/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 307s + local key_file 307s + local decrypted_key 307s + mkdir -p /tmp/sssd-softhsm2-certs-lLIkU9/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 307s + key_file=/tmp/sssd-softhsm2-certs-lLIkU9/test-sub-intermediate-CA-trusted-certificate-0001-key.pem 307s + decrypted_key=/tmp/sssd-softhsm2-certs-lLIkU9/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 307s + cat 307s + softhsm2-util --init-token --label 'Test Organization Sub Int Token' --pin 123456 --so-pin 123456 --free 307s Slot 0 has a free/uninitialized token. 307s The token has been initialized and is reassigned to slot 1741304605 307s + softhsm2-util --show-slots 307s Available slots: 307s Slot 1741304605 307s Slot info: 307s Description: SoftHSM slot ID 0x67ca331d 307s Manufacturer ID: SoftHSM project 307s Hardware version: 2.6 307s Firmware version: 2.6 307s Token present: yes 307s Token info: 307s Manufacturer ID: SoftHSM project 307s Model: SoftHSM v2 307s Hardware version: 2.6 307s Firmware version: 2.6 307s Serial number: 1dd176c5e7ca331d 307s Initialized: yes 307s User PIN init.: yes 307s Label: Test Organization Sub Int Token 307s Slot 1 307s Slot info: 307s Description: SoftHSM slot ID 0x1 307s Manufacturer ID: SoftHSM project 307s Hardware version: 2.6 307s Firmware version: 2.6 307s Token present: yes 307s Token info: 307s Manufacturer ID: SoftHSM project 307s Model: SoftHSM v2 307s Hardware version: 2.6 307s Firmware version: 2.6 307s Serial number: 307s Initialized: no 307s User PIN init.: no 307s Label: 307s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=/tmp/sssd-softhsm2-certs-lLIkU9/test-sub-intermediate-CA-trusted-certificate-0001.pem --login --set-pin=123456 --label 'Test Organization Sub Intermediate Trusted Certificate 0001' --id 00112233445566778899FFAABBCCDDEEFF012345 307s + openssl rsa -passin pass:random-sub-intermediate-ca-trusted-cert-0001-16517 -in /tmp/sssd-softhsm2-certs-lLIkU9/test-sub-intermediate-CA-trusted-certificate-0001-key.pem -out /tmp/sssd-softhsm2-certs-lLIkU9/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 307s writing RSA key 307s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --write --load-privkey=/tmp/sssd-softhsm2-certs-lLIkU9/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem --login --set-pin=123456 --label 'Test Organization Sub Intermediate Trusted Certificate 0001 Key' --id 00112233445566778899FFAABBCCDDEEFF012345 307s + rm /tmp/sssd-softhsm2-certs-lLIkU9/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 307s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --list-all 307s Object 0: 307s URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=1dd176c5e7ca331d;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert 307s Type: X.509 Certificate (RSA-1024) 307s Expires: Sat Jun 14 17:06:04 2025 307s Label: Test Organization Sub Intermediate Trusted Certificate 0001 307s ID: 00:11:22:33:44:55:66:77:88:99:ff:aa:bb:cc:dd:ee:ff:01:23:45 307s 307s + echo 'Test Organization Sub Int Token' 307s Test Organization Sub Int Token 307s + echo 'Certificates generation completed!' 307s Certificates generation completed! 307s + exit 0 307s + find /tmp/sssd-softhsm2-certs-lLIkU9 -type d -exec chmod 777 '{}' ';' 307s + find /tmp/sssd-softhsm2-certs-lLIkU9 -type f -exec chmod 666 '{}' ';' 307s + backup_file /etc/sssd/sssd.conf 307s + '[' -z '' ']' 307s ++ mktemp -d -t sssd-softhsm2-backups-XXXXXX 307s + backupsdir=/tmp/sssd-softhsm2-backups-239C1U 307s + '[' -e /etc/sssd/sssd.conf ']' 307s + delete_paths+=("$1") 307s + rm -f /etc/sssd/sssd.conf 307s ++ runuser -u ubuntu -- sh -c 'echo ~' 307s + user_home=/home/ubuntu 307s + mkdir -p /home/ubuntu 307s + chown ubuntu:ubuntu /home/ubuntu 307s ++ runuser -u ubuntu -- sh -c 'echo ${XDG_CONFIG_HOME:-~/.config}' 307s + user_config=/home/ubuntu/.config 307s + system_config=/etc 307s + softhsm2_conf_paths=("${AUTOPKGTEST_NORMAL_USER}:$user_config/softhsm2/softhsm2.conf" "root:$system_config/softhsm/softhsm2.conf") 307s + for path_pair in "${softhsm2_conf_paths[@]}" 307s + IFS=: 307s + read -r -a path 307s + path=/home/ubuntu/.config/softhsm2/softhsm2.conf 307s + backup_file /home/ubuntu/.config/softhsm2/softhsm2.conf 307s + '[' -z /tmp/sssd-softhsm2-backups-239C1U ']' 307s + '[' -e /home/ubuntu/.config/softhsm2/softhsm2.conf ']' 307s + delete_paths+=("$1") 307s + rm -f /home/ubuntu/.config/softhsm2/softhsm2.conf 307s + for path_pair in "${softhsm2_conf_paths[@]}" 307s + IFS=: 307s + read -r -a path 307s + path=/etc/softhsm/softhsm2.conf 307s + backup_file /etc/softhsm/softhsm2.conf 307s + '[' -z /tmp/sssd-softhsm2-backups-239C1U ']' 307s + '[' -e /etc/softhsm/softhsm2.conf ']' 307s ++ dirname /etc/softhsm/softhsm2.conf 307s + local back_dir=/tmp/sssd-softhsm2-backups-239C1U//etc/softhsm 307s ++ basename /etc/softhsm/softhsm2.conf 307s + local back_path=/tmp/sssd-softhsm2-backups-239C1U//etc/softhsm/softhsm2.conf 307s + '[' '!' -e /tmp/sssd-softhsm2-backups-239C1U//etc/softhsm/softhsm2.conf ']' 307s + mkdir -p /tmp/sssd-softhsm2-backups-239C1U//etc/softhsm 307s + cp -a /etc/softhsm/softhsm2.conf /tmp/sssd-softhsm2-backups-239C1U//etc/softhsm/softhsm2.conf 307s + restore_paths+=("$back_path") 307s + rm -f /etc/softhsm/softhsm2.conf 307s + test_authentication login /tmp/sssd-softhsm2-certs-lLIkU9/softhsm2-test-root-CA-trusted-certificate-0001.conf /tmp/sssd-softhsm2-certs-lLIkU9/test-full-chain-CA.pem 307s + pam_service=login 307s + certificate_config=/tmp/sssd-softhsm2-certs-lLIkU9/softhsm2-test-root-CA-trusted-certificate-0001.conf 307s + ca_db=/tmp/sssd-softhsm2-certs-lLIkU9/test-full-chain-CA.pem 307s + verification_options= 307s + mkdir -p -m 700 /etc/sssd 307s Using CA DB '/tmp/sssd-softhsm2-certs-lLIkU9/test-full-chain-CA.pem' with verification options: '' 307s + echo 'Using CA DB '\''/tmp/sssd-softhsm2-certs-lLIkU9/test-full-chain-CA.pem'\'' with verification options: '\'''\''' 307s + cat 307s + chmod 600 /etc/sssd/sssd.conf 307s + for path_pair in "${softhsm2_conf_paths[@]}" 307s + IFS=: 307s + read -r -a path 307s + user=ubuntu 307s + path=/home/ubuntu/.config/softhsm2/softhsm2.conf 307s ++ dirname /home/ubuntu/.config/softhsm2/softhsm2.conf 307s + runuser -u ubuntu -- mkdir -p /home/ubuntu/.config/softhsm2 307s + runuser -u ubuntu -- ln -sf /tmp/sssd-softhsm2-certs-lLIkU9/softhsm2-test-root-CA-trusted-certificate-0001.conf /home/ubuntu/.config/softhsm2/softhsm2.conf 307s + runuser -u ubuntu -- softhsm2-util --show-slots 307s + grep 'Test Organization' 307s Label: Test Organization Root Tr Token 307s + for path_pair in "${softhsm2_conf_paths[@]}" 307s + IFS=: 307s + read -r -a path 307s + user=root 307s + path=/etc/softhsm/softhsm2.conf 307s ++ dirname /etc/softhsm/softhsm2.conf 307s + runuser -u root -- mkdir -p /etc/softhsm 307s + runuser -u root -- ln -sf /tmp/sssd-softhsm2-certs-lLIkU9/softhsm2-test-root-CA-trusted-certificate-0001.conf /etc/softhsm/softhsm2.conf 307s + runuser -u root -- softhsm2-util --show-slots 307s + grep 'Test Organization' 307s Label: Test Organization Root Tr Token 307s + systemctl restart sssd 308s + pam-auth-update --disable sss-smart-card-optional sss-smart-card-required 309s + for alternative in "${alternative_pam_configs[@]}" 309s + pam-auth-update --enable sss-smart-card-optional 309s + cat /etc/pam.d/common-auth 309s # 309s # /etc/pam.d/common-auth - authentication settings common to all services 309s # 309s # This file is included from other service-specific PAM config files, 309s # and should contain a list of the authentication modules that define 309s # the central authentication scheme for use on the system 309s # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the 309s # traditional Unix authentication mechanisms. 309s # 309s # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. 309s # To take advantage of this, it is recommended that you configure any 309s # local modules either before or after the default block, and use 309s # pam-auth-update to manage selection of other modules. See 309s # pam-auth-update(8) for details. 309s 309s # here are the per-package modules (the "Primary" block) 309s auth [success=3 default=ignore] pam_sss.so allow_missing_name try_cert_auth 309s auth [success=2 default=ignore] pam_unix.so nullok try_first_pass 309s auth [success=1 default=ignore] pam_sss.so use_first_pass 309s # here's the fallback if no module succeeds 309s auth requisite pam_deny.so 309s # prime the stack with a positive return value if there isn't one already; 309s # this avoids us returning an error just because nothing sets a success code 309s # since the modules above will each just jump around 309s auth required pam_permit.so 309s # and here are more per-package modules (the "Additional" block) 309s auth optional pam_cap.so 309s # end of pam-auth-update config 309s + echo -n -e 123456 309s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 309s pamtester: invoking pam_start(login, ubuntu, ...) 309s pamtester: performing operation - authenticate 309s PIN for Test Organization Root Tr Token: pamtester: successfully authenticated 309s + echo -n -e 123456 309s + runuser -u ubuntu -- pamtester -v login '' authenticate 309s pamtester: invoking pam_start(login, , ...) 309s pamtester: performing operation - authenticate 309s PIN for Test Organization Root Tr Token: pamtester: successfully authenticated 309s + echo -n -e wrong123456 309s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 309s pamtester: invoking pam_start(login, ubuntu, ...) 309s pamtester: performing operation - authenticate 313s PIN for Test Organization Root Tr Token: Password: pamtester: Authentication failure 313s + echo -n -e wrong123456 313s + runuser -u ubuntu -- pamtester -v login '' authenticate 313s pamtester: invoking pam_start(login, , ...) 313s pamtester: performing operation - authenticate 316s PIN for Test Organization Root Tr Token: Password: pamtester: Authentication failure 316s + echo -n -e 123456 316s + pamtester -v login root authenticate 316s pamtester: invoking pam_start(login, root, ...) 316s pamtester: performing operation - authenticate 319s Password: pamtester: Authentication failure 319s + for alternative in "${alternative_pam_configs[@]}" 319s + pam-auth-update --enable sss-smart-card-required 319s PAM configuration 319s ----------------- 319s 319s Incompatible PAM profiles selected. 319s 319s The following PAM profiles cannot be used together: 319s 319s SSS required smart card authentication, SSS optional smart card 319s authentication 319s 319s Please select a different set of modules to enable. 319s 319s + cat /etc/pam.d/common-auth 319s # 319s # /etc/pam.d/common-auth - authentication settings common to all services 319s # 319s # This file is included from other service-specific PAM config files, 319s # and should contain a list of the authentication modules that define 319s # the central authentication scheme for use on the system 319s # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the 319s # traditional Unix authentication mechanisms. 319s # 319s # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. 319s # To take advantage of this, it is recommended that you configure any 319s # local modules either before or after the default block, and use 319s # pam-auth-update to manage selection of other modules. See 319s # pam-auth-update(8) for details. 319s 319s # here are the per-package modules (the "Primary" block) 319s auth [success=3 ignore=ignore default=die] pam_sss.so allow_missing_name require_cert_auth 319s auth [success=2 default=ignore] pam_unix.so nullok try_first_pass 319s auth [success=1 default=ignore] pam_sss.so use_first_pass 319s # here's the fallback if no module succeeds 319s auth requisite pam_deny.so 319s # prime the stack with a positive return value if there isn't one already; 319s # this avoids us returning an error just because nothing sets a success code 319s # since the modules above will each just jump around 319s auth required pam_permit.so 319s # and here are more per-package modules (the "Additional" block) 319s auth optional pam_cap.so 319s # end of pam-auth-update config 319s + echo -n -e 123456 319s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 319s pamtester: invoking pam_start(login, ubuntu, ...) 319s pamtester: performing operation - authenticate 319s PIN for Test Organization Root Tr Token: pamtester: successfully authenticated 319s + echo -n -e 123456 319s + runuser -u ubuntu -- pamtester -v login '' authenticate 319s pamtester: invoking pam_start(login, , ...) 319s pamtester: performing operation - authenticate 319s PIN for Test Organization Root Tr Token: pamtester: successfully authenticated 319s + echo -n -e wrong123456 319s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 319s pamtester: invoking pam_start(login, ubuntu, ...) 319s pamtester: performing operation - authenticate 323s PIN for Test Organization Root Tr Token: pamtester: Authentication failure 323s + echo -n -e wrong123456 323s + runuser -u ubuntu -- pamtester -v login '' authenticate 323s pamtester: invoking pam_start(login, , ...) 323s pamtester: performing operation - authenticate 326s PIN for Test Organization Root Tr Token: pamtester: Authentication failure 326s + echo -n -e 123456 326s + pamtester -v login root authenticate 326s pamtester: invoking pam_start(login, root, ...) 326s pamtester: performing operation - authenticate 329s pamtester: Authentication service cannot retrieve authentication info 329s + test_authentication login /tmp/sssd-softhsm2-certs-lLIkU9/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf /tmp/sssd-softhsm2-certs-lLIkU9/test-full-chain-CA.pem 329s + pam_service=login 329s + certificate_config=/tmp/sssd-softhsm2-certs-lLIkU9/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 329s + ca_db=/tmp/sssd-softhsm2-certs-lLIkU9/test-full-chain-CA.pem 329s + verification_options= 329s + mkdir -p -m 700 /etc/sssd 329s Using CA DB '/tmp/sssd-softhsm2-certs-lLIkU9/test-full-chain-CA.pem' with verification options: '' 329s + echo 'Using CA DB '\''/tmp/sssd-softhsm2-certs-lLIkU9/test-full-chain-CA.pem'\'' with verification options: '\'''\''' 329s + cat 329s + chmod 600 /etc/sssd/sssd.conf 329s + for path_pair in "${softhsm2_conf_paths[@]}" 329s + IFS=: 329s + read -r -a path 329s + user=ubuntu 329s + path=/home/ubuntu/.config/softhsm2/softhsm2.conf 329s ++ dirname /home/ubuntu/.config/softhsm2/softhsm2.conf 329s + runuser -u ubuntu -- mkdir -p /home/ubuntu/.config/softhsm2 329s + runuser -u ubuntu -- ln -sf /tmp/sssd-softhsm2-certs-lLIkU9/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf /home/ubuntu/.config/softhsm2/softhsm2.conf 329s Label: Test Organization Sub Int Token 329s + runuser -u ubuntu -- softhsm2-util --show-slots 329s + grep 'Test Organization' 329s + for path_pair in "${softhsm2_conf_paths[@]}" 329s + IFS=: 329s + read -r -a path 329s + user=root 329s + path=/etc/softhsm/softhsm2.conf 329s ++ dirname /etc/softhsm/softhsm2.conf 329s + runuser -u root -- mkdir -p /etc/softhsm 329s + runuser -u root -- ln -sf /tmp/sssd-softhsm2-certs-lLIkU9/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf /etc/softhsm/softhsm2.conf 329s + runuser -u root -- softhsm2-util --show-slots 329s + grep 'Test Organization' 329s Label: Test Organization Sub Int Token 329s + systemctl restart sssd 330s + pam-auth-update --disable sss-smart-card-optional sss-smart-card-required 331s + for alternative in "${alternative_pam_configs[@]}" 331s + pam-auth-update --enable sss-smart-card-optional 331s + cat /etc/pam.d/common-auth 331s # 331s # /etc/pam.d/common-auth - authentication settings common to all services 331s # 331s # This file is included from other service-specific PAM config files, 331s # and should contain a list of the authentication modules that define 331s # the central authentication scheme for use on the system 331s # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the 331s # traditional Unix authentication mechanisms. 331s # 331s # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. 331s # To take advantage of this, it is recommended that you configure any 331s # local modules either before or after the default block, and use 331s # pam-auth-update to manage selection of other modules. See 331s # pam-auth-update(8) for details. 331s 331s # here are the per-package modules (the "Primary" block) 331s auth [success=3 default=ignore] pam_sss.so allow_missing_name try_cert_auth 331s auth [success=2 default=ignore] pam_unix.so nullok try_first_pass 331s auth [success=1 default=ignore] pam_sss.so use_first_pass 331s # here's the fallback if no module succeeds 331s auth requisite pam_deny.so 331s # prime the stack with a positive return value if there isn't one already; 331s # this avoids us returning an error just because nothing sets a success code 331s # since the modules above will each just jump around 331s auth required pam_permit.so 331s # and here are more per-package modules (the "Additional" block) 331s auth optional pam_cap.so 331s # end of pam-auth-update config 331s + echo -n -e 123456 331s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 331s pamtester: invoking pam_start(login, ubuntu, ...) 331s pamtester: performing operation - authenticate 331s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 331s + echo -n -e 123456 331s + runuser -u ubuntu -- pamtester -v login '' authenticate 331s pamtester: invoking pam_start(login, , ...) 331s pamtester: performing operation - authenticate 331s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 331s + echo -n -e wrong123456 331s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 331s pamtester: invoking pam_start(login, ubuntu, ...) 331s pamtester: performing operation - authenticate 335s PIN for Test Organization Sub Int Token: Password: pamtester: Authentication failure 335s + echo -n -e wrong123456 335s + runuser -u ubuntu -- pamtester -v login '' authenticate 335s pamtester: invoking pam_start(login, , ...) 335s pamtester: performing operation - authenticate 338s PIN for Test Organization Sub Int Token: Password: pamtester: Authentication failure 338s + echo -n -e 123456 338s + pamtester -v login root authenticate 338s pamtester: invoking pam_start(login, root, ...) 338s pamtester: performing operation - authenticate 341s Password: pamtester: Authentication failure 341s + for alternative in "${alternative_pam_configs[@]}" 341s + pam-auth-update --enable sss-smart-card-required 341s PAM configuration 341s ----------------- 341s 341s Incompatible PAM profiles selected. 341s 341s The following PAM profiles cannot be used together: 341s 341s SSS required smart card authentication, SSS optional smart card 341s authentication 341s 341s Please select a different set of modules to enable. 341s 341s + cat /etc/pam.d/common-auth 341s # 341s # /etc/pam.d/common-auth - authentication settings common to all services 341s # 341s # This file is included from other service-specific PAM config files, 341s # and should contain a list of the authentication modules that define 341s # the central authentication scheme for use on the system 341s # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the 341s # traditional Unix authentication mechanisms. 341s # 341s # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. 341s # To take advantage of this, it is recommended that you configure any 341s # local modules either before or after the default block, and use 341s # pam-auth-update to manage selection of other modules. See 341s # pam-auth-update(8) for details. 341s 341s # here are the per-package modules (the "Primary" block) 341s auth [success=3 ignore=ignore default=die] pam_sss.so allow_missing_name require_cert_auth 341s auth [success=2 default=ignore] pam_unix.so nullok try_first_pass 341s auth [success=1 default=ignore] pam_sss.so use_first_pass 341s # here's the fallback if no module succeeds 341s auth requisite pam_deny.so 341s # prime the stack with a positive return value if there isn't one already; 341s # this avoids us returning an error just because nothing sets a success code 341s # since the modules above will each just jump around 341s auth required pam_permit.so 341s # and here are more per-package modules (the "Additional" block) 341s auth optional pam_cap.so 341s # end of pam-auth-update config 341s + echo -n -e 123456 341s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 341s pamtester: invoking pam_start(login, ubuntu, ...) 341s pamtester: performing operation - authenticate 341s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 341s + echo -n -e 123456 341s + runuser -u ubuntu -- pamtester -v login '' authenticate 341s pamtester: invoking pam_start(login, , ...) 341s pamtester: performing operation - authenticate 341s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 341s + echo -n -e wrong123456 341s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 341s pamtester: invoking pam_start(login, ubuntu, ...) 341s pamtester: performing operation - authenticate 344s PIN for Test Organization Sub Int Token: pamtester: Authentication failure 344s + echo -n -e wrong123456 344s + runuser -u ubuntu -- pamtester -v login '' authenticate 344s pamtester: invoking pam_start(login, , ...) 344s pamtester: performing operation - authenticate 347s PIN for Test Organization Sub Int Token: pamtester: Authentication failure 347s + echo -n -e 123456 347s + pamtester -v login root authenticate 347s pamtester: invoking pam_start(login, root, ...) 347s pamtester: performing operation - authenticate 350s pamtester: Authentication service cannot retrieve authentication info 350s + test_authentication login /tmp/sssd-softhsm2-certs-lLIkU9/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf /tmp/sssd-softhsm2-certs-lLIkU9/test-sub-intermediate-CA.pem partial_chain 350s + pam_service=login 350s + certificate_config=/tmp/sssd-softhsm2-certs-lLIkU9/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 350s + ca_db=/tmp/sssd-softhsm2-certs-lLIkU9/test-sub-intermediate-CA.pem 350s + verification_options=partial_chain 350s + mkdir -p -m 700 /etc/sssd 350s Using CA DB '/tmp/sssd-softhsm2-certs-lLIkU9/test-sub-intermediate-CA.pem' with verification options: 'partial_chain' 350s + echo 'Using CA DB '\''/tmp/sssd-softhsm2-certs-lLIkU9/test-sub-intermediate-CA.pem'\'' with verification options: '\''partial_chain'\''' 350s + cat 350s + chmod 600 /etc/sssd/sssd.conf 350s + for path_pair in "${softhsm2_conf_paths[@]}" 350s + IFS=: 350s + read -r -a path 350s + user=ubuntu 350s + path=/home/ubuntu/.config/softhsm2/softhsm2.conf 350s ++ dirname /home/ubuntu/.config/softhsm2/softhsm2.conf 350s + runuser -u ubuntu -- mkdir -p /home/ubuntu/.config/softhsm2 350s + runuser -u ubuntu -- ln -sf /tmp/sssd-softhsm2-certs-lLIkU9/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf /home/ubuntu/.config/softhsm2/softhsm2.conf 350s + runuser -u ubuntu -- softhsm2-util --show-slots 350s + grep 'Test Organization' 350s Label: Test Organization Sub Int Token 350s + for path_pair in "${softhsm2_conf_paths[@]}" 350s + IFS=: 350s + read -r -a path 350s + user=root 350s + path=/etc/softhsm/softhsm2.conf 350s ++ dirname /etc/softhsm/softhsm2.conf 350s + runuser -u root -- mkdir -p /etc/softhsm 350s + runuser -u root -- ln -sf /tmp/sssd-softhsm2-certs-lLIkU9/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf /etc/softhsm/softhsm2.conf 350s + runuser -u root -- softhsm2-util --show-slots 350s + grep 'Test Organization' 350s Label: Test Organization Sub Int Token 350s + systemctl restart sssd 352s + pam-auth-update --disable sss-smart-card-optional sss-smart-card-required 352s + for alternative in "${alternative_pam_configs[@]}" 352s + pam-auth-update --enable sss-smart-card-optional 352s + cat /etc/pam.d/common-auth 352s # 352s # /etc/pam.d/common-auth - authentication settings common to all services 352s # 352s # This file is included from other service-specific PAM config files, 352s # and should contain a list of the authentication modules that define 352s # the central authentication scheme for use on the system 352s # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the 352s # traditional Unix authentication mechanisms. 352s # 352s # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. 352s # To take advantage of this, it is recommended that you configure any 352s # local modules either before or after the default block, and use 352s # pam-auth-update to manage selection of other modules. See 352s # pam-auth-update(8) for details. 352s 352s # here are the per-package modules (the "Primary" block) 352s auth [success=3 default=ignore] pam_sss.so allow_missing_name try_cert_auth 352s auth [success=2 default=ignore] pam_unix.so nullok try_first_pass 352s auth [success=1 default=ignore] pam_sss.so use_first_pass 352s # here's the fallback if no module succeeds 352s auth requisite pam_deny.so 352s # prime the stack with a positive return value if there isn't one already; 352s # this avoids us returning an error just because nothing sets a success code 352s # since the modules above will each just jump around 352s auth required pam_permit.so 352s # and here are more per-package modules (the "Additional" block) 352s auth optional pam_cap.so 352s # end of pam-auth-update config 352s + echo -n -e 123456 352s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 352s pamtester: invoking pam_start(login, ubuntu, ...) 352s pamtester: performing operation - authenticate 353s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 353s + echo -n -e 123456 353s + runuser -u ubuntu -- pamtester -v login '' authenticate 353s pamtester: invoking pam_start(login, , ...) 353s pamtester: performing operation - authenticate 353s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 353s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 353s + echo -n -e wrong123456 353s pamtester: invoking pam_start(login, ubuntu, ...) 353s pamtester: performing operation - authenticate 355s PIN for Test Organization Sub Int Token: Password: pamtester: Authentication failure 355s + echo -n -e wrong123456 355s + runuser -u ubuntu -- pamtester -v login '' authenticate 355s pamtester: invoking pam_start(login, , ...) 355s pamtester: performing operation - authenticate 359s PIN for Test Organization Sub Int Token: Password: pamtester: Authentication failure 359s + echo -n -e 123456 359s + pamtester -v login root authenticate 359s pamtester: invoking pam_start(login, root, ...) 359s pamtester: performing operation - authenticate 361s Password: pamtester: Authentication failure 361s + for alternative in "${alternative_pam_configs[@]}" 361s + pam-auth-update --enable sss-smart-card-required 361s PAM configuration 361s ----------------- 361s 361s Incompatible PAM profiles selected. 361s 361s The following PAM profiles cannot be used together: 361s 361s SSS required smart card authentication, SSS optional smart card 361s authentication 361s 361s Please select a different set of modules to enable. 361s 361s + cat /etc/pam.d/common-auth 361s # 361s # /etc/pam.d/common-auth - authentication settings common to all services 361s # 361s # This file is included from other service-specific PAM config files, 361s # and should contain a list of the authentication modules that define 361s # the central authentication scheme for use on the system 361s # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the 361s # traditional Unix authentication mechanisms. 361s # 361s # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. 361s # To take advantage of this, it is recommended that you configure any 361s # local modules either before or after the default block, and use 361s # pam-auth-update to manage selection of other modules. See 361s # pam-auth-update(8) for details. 361s 361s # here are the per-package modules (the "Primary" block) 361s auth [success=3 ignore=ignore default=die] pam_sss.so allow_missing_name require_cert_auth 361s auth [success=2 default=ignore] pam_unix.so nullok try_first_pass 361s auth [success=1 default=ignore] pam_sss.so use_first_pass 361s # here's the fallback if no module succeeds 361s auth requisite pam_deny.so 361s # prime the stack with a positive return value if there isn't one already; 361s # this avoids us returning an error just because nothing sets a success code 361s # since the modules above will each just jump around 361s auth required pam_permit.so 361s # and here are more per-package modules (the "Additional" block) 361s auth optional pam_cap.so 361s # end of pam-auth-update config 361s + echo -n -e 123456 361s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 361s pamtester: invoking pam_start(login, ubuntu, ...) 361s pamtester: performing operation - authenticate 362s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 362s + echo -n -e 123456 362s + runuser -u ubuntu -- pamtester -v login '' authenticate 362s pamtester: invoking pam_start(login, , ...) 362s pamtester: performing operation - authenticate 362s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 362s + echo -n -e wrong123456 362s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 362s pamtester: invoking pam_start(login, ubuntu, ...) 362s pamtester: performing operation - authenticate 365s PIN for Test Organization Sub Int Token: pamtester: Authentication failure 365s + echo -n -e wrong123456 365s + runuser -u ubuntu -- pamtester -v login '' authenticate 365s pamtester: invoking pam_start(login, , ...) 365s pamtester: performing operation - authenticate 367s PIN for Test Organization Sub Int Token: pamtester: Authentication failure 367s + echo -n -e 123456 367s + pamtester -v login root authenticate 367s pamtester: invoking pam_start(login, root, ...) 367s pamtester: performing operation - authenticate 371s pamtester: Authentication service cannot retrieve authentication info 371s + handle_exit 371s + exit_code=0 371s + restore_changes 371s + for path in "${restore_paths[@]}" 371s + local original_path 371s ++ realpath --strip --relative-base=/tmp/sssd-softhsm2-backups-239C1U /tmp/sssd-softhsm2-backups-239C1U//etc/softhsm/softhsm2.conf 371s + original_path=/etc/softhsm/softhsm2.conf 371s + rm /etc/softhsm/softhsm2.conf 371s + mv /tmp/sssd-softhsm2-backups-239C1U//etc/softhsm/softhsm2.conf /etc/softhsm/softhsm2.conf 371s + for path in "${delete_paths[@]}" 371s + rm -f /etc/sssd/sssd.conf 371s + for path in "${delete_paths[@]}" 371s + rm -f /home/ubuntu/.config/softhsm2/softhsm2.conf 371s + pam-auth-update --disable sss-smart-card-optional sss-smart-card-required 371s + '[' -e /etc/sssd/sssd.conf ']' 371s + systemctl stop sssd 371s Script completed successfully! 371s + '[' -e /etc/softhsm/softhsm2.conf ']' 371s + chmod 600 /etc/softhsm/softhsm2.conf 371s + rm -rf /tmp/sssd-softhsm2-certs-lLIkU9 371s + '[' 0 = 0 ']' 371s + rm -rf /tmp/sssd-softhsm2-backups-239C1U 371s + set +x 372s autopkgtest [17:07:11]: test sssd-smart-card-pam-auth-configs: -----------------------] 373s sssd-smart-card-pam-auth-configs PASS 373s autopkgtest [17:07:12]: test sssd-smart-card-pam-auth-configs: - - - - - - - - - - results - - - - - - - - - - 373s autopkgtest [17:07:12]: @@@@@@@@@@@@@@@@@@@@ summary 373s ldap-user-group-ldap-auth PASS 373s ldap-user-group-krb5-auth PASS 373s sssd-softhism2-certificates-tests.sh PASS 373s sssd-smart-card-pam-auth-configs PASS 384s nova [W] Skipping flock in bos03-arm64 384s Creating nova instance adt-noble-arm64-sssd-20240614-170059-juju-7f2275-prod-proposed-migration-environment-3-81e51bee-7934-4fbc-965a-dc20839a3fc9 from image adt/ubuntu-noble-arm64-server-20240614.img (UUID 44ac7338-add3-4166-b95a-335fcbe8cf46)... 384s nova [W] Skipping flock in bos03-arm64 384s Creating nova instance adt-noble-arm64-sssd-20240614-170059-juju-7f2275-prod-proposed-migration-environment-3-81e51bee-7934-4fbc-965a-dc20839a3fc9 from image adt/ubuntu-noble-arm64-server-20240614.img (UUID 44ac7338-add3-4166-b95a-335fcbe8cf46)...